===================================================================
RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/ssh/ssh_config.5,v
retrieving revision 1.49.2.2
retrieving revision 1.50
diff -u -r1.49.2.2 -r1.50
--- src/usr.bin/ssh/ssh_config.5	2006/02/03 02:53:45	1.49.2.2
+++ src/usr.bin/ssh/ssh_config.5	2005/04/21 06:17:50	1.50
@@ -34,7 +34,7 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: ssh_config.5,v 1.49.2.2 2006/02/03 02:53:45 brad Exp $
+.\" $OpenBSD: ssh_config.5,v 1.50 2005/04/21 06:17:50 djm Exp $
 .Dd September 25, 1999
 .Dt SSH_CONFIG 5
 .Os
@@ -136,9 +136,8 @@
 The default is
 .Dq no .
 .It Cm BindAddress
-Use the specified address on the local machine as the source address of
-the connection.
-Only useful on systems with more than one address.
+Specify the interface to transmit from on machines with multiple
+interfaces or aliased addresses.
 Note that this option does not work if
 .Cm UsePrivilegedPort
 is set to
@@ -194,17 +193,14 @@
 .Dq aes128-ctr ,
 .Dq aes192-ctr ,
 .Dq aes256-ctr ,
-.Dq arcfour128 ,
-.Dq arcfour256 ,
 .Dq arcfour ,
 .Dq blowfish-cbc ,
 and
 .Dq cast128-cbc .
 The default is
 .Bd -literal
-  ``aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,
-    arcfour256,arcfour,aes192-cbc,aes256-cbc,aes128-ctr,
-    aes192-ctr,aes256-ctr''
+  ``aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,
+    aes192-cbc,aes256-cbc''
 .Ed
 .It Cm ClearAllForwardings
 Specifies that all local, remote and dynamic port forwardings
@@ -263,10 +259,8 @@
 set to
 .Dq no
 (the default).
-These sessions will try to reuse the master instance's network connection
-rather than initiating new ones, but will fall back to connecting normally
-if the control socket does not exist, or is not listening.
-.Pp
+These sessions will reuse the master instance's network connection rather
+than initiating new ones.
 Setting this to
 .Dq ask
 will cause
@@ -276,75 +270,17 @@
 program before they are accepted (see
 .Xr ssh-add 1
 for details).
-If the
-.Cm ControlPath
-can not be opened,
-.Nm ssh
-will continue without connecting to a master instance.
-.Pp
-X11 and
-.Xr ssh-agent 1
-forwarding is supported over these multiplexed connections, however the
-display and agent forwarded will be the one belonging to the master
-connection i.e. it is not possible to forward multiple displays or agents.
-.Pp
-Two additional options allow for opportunistic multiplexing: try to use a
-master connection but fall back to creating a new one if one does not already
-exist.
-These options are:
-.Dq auto
-and
-.Dq autoask .
-The latter requires confirmation like the
-.Dq ask
-option.
 .It Cm ControlPath
-Specify the path to the control socket used for connection sharing as described
-in the
+Specify the path to the control socket used for connection sharing.
+See
 .Cm ControlMaster
-section above or the string
-.Dq none
-to disable connection sharing.
-In the path,
-.Ql %h
-will be substituted by the target host name,
-.Ql %p
-the port and
-.Ql %r
-by the remote login username.
-It is recommended that any
-.Cm ControlPath
-used for opportunistic connection sharing include
-all three of these escape sequences.
-This ensures that shared connections are uniquely identified.
+above.
 .It Cm DynamicForward
-Specifies that a TCP port on the local machine be forwarded
+Specifies that a TCP/IP port on the local machine be forwarded
 over the secure channel, and the application
 protocol is then used to determine where to connect to from the
 remote machine.
-.Pp
-The argument must be
-.Sm off
-.Oo Ar bind_address : Oc Ar port .
-.Sm on
-IPv6 addresses can be specified by enclosing addresses in square brackets or
-by using an alternative syntax:
-.Oo Ar bind_address Ns / Oc Ns Ar port .
-By default, the local port is bound in accordance with the
-.Cm GatewayPorts
-setting.
-However, an explicit
-.Ar bind_address
-may be used to bind the connection to a specific address.
-The
-.Ar bind_address
-of
-.Dq localhost
-indicates that the listening port be bound for local use only, while an
-empty address or
-.Sq *
-indicates that the port should be available from all interfaces.
-.Pp
+The argument must be a port number.
 Currently the SOCKS4 and SOCKS5 protocols are supported, and
 .Nm ssh
 will act as a SOCKS server.
@@ -517,24 +453,6 @@
 Numeric IP addresses are also permitted (both on the command line and in
 .Cm HostName
 specifications).
-.It Cm IdentitiesOnly
-Specifies that
-.Nm ssh
-should only use the authentication identity files configured in the
-.Nm
-files,
-even if the
-.Nm ssh-agent
-offers more identities.
-The argument to this keyword must be
-.Dq yes
-or
-.Dq no .
-This option is intended for situations where
-.Nm ssh-agent
-offers many different identities.
-The default is
-.Dq no .
 .It Cm IdentityFile
 Specifies a file from which the user's RSA or DSA authentication identity
 is read.
@@ -552,20 +470,30 @@
 It is possible to have
 multiple identity files specified in configuration files; all these
 identities will be tried in sequence.
+.It Cm IdentitiesOnly
+Specifies that
+.Nm ssh
+should only use the authentication identity files configured in the
+.Nm
+files,
+even if the
+.Nm ssh-agent
+offers more identities.
+The argument to this keyword must be
+.Dq yes
+or
+.Dq no .
+This option is intented for situations where
+.Nm ssh-agent
+offers many different identities.
+The default is
+.Dq no .
 .It Cm KbdInteractiveDevices
 Specifies the list of methods to use in keyboard-interactive authentication.
 Multiple method names must be comma-separated.
 The default is to use the server specified list.
-.It Cm LocalCommand
-Specifies a command to execute on the local machine after successfully
-connecting to the server.
-The command string extends to the end of the line, and is executed with
-.Pa /bin/sh .
-This directive is ignored unless
-.Cm PermitLocalCommand
-has been enabled.
 .It Cm LocalForward
-Specifies that a TCP port on the local machine be forwarded over
+Specifies that a TCP/IP port on the local machine be forwarded over
 the secure channel to the specified host and port from the remote machine.
 The first argument must be
 .Sm off
@@ -633,19 +561,6 @@
 .Dq no .
 The default is
 .Dq yes .
-.It Cm PermitLocalCommand
-Allow local command execution via the
-.Ic LocalCommand
-option or using the
-.Ic !\& Ns Ar command
-escape sequence in
-.Xr ssh 1 .
-The argument must be
-.Dq yes
-or
-.Dq no .
-The default is
-.Dq no .
 .It Cm Port
 Specifies the port number to connect on the remote host.
 Default is 22.
@@ -701,14 +616,6 @@
 .Cm CheckHostIP
 is not available for connects with a proxy command.
 .Pp
-This directive is useful in conjunction with
-.Xr nc 1
-and its proxy support.
-For example, the following directive would connect via an HTTP proxy at
-192.0.2.0:
-.Bd -literal -offset 3n
-ProxyCommand /usr/bin/nc -X connect -x 192.0.2.0:8080 %h %p
-.Ed
 .It Cm PubkeyAuthentication
 Specifies whether to try public key authentication.
 The argument to this keyword must be
@@ -718,23 +625,8 @@
 The default is
 .Dq yes .
 This option applies to protocol version 2 only.
-.It Cm RekeyLimit
-Specifies the maximum amount of data that may be transmitted before the
-session key is renegotiated.
-The argument is the number of bytes, with an optional suffix of
-.Sq K ,
-.Sq M ,
-or
-.Sq G
-to indicate Kilobytes, Megabytes, or Gigabytes, respectively.
-The default is between
-.Dq 1G
-and
-.Dq 4G ,
-depending on the cipher.
-This option applies to protocol version 2 only.
 .It Cm RemoteForward
-Specifies that a TCP port on the remote machine be forwarded over
+Specifies that a TCP/IP port on the remote machine be forwarded over
 the secure channel to the specified host and port from the local machine.
 The first argument must be
 .Sm off
@@ -811,8 +703,17 @@
 .Cm SendEnv
 directives.
 The default is not to send any environment variables.
+.It Cm ServerAliveInterval
+Sets a timeout interval in seconds after which if no data has been received
+from the server,
+.Nm ssh
+will send a message through the encrypted
+channel to request a response from the server.
+The default
+is 0, indicating that these messages will not be sent to the server.
+This option applies to protocol version 2 only.
 .It Cm ServerAliveCountMax
-Sets the number of server alive messages (see below) which may be
+Sets the number of server alive messages (see above) which may be
 sent without
 .Nm ssh
 receiving any messages back from the server.
@@ -834,19 +735,10 @@
 The default value is 3.
 If, for example,
 .Cm ServerAliveInterval
-(see below) is set to 15, and
+(above) is set to 15, and
 .Cm ServerAliveCountMax
 is left at the default, if the server becomes unresponsive ssh
 will disconnect after approximately 45 seconds.
-.It Cm ServerAliveInterval
-Sets a timeout interval in seconds after which if no data has been received
-from the server,
-.Nm ssh
-will send a message through the encrypted
-channel to request a response from the server.
-The default
-is 0, indicating that these messages will not be sent to the server.
-This option applies to protocol version 2 only.
 .It Cm SmartcardDevice
 Specifies which smartcard device to use.
 The argument to this keyword is the device
@@ -906,25 +798,6 @@
 .Pp
 To disable TCP keepalive messages, the value should be set to
 .Dq no .
-.It Cm Tunnel
-Request starting
-.Xr tun 4
-device forwarding between the client and the server.
-This option also allows requesting layer 2 (ethernet)
-instead of layer 3 (point-to-point) tunneling from the server.
-The argument must be
-.Dq yes ,
-.Dq point-to-point ,
-.Dq ethernet
-or
-.Dq no .
-The default is
-.Dq no .
-.It Cm TunnelDevice
-Force a specified
-.Xr tun 4
-device on the client.
-Without this option, the next available device will be used.
 .It Cm UsePrivilegedPort
 Specifies whether to use a privileged port for outgoing connections.
 The argument must be