.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.\" $OpenBSD: sshd_config.5,v 1.111 2009/10/28 21:45:08 jmc Exp $
+.\" $OpenBSD: sshd_config.5,v 1.114 2009/12/29 16:38:41 stevesk Exp $
.Dd $Mdocdate$
.Dt SSHD_CONFIG 5
.Os
The default is
.Dq yes .
.It Cm ChrootDirectory
-Specifies a path to
+Specifies the pathname of a directory to
.Xr chroot 2
to after authentication.
-This path, and all its components, must be root-owned directories that are
+All components of the pathname must be root-owned directories that are
not writable by any other user or group.
After the chroot,
.Xr sshd 8
changes the working directory to the user's home directory.
.Pp
-The path may contain the following tokens that are expanded at runtime once
+The pathname may contain the following tokens that are expanded at runtime once
the connecting user has been authenticated: %% is replaced by a literal '%',
%h is replaced by the home directory of the user being authenticated, and
%u is replaced by the username of that user.
The default is
.Dq yes .
Note that this option applies to protocol version 2 only.
-.It Cm RDomain
+.It Cm RoutingDomain
Set the routing domain number.
The default routing domain is set by the system.
.It Cm RhostsRSAAuthentication
directory or files world-writable.
The default is
.Dq yes .
+Note that this does not apply to
+.Cm ChrootDirectory ,
+whose permissions and ownership are checked unconditionally.
.It Cm Subsystem
Configures an external subsystem (e.g. file transfer daemon).
Arguments should be a subsystem name and a command (with optional arguments)