1 files changed, 24 insertions, 8 deletions
diff --git a/ssh.1 b/ssh.1
index c8892fed4..217886319 100644
--- a/ssh.1
+++ b/ssh.1
@@ -33,8 +33,8 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: ssh.1,v 1.356 2015/03/03 06:48:58 djm Exp $
+.\" $OpenBSD: ssh.1,v 1.358 2015/05/22 05:28:45 djm Exp $
-.Dd $Mdocdate: March 3 2015 $
+.Dd $Mdocdate: May 22 2015 $
 .Dt SSH 1
 .Os
 .Sh NAME
@@ -584,9 +584,9 @@ of SSH as a secure transport for other applications (eg.\&
 .Xr sftp 1 ) .
 The subsystem is specified as the remote command.
 .It Fl T
-Disable pseudo-tty allocation.
+Disable pseudo-terminal allocation.
 .It Fl t
-Force pseudo-tty allocation.
+Force pseudo-terminal allocation.
 This can be used to execute arbitrary
 screen-based programs on a remote machine, which can be very useful,
 e.g. when implementing menu services.
@@ -880,15 +880,26 @@ option can be used to control logins to machines whose
 host key is not known or has changed.
 .Pp
 When the user's identity has been accepted by the server, the server
-either executes the given command, or logs into the machine and gives
+either executes the given command in a non-interactive session or,
-the user a normal shell on the remote machine.
+if no command has been specified, logs into the machine and gives
+the user a normal shell as an interactive session.
 All communication with
 the remote command or shell will be automatically encrypted.
 .Pp
-If a pseudo-terminal has been allocated (normal login session), the
+If an interactive session is requested
+.Nm
+by default will only request a pseudo-terminal (pty) for interactive
+sessions when the client has one.
+The flags
+.Fl T
+and
+.Fl t
+can be used to override this behaviour.
+.Pp
+If a pseudo-terminal has been allocated the
 user may use the escape characters noted below.
 .Pp
-If no pseudo-tty has been allocated,
+If no pseudo-terminal has been allocated,
 the session is transparent and can be used to reliably transfer binary data.
 On most systems, setting the escape character to
 .Dq none
@@ -1099,6 +1110,11 @@ Fingerprints can be determined using
 .Pp
 If the fingerprint is already known, it can be matched
 and the key can be accepted or rejected.
+If only legacy (MD5) fingerprints for the server are available, the
+.Xr ssh-keygen 1
+.Fl E
+option may be used to downgrade the fingerprint algorithm to match.
+.Pp
 Because of the difficulty of comparing host keys
 just by looking at fingerprint strings,
 there is also support to compare host keys visually,

diff --git a/ssh.1 b/ssh.1 index c8892fed4..217886319 100644 --- a/ssh.1 +++ b/ssh.1
@@ -33,8 +33,8 @@
33	.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF	33	.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
34	.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.	34	.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
35	.\"	35	.\"
36	.\" $OpenBSD: ssh.1,v 1.356 2015/03/03 06:48:58 djm Exp $	36	.\" $OpenBSD: ssh.1,v 1.358 2015/05/22 05:28:45 djm Exp $
37	.Dd $Mdocdate: March 3 2015 $	37	.Dd $Mdocdate: May 22 2015 $
38	.Dt SSH 1	38	.Dt SSH 1
39	.Os	39	.Os
40	.Sh NAME	40	.Sh NAME
@@ -584,9 +584,9 @@ of SSH as a secure transport for other applications (eg.\&
584	.Xr sftp 1 ) .	584	.Xr sftp 1 ) .
585	The subsystem is specified as the remote command.	585	The subsystem is specified as the remote command.
586	.It Fl T	586	.It Fl T
587	Disable pseudo-tty allocation.	587	Disable pseudo-terminal allocation.
588	.It Fl t	588	.It Fl t
589	Force pseudo-tty allocation.	589	Force pseudo-terminal allocation.
590	This can be used to execute arbitrary	590	This can be used to execute arbitrary
591	screen-based programs on a remote machine, which can be very useful,	591	screen-based programs on a remote machine, which can be very useful,
592	e.g. when implementing menu services.	592	e.g. when implementing menu services.
@@ -880,15 +880,26 @@ option can be used to control logins to machines whose
880	host key is not known or has changed.	880	host key is not known or has changed.
881	.Pp	881	.Pp
882	When the user's identity has been accepted by the server, the server	882	When the user's identity has been accepted by the server, the server
883	either executes the given command, or logs into the machine and gives	883	either executes the given command in a non-interactive session or,
884	the user a normal shell on the remote machine.	884	if no command has been specified, logs into the machine and gives
		885	the user a normal shell as an interactive session.
885	All communication with	886	All communication with
886	the remote command or shell will be automatically encrypted.	887	the remote command or shell will be automatically encrypted.
887	.Pp	888	.Pp
888	If a pseudo-terminal has been allocated (normal login session), the	889	If an interactive session is requested
		890	.Nm
		891	by default will only request a pseudo-terminal (pty) for interactive
		892	sessions when the client has one.
		893	The flags
		894	.Fl T
		895	and
		896	.Fl t
		897	can be used to override this behaviour.
		898	.Pp
		899	If a pseudo-terminal has been allocated the
889	user may use the escape characters noted below.	900	user may use the escape characters noted below.
890	.Pp	901	.Pp
891	If no pseudo-tty has been allocated,	902	If no pseudo-terminal has been allocated,
892	the session is transparent and can be used to reliably transfer binary data.	903	the session is transparent and can be used to reliably transfer binary data.
893	On most systems, setting the escape character to	904	On most systems, setting the escape character to
894	.Dq none	905	.Dq none
@@ -1099,6 +1110,11 @@ Fingerprints can be determined using
1099	.Pp	1110	.Pp
1100	If the fingerprint is already known, it can be matched	1111	If the fingerprint is already known, it can be matched
1101	and the key can be accepted or rejected.	1112	and the key can be accepted or rejected.
		1113	If only legacy (MD5) fingerprints for the server are available, the
		1114	.Xr ssh-keygen 1
		1115	.Fl E
		1116	option may be used to downgrade the fingerprint algorithm to match.
		1117	.Pp
1102	Because of the difficulty of comparing host keys	1118	Because of the difficulty of comparing host keys
1103	just by looking at fingerprint strings,	1119	just by looking at fingerprint strings,
1104	there is also support to compare host keys visually,	1120	there is also support to compare host keys visually,