1 files changed, 7 insertions, 20 deletions
diff --git a/sshd_config.5 b/sshd_config.5
index 711a02524..ef9190568 100644
--- a/sshd_config.5
+++ b/sshd_config.5
@@ -33,8 +33,8 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: sshd_config.5,v 1.218 2016/02/16 05:11:04 djm Exp $
+.\" $OpenBSD: sshd_config.5,v 1.219 2016/02/17 07:38:19 jmc Exp $
-.Dd $Mdocdate: February 16 2016 $
+.Dd $Mdocdate: February 17 2016 $
 .Dt SSHD_CONFIG 5
 .Os
 .Sh NAME
@@ -70,8 +70,7 @@ See
 in
 .Xr ssh_config 5
 for how to configure the client.
-Note that environment passing is only supported for protocol 2, and
+The
-that the
 .Ev TERM
 environment variable is always sent whenever the client
 requests a pseudo-terminal as it is required by the protocol.
@@ -226,7 +225,7 @@ of
 .Dq publickey,publickey
 will require successful authentication using two different public keys.
 .Pp
-This option is only available for SSH protocol 2 and will yield a fatal
+This option will yield a fatal
 error if enabled if protocol 1 is also enabled.
 Note that each authentication method listed should also be explicitly enabled
 in the configuration.
@@ -373,7 +372,6 @@ authentication is allowed.
 If the argument is
 .Dq none
 then no banner is displayed.
-This option is only available for protocol version 2.
 By default, no banner is displayed.
 .It Cm ChallengeResponseAuthentication
 Specifies whether challenge-response authentication is allowed (e.g. via
@@ -437,7 +435,7 @@ The default is
 indicating not to
 .Xr chroot 2 .
 .It Cm Ciphers
-Specifies the ciphers allowed for protocol version 2.
+Specifies the ciphers allowed.
 Multiple ciphers must be comma-separated.
 If the specified value begins with a
 .Sq +
@@ -518,7 +516,6 @@ If
 .Cm ClientAliveCountMax
 is left at the default, unresponsive SSH clients
 will be disconnected after approximately 45 seconds.
-This option applies to protocol version 2 only.
 .It Cm ClientAliveInterval
 Sets a timeout interval in seconds after which if no data has been received
 from the client,
@@ -527,7 +524,6 @@ will send a message through the encrypted
 channel to request a response from the client.
 The default
 is 0, indicating that these messages will not be sent to the client.
-This option applies to protocol version 2 only.
 .It Cm Compression
 Specifies whether compression is allowed, or delayed until
 the user has authenticated successfully.
@@ -627,13 +623,11 @@ The default is
 Specifies whether user authentication based on GSSAPI is allowed.
 The default is
 .Dq no .
-Note that this option applies to protocol version 2 only.
 .It Cm GSSAPICleanupCredentials
 Specifies whether to automatically destroy the user's credentials cache
 on logout.
 The default is
 .Dq yes .
-Note that this option applies to protocol version 2 only.
 .It Cm GSSAPIStrictAcceptorCheck
 Determines whether to be strict about the identity of the GSSAPI acceptor
 a client authenticates against.
@@ -676,9 +670,6 @@ may be used to list supported key types.
 Specifies whether rhosts or /etc/hosts.equiv authentication together
 with successful public key client host authentication is allowed
 (host-based authentication).
-This option is similar to
-.Cm RhostsRSAAuthentication
-and applies to protocol version 2 only.
 The default is
 .Dq no .
 .It Cm HostbasedUsesNameFromPacketOnly
@@ -749,7 +740,7 @@ is specified, the location of the socket will be read from the
 .Ev SSH_AUTH_SOCK
 environment variable.
 .It Cm HostKeyAlgorithms
-Specifies the protocol version 2 host key algorithms
+Specifies the host key algorithms
 that the server offers.
 The default for this option is:
 .Bd -literal -offset 3n
@@ -970,8 +961,7 @@ DEBUG2 and DEBUG3 each specify higher levels of debugging output.
 Logging with a DEBUG level violates the privacy of users and is not recommended.
 .It Cm MACs
 Specifies the available MAC (message authentication code) algorithms.
-The MAC algorithm is used in protocol version 2
+The MAC algorithm is used for data integrity protection.
-for data integrity protection.
 Multiple algorithms must be comma-separated.
 If the specified value begins with a
 .Sq +
@@ -1380,7 +1370,6 @@ may be used to list supported key types.
 Specifies whether public key authentication is allowed.
 The default is
 .Dq yes .
-Note that this option applies to protocol version 2 only.
 .It Cm RekeyLimit
 Specifies the maximum amount of data that may be transmitted before the
 session key is renegotiated, optionally followed a maximum amount of
@@ -1406,7 +1395,6 @@ is
 .Dq default none ,
 which means that rekeying is performed after the cipher's default amount
 of data has been sent or received and no time based rekeying is done.
-This option applies to protocol version 2 only.
 .It Cm RevokedKeys
 Specifies revoked public keys file, or
 .Dq none
@@ -1493,7 +1481,6 @@ This may simplify configurations using
 to force a different filesystem root on clients.
 .Pp
 By default no subsystems are defined.
-Note that this option applies to protocol version 2 only.
 .It Cm SyslogFacility
 Gives the facility code that is used when logging messages from
 .Xr sshd 8 .

diff --git a/sshd_config.5 b/sshd_config.5 index 711a02524..ef9190568 100644 --- a/sshd_config.5 +++ b/sshd_config.5
@@ -33,8 +33,8 @@
33	.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF	33	.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
34	.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.	34	.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
35	.\"	35	.\"
36	.\" $OpenBSD: sshd_config.5,v 1.218 2016/02/16 05:11:04 djm Exp $	36	.\" $OpenBSD: sshd_config.5,v 1.219 2016/02/17 07:38:19 jmc Exp $
37	.Dd $Mdocdate: February 16 2016 $	37	.Dd $Mdocdate: February 17 2016 $
38	.Dt SSHD_CONFIG 5	38	.Dt SSHD_CONFIG 5
39	.Os	39	.Os
40	.Sh NAME	40	.Sh NAME
@@ -70,8 +70,7 @@ See
70	in	70	in
71	.Xr ssh_config 5	71	.Xr ssh_config 5
72	for how to configure the client.	72	for how to configure the client.
73	Note that environment passing is only supported for protocol 2, and	73	The
74	that the
75	.Ev TERM	74	.Ev TERM
76	environment variable is always sent whenever the client	75	environment variable is always sent whenever the client
77	requests a pseudo-terminal as it is required by the protocol.	76	requests a pseudo-terminal as it is required by the protocol.
@@ -226,7 +225,7 @@ of
226	.Dq publickey,publickey	225	.Dq publickey,publickey
227	will require successful authentication using two different public keys.	226	will require successful authentication using two different public keys.
228	.Pp	227	.Pp
229	This option is only available for SSH protocol 2 and will yield a fatal	228	This option will yield a fatal
230	error if enabled if protocol 1 is also enabled.	229	error if enabled if protocol 1 is also enabled.
231	Note that each authentication method listed should also be explicitly enabled	230	Note that each authentication method listed should also be explicitly enabled
232	in the configuration.	231	in the configuration.
@@ -373,7 +372,6 @@ authentication is allowed.
373	If the argument is	372	If the argument is
374	.Dq none	373	.Dq none
375	then no banner is displayed.	374	then no banner is displayed.
376	This option is only available for protocol version 2.
377	By default, no banner is displayed.	375	By default, no banner is displayed.
378	.It Cm ChallengeResponseAuthentication	376	.It Cm ChallengeResponseAuthentication
379	Specifies whether challenge-response authentication is allowed (e.g. via	377	Specifies whether challenge-response authentication is allowed (e.g. via
@@ -437,7 +435,7 @@ The default is
437	indicating not to	435	indicating not to
438	.Xr chroot 2 .	436	.Xr chroot 2 .
439	.It Cm Ciphers	437	.It Cm Ciphers
440	Specifies the ciphers allowed for protocol version 2.	438	Specifies the ciphers allowed.
441	Multiple ciphers must be comma-separated.	439	Multiple ciphers must be comma-separated.
442	If the specified value begins with a	440	If the specified value begins with a
443	.Sq +	441	.Sq +
@@ -518,7 +516,6 @@ If
518	.Cm ClientAliveCountMax	516	.Cm ClientAliveCountMax
519	is left at the default, unresponsive SSH clients	517	is left at the default, unresponsive SSH clients
520	will be disconnected after approximately 45 seconds.	518	will be disconnected after approximately 45 seconds.
521	This option applies to protocol version 2 only.
522	.It Cm ClientAliveInterval	519	.It Cm ClientAliveInterval
523	Sets a timeout interval in seconds after which if no data has been received	520	Sets a timeout interval in seconds after which if no data has been received
524	from the client,	521	from the client,
@@ -527,7 +524,6 @@ will send a message through the encrypted
527	channel to request a response from the client.	524	channel to request a response from the client.
528	The default	525	The default
529	is 0, indicating that these messages will not be sent to the client.	526	is 0, indicating that these messages will not be sent to the client.
530	This option applies to protocol version 2 only.
531	.It Cm Compression	527	.It Cm Compression
532	Specifies whether compression is allowed, or delayed until	528	Specifies whether compression is allowed, or delayed until
533	the user has authenticated successfully.	529	the user has authenticated successfully.
@@ -627,13 +623,11 @@ The default is
627	Specifies whether user authentication based on GSSAPI is allowed.	623	Specifies whether user authentication based on GSSAPI is allowed.
628	The default is	624	The default is
629	.Dq no .	625	.Dq no .
630	Note that this option applies to protocol version 2 only.
631	.It Cm GSSAPICleanupCredentials	626	.It Cm GSSAPICleanupCredentials
632	Specifies whether to automatically destroy the user's credentials cache	627	Specifies whether to automatically destroy the user's credentials cache
633	on logout.	628	on logout.
634	The default is	629	The default is
635	.Dq yes .	630	.Dq yes .
636	Note that this option applies to protocol version 2 only.
637	.It Cm GSSAPIStrictAcceptorCheck	631	.It Cm GSSAPIStrictAcceptorCheck
638	Determines whether to be strict about the identity of the GSSAPI acceptor	632	Determines whether to be strict about the identity of the GSSAPI acceptor
639	a client authenticates against.	633	a client authenticates against.
@@ -676,9 +670,6 @@ may be used to list supported key types.
676	Specifies whether rhosts or /etc/hosts.equiv authentication together	670	Specifies whether rhosts or /etc/hosts.equiv authentication together
677	with successful public key client host authentication is allowed	671	with successful public key client host authentication is allowed
678	(host-based authentication).	672	(host-based authentication).
679	This option is similar to
680	.Cm RhostsRSAAuthentication
681	and applies to protocol version 2 only.
682	The default is	673	The default is
683	.Dq no .	674	.Dq no .
684	.It Cm HostbasedUsesNameFromPacketOnly	675	.It Cm HostbasedUsesNameFromPacketOnly
@@ -749,7 +740,7 @@ is specified, the location of the socket will be read from the
749	.Ev SSH_AUTH_SOCK	740	.Ev SSH_AUTH_SOCK
750	environment variable.	741	environment variable.
751	.It Cm HostKeyAlgorithms	742	.It Cm HostKeyAlgorithms
752	Specifies the protocol version 2 host key algorithms	743	Specifies the host key algorithms
753	that the server offers.	744	that the server offers.
754	The default for this option is:	745	The default for this option is:
755	.Bd -literal -offset 3n	746	.Bd -literal -offset 3n
@@ -970,8 +961,7 @@ DEBUG2 and DEBUG3 each specify higher levels of debugging output.
970	Logging with a DEBUG level violates the privacy of users and is not recommended.	961	Logging with a DEBUG level violates the privacy of users and is not recommended.
971	.It Cm MACs	962	.It Cm MACs
972	Specifies the available MAC (message authentication code) algorithms.	963	Specifies the available MAC (message authentication code) algorithms.
973	The MAC algorithm is used in protocol version 2	964	The MAC algorithm is used for data integrity protection.
974	for data integrity protection.
975	Multiple algorithms must be comma-separated.	965	Multiple algorithms must be comma-separated.
976	If the specified value begins with a	966	If the specified value begins with a
977	.Sq +	967	.Sq +
@@ -1380,7 +1370,6 @@ may be used to list supported key types.
1380	Specifies whether public key authentication is allowed.	1370	Specifies whether public key authentication is allowed.
1381	The default is	1371	The default is
1382	.Dq yes .	1372	.Dq yes .
1383	Note that this option applies to protocol version 2 only.
1384	.It Cm RekeyLimit	1373	.It Cm RekeyLimit
1385	Specifies the maximum amount of data that may be transmitted before the	1374	Specifies the maximum amount of data that may be transmitted before the
1386	session key is renegotiated, optionally followed a maximum amount of	1375	session key is renegotiated, optionally followed a maximum amount of
@@ -1406,7 +1395,6 @@ is
1406	.Dq default none ,	1395	.Dq default none ,
1407	which means that rekeying is performed after the cipher's default amount	1396	which means that rekeying is performed after the cipher's default amount
1408	of data has been sent or received and no time based rekeying is done.	1397	of data has been sent or received and no time based rekeying is done.
1409	This option applies to protocol version 2 only.
1410	.It Cm RevokedKeys	1398	.It Cm RevokedKeys
1411	Specifies revoked public keys file, or	1399	Specifies revoked public keys file, or
1412	.Dq none	1400	.Dq none
@@ -1493,7 +1481,6 @@ This may simplify configurations using
1493	to force a different filesystem root on clients.	1481	to force a different filesystem root on clients.
1494	.Pp	1482	.Pp
1495	By default no subsystems are defined.	1483	By default no subsystems are defined.
1496	Note that this option applies to protocol version 2 only.
1497	.It Cm SyslogFacility	1484	.It Cm SyslogFacility
1498	Gives the facility code that is used when logging messages from	1485	Gives the facility code that is used when logging messages from
1499	.Xr sshd 8 .	1486	.Xr sshd 8 .