Vendor import of OpenSSH 5.4p1

1 files changed, 27 insertions, 13 deletions

diff --git a/ssh_config.5 b/ssh_config.5
index ea9a20b23e33..8cf02597d063 100644
--- a/ssh_config.5
+++ b/ssh_config.5
@@ -34,8 +34,8 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: ssh_config.5,v 1.119 2009/02/22 23:50:57 djm Exp $
-.Dd $Mdocdate: February 22 2009 $
+.\" $OpenBSD: ssh_config.5,v 1.129 2010/03/05 10:28:21 djm Exp $
+.Dd $Mdocdate: March 5 2010 $
 .Dt SSH_CONFIG 5
 .Os
 .Sh NAME
@@ -559,6 +559,12 @@ and
 for protocol version 2.
 Additionally, any identities represented by the authentication agent
 will be used for authentication.
+.Xr ssh 1
+will try to load certificate information from the filename obtained by
+appending
+.Pa -cert.pub
+to the path of a specified
+.Cm IdentityFile .
 .Pp
 The file name may use the tilde
 syntax to refer to a user's home directory or one of the following
@@ -616,6 +622,13 @@ The following escape character substitutions will be performed:
 (remote user name) or
 .Ql %u
 (local user name).
+.Pp
+The command is run synchronously and does not have access to the
+session of the
+.Xr ssh 1
+that spawned it.
+It should not be used for interactive commands.
+.Pp
 This directive is ignored unless
 .Cm PermitLocalCommand
 has been enabled.
@@ -704,6 +717,12 @@ or
 .Dq no .
 The default is
 .Dq no .
+.It Cm PKCS11Provider
+Specifies which PKCS#11 provider to use.
+The argument to this keyword is the PKCS#11 shared libary
+.Xr ssh 1
+should use to communicate with a PKCS#11 token providing the user's
+private RSA key.
 .It Cm Port
 Specifies the port number to connect on the remote host.
 The default is 22.
@@ -730,11 +749,13 @@ The possible values are
 and
 .Sq 2 .
 Multiple versions must be comma-separated.
-The default is
-.Dq 2,1 .
-This means that ssh
-tries version 2 and falls back to version 1
+When this option is set to
+.Dq 2,1
+.Nm ssh
+will try version 2 and fall back to version 1
 if version 2 is not available.
+The default is
+.Sq 2 .
 .It Cm ProxyCommand
 Specifies the command to use to connect to the server.
 The command
@@ -918,13 +939,6 @@ channel to request a response from the server.
 The default
 is 0, indicating that these messages will not be sent to the server.
 This option applies to protocol version 2 only.
-.It Cm SmartcardDevice
-Specifies which smartcard device to use.
-The argument to this keyword is the device
-.Xr ssh 1
-should use to communicate with a smartcard used for storing the user's
-private RSA key.
-By default, no device is specified and smartcard support is not activated.
 .It Cm StrictHostKeyChecking
 If this flag is set to
 .Dq yes ,