- added .Xr's
- typos
ok djm@
+ - jmc@cvs.openbsd.org 2003/05/20 12:09:31
+ [ssh.1 ssh_config.5 sshd.8 sshd_config.5 ssh-keygen.1]
+ new sentence, new line
20030520
- (djm) OpenBSD CVS Sync
-.\" $OpenBSD: ssh-keygen.1,v 1.57 2003/05/14 18:16:20 jakob Exp $
+.\" $OpenBSD: ssh-keygen.1,v 1.58 2003/05/20 12:09:31 jmc Exp $
.\"
.\" -*- nroff -*-
.\"
.Xr ssh 1 .
.Nm
can create RSA keys for use by SSH protocol version 1 and RSA or DSA
-keys for use by SSH protocol version 2. The type of key to be generated
-is specified with the
+keys for use by SSH protocol version 2.
+The type of key to be generated is specified with the
.Fl t
option.
.Pp
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.\" $OpenBSD: ssh.1,v 1.171 2003/05/15 04:08:41 markus Exp $
+.\" $OpenBSD: ssh.1,v 1.172 2003/05/20 12:09:31 jmc Exp $
.Dd September 25, 1999
.Dt SSH 1
.Os
options (and multiple identities specified in
configuration files).
.It Fl I Ar smartcard_device
-Specifies which smartcard device to use. The argument is
-the device
+Specifies which smartcard device to use.
+The argument is the device
.Nm
should use to communicate with a smartcard used for storing the user's
private RSA key.
Quiet mode.
Causes all warning and diagnostic messages to be suppressed.
.It Fl s
-May be used to request invocation of a subsystem on the remote system. Subsystems are a feature of the SSH2 protocol which facilitate the use
-of SSH as a secure transport for other applications (eg. sftp). The
-subsystem is specified as the remote command.
+May be used to request invocation of a subsystem on the remote system.
+Subsystems are a feature of the SSH2 protocol which facilitate the use
+of SSH as a secure transport for other applications (eg. sftp).
+The subsystem is specified as the remote command.
.It Fl t
Force pseudo-tty allocation.
This can be used to execute arbitrary
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.\" $OpenBSD: ssh_config.5,v 1.10 2003/05/16 03:27:12 djm Exp $
+.\" $OpenBSD: ssh_config.5,v 1.11 2003/05/20 12:09:32 jmc Exp $
.Dd September 25, 1999
.Dt SSH_CONFIG 5
.Os
argument given on the command line (i.e., the name is not converted to
a canonicalized host name before matching).
.It Cm AddressFamily
-Specifies which address family to use when connecting. Valid arguments are
+Specifies which address family to use when connecting.
+Valid arguments are
.Dq any ,
.Dq inet
(Use IPv4 only) or
The default is 1.
.It Cm ConnectTimeout
Specifies the timeout (in seconds) used when connecting to the ssh
-server, instead of using the default system TCP timeout. This value is
-used only when the target is down or really unreachable, not when it
-refuses the connection.
+server, instead of using the default system TCP timeout.
+This value is used only when the target is down or really unreachable,
+not when it refuses the connection.
.It Cm DynamicForward
Specifies that a TCP/IP port on the local machine be forwarded
over the secure channel, and the application
specifications).
.It Cm IdentityFile
Specifies a file from which the user's RSA or DSA authentication identity
-is read. The default is
+is read.
+The default is
.Pa $HOME/.ssh/identity
for protocol version 1, and
.Pa $HOME/.ssh/id_rsa
Default is 22.
.It Cm PreferredAuthentications
Specifies the order in which the client should try protocol 2
-authentication methods. This allows a client to prefer one method (e.g.
+authentication methods.
+This allows a client to prefer one method (e.g.
.Cm keyboard-interactive )
over another method (e.g.
.Cm password )
.Dq yes .
Note that this option applies to protocol version 1 only.
.It Cm SmartcardDevice
-Specifies which smartcard device to use. The argument to this keyword is
-the device
+Specifies which smartcard device to use.
+The argument to this keyword is the device
.Nm ssh
should use to communicate with a smartcard used for storing the user's
-private RSA key. By default, no device is specified and smartcard support
-is not activated.
+private RSA key.
+By default, no device is specified and smartcard support is not activated.
.It Cm StrictHostKeyChecking
If this flag is set to
.Dq yes ,
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.\" $OpenBSD: sshd.8,v 1.196 2003/04/30 20:41:07 david Exp $
+.\" $OpenBSD: sshd.8,v 1.197 2003/05/20 12:09:32 jmc Exp $
.Dd September 25, 1999
.Dt SSHD 8
.Os
.Ar host/port .
Multiple
.Cm permitopen
-options may be applied separated by commas. No pattern matching is
-performed on the specified hostnames, they must be literal domains or
-addresses.
+options may be applied separated by commas.
+No pattern matching is performed on the specified hostnames,
+they must be literal domains or addresses.
.El
.Ss Examples
1024 33 12121.\|.\|.\|312314325 ylo@foo.bar
The fields are separated by spaces.
.Pp
Hostnames is a comma-separated list of patterns
-.Pf ( Ql \&*
-and
-.Ql \&?
+.Pf ( Ql \&*
+and
+.Ql \&?
act as
wildcards); each pattern in turn is matched against the canonical host
name (when authenticating a client) or against the user-supplied
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.\" $OpenBSD: sshd_config.5,v 1.16 2003/04/30 01:16:20 mouring Exp $
+.\" $OpenBSD: sshd_config.5,v 1.17 2003/05/20 12:09:32 jmc Exp $
.Dd September 25, 1999
.Dt SSHD_CONFIG 5
.Os
for user authentication.
.Cm AuthorizedKeysFile
may contain tokens of the form %T which are substituted during connection
-set-up. The following tokens are defined: %% is replaced by a literal '%',
+set-up.
+The following tokens are defined: %% is replaced by a literal '%',
%h is replaced by the home directory of the user being authenticated and
%u is replaced by the username of that user.
After expansion,
Sets the number of client alive messages (see above) which may be
sent without
.Nm sshd
-receiving any messages back from the client. If this threshold is
-reached while client alive messages are being sent,
+receiving any messages back from the client.
+If this threshold is reached while client alive messages are being sent,
.Nm sshd
-will disconnect the client, terminating the session. It is important
-to note that the use of client alive messages is very different from
+will disconnect the client, terminating the session.
+It is important to note that the use of client alive messages is very
+different from
.Cm KeepAlive
-(below). The client alive messages are sent through the
-encrypted channel and therefore will not be spoofable. The TCP keepalive
-option enabled by
+(below).
+The client alive messages are sent through the encrypted channel
+and therefore will not be spoofable.
+The TCP keepalive option enabled by
.Cm KeepAlive
-is spoofable. The client alive mechanism is valuable when the client or
+is spoofable.
+The client alive mechanism is valuable when the client or
server depend on knowing when a connection has become inactive.
.Pp
-The default value is 3. If
+The default value is 3.
+If
.Cm ClientAliveInterval
(above) is set to 15, and
.Cm ClientAliveCountMax
.Nm sshd
will listen on the address and all prior
.Cm Port
-options specified. The default is to listen on all local
-addresses.
+options specified.
+The default is to listen on all local addresses.
Multiple
.Cm ListenAddress
-options are permitted. Additionally, any
+options are permitted.
+Additionally, any
.Cm Port
options must precede this option for non port qualified addresses.
.It Cm LoginGraceTime
.Ar command
option has been specified
(which may be useful for taking remote backups even if root login is
-normally not allowed). All other authentication methods are disabled
-for root.
+normally not allowed).
+All other authentication methods are disabled for root.
.Pp
If this option is set to
.Dq no