1 files changed, 26 insertions, 22 deletions
diff --git a/ssh_config.5 b/ssh_config.5
index 20bba1502..15b36f273 100644
--- a/ssh_config.5
+++ b/ssh_config.5
@@ -34,7 +34,7 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: ssh_config.5,v 1.6 2003/02/06 09:27:29 markus Exp $
+.\" $OpenBSD: ssh_config.5,v 1.7 2003/03/28 10:11:43 jmc Exp $
 .Dd September 25, 1999
 .Dt SSH_CONFIG 5
 .Os
@@ -183,8 +183,8 @@ is only supported in the
 client for interoperability with legacy protocol 1 implementations
 that do not support the
 .Ar 3des
-cipher.  Its use is strongly discouraged due to cryptographic
+cipher.
-weaknesses.
+Its use is strongly discouraged due to cryptographic weaknesses.
 The default is
 .Dq 3des .
 .It Cm Ciphers
@@ -200,7 +200,8 @@ The default is
 .It Cm ClearAllForwardings
 Specifies that all local, remote and dynamic port forwardings
 specified in the configuration files or on the command line be
-cleared.  This option is primarily useful when used from the
+cleared.
+This option is primarily useful when used from the
 .Nm ssh
 command line to clear port forwardings set in
 configuration files, and is automatically set by
@@ -237,13 +238,14 @@ The default is 1.
 Specifies that a TCP/IP port on the local machine be forwarded
 over the secure channel, and the application
 protocol is then used to determine where to connect to from the
-remote machine.  The argument must be a port number.
+remote machine.
+The argument must be a port number.
 Currently the SOCKS4 protocol is supported, and
 .Nm ssh
 will act as a SOCKS4 server.
 Multiple forwardings may be specified, and
-additional forwardings can be given on the command line.  Only
+additional forwardings can be given on the command line.
-the superuser can forward privileged ports.
+Only the superuser can forward privileged ports.
 .It Cm EscapeChar
 Sets the escape character (default:
 .Ql ~ ) .
@@ -266,10 +268,11 @@ or
 The default is
 .Dq no .
 .Pp
-Agent forwarding should be enabled with caution.  Users with the
+Agent forwarding should be enabled with caution.
-ability to bypass file permissions on the remote host (for the agent's
+Users with the ability to bypass file permissions on the remote host
-Unix-domain socket) can access the local agent through the forwarded
+(for the agent's Unix-domain socket)
-connection.  An attacker cannot obtain key material from the agent,
+can access the local agent through the forwarded connection.
+An attacker cannot obtain key material from the agent,
 however they can perform operations on the keys that enable them to
 authenticate using the identities loaded into the agent.
 .It Cm ForwardX11
@@ -284,18 +287,18 @@ or
 The default is
 .Dq no .
 .Pp
-X11 forwarding should be enabled with caution.  Users with the ability
+X11 forwarding should be enabled with caution.
-to bypass file permissions on the remote host (for the user's X
+Users with the ability to bypass file permissions on the remote host
-authorization database) can access the local X11 display through the
+(for the user's X authorization database)
-forwarded connection.  An attacker may then be able to perform
+can access the local X11 display through the forwarded connection.
-activities such as keystroke monitoring.
+An attacker may then be able to perform activities such as keystroke monitoring.
 .It Cm GatewayPorts
 Specifies whether remote hosts are allowed to connect to local
 forwarded ports.
 By default,
 .Nm ssh
-binds local port forwardings to the loopback address.  This
+binds local port forwardings to the loopback address.
-prevents other remote hosts from connecting to forwarded ports.
+This prevents other remote hosts from connecting to forwarded ports.
 .Cm GatewayPorts
 can be used to specify that
 .Nm ssh
@@ -407,8 +410,9 @@ Gives the verbosity level that is used when logging messages from
 .Nm ssh .
 The possible values are:
 QUIET, FATAL, ERROR, INFO, VERBOSE, DEBUG, DEBUG1, DEBUG2 and DEBUG3.
-The default is INFO.  DEBUG and DEBUG1 are equivalent.  DEBUG2
+The default is INFO.
-and DEBUG3 each specify higher levels of verbose output.
+DEBUG and DEBUG1 are equivalent.
+DEBUG2 and DEBUG3 each specify higher levels of verbose output.
 .It Cm MACs
 Specifies the MAC (message authentication code) algorithms
 in order of preference.
@@ -493,8 +497,8 @@ somewhere.
 Host key management will be done using the
 HostName of the host being connected (defaulting to the name typed by
 the user).
-Setting the command to                                                             
+Setting the command to
-.Dq none                                                                       
+.Dq none
 disables this option entirely.
 Note that
 .Cm CheckHostIP

diff --git a/ssh_config.5 b/ssh_config.5 index 20bba1502..15b36f273 100644 --- a/ssh_config.5 +++ b/ssh_config.5
@@ -34,7 +34,7 @@
34	.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF	34	.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
35	.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.	35	.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
36	.\"	36	.\"
37	.\" $OpenBSD: ssh_config.5,v 1.6 2003/02/06 09:27:29 markus Exp $	37	.\" $OpenBSD: ssh_config.5,v 1.7 2003/03/28 10:11:43 jmc Exp $
38	.Dd September 25, 1999	38	.Dd September 25, 1999
39	.Dt SSH_CONFIG 5	39	.Dt SSH_CONFIG 5
40	.Os	40	.Os
@@ -183,8 +183,8 @@ is only supported in the
183	client for interoperability with legacy protocol 1 implementations	183	client for interoperability with legacy protocol 1 implementations
184	that do not support the	184	that do not support the
185	.Ar 3des	185	.Ar 3des
186	cipher. Its use is strongly discouraged due to cryptographic	186	cipher.
187	weaknesses.	187	Its use is strongly discouraged due to cryptographic weaknesses.
188	The default is	188	The default is
189	.Dq 3des .	189	.Dq 3des .
190	.It Cm Ciphers	190	.It Cm Ciphers
@@ -200,7 +200,8 @@ The default is
200	.It Cm ClearAllForwardings	200	.It Cm ClearAllForwardings
201	Specifies that all local, remote and dynamic port forwardings	201	Specifies that all local, remote and dynamic port forwardings
202	specified in the configuration files or on the command line be	202	specified in the configuration files or on the command line be
203	cleared. This option is primarily useful when used from the	203	cleared.
		204	This option is primarily useful when used from the
204	.Nm ssh	205	.Nm ssh
205	command line to clear port forwardings set in	206	command line to clear port forwardings set in
206	configuration files, and is automatically set by	207	configuration files, and is automatically set by
@@ -237,13 +238,14 @@ The default is 1.
237	Specifies that a TCP/IP port on the local machine be forwarded	238	Specifies that a TCP/IP port on the local machine be forwarded
238	over the secure channel, and the application	239	over the secure channel, and the application
239	protocol is then used to determine where to connect to from the	240	protocol is then used to determine where to connect to from the
240	remote machine. The argument must be a port number.	241	remote machine.
		242	The argument must be a port number.
241	Currently the SOCKS4 protocol is supported, and	243	Currently the SOCKS4 protocol is supported, and
242	.Nm ssh	244	.Nm ssh
243	will act as a SOCKS4 server.	245	will act as a SOCKS4 server.
244	Multiple forwardings may be specified, and	246	Multiple forwardings may be specified, and
245	additional forwardings can be given on the command line. Only	247	additional forwardings can be given on the command line.
246	the superuser can forward privileged ports.	248	Only the superuser can forward privileged ports.
247	.It Cm EscapeChar	249	.It Cm EscapeChar
248	Sets the escape character (default:	250	Sets the escape character (default:
249	.Ql ~ ) .	251	.Ql ~ ) .
@@ -266,10 +268,11 @@ or
266	The default is	268	The default is
267	.Dq no .	269	.Dq no .
268	.Pp	270	.Pp
269	Agent forwarding should be enabled with caution. Users with the	271	Agent forwarding should be enabled with caution.
270	ability to bypass file permissions on the remote host (for the agent's	272	Users with the ability to bypass file permissions on the remote host
271	Unix-domain socket) can access the local agent through the forwarded	273	(for the agent's Unix-domain socket)
272	connection. An attacker cannot obtain key material from the agent,	274	can access the local agent through the forwarded connection.
		275	An attacker cannot obtain key material from the agent,
273	however they can perform operations on the keys that enable them to	276	however they can perform operations on the keys that enable them to
274	authenticate using the identities loaded into the agent.	277	authenticate using the identities loaded into the agent.
275	.It Cm ForwardX11	278	.It Cm ForwardX11
@@ -284,18 +287,18 @@ or
284	The default is	287	The default is
285	.Dq no .	288	.Dq no .
286	.Pp	289	.Pp
287	X11 forwarding should be enabled with caution. Users with the ability	290	X11 forwarding should be enabled with caution.
288	to bypass file permissions on the remote host (for the user's X	291	Users with the ability to bypass file permissions on the remote host
289	authorization database) can access the local X11 display through the	292	(for the user's X authorization database)
290	forwarded connection. An attacker may then be able to perform	293	can access the local X11 display through the forwarded connection.
291	activities such as keystroke monitoring.	294	An attacker may then be able to perform activities such as keystroke monitoring.
292	.It Cm GatewayPorts	295	.It Cm GatewayPorts
293	Specifies whether remote hosts are allowed to connect to local	296	Specifies whether remote hosts are allowed to connect to local
294	forwarded ports.	297	forwarded ports.
295	By default,	298	By default,
296	.Nm ssh	299	.Nm ssh
297	binds local port forwardings to the loopback address. This	300	binds local port forwardings to the loopback address.
298	prevents other remote hosts from connecting to forwarded ports.	301	This prevents other remote hosts from connecting to forwarded ports.
299	.Cm GatewayPorts	302	.Cm GatewayPorts
300	can be used to specify that	303	can be used to specify that
301	.Nm ssh	304	.Nm ssh
@@ -407,8 +410,9 @@ Gives the verbosity level that is used when logging messages from
407	.Nm ssh .	410	.Nm ssh .
408	The possible values are:	411	The possible values are:
409	QUIET, FATAL, ERROR, INFO, VERBOSE, DEBUG, DEBUG1, DEBUG2 and DEBUG3.	412	QUIET, FATAL, ERROR, INFO, VERBOSE, DEBUG, DEBUG1, DEBUG2 and DEBUG3.
410	The default is INFO. DEBUG and DEBUG1 are equivalent. DEBUG2	413	The default is INFO.
411	and DEBUG3 each specify higher levels of verbose output.	414	DEBUG and DEBUG1 are equivalent.
		415	DEBUG2 and DEBUG3 each specify higher levels of verbose output.
412	.It Cm MACs	416	.It Cm MACs
413	Specifies the MAC (message authentication code) algorithms	417	Specifies the MAC (message authentication code) algorithms
414	in order of preference.	418	in order of preference.
@@ -493,8 +497,8 @@ somewhere.
493	Host key management will be done using the	497	Host key management will be done using the
494	HostName of the host being connected (defaulting to the name typed by	498	HostName of the host being connected (defaulting to the name typed by
495	the user).	499	the user).
496	Setting the command to	500	Setting the command to
497	.Dq none	501	.Dq none
498	disables this option entirely.	502	disables this option entirely.
499	Note that	503	Note that
500	.Cm CheckHostIP	504	.Cm CheckHostIP