=================================================================== RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/ssh/sshd_config.5,v retrieving revision 1.218 retrieving revision 1.219 diff -u -r1.218 -r1.219 --- src/usr.bin/ssh/sshd_config.5 2016/02/16 05:11:04 1.218 +++ src/usr.bin/ssh/sshd_config.5 2016/02/17 07:38:19 1.219 @@ -33,8 +33,8 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd_config.5,v 1.218 2016/02/16 05:11:04 djm Exp $ -.Dd $Mdocdate: February 16 2016 $ +.\" $OpenBSD: sshd_config.5,v 1.219 2016/02/17 07:38:19 jmc Exp $ +.Dd $Mdocdate: February 17 2016 $ .Dt SSHD_CONFIG 5 .Os .Sh NAME @@ -70,8 +70,7 @@ in .Xr ssh_config 5 for how to configure the client. -Note that environment passing is only supported for protocol 2, and -that the +The .Ev TERM environment variable is always sent whenever the client requests a pseudo-terminal as it is required by the protocol. @@ -226,7 +225,7 @@ .Dq publickey,publickey will require successful authentication using two different public keys. .Pp -This option is only available for SSH protocol 2 and will yield a fatal +This option will yield a fatal error if enabled if protocol 1 is also enabled. Note that each authentication method listed should also be explicitly enabled in the configuration. @@ -373,7 +372,6 @@ If the argument is .Dq none then no banner is displayed. -This option is only available for protocol version 2. By default, no banner is displayed. .It Cm ChallengeResponseAuthentication Specifies whether challenge-response authentication is allowed. @@ -438,7 +436,7 @@ indicating not to .Xr chroot 2 . .It Cm Ciphers -Specifies the ciphers allowed for protocol version 2. +Specifies the ciphers allowed. Multiple ciphers must be comma-separated. If the specified value begins with a .Sq + @@ -519,7 +517,6 @@ .Cm ClientAliveCountMax is left at the default, unresponsive SSH clients will be disconnected after approximately 45 seconds. -This option applies to protocol version 2 only. .It Cm ClientAliveInterval Sets a timeout interval in seconds after which if no data has been received from the client, @@ -528,7 +525,6 @@ channel to request a response from the client. The default is 0, indicating that these messages will not be sent to the client. -This option applies to protocol version 2 only. .It Cm Compression Specifies whether compression is allowed, or delayed until the user has authenticated successfully. @@ -628,13 +624,11 @@ Specifies whether user authentication based on GSSAPI is allowed. The default is .Dq no . -Note that this option applies to protocol version 2 only. .It Cm GSSAPICleanupCredentials Specifies whether to automatically destroy the user's credentials cache on logout. The default is .Dq yes . -Note that this option applies to protocol version 2 only. .It Cm GSSAPIStrictAcceptorCheck Determines whether to be strict about the identity of the GSSAPI acceptor a client authenticates against. @@ -677,9 +671,6 @@ Specifies whether rhosts or /etc/hosts.equiv authentication together with successful public key client host authentication is allowed (host-based authentication). -This option is similar to -.Cm RhostsRSAAuthentication -and applies to protocol version 2 only. The default is .Dq no . .It Cm HostbasedUsesNameFromPacketOnly @@ -750,7 +741,7 @@ .Ev SSH_AUTH_SOCK environment variable. .It Cm HostKeyAlgorithms -Specifies the protocol version 2 host key algorithms +Specifies the host key algorithms that the server offers. The default for this option is: .Bd -literal -offset 3n @@ -971,8 +962,7 @@ Logging with a DEBUG level violates the privacy of users and is not recommended. .It Cm MACs Specifies the available MAC (message authentication code) algorithms. -The MAC algorithm is used in protocol version 2 -for data integrity protection. +The MAC algorithm is used for data integrity protection. Multiple algorithms must be comma-separated. If the specified value begins with a .Sq + @@ -1381,7 +1371,6 @@ Specifies whether public key authentication is allowed. The default is .Dq yes . -Note that this option applies to protocol version 2 only. .It Cm RekeyLimit Specifies the maximum amount of data that may be transmitted before the session key is renegotiated, optionally followed a maximum amount of @@ -1407,7 +1396,6 @@ .Dq default none , which means that rekeying is performed after the cipher's default amount of data has been sent or received and no time based rekeying is done. -This option applies to protocol version 2 only. .It Cm RevokedKeys Specifies revoked public keys file, or .Dq none @@ -1494,7 +1482,6 @@ to force a different filesystem root on clients. .Pp By default no subsystems are defined. -Note that this option applies to protocol version 2 only. .It Cm SyslogFacility Gives the facility code that is used when logging messages from .Xr sshd 8 .