1 files changed, 46 insertions, 16 deletions
diff --git a/sshd.0 b/sshd.0
index d2ffaacfa..04d64776e 100644
--- a/sshd.0
+++ b/sshd.0
@@ -4,8 +4,9 @@ NAME
     sshd - OpenSSH SSH daemon
 SYNOPSIS
-     sshd [-46Ddeiqt] [-b bits] [-f config_file] [-g login_grace_time]
+     sshd [-46DdeiqTt] [-b bits] [-C connection_spec] [-f config_file]
-          [-h host_key_file] [-k key_gen_time] [-o option] [-p port] [-u len]
+          [-g login_grace_time] [-h host_key_file] [-k key_gen_time]
+          [-o option] [-p port] [-u len]
 DESCRIPTION
     sshd (OpenSSH Daemon) is the daemon program for ssh(1).  Together these
@@ -31,7 +32,17 @@ DESCRIPTION
     -b bits
             Specifies the number of bits in the ephemeral protocol version 1
-             server key (default 768).
+             server key (default 1024).
+     -C connection_spec
+             Specify the connection parameters to use for the -T extended test
+             mode.  If provided, any Match directives in the configuration
+             file that would apply to the specified user, host, and address
+             will be set before the configuration is written to standard out-
+             put.  The connection parameters are supplied as keyword=value
+             pairs.  The keywords are ``user'', ``host'', and ``addr''.  All
+             are required and may be supplied in any order, either with multi-
+             ple -C options or as a comma-separated list.
     -D      When this option is specified, sshd will not detach and does not
             become a daemon.  This allows easy monitoring of sshd.
@@ -98,6 +109,11 @@ DESCRIPTION
             ginning, authentication, and termination of each connection is
             logged.
+     -T      Extended test mode.  Check the validity of the configuration
+             file, output the effective configuration to stdout and then exit.
+             Optionally, Match rules may be applied by specifying the connec-
+             tion parameters using one or more -C options.
     -t      Test mode.  Only check the validity of the configuration file and
             sanity of the keys.  This is useful for updating sshd reliably as
             configuration options may change.
@@ -289,18 +305,22 @@ AUTHORIZED_KEYS FILE FORMAT
             This option is automatically disabled if UseLogin is enabled.
     from="pattern-list"
-             Specifies that in addition to public key authentication, the
+             Specifies that in addition to public key authentication, either
-             canonical name of the remote host must be present in the comma-
+             the canonical name of the remote host or its IP address must be
-             separated list of patterns.  The purpose of this option is to op-
+             present in the comma-separated list of patterns.  See PATTERNS in
-             tionally increase security: public key authentication by itself
+             ssh_config(5) for more information on patterns.
-             does not trust the network or name servers or anything (but the
-             key); however, if somebody somehow steals the key, the key per-
+             In addition to the wildcard matching that may be applied to host-
-             mits an intruder to log in from anywhere in the world.  This ad-
+             names or addresses, a from stanza may match IP addressess using
-             ditional option makes using a stolen key more difficult (name
+             CIDR address/masklen notation.
-             servers and/or routers would have to be compromised in addition
-             to just the key).
+             The purpose of this option is to optionally increase security:
+             public key authentication by itself does not trust the network or
-             See PATTERNS in ssh_config(5) for more information on patterns.
+             name servers or anything (but the key); however, if somebody
+             somehow steals the key, the key permits an intruder to log in
+             from anywhere in the world.  This additional option makes using a
+             stolen key more difficult (name servers and/or routers would have
+             to be compromised in addition to just the key).
     no-agent-forwarding
             Forbids authentication agent forwarding when this key is used for
@@ -313,6 +333,9 @@ AUTHORIZED_KEYS FILE FORMAT
     no-pty  Prevents tty allocation (a request to allocate a pty will fail).
+     no-user-rc
+             Disables execution of ~/.ssh/rc.
     no-X11-forwarding
             Forbids X11 forwarding when this key is used for authentication.
             Any X11 forward requests by the client will return an error.
@@ -417,6 +440,13 @@ FILES
             host-based authentication without permitting login with
             rlogin/rsh.
+     ~/.ssh/
+             This directory is the default location for all user-specific con-
+             figuration and authentication information.  There is no general
+             requirement to keep the entire contents of this directory secret,
+             but the recommended permissions are read/write/execute for the
+             user, and not accessible by others.
     ~/.ssh/authorized_keys
             Lists the public keys (RSA/DSA) that can be used for logging in
             as this user.  The format of this file is described above.  The
@@ -542,4 +572,4 @@ CAVEATS
     System security is not improved unless rshd, rlogind, and rexecd are dis-
     abled (thus completely disabling rlogin and rsh into the machine).
-OpenBSD 4.2                     August 16, 2007                              9
+OpenBSD 4.4                      July 2, 2008                                9

diff --git a/sshd.0 b/sshd.0 index d2ffaacfa..04d64776e 100644 --- a/sshd.0 +++ b/sshd.0
@@ -4,8 +4,9 @@ NAME
4	sshd - OpenSSH SSH daemon	4	sshd - OpenSSH SSH daemon
5		5
6	SYNOPSIS	6	SYNOPSIS
7	sshd [-46Ddeiqt] [-b bits] [-f config_file] [-g login_grace_time]	7	sshd [-46DdeiqTt] [-b bits] [-C connection_spec] [-f config_file]
8	[-h host_key_file] [-k key_gen_time] [-o option] [-p port] [-u len]	8	[-g login_grace_time] [-h host_key_file] [-k key_gen_time]
		9	[-o option] [-p port] [-u len]
9		10
10	DESCRIPTION	11	DESCRIPTION
11	sshd (OpenSSH Daemon) is the daemon program for ssh(1). Together these	12	sshd (OpenSSH Daemon) is the daemon program for ssh(1). Together these
@@ -31,7 +32,17 @@ DESCRIPTION
31		32
32	-b bits	33	-b bits
33	Specifies the number of bits in the ephemeral protocol version 1	34	Specifies the number of bits in the ephemeral protocol version 1
34	server key (default 768).	35	server key (default 1024).
		36
		37	-C connection_spec
		38	Specify the connection parameters to use for the -T extended test
		39	mode. If provided, any Match directives in the configuration
		40	file that would apply to the specified user, host, and address
		41	will be set before the configuration is written to standard out-
		42	put. The connection parameters are supplied as keyword=value
		43	pairs. The keywords are ``user'', ``host'', and ``addr''. All
		44	are required and may be supplied in any order, either with multi-
		45	ple -C options or as a comma-separated list.
35		46
36	-D When this option is specified, sshd will not detach and does not	47	-D When this option is specified, sshd will not detach and does not
37	become a daemon. This allows easy monitoring of sshd.	48	become a daemon. This allows easy monitoring of sshd.
@@ -98,6 +109,11 @@ DESCRIPTION
98	ginning, authentication, and termination of each connection is	109	ginning, authentication, and termination of each connection is
99	logged.	110	logged.
100		111
		112	-T Extended test mode. Check the validity of the configuration
		113	file, output the effective configuration to stdout and then exit.
		114	Optionally, Match rules may be applied by specifying the connec-
		115	tion parameters using one or more -C options.
		116
101	-t Test mode. Only check the validity of the configuration file and	117	-t Test mode. Only check the validity of the configuration file and
102	sanity of the keys. This is useful for updating sshd reliably as	118	sanity of the keys. This is useful for updating sshd reliably as
103	configuration options may change.	119	configuration options may change.
@@ -289,18 +305,22 @@ AUTHORIZED_KEYS FILE FORMAT
289	This option is automatically disabled if UseLogin is enabled.	305	This option is automatically disabled if UseLogin is enabled.
290		306
291	from="pattern-list"	307	from="pattern-list"
292	Specifies that in addition to public key authentication, the	308	Specifies that in addition to public key authentication, either
293	canonical name of the remote host must be present in the comma-	309	the canonical name of the remote host or its IP address must be
294	separated list of patterns. The purpose of this option is to op-	310	present in the comma-separated list of patterns. See PATTERNS in
295	tionally increase security: public key authentication by itself	311	ssh_config(5) for more information on patterns.
296	does not trust the network or name servers or anything (but the	312
297	key); however, if somebody somehow steals the key, the key per-	313	In addition to the wildcard matching that may be applied to host-
298	mits an intruder to log in from anywhere in the world. This ad-	314	names or addresses, a from stanza may match IP addressess using
299	ditional option makes using a stolen key more difficult (name	315	CIDR address/masklen notation.
300	servers and/or routers would have to be compromised in addition	316
301	to just the key).	317	The purpose of this option is to optionally increase security:
302		318	public key authentication by itself does not trust the network or
303	See PATTERNS in ssh_config(5) for more information on patterns.	319	name servers or anything (but the key); however, if somebody
		320	somehow steals the key, the key permits an intruder to log in
		321	from anywhere in the world. This additional option makes using a
		322	stolen key more difficult (name servers and/or routers would have
		323	to be compromised in addition to just the key).
304		324
305	no-agent-forwarding	325	no-agent-forwarding
306	Forbids authentication agent forwarding when this key is used for	326	Forbids authentication agent forwarding when this key is used for
@@ -313,6 +333,9 @@ AUTHORIZED_KEYS FILE FORMAT
313		333
314	no-pty Prevents tty allocation (a request to allocate a pty will fail).	334	no-pty Prevents tty allocation (a request to allocate a pty will fail).
315		335
		336	no-user-rc
		337	Disables execution of ~/.ssh/rc.
		338
316	no-X11-forwarding	339	no-X11-forwarding
317	Forbids X11 forwarding when this key is used for authentication.	340	Forbids X11 forwarding when this key is used for authentication.
318	Any X11 forward requests by the client will return an error.	341	Any X11 forward requests by the client will return an error.
@@ -417,6 +440,13 @@ FILES
417	host-based authentication without permitting login with	440	host-based authentication without permitting login with
418	rlogin/rsh.	441	rlogin/rsh.
419		442
		443	~/.ssh/
		444	This directory is the default location for all user-specific con-
		445	figuration and authentication information. There is no general
		446	requirement to keep the entire contents of this directory secret,
		447	but the recommended permissions are read/write/execute for the
		448	user, and not accessible by others.
		449
420	~/.ssh/authorized_keys	450	~/.ssh/authorized_keys
421	Lists the public keys (RSA/DSA) that can be used for logging in	451	Lists the public keys (RSA/DSA) that can be used for logging in
422	as this user. The format of this file is described above. The	452	as this user. The format of this file is described above. The
@@ -542,4 +572,4 @@ CAVEATS
542	System security is not improved unless rshd, rlogind, and rexecd are dis-	572	System security is not improved unless rshd, rlogind, and rexecd are dis-
543	abled (thus completely disabling rlogin and rsh into the machine).	573	abled (thus completely disabling rlogin and rsh into the machine).
544		574
545	OpenBSD 4.2 August 16, 2007 9	575	OpenBSD 4.4 July 2, 2008 9