Merge 3.7.1p2 to the trunk. I have absolutely no idea yet whether this will

work.

1 files changed, 59 insertions, 51 deletions

diff --git a/ssh_config.0 b/ssh_config.0
index 74e516594..a8687ffc2 100644
--- a/ssh_config.0
+++ b/ssh_config.0
@@ -39,16 +39,16 @@ DESCRIPTION
 
      Host    Restricts the following declarations (up to the next Host key-
              word) to be only for those hosts that match one of the patterns
-             given after the keyword.  M-bM-^@M-^X*M-bM-^@M-^Y and M-bM-^@M-^XM-bM-^@M-^Y?  can be used as wildcards
-             in the patterns.  A single M-bM-^@M-^X*M-bM-^@M-^Y as a pattern can be used to pro-
-             vide global defaults for all hosts.  The host is the hostname
-             argument given on the command line (i.e., the name is not con-
-             verted to a canonicalized host name before matching).
+             given after the keyword.  M-bM-^@M-^X*M-bM-^@M-^Y and M-bM-^@M-^X?M-bM-^@M-^Y can be used as wildcards in
+             the patterns.  A single M-bM-^@M-^X*M-bM-^@M-^Y as a pattern can be used to provide
+             global defaults for all hosts.  The host is the hostname argument
+             given on the command line (i.e., the name is not converted to a
+             canonicalized host name before matching).
 
-     AFSTokenPassing
-             Specifies whether to pass AFS tokens to remote host.  The argu-
-             ment to this keyword must be M-bM-^@M-^\yesM-bM-^@M-^] or M-bM-^@M-^\noM-bM-^@M-^].  This option applies
-             to protocol version 1 only.
+     AddressFamily
+             Specifies which address family to use when connecting.  Valid
+             arguments are M-bM-^@M-^\anyM-bM-^@M-^], M-bM-^@M-^\inetM-bM-^@M-^] (Use IPv4 only) or M-bM-^@M-^\inet6M-bM-^@M-^] (Use IPv6
+             only.)
 
      BatchMode
              If set to M-bM-^@M-^\yesM-bM-^@M-^], passphrase/password querying will be disabled.
@@ -112,15 +112,28 @@ DESCRIPTION
              exiting.  The argument must be an integer.  This may be useful in
              scripts if the connection sometimes fails.  The default is 1.
 
+     ConnectTimeout
+             Specifies the timeout (in seconds) used when connecting to the
+             ssh server, instead of using the default system TCP timeout.
+             This value is used only when the target is down or really
+             unreachable, not when it refuses the connection.
+
      DynamicForward
              Specifies that a TCP/IP port on the local machine be forwarded
              over the secure channel, and the application protocol is then
              used to determine where to connect to from the remote machine.
-             The argument must be a port number.  Currently the SOCKS4 proto-
-             col is supported, and ssh will act as a SOCKS4 server.  Multiple
-             forwardings may be specified, and additional forwardings can be
-             given on the command line.  Only the superuser can forward privi-
-             leged ports.
+             The argument must be a port number.  Currently the SOCKS4 and
+             SOCKS5 protocols are supported, and ssh will act as a SOCKS
+             server.  Multiple forwardings may be specified, and additional
+             forwardings can be given on the command line.  Only the superuser
+             can forward privileged ports.
+
+     EnableSSHKeysign
+             Setting this option to M-bM-^@M-^\yesM-bM-^@M-^] in the global client configuration
+             file /etc/ssh/ssh_config enables the use of the helper program
+             ssh-keysign(8) during HostbasedAuthentication.  The argument must
+             be M-bM-^@M-^\yesM-bM-^@M-^] or M-bM-^@M-^\noM-bM-^@M-^].  The default is M-bM-^@M-^\noM-bM-^@M-^].  See ssh-keysign(8) for
+             more information.
 
      EscapeChar
              Sets the escape character (default: M-bM-^@M-^X~M-bM-^@M-^Y).  The escape character
@@ -166,6 +179,16 @@ DESCRIPTION
              Specifies a file to use for the global host key database instead
              of /etc/ssh/ssh_known_hosts.
 
+     GSSAPIAuthentication
+             Specifies whether authentication based on GSSAPI may be used,
+             either using the result of a successful key exchange, or using
+             GSSAPI user authentication.  The default is M-bM-^@M-^\yesM-bM-^@M-^].  Note that
+             this option applies to protocol version 2 only.
+
+     GSSAPIDelegateCredentials
+             Forward (delegate) credentials to the server.  The default is
+             M-bM-^@M-^\noM-bM-^@M-^].  Note that this option applies to protocol version 2 only.
+
      HostbasedAuthentication
              Specifies whether to try rhosts based authentication with public
              key authentication.  The argument must be M-bM-^@M-^\yesM-bM-^@M-^] or M-bM-^@M-^\noM-bM-^@M-^].  The
@@ -192,14 +215,14 @@ DESCRIPTION
 
      IdentityFile
              Specifies a file from which the userM-bM-^@M-^Ys RSA or DSA authentication
-             identity is read. The default is $HOME/.ssh/identity for protocol
-             version 1, and $HOME/.ssh/id_rsa and $HOME/.ssh/id_dsa for proto-
-             col version 2.  Additionally, any identities represented by the
-             authentication agent will be used for authentication.  The file
-             name may use the tilde syntax to refer to a userM-bM-^@M-^Ys home direc-
-             tory.  It is possible to have multiple identity files specified
-             in configuration files; all these identities will be tried in
-             sequence.
+             identity is read.  The default is $HOME/.ssh/identity for proto-
+             col version 1, and $HOME/.ssh/id_rsa and $HOME/.ssh/id_dsa for
+             protocol version 2.  Additionally, any identities represented by
+             the authentication agent will be used for authentication.  The
+             file name may use the tilde syntax to refer to a userM-bM-^@M-^Ys home
+             directory.  It is possible to have multiple identity files speci-
+             fied in configuration files; all these identities will be tried
+             in sequence.
 
      KeepAlive
              Specifies whether the system should send TCP keepalive messages
@@ -214,15 +237,6 @@ DESCRIPTION
 
              To disable keepalives, the value should be set to M-bM-^@M-^\noM-bM-^@M-^].
 
-     KerberosAuthentication
-             Specifies whether Kerberos authentication will be used.  The
-             argument to this keyword must be M-bM-^@M-^\yesM-bM-^@M-^] or M-bM-^@M-^\noM-bM-^@M-^].
-
-     KerberosTgtPassing
-             Specifies whether a Kerberos TGT will be forwarded to the server.
-             This will only work if the Kerberos server is actually an AFS
-             kaserver.  The argument to this keyword must be M-bM-^@M-^\yesM-bM-^@M-^] or M-bM-^@M-^\noM-bM-^@M-^].
-
      LocalForward
              Specifies that a TCP/IP port on the local machine be forwarded
              over the secure channel to the specified host and port from the
@@ -267,9 +281,9 @@ DESCRIPTION
 
      PreferredAuthentications
              Specifies the order in which the client should try protocol 2
-             authentication methods. This allows a client to prefer one method
-             (e.g.  keyboard-interactive) over another method (e.g.  password)
-             The default for this option is:
+             authentication methods.  This allows a client to prefer one
+             method (e.g.  keyboard-interactive) over another method (e.g.
+             password) The default for this option is:
              M-bM-^@M-^\hostbased,publickey,keyboard-interactive,passwordM-bM-^@M-^].
 
      Protocol
@@ -307,16 +321,6 @@ DESCRIPTION
              specified, and additional forwardings can be given on the command
              line.  Only the superuser can forward privileged ports.
 
-     RhostsAuthentication
-             Specifies whether to try rhosts based authentication.  Note that
-             this declaration only affects the client side and has no effect
-             whatsoever on security.  Most servers do not permit RhostsAuthen-
-             tication because it is not secure (see RhostsRSAAuthentication).
-             The argument to this keyword must be M-bM-^@M-^\yesM-bM-^@M-^] or M-bM-^@M-^\noM-bM-^@M-^].  The default
-             is M-bM-^@M-^\noM-bM-^@M-^].  This option applies to protocol version 1 only and
-             requires ssh to be setuid root and UsePrivilegedPort to be set to
-             M-bM-^@M-^\yesM-bM-^@M-^].
-
      RhostsRSAAuthentication
              Specifies whether to try rhosts based authentication with RSA
              host authentication.  The argument must be M-bM-^@M-^\yesM-bM-^@M-^] or M-bM-^@M-^\noM-bM-^@M-^].  The
@@ -331,9 +335,9 @@ DESCRIPTION
              applies to protocol version 1 only.
 
      SmartcardDevice
-             Specifies which smartcard device to use. The argument to this
+             Specifies which smartcard device to use.  The argument to this
              keyword is the device ssh should use to communicate with a smart-
-             card used for storing the userM-bM-^@M-^Ys private RSA key. By default, no
+             card used for storing the userM-bM-^@M-^Ys private RSA key.  By default, no
              device is specified and smartcard support is not activated.
 
      StrictHostKeyChecking
@@ -356,8 +360,7 @@ DESCRIPTION
              Specifies whether to use a privileged port for outgoing connec-
              tions.  The argument must be M-bM-^@M-^\yesM-bM-^@M-^] or M-bM-^@M-^\noM-bM-^@M-^].  The default is M-bM-^@M-^\noM-bM-^@M-^].
              If set to M-bM-^@M-^\yesM-bM-^@M-^] ssh must be setuid root.  Note that this option
-             must be set to M-bM-^@M-^\yesM-bM-^@M-^] if RhostsAuthentication and
-             RhostsRSAAuthentication authentications are needed with older
+             must be set to M-bM-^@M-^\yesM-bM-^@M-^] for RhostsRSAAuthentication with older
              servers.
 
      User    Specifies the user to log in as.  This can be useful when a dif-
@@ -369,6 +372,11 @@ DESCRIPTION
              Specifies a file to use for the user host key database instead of
              $HOME/.ssh/known_hosts.
 
+     VerifyHostKeyDNS
+             Specifies whether to verify the remote key using DNS and SSHFP
+             resource records.  The default is M-bM-^@M-^\noM-bM-^@M-^].  Note that this option
+             applies to protocol version 2 only.
+
      XAuthLocation
              Specifies the full pathname of the xauth(1) program.  The default
              is /usr/X11R6/bin/xauth.
@@ -387,6 +395,9 @@ FILES
              file, and for those users who do not have a configuration file.
              This file must be world-readable.
 
+SEE ALSO
+     ssh(1)
+
 AUTHORS
      OpenSSH is a derivative of the original and free ssh 1.2.12 release by
      Tatu Ylonen.  Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, Theo
@@ -394,7 +405,4 @@ AUTHORS
      ated OpenSSH.  Markus Friedl contributed the support for SSH protocol
      versions 1.5 and 2.0.
 
-SEE ALSO
-     ssh(1)
-
 BSD                           September 25, 1999                           BSD