1 files changed, 27 insertions, 1 deletions
diff --git a/sshd_config.5 b/sshd_config.5
index 7882f8bcf..54b757b7f 100644
--- a/sshd_config.5
+++ b/sshd_config.5
@@ -318,12 +318,35 @@ Specifies whether user authentication based on GSSAPI is allowed.
 The default is
 .Dq no .
 Note that this option applies to protocol version 2 only.
+.It Cm GSSAPIKeyExchange
+Specifies whether key exchange based on GSSAPI is allowed. GSSAPI key exchange 
+doesn't rely on ssh keys to verify host identity.
+The default is
+.Dq no .
+Note that this option applies to protocol version 2 only.
 .It Cm GSSAPICleanupCredentials
 Specifies whether to automatically destroy the user's credentials cache
 on logout.
 The default is
 .Dq yes .
 Note that this option applies to protocol version 2 only.
+.It Cm GSSAPIStrictAcceptorCheck
+Determines whether to be strict about the identity of the GSSAPI acceptor 
+a client authenticates against. If
+.Dq yes
+then the client must authenticate against the
+.Pa host
+service on the current hostname. If 
+.Dq no
+then the client may authenticate against any service key stored in the 
+machine's default store. This facility is provided to assist with operation 
+on multi homed machines. 
+The default is
+.Dq yes .
+Note that this option applies only to protocol version 2 GSSAPI connections,
+and setting it to 
+.Dq no
+may only work with recent Kerberos GSSAPI libraries.
 .It Cm HostbasedAuthentication
 Specifies whether rhosts or /etc/hosts.equiv authentication together
 with successful public key client host authentication is allowed
@@ -478,7 +501,7 @@ The default is 120 seconds.
 Gives the verbosity level that is used when logging messages from
 .Xr sshd 8 .
 The possible values are:
-QUIET, FATAL, ERROR, INFO, VERBOSE, DEBUG, DEBUG1, DEBUG2, and DEBUG3.
+SILENT, QUIET, FATAL, ERROR, INFO, VERBOSE, DEBUG, DEBUG1, DEBUG2, and DEBUG3.
 The default is INFO.
 DEBUG and DEBUG1 are equivalent.
 DEBUG2 and DEBUG3 each specify higher levels of debugging output.
@@ -772,6 +795,9 @@ This avoids infinitely hanging sessions.
 .Pp
 To disable TCP keepalive messages, the value should be set to
 .Dq no .
+.Pp
+This option was formerly called
+.Cm KeepAlive .
 .It Cm UseDNS
 Specifies whether
 .Xr sshd 8

diff --git a/sshd_config.5 b/sshd_config.5 index 7882f8bcf..54b757b7f 100644 --- a/sshd_config.5 +++ b/sshd_config.5
@@ -318,12 +318,35 @@ Specifies whether user authentication based on GSSAPI is allowed.
318	The default is	318	The default is
319	.Dq no .	319	.Dq no .
320	Note that this option applies to protocol version 2 only.	320	Note that this option applies to protocol version 2 only.
		321	.It Cm GSSAPIKeyExchange
		322	Specifies whether key exchange based on GSSAPI is allowed. GSSAPI key exchange
		323	doesn't rely on ssh keys to verify host identity.
		324	The default is
		325	.Dq no .
		326	Note that this option applies to protocol version 2 only.
321	.It Cm GSSAPICleanupCredentials	327	.It Cm GSSAPICleanupCredentials
322	Specifies whether to automatically destroy the user's credentials cache	328	Specifies whether to automatically destroy the user's credentials cache
323	on logout.	329	on logout.
324	The default is	330	The default is
325	.Dq yes .	331	.Dq yes .
326	Note that this option applies to protocol version 2 only.	332	Note that this option applies to protocol version 2 only.
		333	.It Cm GSSAPIStrictAcceptorCheck
		334	Determines whether to be strict about the identity of the GSSAPI acceptor
		335	a client authenticates against. If
		336	.Dq yes
		337	then the client must authenticate against the
		338	.Pa host
		339	service on the current hostname. If
		340	.Dq no
		341	then the client may authenticate against any service key stored in the
		342	machine's default store. This facility is provided to assist with operation
		343	on multi homed machines.
		344	The default is
		345	.Dq yes .
		346	Note that this option applies only to protocol version 2 GSSAPI connections,
		347	and setting it to
		348	.Dq no
		349	may only work with recent Kerberos GSSAPI libraries.
327	.It Cm HostbasedAuthentication	350	.It Cm HostbasedAuthentication
328	Specifies whether rhosts or /etc/hosts.equiv authentication together	351	Specifies whether rhosts or /etc/hosts.equiv authentication together
329	with successful public key client host authentication is allowed	352	with successful public key client host authentication is allowed
@@ -478,7 +501,7 @@ The default is 120 seconds.
478	Gives the verbosity level that is used when logging messages from	501	Gives the verbosity level that is used when logging messages from
479	.Xr sshd 8 .	502	.Xr sshd 8 .
480	The possible values are:	503	The possible values are:
481	QUIET, FATAL, ERROR, INFO, VERBOSE, DEBUG, DEBUG1, DEBUG2, and DEBUG3.	504	SILENT, QUIET, FATAL, ERROR, INFO, VERBOSE, DEBUG, DEBUG1, DEBUG2, and DEBUG3.
482	The default is INFO.	505	The default is INFO.
483	DEBUG and DEBUG1 are equivalent.	506	DEBUG and DEBUG1 are equivalent.
484	DEBUG2 and DEBUG3 each specify higher levels of debugging output.	507	DEBUG2 and DEBUG3 each specify higher levels of debugging output.
@@ -772,6 +795,9 @@ This avoids infinitely hanging sessions.
772	.Pp	795	.Pp
773	To disable TCP keepalive messages, the value should be set to	796	To disable TCP keepalive messages, the value should be set to
774	.Dq no .	797	.Dq no .
		798	.Pp
		799	This option was formerly called
		800	.Cm KeepAlive .
775	.It Cm UseDNS	801	.It Cm UseDNS
776	Specifies whether	802	Specifies whether
777	.Xr sshd 8	803	.Xr sshd 8