* New upstream release (http://www.openssh.org/txt/release-5.9).

  - Introduce sandboxing of the pre-auth privsep child using an optional
    sshd_config(5) "UsePrivilegeSeparation=sandbox" mode that enables
    mandatory restrictions on the syscalls the privsep child can perform.
  - Add new SHA256-based HMAC transport integrity modes from
    http://www.ietf.org/id/draft-dbider-sha2-mac-for-ssh-02.txt.
  - The pre-authentication sshd(8) privilege separation slave process now
    logs via a socket shared with the master process, avoiding the need to
    maintain /dev/log inside the chroot (closes: #75043, #429243,
    #599240).
  - ssh(1) now warns when a server refuses X11 forwarding (closes:
    #504757).
  - sshd_config(5)'s AuthorizedKeysFile now accepts multiple paths,
    separated by whitespace (closes: #76312).  The authorized_keys2
    fallback is deprecated but documented (closes: #560156).
  - ssh(1) and sshd(8): set IPv6 traffic class from IPQoS, as well as IPv4
    ToS/DSCP (closes: #498297).
  - ssh-add(1) now accepts keys piped from standard input.  E.g. "ssh-add
    - < /path/to/key" (closes: #229124).
  - Clean up lost-passphrase text in ssh-keygen(1) (closes: #444691).
  - Say "required" rather than "recommended" in unprotected-private-key
    warning (LP: #663455).

1 files changed, 13 insertions, 4 deletions

diff --git a/sshd_config.5 b/sshd_config.5
index e7a5f0a08..e73624154 100644
--- a/sshd_config.5
+++ b/sshd_config.5
@@ -33,8 +33,8 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: sshd_config.5,v 1.131 2010/12/08 04:02:47 djm Exp $
-.Dd $Mdocdate: December 8 2010 $
+.\" $OpenBSD: sshd_config.5,v 1.135 2011/08/02 01:22:11 djm Exp $
+.Dd $Mdocdate: August 2 2011 $
 .Dt SSHD_CONFIG 5
 .Os
 .Sh NAME
@@ -195,8 +195,9 @@ After expansion,
 .Cm AuthorizedKeysFile
 is taken to be an absolute path or one relative to the user's home
 directory.
+Multiple files may be listed, separated by whitespace.
 The default is
-.Dq .ssh/authorized_keys .
+.Dq .ssh/authorized_keys .ssh/authorized_keys2 .
 .It Cm AuthorizedPrincipalsFile
 Specifies a file that lists principal names that are accepted for
 certificate authentication.
@@ -713,7 +714,9 @@ Multiple algorithms must be comma-separated.
 The default is:
 .Bd -literal -offset indent
 hmac-md5,hmac-sha1,umac-64@openssh.com,
-hmac-ripemd160,hmac-sha1-96,hmac-md5-96
+hmac-ripemd160,hmac-sha1-96,hmac-md5-96,
+hmac-sha2-256,hmac-sha256-96,hmac-sha2-512,
+hmac-sha2-512-96
 .Ed
 .It Cm Match
 Introduces a conditional block.
@@ -1146,6 +1149,12 @@ The goal of privilege separation is to prevent privilege
 escalation by containing any corruption within the unprivileged processes.
 The default is
 .Dq yes .
+If
+.Cm UsePrivilegeSeparation
+is set to
+.Dq sandbox
+then the pre-authentication unprivileged process is subject to additional
+restrictions.
 .It Cm X11DisplayOffset
 Specifies the first display number available for
 .Xr sshd 8 Ns 's