===================================================================
RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/ssh/sshd.8,v
retrieving revision 1.33
retrieving revision 1.34
diff -u -r1.33 -r1.34
--- src/usr.bin/ssh/sshd.8	2000/02/21 14:19:09	1.33
+++ src/usr.bin/ssh/sshd.8	2000/02/24 18:22:16	1.34
@@ -9,7 +9,7 @@
 .\"
 .\" Created: Sat Apr 22 21:55:14 1995 ylo
 .\"
-.\" $Id: sshd.8,v 1.33 2000/02/21 14:19:09 deraadt Exp $
+.\" $Id: sshd.8,v 1.34 2000/02/24 18:22:16 markus Exp $
 .\"
 .Dd September 25, 1999
 .Dt SSHD 8
@@ -258,13 +258,16 @@
 .Nm
 does not start if this file is group/world-accessible.
 .It Cm IgnoreRhosts
-Specifies that rhosts and shosts files will not be used in
-authentication.
+Specifies that
+.Pa .rhosts
+and 
+.Pa .shosts
+files will not be used in authentication.
 .Pa /etc/hosts.equiv
 and
 .Pa /etc/shosts.equiv 
 are still used.  The default is 
-.Dq no .
+.Dq yes .
 .It Cm IgnoreUserKnownHosts
 Specifies whether
 .Nm
@@ -352,7 +355,7 @@
 When password authentication is allowed, it specifies whether the
 server allows login to accounts with empty password strings.  The default
 is
-.Dq yes .
+.Dq no .
 .It Cm PermitRootLogin
 Specifies whether the root can log in using
 .Xr ssh 1 .
@@ -403,7 +406,7 @@
 .It Cm RhostsRSAAuthentication
 Specifies whether rhosts or /etc/hosts.equiv authentication together
 with successful RSA host authentication is allowed.  The default is
-.Dq yes .
+.Dq no .
 .It Cm RSAAuthentication
 Specifies whether pure RSA authentication is allowed.  The default is
 .Dq yes .
@@ -442,9 +445,10 @@
 X11 forwarding.  This prevents
 .Nm
 from interfering with real X11 servers.
+The default is 10.
 .It Cm X11Forwarding
 Specifies whether X11 forwarding is permitted.  The default is
-.Dq yes .
+.Dq no .
 Note that disabling X11 forwarding does not improve security in any
 way, as users can always install their own forwarders.
 .El