1 files changed, 26 insertions, 22 deletions
diff --git a/ssh_config.5 b/ssh_config.5
index 710c068c5..44208b431 100644
--- a/ssh_config.5
+++ b/ssh_config.5
@@ -34,7 +34,7 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: ssh_config.5,v 1.6 2003/02/06 09:27:29 markus Exp $
+.\" $OpenBSD: ssh_config.5,v 1.7 2003/03/28 10:11:43 jmc Exp $
 .Dd September 25, 1999
 .Dt SSH_CONFIG 5
 .Os
@@ -176,8 +176,8 @@ is only supported in the
 client for interoperability with legacy protocol 1 implementations
 that do not support the
 .Ar 3des
-cipher.  Its use is strongly discouraged due to cryptographic
+cipher.
-weaknesses.
+Its use is strongly discouraged due to cryptographic weaknesses.
 The default is
 .Dq 3des .
 .It Cm Ciphers
@@ -193,7 +193,8 @@ The default is
 .It Cm ClearAllForwardings
 Specifies that all local, remote and dynamic port forwardings
 specified in the configuration files or on the command line be
-cleared.  This option is primarily useful when used from the
+cleared.
+This option is primarily useful when used from the
 .Nm ssh
 command line to clear port forwardings set in
 configuration files, and is automatically set by
@@ -230,13 +231,14 @@ The default is 1.
 Specifies that a TCP/IP port on the local machine be forwarded
 over the secure channel, and the application
 protocol is then used to determine where to connect to from the
-remote machine.  The argument must be a port number.
+remote machine.
+The argument must be a port number.
 Currently the SOCKS4 protocol is supported, and
 .Nm ssh
 will act as a SOCKS4 server.
 Multiple forwardings may be specified, and
-additional forwardings can be given on the command line.  Only
+additional forwardings can be given on the command line.
-the superuser can forward privileged ports.
+Only the superuser can forward privileged ports.
 .It Cm EscapeChar
 Sets the escape character (default:
 .Ql ~ ) .
@@ -259,10 +261,11 @@ or
 The default is
 .Dq no .
 .Pp
-Agent forwarding should be enabled with caution.  Users with the
+Agent forwarding should be enabled with caution.
-ability to bypass file permissions on the remote host (for the agent's
+Users with the ability to bypass file permissions on the remote host
-Unix-domain socket) can access the local agent through the forwarded
+(for the agent's Unix-domain socket)
-connection.  An attacker cannot obtain key material from the agent,
+can access the local agent through the forwarded connection.
+An attacker cannot obtain key material from the agent,
 however they can perform operations on the keys that enable them to
 authenticate using the identities loaded into the agent.
 .It Cm ForwardX11
@@ -277,18 +280,18 @@ or
 The default is
 .Dq no .
 .Pp
-X11 forwarding should be enabled with caution.  Users with the ability
+X11 forwarding should be enabled with caution.
-to bypass file permissions on the remote host (for the user's X
+Users with the ability to bypass file permissions on the remote host
-authorization database) can access the local X11 display through the
+(for the user's X authorization database)
-forwarded connection.  An attacker may then be able to perform
+can access the local X11 display through the forwarded connection.
-activities such as keystroke monitoring.
+An attacker may then be able to perform activities such as keystroke monitoring.
 .It Cm GatewayPorts
 Specifies whether remote hosts are allowed to connect to local
 forwarded ports.
 By default,
 .Nm ssh
-binds local port forwardings to the loopback address.  This
+binds local port forwardings to the loopback address.
-prevents other remote hosts from connecting to forwarded ports.
+This prevents other remote hosts from connecting to forwarded ports.
 .Cm GatewayPorts
 can be used to specify that
 .Nm ssh
@@ -395,8 +398,9 @@ Gives the verbosity level that is used when logging messages from
 .Nm ssh .
 The possible values are:
 QUIET, FATAL, ERROR, INFO, VERBOSE, DEBUG, DEBUG1, DEBUG2 and DEBUG3.
-The default is INFO.  DEBUG and DEBUG1 are equivalent.  DEBUG2
+The default is INFO.
-and DEBUG3 each specify higher levels of verbose output.
+DEBUG and DEBUG1 are equivalent.
+DEBUG2 and DEBUG3 each specify higher levels of verbose output.
 .It Cm MACs
 Specifies the MAC (message authentication code) algorithms
 in order of preference.
@@ -474,8 +478,8 @@ somewhere.
 Host key management will be done using the
 HostName of the host being connected (defaulting to the name typed by
 the user).
-Setting the command to                                                             
+Setting the command to
-.Dq none                                                                       
+.Dq none
 disables this option entirely.
 Note that
 .Cm CheckHostIP

diff --git a/ssh_config.5 b/ssh_config.5 index 710c068c5..44208b431 100644 --- a/ssh_config.5 +++ b/ssh_config.5
@@ -34,7 +34,7 @@
34	.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF	34	.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
35	.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.	35	.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
36	.\"	36	.\"
37	.\" $OpenBSD: ssh_config.5,v 1.6 2003/02/06 09:27:29 markus Exp $	37	.\" $OpenBSD: ssh_config.5,v 1.7 2003/03/28 10:11:43 jmc Exp $
38	.Dd September 25, 1999	38	.Dd September 25, 1999
39	.Dt SSH_CONFIG 5	39	.Dt SSH_CONFIG 5
40	.Os	40	.Os
@@ -176,8 +176,8 @@ is only supported in the
176	client for interoperability with legacy protocol 1 implementations	176	client for interoperability with legacy protocol 1 implementations
177	that do not support the	177	that do not support the
178	.Ar 3des	178	.Ar 3des
179	cipher. Its use is strongly discouraged due to cryptographic	179	cipher.
180	weaknesses.	180	Its use is strongly discouraged due to cryptographic weaknesses.
181	The default is	181	The default is
182	.Dq 3des .	182	.Dq 3des .
183	.It Cm Ciphers	183	.It Cm Ciphers
@@ -193,7 +193,8 @@ The default is
193	.It Cm ClearAllForwardings	193	.It Cm ClearAllForwardings
194	Specifies that all local, remote and dynamic port forwardings	194	Specifies that all local, remote and dynamic port forwardings
195	specified in the configuration files or on the command line be	195	specified in the configuration files or on the command line be
196	cleared. This option is primarily useful when used from the	196	cleared.
		197	This option is primarily useful when used from the
197	.Nm ssh	198	.Nm ssh
198	command line to clear port forwardings set in	199	command line to clear port forwardings set in
199	configuration files, and is automatically set by	200	configuration files, and is automatically set by
@@ -230,13 +231,14 @@ The default is 1.
230	Specifies that a TCP/IP port on the local machine be forwarded	231	Specifies that a TCP/IP port on the local machine be forwarded
231	over the secure channel, and the application	232	over the secure channel, and the application
232	protocol is then used to determine where to connect to from the	233	protocol is then used to determine where to connect to from the
233	remote machine. The argument must be a port number.	234	remote machine.
		235	The argument must be a port number.
234	Currently the SOCKS4 protocol is supported, and	236	Currently the SOCKS4 protocol is supported, and
235	.Nm ssh	237	.Nm ssh
236	will act as a SOCKS4 server.	238	will act as a SOCKS4 server.
237	Multiple forwardings may be specified, and	239	Multiple forwardings may be specified, and
238	additional forwardings can be given on the command line. Only	240	additional forwardings can be given on the command line.
239	the superuser can forward privileged ports.	241	Only the superuser can forward privileged ports.
240	.It Cm EscapeChar	242	.It Cm EscapeChar
241	Sets the escape character (default:	243	Sets the escape character (default:
242	.Ql ~ ) .	244	.Ql ~ ) .
@@ -259,10 +261,11 @@ or
259	The default is	261	The default is
260	.Dq no .	262	.Dq no .
261	.Pp	263	.Pp
262	Agent forwarding should be enabled with caution. Users with the	264	Agent forwarding should be enabled with caution.
263	ability to bypass file permissions on the remote host (for the agent's	265	Users with the ability to bypass file permissions on the remote host
264	Unix-domain socket) can access the local agent through the forwarded	266	(for the agent's Unix-domain socket)
265	connection. An attacker cannot obtain key material from the agent,	267	can access the local agent through the forwarded connection.
		268	An attacker cannot obtain key material from the agent,
266	however they can perform operations on the keys that enable them to	269	however they can perform operations on the keys that enable them to
267	authenticate using the identities loaded into the agent.	270	authenticate using the identities loaded into the agent.
268	.It Cm ForwardX11	271	.It Cm ForwardX11
@@ -277,18 +280,18 @@ or
277	The default is	280	The default is
278	.Dq no .	281	.Dq no .
279	.Pp	282	.Pp
280	X11 forwarding should be enabled with caution. Users with the ability	283	X11 forwarding should be enabled with caution.
281	to bypass file permissions on the remote host (for the user's X	284	Users with the ability to bypass file permissions on the remote host
282	authorization database) can access the local X11 display through the	285	(for the user's X authorization database)
283	forwarded connection. An attacker may then be able to perform	286	can access the local X11 display through the forwarded connection.
284	activities such as keystroke monitoring.	287	An attacker may then be able to perform activities such as keystroke monitoring.
285	.It Cm GatewayPorts	288	.It Cm GatewayPorts
286	Specifies whether remote hosts are allowed to connect to local	289	Specifies whether remote hosts are allowed to connect to local
287	forwarded ports.	290	forwarded ports.
288	By default,	291	By default,
289	.Nm ssh	292	.Nm ssh
290	binds local port forwardings to the loopback address. This	293	binds local port forwardings to the loopback address.
291	prevents other remote hosts from connecting to forwarded ports.	294	This prevents other remote hosts from connecting to forwarded ports.
292	.Cm GatewayPorts	295	.Cm GatewayPorts
293	can be used to specify that	296	can be used to specify that
294	.Nm ssh	297	.Nm ssh
@@ -395,8 +398,9 @@ Gives the verbosity level that is used when logging messages from
395	.Nm ssh .	398	.Nm ssh .
396	The possible values are:	399	The possible values are:
397	QUIET, FATAL, ERROR, INFO, VERBOSE, DEBUG, DEBUG1, DEBUG2 and DEBUG3.	400	QUIET, FATAL, ERROR, INFO, VERBOSE, DEBUG, DEBUG1, DEBUG2 and DEBUG3.
398	The default is INFO. DEBUG and DEBUG1 are equivalent. DEBUG2	401	The default is INFO.
399	and DEBUG3 each specify higher levels of verbose output.	402	DEBUG and DEBUG1 are equivalent.
		403	DEBUG2 and DEBUG3 each specify higher levels of verbose output.
400	.It Cm MACs	404	.It Cm MACs
401	Specifies the MAC (message authentication code) algorithms	405	Specifies the MAC (message authentication code) algorithms
402	in order of preference.	406	in order of preference.
@@ -474,8 +478,8 @@ somewhere.
474	Host key management will be done using the	478	Host key management will be done using the
475	HostName of the host being connected (defaulting to the name typed by	479	HostName of the host being connected (defaulting to the name typed by
476	the user).	480	the user).
477	Setting the command to	481	Setting the command to
478	.Dq none	482	.Dq none
479	disables this option entirely.	483	disables this option entirely.
480	Note that	484	Note that
481	.Cm CheckHostIP	485	.Cm CheckHostIP