1 files changed, 14 insertions, 7 deletions
diff --git a/sshd_config.5 b/sshd_config.5
index d5f19ea3d..15bd8d988 100644
--- a/sshd_config.5
+++ b/sshd_config.5
@@ -34,8 +34,8 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: sshd_config.5,v 1.96 2008/07/02 02:24:18 djm Exp $
+.\" $OpenBSD: sshd_config.5,v 1.102 2009/02/22 23:59:25 djm Exp $
-.Dd $Mdocdate: July 2 2008 $
+.Dd $Mdocdate: February 22 2009 $
 .Dt SSHD_CONFIG 5
 .Os
 .Sh NAME
@@ -267,9 +267,9 @@ and
 .Dq cast128-cbc .
 The default is:
 .Bd -literal -offset 3n
-aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,
+aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,
-arcfour256,arcfour,aes192-cbc,aes256-cbc,aes128-ctr,
+aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,
-aes192-ctr,aes256-ctr
+aes256-cbc,arcfour
 .Ed
 .It Cm ClientAliveCountMax
 Sets the number of client alive messages (see below) which may be
@@ -402,7 +402,7 @@ The default is
 .Dq no .
 Note that this option applies to protocol version 2 only.
 .It Cm GSSAPIKeyExchange
-Specifies whether key exchange based on GSSAPI is allowed. GSSAPI key exchange 
+Specifies whether key exchange based on GSSAPI is allowed. GSSAPI key exchange
 doesn't rely on ssh keys to verify host identity.
 The default is
 .Dq no .
@@ -430,6 +430,11 @@ Note that this option applies only to protocol version 2 GSSAPI connections,
 and setting it to 
 .Dq no
 may only work with recent Kerberos GSSAPI libraries.
+.It Cm GSSAPIStoreCredentialsOnRekey
+Controls whether the user's GSSAPI credentials should be updated following a 
+successful connection rekeying. This option can be used to accepted renewed 
+or updated credentials from a compatible client. The default is
+.Dq no .
 .It Cm HostbasedAuthentication
 Specifies whether rhosts or /etc/hosts.equiv authentication together
 with successful public key client host authentication is allowed
@@ -643,6 +648,7 @@ Only a subset of keywords may be used on the lines following a
 .Cm Match
 keyword.
 Available keywords are
+.Cm AllowAgentForwarding ,
 .Cm AllowTcpForwarding ,
 .Cm Banner ,
 .Cm ChrootDirectory ,
@@ -655,12 +661,13 @@ Available keywords are
 .Cm MaxAuthTries ,
 .Cm MaxSessions ,
 .Cm PasswordAuthentication ,
+.Cm PermitEmptyPasswords ,
 .Cm PermitOpen ,
 .Cm PermitRootLogin ,
 .Cm RhostsRSAAuthentication ,
 .Cm RSAAuthentication ,
 .Cm X11DisplayOffset ,
-.Cm X11Forwarding ,
+.Cm X11Forwarding
 and
 .Cm X11UseLocalHost .
 .It Cm MaxAuthTries

diff --git a/sshd_config.5 b/sshd_config.5 index d5f19ea3d..15bd8d988 100644 --- a/sshd_config.5 +++ b/sshd_config.5
@@ -34,8 +34,8 @@
34	.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF	34	.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
35	.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.	35	.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
36	.\"	36	.\"
37	.\" $OpenBSD: sshd_config.5,v 1.96 2008/07/02 02:24:18 djm Exp $	37	.\" $OpenBSD: sshd_config.5,v 1.102 2009/02/22 23:59:25 djm Exp $
38	.Dd $Mdocdate: July 2 2008 $	38	.Dd $Mdocdate: February 22 2009 $
39	.Dt SSHD_CONFIG 5	39	.Dt SSHD_CONFIG 5
40	.Os	40	.Os
41	.Sh NAME	41	.Sh NAME
@@ -267,9 +267,9 @@ and
267	.Dq cast128-cbc .	267	.Dq cast128-cbc .
268	The default is:	268	The default is:
269	.Bd -literal -offset 3n	269	.Bd -literal -offset 3n
270	aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,	270	aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,
271	arcfour256,arcfour,aes192-cbc,aes256-cbc,aes128-ctr,	271	aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,
272	aes192-ctr,aes256-ctr	272	aes256-cbc,arcfour
273	.Ed	273	.Ed
274	.It Cm ClientAliveCountMax	274	.It Cm ClientAliveCountMax
275	Sets the number of client alive messages (see below) which may be	275	Sets the number of client alive messages (see below) which may be
@@ -402,7 +402,7 @@ The default is
402	.Dq no .	402	.Dq no .
403	Note that this option applies to protocol version 2 only.	403	Note that this option applies to protocol version 2 only.
404	.It Cm GSSAPIKeyExchange	404	.It Cm GSSAPIKeyExchange
405	Specifies whether key exchange based on GSSAPI is allowed. GSSAPI key exchange	405	Specifies whether key exchange based on GSSAPI is allowed. GSSAPI key exchange
406	doesn't rely on ssh keys to verify host identity.	406	doesn't rely on ssh keys to verify host identity.
407	The default is	407	The default is
408	.Dq no .	408	.Dq no .
@@ -430,6 +430,11 @@ Note that this option applies only to protocol version 2 GSSAPI connections,
430	and setting it to	430	and setting it to
431	.Dq no	431	.Dq no
432	may only work with recent Kerberos GSSAPI libraries.	432	may only work with recent Kerberos GSSAPI libraries.
		433	.It Cm GSSAPIStoreCredentialsOnRekey
		434	Controls whether the user's GSSAPI credentials should be updated following a
		435	successful connection rekeying. This option can be used to accepted renewed
		436	or updated credentials from a compatible client. The default is
		437	.Dq no .
433	.It Cm HostbasedAuthentication	438	.It Cm HostbasedAuthentication
434	Specifies whether rhosts or /etc/hosts.equiv authentication together	439	Specifies whether rhosts or /etc/hosts.equiv authentication together
435	with successful public key client host authentication is allowed	440	with successful public key client host authentication is allowed
@@ -643,6 +648,7 @@ Only a subset of keywords may be used on the lines following a
643	.Cm Match	648	.Cm Match
644	keyword.	649	keyword.
645	Available keywords are	650	Available keywords are
		651	.Cm AllowAgentForwarding ,
646	.Cm AllowTcpForwarding ,	652	.Cm AllowTcpForwarding ,
647	.Cm Banner ,	653	.Cm Banner ,
648	.Cm ChrootDirectory ,	654	.Cm ChrootDirectory ,
@@ -655,12 +661,13 @@ Available keywords are
655	.Cm MaxAuthTries ,	661	.Cm MaxAuthTries ,
656	.Cm MaxSessions ,	662	.Cm MaxSessions ,
657	.Cm PasswordAuthentication ,	663	.Cm PasswordAuthentication ,
		664	.Cm PermitEmptyPasswords ,
658	.Cm PermitOpen ,	665	.Cm PermitOpen ,
659	.Cm PermitRootLogin ,	666	.Cm PermitRootLogin ,
660	.Cm RhostsRSAAuthentication ,	667	.Cm RhostsRSAAuthentication ,
661	.Cm RSAAuthentication ,	668	.Cm RSAAuthentication ,
662	.Cm X11DisplayOffset ,	669	.Cm X11DisplayOffset ,
663	.Cm X11Forwarding ,	670	.Cm X11Forwarding
664	and	671	and
665	.Cm X11UseLocalHost .	672	.Cm X11UseLocalHost .
666	.It Cm MaxAuthTries	673	.It Cm MaxAuthTries