=================================================================== RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/ssh/sshd.8,v retrieving revision 1.57 retrieving revision 1.58 diff -u -r1.57 -r1.58 --- src/usr.bin/ssh/sshd.8 2000/07/22 09:14:36 1.57 +++ src/usr.bin/ssh/sshd.8 2000/08/01 17:46:10 1.58 @@ -9,7 +9,7 @@ .\" .\" Created: Sat Apr 22 21:55:14 1995 ylo .\" -.\" $Id: sshd.8,v 1.57 2000/07/22 09:14:36 markus Exp $ +.\" $Id: sshd.8,v 1.58 2000/08/01 17:46:10 deraadt Exp $ .\" .Dd September 25, 1999 .Dt SSHD 8 @@ -104,7 +104,7 @@ .Pp .Ss SSH protocol version 2 .Pp -Version 2 works similar: +Version 2 works similarly: Each host has a host-specific DSA key used to identify the host. However, when the daemon starts, it does not generate a server key. Forward security is provided through a Diffie-Hellman key agreement. @@ -257,7 +257,7 @@ .Ql ? can be used as wildcards in the patterns. -Only group names are valid, a numerical group ID isn't recognized. +Only group names are valid; a numerical group ID isn't recognized. By default login is allowed regardless of the primary group. .Pp .It Cm AllowUsers @@ -270,7 +270,7 @@ .Ql ? can be used as wildcards in the patterns. -Only user names are valid, a numerical user ID isn't recognized. +Only user names are valid; a numerical user ID isn't recognized. By default login is allowed regardless of the user name. .Pp .It Cm Ciphers @@ -294,7 +294,7 @@ .Ql ? can be used as wildcards in the patterns. -Only group names are valid, a numerical group ID isn't recognized. +Only group names are valid; a numerical group ID isn't recognized. By default login is allowed regardless of the primary group. .Pp .It Cm DenyUsers @@ -305,7 +305,7 @@ and .Ql ? can be used as wildcards in the patterns. -Only user names are valid, a numerical user ID isn't recognized. +Only user names are valid; a numerical user ID isn't recognized. By default login is allowed regardless of the user name. .It Cm DSAAuthentication Specifies whether DSA authentication is allowed. @@ -321,7 +321,7 @@ .Dq no . The default is .Dq no . -.It Cm HostDsaKey +.It Cm HostDSAKey Specifies the file containing the private DSA host key (default .Pa /etc/ssh_host_dsa_key ) used by SSH protocol 2.0. @@ -464,7 +464,7 @@ Specifies whether password authentication is allowed. The default is .Dq yes . -Note that this option applies to both protocol version 1 and 2. +Note that this option applies to both protocol versions 1 and 2. .It Cm PermitEmptyPasswords When password authentication is allowed, it specifies whether the server allows login to accounts with empty password strings. @@ -585,7 +585,7 @@ is used for interactive login sessions. Note that .Xr login 1 -is not never for remote command execution. +is never used for remote command execution. The default is .Dq no . .It Cm X11DisplayOffset @@ -683,7 +683,7 @@ .Pa identity.pub file and edit it. .Pp -The options (if present) consists of comma-separated option +The options (if present) consist of comma-separated option specifications. No spaces are permitted, except within double quotes. The following option specifications are supported: @@ -757,7 +757,7 @@ files contain host public keys for all known hosts. The global file should be prepared by the administrator (optional), and the per-user file is -maintained automatically: whenever the user connects an unknown host +maintained automatically: whenever the user connects from an unknown host its key is added to the per-user file. .Pp Each line in these files contains the following fields: hostnames, @@ -832,7 +832,7 @@ listening for connections (if there are several daemons running concurrently for different ports, this contains the pid of the one started last). -The contents of this file are not sensitive; it can be world-readable. +The content of this file is not sensitive; it can be world-readable. .It Pa $HOME/.ssh/authorized_keys Lists the RSA keys that can be used to log into the user's account. This file must be readable by root (which may on some machines imply @@ -860,7 +860,7 @@ authentication to check the public key of the host. The key must be listed in one of these files to be accepted. The client uses the same files -to verify that the remote host is the one we intended to connect. +to verify that the remote host is the one it intended to connect. These files should be writable only by root/the owner. .Pa /etc/ssh_known_hosts should be world-readable, and @@ -899,7 +899,7 @@ .Pa .rhosts . However, this file is not used by rlogin and rshd, so using this permits access using SSH only. -.Pa /etc/hosts.equiv +.It Pa /etc/hosts.equiv This file is used during .Pa .rhosts authentication.