Import of OpenSSH 4.7p1

[gssapi-openssh.git] / openssh / sshd.8

diff --git a/openssh/sshd.8 b/openssh/sshd.8
index 522279ee351d4594db1033ae8746c59035510f46..12c2cefec6b7e4d6c9db7b38ca0a1c0185a8433d 100644 (file)
--- a/openssh/sshd.8
+++ b/openssh/sshd.8
@@ -34,8 +34,8 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"

-.\" $OpenBSD: sshd.8,v 1.234 2006/08/21 08:15:57 dtucker Exp $
-.Dd September 25, 1999
+.\" $OpenBSD: sshd.8,v 1.237 2007/06/07 19:37:34 pvalchev Exp $
+.Dd $Mdocdate: August 16 2007 $

 .Dt SSHD 8
 .Os
 .Sh NAME
 .Dt SSHD 8
 .Os
 .Sh NAME


@@ -58,8 +58,11 @@
 .Nm
 (OpenSSH Daemon) is the daemon program for
 .Xr ssh 1 .
 .Nm
 (OpenSSH Daemon) is the daemon program for
 .Xr ssh 1 .

-Together these programs replace rlogin and rsh, and
-provide secure encrypted communications between two untrusted hosts
+Together these programs replace
+.Xr rlogin 1
+and
+.Xr rsh 1 ,
+and provide secure encrypted communications between two untrusted hosts

 over an insecure network.
 .Pp
 .Nm
 over an insecure network.
 .Pp
 .Nm


@@ -117,7 +120,7 @@ Maximum is 3.
 When this option is specified,
 .Nm
 will send the output to the standard error instead of the system log.
 When this option is specified,
 .Nm
 will send the output to the standard error instead of the system log.

-.It Fl f Ar configuration_file
+.It Fl f Ar config_file

 Specifies the name of the configuration file.
 The default is
 .Pa /etc/ssh/sshd_config .
 Specifies the name of the configuration file.
 The default is
 .Pa /etc/ssh/sshd_config .


@@ -273,7 +276,7 @@ The client selects the encryption algorithm
 to use from those offered by the server.
 Additionally, session integrity is provided
 through a cryptographic message authentication code
 to use from those offered by the server.
 Additionally, session integrity is provided
 through a cryptographic message authentication code

-(hmac-sha1 or hmac-md5).
+(hmac-md5, hmac-sha1, umac-64 or hmac-ripemd160).

 .Pp
 Finally, the server and the client enter an authentication dialog.
 The client tries to authenticate itself using
 .Pp
 Finally, the server and the client enter an authentication dialog.
 The client tries to authenticate itself using


@@ -299,8 +302,9 @@ on Tru64,
 a leading
 .Ql \&*LOCKED\&*
 on FreeBSD and a leading
 a leading
 .Ql \&*LOCKED\&*
 on FreeBSD and a leading

-.Ql \&!!
-on Linux).  If there is a requirement to disable password authentication
+.Ql \&!
+on most Linuxes).
+If there is a requirement to disable password authentication

 for the account while allowing still public-key, then the passwd field
 should be set to something other than these values (eg
 .Ql NP
 for the account while allowing still public-key, then the passwd field
 should be set to something other than these values (eg
 .Ql NP


@@ -758,15 +762,6 @@ This file is used in exactly the same way as
 but allows host-based authentication without permitting login with
 rlogin/rsh.
 .Pp
 but allows host-based authentication without permitting login with
 rlogin/rsh.
 .Pp

-.It /etc/ssh/ssh_known_hosts
-Systemwide list of known host keys.
-This file should be prepared by the
-system administrator to contain the public host keys of all machines in the
-organization.
-The format of this file is described above.
-This file should be writable only by root/the owner and
-should be world-readable.
-.Pp

 .It /etc/ssh/ssh_host_key
 .It /etc/ssh/ssh_host_dsa_key
 .It /etc/ssh/ssh_host_rsa_key
 .It /etc/ssh/ssh_host_key
 .It /etc/ssh/ssh_host_dsa_key
 .It /etc/ssh/ssh_host_rsa_key


@@ -790,6 +785,15 @@ the user so their contents can be copied to known hosts files.
 These files are created using
 .Xr ssh-keygen 1 .
 .Pp
 These files are created using
 .Xr ssh-keygen 1 .
 .Pp

+.It /etc/ssh/ssh_known_hosts
+Systemwide list of known host keys.
+This file should be prepared by the
+system administrator to contain the public host keys of all machines in the
+organization.
+The format of this file is described above.
+This file should be writable only by root/the owner and
+should be world-readable.
+.Pp

 .It /etc/ssh/sshd_config
 Contains configuration data for
 .Nm sshd .
 .It /etc/ssh/sshd_config
 Contains configuration data for
 .Nm sshd .


@@ -826,6 +830,7 @@ The content of this file is not sensitive; it can be world-readable.
 .Xr ssh-add 1 ,
 .Xr ssh-agent 1 ,
 .Xr ssh-keygen 1 ,
 .Xr ssh-add 1 ,
 .Xr ssh-agent 1 ,
 .Xr ssh-keygen 1 ,

+.Xr ssh-keyscan 1 ,

 .Xr chroot 2 ,
 .Xr hosts_access 5 ,
 .Xr login.conf 5 ,
 .Xr chroot 2 ,
 .Xr hosts_access 5 ,
 .Xr login.conf 5 ,