===================================================================
RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/ssh/ssh.1,v
retrieving revision 1.139
retrieving revision 1.139.2.2
diff -u -r1.139 -r1.139.2.2
--- src/usr.bin/ssh/ssh.1	2001/10/01 21:51:16	1.139
+++ src/usr.bin/ssh/ssh.1	2002/03/07 17:37:47	1.139.2.2
@@ -34,7 +34,7 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: ssh.1,v 1.139 2001/10/01 21:51:16 markus Exp $
+.\" $OpenBSD: ssh.1,v 1.139.2.2 2002/03/07 17:37:47 jason Exp $
 .Dd September 25, 1999
 .Dt SSH 1
 .Os
@@ -126,7 +126,7 @@
 .Pa /etc/shosts.equiv ,
 and if additionally the server can verify the client's
 host key (see
-.Pa /etc/ssh_known_hosts
+.Pa /etc/ssh/ssh_known_hosts
 and
 .Pa $HOME/.ssh/known_hosts
 in the
@@ -207,8 +207,8 @@
 .Pp
 .Ss SSH protocol version 2
 .Pp
-When a user connects using the protocol version 2
-different authentication methods are available.
+When a user connects using protocol version 2
+similar authentication methods are available.
 Using the default values for
 .Cm PreferredAuthentications ,
 the client will try to authenticate first using the hostbased method;
@@ -294,7 +294,7 @@
 List forwarded connections
 .It Cm ~&
 Background ssh at logout when waiting for forwarded connection / X11 sessions
-to terminate (protocol version 1 only)
+to terminate
 .It Cm ~?
 Display a list of escape characters
 .It Cm ~R
@@ -365,7 +365,7 @@
 .Pa $HOME/.ssh/known_hosts
 in the user's home directory.
 Additionally, the file
-.Pa /etc/ssh_known_hosts
+.Pa /etc/ssh/ssh_known_hosts
 is automatically checked for known hosts.
 Any new hosts are automatically added to the user's file.
 If a host's identification
@@ -443,11 +443,15 @@
 .It Fl g
 Allows remote hosts to connect to local forwarded ports.
 .It Fl i Ar identity_file
-Selects the file from which the identity (private key) for
+Selects a file from which the identity (private key) for
 RSA or DSA authentication is read.
-Default is
+The default is
 .Pa $HOME/.ssh/identity
-in the user's home directory.
+for protocol version 1, and
+.Pa $HOME/.ssh/id_rsa
+and
+.Pa $HOME/.ssh/id_dsa
+for protocol version 2.
 Identity files may also be specified on
 a per-host basis in the configuration file.
 It is possible to have multiple
@@ -517,7 +521,6 @@
 .It Fl q
 Quiet mode.
 Causes all warning and diagnostic messages to be suppressed.
-Only fatal errors are displayed.
 .It Fl s
 May be used to request invocation of a subsystem on the remote system. Subsystems are a feature of the SSH2 protocol which facilitate the use
 of SSH as a secure transport for other applications (eg. sftp). The
@@ -570,7 +573,7 @@
 Specifies an alternative per-user configuration file.
 If a configuration file is given on the command line,
 the system-wide configuration file
-.Pq Pa /etc/ssh_config
+.Pq Pa /etc/ssh/ssh_config
 will be ignored.
 The default for the per-user configuration file is
 .Pa $HOME/.ssh/config .
@@ -645,7 +648,7 @@
 command line options, user's configuration file
 .Pq Pa $HOME/.ssh/config ,
 and system-wide configuration file
-.Pq Pa /etc/ssh_config .
+.Pq Pa /etc/ssh/ssh_config .
 For each parameter, the first obtained value
 will be used.
 The configuration files contain sections bracketed by
@@ -883,7 +886,7 @@
 .It Cm GlobalKnownHostsFile
 Specifies a file to use for the global
 host key database instead of
-.Pa /etc/ssh_known_hosts .
+.Pa /etc/ssh/ssh_known_hosts .
 .It Cm HostbasedAuthentication
 Specifies whether to try rhosts based authentication with public key
 authentication.
@@ -900,7 +903,7 @@
 Specifies the protocol version 2 host key algorithms
 that the client wants to use in order of preference.
 The default for this option is:
-.Dq ssh-rsa,ssh-dss
+.Dq ssh-rsa,ssh-dss .
 .It Cm HostKeyAlias
 Specifies an alias that should be used instead of the
 real host name when looking up or saving the host key
@@ -915,10 +918,14 @@
 .Cm HostName
 specifications).
 .It Cm IdentityFile
-Specifies the file from which the user's RSA or DSA authentication identity
-is read (default
+Specifies a file from which the user's RSA or DSA authentication identity
+is read. The default is
 .Pa $HOME/.ssh/identity
-in the user's home directory).
+for protocol version 1, and
+.Pa $HOME/.ssh/id_rsa
+and
+.Pa $HOME/.ssh/id_dsa
+for protocol version 2.
 Additionally, any identities represented by the authentication agent
 will be used for authentication.
 The file name may use the tilde
@@ -927,7 +934,7 @@
 multiple identity files specified in configuration files; all these
 identities will be tried in sequence.
 .It Cm KeepAlive
-Specifies whether the system should send keepalive messages to the
+Specifies whether the system should send TCP keepalive messages to the
 other side.
 If they are sent, death of the connection or crash of one
 of the machines will be properly noticed.
@@ -942,8 +949,7 @@
 This is important in scripts, and many users want it too.
 .Pp
 To disable keepalives, the value should be set to
-.Dq no
-in both the server and the client configuration files.
+.Dq no .
 .It Cm KerberosAuthentication
 Specifies whether Kerberos authentication will be used.
 The argument to this keyword must be
@@ -971,8 +977,9 @@
 Gives the verbosity level that is used when logging messages from
 .Nm ssh .
 The possible values are:
-QUIET, FATAL, ERROR, INFO, VERBOSE and DEBUG.
-The default is INFO.
+QUIET, FATAL, ERROR, INFO, VERBOSE, DEBUG, DEBUG1, DEBUG2 and DEBUG3.
+The default is INFO.  DEBUG and DEBUG1 are equivalent.  DEBUG2
+and DEBUG3 each specify higher levels of verbose output.
 .It Cm MACs
 Specifies the MAC (message authentication code) algorithms
 in order of preference.
@@ -1013,7 +1020,7 @@
 over another method (e.g.
 .Cm password )
 The default for this option is:
-.Dq hostbased,publickey,keyboard-interactive,password
+.Dq hostbased,publickey,keyboard-interactive,password .
 .It Cm Protocol
 Specifies the protocol versions
 .Nm
@@ -1137,7 +1144,7 @@
 file, and refuses to connect to hosts whose host key has changed.
 This provides maximum protection against trojan horse attacks,
 however, can be annoying when the
-.Pa /etc/ssh_known_hosts
+.Pa /etc/ssh/ssh_known_hosts
 file is poorly maintained, or connections to new hosts are
 frequently made.
 This option forces the user to manually
@@ -1305,7 +1312,7 @@
 .It Pa $HOME/.ssh/known_hosts
 Records host keys for all hosts the user has logged into that are not
 in
-.Pa /etc/ssh_known_hosts .
+.Pa /etc/ssh/ssh_known_hosts .
 See
 .Xr sshd 8 .
 .It Pa $HOME/.ssh/identity, $HOME/.ssh/id_dsa, $HOME/.ssh/id_rsa
@@ -1360,7 +1367,7 @@
 identity files.
 This file is not highly sensitive, but the recommended
 permissions are read/write for the user, and not accessible by others.
-.It Pa /etc/ssh_known_hosts
+.It Pa /etc/ssh/ssh_known_hosts
 Systemwide list of known host keys.
 This file should be prepared by the
 system administrator to contain the public host keys of all machines in the
@@ -1383,12 +1390,21 @@
 does not convert the user-supplied name to a canonical name before
 checking the key, because someone with access to the name servers
 would then be able to fool host authentication.
-.It Pa /etc/ssh_config
+.It Pa /etc/ssh/ssh_config
 Systemwide configuration file.
 This file provides defaults for those
 values that are not specified in the user's configuration file, and
 for those users who do not have a configuration file.
 This file must be world-readable.
+.It Pa /etc/ssh/ssh_host_key, /etc/ssh/ssh_host_dsa_key, /etc/ssh/ssh_host_rsa_key
+These three files contain the private parts of the host keys
+and are used for
+.Cm RhostsRSAAuthentication
+and
+.Cm HostbasedAuthentication .
+Since they are readable only by root
+.Nm
+must be setuid root if these authentication methods are desired.
 .It Pa $HOME/.rhosts
 This file is used in
 .Pa \&.rhosts
@@ -1415,7 +1431,7 @@
 will be installed so that it requires successful RSA host
 authentication before permitting \s+2.\s0rhosts authentication.
 If the server machine does not have the client's host key in
-.Pa /etc/ssh_known_hosts ,
+.Pa /etc/ssh/ssh_known_hosts ,
 it can be stored in
 .Pa $HOME/.ssh/known_hosts .
 The easiest way to do this is to
@@ -1452,7 +1468,7 @@
 This file may be useful to permit logins using
 .Nm
 but not using rsh/rlogin.
-.It Pa /etc/sshrc
+.It Pa /etc/ssh/sshrc
 Commands in this file are executed by
 .Nm
 when the user logs in just before the user's shell (or command) is started.
@@ -1472,6 +1488,10 @@
 .Sx ENVIRONMENT
 above.
 .El
+.Sh DIAGNOSTICS
+.Nm
+exits with the exit status of the remote command or with 255
+if an error occurred.
 .Sh AUTHORS
 OpenSSH is a derivative of the original and free
 ssh 1.2.12 release by Tatu Ylonen.