1 files changed, 26 insertions, 26 deletions
diff --git a/sshd.8 b/sshd.8
index 909339f07..58bf9062a 100644
--- a/sshd.8
+++ b/sshd.8
@@ -34,7 +34,7 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: sshd.8,v 1.217 2006/02/12 10:52:41 jmc Exp $
+.\" $OpenBSD: sshd.8,v 1.218 2006/02/12 17:57:19 jmc Exp $
 .Dd September 25, 1999
 .Dt SSHD 8
 .Os
@@ -421,26 +421,6 @@ No spaces are permitted, except within double quotes.
 The following option specifications are supported (note
 that option keywords are case-insensitive):
 .Bl -tag -width Ds
-.It Cm from="pattern-list"
-Specifies that in addition to public key authentication, the canonical name
-of the remote host must be present in the comma-separated list of
-patterns
-.Pf ( Ql \&*
-and
-.Ql \&?
-serve as wildcards).
-The list may also contain
-patterns negated by prefixing them with
-.Ql \&! ;
-if the canonical host name matches a negated pattern, the key is not accepted.
-The purpose
-of this option is to optionally increase security: public key authentication
-by itself does not trust the network or name servers or anything (but
-the key); however, if somebody somehow steals the key, the key
-permits an intruder to log in from anywhere in the world.
-This additional option makes using a stolen key more difficult (name
-servers and/or routers would have to be compromised in addition to
-just the key).
 .It Cm command="command"
 Specifies that the command is executed whenever this key is used for
 authentication.
@@ -470,20 +450,40 @@ option.
 This option is automatically disabled if
 .Cm UseLogin
 is enabled.
+.It Cm from="pattern-list"
+Specifies that in addition to public key authentication, the canonical name
+of the remote host must be present in the comma-separated list of
+patterns
+.Pf ( Ql \&*
+and
+.Ql \&?
+serve as wildcards).
+The list may also contain
+patterns negated by prefixing them with
+.Ql \&! ;
+if the canonical host name matches a negated pattern, the key is not accepted.
+The purpose
+of this option is to optionally increase security: public key authentication
+by itself does not trust the network or name servers or anything (but
+the key); however, if somebody somehow steals the key, the key
+permits an intruder to log in from anywhere in the world.
+This additional option makes using a stolen key more difficult (name
+servers and/or routers would have to be compromised in addition to
+just the key).
+.It Cm no-agent-forwarding
+Forbids authentication agent forwarding when this key is used for
+authentication.
 .It Cm no-port-forwarding
 Forbids TCP forwarding when this key is used for authentication.
 Any port forward requests by the client will return an error.
 This might be used, e.g., in connection with the
 .Cm command
 option.
+.It Cm no-pty
+Prevents tty allocation (a request to allocate a pty will fail).
 .It Cm no-X11-forwarding
 Forbids X11 forwarding when this key is used for authentication.
 Any X11 forward requests by the client will return an error.
-.It Cm no-agent-forwarding
-Forbids authentication agent forwarding when this key is used for
-authentication.
-.It Cm no-pty
-Prevents tty allocation (a request to allocate a pty will fail).
 .It Cm permitopen="host:port"
 Limit local
 .Li ``ssh -L''

diff --git a/sshd.8 b/sshd.8 index 909339f07..58bf9062a 100644 --- a/sshd.8 +++ b/sshd.8
@@ -34,7 +34,7 @@
34	.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF	34	.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
35	.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.	35	.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
36	.\"	36	.\"
37	.\" $OpenBSD: sshd.8,v 1.217 2006/02/12 10:52:41 jmc Exp $	37	.\" $OpenBSD: sshd.8,v 1.218 2006/02/12 17:57:19 jmc Exp $
38	.Dd September 25, 1999	38	.Dd September 25, 1999
39	.Dt SSHD 8	39	.Dt SSHD 8
40	.Os	40	.Os
@@ -421,26 +421,6 @@ No spaces are permitted, except within double quotes.
421	The following option specifications are supported (note	421	The following option specifications are supported (note
422	that option keywords are case-insensitive):	422	that option keywords are case-insensitive):
423	.Bl -tag -width Ds	423	.Bl -tag -width Ds
424	.It Cm from="pattern-list"
425	Specifies that in addition to public key authentication, the canonical name
426	of the remote host must be present in the comma-separated list of
427	patterns
428	.Pf ( Ql \&*
429	and
430	.Ql \&?
431	serve as wildcards).
432	The list may also contain
433	patterns negated by prefixing them with
434	.Ql \&! ;
435	if the canonical host name matches a negated pattern, the key is not accepted.
436	The purpose
437	of this option is to optionally increase security: public key authentication
438	by itself does not trust the network or name servers or anything (but
439	the key); however, if somebody somehow steals the key, the key
440	permits an intruder to log in from anywhere in the world.
441	This additional option makes using a stolen key more difficult (name
442	servers and/or routers would have to be compromised in addition to
443	just the key).
444	.It Cm command="command"	424	.It Cm command="command"
445	Specifies that the command is executed whenever this key is used for	425	Specifies that the command is executed whenever this key is used for
446	authentication.	426	authentication.
@@ -470,20 +450,40 @@ option.
470	This option is automatically disabled if	450	This option is automatically disabled if
471	.Cm UseLogin	451	.Cm UseLogin
472	is enabled.	452	is enabled.
		453	.It Cm from="pattern-list"
		454	Specifies that in addition to public key authentication, the canonical name
		455	of the remote host must be present in the comma-separated list of
		456	patterns
		457	.Pf ( Ql \&*
		458	and
		459	.Ql \&?
		460	serve as wildcards).
		461	The list may also contain
		462	patterns negated by prefixing them with
		463	.Ql \&! ;
		464	if the canonical host name matches a negated pattern, the key is not accepted.
		465	The purpose
		466	of this option is to optionally increase security: public key authentication
		467	by itself does not trust the network or name servers or anything (but
		468	the key); however, if somebody somehow steals the key, the key
		469	permits an intruder to log in from anywhere in the world.
		470	This additional option makes using a stolen key more difficult (name
		471	servers and/or routers would have to be compromised in addition to
		472	just the key).
		473	.It Cm no-agent-forwarding
		474	Forbids authentication agent forwarding when this key is used for
		475	authentication.
473	.It Cm no-port-forwarding	476	.It Cm no-port-forwarding
474	Forbids TCP forwarding when this key is used for authentication.	477	Forbids TCP forwarding when this key is used for authentication.
475	Any port forward requests by the client will return an error.	478	Any port forward requests by the client will return an error.
476	This might be used, e.g., in connection with the	479	This might be used, e.g., in connection with the
477	.Cm command	480	.Cm command
478	option.	481	option.
		482	.It Cm no-pty
		483	Prevents tty allocation (a request to allocate a pty will fail).
479	.It Cm no-X11-forwarding	484	.It Cm no-X11-forwarding
480	Forbids X11 forwarding when this key is used for authentication.	485	Forbids X11 forwarding when this key is used for authentication.
481	Any X11 forward requests by the client will return an error.	486	Any X11 forward requests by the client will return an error.
482	.It Cm no-agent-forwarding
483	Forbids authentication agent forwarding when this key is used for
484	authentication.
485	.It Cm no-pty
486	Prevents tty allocation (a request to allocate a pty will fail).
487	.It Cm permitopen="host:port"	487	.It Cm permitopen="host:port"
488	Limit local	488	Limit local
489	.Li ``ssh -L''	489	.Li ``ssh -L''