1 files changed, 36 insertions, 19 deletions

diff --git a/ssh.1 b/ssh.1
index 63b057336..986802598 100644
--- a/ssh.1
+++ b/ssh.1
@@ -33,8 +33,8 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: ssh.1,v 1.334 2013/07/18 01:12:26 djm Exp $
-.Dd $Mdocdate: July 18 2013 $
+.\" $OpenBSD: ssh.1,v 1.343 2013/12/07 11:58:46 naddy Exp $
+.Dd $Mdocdate: December 7 2013 $
 .Dt SSH 1
 .Os
 .Sh NAME
@@ -58,6 +58,7 @@
 .Op Fl O Ar ctl_cmd
 .Op Fl o Ar option
 .Op Fl p Ar port
+.Op Fl Q Cm cipher | cipher-auth | mac | kex | key
 .Op Fl R Oo Ar bind_address : Oc Ns Ar port : Ns Ar host : Ns Ar hostport
 .Op Fl S Ar ctl_path
 .Op Fl W Ar host : Ns Ar port
@@ -65,8 +66,6 @@
 .Oo Ar user Ns @ Oc Ns Ar hostname
 .Op Ar command
 .Ek
-.Nm
-.Fl Q Ar protocol_feature
 .Sh DESCRIPTION
 .Nm
 (SSH client) is a program for logging into a remote machine and for
@@ -280,7 +279,8 @@ The default is
 .Pa ~/.ssh/identity
 for protocol version 1, and
 .Pa ~/.ssh/id_dsa ,
-.Pa ~/.ssh/id_ecdsa
+.Pa ~/.ssh/id_ecdsa ,
+.Pa ~/.ssh/id_ed25519
 and
 .Pa ~/.ssh/id_rsa
 for protocol version 2.
@@ -417,6 +417,11 @@ For full details of the options listed below, and their possible values, see
 .It AddressFamily
 .It BatchMode
 .It BindAddress
+.It CanonicalDomains
+.It CanonicalizeFallbackLocal
+.It CanonicalizeHostname
+.It CanonicalizeMaxDots
+.It CanonicalizePermittedCNAMEs
 .It ChallengeResponseAuthentication
 .It CheckHostIP
 .It Cipher
@@ -456,6 +461,7 @@ For full details of the options listed below, and their possible values, see
 .It LocalForward
 .It LogLevel
 .It MACs
+.It Match
 .It NoHostAuthenticationForLocalhost
 .It NumberOfPasswordPrompts
 .It PasswordAuthentication
@@ -465,6 +471,7 @@ For full details of the options listed below, and their possible values, see
 .It PreferredAuthentications
 .It Protocol
 .It ProxyCommand
+.It ProxyUseFdpass
 .It PubkeyAuthentication
 .It RekeyLimit
 .It RemoteForward
@@ -489,21 +496,21 @@ For full details of the options listed below, and their possible values, see
 Port to connect to on the remote host.
 This can be specified on a
 per-host basis in the configuration file.
-.It Fl Q Ar protocol_feature
+.It Fl Q Cm cipher | cipher-auth | mac | kex | key
 Queries
 .Nm
-for the algorithms supported for the specified version 2
-.Ar protocol_feature .
-The queriable features are:
-.Dq cipher
+for the algorithms supported for the specified version 2.
+The available features are:
+.Ar cipher
 (supported symmetric ciphers),
-.Dq MAC
+.Ar cipher-auth
+(supported symmetric ciphers that support authenticated encryption),
+.Ar mac
 (supported message integrity codes),
-.Dq KEX
+.Ar kex
 (key exchange algorithms),
-.Dq key
+.Ar key
 (key types).
-Protocol features are treated case-insensitively.
 .It Fl q
 Quiet mode.
 Causes most warning and diagnostic messages to be suppressed.
@@ -751,7 +758,7 @@ key pair for authentication purposes.
 The server knows the public key, and only the user knows the private key.
 .Nm
 implements public key authentication protocol automatically,
-using one of the DSA, ECDSA or RSA algorithms.
+using one of the DSA, ECDSA, ED25519 or RSA algorithms.
 Protocol 1 is restricted to using only RSA keys,
 but protocol 2 may use any.
 The HISTORY section of
@@ -782,6 +789,8 @@ This stores the private key in
 (protocol 2 DSA),
 .Pa ~/.ssh/id_ecdsa
 (protocol 2 ECDSA),
+.Pa ~/.ssh/id_ed25519
+(protocol 2 ED25519),
 or
 .Pa ~/.ssh/id_rsa
 (protocol 2 RSA)
@@ -792,6 +801,8 @@ and stores the public key in
 (protocol 2 DSA),
 .Pa ~/.ssh/id_ecdsa.pub
 (protocol 2 ECDSA),
+.Pa ~/.ssh/id_ed25519.pub
+(protocol 2 ED25519),
 or
 .Pa ~/.ssh/id_rsa.pub
 (protocol 2 RSA)
@@ -831,9 +842,12 @@ text, and prompts for a response.
 Protocol 2 allows multiple challenges and responses;
 protocol 1 is restricted to just one challenge/response.
 Examples of challenge-response authentication include
-BSD Authentication (see
+.Bx
+Authentication (see
 .Xr login.conf 5 )
-and PAM (some non-OpenBSD systems).
+and PAM (some
+.Pf non- Ox
+systems).
 .Pp
 Finally, if other authentication methods fail,
 .Nm
@@ -1328,8 +1342,8 @@ secret, but the recommended permissions are read/write/execute for the user,
 and not accessible by others.
 .Pp
 .It Pa ~/.ssh/authorized_keys
-Lists the public keys (DSA/ECDSA/RSA) that can be used for logging in as
-this user.
+Lists the public keys (DSA, ECDSA, ED25519, RSA)
+that can be used for logging in as this user.
 The format of this file is described in the
 .Xr sshd 8
 manual page.
@@ -1353,6 +1367,7 @@ above.
 .It Pa ~/.ssh/identity
 .It Pa ~/.ssh/id_dsa
 .It Pa ~/.ssh/id_ecdsa
+.It Pa ~/.ssh/id_ed25519
 .It Pa ~/.ssh/id_rsa
 Contains the private key for authentication.
 These files
@@ -1367,6 +1382,7 @@ sensitive part of this file using 3DES.
 .It Pa ~/.ssh/identity.pub
 .It Pa ~/.ssh/id_dsa.pub
 .It Pa ~/.ssh/id_ecdsa.pub
+.It Pa ~/.ssh/id_ed25519.pub
 .It Pa ~/.ssh/id_rsa.pub
 Contains the public key for authentication.
 These files are not
@@ -1406,6 +1422,7 @@ The file format and configuration options are described in
 .It Pa /etc/ssh/ssh_host_key
 .It Pa /etc/ssh/ssh_host_dsa_key
 .It Pa /etc/ssh/ssh_host_ecdsa_key
+.It Pa /etc/ssh/ssh_host_ed25519_key
 .It Pa /etc/ssh/ssh_host_rsa_key
 These files contain the private parts of the host keys
 and are used for host-based authentication.