- jmc@cvs.openbsd.org 2008/05/07 08:00:14

     [sshd_config.5]
     sort;

diff --git a/ChangeLog b/ChangeLog
index d1b6fcd698e177a2c0198b02bb872544d74b3f1d..cf3907edb98e7577f0e1500e57446d667c11d196 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -55,6 +55,9 @@
    - pyr@cvs.openbsd.org 2008/05/07 06:43:35
      [sshd_config]
      push the sshd_config bits in, spotted by ajacoutot@
+   - jmc@cvs.openbsd.org 2008/05/07 08:00:14
+     [sshd_config.5]
+     sort;
 
 20080403
  - (djm) [openbsd-compat/bsd-poll.c] Include stdlib.h to avoid compile-

diff --git a/sshd_config.5 b/sshd_config.5
index 042472218fba3eb1ec9ce87a92201fcf2cf4bb2b..62d54090035bf273b087bea3f791434ba59faf13 100644 (file)
--- a/sshd_config.5
+++ b/sshd_config.5
@@ -34,7 +34,7 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: sshd_config.5,v 1.88 2008/05/07 05:49:37 pyr Exp $
+.\" $OpenBSD: sshd_config.5,v 1.89 2008/05/07 08:00:14 jmc Exp $
 .Dd $Mdocdate$
 .Dt SSHD_CONFIG 5
 .Os
@@ -95,6 +95,15 @@ Valid arguments are
 (use IPv6 only).
 The default is
 .Dq any .
+.It Cm AllowAgentForwarding
+Specifies whether
+.Xr ssh-agent 1
+forwarding is permitted.
+The default is
+.Dq yes .
+Note that disabling agent forwarding does not improve security
+unless users are also denied shell access, as they can always install
+their own forwarders.
 .It Cm AllowGroups
 This keyword can be followed by a list of group name patterns, separated
 by spaces.
@@ -114,15 +123,6 @@ See
 in
 .Xr ssh_config 5
 for more information on patterns.
-.It Cm AllowAgentForwarding
-Specifies whether
-.Xr ssh-agent 1
-forwarding is permitted.
-The default is
-.Dq yes .
-Note that disabling Agent forwarding does not improve security
-unless users are also denied shell access, as they can always install
-their own forwarders.
 .It Cm AllowTcpForwarding
 Specifies whether TCP forwarding is permitted.
 The default is