8 files changed, 60 insertions, 57 deletions

diff --git a/ChangeLog b/ChangeLog
index dcf3ed769..828992558 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -80,6 +80,9 @@
    - stevesk@cvs.openbsd.org 2001/09/03 20:58:33
      [readconf.c readconf.h ssh.c]
      fatal() for nonexistent -Fssh_config. ok markus@
+   - deraadt@cvs.openbsd.org 2001/09/05 06:23:07
+     [scp.1 sftp.1 ssh.1 ssh-agent.1 sshd.8 ssh-keygen.1 ssh-keyscan.1]
+     avoid first person in manual pages
 
 20010815
  - (bal) Fixed stray code in readconf.c that went in by mistake.
@@ -6403,4 +6406,4 @@
  - Wrote replacements for strlcpy and mkdtemp
  - Released 1.0pre1
 
-$Id: ChangeLog,v 1.1508 2001/09/12 18:32:20 mouring Exp $
+$Id: ChangeLog,v 1.1509 2001/09/12 18:35:30 mouring Exp $
diff --git a/scp.1 b/scp.1
index 10bd85cad..960f1ac95 100644
--- a/scp.1
+++ b/scp.1
@@ -9,7 +9,7 @@
 .\"
 .\" Created: Sun May  7 00:14:37 1995 ylo
 .\"
-.\" $OpenBSD: scp.1,v 1.17 2001/08/14 17:54:29 stevesk Exp $
+.\" $OpenBSD: scp.1,v 1.18 2001/09/05 06:23:07 deraadt Exp $
 .\"
 .Dd September 25, 1999
 .Dt SCP 1
@@ -115,8 +115,8 @@ in the format used in the
 configuration file. This is useful for specifying options
 for which there is no separate
 .Nm scp
-command-line flag.  For example, to force the use of protocol
-version 1 you may specify
+command-line flag.  For example, forcing the use of protocol
+version 1 is specified using
 .Ic scp -oProtocol=1 .
 .It Fl 4
 Forces
diff --git a/sftp.1 b/sftp.1
index 25a9b8a48..2787e99cb 100644
--- a/sftp.1
+++ b/sftp.1
@@ -1,4 +1,4 @@
-.\" $OpenBSD: sftp.1,v 1.23 2001/08/14 17:54:29 stevesk Exp $
+.\" $OpenBSD: sftp.1,v 1.24 2001/09/05 06:23:07 deraadt Exp $
 .\"
 .\" Copyright (c) 2001 Damien Miller.  All rights reserved.
 .\"
@@ -85,8 +85,8 @@ in the format used in the
 configuration file. This is useful for specifying options
 for which there is no separate
 .Nm sftp
-command-line flag.  For example, to force the use of protocol
-version 1 you may specify
+command-line flag.  For example, forcing the use of protocol
+version 1 is specified using
 .Ic sftp -oProtocol=1 .
 .It Fl v
 Raise logging level. This option is also passed to ssh.
diff --git a/ssh-agent.1 b/ssh-agent.1
index 1ca33260f..00c19921c 100644
--- a/ssh-agent.1
+++ b/ssh-agent.1
@@ -1,4 +1,4 @@
-.\" $OpenBSD: ssh-agent.1,v 1.27 2001/08/23 18:02:48 stevesk Exp $
+.\" $OpenBSD: ssh-agent.1,v 1.28 2001/09/05 06:23:07 deraadt Exp $
 .\"
 .\" Author: Tatu Ylonen <ylo@cs.hut.fi>
 .\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -116,9 +116,9 @@ remote logins, and the user can thus use the privileges given by the
 identities anywhere in the network in a secure way.
 .Pp
 There are two main ways to get an agent setup:
-Either you let the agent
-start a new subcommand into which some environment variables are exported, or
-you let the agent print the needed shell commands (either
+Either the agent starts a new subcommand into which some environment
+variables are exported, or the agent prints the needed shell commands
+(either
 .Xr sh 1
 or
 .Xr csh 1
diff --git a/ssh-keygen.1 b/ssh-keygen.1
index e2d41141a..e24566154 100644
--- a/ssh-keygen.1
+++ b/ssh-keygen.1
@@ -1,4 +1,4 @@
-.\"     $OpenBSD: ssh-keygen.1,v 1.48 2001/08/02 15:07:23 jakob Exp $
+.\"     $OpenBSD: ssh-keygen.1,v 1.49 2001/09/05 06:23:07 deraadt Exp $
 .\"
 .\"  -*- nroff -*-
 .\"
@@ -89,7 +89,7 @@ generates, manages and converts authentication keys for
 defaults to generating a RSA1 key for use by SSH protocol version 1.
 Specifying the
 .Fl t
-option allows you to create a key for use by SSH protocol version 2.
+option instead creates a key for use by SSH protocol version 2.
 .Pp
 Normally each user wishing to use SSH
 with RSA or DSA authentication runs this once to create the authentication
@@ -121,7 +121,7 @@ option.
 .Pp
 There is no way to recover a lost passphrase.
 If the passphrase is
-lost or forgotten, you will have to generate a new key and copy the
+lost or forgotten, a new key must be generated and copied to the
 corresponding public key to other machines.
 .Pp
 For RSA1 keys,
@@ -228,7 +228,7 @@ Contains the protocol version 1 RSA public key for authentication.
 The contents of this file should be added to
 .Pa $HOME/.ssh/authorized_keys
 on all machines
-where you wish to log in using RSA authentication.
+where the user wishes to log in using RSA authentication.
 There is no need to keep the contents of this file secret.
 .It Pa $HOME/.ssh/id_dsa
 Contains the protocol version 2 DSA authentication identity of the user.
@@ -246,7 +246,7 @@ Contains the protocol version 2 DSA public key for authentication.
 The contents of this file should be added to
 .Pa $HOME/.ssh/authorized_keys
 on all machines
-where you wish to log in using public key authentication.
+where the user wishes to log in using public key authentication.
 There is no need to keep the contents of this file secret.
 .It Pa $HOME/.ssh/id_rsa
 Contains the protocol version 2 RSA authentication identity of the user.
@@ -264,7 +264,7 @@ Contains the protocol version 2 RSA public key for authentication.
 The contents of this file should be added to
 .Pa $HOME/.ssh/authorized_keys
 on all machines
-where you wish to log in using public key authentication.
+where the user wishes to log in using public key authentication.
 There is no need to keep the contents of this file secret.
 .El
 .Sh AUTHORS
diff --git a/ssh-keyscan.1 b/ssh-keyscan.1
index 1a358b338..17f73406e 100644
--- a/ssh-keyscan.1
+++ b/ssh-keyscan.1
@@ -1,4 +1,4 @@
-.\"     $OpenBSD: ssh-keyscan.1,v 1.11 2001/08/23 18:08:59 stevesk Exp $
+.\"     $OpenBSD: ssh-keyscan.1,v 1.12 2001/09/05 06:23:07 deraadt Exp $
 .\"
 .\" Copyright 1995, 1996 by David Mazieres <dm@lcs.mit.edu>.
 .\"
@@ -35,9 +35,9 @@ scripts.
 uses non-blocking socket I/O to contact as many hosts as possible in
 parallel, so it is very efficient.  The keys from a domain of 1,000
 hosts can be collected in tens of seconds, even when some of those
-hosts are down or do not run ssh.  You do not need login access to the
-machines you are scanning, nor does the scanning process involve
-any encryption.
+hosts are down or do not run ssh.  For scanning, one does not need
+login access to the machines that are being scanned, nor does the
+scanning process involve any encryption.
 .Pp
 The options are as follows:
 .Bl -tag -width Ds
@@ -88,15 +88,15 @@ Forces
 to use IPv6 addresses only.
 .El
 .Sh SECURITY
-If you make an ssh_known_hosts file using
+If a ssh_known_hosts file is constructed using
 .Nm
-without verifying the keys, you will be vulnerable to
+without verifying the keys, users will be vulnerable to
 .I man in the middle
 attacks.
-On the other hand, if your security model allows such a risk,
+On the other hand, if the security model allows such a risk,
 .Nm
-can help you detect tampered keyfiles or man in the middle attacks which
-have begun after you created your ssh_known_hosts file.
+can help in the detection of tampered keyfiles or man in the middle
+attacks which have begun after the ssh_known_hosts file was created.
 .Sh EXAMPLES
 .Pp
 Print the
diff --git a/ssh.1 b/ssh.1
index d7529d7a9..c7a19e3b4 100644
--- a/ssh.1
+++ b/ssh.1
@@ -34,7 +34,7 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: ssh.1,v 1.136 2001/08/30 16:04:35 stevesk Exp $
+.\" $OpenBSD: ssh.1,v 1.137 2001/09/05 06:23:07 deraadt Exp $
 .Dd September 25, 1999
 .Dt SSH 1
 .Os
@@ -495,7 +495,7 @@ needs to ask for a password or passphrase; see also the
 option.)
 .It Fl N
 Do not execute a remote command.
-This is useful if you just want to forward ports
+This is useful for just forwarding ports
 (protocol version 2 only).
 .It Fl o Ar option
 Can be used to give options in the format used in the configuration file.
@@ -507,7 +507,7 @@ This can be specified on a
 per-host basis in the configuration file.
 .It Fl P
 Use a non-privileged port for outgoing connections.
-This can be used if your firewall does
+This can be used if a firewall does
 not permit connections from privileged ports.
 Note that this option turns off
 .Cm RhostsAuthentication
@@ -711,8 +711,8 @@ This option applies to protocol version 1 only.
 If set to
 .Dq yes ,
 passphrase/password querying will be disabled.
-This option is useful in scripts and other batch jobs where you have no
-user to supply the password.
+This option is useful in scripts and other batch jobs where no user
+is present to supply the password.
 The argument must be
 .Dq yes
 or
@@ -890,7 +890,7 @@ Specifies an alias that should be used instead of the
 real host name when looking up or saving the host key
 in the host key database files.
 This option is useful for tunneling ssh connections
-or if you have multiple servers running on a single host.
+or for multiple servers running on a single host.
 .It Cm HostName
 Specifies the real host name to log into.
 This can be used to specify nicknames or abbreviations for hosts.
@@ -1109,11 +1109,11 @@ If this flag is set to
 will never automatically add host keys to the
 .Pa $HOME/.ssh/known_hosts
 file, and refuses to connect to hosts whose host key has changed.
-This provides maximum protection against trojan horse attacks.
-However, it can be somewhat annoying if you don't have good
+This provides maximum protection against trojan horse attacks,
+however, can be annoying when the
 .Pa /etc/ssh_known_hosts
-files installed and frequently
-connect to new hosts.
+file is poorly maintained, or connections to new hosts are
+frequently made.
 This option forces the user to manually
 add all new hosts.
 If this flag is set to
@@ -1145,16 +1145,16 @@ or
 .Dq no .
 The default is
 .Dq no .
-Note that you need to set this option to
+Note that this option must be set to
 .Dq yes
-if you want to use
+if
 .Cm RhostsAuthentication
 and
 .Cm RhostsRSAAuthentication
-with older servers.
+authentications are needed with older servers.
 .It Cm User
 Specifies the user to log in as.
-This can be useful if you have a different user name on different machines.
+This can be useful when a different user name is used on different machines.
 This saves the trouble of
 having to remember to give the user name on the command line.
 .It Cm UserKnownHostsFile
@@ -1302,7 +1302,7 @@ The contents of the
 file should be added to
 .Pa $HOME/.ssh/authorized_keys
 on all machines
-where you wish to log in using protocol version 1 RSA authentication.
+where the user wishes to log in using protocol version 1 RSA authentication.
 The contents of the
 .Pa $HOME/.ssh/id_dsa.pub
 and
@@ -1310,7 +1310,7 @@ and
 file should be added to
 .Pa $HOME/.ssh/authorized_keys
 on all machines
-where you wish to log in using protocol version 2 DSA/RSA authentication.
+where the user wishes to log in using protocol version 2 DSA/RSA authentication.
 These files are not
 sensitive and can (but need not) be readable by anyone.
 These files are
@@ -1388,9 +1388,9 @@ Note that by default
 .Xr sshd 8
 will be installed so that it requires successful RSA host
 authentication before permitting \s+2.\s0rhosts authentication.
-If your server machine does not have the client's host key in
+If the server machine does not have the client's host key in
 .Pa /etc/ssh_known_hosts ,
-you can store it in
+it can be stored in
 .Pa $HOME/.ssh/known_hosts .
 The easiest way to do this is to
 connect back to the client from the server machine using ssh; this
diff --git a/sshd.8 b/sshd.8
index 97de98cca..35aa362cf 100644
--- a/sshd.8
+++ b/sshd.8
@@ -34,7 +34,7 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: sshd.8,v 1.146 2001/08/30 20:36:34 stevesk Exp $
+.\" $OpenBSD: sshd.8,v 1.147 2001/09/05 06:23:07 deraadt Exp $
 .Dd September 25, 1999
 .Dt SSHD 8
 .Os
@@ -325,7 +325,7 @@ and
 .Ql ?
 can be used as
 wildcards in the patterns.
-Only group names are valid; a numerical group ID isn't recognized.
+Only group names are valid; a numerical group ID is not recognized.
 By default login is allowed regardless of the group list.
 .Pp
 .It Cm AllowTcpForwarding
@@ -346,10 +346,10 @@ and
 .Ql ?
 can be used as
 wildcards in the patterns.
-Only user names are valid; a numerical user ID isn't recognized.
+Only user names are valid; a numerical user ID is not recognized.
 By default login is allowed regardless of the user name.
 If the pattern takes the form USER@HOST then USER and HOST
-are separately checked, allowing you to restrict logins to particular
+are separately checked, restricting logins to particular
 users from particular hosts.
 .Pp
 .It Cm AuthorizedKeysFile
@@ -408,13 +408,13 @@ to note that the use of client alive messages is very different from
 encrypted channel and therefore will not be spoofable. The TCP keepalive
 option enabled by
 .Cm Keepalive
-is spoofable. You want to use the client
-alive mechanism when you are basing something important on
-clients having an active connection to the server.
+is spoofable. The client alive mechanism is valuable when the client or
+server depend on knowing when a connection has become inactive.
 .Pp
-The default value is 3. If you set
+The default value is 3. If
 .Cm ClientAliveInterval
-(above) to 15, and leave this value at the default, unresponsive ssh clients
+(above) is set to 15, and
+.Cm Keepalive is left at the default, unresponsive ssh clients
 will be disconnected after approximately 45 seconds.
 .It Cm DenyGroups
 This keyword can be followed by a number of group names, separated
@@ -426,7 +426,7 @@ and
 .Ql ?
 can be used as
 wildcards in the patterns.
-Only group names are valid; a numerical group ID isn't recognized.
+Only group names are valid; a numerical group ID is not recognized.
 By default login is allowed regardless of the group list.
 .Pp
 .It Cm DenyUsers
@@ -437,7 +437,7 @@ Login is disallowed for user names that match one of the patterns.
 and
 .Ql ?
 can be used as wildcards in the patterns.
-Only user names are valid; a numerical user ID isn't recognized.
+Only user names are valid; a numerical user ID is not recognized.
 By default login is allowed regardless of the user name.
 .It Cm GatewayPorts
 Specifies whether remote hosts are allowed to connect to ports
@@ -998,8 +998,8 @@ authentication.
 The command supplied by the user (if any) is ignored.
 The command is run on a pty if the connection requests a pty;
 otherwise it is run without a tty.
-Note that if you want a 8-bit clean channel,
-you must not request a pty or should specify
+If a 8-bit clean channel is required,
+one must not request a pty or should specify
 .Cm no-pty .
 A quote may be included in the command by quoting it with a backslash.
 This option might be useful