1 files changed, 34 insertions, 6 deletions
diff --git a/sshd_config.0 b/sshd_config.0
index 8a922666e..0528a8c44 100644
--- a/sshd_config.0
+++ b/sshd_config.0
@@ -15,6 +15,19 @@ DESCRIPTION
     The possible keywords and their meanings are as follows (note that key-
     words are case-insensitive and arguments are case-sensitive):
+     AcceptEnv
+             Specifies what environment variables sent by the client will be
+             copied into the session's environ(7).  See SendEnv in
+             ssh_config(5) for how to configure the client.  Note that envi-
+             ronment passing is only supported for protocol 2.  Variables are
+             specified by name, which may contain the wildcard characters `*'
+             and `?'.  Multiple environment variables may be separated by
+             whitespace or spread across multiple AcceptEnv directives.  Be
+             warned that some environment variables could be used to bypass
+             restricted user environments.  For this reason, care should be
+             taken in the use of this directive.  The default is not to accept
+             any environment variables.
     AllowGroups
             This keyword can be followed by a list of group name patterns,
             separated by spaces.  If specified, login is allowed only for
@@ -63,7 +76,10 @@ DESCRIPTION
     Ciphers
             Specifies the ciphers allowed for protocol version 2.  Multiple
-             ciphers must be comma-separated.  The default is
+             ciphers must be comma-separated.  The supported ciphers are
+             ``3des-cbc'', ``aes128-cbc'', ``aes192-cbc'', ``aes256-cbc'',
+             ``aes128-ctr'', ``aes192-ctr'', ``aes256-ctr'', ``arcfour'',
+             ``blowfish-cbc'', and ``cast128-cbc''.  The default is
               ``aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,
                 aes192-cbc,aes256-cbc,aes128-ctr,aes192-ctr,aes256-ctr''
@@ -224,6 +240,11 @@ DESCRIPTION
             ed.  The default is ``hmac-md5,hmac-sha1,hmac-ripemd160,hmac-
             sha1-96,hmac-md5-96''.
+     MaxAuthTries
+             Specifies the maximum number of authentication attempts permitted
+             per connection.  Once the number of failures reaches half this
+             value, additional failures are logged.  The default is 6.
     MaxStartups
             Specifies the maximum number of concurrent unauthenticated con-
             nections to the sshd daemon.  Additional connections will be
@@ -367,10 +388,17 @@ DESCRIPTION
             know how to handle xauth(1) cookies.  If UsePrivilegeSeparation
             is specified, it will be disabled after authentication.
-     UsePAM  Enables PAM authentication (via challenge-response) and session
+     UsePAM  Enables the Pluggable Authentication Module interface.  If set to
-             set up.  If you enable this, you should probably disable
+             ``yes'' this will enable PAM authentication using
-             PasswordAuthentication.  If you enable then you will not be able
+             ChallengeResponseAuthentication and PAM account and session mod-
-             to run sshd as a non-root user.  The default is ``no''.
+             ule processing for all authentication types.
+             Because PAM challenge-response authentication usually serves an
+             equivalent role to password authentication, you should disable
+             either PasswordAuthentication or ChallengeResponseAuthentication.
+             If UsePAM is enabled, you will not be able to run sshd(8) as a
+             non-root user.  The default is ``no''.
     UsePrivilegeSeparation
             Specifies whether sshd separates privileges by creating an un-
@@ -463,4 +491,4 @@ AUTHORS
     versions 1.5 and 2.0.  Niels Provos and Markus Friedl contributed support
     for privilege separation.
-OpenBSD 3.5                   September 25, 1999                             8
+OpenBSD 3.6                   September 25, 1999                             8