- markus@cvs.openbsd.org 2001/08/14 09:23:02

[openssh.git] / ssh.1

diff --git a/ssh.1 b/ssh.1
index 061f5d15d681be6a8a89ef5aabda38c9c875b356..b6fe0550f42f73493f90e5b011da59ba1b004333 100644 (file)
--- a/ssh.1
+++ b/ssh.1
@@ -34,7 +34,7 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: ssh.1,v 1.120 2001/07/20 18:41:51 stevesk Exp $
+.\" $OpenBSD: ssh.1,v 1.126 2001/08/01 22:16:45 markus Exp $
 .Dd September 25, 1999
 .Dt SSH 1
 .Os
@@ -209,12 +209,10 @@ When a user connects using the protocol version 2
 different authentication methods are available.
 Using the default values for
 .Cm PreferredAuthentications ,
-the client will try to authenticate first using the public key method;
-if this method fails password authentication is attempted,
-and finally if this method fails keyboard-interactive authentication
-is attempted.
-If this method fails password authentication is
-tried.
+the client will try to authenticate first using the hostbased method;
+if this method fails public key authentication is attempted,
+and finally if this method fails keyboard-interactive and
+password authentication are tried.
 .Pp
 The public key method is similar to RSA authentication described
 in the previous section and allows the RSA or DSA algorithm to be used:
@@ -450,6 +448,12 @@ It is possible to have multiple
 .Fl i
 options (and multiple identities specified in
 configuration files).
+.It Fl I Ar smartcard_device
+Specifies which smartcard device to use. The argument is
+the device
+.Nm
+should use to communicate with a smartcard used for storing the user's
+private RSA key.
 .It Fl k
 Disables forwarding of Kerberos tickets and AFS tokens.
 This may also be specified on a per-host basis in the configuration file.
@@ -555,7 +559,7 @@ Compression is desirable on modem lines and other
 slow connections, but will only slow down things on fast networks.
 The default value can be set on a host-by-host basis in the
 configuration files; see the
-.Cm Compress
+.Cm Compression
 option below.
 .It Fl L Ar port:host:hostport
 Specifies that the given port on the local (client) host is to be
@@ -734,7 +738,7 @@ Specifies the number of tries (one per second) to make before falling
 back to rsh or exiting.
 The argument must be an integer.
 This may be useful in scripts if the connection sometimes fails.
-The default is 4.
+The default is 1.
 .It Cm EscapeChar
 Sets the escape character (default:
 .Ql ~ ) .
@@ -912,7 +916,7 @@ authentication methods. This allows a client to prefer one method (e.g.
 over another method (e.g.
 .Cm password )
 The default for this option is:
-.Dq publickey,hostbased,password,keyboard-interactive
+.Dq hostbased,publickey,keyboard-interactive,password
 .It Cm Protocol
 Specifies the protocol versions
 .Nm
@@ -1012,15 +1016,19 @@ The default is
 Note that this option applies to protocol version 1 only.
 .It Cm ChallengeResponseAuthentication
 Specifies whether to use challenge response authentication.
-Currently there is only support for
-.Xr skey 1
-authentication.
 The argument to this keyword must be
 .Dq yes
 or
 .Dq no .
 The default is
-.Dq no .
+.Dq yes .
+.It Cm SmartcardDevice
+Specifies which smartcard device to use. The argument to this keyword is
+the device
+.Nm
+should use to communicate with a smartcard used for storing the user's
+private RSA key. By default, no device is specified and smartcard support
+is not activated.
 .It Cm StrictHostKeyChecking
 If this flag is set to
 .Dq yes ,
@@ -1391,7 +1399,7 @@ protocol versions 1.5 and 2.0.
 .%A T. Rinne
 .%A S. Lehtinen
 .%T "SSH Protocol Architecture"
-.%N draft-ietf-secsh-architecture-07.txt
-.%D January 2001
+.%N draft-ietf-secsh-architecture-09.txt
+.%D July 2001
 .%O work in progress material
 .Re