===================================================================
RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/ssh/sshd.8,v
retrieving revision 1.233
retrieving revision 1.234
diff -u -r1.233 -r1.234
--- src/usr.bin/ssh/sshd.8	2006/07/19 13:07:10	1.233
+++ src/usr.bin/ssh/sshd.8	2006/08/21 08:15:57	1.234
@@ -34,7 +34,7 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: sshd.8,v 1.233 2006/07/19 13:07:10 dtucker Exp $
+.\" $OpenBSD: sshd.8,v 1.234 2006/08/21 08:15:57 dtucker Exp $
 .Dd September 25, 1999
 .Dt SSHD 8
 .Os
@@ -655,8 +655,22 @@
 .It ~/.ssh/authorized_keys
 Lists the public keys (RSA/DSA) that can be used for logging in as this user.
 The format of this file is described above.
-This file is not highly sensitive, but the recommended
+The content of the file is not highly sensitive, but the recommended
 permissions are read/write for the user, and not accessible by others.
+.Pp
+If this file, the
+.Pa ~/.ssh
+directory, or the user's home directory are writable
+by other users, then the file could be modified or replaced by unauthorized
+users.
+In this case,
+.Nm
+will not allow it to be used unless the
+.Cm StrictModes
+option has been set to
+.Dq no .
+The recommended permissions can be set by executing
+.Dq chmod go-w ~/ ~/.ssh ~/.ssh/authorized_keys .
 .Pp
 .It ~/.ssh/environment
 This file is read into the environment at login (if it exists).