1 files changed, 43 insertions, 42 deletions
diff --git a/sshd.8 b/sshd.8
index 0eeea6666..34413e2a7 100644
--- a/sshd.8
+++ b/sshd.8
@@ -34,7 +34,7 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: sshd.8,v 1.199 2003/08/13 08:46:31 markus Exp $
+.\" $OpenBSD: sshd.8,v 1.200 2003/10/08 08:27:36 jmc Exp $
 .Dd September 25, 1999
 .Dt SSHD 8
 .Os
@@ -44,7 +44,7 @@
 .Sh SYNOPSIS
 .Nm sshd
 .Bk -words
-.Op Fl deiqtD46
+.Op Fl 46Ddeiqt
 .Op Fl b Ar bits
 .Op Fl f Ar config_file
 .Op Fl g Ar login_grace_time
@@ -78,9 +78,7 @@ This implementation of
 supports both SSH protocol version 1 and 2 simultaneously.
 .Nm
 works as follows:
-.Pp
 .Ss SSH protocol version 1
-.Pp
 Each host has a host-specific RSA key
 (normally 1024 bits) used to identify the host.
 Additionally, when
@@ -92,7 +90,7 @@ Whenever a client connects, the daemon responds with its public
 host and server keys.
 The client compares the
 RSA host key against its own database to verify that it has not changed.
-The client then generates a 256 bit random number.
+The client then generates a 256-bit random number.
 It encrypts this
 random number using both the host key and the server key, and sends
 the encrypted number to the server.
@@ -107,9 +105,9 @@ to use from those offered by the server.
 .Pp
 Next, the server and the client enter an authentication dialog.
 The client tries to authenticate itself using
-.Pa .rhosts
+.Em .rhosts
 authentication,
-.Pa .rhosts
+.Em .rhosts
 authentication combined with RSA host
 authentication, RSA challenge-response authentication, or password
 based authentication.
@@ -137,7 +135,8 @@ or
 .Ql \&*NP\&*
 ).
 .Pp
-Rhosts authentication is normally disabled
+.Em rhosts
+authentication is normally disabled
 because it is fundamentally insecure, but can be enabled in the server
 configuration file if desired.
 System security is not improved unless
@@ -150,9 +149,7 @@ are disabled (thus completely disabling
 and
 .Xr rsh
 into the machine).
-.Pp
 .Ss SSH protocol version 2
-.Pp
 Version 2 works similarly:
 Each host has a host-specific key (RSA or DSA) used to identify the host.
 However, when the daemon starts, it does not generate a server key.
@@ -160,7 +157,7 @@ Forward security is provided through a Diffie-Hellman key agreement.
 This key agreement results in a shared session key.
 .Pp
 The rest of the session is encrypted using a symmetric cipher, currently
-128 bit AES, Blowfish, 3DES, CAST128, Arcfour, 192 bit AES, or 256 bit AES.
+128-bit AES, Blowfish, 3DES, CAST128, Arcfour, 192-bit AES, or 256-bit AES.
 The client selects the encryption algorithm
 to use from those offered by the server.
 Additionally, session integrity is provided
@@ -171,9 +168,7 @@ Protocol version 2 provides a public key based
 user (PubkeyAuthentication) or
 client host (HostbasedAuthentication) authentication method,
 conventional password authentication and challenge response based methods.
-.Pp
 .Ss Command execution and data forwarding
-.Pp
 If the client successfully authenticates itself, a dialog for
 preparing the session is entered.
 At this time the client may request
@@ -192,8 +187,9 @@ connections have been closed, the server sends command exit status to
 the client, and both sides exit.
 .Pp
 .Nm
-can be configured using command-line options or a configuration
+can be configured using command-line options or a configuration file
-file.
+(by default
+.Xr sshd_config 5 ) .
 Command-line options override values specified in the
 configuration file.
 .Pp
@@ -205,9 +201,23 @@ by executing itself with the name it was started as, i.e.,
 .Pp
 The options are as follows:
 .Bl -tag -width Ds
+.It Fl 4
+Forces
+.Nm
+to use IPv4 addresses only.
+.It Fl 6
+Forces
+.Nm
+to use IPv6 addresses only.
 .It Fl b Ar bits
 Specifies the number of bits in the ephemeral protocol version 1
 server key (default 768).
+.It Fl D
+When this option is specified,
+.Nm
+will not detach and does not become a daemon.
+This allows easy monitoring of
+.Nm sshd .
 .It Fl d
 Debug mode.
 The server sends verbose debug output to the system
@@ -267,7 +277,7 @@ be feasible.
 Specifies how often the ephemeral protocol version 1 server key is
 regenerated (default 3600 seconds, or one hour).
 The motivation for regenerating the key fairly
-often is that the key is not stored anywhere, and after about an hour,
+often is that the key is not stored anywhere, and after about an hour
 it becomes impossible to recover the key for decrypting intercepted
 communications even if the machine is cracked into or physically
 seized.
@@ -276,6 +286,8 @@ A value of zero indicates that the key will never be regenerated.
 Can be used to give options in the format used in the configuration file.
 This is useful for specifying options for which there is no separate
 command-line flag.
+For full details of the options, and their values, see
+.Xr sshd_config 5 .
 .It Fl p Ar port
 Specifies the port on which the server listens for connections
 (default 22).
@@ -325,20 +337,6 @@ USER@HOST pattern in
 .Cm AllowUsers
 or
 .Cm DenyUsers .
-.It Fl D
-When this option is specified
-.Nm
-will not detach and does not become a daemon.
-This allows easy monitoring of
-.Nm sshd .
-.It Fl 4
-Forces
-.Nm
-to use IPv4 addresses only.
-.It Fl 6
-Forces
-.Nm
-to use IPv6 addresses only.
 .El
 .Sh CONFIGURATION FILE
 .Nm
@@ -375,9 +373,9 @@ Changes to run with normal user privileges.
 .It
 Sets up basic environment.
 .It
-Reads
+Reads the file
-.Pa $HOME/.ssh/environment
+.Pa $HOME/.ssh/environment ,
-if it exists and users are allowed to change their environment.
+if it exists, and users are allowed to change their environment.
 See the
 .Cm PermitUserEnvironment
 option in
@@ -516,7 +514,7 @@ Limit local
 port forwarding such that it may only connect to the specified host and
 port.
 IPv6 addresses can be specified with an alternative syntax:
-.Ar host/port .
+.Ar host Ns / Ns Ar port .
 Multiple
 .Cm permitopen
 options may be applied separated by commas.
@@ -524,13 +522,13 @@ No pattern matching is performed on the specified hostnames,
 they must be literal domains or addresses.
 .El
 .Ss Examples
-1024 33 12121.\|.\|.\|312314325 ylo@foo.bar
+1024 33 12121...312314325 ylo@foo.bar
 .Pp
-from="*.niksula.hut.fi,!pc.niksula.hut.fi" 1024 35 23.\|.\|.\|2334 ylo@niksula
+from="*.niksula.hut.fi,!pc.niksula.hut.fi" 1024 35 23...2334 ylo@niksula
 .Pp
-command="dump /home",no-pty,no-port-forwarding 1024 33 23.\|.\|.\|2323 backup.hut.fi
+command="dump /home",no-pty,no-port-forwarding 1024 33 23...2323 backup.hut.fi
 .Pp
-permitopen="10.2.1.55:80",permitopen="10.2.1.56:25" 1024 33 23.\|.\|.\|2323
+permitopen="10.2.1.55:80",permitopen="10.2.1.56:25" 1024 33 23...2323
 .Sh SSH_KNOWN_HOSTS FILE FORMAT
 The
 .Pa /etc/ssh/ssh_known_hosts
@@ -588,7 +586,7 @@ or by taking
 and adding the host names at the front.
 .Ss Examples
 .Bd -literal
-closenet,.\|.\|.\|,130.233.208.41 1024 37 159.\|.\|.93 closenet.hut.fi
+closenet,...,130.233.208.41 1024 37 159...93 closenet.hut.fi
 cvs.openbsd.org,199.185.137.3 ssh-rsa AAAA1234.....=
 .Ed
 .Sh FILES
@@ -647,7 +645,7 @@ and/or
 .Pa id_rsa.pub
 files into this file, as described in
 .Xr ssh-keygen 1 .
-.It Pa "/etc/ssh/ssh_known_hosts" and "$HOME/.ssh/known_hosts"
+.It Pa "/etc/ssh/ssh_known_hosts", "$HOME/.ssh/known_hosts"
 These files are consulted when using rhosts with RSA host
 authentication or protocol version 2 hostbased authentication
 to check the public key of the host.
@@ -681,7 +679,7 @@ The file must
 be writable only by the user; it is recommended that it not be
 accessible by others.
 .Pp
-If is also possible to use netgroups in the file.
+It is also possible to use netgroups in the file.
 Either host or user
 name may be of the form +@groupname to specify all hosts or all users
 in the group.
@@ -693,7 +691,7 @@ However, this file is
 not used by rlogin and rshd, so using this permits access using SSH only.
 .It Pa /etc/hosts.equiv
 This file is used during
-.Pa .rhosts
+.Em rhosts
 authentication.
 In the simplest form, this file contains host names, one per line.
 Users on
@@ -800,9 +798,12 @@ This file should be writable only by root, and should be world-readable.
 .Xr ssh-add 1 ,
 .Xr ssh-agent 1 ,
 .Xr ssh-keygen 1 ,
+.Xr chroot 2 ,
+.Xr hosts_access 5 ,
 .Xr login.conf 5 ,
 .Xr moduli 5 ,
 .Xr sshd_config 5 ,
+.Xr inetd 8 ,
 .Xr sftp-server 8
 .Rs
 .%A T. Ylonen

diff --git a/sshd.8 b/sshd.8 index 0eeea6666..34413e2a7 100644 --- a/sshd.8 +++ b/sshd.8
@@ -34,7 +34,7 @@
34	.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF	34	.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
35	.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.	35	.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
36	.\"	36	.\"
37	.\" $OpenBSD: sshd.8,v 1.199 2003/08/13 08:46:31 markus Exp $	37	.\" $OpenBSD: sshd.8,v 1.200 2003/10/08 08:27:36 jmc Exp $
38	.Dd September 25, 1999	38	.Dd September 25, 1999
39	.Dt SSHD 8	39	.Dt SSHD 8
40	.Os	40	.Os
@@ -44,7 +44,7 @@
44	.Sh SYNOPSIS	44	.Sh SYNOPSIS
45	.Nm sshd	45	.Nm sshd
46	.Bk -words	46	.Bk -words
47	.Op Fl deiqtD46	47	.Op Fl 46Ddeiqt
48	.Op Fl b Ar bits	48	.Op Fl b Ar bits
49	.Op Fl f Ar config_file	49	.Op Fl f Ar config_file
50	.Op Fl g Ar login_grace_time	50	.Op Fl g Ar login_grace_time
@@ -78,9 +78,7 @@ This implementation of
78	supports both SSH protocol version 1 and 2 simultaneously.	78	supports both SSH protocol version 1 and 2 simultaneously.
79	.Nm	79	.Nm
80	works as follows:	80	works as follows:
81	.Pp
82	.Ss SSH protocol version 1	81	.Ss SSH protocol version 1
83	.Pp
84	Each host has a host-specific RSA key	82	Each host has a host-specific RSA key
85	(normally 1024 bits) used to identify the host.	83	(normally 1024 bits) used to identify the host.
86	Additionally, when	84	Additionally, when
@@ -92,7 +90,7 @@ Whenever a client connects, the daemon responds with its public
92	host and server keys.	90	host and server keys.
93	The client compares the	91	The client compares the
94	RSA host key against its own database to verify that it has not changed.	92	RSA host key against its own database to verify that it has not changed.
95	The client then generates a 256 bit random number.	93	The client then generates a 256-bit random number.
96	It encrypts this	94	It encrypts this
97	random number using both the host key and the server key, and sends	95	random number using both the host key and the server key, and sends
98	the encrypted number to the server.	96	the encrypted number to the server.
@@ -107,9 +105,9 @@ to use from those offered by the server.
107	.Pp	105	.Pp
108	Next, the server and the client enter an authentication dialog.	106	Next, the server and the client enter an authentication dialog.
109	The client tries to authenticate itself using	107	The client tries to authenticate itself using
110	.Pa .rhosts	108	.Em .rhosts
111	authentication,	109	authentication,
112	.Pa .rhosts	110	.Em .rhosts
113	authentication combined with RSA host	111	authentication combined with RSA host
114	authentication, RSA challenge-response authentication, or password	112	authentication, RSA challenge-response authentication, or password
115	based authentication.	113	based authentication.
@@ -137,7 +135,8 @@ or
137	.Ql \&NP\&	135	.Ql \&NP\&
138	).	136	).
139	.Pp	137	.Pp
140	Rhosts authentication is normally disabled	138	.Em rhosts
		139	authentication is normally disabled
141	because it is fundamentally insecure, but can be enabled in the server	140	because it is fundamentally insecure, but can be enabled in the server
142	configuration file if desired.	141	configuration file if desired.
143	System security is not improved unless	142	System security is not improved unless
@@ -150,9 +149,7 @@ are disabled (thus completely disabling
150	and	149	and
151	.Xr rsh	150	.Xr rsh
152	into the machine).	151	into the machine).
153	.Pp
154	.Ss SSH protocol version 2	152	.Ss SSH protocol version 2
155	.Pp
156	Version 2 works similarly:	153	Version 2 works similarly:
157	Each host has a host-specific key (RSA or DSA) used to identify the host.	154	Each host has a host-specific key (RSA or DSA) used to identify the host.
158	However, when the daemon starts, it does not generate a server key.	155	However, when the daemon starts, it does not generate a server key.
@@ -160,7 +157,7 @@ Forward security is provided through a Diffie-Hellman key agreement.
160	This key agreement results in a shared session key.	157	This key agreement results in a shared session key.
161	.Pp	158	.Pp
162	The rest of the session is encrypted using a symmetric cipher, currently	159	The rest of the session is encrypted using a symmetric cipher, currently
163	128 bit AES, Blowfish, 3DES, CAST128, Arcfour, 192 bit AES, or 256 bit AES.	160	128-bit AES, Blowfish, 3DES, CAST128, Arcfour, 192-bit AES, or 256-bit AES.
164	The client selects the encryption algorithm	161	The client selects the encryption algorithm
165	to use from those offered by the server.	162	to use from those offered by the server.
166	Additionally, session integrity is provided	163	Additionally, session integrity is provided
@@ -171,9 +168,7 @@ Protocol version 2 provides a public key based
171	user (PubkeyAuthentication) or	168	user (PubkeyAuthentication) or
172	client host (HostbasedAuthentication) authentication method,	169	client host (HostbasedAuthentication) authentication method,
173	conventional password authentication and challenge response based methods.	170	conventional password authentication and challenge response based methods.
174	.Pp
175	.Ss Command execution and data forwarding	171	.Ss Command execution and data forwarding
176	.Pp
177	If the client successfully authenticates itself, a dialog for	172	If the client successfully authenticates itself, a dialog for
178	preparing the session is entered.	173	preparing the session is entered.
179	At this time the client may request	174	At this time the client may request
@@ -192,8 +187,9 @@ connections have been closed, the server sends command exit status to
192	the client, and both sides exit.	187	the client, and both sides exit.
193	.Pp	188	.Pp
194	.Nm	189	.Nm
195	can be configured using command-line options or a configuration	190	can be configured using command-line options or a configuration file
196	file.	191	(by default
		192	.Xr sshd_config 5 ) .
197	Command-line options override values specified in the	193	Command-line options override values specified in the
198	configuration file.	194	configuration file.
199	.Pp	195	.Pp
@@ -205,9 +201,23 @@ by executing itself with the name it was started as, i.e.,
205	.Pp	201	.Pp
206	The options are as follows:	202	The options are as follows:
207	.Bl -tag -width Ds	203	.Bl -tag -width Ds
		204	.It Fl 4
		205	Forces
		206	.Nm
		207	to use IPv4 addresses only.
		208	.It Fl 6
		209	Forces
		210	.Nm
		211	to use IPv6 addresses only.
208	.It Fl b Ar bits	212	.It Fl b Ar bits
209	Specifies the number of bits in the ephemeral protocol version 1	213	Specifies the number of bits in the ephemeral protocol version 1
210	server key (default 768).	214	server key (default 768).
		215	.It Fl D
		216	When this option is specified,
		217	.Nm
		218	will not detach and does not become a daemon.
		219	This allows easy monitoring of
		220	.Nm sshd .
211	.It Fl d	221	.It Fl d
212	Debug mode.	222	Debug mode.
213	The server sends verbose debug output to the system	223	The server sends verbose debug output to the system
@@ -267,7 +277,7 @@ be feasible.
267	Specifies how often the ephemeral protocol version 1 server key is	277	Specifies how often the ephemeral protocol version 1 server key is
268	regenerated (default 3600 seconds, or one hour).	278	regenerated (default 3600 seconds, or one hour).
269	The motivation for regenerating the key fairly	279	The motivation for regenerating the key fairly
270	often is that the key is not stored anywhere, and after about an hour,	280	often is that the key is not stored anywhere, and after about an hour
271	it becomes impossible to recover the key for decrypting intercepted	281	it becomes impossible to recover the key for decrypting intercepted
272	communications even if the machine is cracked into or physically	282	communications even if the machine is cracked into or physically
273	seized.	283	seized.
@@ -276,6 +286,8 @@ A value of zero indicates that the key will never be regenerated.
276	Can be used to give options in the format used in the configuration file.	286	Can be used to give options in the format used in the configuration file.
277	This is useful for specifying options for which there is no separate	287	This is useful for specifying options for which there is no separate
278	command-line flag.	288	command-line flag.
		289	For full details of the options, and their values, see
		290	.Xr sshd_config 5 .
279	.It Fl p Ar port	291	.It Fl p Ar port
280	Specifies the port on which the server listens for connections	292	Specifies the port on which the server listens for connections
281	(default 22).	293	(default 22).
@@ -325,20 +337,6 @@ USER@HOST pattern in
325	.Cm AllowUsers	337	.Cm AllowUsers
326	or	338	or
327	.Cm DenyUsers .	339	.Cm DenyUsers .
328	.It Fl D
329	When this option is specified
330	.Nm
331	will not detach and does not become a daemon.
332	This allows easy monitoring of
333	.Nm sshd .
334	.It Fl 4
335	Forces
336	.Nm
337	to use IPv4 addresses only.
338	.It Fl 6
339	Forces
340	.Nm
341	to use IPv6 addresses only.
342	.El	340	.El
343	.Sh CONFIGURATION FILE	341	.Sh CONFIGURATION FILE
344	.Nm	342	.Nm
@@ -375,9 +373,9 @@ Changes to run with normal user privileges.
375	.It	373	.It
376	Sets up basic environment.	374	Sets up basic environment.
377	.It	375	.It
378	Reads	376	Reads the file
379	.Pa $HOME/.ssh/environment	377	.Pa $HOME/.ssh/environment ,
380	if it exists and users are allowed to change their environment.	378	if it exists, and users are allowed to change their environment.
381	See the	379	See the
382	.Cm PermitUserEnvironment	380	.Cm PermitUserEnvironment
383	option in	381	option in
@@ -516,7 +514,7 @@ Limit local
516	port forwarding such that it may only connect to the specified host and	514	port forwarding such that it may only connect to the specified host and
517	port.	515	port.
518	IPv6 addresses can be specified with an alternative syntax:	516	IPv6 addresses can be specified with an alternative syntax:
519	.Ar host/port .	517	.Ar host Ns / Ns Ar port .
520	Multiple	518	Multiple
521	.Cm permitopen	519	.Cm permitopen
522	options may be applied separated by commas.	520	options may be applied separated by commas.
@@ -524,13 +522,13 @@ No pattern matching is performed on the specified hostnames,
524	they must be literal domains or addresses.	522	they must be literal domains or addresses.
525	.El	523	.El
526	.Ss Examples	524	.Ss Examples
527	1024 33 12121.\\|.\\|.\\|312314325 ylo@foo.bar	525	1024 33 12121...312314325 ylo@foo.bar
528	.Pp	526	.Pp
529	from="*.niksula.hut.fi,!pc.niksula.hut.fi" 1024 35 23.\\|.\\|.\\|2334 ylo@niksula	527	from="*.niksula.hut.fi,!pc.niksula.hut.fi" 1024 35 23...2334 ylo@niksula
530	.Pp	528	.Pp
531	command="dump /home",no-pty,no-port-forwarding 1024 33 23.\\|.\\|.\\|2323 backup.hut.fi	529	command="dump /home",no-pty,no-port-forwarding 1024 33 23...2323 backup.hut.fi
532	.Pp	530	.Pp
533	permitopen="10.2.1.55:80",permitopen="10.2.1.56:25" 1024 33 23.\\|.\\|.\\|2323	531	permitopen="10.2.1.55:80",permitopen="10.2.1.56:25" 1024 33 23...2323
534	.Sh SSH_KNOWN_HOSTS FILE FORMAT	532	.Sh SSH_KNOWN_HOSTS FILE FORMAT
535	The	533	The
536	.Pa /etc/ssh/ssh_known_hosts	534	.Pa /etc/ssh/ssh_known_hosts
@@ -588,7 +586,7 @@ or by taking
588	and adding the host names at the front.	586	and adding the host names at the front.
589	.Ss Examples	587	.Ss Examples
590	.Bd -literal	588	.Bd -literal
591	closenet,.\\|.\\|.\\|,130.233.208.41 1024 37 159.\\|.\\|.93 closenet.hut.fi	589	closenet,...,130.233.208.41 1024 37 159...93 closenet.hut.fi
592	cvs.openbsd.org,199.185.137.3 ssh-rsa AAAA1234.....=	590	cvs.openbsd.org,199.185.137.3 ssh-rsa AAAA1234.....=
593	.Ed	591	.Ed
594	.Sh FILES	592	.Sh FILES
@@ -647,7 +645,7 @@ and/or
647	.Pa id_rsa.pub	645	.Pa id_rsa.pub
648	files into this file, as described in	646	files into this file, as described in
649	.Xr ssh-keygen 1 .	647	.Xr ssh-keygen 1 .
650	.It Pa "/etc/ssh/ssh_known_hosts" and "$HOME/.ssh/known_hosts"	648	.It Pa "/etc/ssh/ssh_known_hosts", "$HOME/.ssh/known_hosts"
651	These files are consulted when using rhosts with RSA host	649	These files are consulted when using rhosts with RSA host
652	authentication or protocol version 2 hostbased authentication	650	authentication or protocol version 2 hostbased authentication
653	to check the public key of the host.	651	to check the public key of the host.
@@ -681,7 +679,7 @@ The file must
681	be writable only by the user; it is recommended that it not be	679	be writable only by the user; it is recommended that it not be
682	accessible by others.	680	accessible by others.
683	.Pp	681	.Pp
684	If is also possible to use netgroups in the file.	682	It is also possible to use netgroups in the file.
685	Either host or user	683	Either host or user
686	name may be of the form +@groupname to specify all hosts or all users	684	name may be of the form +@groupname to specify all hosts or all users
687	in the group.	685	in the group.
@@ -693,7 +691,7 @@ However, this file is
693	not used by rlogin and rshd, so using this permits access using SSH only.	691	not used by rlogin and rshd, so using this permits access using SSH only.
694	.It Pa /etc/hosts.equiv	692	.It Pa /etc/hosts.equiv
695	This file is used during	693	This file is used during
696	.Pa .rhosts	694	.Em rhosts
697	authentication.	695	authentication.
698	In the simplest form, this file contains host names, one per line.	696	In the simplest form, this file contains host names, one per line.
699	Users on	697	Users on
@@ -800,9 +798,12 @@ This file should be writable only by root, and should be world-readable.
800	.Xr ssh-add 1 ,	798	.Xr ssh-add 1 ,
801	.Xr ssh-agent 1 ,	799	.Xr ssh-agent 1 ,
802	.Xr ssh-keygen 1 ,	800	.Xr ssh-keygen 1 ,
		801	.Xr chroot 2 ,
		802	.Xr hosts_access 5 ,
803	.Xr login.conf 5 ,	803	.Xr login.conf 5 ,
804	.Xr moduli 5 ,	804	.Xr moduli 5 ,
805	.Xr sshd_config 5 ,	805	.Xr sshd_config 5 ,
		806	.Xr inetd 8 ,
806	.Xr sftp-server 8	807	.Xr sftp-server 8
807	.Rs	808	.Rs
808	.%A T. Ylonen	809	.%A T. Ylonen