Import openssh_7.6p1.orig.tar.gz

author: Colin Watson <cjwatson@debian.org> 2017-10-04 11:23:58 +0100
committer: Colin Watson <cjwatson@debian.org> 2017-10-04 11:23:58 +0100
commit: 62f54f20bf351468e0124f63cc2902ee40d9b0e9 (patch)
tree: 3e090f2711b94ca5029d3fa3e8047b1ed1448b1f /ssh_config.0
parent: 6fabaf6fd9b07cc8bc6a17c9c4a5b76849cfc874 (diff)
parent: 66bf74a92131b7effe49fb0eefe5225151869dc5 (diff)
1 files changed, 64 insertions, 83 deletions
diff --git a/ssh_config.0 b/ssh_config.0
index ade8e6562..9493953ab 100644
--- a/ssh_config.0
+++ b/ssh_config.0
@@ -3,10 +3,6 @@ SSH_CONFIG(5)                 File Formats Manual                SSH_CONFIG(5)
 NAME
     ssh_config M-bM-^@M-^S OpenSSH SSH client configuration files
-SYNOPSIS
-     ~/.ssh/config
-     /etc/ssh/ssh_config
 DESCRIPTION
     ssh(1) obtains configuration data from the following sources in the
     following order:
@@ -189,21 +185,14 @@ DESCRIPTION
             process, regardless of the setting of StrictHostKeyChecking.  If
             the option is set to no, the check will not be executed.
-     Cipher  Specifies the cipher to use for encrypting the session in
-             protocol version 1.  Currently, blowfish, 3des (the default), and
-             des are supported, though des is only supported in the ssh(1)
-             client for interoperability with legacy protocol 1
-             implementations; its use is strongly discouraged due to
-             cryptographic weaknesses.
     Ciphers
-             Specifies the ciphers allowed for protocol version 2 in order of
+             Specifies the ciphers allowed and their order of preference.
-             preference.  Multiple ciphers must be comma-separated.  If the
+             Multiple ciphers must be comma-separated.  If the specified value
-             specified value begins with a M-bM-^@M-^X+M-bM-^@M-^Y character, then the specified
+             begins with a M-bM-^@M-^X+M-bM-^@M-^Y character, then the specified ciphers will be
-             ciphers will be appended to the default set instead of replacing
+             appended to the default set instead of replacing them.  If the
-             them.  If the specified value begins with a M-bM-^@M-^X-M-bM-^@M-^Y character, then
+             specified value begins with a M-bM-^@M-^X-M-bM-^@M-^Y character, then the specified
-             the specified ciphers (including wildcards) will be removed from
+             ciphers (including wildcards) will be removed from the default
-             the default set instead of replacing them.
+             set instead of replacing them.
             The supported ciphers are:
@@ -216,11 +205,6 @@ DESCRIPTION
                   aes256-ctr
                   aes128-gcm@openssh.com
                   aes256-gcm@openssh.com
-                   arcfour
-                   arcfour128
-                   arcfour256
-                   blowfish-cbc
-                   cast128-cbc
                   chacha20-poly1305@openssh.com
             The default is:
@@ -245,13 +229,6 @@ DESCRIPTION
             Specifies whether to use compression.  The argument must be yes
             or no (the default).
-     CompressionLevel
-             Specifies the compression level to use if compression is enabled.
-             The argument must be an integer from 1 (fast) to 9 (slow, best).
-             The default level is 6, which is good for most applications.  The
-             meaning of the values is the same as in gzip(1).  Note that this
-             option applies to protocol version 1 only.
     ConnectionAttempts
             Specifies the number of tries (one per second) to make before
             exiting.  The argument must be an integer.  This may be useful in
@@ -491,8 +468,9 @@ DESCRIPTION
     HostKeyAlias
             Specifies an alias that should be used instead of the real host
             name when looking up or saving the host key in the host key
-             database files.  This option is useful for tunneling SSH
+             database files and when validating host certificates.  This
-             connections or for multiple servers running on a single host.
+             option is useful for tunneling SSH connections or for multiple
+             servers running on a single host.
     HostName
             Specifies the real host name to log into.  This can be used to
@@ -526,9 +504,8 @@ DESCRIPTION
     IdentityFile
             Specifies a file from which the user's DSA, ECDSA, Ed25519 or RSA
-             authentication identity is read.  The default is ~/.ssh/identity
+             authentication identity is read.  The default is ~/.ssh/id_dsa,
-             for protocol version 1, and ~/.ssh/id_dsa, ~/.ssh/id_ecdsa,
+             ~/.ssh/id_ecdsa, ~/.ssh/id_ed25519 and ~/.ssh/id_rsa.
-             ~/.ssh/id_ed25519 and ~/.ssh/id_rsa for protocol version 2.
             Additionally, any identities represented by the authentication
             agent will be used for authentication unless IdentitiesOnly is
             set.  If no certificates have been explicitly specified by
@@ -573,13 +550,14 @@ DESCRIPTION
     IPQoS   Specifies the IPv4 type-of-service or DSCP class for connections.
             Accepted values are af11, af12, af13, af21, af22, af23, af31,
             af32, af33, af41, af42, af43, cs0, cs1, cs2, cs3, cs4, cs5, cs6,
-             cs7, ef, lowdelay, throughput, reliability, or a numeric value.
+             cs7, ef, lowdelay, throughput, reliability, a numeric value, or
-             This option may take one or two arguments, separated by
+             none to use the operating system default.  This option may take
-             whitespace.  If one argument is specified, it is used as the
+             one or two arguments, separated by whitespace.  If one argument
-             packet class unconditionally.  If two values are specified, the
+             is specified, it is used as the packet class unconditionally.  If
-             first is automatically selected for interactive sessions and the
+             two values are specified, the first is automatically selected for
-             second for non-interactive sessions.  The default is lowdelay for
+             interactive sessions and the second for non-interactive sessions.
-             interactive sessions and throughput for non-interactive sessions.
+             The default is lowdelay for interactive sessions and throughput
+             for non-interactive sessions.
     KbdInteractiveAuthentication
             Specifies whether to use keyboard-interactive authentication.
@@ -712,15 +690,6 @@ DESCRIPTION
                   gssapi-with-mic,hostbased,publickey,
                   keyboard-interactive,password
-     Protocol
-             Specifies the protocol versions ssh(1) should support in order of
-             preference.  The possible values are 1 and 2.  Multiple versions
-             must be comma-separated.  When this option is set to 2,1 ssh will
-             try version 2 and fall back to version 1 if version 2 is not
-             available.  The default is version 2.  Protocol 1 suffers from a
-             number of cryptographic weaknesses and should not be used.  It is
-             only offered to support legacy devices.
     ProxyCommand
             Specifies the command to use to connect to the server.  The
             command string extends to the end of the line, and is executed
@@ -799,15 +768,29 @@ DESCRIPTION
             rekeying is performed after the cipher's default amount of data
             has been sent or received and no time based rekeying is done.
+     RemoteCommand
+             Specifies a command to execute on the remote machine after
+             successfully connecting to the server.  The command string
+             extends to the end of the line, and is executed with the user's
+             shell.  Arguments to RemoteCommand accept the tokens described in
+             the TOKENS section.
     RemoteForward
             Specifies that a TCP port on the remote machine be forwarded over
-             the secure channel to the specified host and port from the local
+             the secure channel.  The remote port may either be fowarded to a
-             machine.  The first argument must be [bind_address:]port and the
+             specified host and port from the local machine, or may act as a
-             second argument must be host:hostport.  IPv6 addresses can be
+             SOCKS 4/5 proxy that allows a remote client to connect to
-             specified by enclosing addresses in square brackets.  Multiple
+             arbitrary destinations from the local machine.  The first
-             forwardings may be specified, and additional forwardings can be
+             argument must be [bind_address:]port If forwarding to a specific
-             given on the command line.  Privileged ports can be forwarded
+             destination then the second argument must be host:hostport,
-             only when logging in as root on the remote machine.
+             otherwise if no destination argument is specified then the remote
+             forwarding will be established as a SOCKS proxy.
+             IPv6 addresses can be specified by enclosing addresses in square
+             brackets.  Multiple forwardings may be specified, and additional
+             forwardings can be given on the command line.  Privileged ports
+             can be forwarded only when logging in as root on the remote
+             machine.
             If the port argument is 0, the listen port will be dynamically
             allocated on the server and reported to the client at run time.
@@ -835,19 +818,6 @@ DESCRIPTION
             List (KRL) as generated by ssh-keygen(1).  For more information
             on KRLs, see the KEY REVOCATION LISTS section in ssh-keygen(1).
-     RhostsRSAAuthentication
-             Specifies whether to try rhosts based authentication with RSA
-             host authentication.  The argument must be yes or no (the
-             default).  This option applies to protocol version 1 only and
-             requires ssh(1) to be setuid root.
-     RSAAuthentication
-             Specifies whether to try RSA authentication.  The argument to
-             this keyword must be yes (the default) or no.  RSA authentication
-             will only be attempted if the identity file exists, or an
-             authentication agent is running.  Note that this option applies
-             to protocol version 1 only.
     SendEnv
             Specifies what variables from the local environ(7) should be sent
             to the server.  The server must also support it, and the server
@@ -916,14 +886,25 @@ DESCRIPTION
             protection against trojan horse attacks, though it can be
             annoying when the /etc/ssh/ssh_known_hosts file is poorly
             maintained or when connections to new hosts are frequently made.
-             This option forces the user to manually add all new hosts.  If
+             This option forces the user to manually add all new hosts.
-             this flag is set to no, ssh will automatically add new host keys
-             to the user known hosts files.  If this flag is set to ask (the
+             If this flag is set to M-bM-^@M-^\accept-newM-bM-^@M-^] then ssh will automatically
-             default), new host keys will be added to the user known host
+             add new host keys to the user known hosts files, but will not
-             files only after the user has confirmed that is what they really
+             permit connections to hosts with changed host keys.  If this flag
-             want to do, and ssh will refuse to connect to hosts whose host
+             is set to M-bM-^@M-^\noM-bM-^@M-^] or M-bM-^@M-^\offM-bM-^@M-^], ssh will automatically add new host keys
-             key has changed.  The host keys of known hosts will be verified
+             to the user known hosts files and allow connections to hosts with
-             automatically in all cases.
+             changed hostkeys to proceed, subject to some restrictions.  If
+             this flag is set to ask (the default), new host keys will be
+             added to the user known host files only after the user has
+             confirmed that is what they really want to do, and ssh will
+             refuse to connect to hosts whose host key has changed.  The host
+             keys of known hosts will be verified automatically in all cases.
+     SyslogFacility
+             Gives the facility code that is used when logging messages from
+             ssh(1).  The possible values are: DAEMON, USER, AUTH, LOCAL0,
+             LOCAL1, LOCAL2, LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7.  The
+             default is USER.
     TCPKeepAlive
             Specifies whether the system should send TCP keepalive messages
@@ -973,9 +954,7 @@ DESCRIPTION
     UsePrivilegedPort
             Specifies whether to use a privileged port for outgoing
             connections.  The argument must be yes or no (the default).  If
-             set to yes, ssh(1) must be setuid root.  Note that this option
+             set to yes, ssh(1) must be setuid root.
-             must be set to yes for RhostsRSAAuthentication with older
-             servers.
     User    Specifies the user to log in as.  This can be useful when a
             different user name is used on different machines.  This saves
@@ -1065,6 +1044,8 @@ TOKENS
     ProxyCommand accepts the tokens %%, %h, %p, and %r.
+     RemoteCommand accepts the tokens %%, %C, %d, %h, %l, %n, %p, %r, and %u.
 FILES
     ~/.ssh/config
             This is the per-user configuration file.  The format of this file
@@ -1089,4 +1070,4 @@ AUTHORS
     created OpenSSH.  Markus Friedl contributed the support for SSH protocol
     versions 1.5 and 2.0.
-OpenBSD 6.0                    February 27, 2017                   OpenBSD 6.0
+OpenBSD 6.2                   September 21, 2017                   OpenBSD 6.2
author	Colin Watson <cjwatson@debian.org>	2017-10-04 11:23:58 +0100
committer	Colin Watson <cjwatson@debian.org>	2017-10-04 11:23:58 +0100
commit	62f54f20bf351468e0124f63cc2902ee40d9b0e9 (patch)
tree	3e090f2711b94ca5029d3fa3e8047b1ed1448b1f /ssh_config.0
parent	6fabaf6fd9b07cc8bc6a17c9c4a5b76849cfc874 (diff)
parent	66bf74a92131b7effe49fb0eefe5225151869dc5 (diff)

diff --git a/ssh_config.0 b/ssh_config.0 index ade8e6562..9493953ab 100644 --- a/ssh_config.0 +++ b/ssh_config.0
@@ -3,10 +3,6 @@ SSH_CONFIG(5) File Formats Manual SSH_CONFIG(5)
3	NAME	3	NAME
4	ssh_config M-bM-^@M-^S OpenSSH SSH client configuration files	4	ssh_config M-bM-^@M-^S OpenSSH SSH client configuration files
5		5
6	SYNOPSIS
7	~/.ssh/config
8	/etc/ssh/ssh_config
9
10	DESCRIPTION	6	DESCRIPTION
11	ssh(1) obtains configuration data from the following sources in the	7	ssh(1) obtains configuration data from the following sources in the
12	following order:	8	following order:
@@ -189,21 +185,14 @@ DESCRIPTION
189	process, regardless of the setting of StrictHostKeyChecking. If	185	process, regardless of the setting of StrictHostKeyChecking. If
190	the option is set to no, the check will not be executed.	186	the option is set to no, the check will not be executed.
191		187
192	Cipher Specifies the cipher to use for encrypting the session in
193	protocol version 1. Currently, blowfish, 3des (the default), and
194	des are supported, though des is only supported in the ssh(1)
195	client for interoperability with legacy protocol 1
196	implementations; its use is strongly discouraged due to
197	cryptographic weaknesses.
198
199	Ciphers	188	Ciphers
200	Specifies the ciphers allowed for protocol version 2 in order of	189	Specifies the ciphers allowed and their order of preference.
201	preference. Multiple ciphers must be comma-separated. If the	190	Multiple ciphers must be comma-separated. If the specified value
202	specified value begins with a M-bM-^@M-^X+M-bM-^@M-^Y character, then the specified	191	begins with a M-bM-^@M-^X+M-bM-^@M-^Y character, then the specified ciphers will be
203	ciphers will be appended to the default set instead of replacing	192	appended to the default set instead of replacing them. If the
204	them. If the specified value begins with a M-bM-^@M-^X-M-bM-^@M-^Y character, then	193	specified value begins with a M-bM-^@M-^X-M-bM-^@M-^Y character, then the specified
205	the specified ciphers (including wildcards) will be removed from	194	ciphers (including wildcards) will be removed from the default
206	the default set instead of replacing them.	195	set instead of replacing them.
207		196
208	The supported ciphers are:	197	The supported ciphers are:
209		198
@@ -216,11 +205,6 @@ DESCRIPTION
216	aes256-ctr	205	aes256-ctr
217	aes128-gcm@openssh.com	206	aes128-gcm@openssh.com
218	aes256-gcm@openssh.com	207	aes256-gcm@openssh.com
219	arcfour
220	arcfour128
221	arcfour256
222	blowfish-cbc
223	cast128-cbc
224	chacha20-poly1305@openssh.com	208	chacha20-poly1305@openssh.com
225		209
226	The default is:	210	The default is:
@@ -245,13 +229,6 @@ DESCRIPTION
245	Specifies whether to use compression. The argument must be yes	229	Specifies whether to use compression. The argument must be yes
246	or no (the default).	230	or no (the default).
247		231
248	CompressionLevel
249	Specifies the compression level to use if compression is enabled.
250	The argument must be an integer from 1 (fast) to 9 (slow, best).
251	The default level is 6, which is good for most applications. The
252	meaning of the values is the same as in gzip(1). Note that this
253	option applies to protocol version 1 only.
254
255	ConnectionAttempts	232	ConnectionAttempts
256	Specifies the number of tries (one per second) to make before	233	Specifies the number of tries (one per second) to make before
257	exiting. The argument must be an integer. This may be useful in	234	exiting. The argument must be an integer. This may be useful in
@@ -491,8 +468,9 @@ DESCRIPTION
491	HostKeyAlias	468	HostKeyAlias
492	Specifies an alias that should be used instead of the real host	469	Specifies an alias that should be used instead of the real host
493	name when looking up or saving the host key in the host key	470	name when looking up or saving the host key in the host key
494	database files. This option is useful for tunneling SSH	471	database files and when validating host certificates. This
495	connections or for multiple servers running on a single host.	472	option is useful for tunneling SSH connections or for multiple
		473	servers running on a single host.
496		474
497	HostName	475	HostName
498	Specifies the real host name to log into. This can be used to	476	Specifies the real host name to log into. This can be used to
@@ -526,9 +504,8 @@ DESCRIPTION
526		504
527	IdentityFile	505	IdentityFile
528	Specifies a file from which the user's DSA, ECDSA, Ed25519 or RSA	506	Specifies a file from which the user's DSA, ECDSA, Ed25519 or RSA
529	authentication identity is read. The default is ~/.ssh/identity	507	authentication identity is read. The default is ~/.ssh/id_dsa,
530	for protocol version 1, and ~/.ssh/id_dsa, ~/.ssh/id_ecdsa,	508	~/.ssh/id_ecdsa, ~/.ssh/id_ed25519 and ~/.ssh/id_rsa.
531	~/.ssh/id_ed25519 and ~/.ssh/id_rsa for protocol version 2.
532	Additionally, any identities represented by the authentication	509	Additionally, any identities represented by the authentication
533	agent will be used for authentication unless IdentitiesOnly is	510	agent will be used for authentication unless IdentitiesOnly is
534	set. If no certificates have been explicitly specified by	511	set. If no certificates have been explicitly specified by
@@ -573,13 +550,14 @@ DESCRIPTION
573	IPQoS Specifies the IPv4 type-of-service or DSCP class for connections.	550	IPQoS Specifies the IPv4 type-of-service or DSCP class for connections.
574	Accepted values are af11, af12, af13, af21, af22, af23, af31,	551	Accepted values are af11, af12, af13, af21, af22, af23, af31,
575	af32, af33, af41, af42, af43, cs0, cs1, cs2, cs3, cs4, cs5, cs6,	552	af32, af33, af41, af42, af43, cs0, cs1, cs2, cs3, cs4, cs5, cs6,
576	cs7, ef, lowdelay, throughput, reliability, or a numeric value.	553	cs7, ef, lowdelay, throughput, reliability, a numeric value, or
577	This option may take one or two arguments, separated by	554	none to use the operating system default. This option may take
578	whitespace. If one argument is specified, it is used as the	555	one or two arguments, separated by whitespace. If one argument
579	packet class unconditionally. If two values are specified, the	556	is specified, it is used as the packet class unconditionally. If
580	first is automatically selected for interactive sessions and the	557	two values are specified, the first is automatically selected for
581	second for non-interactive sessions. The default is lowdelay for	558	interactive sessions and the second for non-interactive sessions.
582	interactive sessions and throughput for non-interactive sessions.	559	The default is lowdelay for interactive sessions and throughput
		560	for non-interactive sessions.
583		561
584	KbdInteractiveAuthentication	562	KbdInteractiveAuthentication
585	Specifies whether to use keyboard-interactive authentication.	563	Specifies whether to use keyboard-interactive authentication.
@@ -712,15 +690,6 @@ DESCRIPTION
712	gssapi-with-mic,hostbased,publickey,	690	gssapi-with-mic,hostbased,publickey,
713	keyboard-interactive,password	691	keyboard-interactive,password
714		692
715	Protocol
716	Specifies the protocol versions ssh(1) should support in order of
717	preference. The possible values are 1 and 2. Multiple versions
718	must be comma-separated. When this option is set to 2,1 ssh will
719	try version 2 and fall back to version 1 if version 2 is not
720	available. The default is version 2. Protocol 1 suffers from a
721	number of cryptographic weaknesses and should not be used. It is
722	only offered to support legacy devices.
723
724	ProxyCommand	693	ProxyCommand
725	Specifies the command to use to connect to the server. The	694	Specifies the command to use to connect to the server. The
726	command string extends to the end of the line, and is executed	695	command string extends to the end of the line, and is executed
@@ -799,15 +768,29 @@ DESCRIPTION
799	rekeying is performed after the cipher's default amount of data	768	rekeying is performed after the cipher's default amount of data
800	has been sent or received and no time based rekeying is done.	769	has been sent or received and no time based rekeying is done.
801		770
		771	RemoteCommand
		772	Specifies a command to execute on the remote machine after
		773	successfully connecting to the server. The command string
		774	extends to the end of the line, and is executed with the user's
		775	shell. Arguments to RemoteCommand accept the tokens described in
		776	the TOKENS section.
		777
802	RemoteForward	778	RemoteForward
803	Specifies that a TCP port on the remote machine be forwarded over	779	Specifies that a TCP port on the remote machine be forwarded over
804	the secure channel to the specified host and port from the local	780	the secure channel. The remote port may either be fowarded to a
805	machine. The first argument must be [bind_address:]port and the	781	specified host and port from the local machine, or may act as a
806	second argument must be host:hostport. IPv6 addresses can be	782	SOCKS 4/5 proxy that allows a remote client to connect to
807	specified by enclosing addresses in square brackets. Multiple	783	arbitrary destinations from the local machine. The first
808	forwardings may be specified, and additional forwardings can be	784	argument must be [bind_address:]port If forwarding to a specific
809	given on the command line. Privileged ports can be forwarded	785	destination then the second argument must be host:hostport,
810	only when logging in as root on the remote machine.	786	otherwise if no destination argument is specified then the remote
		787	forwarding will be established as a SOCKS proxy.
		788
		789	IPv6 addresses can be specified by enclosing addresses in square
		790	brackets. Multiple forwardings may be specified, and additional
		791	forwardings can be given on the command line. Privileged ports
		792	can be forwarded only when logging in as root on the remote
		793	machine.
811		794
812	If the port argument is 0, the listen port will be dynamically	795	If the port argument is 0, the listen port will be dynamically
813	allocated on the server and reported to the client at run time.	796	allocated on the server and reported to the client at run time.
@@ -835,19 +818,6 @@ DESCRIPTION
835	List (KRL) as generated by ssh-keygen(1). For more information	818	List (KRL) as generated by ssh-keygen(1). For more information
836	on KRLs, see the KEY REVOCATION LISTS section in ssh-keygen(1).	819	on KRLs, see the KEY REVOCATION LISTS section in ssh-keygen(1).
837		820
838	RhostsRSAAuthentication
839	Specifies whether to try rhosts based authentication with RSA
840	host authentication. The argument must be yes or no (the
841	default). This option applies to protocol version 1 only and
842	requires ssh(1) to be setuid root.
843
844	RSAAuthentication
845	Specifies whether to try RSA authentication. The argument to
846	this keyword must be yes (the default) or no. RSA authentication
847	will only be attempted if the identity file exists, or an
848	authentication agent is running. Note that this option applies
849	to protocol version 1 only.
850
851	SendEnv	821	SendEnv
852	Specifies what variables from the local environ(7) should be sent	822	Specifies what variables from the local environ(7) should be sent
853	to the server. The server must also support it, and the server	823	to the server. The server must also support it, and the server
@@ -916,14 +886,25 @@ DESCRIPTION
916	protection against trojan horse attacks, though it can be	886	protection against trojan horse attacks, though it can be
917	annoying when the /etc/ssh/ssh_known_hosts file is poorly	887	annoying when the /etc/ssh/ssh_known_hosts file is poorly
918	maintained or when connections to new hosts are frequently made.	888	maintained or when connections to new hosts are frequently made.
919	This option forces the user to manually add all new hosts. If	889	This option forces the user to manually add all new hosts.
920	this flag is set to no, ssh will automatically add new host keys	890
921	to the user known hosts files. If this flag is set to ask (the	891	If this flag is set to M-bM-^@M-^\accept-newM-bM-^@M-^] then ssh will automatically
922	default), new host keys will be added to the user known host	892	add new host keys to the user known hosts files, but will not
923	files only after the user has confirmed that is what they really	893	permit connections to hosts with changed host keys. If this flag
924	want to do, and ssh will refuse to connect to hosts whose host	894	is set to M-bM-^@M-^\noM-bM-^@M-^] or M-bM-^@M-^\offM-bM-^@M-^], ssh will automatically add new host keys
925	key has changed. The host keys of known hosts will be verified	895	to the user known hosts files and allow connections to hosts with
926	automatically in all cases.	896	changed hostkeys to proceed, subject to some restrictions. If
		897	this flag is set to ask (the default), new host keys will be
		898	added to the user known host files only after the user has
		899	confirmed that is what they really want to do, and ssh will
		900	refuse to connect to hosts whose host key has changed. The host
		901	keys of known hosts will be verified automatically in all cases.
		902
		903	SyslogFacility
		904	Gives the facility code that is used when logging messages from
		905	ssh(1). The possible values are: DAEMON, USER, AUTH, LOCAL0,
		906	LOCAL1, LOCAL2, LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7. The
		907	default is USER.
927		908
928	TCPKeepAlive	909	TCPKeepAlive
929	Specifies whether the system should send TCP keepalive messages	910	Specifies whether the system should send TCP keepalive messages
@@ -973,9 +954,7 @@ DESCRIPTION
973	UsePrivilegedPort	954	UsePrivilegedPort
974	Specifies whether to use a privileged port for outgoing	955	Specifies whether to use a privileged port for outgoing
975	connections. The argument must be yes or no (the default). If	956	connections. The argument must be yes or no (the default). If
976	set to yes, ssh(1) must be setuid root. Note that this option	957	set to yes, ssh(1) must be setuid root.
977	must be set to yes for RhostsRSAAuthentication with older
978	servers.
979		958
980	User Specifies the user to log in as. This can be useful when a	959	User Specifies the user to log in as. This can be useful when a
981	different user name is used on different machines. This saves	960	different user name is used on different machines. This saves
@@ -1065,6 +1044,8 @@ TOKENS
1065		1044
1066	ProxyCommand accepts the tokens %%, %h, %p, and %r.	1045	ProxyCommand accepts the tokens %%, %h, %p, and %r.
1067		1046
		1047	RemoteCommand accepts the tokens %%, %C, %d, %h, %l, %n, %p, %r, and %u.
		1048
1068	FILES	1049	FILES
1069	~/.ssh/config	1050	~/.ssh/config
1070	This is the per-user configuration file. The format of this file	1051	This is the per-user configuration file. The format of this file
@@ -1089,4 +1070,4 @@ AUTHORS
1089	created OpenSSH. Markus Friedl contributed the support for SSH protocol	1070	created OpenSSH. Markus Friedl contributed the support for SSH protocol
1090	versions 1.5 and 2.0.	1071	versions 1.5 and 2.0.
1091		1072
1092	OpenBSD 6.0 February 27, 2017 OpenBSD 6.0	1073	OpenBSD 6.2 September 21, 2017 OpenBSD 6.2