1 files changed, 11 insertions, 6 deletions
diff --git a/sshd.8 b/sshd.8
index a99c4f162..1d4e90fb2 100644
--- a/sshd.8
+++ b/sshd.8
@@ -34,7 +34,7 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: sshd.8,v 1.194 2003/01/31 21:54:40 jmc Exp $
+.\" $OpenBSD: sshd.8,v 1.195 2003/04/30 01:16:20 mouring Exp $
 .Dd September 25, 1999
 .Dt SSHD 8
 .Os
@@ -429,13 +429,14 @@ that option keywords are case-insensitive):
 Specifies that in addition to public key authentication, the canonical name
 of the remote host must be present in the comma-separated list of
 patterns
-.Pf ( Ql *
+.Pf ( 
+.Ql \&*
 and
-.Ql ?
+.Ql \&?
 serve as wildcards).
 The list may also contain
 patterns negated by prefixing them with
-.Ql ! ;
+.Ql \&! ;
 if the canonical host name matches a negated pattern, the key is not accepted.
 The purpose
 of this option is to optionally increase security: public key authentication
@@ -524,12 +525,16 @@ Each line in these files contains the following fields: hostnames,
 bits, exponent, modulus, comment.
 The fields are separated by spaces.
 .Pp
-Hostnames is a comma-separated list of patterns ('*' and '?' act as
+Hostnames is a comma-separated list of patterns (
+.Ql \&* 
+and 
+.Ql \&? 
+act as
 wildcards); each pattern in turn is matched against the canonical host
 name (when authenticating a client) or against the user-supplied
 name (when authenticating a server).
 A pattern may also be preceded by
-.Ql !
+.Ql \&!
 to indicate negation: if the host name matches a negated
 pattern, it is not accepted (by that line) even if it matched another
 pattern on the line.

diff --git a/sshd.8 b/sshd.8 index a99c4f162..1d4e90fb2 100644 --- a/sshd.8 +++ b/sshd.8
@@ -34,7 +34,7 @@
34	.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF	34	.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
35	.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.	35	.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
36	.\"	36	.\"
37	.\" $OpenBSD: sshd.8,v 1.194 2003/01/31 21:54:40 jmc Exp $	37	.\" $OpenBSD: sshd.8,v 1.195 2003/04/30 01:16:20 mouring Exp $
38	.Dd September 25, 1999	38	.Dd September 25, 1999
39	.Dt SSHD 8	39	.Dt SSHD 8
40	.Os	40	.Os
@@ -429,13 +429,14 @@ that option keywords are case-insensitive):
429	Specifies that in addition to public key authentication, the canonical name	429	Specifies that in addition to public key authentication, the canonical name
430	of the remote host must be present in the comma-separated list of	430	of the remote host must be present in the comma-separated list of
431	patterns	431	patterns
432	.Pf ( Ql *	432	.Pf (
		433	.Ql \&*
433	and	434	and
434	.Ql ?	435	.Ql \&?
435	serve as wildcards).	436	serve as wildcards).
436	The list may also contain	437	The list may also contain
437	patterns negated by prefixing them with	438	patterns negated by prefixing them with
438	.Ql ! ;	439	.Ql \&! ;
439	if the canonical host name matches a negated pattern, the key is not accepted.	440	if the canonical host name matches a negated pattern, the key is not accepted.
440	The purpose	441	The purpose
441	of this option is to optionally increase security: public key authentication	442	of this option is to optionally increase security: public key authentication
@@ -524,12 +525,16 @@ Each line in these files contains the following fields: hostnames,
524	bits, exponent, modulus, comment.	525	bits, exponent, modulus, comment.
525	The fields are separated by spaces.	526	The fields are separated by spaces.
526	.Pp	527	.Pp
527	Hostnames is a comma-separated list of patterns ('*' and '?' act as	528	Hostnames is a comma-separated list of patterns (
		529	.Ql \&*
		530	and
		531	.Ql \&?
		532	act as
528	wildcards); each pattern in turn is matched against the canonical host	533	wildcards); each pattern in turn is matched against the canonical host
529	name (when authenticating a client) or against the user-supplied	534	name (when authenticating a client) or against the user-supplied
530	name (when authenticating a server).	535	name (when authenticating a server).
531	A pattern may also be preceded by	536	A pattern may also be preceded by
532	.Ql !	537	.Ql \&!
533	to indicate negation: if the host name matches a negated	538	to indicate negation: if the host name matches a negated
534	pattern, it is not accepted (by that line) even if it matched another	539	pattern, it is not accepted (by that line) even if it matched another
535	pattern on the line.	540	pattern on the line.