===================================================================
RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/ssh/sshd_config.5,v
retrieving revision 1.88
retrieving revision 1.89
diff -u -r1.88 -r1.89
--- src/usr.bin/ssh/sshd_config.5	2008/05/07 05:49:37	1.88
+++ src/usr.bin/ssh/sshd_config.5	2008/05/07 08:00:14	1.89
@@ -34,7 +34,7 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: sshd_config.5,v 1.88 2008/05/07 05:49:37 pyr Exp $
+.\" $OpenBSD: sshd_config.5,v 1.89 2008/05/07 08:00:14 jmc Exp $
 .Dd $Mdocdate: May 7 2008 $
 .Dt SSHD_CONFIG 5
 .Os
@@ -95,6 +95,15 @@
 (use IPv6 only).
 The default is
 .Dq any .
+.It Cm AllowAgentForwarding
+Specifies whether
+.Xr ssh-agent 1
+forwarding is permitted.
+The default is
+.Dq yes .
+Note that disabling agent forwarding does not improve security
+unless users are also denied shell access, as they can always install
+their own forwarders.
 .It Cm AllowGroups
 This keyword can be followed by a list of group name patterns, separated
 by spaces.
@@ -114,15 +123,6 @@
 in
 .Xr ssh_config 5
 for more information on patterns.
-.It Cm AllowAgentForwarding
-Specifies whether
-.Xr ssh-agent 1
-forwarding is permitted.
-The default is
-.Dq yes .
-Note that disabling Agent forwarding does not improve security
-unless users are also denied shell access, as they can always install
-their own forwarders.
 .It Cm AllowTcpForwarding
 Specifies whether TCP forwarding is permitted.
 The default is