=================================================================== RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/ssh/ssh_config.5,v retrieving revision 1.1.2.3 retrieving revision 1.2 diff -u -r1.1.2.3 -r1.2 --- src/usr.bin/ssh/ssh_config.5 2002/10/11 14:53:07 1.1.2.3 +++ src/usr.bin/ssh/ssh_config.5 2002/08/17 23:55:01 1.2 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh_config.5,v 1.1.2.3 2002/10/11 14:53:07 miod Exp $ +.\" $OpenBSD: ssh_config.5,v 1.2 2002/08/17 23:55:01 stevesk Exp $ .Dd September 25, 1999 .Dt SSH_CONFIG 5 .Os @@ -44,7 +44,7 @@ .Sh SYNOPSIS .Bl -tag -width Ds -compact .It Pa $HOME/.ssh/config -.It Pa /etc/ssh_config +.It Pa /etc/ssh/ssh_config .El .Sh DESCRIPTION .Nm ssh @@ -58,7 +58,7 @@ .Pq Pa $HOME/.ssh/config .It system-wide configuration file -.Pq Pa /etc/ssh_config +.Pq Pa /etc/ssh/ssh_config .El .Pp For each parameter, the first obtained value @@ -258,13 +258,6 @@ .Dq no . The default is .Dq no . -.Pp -Agent forwarding should be enabled with caution. Users with the -ability to bypass file permissions on the remote host (for the agent's -Unix-domain socket) can access the local agent through the forwarded -connection. An attacker cannot obtain key material from the agent, -however they can perform operations on the keys that enable them to -authenticate using the identities loaded into the agent. .It Cm ForwardX11 Specifies whether X11 connections will be automatically redirected over the secure channel and @@ -276,12 +269,6 @@ .Dq no . The default is .Dq no . -.Pp -X11 forwarding should be enabled with caution. Users with the ability -to bypass file permissions on the remote host (for the user's X -authorization database) can access the local X11 display through the -forwarded connection. An attacker may then be able to perform -activities such as keystroke monitoring. .It Cm GatewayPorts Specifies whether remote hosts are allowed to connect to local forwarded ports. @@ -303,7 +290,7 @@ .It Cm GlobalKnownHostsFile Specifies a file to use for the global host key database instead of -.Pa /etc/ssh_known_hosts . +.Pa /etc/ssh/ssh_known_hosts . .It Cm HostbasedAuthentication Specifies whether to try rhosts based authentication with public key authentication. @@ -511,12 +498,7 @@ .Dq no . The default is .Dq no . -This option applies to protocol version 1 only and requires -.Nm ssh -to be setuid root and -.Cm UsePrivilegedPort -to be set to -.Dq yes . +This option applies to protocol version 1 only. .It Cm RhostsRSAAuthentication Specifies whether to try rhosts based authentication with RSA host authentication. @@ -557,7 +539,7 @@ file, and refuses to connect to hosts whose host key has changed. This provides maximum protection against trojan horse attacks, however, can be annoying when the -.Pa /etc/ssh_known_hosts +.Pa /etc/ssh/ssh_known_hosts file is poorly maintained, or connections to new hosts are frequently made. This option forces the user to manually @@ -591,10 +573,6 @@ .Dq no . The default is .Dq no . -If set to -.Dq yes -.Nm ssh -must be setuid root. Note that this option must be set to .Dq yes if @@ -612,7 +590,7 @@ host key database instead of .Pa $HOME/.ssh/known_hosts . .It Cm XAuthLocation -Specifies the full pathname of the +Specifies the location of the .Xr xauth 1 program. The default is @@ -629,7 +607,7 @@ This file does not usually contain any sensitive information, but the recommended permissions are read/write for the user, and not accessible by others. -.It Pa /etc/ssh_config +.It Pa /etc/ssh/ssh_config Systemwide configuration file. This file provides defaults for those values that are not specified in the user's configuration file, and