.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.\" $OpenBSD: ssh.1,v 1.120 2001/07/20 18:41:51 stevesk Exp $
+.\" $OpenBSD: ssh.1,v 1.126 2001/08/01 22:16:45 markus Exp $
.Dd September 25, 1999
.Dt SSH 1
.Os
different authentication methods are available.
Using the default values for
.Cm PreferredAuthentications ,
-the client will try to authenticate first using the public key method;
-if this method fails password authentication is attempted,
-and finally if this method fails keyboard-interactive authentication
-is attempted.
-If this method fails password authentication is
-tried.
+the client will try to authenticate first using the hostbased method;
+if this method fails public key authentication is attempted,
+and finally if this method fails keyboard-interactive and
+password authentication are tried.
.Pp
The public key method is similar to RSA authentication described
in the previous section and allows the RSA or DSA algorithm to be used:
.Fl i
options (and multiple identities specified in
configuration files).
+.It Fl I Ar smartcard_device
+Specifies which smartcard device to use. The argument is
+the device
+.Nm
+should use to communicate with a smartcard used for storing the user's
+private RSA key.
.It Fl k
Disables forwarding of Kerberos tickets and AFS tokens.
This may also be specified on a per-host basis in the configuration file.
slow connections, but will only slow down things on fast networks.
The default value can be set on a host-by-host basis in the
configuration files; see the
-.Cm Compress
+.Cm Compression
option below.
.It Fl L Ar port:host:hostport
Specifies that the given port on the local (client) host is to be
back to rsh or exiting.
The argument must be an integer.
This may be useful in scripts if the connection sometimes fails.
-The default is 4.
+The default is 1.
.It Cm EscapeChar
Sets the escape character (default:
.Ql ~ ) .
over another method (e.g.
.Cm password )
The default for this option is:
-.Dq publickey,hostbased,password,keyboard-interactive
+.Dq hostbased,publickey,keyboard-interactive,password
.It Cm Protocol
Specifies the protocol versions
.Nm
Note that this option applies to protocol version 1 only.
.It Cm ChallengeResponseAuthentication
Specifies whether to use challenge response authentication.
-Currently there is only support for
-.Xr skey 1
-authentication.
The argument to this keyword must be
.Dq yes
or
.Dq no .
The default is
-.Dq no .
+.Dq yes .
+.It Cm SmartcardDevice
+Specifies which smartcard device to use. The argument to this keyword is
+the device
+.Nm
+should use to communicate with a smartcard used for storing the user's
+private RSA key. By default, no device is specified and smartcard support
+is not activated.
.It Cm StrictHostKeyChecking
If this flag is set to
.Dq yes ,
.%A T. Rinne
.%A S. Lehtinen
.%T "SSH Protocol Architecture"
-.%N draft-ietf-secsh-architecture-07.txt
-.%D January 2001
+.%N draft-ietf-secsh-architecture-09.txt
+.%D July 2001
.%O work in progress material
.Re