===================================================================
RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/ssh/sshd_config.5,v
retrieving revision 1.223
retrieving revision 1.224
diff -u -r1.223 -r1.224
--- src/usr.bin/ssh/sshd_config.5	2016/05/04 14:29:58	1.223
+++ src/usr.bin/ssh/sshd_config.5	2016/06/17 05:03:40	1.224
@@ -33,8 +33,8 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: sshd_config.5,v 1.223 2016/05/04 14:29:58 markus Exp $
-.Dd $Mdocdate: May 4 2016 $
+.\" $OpenBSD: sshd_config.5,v 1.224 2016/06/17 05:03:40 djm Exp $
+.Dd $Mdocdate: June 17 2016 $
 .Dt SSHD_CONFIG 5
 .Os
 .Sh NAME
@@ -189,9 +189,12 @@
 Specifies the authentication methods that must be successfully completed
 for a user to be granted access.
 This option must be followed by one or more comma-separated lists of
-authentication method names.
-Successful authentication requires completion of every method in at least
-one of these lists.
+authentication method names, or by the single string
+.Dq any
+to indicate the default behaviour of accepting any single authentication
+methods.
+if the default is overridden, then successful authentication requires
+completion of every method in at least one of these lists.
 .Pp
 For example, an argument of
 .Dq publickey,password publickey,keyboard-interactive
@@ -231,7 +234,9 @@
 error if enabled if protocol 1 is also enabled.
 Note that each authentication method listed should also be explicitly enabled
 in the configuration.
-The default is not to require multiple authentication; successful completion
+The default
+.Dq any
+is not to require multiple authentication; successful completion
 of a single authentication method is sufficient.
 .It Cm AuthorizedKeysCommand
 Specifies a program to be used to look up the user's public keys.