1 files changed, 14 insertions, 9 deletions
diff --git a/sshd_config.5 b/sshd_config.5
index a3357d445..6c3ef6947 100644
--- a/sshd_config.5
+++ b/sshd_config.5
@@ -34,8 +34,8 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: sshd_config.5,v 1.102 2009/02/22 23:59:25 djm Exp $
+.\" $OpenBSD: sshd_config.5,v 1.106 2009/04/21 15:13:17 stevesk Exp $
-.Dd $Mdocdate: February 22 2009 $
+.Dd $Mdocdate: April 21 2009 $
 .Dt SSHD_CONFIG 5
 .Os
 .Sh NAME
@@ -176,10 +176,9 @@ then no banner is displayed.
 This option is only available for protocol version 2.
 By default, no banner is displayed.
 .It Cm ChallengeResponseAuthentication
-Specifies whether challenge-response authentication is allowed.
+Specifies whether challenge-response authentication is allowed (e.g. via
-All authentication styles from
+PAM or though authentication styles supported in
-.Xr login.conf 5
+.Xr login.conf 5 )
-are supported.
 The default is
 .Dq yes .
 .It Cm ChrootDirectory
@@ -188,6 +187,9 @@ Specifies a path to
 to after authentication.
 This path, and all its components, must be root-owned directories that are
 not writable by any other user or group.
+After the chroot,
+.Xr sshd 8
+changes the working directory to the user's home directory.
 .Pp
 The path may contain the following tokens that are expanded at runtime once
 the connecting user has been authenticated: %% is replaced by a literal '%',
@@ -197,7 +199,7 @@ the connecting user has been authenticated: %% is replaced by a literal '%',
 The
 .Cm ChrootDirectory
 must contain the necessary files and directories to support the
-users' session.
+user's session.
 For an interactive session this requires at least a shell, typically
 .Xr sh 1 ,
 and basic
@@ -215,8 +217,11 @@ devices.
 For file transfer sessions using
 .Dq sftp ,
 no additional configuration of the environment is necessary if the
-in-process sftp server is used (see
+in-process sftp server is used,
-.Cm Subsystem
+though sessions which use logging do require
+.Pa /dev/log
+inside the chroot directory (see
+.Xr sftp-server 8
 for details).
 .Pp
 The default is not to

diff --git a/sshd_config.5 b/sshd_config.5 index a3357d445..6c3ef6947 100644 --- a/sshd_config.5 +++ b/sshd_config.5
@@ -34,8 +34,8 @@
34	.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF	34	.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
35	.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.	35	.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
36	.\"	36	.\"
37	.\" $OpenBSD: sshd_config.5,v 1.102 2009/02/22 23:59:25 djm Exp $	37	.\" $OpenBSD: sshd_config.5,v 1.106 2009/04/21 15:13:17 stevesk Exp $
38	.Dd $Mdocdate: February 22 2009 $	38	.Dd $Mdocdate: April 21 2009 $
39	.Dt SSHD_CONFIG 5	39	.Dt SSHD_CONFIG 5
40	.Os	40	.Os
41	.Sh NAME	41	.Sh NAME
@@ -176,10 +176,9 @@ then no banner is displayed.
176	This option is only available for protocol version 2.	176	This option is only available for protocol version 2.
177	By default, no banner is displayed.	177	By default, no banner is displayed.
178	.It Cm ChallengeResponseAuthentication	178	.It Cm ChallengeResponseAuthentication
179	Specifies whether challenge-response authentication is allowed.	179	Specifies whether challenge-response authentication is allowed (e.g. via
180	All authentication styles from	180	PAM or though authentication styles supported in
181	.Xr login.conf 5	181	.Xr login.conf 5 )
182	are supported.
183	The default is	182	The default is
184	.Dq yes .	183	.Dq yes .
185	.It Cm ChrootDirectory	184	.It Cm ChrootDirectory
@@ -188,6 +187,9 @@ Specifies a path to
188	to after authentication.	187	to after authentication.
189	This path, and all its components, must be root-owned directories that are	188	This path, and all its components, must be root-owned directories that are
190	not writable by any other user or group.	189	not writable by any other user or group.
		190	After the chroot,
		191	.Xr sshd 8
		192	changes the working directory to the user's home directory.
191	.Pp	193	.Pp
192	The path may contain the following tokens that are expanded at runtime once	194	The path may contain the following tokens that are expanded at runtime once
193	the connecting user has been authenticated: %% is replaced by a literal '%',	195	the connecting user has been authenticated: %% is replaced by a literal '%',
@@ -197,7 +199,7 @@ the connecting user has been authenticated: %% is replaced by a literal '%',
197	The	199	The
198	.Cm ChrootDirectory	200	.Cm ChrootDirectory
199	must contain the necessary files and directories to support the	201	must contain the necessary files and directories to support the
200	users' session.	202	user's session.
201	For an interactive session this requires at least a shell, typically	203	For an interactive session this requires at least a shell, typically
202	.Xr sh 1 ,	204	.Xr sh 1 ,
203	and basic	205	and basic
@@ -215,8 +217,11 @@ devices.
215	For file transfer sessions using	217	For file transfer sessions using
216	.Dq sftp ,	218	.Dq sftp ,
217	no additional configuration of the environment is necessary if the	219	no additional configuration of the environment is necessary if the
218	in-process sftp server is used (see	220	in-process sftp server is used,
219	.Cm Subsystem	221	though sessions which use logging do require
		222	.Pa /dev/log
		223	inside the chroot directory (see
		224	.Xr sftp-server 8
220	for details).	225	for details).
221	.Pp	226	.Pp
222	The default is not to	227	The default is not to