- jmc@cvs.openbsd.org 2010/08/08 19:36:30
[ssh-keysign.8 ssh.1 sshd.8]
use the same template for all FILES sections; i.e. -compact/.Pp where we
have multiple items, and .Pa for path names;
diff --git a/sshd.8 b/sshd.8
index d3685b9..bf9d6a2 100644
--- a/sshd.8
+++ b/sshd.8
@@ -34,8 +34,8 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.\" $OpenBSD: sshd.8,v 1.257 2010/08/04 05:37:01 djm Exp $
-.Dd $Mdocdate: August 4 2010 $
+.\" $OpenBSD: sshd.8,v 1.258 2010/08/08 19:36:30 jmc Exp $
+.Dd $Mdocdate: August 8 2010 $
.Dt SSHD 8
.Os
.Sh NAME
@@ -751,7 +751,7 @@
.Ed
.Sh FILES
.Bl -tag -width Ds -compact
-.It ~/.hushlogin
+.It Pa ~/.hushlogin
This file is used to suppress printing the last login time and
.Pa /etc/motd ,
if
@@ -763,7 +763,7 @@
It does not suppress printing of the banner specified by
.Cm Banner .
.Pp
-.It ~/.rhosts
+.It Pa ~/.rhosts
This file is used for host-based authentication (see
.Xr ssh 1
for more information).
@@ -778,20 +778,20 @@
permission for most machines is read/write for the user, and not
accessible by others.
.Pp
-.It ~/.shosts
+.It Pa ~/.shosts
This file is used in exactly the same way as
.Pa .rhosts ,
but allows host-based authentication without permitting login with
rlogin/rsh.
.Pp
-.It ~/.ssh/
+.It Pa ~/.ssh/
This directory is the default location for all user-specific configuration
and authentication information.
There is no general requirement to keep the entire contents of this directory
secret, but the recommended permissions are read/write/execute for the user,
and not accessible by others.
.Pp
-.It ~/.ssh/authorized_keys
+.It Pa ~/.ssh/authorized_keys
Lists the public keys (RSA/DSA) that can be used for logging in as this user.
The format of this file is described above.
The content of the file is not highly sensitive, but the recommended
@@ -809,7 +809,7 @@
option has been set to
.Dq no .
.Pp
-.It ~/.ssh/environment
+.It Pa ~/.ssh/environment
This file is read into the environment at login (if it exists).
It can only contain empty lines, comment lines (that start with
.Ql # ) ,
@@ -821,40 +821,40 @@
.Cm PermitUserEnvironment
option.
.Pp
-.It ~/.ssh/known_hosts
+.It Pa ~/.ssh/known_hosts
Contains a list of host keys for all hosts the user has logged into
that are not already in the systemwide list of known host keys.
The format of this file is described above.
This file should be writable only by root/the owner and
can, but need not be, world-readable.
.Pp
-.It ~/.ssh/rc
+.It Pa ~/.ssh/rc
Contains initialization routines to be run before
the user's home directory becomes accessible.
This file should be writable only by the user, and need not be
readable by anyone else.
.Pp
-.It /etc/hosts.allow
-.It /etc/hosts.deny
+.It Pa /etc/hosts.allow
+.It Pa /etc/hosts.deny
Access controls that should be enforced by tcp-wrappers are defined here.
Further details are described in
.Xr hosts_access 5 .
.Pp
-.It /etc/hosts.equiv
+.It Pa /etc/hosts.equiv
This file is for host-based authentication (see
.Xr ssh 1 ) .
It should only be writable by root.
.Pp
-.It /etc/moduli
+.It Pa /etc/moduli
Contains Diffie-Hellman groups used for the "Diffie-Hellman Group Exchange".
The file format is described in
.Xr moduli 5 .
.Pp
-.It /etc/motd
+.It Pa /etc/motd
See
.Xr motd 5 .
.Pp
-.It /etc/nologin
+.It Pa /etc/nologin
If this file exists,
.Nm
refuses to let anyone except root log in.
@@ -863,15 +863,15 @@
refused.
The file should be world-readable.
.Pp
-.It /etc/shosts.equiv
+.It Pa /etc/shosts.equiv
This file is used in exactly the same way as
.Pa hosts.equiv ,
but allows host-based authentication without permitting login with
rlogin/rsh.
.Pp
-.It /etc/ssh/ssh_host_key
-.It /etc/ssh/ssh_host_dsa_key
-.It /etc/ssh/ssh_host_rsa_key
+.It Pa /etc/ssh/ssh_host_key
+.It Pa /etc/ssh/ssh_host_dsa_key
+.It Pa /etc/ssh/ssh_host_rsa_key
These three files contain the private parts of the host keys.
These files should only be owned by root, readable only by root, and not
accessible to others.
@@ -879,9 +879,9 @@
.Nm
does not start if these files are group/world-accessible.
.Pp
-.It /etc/ssh/ssh_host_key.pub
-.It /etc/ssh/ssh_host_dsa_key.pub
-.It /etc/ssh/ssh_host_rsa_key.pub
+.It Pa /etc/ssh/ssh_host_key.pub
+.It Pa /etc/ssh/ssh_host_dsa_key.pub
+.It Pa /etc/ssh/ssh_host_rsa_key.pub
These three files contain the public parts of the host keys.
These files should be world-readable but writable only by
root.
@@ -892,7 +892,7 @@
These files are created using
.Xr ssh-keygen 1 .
.Pp
-.It /etc/ssh/ssh_known_hosts
+.It Pa /etc/ssh/ssh_known_hosts
Systemwide list of known host keys.
This file should be prepared by the
system administrator to contain the public host keys of all machines in the
@@ -901,20 +901,20 @@
This file should be writable only by root/the owner and
should be world-readable.
.Pp
-.It /etc/ssh/sshd_config
+.It Pa /etc/ssh/sshd_config
Contains configuration data for
.Nm sshd .
The file format and configuration options are described in
.Xr sshd_config 5 .
.Pp
-.It /etc/ssh/sshrc
+.It Pa /etc/ssh/sshrc
Similar to
.Pa ~/.ssh/rc ,
it can be used to specify
machine-specific login-time initializations globally.
This file should be writable only by root, and should be world-readable.
.Pp
-.It /var/empty
+.It Pa /var/empty
.Xr chroot 2
directory used by
.Nm
@@ -922,7 +922,7 @@
The directory should not contain any files and must be owned by root
and not group or world-writable.
.Pp
-.It /var/run/sshd.pid
+.It Pa /var/run/sshd.pid
Contains the process ID of the
.Nm
listening for connections (if there are several daemons running