* New upstream release (http://www.openssh.org/txt/release-5.9).

  - Introduce sandboxing of the pre-auth privsep child using an optional
    sshd_config(5) "UsePrivilegeSeparation=sandbox" mode that enables
    mandatory restrictions on the syscalls the privsep child can perform.
  - Add new SHA256-based HMAC transport integrity modes from
    http://www.ietf.org/id/draft-dbider-sha2-mac-for-ssh-02.txt.
  - The pre-authentication sshd(8) privilege separation slave process now
    logs via a socket shared with the master process, avoiding the need to
    maintain /dev/log inside the chroot (closes: #75043, #429243,
    #599240).
  - ssh(1) now warns when a server refuses X11 forwarding (closes:
    #504757).
  - sshd_config(5)'s AuthorizedKeysFile now accepts multiple paths,
    separated by whitespace (closes: #76312).  The authorized_keys2
    fallback is deprecated but documented (closes: #560156).
  - ssh(1) and sshd(8): set IPv6 traffic class from IPQoS, as well as IPv4
    ToS/DSCP (closes: #498297).
  - ssh-add(1) now accepts keys piped from standard input.  E.g. "ssh-add
    - < /path/to/key" (closes: #229124).
  - Clean up lost-passphrase text in ssh-keygen(1) (closes: #444691).
  - Say "required" rather than "recommended" in unprotected-private-key
    warning (LP: #663455).

1 files changed, 10 insertions, 5 deletions

diff --git a/ssh.1 b/ssh.1
index e0f237966..d20a5671e 100644
--- a/ssh.1
+++ b/ssh.1
@@ -33,8 +33,8 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: ssh.1,v 1.316 2010/11/18 15:01:00 jmc Exp $
-.Dd $Mdocdate: November 18 2010 $
+.\" $OpenBSD: ssh.1,v 1.320 2011/08/02 01:22:11 djm Exp $
+.Dd $Mdocdate: August 2 2011 $
 .Dt SSH 1
 .Os
 .Sh NAME
@@ -392,9 +392,11 @@ Valid commands are:
 .Dq check
 (check that the master process is running),
 .Dq forward
-(request forwardings without command execution) and
+(request forwardings without command execution),
 .Dq exit
-(request the master to exit).
+(request the master to exit), and
+.Dq stop
+(request the master to stop accepting further multiplexing requests).
 .It Fl o Ar option
 Can be used to give options in the format used in the configuration file.
 This is useful for specifying options for which there is no separate
@@ -454,6 +456,7 @@ For full details of the options listed below, and their possible values, see
 .It PubkeyAuthentication
 .It RekeyLimit
 .It RemoteForward
+.It RequestTTY
 .It RhostsRSAAuthentication
 .It RSAAuthentication
 .It SendEnv
@@ -664,7 +667,9 @@ Both protocols support similar authentication methods,
 but protocol 2 is the default since
 it provides additional mechanisms for confidentiality
 (the traffic is encrypted using AES, 3DES, Blowfish, CAST128, or Arcfour)
-and integrity (hmac-md5, hmac-sha1, umac-64, hmac-ripemd160).
+and integrity (hmac-md5, hmac-sha1,
+hmac-sha2-256, hmac-sha2-512,
+umac-64, hmac-ripemd160).
 Protocol 1 lacks a strong mechanism for ensuring the
 integrity of the connection.
 .Pp