===================================================================
RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/ssh/sshd_config.5,v
retrieving revision 1.212
retrieving revision 1.213
diff -u -r1.212 -r1.213
--- src/usr.bin/ssh/sshd_config.5	2015/09/11 03:13:36	1.212
+++ src/usr.bin/ssh/sshd_config.5	2015/10/07 14:45:30	1.213
@@ -33,8 +33,8 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: sshd_config.5,v 1.212 2015/09/11 03:13:36 djm Exp $
-.Dd $Mdocdate: September 11 2015 $
+.\" $OpenBSD: sshd_config.5,v 1.213 2015/10/07 14:45:30 sobrado Exp $
+.Dd $Mdocdate: October 7 2015 $
 .Dt SSHD_CONFIG 5
 .Os
 .Sh NAME
@@ -1564,14 +1564,19 @@
 the privilege of the authenticated user.
 The goal of privilege separation is to prevent privilege
 escalation by containing any corruption within the unprivileged processes.
-The default is
-.Dq yes .
+The argument must be
+.Dq yes ,
+.Dq no ,
+or
+.Dq sandbox .
 If
 .Cm UsePrivilegeSeparation
 is set to
 .Dq sandbox
 then the pre-authentication unprivileged process is subject to additional
 restrictions.
+The default is
+.Dq sandbox .
 .It Cm VersionAddendum
 Optionally specifies additional text to append to the SSH protocol banner
 sent by the server upon connection.