1 files changed, 7 insertions, 10 deletions
diff --git a/sshd.8 b/sshd.8
index 42f1520b4..17b917c06 100644
--- a/sshd.8
+++ b/sshd.8
@@ -33,8 +33,8 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: sshd.8,v 1.279 2015/05/01 07:11:47 djm Exp $
+.\" $OpenBSD: sshd.8,v 1.280 2015/07/03 03:49:45 djm Exp $
-.Dd $Mdocdate: May 1 2015 $
+.Dd $Mdocdate: July 3 2015 $
 .Dt SSHD 8
 .Os
 .Sh NAME
@@ -187,15 +187,12 @@ Specifies that
 .Nm
 is being run from
 .Xr inetd 8 .
+If SSH protocol 1 is enabled,
 .Nm
-is normally not run
+should not  normally be run
 from inetd because it needs to generate the server key before it can
-respond to the client, and this may take tens of seconds.
+respond to the client, and this may take some time.
-Clients would have to wait too long if the key was regenerated every time.
+Clients may have to wait too long if the key was regenerated every time.
-However, with small key sizes (e.g. 512) using
-.Nm
-from inetd may
-be feasible.
 .It Fl k Ar key_gen_time
 Specifies how often the ephemeral protocol version 1 server key is
 regenerated (default 3600 seconds, or one hour).
@@ -290,7 +287,7 @@ used to identify the host.
 .Pp
 Forward security for protocol 1 is provided through
 an additional server key,
-normally 768 bits,
+normally 1024 bits,
 generated when the server starts.
 This key is normally regenerated every hour if it has been used, and
 is never stored on disk.

diff --git a/sshd.8 b/sshd.8 index 42f1520b4..17b917c06 100644 --- a/sshd.8 +++ b/sshd.8
@@ -33,8 +33,8 @@
33	.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF	33	.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
34	.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.	34	.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
35	.\"	35	.\"
36	.\" $OpenBSD: sshd.8,v 1.279 2015/05/01 07:11:47 djm Exp $	36	.\" $OpenBSD: sshd.8,v 1.280 2015/07/03 03:49:45 djm Exp $
37	.Dd $Mdocdate: May 1 2015 $	37	.Dd $Mdocdate: July 3 2015 $
38	.Dt SSHD 8	38	.Dt SSHD 8
39	.Os	39	.Os
40	.Sh NAME	40	.Sh NAME
@@ -187,15 +187,12 @@ Specifies that
187	.Nm	187	.Nm
188	is being run from	188	is being run from
189	.Xr inetd 8 .	189	.Xr inetd 8 .
		190	If SSH protocol 1 is enabled,
190	.Nm	191	.Nm
191	is normally not run	192	should not normally be run
192	from inetd because it needs to generate the server key before it can	193	from inetd because it needs to generate the server key before it can
193	respond to the client, and this may take tens of seconds.	194	respond to the client, and this may take some time.
194	Clients would have to wait too long if the key was regenerated every time.	195	Clients may have to wait too long if the key was regenerated every time.
195	However, with small key sizes (e.g. 512) using
196	.Nm
197	from inetd may
198	be feasible.
199	.It Fl k Ar key_gen_time	196	.It Fl k Ar key_gen_time
200	Specifies how often the ephemeral protocol version 1 server key is	197	Specifies how often the ephemeral protocol version 1 server key is
201	regenerated (default 3600 seconds, or one hour).	198	regenerated (default 3600 seconds, or one hour).
@@ -290,7 +287,7 @@ used to identify the host.
290	.Pp	287	.Pp
291	Forward security for protocol 1 is provided through	288	Forward security for protocol 1 is provided through
292	an additional server key,	289	an additional server key,
293	normally 768 bits,	290	normally 1024 bits,
294	generated when the server starts.	291	generated when the server starts.
295	This key is normally regenerated every hour if it has been used, and	292	This key is normally regenerated every hour if it has been used, and
296	is never stored on disk.	293	is never stored on disk.