===================================================================
RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/ssh/sshd_config.5,v
retrieving revision 1.55.2.1
retrieving revision 1.56
diff -u -r1.55.2.1 -r1.56
--- src/usr.bin/ssh/sshd_config.5	2006/09/30 04:06:51	1.55.2.1
+++ src/usr.bin/ssh/sshd_config.5	2006/03/13 10:14:29	1.56
@@ -34,7 +34,7 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: sshd_config.5,v 1.55.2.1 2006/09/30 04:06:51 brad Exp $
+.\" $OpenBSD: sshd_config.5,v 1.56 2006/03/13 10:14:29 dtucker Exp $
 .Dd September 25, 1999
 .Dt SSHD_CONFIG 5
 .Os
@@ -223,7 +223,6 @@
 .Cm ClientAliveCountMax
 is left at the default, unresponsive SSH clients
 will be disconnected after approximately 45 seconds.
-This option applies to protocol version 2 only.
 .It Cm ClientAliveInterval
 Sets a timeout interval in seconds after which if no data has been received
 from the client,
@@ -283,18 +282,6 @@
 in
 .Xr ssh_config 5
 for more information on patterns.
-.It Cm ForceCommand
-Forces the execution of the command specified by
-.Cm ForceCommand ,
-ignoring any command supplied by the client.
-The command is invoked by using the user's login shell with the -c option.
-This applies to shell, command, or subsystem execution.
-It is most useful inside a
-.Cm Match
-block.
-The command originally supplied by the client is available in the
-.Ev SSH_ORIGINAL_COMMAND
-environment variable.
 .It Cm GatewayPorts
 Specifies whether remote hosts are allowed to connect to ports
 forwarded for the client.
@@ -335,23 +322,6 @@
 and applies to protocol version 2 only.
 The default is
 .Dq no .
-.It Cm HostbasedUsesNameFromPacketOnly
-Specifies whether or not the server will attempt to perform a reverse
-name lookup when matching the name in the
-.Pa ~/.shosts ,
-.Pa ~/.rhosts ,
-and
-.Pa /etc/hosts.equiv
-files during
-.Cm HostbasedAuthentication .
-A setting of
-.Dq yes
-means that
-.Xr sshd 8
-uses the name supplied by the client rather than
-attempting to resolve the name from the TCP connection itself.
-The default is
-.Dq no .
 .It Cm HostKey
 Specifies a file containing a private host key
 used by SSH.
@@ -492,35 +462,6 @@
 Multiple algorithms must be comma-separated.
 The default is:
 .Dq hmac-md5,hmac-sha1,hmac-ripemd160,hmac-sha1-96,hmac-md5-96 .
-.It Cm Match
-Introduces a conditional block.
-If all of the criteria on the
-.Cm Match
-line are satisfied, the keywords on the following lines override those
-set in the global section of the config file, until either another
-.Cm Match
-line or the end of the file.
-The arguments to
-.Cm Match
-are one or more criteria-pattern pairs.
-The available criteria are
-.Cm User ,
-.Cm Group ,
-.Cm Host ,
-and
-.Cm Address .
-Only a subset of keywords may be used on the lines following a
-.Cm Match
-keyword.
-Available keywords are
-.Cm AllowTcpForwarding ,
-.Cm ForceCommand ,
-.Cm GatewayPorts ,
-.Cm PermitOpen ,
-.Cm X11DisplayOffset ,
-.Cm X11Forwarding ,
-and
-.Cm X11UseLocalHost .
 .It Cm MaxAuthTries
 Specifies the maximum number of authentication attempts permitted per
 connection.
@@ -560,33 +501,6 @@
 server allows login to accounts with empty password strings.
 The default is
 .Dq no .
-.It Cm PermitOpen
-Specifies the destinations to which TCP port forwarding is permitted.
-The forwarding specification must be one of the following forms:
-.Pp
-.Bl -item -offset indent -compact
-.It
-.Cm PermitOpen
-.Sm off
-.Ar host : port
-.Sm on
-.It
-.Cm PermitOpen
-.Sm off
-.Ar IPv4_addr : port
-.Sm on
-.It
-.Cm PermitOpen
-.Sm off
-.Ar \&[ IPv6_addr \&] : port
-.Sm on
-.El
-.Pp
-Multiple forwards may be specified by separating them with whitespace.
-An argument of
-.Dq any
-can be used to remove all restrictions and permit any forwarding requests.
-By default all port forwarding requests are permitted.
 .It Cm PermitRootLogin
 Specifies whether root can log in using
 .Xr ssh 1 .
@@ -622,17 +536,10 @@
 device forwarding is allowed.
 The argument must be
 .Dq yes ,
-.Dq point-to-point
-(layer 3),
-.Dq ethernet
-(layer 2), or
+.Dq point-to-point ,
+.Dq ethernet ,
+or
 .Dq no .
-Specifying
-.Dq yes
-permits both
-.Dq point-to-point
-and
-.Dq ethernet .
 The default is
 .Dq no .
 .It Cm PermitUserEnvironment
@@ -728,8 +635,8 @@
 .Dq yes .
 .It Cm Subsystem
 Configures an external subsystem (e.g. file transfer daemon).
-Arguments should be a subsystem name and a command (with optional arguments)
-to execute upon subsystem request.
+Arguments should be a subsystem name and a command to execute upon subsystem
+request.
 The command
 .Xr sftp-server 8
 implements the
@@ -888,7 +795,7 @@
 is one of the following:
 .Pp
 .Bl -tag -width Ds -compact -offset indent
-.It Aq Cm none
+.It Cm <none>
 seconds
 .It Cm s | Cm S
 seconds