1 files changed, 51 insertions, 59 deletions
diff --git a/ssh_config.0 b/ssh_config.0
index a8687ffc2..74e516594 100644
--- a/ssh_config.0
+++ b/ssh_config.0
@@ -39,16 +39,16 @@ DESCRIPTION
     Host    Restricts the following declarations (up to the next Host key-
             word) to be only for those hosts that match one of the patterns
-             given after the keyword.  M-bM-^@M-^X*M-bM-^@M-^Y and M-bM-^@M-^X?M-bM-^@M-^Y can be used as wildcards in
+             given after the keyword.  M-bM-^@M-^X*M-bM-^@M-^Y and M-bM-^@M-^XM-bM-^@M-^Y?  can be used as wildcards
-             the patterns.  A single M-bM-^@M-^X*M-bM-^@M-^Y as a pattern can be used to provide
+             in the patterns.  A single M-bM-^@M-^X*M-bM-^@M-^Y as a pattern can be used to pro-
-             global defaults for all hosts.  The host is the hostname argument
+             vide global defaults for all hosts.  The host is the hostname
-             given on the command line (i.e., the name is not converted to a
+             argument given on the command line (i.e., the name is not con-
-             canonicalized host name before matching).
+             verted to a canonicalized host name before matching).
-     AddressFamily
+     AFSTokenPassing
-             Specifies which address family to use when connecting.  Valid
+             Specifies whether to pass AFS tokens to remote host.  The argu-
-             arguments are M-bM-^@M-^\anyM-bM-^@M-^], M-bM-^@M-^\inetM-bM-^@M-^] (Use IPv4 only) or M-bM-^@M-^\inet6M-bM-^@M-^] (Use IPv6
+             ment to this keyword must be M-bM-^@M-^\yesM-bM-^@M-^] or M-bM-^@M-^\noM-bM-^@M-^].  This option applies
-             only.)
+             to protocol version 1 only.
     BatchMode
             If set to M-bM-^@M-^\yesM-bM-^@M-^], passphrase/password querying will be disabled.
@@ -112,28 +112,15 @@ DESCRIPTION
             exiting.  The argument must be an integer.  This may be useful in
             scripts if the connection sometimes fails.  The default is 1.
-     ConnectTimeout
-             Specifies the timeout (in seconds) used when connecting to the
-             ssh server, instead of using the default system TCP timeout.
-             This value is used only when the target is down or really
-             unreachable, not when it refuses the connection.
     DynamicForward
             Specifies that a TCP/IP port on the local machine be forwarded
             over the secure channel, and the application protocol is then
             used to determine where to connect to from the remote machine.
-             The argument must be a port number.  Currently the SOCKS4 and
+             The argument must be a port number.  Currently the SOCKS4 proto-
-             SOCKS5 protocols are supported, and ssh will act as a SOCKS
+             col is supported, and ssh will act as a SOCKS4 server.  Multiple
-             server.  Multiple forwardings may be specified, and additional
+             forwardings may be specified, and additional forwardings can be
-             forwardings can be given on the command line.  Only the superuser
+             given on the command line.  Only the superuser can forward privi-
-             can forward privileged ports.
+             leged ports.
-     EnableSSHKeysign
-             Setting this option to M-bM-^@M-^\yesM-bM-^@M-^] in the global client configuration
-             file /etc/ssh/ssh_config enables the use of the helper program
-             ssh-keysign(8) during HostbasedAuthentication.  The argument must
-             be M-bM-^@M-^\yesM-bM-^@M-^] or M-bM-^@M-^\noM-bM-^@M-^].  The default is M-bM-^@M-^\noM-bM-^@M-^].  See ssh-keysign(8) for
-             more information.
     EscapeChar
             Sets the escape character (default: M-bM-^@M-^X~M-bM-^@M-^Y).  The escape character
@@ -179,16 +166,6 @@ DESCRIPTION
             Specifies a file to use for the global host key database instead
             of /etc/ssh/ssh_known_hosts.
-     GSSAPIAuthentication
-             Specifies whether authentication based on GSSAPI may be used,
-             either using the result of a successful key exchange, or using
-             GSSAPI user authentication.  The default is M-bM-^@M-^\yesM-bM-^@M-^].  Note that
-             this option applies to protocol version 2 only.
-     GSSAPIDelegateCredentials
-             Forward (delegate) credentials to the server.  The default is
-             M-bM-^@M-^\noM-bM-^@M-^].  Note that this option applies to protocol version 2 only.
     HostbasedAuthentication
             Specifies whether to try rhosts based authentication with public
             key authentication.  The argument must be M-bM-^@M-^\yesM-bM-^@M-^] or M-bM-^@M-^\noM-bM-^@M-^].  The
@@ -215,14 +192,14 @@ DESCRIPTION
     IdentityFile
             Specifies a file from which the userM-bM-^@M-^Ys RSA or DSA authentication
-             identity is read.  The default is $HOME/.ssh/identity for proto-
+             identity is read. The default is $HOME/.ssh/identity for protocol
-             col version 1, and $HOME/.ssh/id_rsa and $HOME/.ssh/id_dsa for
+             version 1, and $HOME/.ssh/id_rsa and $HOME/.ssh/id_dsa for proto-
-             protocol version 2.  Additionally, any identities represented by
+             col version 2.  Additionally, any identities represented by the
-             the authentication agent will be used for authentication.  The
+             authentication agent will be used for authentication.  The file
-             file name may use the tilde syntax to refer to a userM-bM-^@M-^Ys home
+             name may use the tilde syntax to refer to a userM-bM-^@M-^Ys home direc-
-             directory.  It is possible to have multiple identity files speci-
+             tory.  It is possible to have multiple identity files specified
-             fied in configuration files; all these identities will be tried
+             in configuration files; all these identities will be tried in
-             in sequence.
+             sequence.
     KeepAlive
             Specifies whether the system should send TCP keepalive messages
@@ -237,6 +214,15 @@ DESCRIPTION
             To disable keepalives, the value should be set to M-bM-^@M-^\noM-bM-^@M-^].
+     KerberosAuthentication
+             Specifies whether Kerberos authentication will be used.  The
+             argument to this keyword must be M-bM-^@M-^\yesM-bM-^@M-^] or M-bM-^@M-^\noM-bM-^@M-^].
+     KerberosTgtPassing
+             Specifies whether a Kerberos TGT will be forwarded to the server.
+             This will only work if the Kerberos server is actually an AFS
+             kaserver.  The argument to this keyword must be M-bM-^@M-^\yesM-bM-^@M-^] or M-bM-^@M-^\noM-bM-^@M-^].
     LocalForward
             Specifies that a TCP/IP port on the local machine be forwarded
             over the secure channel to the specified host and port from the
@@ -281,9 +267,9 @@ DESCRIPTION
     PreferredAuthentications
             Specifies the order in which the client should try protocol 2
-             authentication methods.  This allows a client to prefer one
+             authentication methods. This allows a client to prefer one method
-             method (e.g.  keyboard-interactive) over another method (e.g.
+             (e.g.  keyboard-interactive) over another method (e.g.  password)
-             password) The default for this option is:
+             The default for this option is:
             M-bM-^@M-^\hostbased,publickey,keyboard-interactive,passwordM-bM-^@M-^].
     Protocol
@@ -321,6 +307,16 @@ DESCRIPTION
             specified, and additional forwardings can be given on the command
             line.  Only the superuser can forward privileged ports.
+     RhostsAuthentication
+             Specifies whether to try rhosts based authentication.  Note that
+             this declaration only affects the client side and has no effect
+             whatsoever on security.  Most servers do not permit RhostsAuthen-
+             tication because it is not secure (see RhostsRSAAuthentication).
+             The argument to this keyword must be M-bM-^@M-^\yesM-bM-^@M-^] or M-bM-^@M-^\noM-bM-^@M-^].  The default
+             is M-bM-^@M-^\noM-bM-^@M-^].  This option applies to protocol version 1 only and
+             requires ssh to be setuid root and UsePrivilegedPort to be set to
+             M-bM-^@M-^\yesM-bM-^@M-^].
     RhostsRSAAuthentication
             Specifies whether to try rhosts based authentication with RSA
             host authentication.  The argument must be M-bM-^@M-^\yesM-bM-^@M-^] or M-bM-^@M-^\noM-bM-^@M-^].  The
@@ -335,9 +331,9 @@ DESCRIPTION
             applies to protocol version 1 only.
     SmartcardDevice
-             Specifies which smartcard device to use.  The argument to this
+             Specifies which smartcard device to use. The argument to this
             keyword is the device ssh should use to communicate with a smart-
-             card used for storing the userM-bM-^@M-^Ys private RSA key.  By default, no
+             card used for storing the userM-bM-^@M-^Ys private RSA key. By default, no
             device is specified and smartcard support is not activated.
     StrictHostKeyChecking
@@ -360,7 +356,8 @@ DESCRIPTION
             Specifies whether to use a privileged port for outgoing connec-
             tions.  The argument must be M-bM-^@M-^\yesM-bM-^@M-^] or M-bM-^@M-^\noM-bM-^@M-^].  The default is M-bM-^@M-^\noM-bM-^@M-^].
             If set to M-bM-^@M-^\yesM-bM-^@M-^] ssh must be setuid root.  Note that this option
-             must be set to M-bM-^@M-^\yesM-bM-^@M-^] for RhostsRSAAuthentication with older
+             must be set to M-bM-^@M-^\yesM-bM-^@M-^] if RhostsAuthentication and
+             RhostsRSAAuthentication authentications are needed with older
             servers.
     User    Specifies the user to log in as.  This can be useful when a dif-
@@ -372,11 +369,6 @@ DESCRIPTION
             Specifies a file to use for the user host key database instead of
             $HOME/.ssh/known_hosts.
-     VerifyHostKeyDNS
-             Specifies whether to verify the remote key using DNS and SSHFP
-             resource records.  The default is M-bM-^@M-^\noM-bM-^@M-^].  Note that this option
-             applies to protocol version 2 only.
     XAuthLocation
             Specifies the full pathname of the xauth(1) program.  The default
             is /usr/X11R6/bin/xauth.
@@ -395,9 +387,6 @@ FILES
             file, and for those users who do not have a configuration file.
             This file must be world-readable.
-SEE ALSO
-     ssh(1)
 AUTHORS
     OpenSSH is a derivative of the original and free ssh 1.2.12 release by
     Tatu Ylonen.  Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, Theo
@@ -405,4 +394,7 @@ AUTHORS
     ated OpenSSH.  Markus Friedl contributed the support for SSH protocol
     versions 1.5 and 2.0.
+SEE ALSO
+     ssh(1)
 BSD                           September 25, 1999                           BSD