===================================================================
RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/ssh/sshd.8,v
retrieving revision 1.202
retrieving revision 1.202.2.1
diff -u -r1.202 -r1.202.2.1
--- src/usr.bin/ssh/sshd.8	2004/08/26 16:00:55	1.202
+++ src/usr.bin/ssh/sshd.8	2005/03/10 16:28:28	1.202.2.1
@@ -34,7 +34,7 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: sshd.8,v 1.202 2004/08/26 16:00:55 markus Exp $
+.\" $OpenBSD: sshd.8,v 1.202.2.1 2005/03/10 16:28:28 brad Exp $
 .Dd September 25, 1999
 .Dt SSHD 8
 .Os
@@ -398,7 +398,9 @@
 .Dq ssh-rsa .
 .Pp
 Note that lines in this file are usually several hundred bytes long
-(because of the size of the public key encoding).
+(because of the size of the public key encoding) up to a limit of
+8 kilobytes, which permits DSA keys up to 8 kilobits and RSA
+keys up to 16 kilobits.
 You don't want to type them in; instead, copy the
 .Pa identity.pub ,
 .Pa id_dsa.pub
@@ -529,6 +531,14 @@
 pattern, it is not accepted (by that line) even if it matched another
 pattern on the line.
 .Pp
+Alternately, hostnames may be stored in a hashed form which hides host names
+and addresses should the file's contents be disclosed.
+Hashed hostnames start with a
+.Ql |
+character.
+Only one hashed hostname may appear on a single line and none of the above
+negation or wildcard operators may be applied.
+.Pp
 Bits, exponent, and modulus are taken directly from the RSA host key; they
 can be obtained, e.g., from
 .Pa /etc/ssh/ssh_host_key.pub .
@@ -560,6 +570,11 @@
 closenet,...,130.233.208.41 1024 37 159...93 closenet.hut.fi
 cvs.openbsd.org,199.185.137.3 ssh-rsa AAAA1234.....=
 .Ed
+.Bd -literal
+# A hashed hostname
+|1|JfKTdBh7rNbXkVAQCRp4OQoPfmI=|USECr3SWf1JUPsms5AqfD5QfxkM= ssh-rsa
+AAAA1234.....=
+.Ed
 .Sh FILES
 .Bl -tag -width Ds
 .It Pa /etc/ssh/sshd_config
@@ -628,6 +643,20 @@
 should be world-readable, and
 .Pa $HOME/.ssh/known_hosts
 can, but need not be, world-readable.
+.It Pa /etc/motd
+See
+.Xr motd 5 .
+.It Pa $HOME/.hushlogin
+This file is used to suppress printing the last login time and
+.Pa /etc/motd ,
+if
+.Cm PrintLastLog
+and
+.Cm PrintMotd ,
+respectively,
+are enabled.
+It does not suppress printing of the banner specified by
+.Cm Banner .
 .It Pa /etc/nologin
 If this file exists,
 .Nm