summaryrefslogtreecommitdiff
path: root/usr.bin/ssh
diff options
context:
space:
mode:
authorJason McIntyre <jmc@cvs.openbsd.org>2003-05-20 12:09:33 +0000
committerJason McIntyre <jmc@cvs.openbsd.org>2003-05-20 12:09:33 +0000
commitbeceae96518704bad08d1fe9d005de5e0f74a346 (patch)
treead107a1826847f0906740ea90d790929e884e8fe /usr.bin/ssh
parentea314b3b0ab481cdaa7d5a50955ca5feb86f451b (diff)
new sentence, new line
Diffstat (limited to 'usr.bin/ssh')
-rw-r--r--usr.bin/ssh/ssh-keygen.16
-rw-r--r--usr.bin/ssh/ssh.113
-rw-r--r--usr.bin/ssh/ssh_config.525
-rw-r--r--usr.bin/ssh/sshd.814
-rw-r--r--usr.bin/ssh/sshd_config.538
5 files changed, 53 insertions, 43 deletions
diff --git a/usr.bin/ssh/ssh-keygen.1 b/usr.bin/ssh/ssh-keygen.1
index 613d71a0772..1583384af54 100644
--- a/usr.bin/ssh/ssh-keygen.1
+++ b/usr.bin/ssh/ssh-keygen.1
@@ -1,4 +1,4 @@
-.\" $OpenBSD: ssh-keygen.1,v 1.57 2003/05/14 18:16:20 jakob Exp $
+.\" $OpenBSD: ssh-keygen.1,v 1.58 2003/05/20 12:09:31 jmc Exp $
.\"
.\" -*- nroff -*-
.\"
@@ -93,8 +93,8 @@ generates, manages and converts authentication keys for
.Xr ssh 1 .
.Nm
can create RSA keys for use by SSH protocol version 1 and RSA or DSA
-keys for use by SSH protocol version 2. The type of key to be generated
-is specified with the
+keys for use by SSH protocol version 2.
+The type of key to be generated is specified with the
.Fl t
option.
.Pp
diff --git a/usr.bin/ssh/ssh.1 b/usr.bin/ssh/ssh.1
index f4b1679e358..d8af4de62e8 100644
--- a/usr.bin/ssh/ssh.1
+++ b/usr.bin/ssh/ssh.1
@@ -34,7 +34,7 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.\" $OpenBSD: ssh.1,v 1.171 2003/05/15 04:08:41 markus Exp $
+.\" $OpenBSD: ssh.1,v 1.172 2003/05/20 12:09:31 jmc Exp $
.Dd September 25, 1999
.Dt SSH 1
.Os
@@ -488,8 +488,8 @@ It is possible to have multiple
options (and multiple identities specified in
configuration files).
.It Fl I Ar smartcard_device
-Specifies which smartcard device to use. The argument is
-the device
+Specifies which smartcard device to use.
+The argument is the device
.Nm
should use to communicate with a smartcard used for storing the user's
private RSA key.
@@ -542,9 +542,10 @@ per-host basis in the configuration file.
Quiet mode.
Causes all warning and diagnostic messages to be suppressed.
.It Fl s
-May be used to request invocation of a subsystem on the remote system. Subsystems are a feature of the SSH2 protocol which facilitate the use
-of SSH as a secure transport for other applications (eg. sftp). The
-subsystem is specified as the remote command.
+May be used to request invocation of a subsystem on the remote system.
+Subsystems are a feature of the SSH2 protocol which facilitate the use
+of SSH as a secure transport for other applications (eg. sftp).
+The subsystem is specified as the remote command.
.It Fl t
Force pseudo-tty allocation.
This can be used to execute arbitrary
diff --git a/usr.bin/ssh/ssh_config.5 b/usr.bin/ssh/ssh_config.5
index 67166b75808..99050d38ac4 100644
--- a/usr.bin/ssh/ssh_config.5
+++ b/usr.bin/ssh/ssh_config.5
@@ -34,7 +34,7 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.\" $OpenBSD: ssh_config.5,v 1.10 2003/05/16 03:27:12 djm Exp $
+.\" $OpenBSD: ssh_config.5,v 1.11 2003/05/20 12:09:32 jmc Exp $
.Dd September 25, 1999
.Dt SSH_CONFIG 5
.Os
@@ -116,7 +116,8 @@ The host is the
argument given on the command line (i.e., the name is not converted to
a canonicalized host name before matching).
.It Cm AddressFamily
-Specifies which address family to use when connecting. Valid arguments are
+Specifies which address family to use when connecting.
+Valid arguments are
.Dq any ,
.Dq inet
(Use IPv4 only) or
@@ -236,9 +237,9 @@ This may be useful in scripts if the connection sometimes fails.
The default is 1.
.It Cm ConnectTimeout
Specifies the timeout (in seconds) used when connecting to the ssh
-server, instead of using the default system TCP timeout. This value is
-used only when the target is down or really unreachable, not when it
-refuses the connection.
+server, instead of using the default system TCP timeout.
+This value is used only when the target is down or really unreachable,
+not when it refuses the connection.
.It Cm DynamicForward
Specifies that a TCP/IP port on the local machine be forwarded
over the secure channel, and the application
@@ -351,7 +352,8 @@ Numeric IP addresses are also permitted (both on the command line and in
specifications).
.It Cm IdentityFile
Specifies a file from which the user's RSA or DSA authentication identity
-is read. The default is
+is read.
+The default is
.Pa $HOME/.ssh/identity
for protocol version 1, and
.Pa $HOME/.ssh/id_rsa
@@ -448,7 +450,8 @@ Specifies the port number to connect on the remote host.
Default is 22.
.It Cm PreferredAuthentications
Specifies the order in which the client should try protocol 2
-authentication methods. This allows a client to prefer one method (e.g.
+authentication methods.
+This allows a client to prefer one method (e.g.
.Cm keyboard-interactive )
over another method (e.g.
.Cm password )
@@ -561,12 +564,12 @@ The default is
.Dq yes .
Note that this option applies to protocol version 1 only.
.It Cm SmartcardDevice
-Specifies which smartcard device to use. The argument to this keyword is
-the device
+Specifies which smartcard device to use.
+The argument to this keyword is the device
.Nm ssh
should use to communicate with a smartcard used for storing the user's
-private RSA key. By default, no device is specified and smartcard support
-is not activated.
+private RSA key.
+By default, no device is specified and smartcard support is not activated.
.It Cm StrictHostKeyChecking
If this flag is set to
.Dq yes ,
diff --git a/usr.bin/ssh/sshd.8 b/usr.bin/ssh/sshd.8
index f7464d95b79..827f4f77c70 100644
--- a/usr.bin/ssh/sshd.8
+++ b/usr.bin/ssh/sshd.8
@@ -34,7 +34,7 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.\" $OpenBSD: sshd.8,v 1.196 2003/04/30 20:41:07 david Exp $
+.\" $OpenBSD: sshd.8,v 1.197 2003/05/20 12:09:32 jmc Exp $
.Dd September 25, 1999
.Dt SSHD 8
.Os
@@ -497,9 +497,9 @@ IPv6 addresses can be specified with an alternative syntax:
.Ar host/port .
Multiple
.Cm permitopen
-options may be applied separated by commas. No pattern matching is
-performed on the specified hostnames, they must be literal domains or
-addresses.
+options may be applied separated by commas.
+No pattern matching is performed on the specified hostnames,
+they must be literal domains or addresses.
.El
.Ss Examples
1024 33 12121.\|.\|.\|312314325 ylo@foo.bar
@@ -525,9 +525,9 @@ bits, exponent, modulus, comment.
The fields are separated by spaces.
.Pp
Hostnames is a comma-separated list of patterns
-.Pf ( Ql \&*
-and
-.Ql \&?
+.Pf ( Ql \&*
+and
+.Ql \&?
act as
wildcards); each pattern in turn is matched against the canonical host
name (when authenticating a client) or against the user-supplied
diff --git a/usr.bin/ssh/sshd_config.5 b/usr.bin/ssh/sshd_config.5
index a563b62bdb5..1c6c10fc51d 100644
--- a/usr.bin/ssh/sshd_config.5
+++ b/usr.bin/ssh/sshd_config.5
@@ -34,7 +34,7 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.\" $OpenBSD: sshd_config.5,v 1.16 2003/04/30 01:16:20 mouring Exp $
+.\" $OpenBSD: sshd_config.5,v 1.17 2003/05/20 12:09:32 jmc Exp $
.Dd September 25, 1999
.Dt SSHD_CONFIG 5
.Os
@@ -107,7 +107,8 @@ Specifies the file that contains the public keys that can be used
for user authentication.
.Cm AuthorizedKeysFile
may contain tokens of the form %T which are substituted during connection
-set-up. The following tokens are defined: %% is replaced by a literal '%',
+set-up.
+The following tokens are defined: %% is replaced by a literal '%',
%h is replaced by the home directory of the user being authenticated and
%u is replaced by the username of that user.
After expansion,
@@ -153,20 +154,24 @@ This option applies to protocol version 2 only.
Sets the number of client alive messages (see above) which may be
sent without
.Nm sshd
-receiving any messages back from the client. If this threshold is
-reached while client alive messages are being sent,
+receiving any messages back from the client.
+If this threshold is reached while client alive messages are being sent,
.Nm sshd
-will disconnect the client, terminating the session. It is important
-to note that the use of client alive messages is very different from
+will disconnect the client, terminating the session.
+It is important to note that the use of client alive messages is very
+different from
.Cm KeepAlive
-(below). The client alive messages are sent through the
-encrypted channel and therefore will not be spoofable. The TCP keepalive
-option enabled by
+(below).
+The client alive messages are sent through the encrypted channel
+and therefore will not be spoofable.
+The TCP keepalive option enabled by
.Cm KeepAlive
-is spoofable. The client alive mechanism is valuable when the client or
+is spoofable.
+The client alive mechanism is valuable when the client or
server depend on knowing when a connection has become inactive.
.Pp
-The default value is 3. If
+The default value is 3.
+If
.Cm ClientAliveInterval
(above) is set to 15, and
.Cm ClientAliveCountMax
@@ -369,11 +374,12 @@ is not specified,
.Nm sshd
will listen on the address and all prior
.Cm Port
-options specified. The default is to listen on all local
-addresses.
+options specified.
+The default is to listen on all local addresses.
Multiple
.Cm ListenAddress
-options are permitted. Additionally, any
+options are permitted.
+Additionally, any
.Cm Port
options must precede this option for non port qualified addresses.
.It Cm LoginGraceTime
@@ -454,8 +460,8 @@ but only if the
.Ar command
option has been specified
(which may be useful for taking remote backups even if root login is
-normally not allowed). All other authentication methods are disabled
-for root.
+normally not allowed).
+All other authentication methods are disabled for root.
.Pp
If this option is set to
.Dq no