1 files changed, 12 insertions, 23 deletions
diff --git a/ssh.1 b/ssh.1
index 986802598..2606b15b1 100644
--- a/ssh.1
+++ b/ssh.1
@@ -33,8 +33,8 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: ssh.1,v 1.343 2013/12/07 11:58:46 naddy Exp $
+.\" $OpenBSD: ssh.1,v 1.348 2014/07/24 22:57:10 millert Exp $
-.Dd $Mdocdate: December 7 2013 $
+.Dd $Mdocdate: July 24 2014 $
 .Dt SSH 1
 .Os
 .Sh NAME
@@ -73,8 +73,9 @@ executing commands on a remote machine.
 It is intended to replace rlogin and rsh,
 and provide secure encrypted communications between
 two untrusted hosts over an insecure network.
-X11 connections and arbitrary TCP ports
+X11 connections, arbitrary TCP ports and
-can also be forwarded over the secure channel.
+.Ux Ns -domain
+sockets can also be forwarded over the secure channel.
 .Pp
 .Nm
 connects and logs into the specified
@@ -131,7 +132,9 @@ of the connection.
 Only useful on systems with more than one address.
 .It Fl C
 Requests compression of all data (including stdin, stdout, stderr, and
-data for forwarded X11 and TCP connections).
+data for forwarded X11, TCP and
+.Ux Ns -domain
+connections).
 The compression algorithm is the same used by
 .Xr gzip 1 ,
 and the
@@ -154,23 +157,6 @@ The supported values are
 .Dq blowfish ,
 and
 .Dq des .
-.Ar 3des
-(triple-des) is an encrypt-decrypt-encrypt triple with three different keys.
-It is believed to be secure.
-.Ar blowfish
-is a fast block cipher; it appears very secure and is much faster than
-.Ar 3des .
-.Ar des
-is only supported in the
-.Nm
-client for interoperability with legacy protocol 1 implementations
-that do not support the
-.Ar 3des
-cipher.
-Its use is strongly discouraged due to cryptographic weaknesses.
-The default is
-.Dq 3des .
-.Pp
 For protocol version 2,
 .Ar cipher_spec
 is a comma-separated list of ciphers
@@ -267,6 +253,8 @@ will wait for all remote port forwards to be successfully established
 before placing itself in the background.
 .It Fl g
 Allows remote hosts to connect to local forwarded ports.
+If used on a multiplexed connection, then this option must be specified
+on the master process.
 .It Fl I Ar pkcs11
 Specify the PKCS#11 shared library
 .Nm
@@ -481,6 +469,8 @@ For full details of the options listed below, and their possible values, see
 .It SendEnv
 .It ServerAliveInterval
 .It ServerAliveCountMax
+.It StreamLocalBindMask
+.It StreamLocalBindUnlink
 .It StrictHostKeyChecking
 .It TCPKeepAlive
 .It Tunnel
@@ -1472,7 +1462,6 @@ if an error occurred.
 .Xr ssh-keygen 1 ,
 .Xr ssh-keyscan 1 ,
 .Xr tun 4 ,
-.Xr hosts.equiv 5 ,
 .Xr ssh_config 5 ,
 .Xr ssh-keysign 8 ,
 .Xr sshd 8

diff --git a/ssh.1 b/ssh.1 index 986802598..2606b15b1 100644 --- a/ssh.1 +++ b/ssh.1
@@ -33,8 +33,8 @@
33	.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF	33	.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
34	.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.	34	.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
35	.\"	35	.\"
36	.\" $OpenBSD: ssh.1,v 1.343 2013/12/07 11:58:46 naddy Exp $	36	.\" $OpenBSD: ssh.1,v 1.348 2014/07/24 22:57:10 millert Exp $
37	.Dd $Mdocdate: December 7 2013 $	37	.Dd $Mdocdate: July 24 2014 $
38	.Dt SSH 1	38	.Dt SSH 1
39	.Os	39	.Os
40	.Sh NAME	40	.Sh NAME
@@ -73,8 +73,9 @@ executing commands on a remote machine.
73	It is intended to replace rlogin and rsh,	73	It is intended to replace rlogin and rsh,
74	and provide secure encrypted communications between	74	and provide secure encrypted communications between
75	two untrusted hosts over an insecure network.	75	two untrusted hosts over an insecure network.
76	X11 connections and arbitrary TCP ports	76	X11 connections, arbitrary TCP ports and
77	can also be forwarded over the secure channel.	77	.Ux Ns -domain
		78	sockets can also be forwarded over the secure channel.
78	.Pp	79	.Pp
79	.Nm	80	.Nm
80	connects and logs into the specified	81	connects and logs into the specified
@@ -131,7 +132,9 @@ of the connection.
131	Only useful on systems with more than one address.	132	Only useful on systems with more than one address.
132	.It Fl C	133	.It Fl C
133	Requests compression of all data (including stdin, stdout, stderr, and	134	Requests compression of all data (including stdin, stdout, stderr, and
134	data for forwarded X11 and TCP connections).	135	data for forwarded X11, TCP and
		136	.Ux Ns -domain
		137	connections).
135	The compression algorithm is the same used by	138	The compression algorithm is the same used by
136	.Xr gzip 1 ,	139	.Xr gzip 1 ,
137	and the	140	and the
@@ -154,23 +157,6 @@ The supported values are
154	.Dq blowfish ,	157	.Dq blowfish ,
155	and	158	and
156	.Dq des .	159	.Dq des .
157	.Ar 3des
158	(triple-des) is an encrypt-decrypt-encrypt triple with three different keys.
159	It is believed to be secure.
160	.Ar blowfish
161	is a fast block cipher; it appears very secure and is much faster than
162	.Ar 3des .
163	.Ar des
164	is only supported in the
165	.Nm
166	client for interoperability with legacy protocol 1 implementations
167	that do not support the
168	.Ar 3des
169	cipher.
170	Its use is strongly discouraged due to cryptographic weaknesses.
171	The default is
172	.Dq 3des .
173	.Pp
174	For protocol version 2,	160	For protocol version 2,
175	.Ar cipher_spec	161	.Ar cipher_spec
176	is a comma-separated list of ciphers	162	is a comma-separated list of ciphers
@@ -267,6 +253,8 @@ will wait for all remote port forwards to be successfully established
267	before placing itself in the background.	253	before placing itself in the background.
268	.It Fl g	254	.It Fl g
269	Allows remote hosts to connect to local forwarded ports.	255	Allows remote hosts to connect to local forwarded ports.
		256	If used on a multiplexed connection, then this option must be specified
		257	on the master process.
270	.It Fl I Ar pkcs11	258	.It Fl I Ar pkcs11
271	Specify the PKCS#11 shared library	259	Specify the PKCS#11 shared library
272	.Nm	260	.Nm
@@ -481,6 +469,8 @@ For full details of the options listed below, and their possible values, see
481	.It SendEnv	469	.It SendEnv
482	.It ServerAliveInterval	470	.It ServerAliveInterval
483	.It ServerAliveCountMax	471	.It ServerAliveCountMax
		472	.It StreamLocalBindMask
		473	.It StreamLocalBindUnlink
484	.It StrictHostKeyChecking	474	.It StrictHostKeyChecking
485	.It TCPKeepAlive	475	.It TCPKeepAlive
486	.It Tunnel	476	.It Tunnel
@@ -1472,7 +1462,6 @@ if an error occurred.
1472	.Xr ssh-keygen 1 ,	1462	.Xr ssh-keygen 1 ,
1473	.Xr ssh-keyscan 1 ,	1463	.Xr ssh-keyscan 1 ,
1474	.Xr tun 4 ,	1464	.Xr tun 4 ,
1475	.Xr hosts.equiv 5 ,
1476	.Xr ssh_config 5 ,	1465	.Xr ssh_config 5 ,
1477	.Xr ssh-keysign 8 ,	1466	.Xr ssh-keysign 8 ,
1478	.Xr sshd 8	1467	.Xr sshd 8