1 files changed, 7 insertions, 9 deletions
diff --git a/sshd.8 b/sshd.8
index e658523a5..6c521f23e 100644
--- a/sshd.8
+++ b/sshd.8
@@ -33,8 +33,8 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: sshd.8,v 1.283 2016/02/05 03:07:06 djm Exp $
+.\" $OpenBSD: sshd.8,v 1.284 2016/02/17 07:38:19 jmc Exp $
-.Dd $Mdocdate: February 5 2016 $
+.Dd $Mdocdate: February 17 2016 $
 .Dt SSHD 8
 .Os
 .Sh NAME
@@ -275,14 +275,12 @@ though this can be changed via the
 .Cm Protocol
 option in
 .Xr sshd_config 5 .
-Protocol 2 supports DSA, ECDSA, Ed25519 and RSA keys;
+Protocol 1 should not be used
-protocol 1 only supports RSA keys.
+and is only offered to support legacy devices.
-For both protocols,
-each host has a host-specific key,
-normally 2048 bits,
-used to identify the host.
 .Pp
-Forward security for protocol 1 is provided through
+Each host has a host-specific key,
+used to identify the host.
+Partial forward security for protocol 1 is provided through
 an additional server key,
 normally 1024 bits,
 generated when the server starts.

diff --git a/sshd.8 b/sshd.8 index e658523a5..6c521f23e 100644 --- a/sshd.8 +++ b/sshd.8
@@ -33,8 +33,8 @@
33	.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF	33	.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
34	.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.	34	.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
35	.\"	35	.\"
36	.\" $OpenBSD: sshd.8,v 1.283 2016/02/05 03:07:06 djm Exp $	36	.\" $OpenBSD: sshd.8,v 1.284 2016/02/17 07:38:19 jmc Exp $
37	.Dd $Mdocdate: February 5 2016 $	37	.Dd $Mdocdate: February 17 2016 $
38	.Dt SSHD 8	38	.Dt SSHD 8
39	.Os	39	.Os
40	.Sh NAME	40	.Sh NAME
@@ -275,14 +275,12 @@ though this can be changed via the
275	.Cm Protocol	275	.Cm Protocol
276	option in	276	option in
277	.Xr sshd_config 5 .	277	.Xr sshd_config 5 .
278	Protocol 2 supports DSA, ECDSA, Ed25519 and RSA keys;	278	Protocol 1 should not be used
279	protocol 1 only supports RSA keys.	279	and is only offered to support legacy devices.
280	For both protocols,
281	each host has a host-specific key,
282	normally 2048 bits,
283	used to identify the host.
284	.Pp	280	.Pp
285	Forward security for protocol 1 is provided through	281	Each host has a host-specific key,
		282	used to identify the host.
		283	Partial forward security for protocol 1 is provided through
286	an additional server key,	284	an additional server key,
287	normally 1024 bits,	285	normally 1024 bits,
288	generated when the server starts.	286	generated when the server starts.