From ff8b4940abe79dacaeae3a582f3ca19ccff33d9b Mon Sep 17 00:00:00 2001
From: Ben Lindstrom <mouring@eviladmin.org>
Date: Tue, 6 Mar 2001 01:00:03 +0000
Subject: [PATCH]    - deraadt@cvs.openbsd.org 2001/03/05 14:28:47     
 [sshd.8]      alpha order; jcs@rt.fm

---
 ChangeLog |  8 +++++++-
 sshd.8    | 36 +++++++++++++++---------------------
 2 files changed, 22 insertions(+), 22 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 7ee586cbd..a830ce51a 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,9 @@
+20010306
+ - (bal) OpenBSD CVS Sync
+   - deraadt@cvs.openbsd.org 2001/03/05 14:28:47
+     [sshd.8]
+     alpha order; jcs@rt.fm
+
 20010305
  - (bal) CVS ID touch up on sshpty.[ch] and sshlogin.[ch]
  - (bal) CVS ID touch up on sftp-int.c 
@@ -4368,4 +4374,4 @@
  - Wrote replacements for strlcpy and mkdtemp
  - Released 1.0pre1
 
-$Id: ChangeLog,v 1.908 2001/03/05 19:50:57 stevesk Exp $
+$Id: ChangeLog,v 1.909 2001/03/06 01:00:03 mouring Exp $
diff --git a/sshd.8 b/sshd.8
index 52e902ef7..c924a438f 100644
--- a/sshd.8
+++ b/sshd.8
@@ -34,7 +34,7 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: sshd.8,v 1.103 2001/03/04 18:21:28 deraadt Exp $
+.\" $OpenBSD: sshd.8,v 1.104 2001/03/05 14:28:47 deraadt Exp $
 .Dd September 25, 1999
 .Dt SSHD 8
 .Os
@@ -339,6 +339,15 @@ The contents of the specified file are sent to the remote user before
 authentication is allowed.
 This option is only available for protocol version 2.
 .Pp
+.It Cm ChallengeResponseAuthentication
+Specifies whether
+challenge response
+authentication is allowed.
+Currently there is only support for
+.Xr skey 1
+authentication.
+The default is
+.Dq yes .
 .It Cm Ciphers
 Specifies the ciphers allowed for protocol version 2.
 Multiple ciphers must be comma-separated.
@@ -373,11 +382,6 @@ and
 can be used as wildcards in the patterns.
 Only user names are valid; a numerical user ID isn't recognized.
 By default login is allowed regardless of the user name.
-.It Cm PubkeyAuthentication
-Specifies whether public key authentication is allowed.
-The default is
-.Dq yes .
-Note that this option applies to protocol version 2 only.
 .It Cm GatewayPorts
 Specifies whether remote hosts are allowed to connect to ports
 forwarded for the client.
@@ -611,6 +615,11 @@ and
 Multiple versions must be comma-separated.
 The default is
 .Dq 1 .
+.It Cm PubkeyAuthentication
+Specifies whether public key authentication is allowed.
+The default is
+.Dq yes .
+Note that this option applies to protocol version 2 only.
 .It Cm ReverseMappingCheck
 Specifies whether
 .Nm
@@ -642,21 +651,6 @@ Note that this option applies to protocol version 1 only.
 .It Cm ServerKeyBits
 Defines the number of bits in the server key.
 The minimum value is 512, and the default is 768.
-.It Cm ChallengeResponseAuthentication
-Specifies whether
-challenge response
-authentication is allowed.
-Currently there is support for
-.Xr skey 1
-and PAM authentication.
-The default is
-.Dq yes .
-Note that enabling ChallengeResponseAuthentication for PAM bypasses 
-OpenSSH's password checking code, thus rendering options such as 
-.Cm PasswordAuthentication 
-and
-.Cm PermitEmptyPasswords
-ineffective.
 .It Cm StrictModes
 Specifies whether
 .Nm