- jmc@cvs.openbsd.org 2003/05/20 12:09:31

[ssh.1 ssh_config.5 sshd.8 sshd_config.5 ssh-keygen.1] new sentence, new line
author: Damien Miller <djm@mindrot.org> 2003-05-23 18:44:23 +1000
committer: Damien Miller <djm@mindrot.org> 2003-05-23 18:44:23 +1000
commit: fbf486b4a6e0f39b3d6533a2c18d1a120e98b83c (patch)
tree: 7377adcab2b512e9ab0eddab49554fc2687c6781
parent: 5067792a7267cd1affe339bf7e9469ecc444eb25 (diff)
6 files changed, 57 insertions, 44 deletions
diff --git a/ChangeLog b/ChangeLog
index 00681d3a8..d00d04263 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -8,6 +8,9 @@
     - added .Xr's
     - typos
     ok djm@
+   - jmc@cvs.openbsd.org 2003/05/20 12:09:31
+     [ssh.1 ssh_config.5 sshd.8 sshd_config.5 ssh-keygen.1]
+     new sentence, new line
 20030520
 - (djm) OpenBSD CVS Sync
@@ -1596,4 +1599,4 @@
     save auth method before monitor_reset_key_state(); bugzilla bug #284;
     ok provos@
-$Id: ChangeLog,v 1.2746 2003/05/23 08:44:04 djm Exp $
+$Id: ChangeLog,v 1.2747 2003/05/23 08:44:23 djm Exp $
diff --git a/ssh-keygen.1 b/ssh-keygen.1
index 613d71a07..1583384af 100644
--- a/ssh-keygen.1
+++ b/ssh-keygen.1
@@ -1,4 +1,4 @@
-.\"     $OpenBSD: ssh-keygen.1,v 1.57 2003/05/14 18:16:20 jakob Exp $
+.\"     $OpenBSD: ssh-keygen.1,v 1.58 2003/05/20 12:09:31 jmc Exp $
 .\"
 .\"  -*- nroff -*-
 .\"
@@ -93,8 +93,8 @@ generates, manages and converts authentication keys for
 .Xr ssh 1 .
 .Nm
 can create RSA keys for use by SSH protocol version 1 and RSA or DSA
-keys for use by SSH protocol version 2. The type of key to be generated
+keys for use by SSH protocol version 2.
-is specified with the
+The type of key to be generated is specified with the
 .Fl t
 option.
 .Pp
diff --git a/ssh.1 b/ssh.1
index f4b1679e3..d8af4de62 100644
--- a/ssh.1
+++ b/ssh.1
@@ -34,7 +34,7 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: ssh.1,v 1.171 2003/05/15 04:08:41 markus Exp $
+.\" $OpenBSD: ssh.1,v 1.172 2003/05/20 12:09:31 jmc Exp $
 .Dd September 25, 1999
 .Dt SSH 1
 .Os
@@ -488,8 +488,8 @@ It is possible to have multiple
 options (and multiple identities specified in
 configuration files).
 .It Fl I Ar smartcard_device
-Specifies which smartcard device to use. The argument is
+Specifies which smartcard device to use.
-the device
+The argument is the device
 .Nm
 should use to communicate with a smartcard used for storing the user's
 private RSA key.
@@ -542,9 +542,10 @@ per-host basis in the configuration file.
 Quiet mode.
 Causes all warning and diagnostic messages to be suppressed.
 .It Fl s
-May be used to request invocation of a subsystem on the remote system. Subsystems are a feature of the SSH2 protocol which facilitate the use
+May be used to request invocation of a subsystem on the remote system.
-of SSH as a secure transport for other applications (eg. sftp). The
+Subsystems are a feature of the SSH2 protocol which facilitate the use
-subsystem is specified as the remote command.
+of SSH as a secure transport for other applications (eg. sftp).
+The subsystem is specified as the remote command.
 .It Fl t
 Force pseudo-tty allocation.
 This can be used to execute arbitrary
diff --git a/ssh_config.5 b/ssh_config.5
index 67166b758..99050d38a 100644
--- a/ssh_config.5
+++ b/ssh_config.5
@@ -34,7 +34,7 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: ssh_config.5,v 1.10 2003/05/16 03:27:12 djm Exp $
+.\" $OpenBSD: ssh_config.5,v 1.11 2003/05/20 12:09:32 jmc Exp $
 .Dd September 25, 1999
 .Dt SSH_CONFIG 5
 .Os
@@ -116,7 +116,8 @@ The host is the
 argument given on the command line (i.e., the name is not converted to
 a canonicalized host name before matching).
 .It Cm AddressFamily
-Specifies which address family to use when connecting. Valid arguments are
+Specifies which address family to use when connecting.
+Valid arguments are
 .Dq any ,
 .Dq inet
 (Use IPv4 only) or
@@ -236,9 +237,9 @@ This may be useful in scripts if the connection sometimes fails.
 The default is 1.
 .It Cm ConnectTimeout
 Specifies the timeout (in seconds) used when connecting to the ssh
-server, instead of using the default system TCP timeout. This value is 
+server, instead of using the default system TCP timeout.
-used only when the target is down or really unreachable, not when it
+This value is used only when the target is down or really unreachable,
-refuses the connection.
+not when it refuses the connection.
 .It Cm DynamicForward
 Specifies that a TCP/IP port on the local machine be forwarded
 over the secure channel, and the application
@@ -351,7 +352,8 @@ Numeric IP addresses are also permitted (both on the command line and in
 specifications).
 .It Cm IdentityFile
 Specifies a file from which the user's RSA or DSA authentication identity
-is read. The default is
+is read.
+The default is
 .Pa $HOME/.ssh/identity
 for protocol version 1, and
 .Pa $HOME/.ssh/id_rsa
@@ -448,7 +450,8 @@ Specifies the port number to connect on the remote host.
 Default is 22.
 .It Cm PreferredAuthentications
 Specifies the order in which the client should try protocol 2
-authentication methods. This allows a client to prefer one method (e.g.
+authentication methods.
+This allows a client to prefer one method (e.g.
 .Cm keyboard-interactive )
 over another method (e.g.
 .Cm password )
@@ -561,12 +564,12 @@ The default is
 .Dq yes .
 Note that this option applies to protocol version 1 only.
 .It Cm SmartcardDevice
-Specifies which smartcard device to use. The argument to this keyword is
+Specifies which smartcard device to use.
-the device
+The argument to this keyword is the device
 .Nm ssh
 should use to communicate with a smartcard used for storing the user's
-private RSA key. By default, no device is specified and smartcard support
+private RSA key.
-is not activated.
+By default, no device is specified and smartcard support is not activated.
 .It Cm StrictHostKeyChecking
 If this flag is set to
 .Dq yes ,
diff --git a/sshd.8 b/sshd.8
index f7464d95b..827f4f77c 100644
--- a/sshd.8
+++ b/sshd.8
@@ -34,7 +34,7 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: sshd.8,v 1.196 2003/04/30 20:41:07 david Exp $
+.\" $OpenBSD: sshd.8,v 1.197 2003/05/20 12:09:32 jmc Exp $
 .Dd September 25, 1999
 .Dt SSHD 8
 .Os
@@ -497,9 +497,9 @@ IPv6 addresses can be specified with an alternative syntax:
 .Ar host/port .
 Multiple
 .Cm permitopen
-options may be applied separated by commas. No pattern matching is
+options may be applied separated by commas.
-performed on the specified hostnames, they must be literal domains or
+No pattern matching is performed on the specified hostnames,
-addresses.
+they must be literal domains or addresses.
 .El
 .Ss Examples
 1024 33 12121.\|.\|.\|312314325 ylo@foo.bar
@@ -525,9 +525,9 @@ bits, exponent, modulus, comment.
 The fields are separated by spaces.
 .Pp
 Hostnames is a comma-separated list of patterns
-.Pf ( Ql \&* 
+.Pf ( Ql \&*
-and 
+and
-.Ql \&? 
+.Ql \&?
 act as
 wildcards); each pattern in turn is matched against the canonical host
 name (when authenticating a client) or against the user-supplied
diff --git a/sshd_config.5 b/sshd_config.5
index 8250be8d6..86b3289a1 100644
--- a/sshd_config.5
+++ b/sshd_config.5
@@ -34,7 +34,7 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: sshd_config.5,v 1.16 2003/04/30 01:16:20 mouring Exp $
+.\" $OpenBSD: sshd_config.5,v 1.17 2003/05/20 12:09:32 jmc Exp $
 .Dd September 25, 1999
 .Dt SSHD_CONFIG 5
 .Os
@@ -107,7 +107,8 @@ Specifies the file that contains the public keys that can be used
 for user authentication.
 .Cm AuthorizedKeysFile
 may contain tokens of the form %T which are substituted during connection
-set-up. The following tokens are defined: %% is replaced by a literal '%',
+set-up.
+The following tokens are defined: %% is replaced by a literal '%',
 %h is replaced by the home directory of the user being authenticated and
 %u is replaced by the username of that user.
 After expansion,
@@ -153,20 +154,24 @@ This option applies to protocol version 2 only.
 Sets the number of client alive messages (see above) which may be
 sent without
 .Nm sshd
-receiving any messages back from the client. If this threshold is
+receiving any messages back from the client.
-reached while client alive messages are being sent,
+If this threshold is reached while client alive messages are being sent,
 .Nm sshd
-will disconnect the client, terminating the session. It is important
+will disconnect the client, terminating the session.
-to note that the use of client alive messages is very different from
+It is important to note that the use of client alive messages is very
+different from
 .Cm KeepAlive
-(below). The client alive messages are sent through the
+(below).
-encrypted channel and therefore will not be spoofable. The TCP keepalive
+The client alive messages are sent through the encrypted channel
-option enabled by
+and therefore will not be spoofable.
+The TCP keepalive option enabled by
 .Cm KeepAlive
-is spoofable. The client alive mechanism is valuable when the client or
+is spoofable.
+The client alive mechanism is valuable when the client or
 server depend on knowing when a connection has become inactive.
 .Pp
-The default value is 3. If
+The default value is 3.
+If
 .Cm ClientAliveInterval
 (above) is set to 15, and
 .Cm ClientAliveCountMax
@@ -369,11 +374,12 @@ is not specified,
 .Nm sshd
 will listen on the address and all prior
 .Cm Port
-options specified. The default is to listen on all local
+options specified.
-addresses.
+The default is to listen on all local addresses.
 Multiple
 .Cm ListenAddress
-options are permitted. Additionally, any
+options are permitted.
+Additionally, any
 .Cm Port
 options must precede this option for non port qualified addresses.
 .It Cm LoginGraceTime
@@ -454,8 +460,8 @@ but only if the
 .Ar command
 option has been specified
 (which may be useful for taking remote backups even if root login is
-normally not allowed). All other authentication methods are disabled
+normally not allowed).
-for root.
+All other authentication methods are disabled for root.
 .Pp
 If this option is set to
 .Dq no
author	Damien Miller <djm@mindrot.org>	2003-05-23 18:44:23 +1000
committer	Damien Miller <djm@mindrot.org>	2003-05-23 18:44:23 +1000
commit	fbf486b4a6e0f39b3d6533a2c18d1a120e98b83c (patch)
tree	7377adcab2b512e9ab0eddab49554fc2687c6781
parent	5067792a7267cd1affe339bf7e9469ecc444eb25 (diff)

diff --git a/ChangeLog b/ChangeLog index 00681d3a8..d00d04263 100644 --- a/ChangeLog +++ b/ChangeLog
@@ -8,6 +8,9 @@
8	- added .Xr's	8	- added .Xr's
9	- typos	9	- typos
10	ok djm@	10	ok djm@
		11	- jmc@cvs.openbsd.org 2003/05/20 12:09:31
		12	[ssh.1 ssh_config.5 sshd.8 sshd_config.5 ssh-keygen.1]
		13	new sentence, new line
11		14
12	20030520	15	20030520
13	- (djm) OpenBSD CVS Sync	16	- (djm) OpenBSD CVS Sync
@@ -1596,4 +1599,4 @@
1596	save auth method before monitor_reset_key_state(); bugzilla bug #284;	1599	save auth method before monitor_reset_key_state(); bugzilla bug #284;
1597	ok provos@	1600	ok provos@
1598		1601
1599	$Id: ChangeLog,v 1.2746 2003/05/23 08:44:04 djm Exp $	1602	$Id: ChangeLog,v 1.2747 2003/05/23 08:44:23 djm Exp $


diff --git a/ssh-keygen.1 b/ssh-keygen.1 index 613d71a07..1583384af 100644 --- a/ssh-keygen.1 +++ b/ssh-keygen.1
@@ -1,4 +1,4 @@
1	.\" $OpenBSD: ssh-keygen.1,v 1.57 2003/05/14 18:16:20 jakob Exp $	1	.\" $OpenBSD: ssh-keygen.1,v 1.58 2003/05/20 12:09:31 jmc Exp $
2	.\"	2	.\"
3	.\" -- nroff --	3	.\" -- nroff --
4	.\"	4	.\"
@@ -93,8 +93,8 @@ generates, manages and converts authentication keys for
93	.Xr ssh 1 .	93	.Xr ssh 1 .
94	.Nm	94	.Nm
95	can create RSA keys for use by SSH protocol version 1 and RSA or DSA	95	can create RSA keys for use by SSH protocol version 1 and RSA or DSA
96	keys for use by SSH protocol version 2. The type of key to be generated	96	keys for use by SSH protocol version 2.
97	is specified with the	97	The type of key to be generated is specified with the
98	.Fl t	98	.Fl t
99	option.	99	option.
100	.Pp	100	.Pp


diff --git a/ssh.1 b/ssh.1 index f4b1679e3..d8af4de62 100644 --- a/ssh.1 +++ b/ssh.1
@@ -34,7 +34,7 @@
34	.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF	34	.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
35	.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.	35	.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
36	.\"	36	.\"
37	.\" $OpenBSD: ssh.1,v 1.171 2003/05/15 04:08:41 markus Exp $	37	.\" $OpenBSD: ssh.1,v 1.172 2003/05/20 12:09:31 jmc Exp $
38	.Dd September 25, 1999	38	.Dd September 25, 1999
39	.Dt SSH 1	39	.Dt SSH 1
40	.Os	40	.Os
@@ -488,8 +488,8 @@ It is possible to have multiple
488	options (and multiple identities specified in	488	options (and multiple identities specified in
489	configuration files).	489	configuration files).
490	.It Fl I Ar smartcard_device	490	.It Fl I Ar smartcard_device
491	Specifies which smartcard device to use. The argument is	491	Specifies which smartcard device to use.
492	the device	492	The argument is the device
493	.Nm	493	.Nm
494	should use to communicate with a smartcard used for storing the user's	494	should use to communicate with a smartcard used for storing the user's
495	private RSA key.	495	private RSA key.
@@ -542,9 +542,10 @@ per-host basis in the configuration file.
542	Quiet mode.	542	Quiet mode.
543	Causes all warning and diagnostic messages to be suppressed.	543	Causes all warning and diagnostic messages to be suppressed.
544	.It Fl s	544	.It Fl s
545	May be used to request invocation of a subsystem on the remote system. Subsystems are a feature of the SSH2 protocol which facilitate the use	545	May be used to request invocation of a subsystem on the remote system.
546	of SSH as a secure transport for other applications (eg. sftp). The	546	Subsystems are a feature of the SSH2 protocol which facilitate the use
547	subsystem is specified as the remote command.	547	of SSH as a secure transport for other applications (eg. sftp).
		548	The subsystem is specified as the remote command.
548	.It Fl t	549	.It Fl t
549	Force pseudo-tty allocation.	550	Force pseudo-tty allocation.
550	This can be used to execute arbitrary	551	This can be used to execute arbitrary


diff --git a/ssh_config.5 b/ssh_config.5 index 67166b758..99050d38a 100644 --- a/ssh_config.5 +++ b/ssh_config.5
@@ -34,7 +34,7 @@
34	.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF	34	.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
35	.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.	35	.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
36	.\"	36	.\"
37	.\" $OpenBSD: ssh_config.5,v 1.10 2003/05/16 03:27:12 djm Exp $	37	.\" $OpenBSD: ssh_config.5,v 1.11 2003/05/20 12:09:32 jmc Exp $
38	.Dd September 25, 1999	38	.Dd September 25, 1999
39	.Dt SSH_CONFIG 5	39	.Dt SSH_CONFIG 5
40	.Os	40	.Os
@@ -116,7 +116,8 @@ The host is the
116	argument given on the command line (i.e., the name is not converted to	116	argument given on the command line (i.e., the name is not converted to
117	a canonicalized host name before matching).	117	a canonicalized host name before matching).
118	.It Cm AddressFamily	118	.It Cm AddressFamily
119	Specifies which address family to use when connecting. Valid arguments are	119	Specifies which address family to use when connecting.
		120	Valid arguments are
120	.Dq any ,	121	.Dq any ,
121	.Dq inet	122	.Dq inet
122	(Use IPv4 only) or	123	(Use IPv4 only) or
@@ -236,9 +237,9 @@ This may be useful in scripts if the connection sometimes fails.
236	The default is 1.	237	The default is 1.
237	.It Cm ConnectTimeout	238	.It Cm ConnectTimeout
238	Specifies the timeout (in seconds) used when connecting to the ssh	239	Specifies the timeout (in seconds) used when connecting to the ssh
239	server, instead of using the default system TCP timeout. This value is	240	server, instead of using the default system TCP timeout.
240	used only when the target is down or really unreachable, not when it	241	This value is used only when the target is down or really unreachable,
241	refuses the connection.	242	not when it refuses the connection.
242	.It Cm DynamicForward	243	.It Cm DynamicForward
243	Specifies that a TCP/IP port on the local machine be forwarded	244	Specifies that a TCP/IP port on the local machine be forwarded
244	over the secure channel, and the application	245	over the secure channel, and the application
@@ -351,7 +352,8 @@ Numeric IP addresses are also permitted (both on the command line and in
351	specifications).	352	specifications).
352	.It Cm IdentityFile	353	.It Cm IdentityFile
353	Specifies a file from which the user's RSA or DSA authentication identity	354	Specifies a file from which the user's RSA or DSA authentication identity
354	is read. The default is	355	is read.
		356	The default is
355	.Pa $HOME/.ssh/identity	357	.Pa $HOME/.ssh/identity
356	for protocol version 1, and	358	for protocol version 1, and
357	.Pa $HOME/.ssh/id_rsa	359	.Pa $HOME/.ssh/id_rsa
@@ -448,7 +450,8 @@ Specifies the port number to connect on the remote host.
448	Default is 22.	450	Default is 22.
449	.It Cm PreferredAuthentications	451	.It Cm PreferredAuthentications
450	Specifies the order in which the client should try protocol 2	452	Specifies the order in which the client should try protocol 2
451	authentication methods. This allows a client to prefer one method (e.g.	453	authentication methods.
		454	This allows a client to prefer one method (e.g.
452	.Cm keyboard-interactive )	455	.Cm keyboard-interactive )
453	over another method (e.g.	456	over another method (e.g.
454	.Cm password )	457	.Cm password )
@@ -561,12 +564,12 @@ The default is
561	.Dq yes .	564	.Dq yes .
562	Note that this option applies to protocol version 1 only.	565	Note that this option applies to protocol version 1 only.
563	.It Cm SmartcardDevice	566	.It Cm SmartcardDevice
564	Specifies which smartcard device to use. The argument to this keyword is	567	Specifies which smartcard device to use.
565	the device	568	The argument to this keyword is the device
566	.Nm ssh	569	.Nm ssh
567	should use to communicate with a smartcard used for storing the user's	570	should use to communicate with a smartcard used for storing the user's
568	private RSA key. By default, no device is specified and smartcard support	571	private RSA key.
569	is not activated.	572	By default, no device is specified and smartcard support is not activated.
570	.It Cm StrictHostKeyChecking	573	.It Cm StrictHostKeyChecking
571	If this flag is set to	574	If this flag is set to
572	.Dq yes ,	575	.Dq yes ,


diff --git a/sshd.8 b/sshd.8 index f7464d95b..827f4f77c 100644 --- a/sshd.8 +++ b/sshd.8
@@ -34,7 +34,7 @@
34	.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF	34	.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
35	.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.	35	.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
36	.\"	36	.\"
37	.\" $OpenBSD: sshd.8,v 1.196 2003/04/30 20:41:07 david Exp $	37	.\" $OpenBSD: sshd.8,v 1.197 2003/05/20 12:09:32 jmc Exp $
38	.Dd September 25, 1999	38	.Dd September 25, 1999
39	.Dt SSHD 8	39	.Dt SSHD 8
40	.Os	40	.Os
@@ -497,9 +497,9 @@ IPv6 addresses can be specified with an alternative syntax:
497	.Ar host/port .	497	.Ar host/port .
498	Multiple	498	Multiple
499	.Cm permitopen	499	.Cm permitopen
500	options may be applied separated by commas. No pattern matching is	500	options may be applied separated by commas.
501	performed on the specified hostnames, they must be literal domains or	501	No pattern matching is performed on the specified hostnames,
502	addresses.	502	they must be literal domains or addresses.
503	.El	503	.El
504	.Ss Examples	504	.Ss Examples
505	1024 33 12121.\\|.\\|.\\|312314325 ylo@foo.bar	505	1024 33 12121.\\|.\\|.\\|312314325 ylo@foo.bar
@@ -525,9 +525,9 @@ bits, exponent, modulus, comment.
525	The fields are separated by spaces.	525	The fields are separated by spaces.
526	.Pp	526	.Pp
527	Hostnames is a comma-separated list of patterns	527	Hostnames is a comma-separated list of patterns
528	.Pf ( Ql \&*	528	.Pf ( Ql \&*
529	and	529	and
530	.Ql \&?	530	.Ql \&?
531	act as	531	act as
532	wildcards); each pattern in turn is matched against the canonical host	532	wildcards); each pattern in turn is matched against the canonical host
533	name (when authenticating a client) or against the user-supplied	533	name (when authenticating a client) or against the user-supplied


diff --git a/sshd_config.5 b/sshd_config.5 index 8250be8d6..86b3289a1 100644 --- a/sshd_config.5 +++ b/sshd_config.5
@@ -34,7 +34,7 @@
34	.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF	34	.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
35	.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.	35	.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
36	.\"	36	.\"
37	.\" $OpenBSD: sshd_config.5,v 1.16 2003/04/30 01:16:20 mouring Exp $	37	.\" $OpenBSD: sshd_config.5,v 1.17 2003/05/20 12:09:32 jmc Exp $
38	.Dd September 25, 1999	38	.Dd September 25, 1999
39	.Dt SSHD_CONFIG 5	39	.Dt SSHD_CONFIG 5
40	.Os	40	.Os
@@ -107,7 +107,8 @@ Specifies the file that contains the public keys that can be used
107	for user authentication.	107	for user authentication.
108	.Cm AuthorizedKeysFile	108	.Cm AuthorizedKeysFile
109	may contain tokens of the form %T which are substituted during connection	109	may contain tokens of the form %T which are substituted during connection
110	set-up. The following tokens are defined: %% is replaced by a literal '%',	110	set-up.
		111	The following tokens are defined: %% is replaced by a literal '%',
111	%h is replaced by the home directory of the user being authenticated and	112	%h is replaced by the home directory of the user being authenticated and
112	%u is replaced by the username of that user.	113	%u is replaced by the username of that user.
113	After expansion,	114	After expansion,
@@ -153,20 +154,24 @@ This option applies to protocol version 2 only.
153	Sets the number of client alive messages (see above) which may be	154	Sets the number of client alive messages (see above) which may be
154	sent without	155	sent without
155	.Nm sshd	156	.Nm sshd
156	receiving any messages back from the client. If this threshold is	157	receiving any messages back from the client.
157	reached while client alive messages are being sent,	158	If this threshold is reached while client alive messages are being sent,
158	.Nm sshd	159	.Nm sshd
159	will disconnect the client, terminating the session. It is important	160	will disconnect the client, terminating the session.
160	to note that the use of client alive messages is very different from	161	It is important to note that the use of client alive messages is very
		162	different from
161	.Cm KeepAlive	163	.Cm KeepAlive
162	(below). The client alive messages are sent through the	164	(below).
163	encrypted channel and therefore will not be spoofable. The TCP keepalive	165	The client alive messages are sent through the encrypted channel
164	option enabled by	166	and therefore will not be spoofable.
		167	The TCP keepalive option enabled by
165	.Cm KeepAlive	168	.Cm KeepAlive
166	is spoofable. The client alive mechanism is valuable when the client or	169	is spoofable.
		170	The client alive mechanism is valuable when the client or
167	server depend on knowing when a connection has become inactive.	171	server depend on knowing when a connection has become inactive.
168	.Pp	172	.Pp
169	The default value is 3. If	173	The default value is 3.
		174	If
170	.Cm ClientAliveInterval	175	.Cm ClientAliveInterval
171	(above) is set to 15, and	176	(above) is set to 15, and
172	.Cm ClientAliveCountMax	177	.Cm ClientAliveCountMax
@@ -369,11 +374,12 @@ is not specified,
369	.Nm sshd	374	.Nm sshd
370	will listen on the address and all prior	375	will listen on the address and all prior
371	.Cm Port	376	.Cm Port
372	options specified. The default is to listen on all local	377	options specified.
373	addresses.	378	The default is to listen on all local addresses.
374	Multiple	379	Multiple
375	.Cm ListenAddress	380	.Cm ListenAddress
376	options are permitted. Additionally, any	381	options are permitted.
		382	Additionally, any
377	.Cm Port	383	.Cm Port
378	options must precede this option for non port qualified addresses.	384	options must precede this option for non port qualified addresses.
379	.It Cm LoginGraceTime	385	.It Cm LoginGraceTime
@@ -454,8 +460,8 @@ but only if the
454	.Ar command	460	.Ar command
455	option has been specified	461	option has been specified
456	(which may be useful for taking remote backups even if root login is	462	(which may be useful for taking remote backups even if root login is
457	normally not allowed). All other authentication methods are disabled	463	normally not allowed).
458	for root.	464	All other authentication methods are disabled for root.
459	.Pp	465	.Pp
460	If this option is set to	466	If this option is set to
461	.Dq no	467	.Dq no