some wording fixes

Author: tj

openssh/legacy.html

@@ -23,13 +23,15 @@ <h2 id=OpenBSD>
 to connect with an implementation that only supports legacy algorithms.
 
 <p>
-When a SSH client connects to a server, each side offers lists of connection
+When an SSH client connects to a server, each side offers lists of connection
 parameters to the other. These are, with the corresponding
 <a href="https://man.openbsd.org/ssh_config.5">ssh_config</a> keyword:
 
 <ul>
 <li><code>KexAlgorithms</code>: the key exchange methods that are used to generate
-<li><code>HostkeyAlgorithms</code>: the public key algorithms accepted for a SSH server to authenticate itself to a ssh client.
+per-connection keys
+<li><code>HostkeyAlgorithms</code>: the public key algorithms accepted for an SSH
+server to authenticate itself to an SSH client
 <li><code>Ciphers</code>: the ciphers to encrypt the connection
 <li><code>MACs</code>: the message authentication codes used to detect traffic
 modification
@@ -53,24 +55,24 @@ <h2 id=OpenBSD>
 In this case, the client and server were unable to agree on the key
 exchange algorithm. The server offered only a single method
 <code>diffie-hellman-group1-sha1</code>. OpenSSH supports this method,
-but does not enable it by default because is weak and within theoretical
+but does not enable it by default because it is weak and within theoretical
 range of the so-called Logjam attack.
 
 <p>
 Several related options come into play later during user authentication.
 <ul>
 <li><code>PubkeyAcceptedKeyTypes</code> (ssh/sshd): the public key
 algorithms that will be attempted by the client, and accepted by the server
-for public-key authentication (e.g. via <code>.ssh/authorized_keys</code>).
+for public-key authentication (e.g. via <code>.ssh/authorized_keys</code>)
 <li><code>HostbasedKeyTypes</code> (ssh) and <code>HostbasedAcceptedKeyTypes</code> (sshd): the key types that will be attempted by the client, and accepted by
 the server for host-based authentication (.e.g. via <code>.rhosts</code> or
-<code>.shosts</code>).
+<code>.shosts</code>)
 </ul>
 
 <p>
 A mismatch between the client and server during authentication will cause
 authentication to fail, despite it appearing to be configured. For example,
-a <code>ssh-dss</code> user key may be listed in
+an <code>ssh-dss</code> user key may be listed in
 <code>.ssh/authorized_keys</code> but may not pass authentication because,
 by default, sshd does not accept this key type.
 </p>
@@ -79,15 +81,15 @@ <h2 id=OpenBSD>
 The best resolution for these failures is to upgrade the software at
 the other end and/or replace the weak key types with safer modern types.
 OpenSSH only disables algorithms that we actively
-recommend against using because they are known to be weak. In
-some cases, this might not be immediately possible so you may need to
+recommend against using because they are known to be weak.
+This might not be immediately possible in some cases, so you may need to
 temporarily re-enable the weak algorithms to retain access.
 
 <p>
 For the case of the above error message, OpenSSH can be configured to enable
 the <code>diffie-hellman-group1-sha1</code>
 key exchange algorithm (or any other that is disabled by default) using
-the <code>KexAlgorithms</code> option - either on the command-line:
+the <code>KexAlgorithms</code> option, either on the command line:
 
 <pre class="cmdbox">
 ssh -oKexAlgorithms=+diffie-hellman-group1-sha1 user@legacyhost