1 files changed, 22 insertions, 17 deletions
diff --git a/sshd.8 b/sshd.8
index 522279ee3..12c2cefec 100644
--- a/sshd.8
+++ b/sshd.8
@@ -34,8 +34,8 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: sshd.8,v 1.234 2006/08/21 08:15:57 dtucker Exp $
+.\" $OpenBSD: sshd.8,v 1.237 2007/06/07 19:37:34 pvalchev Exp $
-.Dd September 25, 1999
+.Dd $Mdocdate: August 16 2007 $
 .Dt SSHD 8
 .Os
 .Sh NAME
@@ -58,8 +58,11 @@
 .Nm
 (OpenSSH Daemon) is the daemon program for
 .Xr ssh 1 .
-Together these programs replace rlogin and rsh, and
+Together these programs replace
-provide secure encrypted communications between two untrusted hosts
+.Xr rlogin 1
+and
+.Xr rsh 1 ,
+and provide secure encrypted communications between two untrusted hosts
 over an insecure network.
 .Pp
 .Nm
@@ -117,7 +120,7 @@ Maximum is 3.
 When this option is specified,
 .Nm
 will send the output to the standard error instead of the system log.
-.It Fl f Ar configuration_file
+.It Fl f Ar config_file
 Specifies the name of the configuration file.
 The default is
 .Pa /etc/ssh/sshd_config .
@@ -273,7 +276,7 @@ The client selects the encryption algorithm
 to use from those offered by the server.
 Additionally, session integrity is provided
 through a cryptographic message authentication code
-(hmac-sha1 or hmac-md5).
+(hmac-md5, hmac-sha1, umac-64 or hmac-ripemd160).
 .Pp
 Finally, the server and the client enter an authentication dialog.
 The client tries to authenticate itself using
@@ -299,8 +302,9 @@ on Tru64,
 a leading
 .Ql \&*LOCKED\&*
 on FreeBSD and a leading
-.Ql \&!!
+.Ql \&!
-on Linux).  If there is a requirement to disable password authentication
+on most Linuxes).
+If there is a requirement to disable password authentication
 for the account while allowing still public-key, then the passwd field
 should be set to something other than these values (eg
 .Ql NP
@@ -758,15 +762,6 @@ This file is used in exactly the same way as
 but allows host-based authentication without permitting login with
 rlogin/rsh.
 .Pp
-.It /etc/ssh/ssh_known_hosts
-Systemwide list of known host keys.
-This file should be prepared by the
-system administrator to contain the public host keys of all machines in the
-organization.
-The format of this file is described above.
-This file should be writable only by root/the owner and
-should be world-readable.
-.Pp
 .It /etc/ssh/ssh_host_key
 .It /etc/ssh/ssh_host_dsa_key
 .It /etc/ssh/ssh_host_rsa_key
@@ -790,6 +785,15 @@ the user so their contents can be copied to known hosts files.
 These files are created using
 .Xr ssh-keygen 1 .
 .Pp
+.It /etc/ssh/ssh_known_hosts
+Systemwide list of known host keys.
+This file should be prepared by the
+system administrator to contain the public host keys of all machines in the
+organization.
+The format of this file is described above.
+This file should be writable only by root/the owner and
+should be world-readable.
+.Pp
 .It /etc/ssh/sshd_config
 Contains configuration data for
 .Nm sshd .
@@ -826,6 +830,7 @@ The content of this file is not sensitive; it can be world-readable.
 .Xr ssh-add 1 ,
 .Xr ssh-agent 1 ,
 .Xr ssh-keygen 1 ,
+.Xr ssh-keyscan 1 ,
 .Xr chroot 2 ,
 .Xr hosts_access 5 ,
 .Xr login.conf 5 ,

diff --git a/sshd.8 b/sshd.8 index 522279ee3..12c2cefec 100644 --- a/sshd.8 +++ b/sshd.8
@@ -34,8 +34,8 @@
34	.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF	34	.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
35	.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.	35	.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
36	.\"	36	.\"
37	.\" $OpenBSD: sshd.8,v 1.234 2006/08/21 08:15:57 dtucker Exp $	37	.\" $OpenBSD: sshd.8,v 1.237 2007/06/07 19:37:34 pvalchev Exp $
38	.Dd September 25, 1999	38	.Dd $Mdocdate: August 16 2007 $
39	.Dt SSHD 8	39	.Dt SSHD 8
40	.Os	40	.Os
41	.Sh NAME	41	.Sh NAME
@@ -58,8 +58,11 @@
58	.Nm	58	.Nm
59	(OpenSSH Daemon) is the daemon program for	59	(OpenSSH Daemon) is the daemon program for
60	.Xr ssh 1 .	60	.Xr ssh 1 .
61	Together these programs replace rlogin and rsh, and	61	Together these programs replace
62	provide secure encrypted communications between two untrusted hosts	62	.Xr rlogin 1
		63	and
		64	.Xr rsh 1 ,
		65	and provide secure encrypted communications between two untrusted hosts
63	over an insecure network.	66	over an insecure network.
64	.Pp	67	.Pp
65	.Nm	68	.Nm
@@ -117,7 +120,7 @@ Maximum is 3.
117	When this option is specified,	120	When this option is specified,
118	.Nm	121	.Nm
119	will send the output to the standard error instead of the system log.	122	will send the output to the standard error instead of the system log.
120	.It Fl f Ar configuration_file	123	.It Fl f Ar config_file
121	Specifies the name of the configuration file.	124	Specifies the name of the configuration file.
122	The default is	125	The default is
123	.Pa /etc/ssh/sshd_config .	126	.Pa /etc/ssh/sshd_config .
@@ -273,7 +276,7 @@ The client selects the encryption algorithm
273	to use from those offered by the server.	276	to use from those offered by the server.
274	Additionally, session integrity is provided	277	Additionally, session integrity is provided
275	through a cryptographic message authentication code	278	through a cryptographic message authentication code
276	(hmac-sha1 or hmac-md5).	279	(hmac-md5, hmac-sha1, umac-64 or hmac-ripemd160).
277	.Pp	280	.Pp
278	Finally, the server and the client enter an authentication dialog.	281	Finally, the server and the client enter an authentication dialog.
279	The client tries to authenticate itself using	282	The client tries to authenticate itself using
@@ -299,8 +302,9 @@ on Tru64,
299	a leading	302	a leading
300	.Ql \&LOCKED\&	303	.Ql \&LOCKED\&
301	on FreeBSD and a leading	304	on FreeBSD and a leading
302	.Ql \&!!	305	.Ql \&!
303	on Linux). If there is a requirement to disable password authentication	306	on most Linuxes).
		307	If there is a requirement to disable password authentication
304	for the account while allowing still public-key, then the passwd field	308	for the account while allowing still public-key, then the passwd field
305	should be set to something other than these values (eg	309	should be set to something other than these values (eg
306	.Ql NP	310	.Ql NP
@@ -758,15 +762,6 @@ This file is used in exactly the same way as
758	but allows host-based authentication without permitting login with	762	but allows host-based authentication without permitting login with
759	rlogin/rsh.	763	rlogin/rsh.
760	.Pp	764	.Pp
761	.It /etc/ssh/ssh_known_hosts
762	Systemwide list of known host keys.
763	This file should be prepared by the
764	system administrator to contain the public host keys of all machines in the
765	organization.
766	The format of this file is described above.
767	This file should be writable only by root/the owner and
768	should be world-readable.
769	.Pp
770	.It /etc/ssh/ssh_host_key	765	.It /etc/ssh/ssh_host_key
771	.It /etc/ssh/ssh_host_dsa_key	766	.It /etc/ssh/ssh_host_dsa_key
772	.It /etc/ssh/ssh_host_rsa_key	767	.It /etc/ssh/ssh_host_rsa_key
@@ -790,6 +785,15 @@ the user so their contents can be copied to known hosts files.
790	These files are created using	785	These files are created using
791	.Xr ssh-keygen 1 .	786	.Xr ssh-keygen 1 .
792	.Pp	787	.Pp
		788	.It /etc/ssh/ssh_known_hosts
		789	Systemwide list of known host keys.
		790	This file should be prepared by the
		791	system administrator to contain the public host keys of all machines in the
		792	organization.
		793	The format of this file is described above.
		794	This file should be writable only by root/the owner and
		795	should be world-readable.
		796	.Pp
793	.It /etc/ssh/sshd_config	797	.It /etc/ssh/sshd_config
794	Contains configuration data for	798	Contains configuration data for
795	.Nm sshd .	799	.Nm sshd .
@@ -826,6 +830,7 @@ The content of this file is not sensitive; it can be world-readable.
826	.Xr ssh-add 1 ,	830	.Xr ssh-add 1 ,
827	.Xr ssh-agent 1 ,	831	.Xr ssh-agent 1 ,
828	.Xr ssh-keygen 1 ,	832	.Xr ssh-keygen 1 ,
		833	.Xr ssh-keyscan 1 ,
829	.Xr chroot 2 ,	834	.Xr chroot 2 ,
830	.Xr hosts_access 5 ,	835	.Xr hosts_access 5 ,
831	.Xr login.conf 5 ,	836	.Xr login.conf 5 ,