openssh-014 New build/openssh/patches/man-sections.patch

   1 diff -ru openssh-7.1p1.orig/Makefile.in openssh-7.1p1/Makefile.in
   2 --- openssh-7.1p1.orig/Makefile.in      Fri Aug 21 00:49:03 2015
   3 +++ openssh-7.1p1/Makefile.in   Wed Sep  2 08:54:44 2015
   4 @@ -298,8 +298,8 @@
   5         $(srcdir)/mkinstalldirs $(DESTDIR)$(sbindir)
   6         $(srcdir)/mkinstalldirs $(DESTDIR)$(mandir)
   7         $(srcdir)/mkinstalldirs $(DESTDIR)$(mandir)/$(mansubdir)1
   8 -       $(srcdir)/mkinstalldirs $(DESTDIR)$(mandir)/$(mansubdir)5
   9 -       $(srcdir)/mkinstalldirs $(DESTDIR)$(mandir)/$(mansubdir)8
  10 +       $(srcdir)/mkinstalldirs $(DESTDIR)$(mandir)/$(mansubdir)1m
  11 +       $(srcdir)/mkinstalldirs $(DESTDIR)$(mandir)/$(mansubdir)4
  12         $(srcdir)/mkinstalldirs $(DESTDIR)$(libexecdir)
  13         (umask 022 ; $(srcdir)/mkinstalldirs $(DESTDIR)$(PRIVSEP_PATH))
  14         $(INSTALL) -m 0755 $(STRIP_OPT) ssh$(EXEEXT) $(DESTDIR)$(bindir)/ssh$(EXEEXT)
  15 @@ -319,14 +319,14 @@
  16         $(INSTALL) -m 644 ssh-agent.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/ssh-agent.1
  17         $(INSTALL) -m 644 ssh-keygen.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/ssh-keygen.1
  18         $(INSTALL) -m 644 ssh-keyscan.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/ssh-keyscan.1
  19 -       $(INSTALL) -m 644 moduli.5.out $(DESTDIR)$(mandir)/$(mansubdir)5/moduli.5
  20 -       $(INSTALL) -m 644 sshd_config.5.out $(DESTDIR)$(mandir)/$(mansubdir)5/sshd_config.5
  21 -       $(INSTALL) -m 644 ssh_config.5.out $(DESTDIR)$(mandir)/$(mansubdir)5/ssh_config.5
  22 -       $(INSTALL) -m 644 sshd.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/sshd.8
  23 +       $(INSTALL) -m 644 moduli.5.out $(DESTDIR)$(mandir)/$(mansubdir)4/moduli.4
  24 +       $(INSTALL) -m 644 sshd_config.5.out $(DESTDIR)$(mandir)/$(mansubdir)4/sshd_config.4
  25 +       $(INSTALL) -m 644 ssh_config.5.out $(DESTDIR)$(mandir)/$(mansubdir)4/ssh_config.4
  26 +       $(INSTALL) -m 644 sshd.8.out $(DESTDIR)$(mandir)/$(mansubdir)1m/sshd.1m
  27         $(INSTALL) -m 644 sftp.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/sftp.1
  28 -       $(INSTALL) -m 644 sftp-server.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/sftp-server.8
  29 -       $(INSTALL) -m 644 ssh-keysign.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-keysign.8
  30 -       $(INSTALL) -m 644 ssh-pkcs11-helper.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-pkcs11-helper.8
  31 +       $(INSTALL) -m 644 sftp-server.8.out $(DESTDIR)$(mandir)/$(mansubdir)1m/sftp-server.1m
  32 +       $(INSTALL) -m 644 ssh-keysign.8.out $(DESTDIR)$(mandir)/$(mansubdir)1m/ssh-keysign.1m
  33 +       $(INSTALL) -m 644 ssh-pkcs11-helper.8.out $(DESTDIR)$(mandir)/$(mansubdir)1m/ssh-pkcs11-helper.1m
  34         -rm -f $(DESTDIR)$(bindir)/slogin
  35         ln -s ./ssh$(EXEEXT) $(DESTDIR)$(bindir)/slogin
  36         -rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/slogin.1
  37 diff -ru openssh-7.1p1.orig/moduli.5 openssh-7.1p1/moduli.5
  38 --- openssh-7.1p1.orig/moduli.5 Fri Aug 21 00:49:03 2015
  39 +++ openssh-7.1p1/moduli.5      Wed Sep  2 08:54:44 2015
  40 @@ -14,7 +14,7 @@
  41  .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
  42  .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  43  .Dd $Mdocdate: September 26 2012 $
  44 -.Dt MODULI 5
  45 +.Dt MODULI 4
  46  .Os
  47  .Sh NAME
  48  .Nm moduli
  49 @@ -23,7 +23,7 @@
  50  The
  51  .Pa /etc/moduli
  52  file contains prime numbers and generators for use by
  53 -.Xr sshd 8
  54 +.Xr sshd 1M
  55  in the Diffie-Hellman Group Exchange key exchange method.
  56  .Pp
  57  New moduli may be generated with
  58 @@ -40,7 +40,7 @@
  59  .Ic ssh-keygen -T ,
  60  provides a high degree of assurance that the numbers are prime and are
  61  safe for use in Diffie-Hellman operations by
  62 -.Xr sshd 8 .
  63 +.Xr sshd 1M .
  64  This
  65  .Nm
  66  format is used as the output from each pass.
  67 @@ -70,7 +70,7 @@
  68  Further primality testing with
  69  .Xr ssh-keygen 1
  70  produces safe prime moduli (type 2) that are ready for use in
  71 -.Xr sshd 8 .
  72 +.Xr sshd 1M .
  73  Other types are not used by OpenSSH.
  74  .It tests
  75  Decimal number indicating the type of primality tests that the number
  76 @@ -105,16 +105,16 @@
  77  .El
  78  .Pp
  79  When performing Diffie-Hellman Group Exchange,
  80 -.Xr sshd 8
  81 +.Xr sshd 1M
  82  first estimates the size of the modulus required to produce enough
  83  Diffie-Hellman output to sufficiently key the selected symmetric cipher.
  84 -.Xr sshd 8
  85 +.Xr sshd 1M
  86  then randomly selects a modulus from
  87  .Fa /etc/moduli
  88  that best meets the size requirement.
  89  .Sh SEE ALSO
  90  .Xr ssh-keygen 1 ,
  91 -.Xr sshd 8
  92 +.Xr sshd 1M
  93  .Sh STANDARDS
  94  .Rs
  95  .%A M. Friedl
  96 diff -ru openssh-7.1p1.orig/scp.1 openssh-7.1p1/scp.1
  97 --- openssh-7.1p1.orig/scp.1    Fri Aug 21 00:49:03 2015
  98 +++ openssh-7.1p1/scp.1 Wed Sep  2 08:54:44 2015
  99 @@ -116,13 +116,13 @@
 100  Can be used to pass options to
 101  .Nm ssh
 102  in the format used in
 103 -.Xr ssh_config 5 .
 104 +.Xr ssh_config 4 .
 105  This is useful for specifying options
 106  for which there is no separate
 107  .Nm scp
 108  command-line flag.
 109  For full details of the options listed below, and their possible values, see
 110 -.Xr ssh_config 5 .
 111 +.Xr ssh_config 4 .
 112  .Pp
 113  .Bl -tag -width Ds -offset indent -compact
 114  .It AddressFamily
 115 @@ -230,8 +230,8 @@
 116  .Xr ssh-add 1 ,
 117  .Xr ssh-agent 1 ,
 118  .Xr ssh-keygen 1 ,
 119 -.Xr ssh_config 5 ,
 120 -.Xr sshd 8
 121 +.Xr ssh_config 4 ,
 122 +.Xr sshd 1M
 123  .Sh HISTORY
 124  .Nm
 125  is based on the rcp program in
 126 diff -ru openssh-7.1p1.orig/sftp-server.8 openssh-7.1p1/sftp-server.8
 127 --- openssh-7.1p1.orig/sftp-server.8    Fri Aug 21 00:49:03 2015
 128 +++ openssh-7.1p1/sftp-server.8 Wed Sep  2 09:02:44 2015
 129 @@ -23,7 +23,7 @@
 130  .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 131  .\"
 132  .Dd $Mdocdate: December 11 2014 $
 133 -.Dt SFTP-SERVER 8
 134 +.Dt SFTP-SERVER 1M
 135  .Os
 136  .Sh NAME
 137  .Nm sftp-server
 138 @@ -47,7 +47,7 @@
 139  to stdout and expects client requests from stdin.
 140  .Nm
 141  is not intended to be called directly, but from
 142 -.Xr sshd 8
 143 +.Xr sshd 1M
 144  using the
 145  .Cm Subsystem
 146  option.
 147 @@ -58,7 +58,7 @@
 148  .Cm Subsystem
 149  declaration.
 150  See
 151 -.Xr sshd_config 5
 152 +.Xr sshd_config 4
 153  for more information.
 154  .Pp
 155  Valid options are:
 156 @@ -71,7 +71,7 @@
 157  and %u is replaced by the username of that user.
 158  The default is to use the user's home directory.
 159  This option is useful in conjunction with the
 160 -.Xr sshd_config 5
 161 +.Xr sshd_config 4
 162  .Cm ChrootDirectory
 163  option.
 164  .It Fl e
 165 @@ -147,13 +147,13 @@
 166  for logging to work, and use of
 167  .Nm
 168  in a chroot configuration therefore requires that
 169 -.Xr syslogd 8
 170 +.Xr syslogd 1M
 171  establish a logging socket inside the chroot directory.
 172  .Sh SEE ALSO
 173  .Xr sftp 1 ,
 174  .Xr ssh 1 ,
 175 -.Xr sshd_config 5 ,
 176 -.Xr sshd 8
 177 +.Xr sshd_config 4 ,
 178 +.Xr sshd 1M
 179  .Rs
 180  .%A T. Ylonen
 181  .%A S. Lehtinen
 182 diff -ru openssh-7.1p1.orig/sftp.1 openssh-7.1p1/sftp.1
 183 --- openssh-7.1p1.orig/sftp.1   Fri Aug 21 00:49:03 2015
 184 +++ openssh-7.1p1/sftp.1        Wed Sep  2 08:54:44 2015
 185 @@ -85,7 +85,7 @@
 186  option.
 187  In such cases, it is necessary to configure non-interactive authentication
 188  to obviate the need to enter a password at connection time (see
 189 -.Xr sshd 8
 190 +.Xr sshd 1M
 191  and
 192  .Xr ssh-keygen 1
 193  for details).
 194 @@ -179,7 +179,7 @@
 195  Can be used to pass options to
 196  .Nm ssh
 197  in the format used in
 198 -.Xr ssh_config 5 .
 199 +.Xr ssh_config 4 .
 200  This is useful for specifying options
 201  for which there is no separate
 202  .Nm sftp
 203 @@ -187,7 +187,7 @@
 204  For example, to specify an alternate port use:
 205  .Ic sftp -oPort=24 .
 206  For full details of the options listed below, and their possible values, see
 207 -.Xr ssh_config 5 .
 208 +.Xr ssh_config 4 .
 209  .Pp
 210  .Bl -tag -width Ds -offset indent -compact
 211  .It AddressFamily
 212 @@ -282,7 +282,7 @@
 213  A path is useful for using
 214  .Nm
 215  over protocol version 1, or when the remote
 216 -.Xr sshd 8
 217 +.Xr sshd 1M
 218  does not have an sftp subsystem configured.
 219  .It Fl v
 220  Raise logging level.
 221 @@ -612,9 +612,9 @@
 222  .Xr ssh-add 1 ,
 223  .Xr ssh-keygen 1 ,
 224  .Xr glob 3 ,
 225 -.Xr ssh_config 5 ,
 226 -.Xr sftp-server 8 ,
 227 -.Xr sshd 8
 228 +.Xr ssh_config 4 ,
 229 +.Xr sftp-server 1M ,
 230 +.Xr sshd 1M
 231  .Rs
 232  .%A T. Ylonen
 233  .%A S. Lehtinen
 234 diff -ru openssh-7.1p1.orig/ssh-add.1 openssh-7.1p1/ssh-add.1
 235 --- openssh-7.1p1.orig/ssh-add.1        Fri Aug 21 00:49:03 2015
 236 +++ openssh-7.1p1/ssh-add.1     Wed Sep  2 08:54:44 2015
 237 @@ -134,7 +134,7 @@
 238  Set a maximum lifetime when adding identities to an agent.
 239  The lifetime may be specified in seconds or in a time format
 240  specified in
 241 -.Xr sshd_config 5 .
 242 +.Xr sshd_config 4 .
 243  .It Fl X
 244  Unlock the agent.
 245  .It Fl x
 246 @@ -200,7 +200,7 @@
 247  .Xr ssh-agent 1 ,
 248  .Xr ssh-askpass 1 ,
 249  .Xr ssh-keygen 1 ,
 250 -.Xr sshd 8
 251 +.Xr sshd 1M
 252  .Sh AUTHORS
 253  OpenSSH is a derivative of the original and free
 254  ssh 1.2.12 release by Tatu Ylonen.
 255 diff -ru openssh-7.1p1.orig/ssh-agent.1 openssh-7.1p1/ssh-agent.1
 256 --- openssh-7.1p1.orig/ssh-agent.1      Fri Aug 21 00:49:03 2015
 257 +++ openssh-7.1p1/ssh-agent.1   Wed Sep  2 09:02:52 2015
 258 @@ -123,7 +123,7 @@
 259  .It Fl t Ar life
 260  Set a default value for the maximum lifetime of identities added to the agent.
 261  The lifetime may be specified in seconds or in a time format specified in
 262 -.Xr sshd_config 5 .
 263 +.Xr sshd_config 4 .
 264  A lifetime specified for an identity with
 265  .Xr ssh-add 1
 266  overrides this value.
 267 @@ -198,7 +198,7 @@
 268  .Xr ssh 1 ,
 269  .Xr ssh-add 1 ,
 270  .Xr ssh-keygen 1 ,
 271 -.Xr sshd 8
 272 +.Xr sshd 1M
 273  .Sh AUTHORS
 274  OpenSSH is a derivative of the original and free
 275  ssh 1.2.12 release by Tatu Ylonen.
 276 diff -ru openssh-7.1p1.orig/ssh-keygen.1 openssh-7.1p1/ssh-keygen.1
 277 --- openssh-7.1p1.orig/ssh-keygen.1     Fri Aug 21 00:49:03 2015
 278 +++ openssh-7.1p1/ssh-keygen.1  Wed Sep  2 08:54:44 2015
 279 @@ -443,7 +443,7 @@
 280  Disable execution of
 281  .Pa ~/.ssh/rc
 282  by
 283 -.Xr sshd 8
 284 +.Xr sshd 1M
 285  (permitted by default).
 286  .It Ic no-x11-forwarding
 287  Disable X11 forwarding (permitted by default).
 288 @@ -459,7 +459,7 @@
 289  Allows execution of
 290  .Pa ~/.ssh/rc
 291  by
 292 -.Xr sshd 8 .
 293 +.Xr sshd 1M .
 294  .It Ic permit-x11-forwarding
 295  Allows X11 forwarding.
 296  .It Ic source-address Ns = Ns Ar address_list
 297 @@ -550,7 +550,7 @@
 298  in YYYYMMDDHHMMSS format or a relative time (to the current time) consisting
 299  of a minus sign followed by a relative time in the format described in the
 300  TIME FORMATS section of
 301 -.Xr sshd_config 5 .
 302 +.Xr sshd_config 4 .
 303  The end time may be specified as a YYYYMMDD date, a YYYYMMDDHHMMSS time or
 304  a relative time starting with a plus character.
 305  .Pp
 306 @@ -652,7 +652,7 @@
 307  on a certificate rather than trusting many user/host keys.
 308  Note that OpenSSH certificates are a different, and much simpler, format to
 309  the X.509 certificates used in
 310 -.Xr ssl 8 .
 311 +.Xr ssl 1M .
 312  .Pp
 313  .Nm
 314  supports two types of certificates: user and host.
 315 @@ -716,7 +716,7 @@
 316  .Pp
 317  For certificates to be used for user or host authentication, the CA
 318  public key must be trusted by
 319 -.Xr sshd 8
 320 +.Xr sshd 1M
 321  or
 322  .Xr ssh 1 .
 323  Please refer to those manual pages for details.
 324 @@ -840,14 +840,14 @@
 325  .It Pa /etc/moduli
 326  Contains Diffie-Hellman groups used for DH-GEX.
 327  The file format is described in
 328 -.Xr moduli 5 .
 329 +.Xr moduli 4 .
 330  .El
 331  .Sh SEE ALSO
 332  .Xr ssh 1 ,
 333  .Xr ssh-add 1 ,
 334  .Xr ssh-agent 1 ,
 335 -.Xr moduli 5 ,
 336 -.Xr sshd 8
 337 +.Xr moduli 4 ,
 338 +.Xr sshd 1M
 339  .Rs
 340  .%R RFC 4716
 341  .%T "The Secure Shell (SSH) Public Key File Format"
 342 diff -ru openssh-7.1p1.orig/ssh-keyscan.1 openssh-7.1p1/ssh-keyscan.1
 343 --- openssh-7.1p1.orig/ssh-keyscan.1    Fri Aug 21 00:49:03 2015
 344 +++ openssh-7.1p1/ssh-keyscan.1 Wed Sep  2 09:01:30 2015
 345 @@ -164,7 +164,7 @@
 346  .Ed
 347  .Sh SEE ALSO
 348  .Xr ssh 1 ,
 349 -.Xr sshd 8
 350 +.Xr sshd 1M
 351  .Sh AUTHORS
 352  .An -nosplit
 353  .An David Mazieres Aq Mt dm@lcs.mit.edu
 354 diff -ru openssh-7.1p1.orig/ssh-keysign.8 openssh-7.1p1/ssh-keysign.8
 355 --- openssh-7.1p1.orig/ssh-keysign.8    Fri Aug 21 00:49:03 2015
 356 +++ openssh-7.1p1/ssh-keysign.8 Wed Sep  2 08:54:44 2015
 357 @@ -23,7 +23,7 @@
 358  .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 359  .\"
 360  .Dd $Mdocdate: December 7 2013 $
 361 -.Dt SSH-KEYSIGN 8
 362 +.Dt SSH-KEYSIGN 1M
 363  .Os
 364  .Sh NAME
 365  .Nm ssh-keysign
 366 @@ -52,7 +52,7 @@
 367  See
 368  .Xr ssh 1
 369  and
 370 -.Xr sshd 8
 371 +.Xr sshd 1M
 372  for more information about host-based authentication.
 373  .Sh FILES
 374  .Bl -tag -width Ds -compact
 375 @@ -83,8 +83,8 @@
 376  .Sh SEE ALSO
 377  .Xr ssh 1 ,
 378  .Xr ssh-keygen 1 ,
 379 -.Xr ssh_config 5 ,
 380 -.Xr sshd 8
 381 +.Xr ssh_config 4 ,
 382 +.Xr sshd 1M
 383  .Sh HISTORY
 384  .Nm
 385  first appeared in
 386 diff -ru openssh-7.1p1.orig/ssh-pkcs11-helper.8 openssh-7.1p1/ssh-pkcs11-helper.8
 387 --- openssh-7.1p1.orig/ssh-pkcs11-helper.8      Fri Aug 21 00:49:03 2015
 388 +++ openssh-7.1p1/ssh-pkcs11-helper.8   Wed Sep  2 08:54:44 2015
 389 @@ -15,7 +15,7 @@
 390  .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 391  .\"
 392  .Dd $Mdocdate: July 16 2013 $
 393 -.Dt SSH-PKCS11-HELPER 8
 394 +.Dt SSH-PKCS11-HELPER 1M
 395  .Os
 396  .Sh NAME
 397  .Nm ssh-pkcs11-helper
 398 diff -ru openssh-7.1p1.orig/ssh.1 openssh-7.1p1/ssh.1
 399 --- openssh-7.1p1.orig/ssh.1    Fri Aug 21 00:49:03 2015
 400 +++ openssh-7.1p1/ssh.1 Wed Sep  2 08:54:44 2015
 401 @@ -173,7 +173,7 @@
 402  See the
 403  .Cm Ciphers
 404  keyword in
 405 -.Xr ssh_config 5
 406 +.Xr ssh_config 4
 407  for more information.
 408  .Pp
 409  .It Fl D Xo
 410 @@ -396,7 +396,7 @@
 411  Refer to the description of
 412  .Cm ControlMaster
 413  in
 414 -.Xr ssh_config 5
 415 +.Xr ssh_config 4
 416  for details.
 417  .Pp
 418  .It Fl m Ar mac_spec
 419 @@ -457,7 +457,7 @@
 420  This is useful for specifying options for which there is no separate
 421  command-line flag.
 422  For full details of the options listed below, and their possible values, see
 423 -.Xr ssh_config 5 .
 424 +.Xr ssh_config 4 .
 425  .Pp
 426  .Bl -tag -width Ds -offset indent -compact
 427  .It AddressFamily
 428 @@ -629,7 +629,7 @@
 429  will only succeed if the server's
 430  .Cm GatewayPorts
 431  option is enabled (see
 432 -.Xr sshd_config 5 ) .
 433 +.Xr sshd_config 4 ) .
 434  .Pp
 435  If the
 436  .Ar port
 437 @@ -651,7 +651,7 @@
 438  and
 439  .Cm ControlMaster
 440  in
 441 -.Xr ssh_config 5
 442 +.Xr ssh_config 4
 443  for details.
 444  .Pp
 445  .It Fl s
 446 @@ -728,7 +728,7 @@
 447  and
 448  .Cm TunnelDevice
 449  directives in
 450 -.Xr ssh_config 5 .
 451 +.Xr ssh_config 4 .
 452  If the
 453  .Cm Tunnel
 454  directive is unset, it is set to the default tunnel mode, which is
 455 @@ -752,7 +752,7 @@
 456  option and the
 457  .Cm ForwardX11Trusted
 458  directive in
 459 -.Xr ssh_config 5
 460 +.Xr ssh_config 4
 461  for more information.
 462  .Pp
 463  .It Fl x
 464 @@ -774,7 +774,7 @@
 465  may additionally obtain configuration data from
 466  a per-user configuration file and a system-wide configuration file.
 467  The file format and configuration options are described in
 468 -.Xr ssh_config 5 .
 469 +.Xr ssh_config 4 .
 470  .Sh AUTHENTICATION
 471  The OpenSSH SSH client supports SSH protocols 1 and 2.
 472  The default is to use protocol 2 only,
 473 @@ -781,7 +781,7 @@
 474  though this can be changed via the
 475  .Cm Protocol
 476  option in
 477 -.Xr ssh_config 5
 478 +.Xr ssh_config 4
 479  or the
 480  .Fl 1
 481  and
 482 @@ -1052,7 +1052,7 @@
 483  allows the user to execute a local command if the
 484  .Ic PermitLocalCommand
 485  option is enabled in
 486 -.Xr ssh_config 5 .
 487 +.Xr ssh_config 4 .
 488  Basic help is available, using the
 489  .Fl h
 490  option.
 491 @@ -1254,7 +1254,7 @@
 492  See the
 493  .Cm VerifyHostKeyDNS
 494  option in
 495 -.Xr ssh_config 5
 496 +.Xr ssh_config 4
 497  for more information.
 498  .Sh SSH-BASED VIRTUAL PRIVATE NETWORKS
 499  .Nm
 500 @@ -1264,7 +1264,7 @@
 501  network pseudo-device,
 502  allowing two networks to be joined securely.
 503  The
 504 -.Xr sshd_config 5
 505 +.Xr sshd_config 4
 506  configuration option
 507  .Cm PermitTunnel
 508  controls whether the server supports this,
 509 @@ -1414,7 +1414,7 @@
 510  For more information, see the
 511  .Cm PermitUserEnvironment
 512  option in
 513 -.Xr sshd_config 5 .
 514 +.Xr sshd_config 4 .
 515  .Sh FILES
 516  .Bl -tag -width Ds -compact
 517  .It Pa ~/.rhosts
 518 @@ -1422,7 +1422,7 @@
 519  On some machines this file may need to be
 520  world-readable if the user's home directory is on an NFS partition,
 521  because
 522 -.Xr sshd 8
 523 +.Xr sshd 1M
 524  reads it as root.
 525  Additionally, this file must be owned by the user,
 526  and must not have write permissions for anyone else.
 527 @@ -1447,7 +1447,7 @@
 528  Lists the public keys (DSA, ECDSA, Ed25519, RSA)
 529  that can be used for logging in as this user.
 530  The format of this file is described in the
 531 -.Xr sshd 8
 532 +.Xr sshd 1M
 533  manual page.
 534  This file is not highly sensitive, but the recommended
 535  permissions are read/write for the user, and not accessible by others.
 536 @@ -1455,7 +1455,7 @@
 537  .It Pa ~/.ssh/config
 538  This is the per-user configuration file.
 539  The file format and configuration options are described in
 540 -.Xr ssh_config 5 .
 541 +.Xr ssh_config 4 .
 542  Because of the potential for abuse, this file must have strict permissions:
 543  read/write for the user, and not writable by others.
 544  .Pp
 545 @@ -1492,7 +1492,7 @@
 546  Contains a list of host keys for all hosts the user has logged into
 547  that are not already in the systemwide list of known host keys.
 548  See
 549 -.Xr sshd 8
 550 +.Xr sshd 1M
 551  for further details of the format of this file.
 552  .Pp
 553  .It Pa ~/.ssh/rc
 554 @@ -1501,7 +1501,7 @@
 555  when the user logs in, just before the user's shell (or command) is
 556  started.
 557  See the
 558 -.Xr sshd 8
 559 +.Xr sshd 1M
 560  manual page for more information.
 561  .Pp
 562  .It Pa /etc/hosts.equiv
 563 @@ -1517,7 +1517,7 @@
 564  .It Pa /etc/ssh/ssh_config
 565  Systemwide configuration file.
 566  The file format and configuration options are described in
 567 -.Xr ssh_config 5 .
 568 +.Xr ssh_config 4 .
 569  .Pp
 570  .It Pa /etc/ssh/ssh_host_key
 571  .It Pa /etc/ssh/ssh_host_dsa_key
 572 @@ -1532,7 +1532,7 @@
 573  For protocol version 2,
 574  .Nm
 575  uses
 576 -.Xr ssh-keysign 8
 577 +.Xr ssh-keysign 1M
 578  to access the host keys,
 579  eliminating the requirement that
 580  .Nm
 581 @@ -1548,7 +1548,7 @@
 582  organization.
 583  It should be world-readable.
 584  See
 585 -.Xr sshd 8
 586 +.Xr sshd 1M
 587  for further details of the format of this file.
 588  .Pp
 589  .It Pa /etc/ssh/sshrc
 590 @@ -1556,7 +1556,7 @@
 591  .Nm
 592  when the user logs in, just before the user's shell (or command) is started.
 593  See the
 594 -.Xr sshd 8
 595 +.Xr sshd 1M
 596  manual page for more information.
 597  .El
 598  .Sh EXIT STATUS
 599 @@ -1571,9 +1571,9 @@
 600  .Xr ssh-keygen 1 ,
 601  .Xr ssh-keyscan 1 ,
 602  .Xr tun 4 ,
 603 -.Xr ssh_config 5 ,
 604 -.Xr ssh-keysign 8 ,
 605 -.Xr sshd 8
 606 +.Xr ssh_config 4 ,
 607 +.Xr ssh-keysign 1M ,
 608 +.Xr sshd 1M
 609  .Sh STANDARDS
 610  .Rs
 611  .%A S. Lehtinen
 612 diff -ru openssh-7.1p1.orig/ssh_config.5 openssh-7.1p1/ssh_config.5
 613 --- openssh-7.1p1.orig/ssh_config.5     Fri Aug 21 00:49:03 2015
 614 +++ openssh-7.1p1/ssh_config.5  Wed Sep  2 09:02:37 2015
 615 @@ -568,7 +568,7 @@
 616  .Dq Fl O No exit
 617  option).
 618  If set to a time in seconds, or a time in any of the formats documented in
 619 -.Xr sshd_config 5 ,
 620 +.Xr sshd_config 4 ,
 621  then the backgrounded master connection will automatically terminate
 622  after it has remained idle (with no client connections) for the
 623  specified time.
 624 @@ -695,7 +695,7 @@
 625  Specify a timeout for untrusted X11 forwarding
 626  using the format described in the
 627  TIME FORMATS section of
 628 -.Xr sshd_config 5 .
 629 +.Xr sshd_config 4 .
 630  X11 connections received by
 631  .Xr ssh 1
 632  after this time will be refused.
 633 @@ -762,7 +762,7 @@
 634  These hashed names may be used normally by
 635  .Xr ssh 1
 636  and
 637 -.Xr sshd 8 ,
 638 +.Xr sshd 1M ,
 639  but they do not reveal identifying information should the file's contents
 640  be disclosed.
 641  The default is
 642 @@ -1206,7 +1206,7 @@
 643  The command can be basically anything,
 644  and should read from its standard input and write to its standard output.
 645  It should eventually connect an
 646 -.Xr sshd 8
 647 +.Xr sshd 1M
 648  server running on some machine, or execute
 649  .Ic sshd -i
 650  somewhere.
 651 @@ -1286,7 +1286,7 @@
 652  The optional second value is specified in seconds and may use any of the
 653  units documented in the
 654  TIME FORMATS section of
 655 -.Xr sshd_config 5 .
 656 +.Xr sshd_config 4 .
 657  The default value for
 658  .Cm RekeyLimit
 659  is
 660 @@ -1330,7 +1330,7 @@
 661  will only succeed if the server's
 662  .Cm GatewayPorts
 663  option is enabled (see
 664 -.Xr sshd_config 5 ) .
 665 +.Xr sshd_config 4 ) .
 666  .It Cm RequestTTY
 667  Specifies whether to request a pseudo-tty for the session.
 668  The argument may be one of:
 669 @@ -1396,7 +1396,7 @@
 670  Refer to
 671  .Cm AcceptEnv
 672  in
 673 -.Xr sshd_config 5
 674 +.Xr sshd_config 4
 675  for how to configure the server.
 676  Variables are specified by name, which may contain wildcard characters.
 677  Multiple environment variables may be separated by whitespace or spread
 678 @@ -1586,7 +1586,7 @@
 679  and will be disabled if it is enabled.
 680  .Pp
 681  Presently, only
 682 -.Xr sshd 8
 683 +.Xr sshd 1M
 684  from OpenSSH 6.8 and greater support the
 685  .Dq hostkeys@openssh.com
 686  protocol extension used to inform the client of all the server's hostkeys.
 687 diff -ru openssh-7.1p1.orig/sshd.8 openssh-7.1p1/sshd.8
 688 --- openssh-7.1p1.orig/sshd.8   Fri Aug 21 00:49:03 2015
 689 +++ openssh-7.1p1/sshd.8        Wed Sep  2 08:59:06 2015
 690 @@ -35,7 +35,7 @@
 691  .\"
 692  .\" $OpenBSD: sshd.8,v 1.280 2015/07/03 03:49:45 djm Exp $
 693  .Dd $Mdocdate: July 3 2015 $
 694 -.Dt SSHD 8
 695 +.Dt SSHD 1M
 696  .Os
 697  .Sh NAME
 698  .Nm sshd
 699 @@ -77,7 +77,7 @@
 700  .Nm
 701  can be configured using command-line options or a configuration file
 702  (by default
 703 -.Xr sshd_config 5 ) ;
 704 +.Xr sshd_config 4 ) ;
 705  command-line options override values specified in the
 706  configuration file.
 707  .Nm
 708 @@ -183,7 +183,7 @@
 709  Specifies that
 710  .Nm
 711  is being run from
 712 -.Xr inetd 8 .
 713 +.Xr inetd 1M .
 714  If SSH protocol 1 is enabled,
 715  .Nm
 716  should not  normally be run
 717 @@ -204,7 +204,7 @@
 718  This is useful for specifying options for which there is no separate
 719  command-line flag.
 720  For full details of the options, and their values, see
 721 -.Xr sshd_config 5 .
 722 +.Xr sshd_config 4 .
 723  .It Fl p Ar port
 724  Specifies the port on which the server listens for connections
 725  (default 22).
 726 @@ -274,7 +274,7 @@
 727  though this can be changed via the
 728  .Cm Protocol
 729  option in
 730 -.Xr sshd_config 5 .
 731 +.Xr sshd_config 4 .
 732  Protocol 2 supports DSA, ECDSA, Ed25519 and RSA keys;
 733  protocol 1 only supports RSA keys.
 734  For both protocols,
 735 @@ -399,7 +399,7 @@
 736  See the
 737  .Cm PermitUserEnvironment
 738  option in
 739 -.Xr sshd_config 5 .
 740 +.Xr sshd_config 4 .
 741  .It
 742  Changes to user's home directory.
 743  .It
 744 @@ -406,7 +406,7 @@
 745  If
 746  .Pa ~/.ssh/rc
 747  exists and the
 748 -.Xr sshd_config 5
 749 +.Xr sshd_config 4
 750  .Cm PermitUserRC
 751  option is set, runs it; else if
 752  .Pa /etc/ssh/sshrc
 753 @@ -549,7 +549,7 @@
 754  environment variable.
 755  Note that this option applies to shell, command or subsystem execution.
 756  Also note that this command may be superseded by either a
 757 -.Xr sshd_config 5
 758 +.Xr sshd_config 4
 759  .Cm ForceCommand
 760  directive or a command embedded in a certificate.
 761  .It Cm environment="NAME=value"
 762 @@ -570,7 +570,7 @@
 763  name of the remote host or its IP address must be present in the
 764  comma-separated list of patterns.
 765  See PATTERNS in
 766 -.Xr ssh_config 5
 767 +.Xr ssh_config 4
 768  for more information on patterns.
 769  .Pp
 770  In addition to the wildcard matching that may be applied to hostnames or
 771 @@ -858,11 +858,11 @@
 772  .It Pa /etc/moduli
 773  Contains Diffie-Hellman groups used for the "Diffie-Hellman Group Exchange".
 774  The file format is described in
 775 -.Xr moduli 5 .
 776 +.Xr moduli 4 .
 777  .Pp
 778  .It Pa /etc/motd
 779  See
 780 -.Xr motd 5 .
 781 +.Xr motd 4 .
 782  .Pp
 783  .It Pa /etc/nologin
 784  If this file exists,
 785 @@ -919,7 +919,7 @@
 786  Contains configuration data for
 787  .Nm sshd .
 788  The file format and configuration options are described in
 789 -.Xr sshd_config 5 .
 790 +.Xr sshd_config 4 .
 791  .Pp
 792  .It Pa /etc/ssh/sshrc
 793  Similar to
 794 @@ -953,11 +953,11 @@
 795  .Xr ssh-keygen 1 ,
 796  .Xr ssh-keyscan 1 ,
 797  .Xr chroot 2 ,
 798 -.Xr login.conf 5 ,
 799 -.Xr moduli 5 ,
 800 -.Xr sshd_config 5 ,
 801 -.Xr inetd 8 ,
 802 -.Xr sftp-server 8
 803 +.Xr login.conf 4 ,
 804 +.Xr moduli 4 ,
 805 +.Xr sshd_config 4 ,
 806 +.Xr inetd 1M ,
 807 +.Xr sftp-server 1M
 808  .Sh AUTHORS
 809  OpenSSH is a derivative of the original and free
 810  ssh 1.2.12 release by Tatu Ylonen.
 811 diff -ru openssh-7.1p1.orig/sshd_config.5 openssh-7.1p1/sshd_config.5
 812 --- openssh-7.1p1.orig/sshd_config.5    Fri Aug 21 00:49:03 2015
 813 +++ openssh-7.1p1/sshd_config.5 Wed Sep  2 09:00:14 2015
 814 @@ -35,7 +35,7 @@
 815  .\"
 816  .\" $OpenBSD: sshd_config.5,v 1.211 2015/08/14 15:32:41 jmc Exp $
 817  .Dd $Mdocdate: August 14 2015 $
 818 -.Dt SSHD_CONFIG 5
 819 +.Dt SSHD_CONFIG 4
 820  .Os
 821  .Sh NAME
 822  .Nm sshd_config
 823 @@ -43,7 +43,7 @@
 824  .Sh SYNOPSIS
 825  .Nm /etc/ssh/sshd_config
 826  .Sh DESCRIPTION
 827 -.Xr sshd 8
 828 +.Xr sshd 1M
 829  reads configuration data from
 830  .Pa /etc/ssh/sshd_config
 831  (or the file specified with
 832 @@ -68,7 +68,7 @@
 833  See
 834  .Cm SendEnv
 835  in
 836 -.Xr ssh_config 5
 837 +.Xr ssh_config 4
 838  for how to configure the client.
 839  Note that environment passing is only supported for protocol 2, and
 840  that the
 841 @@ -89,7 +89,7 @@
 842  The default is not to accept any environment variables.
 843  .It Cm AddressFamily
 844  Specifies which address family should be used by
 845 -.Xr sshd 8 .
 846 +.Xr sshd 1M .
 847  Valid arguments are
 848  .Dq any ,
 849  .Dq inet
 850 @@ -122,7 +122,7 @@
 851  .Cm AllowGroups .
 852  .Pp
 853  See PATTERNS in
 854 -.Xr ssh_config 5
 855 +.Xr ssh_config 4
 856  for more information on patterns.
 857  .It Cm AllowTcpForwarding
 858  Specifies whether TCP forwarding is permitted.
 859 @@ -182,7 +182,7 @@
 860  .Cm AllowGroups .
 861  .Pp
 862  See PATTERNS in
 863 -.Xr ssh_config 5
 864 +.Xr ssh_config 4
 865  for more information on patterns.
 866  .It Cm AuthenticationMethods
 867  Specifies the authentication methods that must be successfully completed
 868 @@ -217,7 +217,7 @@
 869  If the
 870  .Dq publickey
 871  method is listed more than once,
 872 -.Xr sshd 8
 873 +.Xr sshd 1M
 874  verifies that keys that have been used successfully are not reused for
 875  subsequent authentications.
 876  For example, an
 877 @@ -250,7 +250,7 @@
 878  .Pp
 879  The program should produce on standard output zero or
 880  more lines of authorized_keys output (see AUTHORIZED_KEYS in
 881 -.Xr sshd 8 ) .
 882 +.Xr sshd 1M ) .
 883  If a key supplied by AuthorizedKeysCommand does not successfully authenticate
 884  and authorize the user then public key authentication continues using the usual
 885  .Cm AuthorizedKeysFile
 886 @@ -265,7 +265,7 @@
 887  is specified but
 888  .Cm AuthorizedKeysCommandUser
 889  is not, then
 890 -.Xr sshd 8
 891 +.Xr sshd 1M
 892  will refuse to start.
 893  .It Cm AuthorizedKeysFile
 894  Specifies the file that contains the public keys that can be used
 895 @@ -273,7 +273,7 @@
 896  The format is described in the
 897  AUTHORIZED_KEYS FILE FORMAT
 898  section of
 899 -.Xr sshd 8 .
 900 +.Xr sshd 1M .
 901  .Cm AuthorizedKeysFile
 902  may contain tokens of the form %T which are substituted during connection
 903  setup.
 904 @@ -321,7 +321,7 @@
 905  is specified but
 906  .Cm AuthorizedPrincipalsCommandUser
 907  is not, then
 908 -.Xr sshd 8
 909 +.Xr sshd 1M
 910  will refuse to start.
 911  .It Cm AuthorizedPrincipalsFile
 912  Specifies a file that lists principal names that are accepted for
 913 @@ -332,7 +332,7 @@
 914  to be accepted for authentication.
 915  Names are listed one per line preceded by key options (as described
 916  in AUTHORIZED_KEYS FILE FORMAT in
 917 -.Xr sshd 8 ) .
 918 +.Xr sshd 1M ) .
 919  Empty lines and comments starting with
 920  .Ql #
 921  are ignored.
 922 @@ -362,7 +362,7 @@
 923  though the
 924  .Cm principals=
 925  key option offers a similar facility (see
 926 -.Xr sshd 8
 927 +.Xr sshd 1M
 928  for details).
 929  .It Cm Banner
 930  The contents of the specified file are sent to the remote user before
 931 @@ -375,7 +375,7 @@
 932  .It Cm ChallengeResponseAuthentication
 933  Specifies whether challenge-response authentication is allowed (e.g. via
 934  PAM or through authentication styles supported in
 935 -.Xr login.conf 5 )
 936 +.Xr login.conf 4 )
 937  The default is
 938  .Dq yes .
 939  .It Cm ChrootDirectory
 940 @@ -383,11 +383,11 @@
 941  .Xr chroot 2
 942  to after authentication.
 943  At session startup
 944 -.Xr sshd 8
 945 +.Xr sshd 1M
 946  checks that all components of the pathname are root-owned directories
 947  which are not writable by any other user or group.
 948  After the chroot,
 949 -.Xr sshd 8
 950 +.Xr sshd 1M
 951  changes the working directory to the user's home directory.
 952  .Pp
 953  The pathname may contain the following tokens that are expanded at runtime once
 954 @@ -419,7 +419,7 @@
 955  though sessions which use logging may require
 956  .Pa /dev/log
 957  inside the chroot directory on some operating systems (see
 958 -.Xr sftp-server 8
 959 +.Xr sftp-server 1M
 960  for details).
 961  .Pp
 962  For safety, it is very important that the directory hierarchy be
 963 @@ -426,7 +426,7 @@
 964  prevented from modification by other processes on the system (especially
 965  those outside the jail).
 966  Misconfiguration can lead to unsafe environments which
 967 -.Xr sshd 8
 968 +.Xr sshd 1M
 969  cannot detect.
 970  .Pp
 971  The default is not to
 972 @@ -490,7 +490,7 @@
 973  .It Cm ClientAliveCountMax
 974  Sets the number of client alive messages (see below) which may be
 975  sent without
 976 -.Xr sshd 8
 977 +.Xr sshd 1M
 978  receiving any messages back from the client.
 979  If this threshold is reached while client alive messages are being sent,
 980  sshd will disconnect the client, terminating the session.
 981 @@ -517,7 +517,7 @@
 982  .It Cm ClientAliveInterval
 983  Sets a timeout interval in seconds after which if no data has been received
 984  from the client,
 985 -.Xr sshd 8
 986 +.Xr sshd 1M
 987  will send a message through the encrypted
 988  channel to request a response from the client.
 989  The default
 990 @@ -548,7 +548,7 @@
 991  .Cm AllowGroups .
 992  .Pp
 993  See PATTERNS in
 994 -.Xr ssh_config 5
 995 +.Xr ssh_config 4
 996  for more information on patterns.
 997  .It Cm DenyUsers
 998  This keyword can be followed by a list of user name patterns, separated
 999 @@ -567,7 +567,7 @@
1000  .Cm AllowGroups .
1001  .Pp
1002  See PATTERNS in
1003 -.Xr ssh_config 5
1004 +.Xr ssh_config 4
1005  for more information on patterns.
1006  .It Cm FingerprintHash
1007  Specifies the hash algorithm used when logging key fingerprints.
1008 @@ -600,7 +600,7 @@
1009  Specifies whether remote hosts are allowed to connect to ports
1010  forwarded for the client.
1011  By default,
1012 -.Xr sshd 8
1013 +.Xr sshd 1M
1014  binds remote port forwardings to the loopback address.
1015  This prevents other remote hosts from connecting to forwarded ports.
1016  .Cm GatewayPorts
1017 @@ -686,7 +686,7 @@
1018  A setting of
1019  .Dq yes
1020  means that
1021 -.Xr sshd 8
1022 +.Xr sshd 1M
1023  uses the name supplied by the client rather than
1024  attempting to resolve the name from the TCP connection itself.
1025  The default is
1026 @@ -697,7 +697,7 @@
1027  by
1028  .Cm HostKey .
1029  The default behaviour of
1030 -.Xr sshd 8
1031 +.Xr sshd 1M
1032  is not to load any certificates.
1033  .It Cm HostKey
1034  Specifies a file containing a private host key
1035 @@ -713,12 +713,12 @@
1036  for protocol version 2.
1037  .Pp
1038  Note that
1039 -.Xr sshd 8
1040 +.Xr sshd 1M
1041  will refuse to use a file if it is group/world-accessible
1042  and that the
1043  .Cm HostKeyAlgorithms
1044  option restricts which of the keys are actually used by
1045 -.Xr sshd 8 .
1046 +.Xr sshd 1M .
1047  .Pp
1048  It is possible to have multiple host key files.
1049  .Dq rsa1
1050 @@ -779,7 +779,7 @@
1051  .Dq yes .
1052  .It Cm IgnoreUserKnownHosts
1053  Specifies whether
1054 -.Xr sshd 8
1055 +.Xr sshd 1M
1056  should ignore the user's
1057  .Pa ~/.ssh/known_hosts
1058  during
1059 @@ -914,7 +914,7 @@
1060  The default is 3600 (seconds).
1061  .It Cm ListenAddress
1062  Specifies the local addresses
1063 -.Xr sshd 8
1064 +.Xr sshd 1M
1065  should listen on.
1066  The following forms may be used:
1067  .Pp
1068 @@ -954,7 +954,7 @@
1069  The default is 120 seconds.
1070  .It Cm LogLevel
1071  Gives the verbosity level that is used when logging messages from
1072 -.Xr sshd 8 .
1073 +.Xr sshd 1M .
1074  The possible values are:
1075  QUIET, FATAL, ERROR, INFO, VERBOSE, DEBUG, DEBUG1, DEBUG2, and DEBUG3.
1076  The default is INFO.
1077 @@ -1059,7 +1059,7 @@
1078  The match patterns may consist of single entries or comma-separated
1079  lists and may use the wildcard and negation operators described in the
1080  PATTERNS section of
1081 -.Xr ssh_config 5 .
1082 +.Xr ssh_config 4 .
1083  .Pp
1084  The patterns in an
1085  .Cm Address
1086 @@ -1148,7 +1148,7 @@
1087  the three colon separated values
1088  .Dq start:rate:full
1089  (e.g. "10:30:60").
1090 -.Xr sshd 8
1091 +.Xr sshd 1M
1092  will refuse connection attempts with a probability of
1093  .Dq rate/100
1094  (30%)
1095 @@ -1268,7 +1268,7 @@
1096  options in
1097  .Pa ~/.ssh/authorized_keys
1098  are processed by
1099 -.Xr sshd 8 .
1100 +.Xr sshd 1M .
1101  The default is
1102  .Dq no .
1103  Enabling environment processing may enable users to bypass access
1104 @@ -1289,7 +1289,7 @@
1105  .Pa /var/run/sshd.pid .
1106  .It Cm Port
1107  Specifies the port number that
1108 -.Xr sshd 8
1109 +.Xr sshd 1M
1110  listens on.
1111  The default is 22.
1112  Multiple options of this type are permitted.
1113 @@ -1297,7 +1297,7 @@
1114  .Cm ListenAddress .
1115  .It Cm PrintLastLog
1116  Specifies whether
1117 -.Xr sshd 8
1118 +.Xr sshd 1M
1119  should print the date and time of the last user login when a user logs
1120  in interactively.
1121  The default is
1122 @@ -1304,7 +1304,7 @@
1123  .Dq yes .
1124  .It Cm PrintMotd
1125  Specifies whether
1126 -.Xr sshd 8
1127 +.Xr sshd 1M
1128  should print
1129  .Pa /etc/motd
1130  when a user logs in interactively.
1131 @@ -1315,7 +1315,7 @@
1132  .Dq yes .
1133  .It Cm Protocol
1134  Specifies the protocol versions
1135 -.Xr sshd 8
1136 +.Xr sshd 1M
1137  supports.
1138  The possible values are
1139  .Sq 1
1140 @@ -1440,7 +1440,7 @@
1141  .Dq no .
1142  .It Cm StrictModes
1143  Specifies whether
1144 -.Xr sshd 8
1145 +.Xr sshd 1M
1146  should check file modes and ownership of the
1147  user's files and home directory before accepting login.
1148  This is normally desirable because novices sometimes accidentally leave their
1149 @@ -1456,7 +1456,7 @@
1150  to execute upon subsystem request.
1151  .Pp
1152  The command
1153 -.Xr sftp-server 8
1154 +.Xr sftp-server 1M
1155  implements the
1156  .Dq sftp
1157  file transfer subsystem.
1158 @@ -1474,7 +1474,7 @@
1159  Note that this option applies to protocol version 2 only.
1160  .It Cm SyslogFacility
1161  Gives the facility code that is used when logging messages from
1162 -.Xr sshd 8 .
1163 +.Xr sshd 1M .
1164  The possible values are: DAEMON, USER, AUTH, LOCAL0, LOCAL1, LOCAL2,
1165  LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7.
1166  The default is AUTH.
1167 @@ -1517,7 +1517,7 @@
1168  .Xr ssh-keygen 1 .
1169  .It Cm UseDNS
1170  Specifies whether
1171 -.Xr sshd 8
1172 +.Xr sshd 1M
1173  should look up the remote host name, and to check that
1174  the resolved host name for the remote IP address maps back to the
1175  very same IP address.
1176 @@ -1571,13 +1571,13 @@
1177  If
1178  .Cm UsePAM
1179  is enabled, you will not be able to run
1180 -.Xr sshd 8
1181 +.Xr sshd 1M
1182  as a non-root user.
1183  The default is
1184  .Dq no .
1185  .It Cm UsePrivilegeSeparation
1186  Specifies whether
1187 -.Xr sshd 8
1188 +.Xr sshd 1M
1189  separates privileges by creating an unprivileged child process
1190  to deal with incoming network traffic.
1191  After successful authentication, another process will be created that has
1192 @@ -1599,7 +1599,7 @@
1193  .Dq none .
1194  .It Cm X11DisplayOffset
1195  Specifies the first display number available for
1196 -.Xr sshd 8 Ns 's
1197 +.Xr sshd 1M Ns 's
1198  X11 forwarding.
1199  This prevents sshd from interfering with real X11 servers.
1200  The default is 10.
1201 @@ -1614,7 +1614,7 @@
1202  .Pp
1203  When X11 forwarding is enabled, there may be additional exposure to
1204  the server and to client displays if the
1205 -.Xr sshd 8
1206 +.Xr sshd 1M
1207  proxy display is configured to listen on the wildcard address (see
1208  .Cm X11UseLocalhost
1209  below), though this is not the default.
1210 @@ -1625,7 +1625,7 @@
1211  forwarding (see the warnings for
1212  .Cm ForwardX11
1213  in
1214 -.Xr ssh_config 5 ) .
1215 +.Xr ssh_config 4 ) .
1216  A system administrator may have a stance in which they want to
1217  protect clients that may expose themselves to attack by unwittingly
1218  requesting X11 forwarding, which can warrant a
1219 @@ -1639,7 +1639,7 @@
1220  is enabled.
1221  .It Cm X11UseLocalhost
1222  Specifies whether
1223 -.Xr sshd 8
1224 +.Xr sshd 1M
1225  should bind the X11 forwarding server to the loopback address or to
1226  the wildcard address.
1227  By default,
1228 @@ -1672,7 +1672,7 @@
1229  .Pa /usr/X11R6/bin/xauth .
1230  .El
1231  .Sh TIME FORMATS
1232 -.Xr sshd 8
1233 +.Xr sshd 1M
1234  command-line arguments and configuration file options that specify time
1235  may be expressed using a sequence of the form:
1236  .Sm off
1237 @@ -1716,12 +1716,12 @@
1238  .Bl -tag -width Ds
1239  .It Pa /etc/ssh/sshd_config
1240  Contains configuration data for
1241 -.Xr sshd 8 .
1242 +.Xr sshd 1M .
1243  This file should be writable by root only, but it is recommended
1244  (though not necessary) that it be world-readable.
1245  .El
1246  .Sh SEE ALSO
1247 -.Xr sshd 8
1248 +.Xr sshd 1M
1249  .Sh AUTHORS
1250  OpenSSH is a derivative of the original and free
1251  ssh 1.2.12 release by Tatu Ylonen.