===================================================================
RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/ssh/ssh_config.5,v
retrieving revision 1.1.4.3
retrieving revision 1.2
diff -u -r1.1.4.3 -r1.2
--- src/usr.bin/ssh/ssh_config.5	2003/04/03 22:35:18	1.1.4.3
+++ src/usr.bin/ssh/ssh_config.5	2002/08/17 23:55:01	1.2
@@ -34,7 +34,7 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: ssh_config.5,v 1.1.4.3 2003/04/03 22:35:18 miod Exp $
+.\" $OpenBSD: ssh_config.5,v 1.2 2002/08/17 23:55:01 stevesk Exp $
 .Dd September 25, 1999
 .Dt SSH_CONFIG 5
 .Os
@@ -176,8 +176,8 @@
 client for interoperability with legacy protocol 1 implementations
 that do not support the
 .Ar 3des
-cipher.
-Its use is strongly discouraged due to cryptographic weaknesses.
+cipher.  Its use is strongly discouraged due to cryptographic
+weaknesses.
 The default is
 .Dq 3des .
 .It Cm Ciphers
@@ -193,8 +193,7 @@
 .It Cm ClearAllForwardings
 Specifies that all local, remote and dynamic port forwardings
 specified in the configuration files or on the command line be
-cleared.
-This option is primarily useful when used from the
+cleared.  This option is primarily useful when used from the
 .Nm ssh
 command line to clear port forwardings set in
 configuration files, and is automatically set by
@@ -231,14 +230,13 @@
 Specifies that a TCP/IP port on the local machine be forwarded
 over the secure channel, and the application
 protocol is then used to determine where to connect to from the
-remote machine.
-The argument must be a port number.
+remote machine.  The argument must be a port number.
 Currently the SOCKS4 protocol is supported, and
 .Nm ssh
 will act as a SOCKS4 server.
 Multiple forwardings may be specified, and
-additional forwardings can be given on the command line.
-Only the superuser can forward privileged ports.
+additional forwardings can be given on the command line.  Only
+the superuser can forward privileged ports.
 .It Cm EscapeChar
 Sets the escape character (default:
 .Ql ~ ) .
@@ -260,14 +258,6 @@
 .Dq no .
 The default is
 .Dq no .
-.Pp
-Agent forwarding should be enabled with caution.
-Users with the ability to bypass file permissions on the remote host
-(for the agent's Unix-domain socket)
-can access the local agent through the forwarded connection.
-An attacker cannot obtain key material from the agent,
-however they can perform operations on the keys that enable them to
-authenticate using the identities loaded into the agent.
 .It Cm ForwardX11
 Specifies whether X11 connections will be automatically redirected
 over the secure channel and
@@ -279,19 +269,13 @@
 .Dq no .
 The default is
 .Dq no .
-.Pp
-X11 forwarding should be enabled with caution.
-Users with the ability to bypass file permissions on the remote host
-(for the user's X authorization database)
-can access the local X11 display through the forwarded connection.
-An attacker may then be able to perform activities such as keystroke monitoring.
 .It Cm GatewayPorts
 Specifies whether remote hosts are allowed to connect to local
 forwarded ports.
 By default,
 .Nm ssh
-binds local port forwardings to the loopback address.
-This prevents other remote hosts from connecting to forwarded ports.
+binds local port forwardings to the loopback address.  This
+prevents other remote hosts from connecting to forwarded ports.
 .Cm GatewayPorts
 can be used to specify that
 .Nm ssh
@@ -398,9 +382,8 @@
 .Nm ssh .
 The possible values are:
 QUIET, FATAL, ERROR, INFO, VERBOSE, DEBUG, DEBUG1, DEBUG2 and DEBUG3.
-The default is INFO.
-DEBUG and DEBUG1 are equivalent.
-DEBUG2 and DEBUG3 each specify higher levels of verbose output.
+The default is INFO.  DEBUG and DEBUG1 are equivalent.  DEBUG2
+and DEBUG3 each specify higher levels of verbose output.
 .It Cm MACs
 Specifies the MAC (message authentication code) algorithms
 in order of preference.
@@ -478,9 +461,6 @@
 Host key management will be done using the
 HostName of the host being connected (defaulting to the name typed by
 the user).
-Setting the command to
-.Dq none
-disables this option entirely.
 Note that
 .Cm CheckHostIP
 is not available for connects with a proxy command.
@@ -518,12 +498,7 @@
 .Dq no .
 The default is
 .Dq no .
-This option applies to protocol version 1 only and requires
-.Nm ssh
-to be setuid root and
-.Cm UsePrivilegedPort
-to be set to
-.Dq yes .
+This option applies to protocol version 1 only.
 .It Cm RhostsRSAAuthentication
 Specifies whether to try rhosts based authentication with RSA host
 authentication.
@@ -598,10 +573,6 @@
 .Dq no .
 The default is
 .Dq no .
-If set to
-.Dq yes
-.Nm ssh
-must be setuid root.
 Note that this option must be set to
 .Dq yes
 if
@@ -619,7 +590,7 @@
 host key database instead of
 .Pa $HOME/.ssh/known_hosts .
 .It Cm XAuthLocation
-Specifies the full pathname of the
+Specifies the location of the
 .Xr xauth 1
 program.
 The default is