1 files changed, 14 insertions, 13 deletions
diff --git a/ssh.0 b/ssh.0
index ffacbef65..474bb1e2e 100644
--- a/ssh.0
+++ b/ssh.0
@@ -109,7 +109,8 @@ DESCRIPTION
             Specifies an alternative per-user configuration file.  If a
             configuration file is given on the command line, the system-wide
             configuration file (/etc/ssh/ssh_config) will be ignored.  The
-             default for the per-user configuration file is ~/.ssh/config.
+             default for the per-user configuration file is ~/.ssh/config.  If
+             set to M-bM-^@M-^\noneM-bM-^@M-^], no configuration files will be read.
     -f      Requests ssh to go to background just before command execution.
             This is useful if ssh is going to ask for passwords or
@@ -460,17 +461,17 @@ AUTHENTICATION
     Host-based authentication works as follows: If the machine the user logs
     in from is listed in /etc/hosts.equiv or /etc/shosts.equiv on the remote
-     machine, and the user names are the same on both sides, or if the files
+     machine, the user is non-root and the user names are the same on both
-     ~/.rhosts or ~/.shosts exist in the user's home directory on the remote
+     sides, or if the files ~/.rhosts or ~/.shosts exist in the user's home
-     machine and contain a line containing the name of the client machine and
+     directory on the remote machine and contain a line containing the name of
-     the name of the user on that machine, the user is considered for login.
+     the client machine and the name of the user on that machine, the user is
-     Additionally, the server must be able to verify the client's host key
+     considered for login.  Additionally, the server must be able to verify
-     (see the description of /etc/ssh/ssh_known_hosts and ~/.ssh/known_hosts,
+     the client's host key (see the description of /etc/ssh/ssh_known_hosts
-     below) for login to be permitted.  This authentication method closes
+     and ~/.ssh/known_hosts, below) for login to be permitted.  This
-     security holes due to IP spoofing, DNS spoofing, and routing spoofing.
+     authentication method closes security holes due to IP spoofing, DNS
-     [Note to the administrator: /etc/hosts.equiv, ~/.rhosts, and the
+     spoofing, and routing spoofing.  [Note to the administrator:
-     rlogin/rsh protocol in general, are inherently insecure and should be
+     /etc/hosts.equiv, ~/.rhosts, and the rlogin/rsh protocol in general, are
-     disabled if security is desired.]
+     inherently insecure and should be disabled if security is desired.]
     Public key authentication works as follows: The scheme is based on
     public-key cryptography, using cryptosystems where encryption and
@@ -988,4 +989,4 @@ AUTHORS
     created OpenSSH.  Markus Friedl contributed the support for SSH protocol
     versions 1.5 and 2.0.
-OpenBSD 6.6                    February 7, 2020                    OpenBSD 6.6
+OpenBSD 6.7                     April 17, 2020                     OpenBSD 6.7

diff --git a/ssh.0 b/ssh.0 index ffacbef65..474bb1e2e 100644 --- a/ssh.0 +++ b/ssh.0
@@ -109,7 +109,8 @@ DESCRIPTION
109	Specifies an alternative per-user configuration file. If a	109	Specifies an alternative per-user configuration file. If a
110	configuration file is given on the command line, the system-wide	110	configuration file is given on the command line, the system-wide
111	configuration file (/etc/ssh/ssh_config) will be ignored. The	111	configuration file (/etc/ssh/ssh_config) will be ignored. The
112	default for the per-user configuration file is ~/.ssh/config.	112	default for the per-user configuration file is ~/.ssh/config. If
		113	set to M-bM-^@M-^\noneM-bM-^@M-^], no configuration files will be read.
113		114
114	-f Requests ssh to go to background just before command execution.	115	-f Requests ssh to go to background just before command execution.
115	This is useful if ssh is going to ask for passwords or	116	This is useful if ssh is going to ask for passwords or
@@ -460,17 +461,17 @@ AUTHENTICATION
460		461
461	Host-based authentication works as follows: If the machine the user logs	462	Host-based authentication works as follows: If the machine the user logs
462	in from is listed in /etc/hosts.equiv or /etc/shosts.equiv on the remote	463	in from is listed in /etc/hosts.equiv or /etc/shosts.equiv on the remote
463	machine, and the user names are the same on both sides, or if the files	464	machine, the user is non-root and the user names are the same on both
464	~/.rhosts or ~/.shosts exist in the user's home directory on the remote	465	sides, or if the files ~/.rhosts or ~/.shosts exist in the user's home
465	machine and contain a line containing the name of the client machine and	466	directory on the remote machine and contain a line containing the name of
466	the name of the user on that machine, the user is considered for login.	467	the client machine and the name of the user on that machine, the user is
467	Additionally, the server must be able to verify the client's host key	468	considered for login. Additionally, the server must be able to verify
468	(see the description of /etc/ssh/ssh_known_hosts and ~/.ssh/known_hosts,	469	the client's host key (see the description of /etc/ssh/ssh_known_hosts
469	below) for login to be permitted. This authentication method closes	470	and ~/.ssh/known_hosts, below) for login to be permitted. This
470	security holes due to IP spoofing, DNS spoofing, and routing spoofing.	471	authentication method closes security holes due to IP spoofing, DNS
471	[Note to the administrator: /etc/hosts.equiv, ~/.rhosts, and the	472	spoofing, and routing spoofing. [Note to the administrator:
472	rlogin/rsh protocol in general, are inherently insecure and should be	473	/etc/hosts.equiv, ~/.rhosts, and the rlogin/rsh protocol in general, are
473	disabled if security is desired.]	474	inherently insecure and should be disabled if security is desired.]
474		475
475	Public key authentication works as follows: The scheme is based on	476	Public key authentication works as follows: The scheme is based on
476	public-key cryptography, using cryptosystems where encryption and	477	public-key cryptography, using cryptosystems where encryption and
@@ -988,4 +989,4 @@ AUTHORS
988	created OpenSSH. Markus Friedl contributed the support for SSH protocol	989	created OpenSSH. Markus Friedl contributed the support for SSH protocol
989	versions 1.5 and 2.0.	990	versions 1.5 and 2.0.
990		991
991	OpenBSD 6.6 February 7, 2020 OpenBSD 6.6	992	OpenBSD 6.7 April 17, 2020 OpenBSD 6.7