- deraadt@cvs.openbsd.org 2001/09/05 06:23:07
[scp.1 sftp.1 ssh.1 ssh-agent.1 sshd.8 ssh-keygen.1 ssh-keyscan.1]
avoid first person in manual pages
diff --git a/ChangeLog b/ChangeLog
index dcf3ed7..8289925 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -80,6 +80,9 @@
- stevesk@cvs.openbsd.org 2001/09/03 20:58:33
[readconf.c readconf.h ssh.c]
fatal() for nonexistent -Fssh_config. ok markus@
+ - deraadt@cvs.openbsd.org 2001/09/05 06:23:07
+ [scp.1 sftp.1 ssh.1 ssh-agent.1 sshd.8 ssh-keygen.1 ssh-keyscan.1]
+ avoid first person in manual pages
20010815
- (bal) Fixed stray code in readconf.c that went in by mistake.
@@ -6403,4 +6406,4 @@
- Wrote replacements for strlcpy and mkdtemp
- Released 1.0pre1
-$Id: ChangeLog,v 1.1508 2001/09/12 18:32:20 mouring Exp $
+$Id: ChangeLog,v 1.1509 2001/09/12 18:35:30 mouring Exp $
diff --git a/scp.1 b/scp.1
index 10bd85c..960f1ac9 100644
--- a/scp.1
+++ b/scp.1
@@ -9,7 +9,7 @@
.\"
.\" Created: Sun May 7 00:14:37 1995 ylo
.\"
-.\" $OpenBSD: scp.1,v 1.17 2001/08/14 17:54:29 stevesk Exp $
+.\" $OpenBSD: scp.1,v 1.18 2001/09/05 06:23:07 deraadt Exp $
.\"
.Dd September 25, 1999
.Dt SCP 1
@@ -115,8 +115,8 @@
configuration file. This is useful for specifying options
for which there is no separate
.Nm scp
-command-line flag. For example, to force the use of protocol
-version 1 you may specify
+command-line flag. For example, forcing the use of protocol
+version 1 is specified using
.Ic scp -oProtocol=1 .
.It Fl 4
Forces
diff --git a/sftp.1 b/sftp.1
index 25a9b8a..2787e99 100644
--- a/sftp.1
+++ b/sftp.1
@@ -1,4 +1,4 @@
-.\" $OpenBSD: sftp.1,v 1.23 2001/08/14 17:54:29 stevesk Exp $
+.\" $OpenBSD: sftp.1,v 1.24 2001/09/05 06:23:07 deraadt Exp $
.\"
.\" Copyright (c) 2001 Damien Miller. All rights reserved.
.\"
@@ -85,8 +85,8 @@
configuration file. This is useful for specifying options
for which there is no separate
.Nm sftp
-command-line flag. For example, to force the use of protocol
-version 1 you may specify
+command-line flag. For example, forcing the use of protocol
+version 1 is specified using
.Ic sftp -oProtocol=1 .
.It Fl v
Raise logging level. This option is also passed to ssh.
diff --git a/ssh-agent.1 b/ssh-agent.1
index 1ca3326..00c1992 100644
--- a/ssh-agent.1
+++ b/ssh-agent.1
@@ -1,4 +1,4 @@
-.\" $OpenBSD: ssh-agent.1,v 1.27 2001/08/23 18:02:48 stevesk Exp $
+.\" $OpenBSD: ssh-agent.1,v 1.28 2001/09/05 06:23:07 deraadt Exp $
.\"
.\" Author: Tatu Ylonen <ylo@cs.hut.fi>
.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -116,9 +116,9 @@
identities anywhere in the network in a secure way.
.Pp
There are two main ways to get an agent setup:
-Either you let the agent
-start a new subcommand into which some environment variables are exported, or
-you let the agent print the needed shell commands (either
+Either the agent starts a new subcommand into which some environment
+variables are exported, or the agent prints the needed shell commands
+(either
.Xr sh 1
or
.Xr csh 1
diff --git a/ssh-keygen.1 b/ssh-keygen.1
index e2d4114..e245661 100644
--- a/ssh-keygen.1
+++ b/ssh-keygen.1
@@ -1,4 +1,4 @@
-.\" $OpenBSD: ssh-keygen.1,v 1.48 2001/08/02 15:07:23 jakob Exp $
+.\" $OpenBSD: ssh-keygen.1,v 1.49 2001/09/05 06:23:07 deraadt Exp $
.\"
.\" -*- nroff -*-
.\"
@@ -89,7 +89,7 @@
defaults to generating a RSA1 key for use by SSH protocol version 1.
Specifying the
.Fl t
-option allows you to create a key for use by SSH protocol version 2.
+option instead creates a key for use by SSH protocol version 2.
.Pp
Normally each user wishing to use SSH
with RSA or DSA authentication runs this once to create the authentication
@@ -121,7 +121,7 @@
.Pp
There is no way to recover a lost passphrase.
If the passphrase is
-lost or forgotten, you will have to generate a new key and copy the
+lost or forgotten, a new key must be generated and copied to the
corresponding public key to other machines.
.Pp
For RSA1 keys,
@@ -228,7 +228,7 @@
The contents of this file should be added to
.Pa $HOME/.ssh/authorized_keys
on all machines
-where you wish to log in using RSA authentication.
+where the user wishes to log in using RSA authentication.
There is no need to keep the contents of this file secret.
.It Pa $HOME/.ssh/id_dsa
Contains the protocol version 2 DSA authentication identity of the user.
@@ -246,7 +246,7 @@
The contents of this file should be added to
.Pa $HOME/.ssh/authorized_keys
on all machines
-where you wish to log in using public key authentication.
+where the user wishes to log in using public key authentication.
There is no need to keep the contents of this file secret.
.It Pa $HOME/.ssh/id_rsa
Contains the protocol version 2 RSA authentication identity of the user.
@@ -264,7 +264,7 @@
The contents of this file should be added to
.Pa $HOME/.ssh/authorized_keys
on all machines
-where you wish to log in using public key authentication.
+where the user wishes to log in using public key authentication.
There is no need to keep the contents of this file secret.
.El
.Sh AUTHORS
diff --git a/ssh-keyscan.1 b/ssh-keyscan.1
index 1a358b3..17f7340 100644
--- a/ssh-keyscan.1
+++ b/ssh-keyscan.1
@@ -1,4 +1,4 @@
-.\" $OpenBSD: ssh-keyscan.1,v 1.11 2001/08/23 18:08:59 stevesk Exp $
+.\" $OpenBSD: ssh-keyscan.1,v 1.12 2001/09/05 06:23:07 deraadt Exp $
.\"
.\" Copyright 1995, 1996 by David Mazieres <dm@lcs.mit.edu>.
.\"
@@ -35,9 +35,9 @@
uses non-blocking socket I/O to contact as many hosts as possible in
parallel, so it is very efficient. The keys from a domain of 1,000
hosts can be collected in tens of seconds, even when some of those
-hosts are down or do not run ssh. You do not need login access to the
-machines you are scanning, nor does the scanning process involve
-any encryption.
+hosts are down or do not run ssh. For scanning, one does not need
+login access to the machines that are being scanned, nor does the
+scanning process involve any encryption.
.Pp
The options are as follows:
.Bl -tag -width Ds
@@ -88,15 +88,15 @@
to use IPv6 addresses only.
.El
.Sh SECURITY
-If you make an ssh_known_hosts file using
+If a ssh_known_hosts file is constructed using
.Nm
-without verifying the keys, you will be vulnerable to
+without verifying the keys, users will be vulnerable to
.I man in the middle
attacks.
-On the other hand, if your security model allows such a risk,
+On the other hand, if the security model allows such a risk,
.Nm
-can help you detect tampered keyfiles or man in the middle attacks which
-have begun after you created your ssh_known_hosts file.
+can help in the detection of tampered keyfiles or man in the middle
+attacks which have begun after the ssh_known_hosts file was created.
.Sh EXAMPLES
.Pp
Print the
diff --git a/ssh.1 b/ssh.1
index d7529d7..c7a19e3 100644
--- a/ssh.1
+++ b/ssh.1
@@ -34,7 +34,7 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.\" $OpenBSD: ssh.1,v 1.136 2001/08/30 16:04:35 stevesk Exp $
+.\" $OpenBSD: ssh.1,v 1.137 2001/09/05 06:23:07 deraadt Exp $
.Dd September 25, 1999
.Dt SSH 1
.Os
@@ -495,7 +495,7 @@
option.)
.It Fl N
Do not execute a remote command.
-This is useful if you just want to forward ports
+This is useful for just forwarding ports
(protocol version 2 only).
.It Fl o Ar option
Can be used to give options in the format used in the configuration file.
@@ -507,7 +507,7 @@
per-host basis in the configuration file.
.It Fl P
Use a non-privileged port for outgoing connections.
-This can be used if your firewall does
+This can be used if a firewall does
not permit connections from privileged ports.
Note that this option turns off
.Cm RhostsAuthentication
@@ -711,8 +711,8 @@
If set to
.Dq yes ,
passphrase/password querying will be disabled.
-This option is useful in scripts and other batch jobs where you have no
-user to supply the password.
+This option is useful in scripts and other batch jobs where no user
+is present to supply the password.
The argument must be
.Dq yes
or
@@ -890,7 +890,7 @@
real host name when looking up or saving the host key
in the host key database files.
This option is useful for tunneling ssh connections
-or if you have multiple servers running on a single host.
+or for multiple servers running on a single host.
.It Cm HostName
Specifies the real host name to log into.
This can be used to specify nicknames or abbreviations for hosts.
@@ -1109,11 +1109,11 @@
will never automatically add host keys to the
.Pa $HOME/.ssh/known_hosts
file, and refuses to connect to hosts whose host key has changed.
-This provides maximum protection against trojan horse attacks.
-However, it can be somewhat annoying if you don't have good
+This provides maximum protection against trojan horse attacks,
+however, can be annoying when the
.Pa /etc/ssh_known_hosts
-files installed and frequently
-connect to new hosts.
+file is poorly maintained, or connections to new hosts are
+frequently made.
This option forces the user to manually
add all new hosts.
If this flag is set to
@@ -1145,16 +1145,16 @@
.Dq no .
The default is
.Dq no .
-Note that you need to set this option to
+Note that this option must be set to
.Dq yes
-if you want to use
+if
.Cm RhostsAuthentication
and
.Cm RhostsRSAAuthentication
-with older servers.
+authentications are needed with older servers.
.It Cm User
Specifies the user to log in as.
-This can be useful if you have a different user name on different machines.
+This can be useful when a different user name is used on different machines.
This saves the trouble of
having to remember to give the user name on the command line.
.It Cm UserKnownHostsFile
@@ -1302,7 +1302,7 @@
file should be added to
.Pa $HOME/.ssh/authorized_keys
on all machines
-where you wish to log in using protocol version 1 RSA authentication.
+where the user wishes to log in using protocol version 1 RSA authentication.
The contents of the
.Pa $HOME/.ssh/id_dsa.pub
and
@@ -1310,7 +1310,7 @@
file should be added to
.Pa $HOME/.ssh/authorized_keys
on all machines
-where you wish to log in using protocol version 2 DSA/RSA authentication.
+where the user wishes to log in using protocol version 2 DSA/RSA authentication.
These files are not
sensitive and can (but need not) be readable by anyone.
These files are
@@ -1388,9 +1388,9 @@
.Xr sshd 8
will be installed so that it requires successful RSA host
authentication before permitting \s+2.\s0rhosts authentication.
-If your server machine does not have the client's host key in
+If the server machine does not have the client's host key in
.Pa /etc/ssh_known_hosts ,
-you can store it in
+it can be stored in
.Pa $HOME/.ssh/known_hosts .
The easiest way to do this is to
connect back to the client from the server machine using ssh; this
diff --git a/sshd.8 b/sshd.8
index 97de98c..35aa362 100644
--- a/sshd.8
+++ b/sshd.8
@@ -34,7 +34,7 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.\" $OpenBSD: sshd.8,v 1.146 2001/08/30 20:36:34 stevesk Exp $
+.\" $OpenBSD: sshd.8,v 1.147 2001/09/05 06:23:07 deraadt Exp $
.Dd September 25, 1999
.Dt SSHD 8
.Os
@@ -325,7 +325,7 @@
.Ql ?
can be used as
wildcards in the patterns.
-Only group names are valid; a numerical group ID isn't recognized.
+Only group names are valid; a numerical group ID is not recognized.
By default login is allowed regardless of the group list.
.Pp
.It Cm AllowTcpForwarding
@@ -346,10 +346,10 @@
.Ql ?
can be used as
wildcards in the patterns.
-Only user names are valid; a numerical user ID isn't recognized.
+Only user names are valid; a numerical user ID is not recognized.
By default login is allowed regardless of the user name.
If the pattern takes the form USER@HOST then USER and HOST
-are separately checked, allowing you to restrict logins to particular
+are separately checked, restricting logins to particular
users from particular hosts.
.Pp
.It Cm AuthorizedKeysFile
@@ -408,13 +408,13 @@
encrypted channel and therefore will not be spoofable. The TCP keepalive
option enabled by
.Cm Keepalive
-is spoofable. You want to use the client
-alive mechanism when you are basing something important on
-clients having an active connection to the server.
+is spoofable. The client alive mechanism is valuable when the client or
+server depend on knowing when a connection has become inactive.
.Pp
-The default value is 3. If you set
+The default value is 3. If
.Cm ClientAliveInterval
-(above) to 15, and leave this value at the default, unresponsive ssh clients
+(above) is set to 15, and
+.Cm Keepalive is left at the default, unresponsive ssh clients
will be disconnected after approximately 45 seconds.
.It Cm DenyGroups
This keyword can be followed by a number of group names, separated
@@ -426,7 +426,7 @@
.Ql ?
can be used as
wildcards in the patterns.
-Only group names are valid; a numerical group ID isn't recognized.
+Only group names are valid; a numerical group ID is not recognized.
By default login is allowed regardless of the group list.
.Pp
.It Cm DenyUsers
@@ -437,7 +437,7 @@
and
.Ql ?
can be used as wildcards in the patterns.
-Only user names are valid; a numerical user ID isn't recognized.
+Only user names are valid; a numerical user ID is not recognized.
By default login is allowed regardless of the user name.
.It Cm GatewayPorts
Specifies whether remote hosts are allowed to connect to ports
@@ -998,8 +998,8 @@
The command supplied by the user (if any) is ignored.
The command is run on a pty if the connection requests a pty;
otherwise it is run without a tty.
-Note that if you want a 8-bit clean channel,
-you must not request a pty or should specify
+If a 8-bit clean channel is required,
+one must not request a pty or should specify
.Cm no-pty .
A quote may be included in the command by quoting it with a backslash.
This option might be useful