1 files changed, 24 insertions, 11 deletions
diff --git a/ssh.1 b/ssh.1
index 2606b15b1..c8892fed4 100644
--- a/ssh.1
+++ b/ssh.1
@@ -33,8 +33,8 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: ssh.1,v 1.348 2014/07/24 22:57:10 millert Exp $
+.\" $OpenBSD: ssh.1,v 1.356 2015/03/03 06:48:58 djm Exp $
-.Dd $Mdocdate: July 24 2014 $
+.Dd $Mdocdate: March 3 2015 $
 .Dt SSH 1
 .Os
 .Sh NAME
@@ -43,7 +43,7 @@
 .Sh SYNOPSIS
 .Nm ssh
 .Bk -words
-.Op Fl 1246AaCfgKkMNnqsTtVvXxYy
+.Op Fl 1246AaCfGgKkMNnqsTtVvXxYy
 .Op Fl b Ar bind_address
 .Op Fl c Ar cipher_spec
 .Op Fl D Oo Ar bind_address : Oc Ns Ar port
@@ -58,7 +58,7 @@
 .Op Fl O Ar ctl_cmd
 .Op Fl o Ar option
 .Op Fl p Ar port
-.Op Fl Q Cm cipher | cipher-auth | mac | kex | key
+.Op Fl Q Cm cipher | cipher-auth | mac | kex | key | protocol-version
 .Op Fl R Oo Ar bind_address : Oc Ns Ar port : Ns Ar host : Ns Ar hostport
 .Op Fl S Ar ctl_path
 .Op Fl W Ar host : Ns Ar port
@@ -251,6 +251,14 @@ then a client started with
 .Fl f
 will wait for all remote port forwards to be successfully established
 before placing itself in the background.
+.It Fl G
+Causes
+.Nm
+to print its configuration after evaluating
+.Cm Host
+and
+.Cm Match
+blocks and exit.
 .It Fl g
 Allows remote hosts to connect to local forwarded ports.
 If used on a multiplexed connection, then this option must be specified
@@ -425,6 +433,7 @@ For full details of the options listed below, and their possible values, see
 .It DynamicForward
 .It EscapeChar
 .It ExitOnForwardFailure
+.It FingerprintHash
 .It ForwardAgent
 .It ForwardX11
 .It ForwardX11Timeout
@@ -436,6 +445,7 @@ For full details of the options listed below, and their possible values, see
 .It HashKnownHosts
 .It Host
 .It HostbasedAuthentication
+.It HostbasedKeyTypes
 .It HostKeyAlgorithms
 .It HostKeyAlias
 .It HostName
@@ -475,6 +485,7 @@ For full details of the options listed below, and their possible values, see
 .It TCPKeepAlive
 .It Tunnel
 .It TunnelDevice
+.It UpdateHostKeys
 .It UsePrivilegedPort
 .It User
 .It UserKnownHostsFile
@@ -486,7 +497,7 @@ For full details of the options listed below, and their possible values, see
 Port to connect to on the remote host.
 This can be specified on a
 per-host basis in the configuration file.
-.It Fl Q Cm cipher | cipher-auth | mac | kex | key
+.It Fl Q Cm cipher | cipher-auth | mac | kex | key | protocol-version
 Queries
 .Nm
 for the algorithms supported for the specified version 2.
@@ -500,7 +511,9 @@ The available features are:
 .Ar kex
 (key exchange algorithms),
 .Ar key
-(key types).
+(key types) and
+.Ar protocol-version
+(supported SSH protocol versions).
 .It Fl q
 Quiet mode.
 Causes most warning and diagnostic messages to be suppressed.
@@ -748,7 +761,7 @@ key pair for authentication purposes.
 The server knows the public key, and only the user knows the private key.
 .Nm
 implements public key authentication protocol automatically,
-using one of the DSA, ECDSA, ED25519 or RSA algorithms.
+using one of the DSA, ECDSA, Ed25519 or RSA algorithms.
 Protocol 1 is restricted to using only RSA keys,
 but protocol 2 may use any.
 The HISTORY section of
@@ -780,7 +793,7 @@ This stores the private key in
 .Pa ~/.ssh/id_ecdsa
 (protocol 2 ECDSA),
 .Pa ~/.ssh/id_ed25519
-(protocol 2 ED25519),
+(protocol 2 Ed25519),
 or
 .Pa ~/.ssh/id_rsa
 (protocol 2 RSA)
@@ -792,7 +805,7 @@ and stores the public key in
 .Pa ~/.ssh/id_ecdsa.pub
 (protocol 2 ECDSA),
 .Pa ~/.ssh/id_ed25519.pub
-(protocol 2 ED25519),
+(protocol 2 Ed25519),
 or
 .Pa ~/.ssh/id_rsa.pub
 (protocol 2 RSA)
@@ -1087,7 +1100,7 @@ Fingerprints can be determined using
 If the fingerprint is already known, it can be matched
 and the key can be accepted or rejected.
 Because of the difficulty of comparing host keys
-just by looking at hex strings,
+just by looking at fingerprint strings,
 there is also support to compare host keys visually,
 using
 .Em random art .
@@ -1332,7 +1345,7 @@ secret, but the recommended permissions are read/write/execute for the user,
 and not accessible by others.
 .Pp
 .It Pa ~/.ssh/authorized_keys
-Lists the public keys (DSA, ECDSA, ED25519, RSA)
+Lists the public keys (DSA, ECDSA, Ed25519, RSA)
 that can be used for logging in as this user.
 The format of this file is described in the
 .Xr sshd 8

diff --git a/ssh.1 b/ssh.1 index 2606b15b1..c8892fed4 100644 --- a/ssh.1 +++ b/ssh.1
@@ -33,8 +33,8 @@
33	.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF	33	.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
34	.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.	34	.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
35	.\"	35	.\"
36	.\" $OpenBSD: ssh.1,v 1.348 2014/07/24 22:57:10 millert Exp $	36	.\" $OpenBSD: ssh.1,v 1.356 2015/03/03 06:48:58 djm Exp $
37	.Dd $Mdocdate: July 24 2014 $	37	.Dd $Mdocdate: March 3 2015 $
38	.Dt SSH 1	38	.Dt SSH 1
39	.Os	39	.Os
40	.Sh NAME	40	.Sh NAME
@@ -43,7 +43,7 @@
43	.Sh SYNOPSIS	43	.Sh SYNOPSIS
44	.Nm ssh	44	.Nm ssh
45	.Bk -words	45	.Bk -words
46	.Op Fl 1246AaCfgKkMNnqsTtVvXxYy	46	.Op Fl 1246AaCfGgKkMNnqsTtVvXxYy
47	.Op Fl b Ar bind_address	47	.Op Fl b Ar bind_address
48	.Op Fl c Ar cipher_spec	48	.Op Fl c Ar cipher_spec
49	.Op Fl D Oo Ar bind_address : Oc Ns Ar port	49	.Op Fl D Oo Ar bind_address : Oc Ns Ar port
@@ -58,7 +58,7 @@
58	.Op Fl O Ar ctl_cmd	58	.Op Fl O Ar ctl_cmd
59	.Op Fl o Ar option	59	.Op Fl o Ar option
60	.Op Fl p Ar port	60	.Op Fl p Ar port
61	.Op Fl Q Cm cipher \| cipher-auth \| mac \| kex \| key	61	.Op Fl Q Cm cipher \| cipher-auth \| mac \| kex \| key \| protocol-version
62	.Op Fl R Oo Ar bind_address : Oc Ns Ar port : Ns Ar host : Ns Ar hostport	62	.Op Fl R Oo Ar bind_address : Oc Ns Ar port : Ns Ar host : Ns Ar hostport
63	.Op Fl S Ar ctl_path	63	.Op Fl S Ar ctl_path
64	.Op Fl W Ar host : Ns Ar port	64	.Op Fl W Ar host : Ns Ar port
@@ -251,6 +251,14 @@ then a client started with
251	.Fl f	251	.Fl f
252	will wait for all remote port forwards to be successfully established	252	will wait for all remote port forwards to be successfully established
253	before placing itself in the background.	253	before placing itself in the background.
		254	.It Fl G
		255	Causes
		256	.Nm
		257	to print its configuration after evaluating
		258	.Cm Host
		259	and
		260	.Cm Match
		261	blocks and exit.
254	.It Fl g	262	.It Fl g
255	Allows remote hosts to connect to local forwarded ports.	263	Allows remote hosts to connect to local forwarded ports.
256	If used on a multiplexed connection, then this option must be specified	264	If used on a multiplexed connection, then this option must be specified
@@ -425,6 +433,7 @@ For full details of the options listed below, and their possible values, see
425	.It DynamicForward	433	.It DynamicForward
426	.It EscapeChar	434	.It EscapeChar
427	.It ExitOnForwardFailure	435	.It ExitOnForwardFailure
		436	.It FingerprintHash
428	.It ForwardAgent	437	.It ForwardAgent
429	.It ForwardX11	438	.It ForwardX11
430	.It ForwardX11Timeout	439	.It ForwardX11Timeout
@@ -436,6 +445,7 @@ For full details of the options listed below, and their possible values, see
436	.It HashKnownHosts	445	.It HashKnownHosts
437	.It Host	446	.It Host
438	.It HostbasedAuthentication	447	.It HostbasedAuthentication
		448	.It HostbasedKeyTypes
439	.It HostKeyAlgorithms	449	.It HostKeyAlgorithms
440	.It HostKeyAlias	450	.It HostKeyAlias
441	.It HostName	451	.It HostName
@@ -475,6 +485,7 @@ For full details of the options listed below, and their possible values, see
475	.It TCPKeepAlive	485	.It TCPKeepAlive
476	.It Tunnel	486	.It Tunnel
477	.It TunnelDevice	487	.It TunnelDevice
		488	.It UpdateHostKeys
478	.It UsePrivilegedPort	489	.It UsePrivilegedPort
479	.It User	490	.It User
480	.It UserKnownHostsFile	491	.It UserKnownHostsFile
@@ -486,7 +497,7 @@ For full details of the options listed below, and their possible values, see
486	Port to connect to on the remote host.	497	Port to connect to on the remote host.
487	This can be specified on a	498	This can be specified on a
488	per-host basis in the configuration file.	499	per-host basis in the configuration file.
489	.It Fl Q Cm cipher \| cipher-auth \| mac \| kex \| key	500	.It Fl Q Cm cipher \| cipher-auth \| mac \| kex \| key \| protocol-version
490	Queries	501	Queries
491	.Nm	502	.Nm
492	for the algorithms supported for the specified version 2.	503	for the algorithms supported for the specified version 2.
@@ -500,7 +511,9 @@ The available features are:
500	.Ar kex	511	.Ar kex
501	(key exchange algorithms),	512	(key exchange algorithms),
502	.Ar key	513	.Ar key
503	(key types).	514	(key types) and
		515	.Ar protocol-version
		516	(supported SSH protocol versions).
504	.It Fl q	517	.It Fl q
505	Quiet mode.	518	Quiet mode.
506	Causes most warning and diagnostic messages to be suppressed.	519	Causes most warning and diagnostic messages to be suppressed.
@@ -748,7 +761,7 @@ key pair for authentication purposes.
748	The server knows the public key, and only the user knows the private key.	761	The server knows the public key, and only the user knows the private key.
749	.Nm	762	.Nm
750	implements public key authentication protocol automatically,	763	implements public key authentication protocol automatically,
751	using one of the DSA, ECDSA, ED25519 or RSA algorithms.	764	using one of the DSA, ECDSA, Ed25519 or RSA algorithms.
752	Protocol 1 is restricted to using only RSA keys,	765	Protocol 1 is restricted to using only RSA keys,
753	but protocol 2 may use any.	766	but protocol 2 may use any.
754	The HISTORY section of	767	The HISTORY section of
@@ -780,7 +793,7 @@ This stores the private key in
780	.Pa ~/.ssh/id_ecdsa	793	.Pa ~/.ssh/id_ecdsa
781	(protocol 2 ECDSA),	794	(protocol 2 ECDSA),
782	.Pa ~/.ssh/id_ed25519	795	.Pa ~/.ssh/id_ed25519
783	(protocol 2 ED25519),	796	(protocol 2 Ed25519),
784	or	797	or
785	.Pa ~/.ssh/id_rsa	798	.Pa ~/.ssh/id_rsa
786	(protocol 2 RSA)	799	(protocol 2 RSA)
@@ -792,7 +805,7 @@ and stores the public key in
792	.Pa ~/.ssh/id_ecdsa.pub	805	.Pa ~/.ssh/id_ecdsa.pub
793	(protocol 2 ECDSA),	806	(protocol 2 ECDSA),
794	.Pa ~/.ssh/id_ed25519.pub	807	.Pa ~/.ssh/id_ed25519.pub
795	(protocol 2 ED25519),	808	(protocol 2 Ed25519),
796	or	809	or
797	.Pa ~/.ssh/id_rsa.pub	810	.Pa ~/.ssh/id_rsa.pub
798	(protocol 2 RSA)	811	(protocol 2 RSA)
@@ -1087,7 +1100,7 @@ Fingerprints can be determined using
1087	If the fingerprint is already known, it can be matched	1100	If the fingerprint is already known, it can be matched
1088	and the key can be accepted or rejected.	1101	and the key can be accepted or rejected.
1089	Because of the difficulty of comparing host keys	1102	Because of the difficulty of comparing host keys
1090	just by looking at hex strings,	1103	just by looking at fingerprint strings,
1091	there is also support to compare host keys visually,	1104	there is also support to compare host keys visually,
1092	using	1105	using
1093	.Em random art .	1106	.Em random art .
@@ -1332,7 +1345,7 @@ secret, but the recommended permissions are read/write/execute for the user,
1332	and not accessible by others.	1345	and not accessible by others.
1333	.Pp	1346	.Pp
1334	.It Pa ~/.ssh/authorized_keys	1347	.It Pa ~/.ssh/authorized_keys
1335	Lists the public keys (DSA, ECDSA, ED25519, RSA)	1348	Lists the public keys (DSA, ECDSA, Ed25519, RSA)
1336	that can be used for logging in as this user.	1349	that can be used for logging in as this user.
1337	The format of this file is described in the	1350	The format of this file is described in the
1338	.Xr sshd 8	1351	.Xr sshd 8