===================================================================
RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/ssh/sshd_config.5,v
retrieving revision 1.3.2.3
retrieving revision 1.4
diff -u -r1.3.2.3 -r1.4
--- src/usr.bin/ssh/sshd_config.5	2002/10/11 14:53:07	1.3.2.3
+++ src/usr.bin/ssh/sshd_config.5	2002/06/22 16:45:29	1.4
@@ -34,7 +34,7 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: sshd_config.5,v 1.3.2.3 2002/10/11 14:53:07 miod Exp $
+.\" $OpenBSD: sshd_config.5,v 1.4 2002/06/22 16:45:29 stevesk Exp $
 .Dd September 25, 1999
 .Dt SSHD_CONFIG 5
 .Os
@@ -43,12 +43,12 @@
 .Nd OpenSSH SSH daemon configuration file
 .Sh SYNOPSIS
 .Bl -tag -width Ds -compact
-.It Pa /etc/sshd_config
+.It Pa /etc/ssh/sshd_config
 .El
 .Sh DESCRIPTION
 .Nm sshd
 reads configuration data from
-.Pa /etc/sshd_config
+.Pa /etc/ssh/sshd_config
 (or the file specified with
 .Fl f
 on the command line).
@@ -237,11 +237,11 @@
 Specifies a file containing a private host key
 used by SSH.
 The default is
-.Pa /etc/ssh_host_key
+.Pa /etc/ssh/ssh_host_key
 for protocol version 1, and
-.Pa /etc/ssh_host_rsa_key
+.Pa /etc/ssh/ssh_host_rsa_key
 and
-.Pa /etc/ssh_host_dsa_key
+.Pa /etc/ssh/ssh_host_dsa_key
 for protocol version 2.
 Note that
 .Nm sshd
@@ -379,7 +379,7 @@
 The server disconnects after this time if the user has not
 successfully logged in.
 If the value is 0, there is no time limit.
-The default is 120 seconds.
+The default is 600 (seconds).
 .It Cm LogLevel
 Gives the verbosity level that is used when logging messages from
 .Nm sshd .
@@ -459,20 +459,6 @@
 If this option is set to
 .Dq no
 root is not allowed to login.
-.It Cm PermitUserEnvironment
-Specifies whether
-.Pa ~/.ssh/environment
-and
-.Cm environment=
-options in
-.Pa ~/.ssh/authorized_keys
-are processed by
-.Nm sshd .
-The default is
-.Dq no .
-Enabling environment processing may enable users to bypass access
-restrictions in some configurations using mechanisms such as
-.Ev LD_PRELOAD .
 .It Cm PidFile
 Specifies the file that contains the process ID of the
 .Nm sshd
@@ -507,7 +493,7 @@
 .It Cm Protocol
 Specifies the protocol versions
 .Nm sshd
-supports.
+should support.
 The possible values are
 .Dq 1
 and
@@ -515,13 +501,6 @@
 Multiple versions must be comma-separated.
 The default is
 .Dq 2,1 .
-Note that the order of the protocol list does not indicate preference,
-because the client selects among multiple protocol versions offered
-by the server.
-Specifying
-.Dq 2,1
-is identical to
-.Dq 1,2 .
 .It Cm PubkeyAuthentication
 Specifies whether public key authentication is allowed.
 The default is
@@ -624,35 +603,10 @@
 The default is 10.
 .It Cm X11Forwarding
 Specifies whether X11 forwarding is permitted.
-The argument must be
-.Dq yes
-or
-.Dq no .
 The default is
 .Dq no .
-.Pp
-When X11 forwarding is enabled, there may be additional exposure to
-the server and to client displays if the
-.Nm sshd
-proxy display is configured to listen on the wildcard address (see
-.Cm X11UseLocalhost
-below), however this is not the default.
-Additionally, the authentication spoofing and authentication data
-verification and substitution occur on the client side.
-The security risk of using X11 forwarding is that the client's X11
-display server may be exposed to attack when the ssh client requests
-forwarding (see the warnings for
-.Cm ForwardX11
-in
-.Xr ssh_config 5 ).
-A system administrator may have a stance in which they want to
-protect clients that may expose themselves to attack by unwittingly
-requesting X11 forwarding, which can warrant a
-.Dq no
-setting.
-.Pp
-Note that disabling X11 forwarding does not prevent users from
-forwarding X11 traffic, as users can always install their own forwarders.
+Note that disabling X11 forwarding does not improve security in any
+way, as users can always install their own forwarders.
 X11 forwarding is automatically disabled if
 .Cm UseLogin
 is enabled.
@@ -667,7 +621,7 @@
 .Ev DISPLAY
 environment variable to
 .Dq localhost .
-This prevents remote hosts from connecting to the proxy display.
+This prevents remote hosts from connecting to the fake display.
 However, some older X11 clients may not function with this
 configuration.
 .Cm X11UseLocalhost
@@ -682,7 +636,7 @@
 The default is
 .Dq yes .
 .It Cm XAuthLocation
-Specifies the full pathname of the
+Specifies the location of the
 .Xr xauth 1
 program.
 The default is
@@ -694,7 +648,7 @@
 command-line arguments and configuration file options that specify time
 may be expressed using a sequence of the form:
 .Sm off
-.Ar time Op Ar qualifier ,
+.Ar time Oo Ar qualifier Oc ,
 .Sm on
 where
 .Ar time
@@ -732,7 +686,7 @@
 .El
 .Sh FILES
 .Bl -tag -width Ds
-.It Pa /etc/sshd_config
+.It Pa /etc/ssh/sshd_config
 Contains configuration data for
 .Nm sshd .
 This file should be writable by root only, but it is recommended