1 files changed, 22 insertions, 6 deletions
diff --git a/sshd_config.5 b/sshd_config.5
index 3e364cf00..22e7edc94 100644
--- a/sshd_config.5
+++ b/sshd_config.5
@@ -33,8 +33,8 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: sshd_config.5,v 1.136 2011/09/09 00:43:00 djm Exp $
+.\" $OpenBSD: sshd_config.5,v 1.144 2012/06/29 13:57:25 naddy Exp $
-.Dd $Mdocdate: September 9 2011 $
+.Dd $Mdocdate: June 29 2012 $
 .Dt SSHD_CONFIG 5
 .Os
 .Sh NAME
@@ -225,7 +225,9 @@ After expansion,
 is taken to be an absolute path or one relative to the user's home
 directory.
 .Pp
-The default is not to use a principals file \(en in this case, the username
+The default is
+.Dq none ,
+i.e. not to use a principals file \(en in this case, the username
 of the user must appear in a certificate's principals list for it to be
 accepted.
 Note that
@@ -714,9 +716,8 @@ Multiple algorithms must be comma-separated.
 The default is:
 .Bd -literal -offset indent
 hmac-md5,hmac-sha1,umac-64@openssh.com,
-hmac-ripemd160,hmac-sha1-96,hmac-md5-96,
+hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,
-hmac-sha2-256,hmac-sha256-96,hmac-sha2-512,
+hmac-sha1-96,hmac-md5-96
-hmac-sha2-512-96
 .Ed
 .It Cm Match
 Introduces a conditional block.
@@ -734,6 +735,8 @@ The available criteria are
 .Cm User ,
 .Cm Group ,
 .Cm Host ,
+.Cm LocalAddress ,
+.Cm LocalPort ,
 and
 .Cm Address .
 The match patterns may consist of single entries or comma-separated
@@ -762,12 +765,17 @@ Only a subset of keywords may be used on the lines following a
 .Cm Match
 keyword.
 Available keywords are
+.Cm AcceptEnv ,
 .Cm AllowAgentForwarding ,
+.Cm AllowGroups ,
 .Cm AllowTcpForwarding ,
+.Cm AllowUsers ,
 .Cm AuthorizedKeysFile ,
 .Cm AuthorizedPrincipalsFile ,
 .Cm Banner ,
 .Cm ChrootDirectory ,
+.Cm DenyGroups ,
+.Cm DenyUsers ,
 .Cm ForceCommand ,
 .Cm GatewayPorts ,
 .Cm GSSAPIAuthentication ,
@@ -871,6 +879,9 @@ Multiple forwards may be specified by separating them with whitespace.
 An argument of
 .Dq any
 can be used to remove all restrictions and permit any forwarding requests.
+An argument of
+.Dq none
+can be used to prohibit all forwarding requests.
 By default all port forwarding requests are permitted.
 .It Cm PermitRootLogin
 Specifies whether root can log in using
@@ -1155,6 +1166,11 @@ is set to
 .Dq sandbox
 then the pre-authentication unprivileged process is subject to additional
 restrictions.
+.It Cm VersionAddendum
+Optionally specifies additional text to append to the SSH protocol banner
+sent by the server upon connection.
+The default is
+.Dq none .
 .It Cm X11DisplayOffset
 Specifies the first display number available for
 .Xr sshd 8 Ns 's

diff --git a/sshd_config.5 b/sshd_config.5 index 3e364cf00..22e7edc94 100644 --- a/sshd_config.5 +++ b/sshd_config.5
@@ -33,8 +33,8 @@
33	.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF	33	.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
34	.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.	34	.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
35	.\"	35	.\"
36	.\" $OpenBSD: sshd_config.5,v 1.136 2011/09/09 00:43:00 djm Exp $	36	.\" $OpenBSD: sshd_config.5,v 1.144 2012/06/29 13:57:25 naddy Exp $
37	.Dd $Mdocdate: September 9 2011 $	37	.Dd $Mdocdate: June 29 2012 $
38	.Dt SSHD_CONFIG 5	38	.Dt SSHD_CONFIG 5
39	.Os	39	.Os
40	.Sh NAME	40	.Sh NAME
@@ -225,7 +225,9 @@ After expansion,
225	is taken to be an absolute path or one relative to the user's home	225	is taken to be an absolute path or one relative to the user's home
226	directory.	226	directory.
227	.Pp	227	.Pp
228	The default is not to use a principals file \(en in this case, the username	228	The default is
		229	.Dq none ,
		230	i.e. not to use a principals file \(en in this case, the username
229	of the user must appear in a certificate's principals list for it to be	231	of the user must appear in a certificate's principals list for it to be
230	accepted.	232	accepted.
231	Note that	233	Note that
@@ -714,9 +716,8 @@ Multiple algorithms must be comma-separated.
714	The default is:	716	The default is:
715	.Bd -literal -offset indent	717	.Bd -literal -offset indent
716	hmac-md5,hmac-sha1,umac-64@openssh.com,	718	hmac-md5,hmac-sha1,umac-64@openssh.com,
717	hmac-ripemd160,hmac-sha1-96,hmac-md5-96,	719	hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,
718	hmac-sha2-256,hmac-sha256-96,hmac-sha2-512,	720	hmac-sha1-96,hmac-md5-96
719	hmac-sha2-512-96
720	.Ed	721	.Ed
721	.It Cm Match	722	.It Cm Match
722	Introduces a conditional block.	723	Introduces a conditional block.
@@ -734,6 +735,8 @@ The available criteria are
734	.Cm User ,	735	.Cm User ,
735	.Cm Group ,	736	.Cm Group ,
736	.Cm Host ,	737	.Cm Host ,
		738	.Cm LocalAddress ,
		739	.Cm LocalPort ,
737	and	740	and
738	.Cm Address .	741	.Cm Address .
739	The match patterns may consist of single entries or comma-separated	742	The match patterns may consist of single entries or comma-separated
@@ -762,12 +765,17 @@ Only a subset of keywords may be used on the lines following a
762	.Cm Match	765	.Cm Match
763	keyword.	766	keyword.
764	Available keywords are	767	Available keywords are
		768	.Cm AcceptEnv ,
765	.Cm AllowAgentForwarding ,	769	.Cm AllowAgentForwarding ,
		770	.Cm AllowGroups ,
766	.Cm AllowTcpForwarding ,	771	.Cm AllowTcpForwarding ,
		772	.Cm AllowUsers ,
767	.Cm AuthorizedKeysFile ,	773	.Cm AuthorizedKeysFile ,
768	.Cm AuthorizedPrincipalsFile ,	774	.Cm AuthorizedPrincipalsFile ,
769	.Cm Banner ,	775	.Cm Banner ,
770	.Cm ChrootDirectory ,	776	.Cm ChrootDirectory ,
		777	.Cm DenyGroups ,
		778	.Cm DenyUsers ,
771	.Cm ForceCommand ,	779	.Cm ForceCommand ,
772	.Cm GatewayPorts ,	780	.Cm GatewayPorts ,
773	.Cm GSSAPIAuthentication ,	781	.Cm GSSAPIAuthentication ,
@@ -871,6 +879,9 @@ Multiple forwards may be specified by separating them with whitespace.
871	An argument of	879	An argument of
872	.Dq any	880	.Dq any
873	can be used to remove all restrictions and permit any forwarding requests.	881	can be used to remove all restrictions and permit any forwarding requests.
		882	An argument of
		883	.Dq none
		884	can be used to prohibit all forwarding requests.
874	By default all port forwarding requests are permitted.	885	By default all port forwarding requests are permitted.
875	.It Cm PermitRootLogin	886	.It Cm PermitRootLogin
876	Specifies whether root can log in using	887	Specifies whether root can log in using
@@ -1155,6 +1166,11 @@ is set to
1155	.Dq sandbox	1166	.Dq sandbox
1156	then the pre-authentication unprivileged process is subject to additional	1167	then the pre-authentication unprivileged process is subject to additional
1157	restrictions.	1168	restrictions.
		1169	.It Cm VersionAddendum
		1170	Optionally specifies additional text to append to the SSH protocol banner
		1171	sent by the server upon connection.
		1172	The default is
		1173	.Dq none .
1158	.It Cm X11DisplayOffset	1174	.It Cm X11DisplayOffset
1159	Specifies the first display number available for	1175	Specifies the first display number available for
1160	.Xr sshd 8 Ns 's	1176	.Xr sshd 8 Ns 's