===================================================================
RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/ssh/ssh_config.5,v
retrieving revision 1.29.2.2
retrieving revision 1.30
diff -u -r1.29.2.2 -r1.30
--- src/usr.bin/ssh/ssh_config.5	2005/03/10 17:15:05	1.29.2.2
+++ src/usr.bin/ssh/ssh_config.5	2004/04/19 13:02:40	1.30
@@ -34,7 +34,7 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: ssh_config.5,v 1.29.2.2 2005/03/10 17:15:05 brad Exp $
+.\" $OpenBSD: ssh_config.5,v 1.30 2004/04/19 13:02:40 djm Exp $
 .Dd September 25, 1999
 .Dt SSH_CONFIG 5
 .Os
@@ -63,7 +63,7 @@
 .Pp
 For each parameter, the first obtained value
 will be used.
-The configuration files contain sections separated by
+The configuration files contain sections bracketed by
 .Dq Host
 specifications, and that section is only applied for hosts that
 match one of the patterns given in the specification.
@@ -120,9 +120,9 @@
 Valid arguments are
 .Dq any ,
 .Dq inet
-(use IPv4 only) or
+(Use IPv4 only) or
 .Dq inet6
-(use IPv6 only).
+(Use IPv6 only.)
 .It Cm BatchMode
 If set to
 .Dq yes ,
@@ -185,18 +185,6 @@
 Specifies the ciphers allowed for protocol version 2
 in order of preference.
 Multiple ciphers must be comma-separated.
-The supported ciphers are
-.Dq 3des-cbc ,
-.Dq aes128-cbc ,
-.Dq aes192-cbc ,
-.Dq aes256-cbc ,
-.Dq aes128-ctr ,
-.Dq aes192-ctr ,
-.Dq aes256-ctr ,
-.Dq arcfour ,
-.Dq blowfish-cbc ,
-and
-.Dq cast128-cbc .
 The default is
 .Bd -literal
   ``aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,
@@ -244,37 +232,6 @@
 server, instead of using the default system TCP timeout.
 This value is used only when the target is down or really unreachable,
 not when it refuses the connection.
-.It Cm ControlMaster
-Enables the sharing of multiple sessions over a single network connection.
-When set to
-.Dq yes
-.Nm ssh
-will listen for connections on a control socket specified using the
-.Cm ControlPath
-argument.
-Additional sessions can connect to this socket using the same
-.Cm ControlPath
-with
-.Cm ControlMaster
-set to
-.Dq no
-(the default).
-These sessions will reuse the master instance's network connection rather
-than initiating new ones.
-Setting this to
-.Dq ask
-will cause
-.Nm ssh
-to listen for control connections, but require confirmation using the
-.Ev SSH_ASKPASS
-program before they are accepted (see
-.Xr ssh-add 1
-for details).
-.It Cm ControlPath
-Specify the path to the control socket used for connection sharing.
-See
-.Cm ControlMaster
-above.
 .It Cm DynamicForward
 Specifies that a TCP/IP port on the local machine be forwarded
 over the secure channel, and the application
@@ -356,19 +313,14 @@
 .Cm ForwardX11Trusted
 option is also enabled.
 .It Cm ForwardX11Trusted
-If this option is set to
+If the this option is set to
 .Dq yes
 then remote X11 clients will have full access to the original X11 display.
-.Pp
 If this option is set to
 .Dq no
 then remote X11 clients will be considered untrusted and prevented
 from stealing or tampering with data belonging to trusted X11
 clients.
-Furthermore, the
-.Xr xauth 1
-token used for the session will be set to expire after 20 minutes.
-Remote clients will be refused access after this time.
 .Pp
 The default is
 .Dq no .
@@ -407,22 +359,6 @@
 The default is
 .Dq no .
 Note that this option applies to protocol version 2 only.
-.It Cm HashKnownHosts
-Indicates that
-.Nm ssh
-should hash host names and addresses when they are added to
-.Pa $HOME/.ssh/known_hosts .
-These hashed names may be used normally by
-.Nm ssh
-and
-.Nm sshd ,
-but they do not reveal identifying information should the file's contents
-be disclosed.
-The default is
-.Dq no .
-Note that hashing of names and addresses will not be retrospectively applied
-to existing known hosts files, but these may be manually hashed using
-.Xr ssh-keygen 1 .
 .It Cm HostbasedAuthentication
 Specifies whether to try rhosts based authentication with public key
 authentication.
@@ -474,7 +410,7 @@
 Specifies that
 .Nm ssh
 should only use the authentication identity files configured in the
-.Nm
+.Nm 
 files,
 even if the
 .Nm ssh-agent
@@ -488,45 +424,16 @@
 offers many different identities.
 The default is
 .Dq no .
-.It Cm KbdInteractiveDevices
-Specifies the list of methods to use in keyboard-interactive authentication.
-Multiple method names must be comma-separated.
-The default is to use the server specified list.
 .It Cm LocalForward
 Specifies that a TCP/IP port on the local machine be forwarded over
 the secure channel to the specified host and port from the remote machine.
 The first argument must be a port number, and the second must be
-.Xo
-.Sm off
-.Oo Ar bind_address : Oc
-.Ar host : port
-.Sm on
-.Xc .
-IPv6 addresses can be specified by enclosing addresses in square brackets or
-by using an alternative syntax:
-.Sm off
-.Xo
-.Op Ar bind_address No /
-.Ar host No / Ar port
-.Xc .
-.Sm on
-Multiple forwardings may be specified, and additional forwardings can be
-given on the command line.
+.Ar host:port .
+IPv6 addresses can be specified with an alternative syntax:
+.Ar host/port .
+Multiple forwardings may be specified, and additional
+forwardings can be given on the command line.
 Only the superuser can forward privileged ports.
-By default, the local port is bound in accordance with the
-.Cm GatewayPorts
-setting.
-However, an explicit
-.Ar bind_address
-may be used to bind the connection to a specific address.
-The
-.Ar bind_address
-of
-.Dq localhost
-indicates that the listening port be bound for local use only, while an
-empty address or
-.Sq *
-indicates that the port should be available from all interfaces.
 .It Cm LogLevel
 Gives the verbosity level that is used when logging messages from
 .Nm ssh .
@@ -633,39 +540,12 @@
 Specifies that a TCP/IP port on the remote machine be forwarded over
 the secure channel to the specified host and port from the local machine.
 The first argument must be a port number, and the second must be
-.Xo
-.Sm off
-.Oo Ar bind_address : Oc
-.Ar host : port
-.Sm on
-.Xc .
-IPv6 addresses can be specified by enclosing any addresses in square brackets
-or by using the alternative syntax:
-.Sm off
-.Xo
-.Op Ar bind_address No /
-.Ar host No / Ar port
-.Xc .
-.Sm on
+.Ar host:port .
+IPv6 addresses can be specified with an alternative syntax:
+.Ar host/port .
 Multiple forwardings may be specified, and additional
 forwardings can be given on the command line.
 Only the superuser can forward privileged ports.
-.Pp
-If the
-.Ar bind_address
-is not specified, the default is to only bind to loopback addresses.
-If the
-.Ar bind_address
-is
-.Ql *
-or an empty string, then the forwarding is requested to listen on all
-interfaces.
-Specifying a remote
-.Ar bind_address
-will only succeed if the server's
-.Cm GatewayPorts
-option is enabled (see
-.Xr sshd_config 5 ) .
 .It Cm RhostsRSAAuthentication
 Specifies whether to try rhosts based authentication with RSA host
 authentication.
@@ -690,27 +570,6 @@
 The default is
 .Dq yes .
 Note that this option applies to protocol version 1 only.
-.It Cm SendEnv
-Specifies what variables from the local
-.Xr environ 7
-should be sent to the server.
-Note that environment passing is only supported for protocol 2, the
-server must also support it, and the server must be configured to
-accept these environment variables.
-Refer to
-.Cm AcceptEnv
-in
-.Xr sshd_config 5
-for how to configure the server.
-Variables are specified by name, which may contain the wildcard characters
-.Ql \&*
-and
-.Ql \&? .
-Multiple environment variables may be separated by whitespace or spread
-across multiple
-.Cm SendEnv
-directives.
-The default is not to send any environment variables.
 .It Cm ServerAliveInterval
 Sets a timeout interval in seconds after which if no data has been received
 from the server,