diff --git a/sshd_config.5 b/sshd_config.5
@@ -579,6 +579,21 @@ and finally
 See PATTERNS in
 .Xr ssh_config 5
 for more information on patterns.
+.It Cm ExposeAuthenticationMethods
+When using SSH2, this option controls the exposure of the list of
+successful authentication methods to PAM during the authentication
+and to the shell environment via the
+.Cm SSH_USER_AUTH
+variable. See the description of this variable for more details.
+Valid options are:
+.Dq never
+(Do not expose successful authentication methods),
+.Dq pam-only
+(Only expose them to PAM during authentication, not afterwards),
+.Dq pam-and-env
+(Expose them to PAM and keep them in the shell environment).
+The default is
+.Dq never .
 .It Cm FingerprintHash
 Specifies the hash algorithm used when logging key fingerprints.
 Valid options are:

diff --git a/sshkey.c b/sshkey.c
@@ -58,6 +58,7 @@
 #define SSHKEY_INTERNAL
 #include "sshkey.h"
 #include "match.h"
+#include "xmalloc.h"
 
 /* openssh private key file format */
 #define MARK_BEGIN		"-----BEGIN OPENSSH PRIVATE KEY-----\n"
@@ -1189,6 +1190,30 @@ sshkey_fingerprint(const struct sshkey *k, int dgst_alg,
 	return retval;
 }
 
+char *
+sshkey_format_oneline(const struct sshkey *key, int dgst_alg)
+{
+	char *fp, *result;
+
+	if (sshkey_is_cert(key)) {
+		fp = sshkey_fingerprint(key->cert->signature_key, dgst_alg,
+		    SSH_FP_DEFAULT);
+		xasprintf(&result, "%s ID %s (serial %llu) CA %s %s",
+		    sshkey_type(key), key->cert->key_id,
+		    (unsigned long long)key->cert->serial,
+		    sshkey_type(key->cert->signature_key),
+		    fp == NULL ? "(null)" : fp);
+		free(fp);
+	} else {
+		fp = sshkey_fingerprint(key, dgst_alg, SSH_FP_DEFAULT);
+		xasprintf(&result, "%s %s", sshkey_type(key),
+		    fp == NULL ? "(null)" : fp);
+		free(fp);
+	}
+
+	return result;
+}
+
 #ifdef WITH_SSH1
 /*
  * Reads a multiple-precision integer in decimal from the buffer, and advances

diff --git a/sshkey.h b/sshkey.h
@@ -123,6 +123,7 @@ char		*sshkey_fingerprint(const struct sshkey *,
     int, enum sshkey_fp_rep);
 int		 sshkey_fingerprint_raw(const struct sshkey *k,
     int, u_char **retp, size_t *lenp);
+char		*sshkey_format_oneline(const struct sshkey *k, int dgst_alg);
 const char	*sshkey_type(const struct sshkey *);
 const char	*sshkey_cert_type(const struct sshkey *);
 int		 sshkey_write(const struct sshkey *, FILE *);