-.\" $OpenBSD: stty.1,v 1.21 2000/03/17 18:15:15 aaron Exp $
+.\" $OpenBSD: stty.1,v 1.22 2000/03/23 21:39:58 aaron Exp $
.\" $NetBSD: stty.1,v 1.10 1995/09/07 06:57:14 jtc Exp $
.\"
.\" Copyright (c) 1990, 1993, 1994
.Ql ^X .
Otherwise control characters echo as themselves.
.It Cm echoprt Pq Fl echoprt
-For printing terminals. If set, echo erased characters backwards within
+For printing terminals.
+If set, echo erased characters backwards within
.Ql \e
and
.Ql / .
to a pty.
.It Cm raw Pq Fl raw
If set, change the modes of the terminal so that no input or output processing
-is performed. If unset, change the modes of the terminal to some reasonable
+is performed.
+If unset, change the modes of the terminal to some reasonable
state that performs input and output processing.
Note that since the terminal driver no longer has a single
.Dv RAW
-.\" $OpenBSD: ifconfig.8,v 1.39 2000/03/18 22:55:57 aaron Exp $
+.\" $OpenBSD: ifconfig.8,v 1.40 2000/03/23 21:39:56 aaron Exp $
.\" $NetBSD: ifconfig.8,v 1.11 1996/01/04 21:27:29 pk Exp $
.\" $FreeBSD: ifconfig.8,v 1.16 1998/02/01 07:03:29 steve Exp $
.\"
(LLAP) addresses are specified as nn.na (Network Number.Node Address).
Node addresses are divided into 2 classes: User Node IDs and Server
Node IDs. 1-127($01-$7F) are for User Node IDs while 128-254($80-$FE)
-are used for Server Node IDs. Node 0($00) is not allowed (unknown)
+are used for Server Node IDs.
+Node 0($00) is not allowed (unknown)
while Node 255($FF) is reserved for the AppleTalk broadcast Hardware
address (broadcast ID).
.It Ar address_family
-.\" $OpenBSD: isakmpd.conf.5,v 1.32 2000/03/22 04:06:17 angelos Exp $
+.\" $OpenBSD: isakmpd.conf.5,v 1.33 2000/03/23 21:39:56 aaron Exp $
.\" $EOM: isakmpd.conf.5,v 1.38 2000/01/31 08:39:44 niklas Exp $
.\"
.\" Copyright (c) 1998, 1999, 2000 Niklas Hallqvist. All rights reserved.
.It Em Policy-File
The name of the file that contains
.Xr KeyNote 4
-policies. The default is "/etc/isakmpd/isakmpd.policy".
+policies.
+The default is "/etc/isakmpd/isakmpd.policy".
.It Em Retransmits
How many times should a message be retransmitted before giving up.
.It Em Check-interval
In the case of preshared key, this is the key value itself.
.It Em ID
If existent, the name of the section that describes the
-local client ID that we should present to our peer. If not present, it
+local client ID that we should present to our peer.
+If not present, it
defaults to the address of the local interface we are sending packets
-over to the remote daemon. Look at <Phase1-ID> below.
+over to the remote daemon.
+Look at <Phase1-ID> below.
.It Em Flags
A comma-separated list of flags controlling the further
handling of the ISAKMP SA.
The algorithm to use for the keyed pseudo-random function (used for key
derivation and authentication in Phase 1), or ANY.
.It Em Life
-A list of lifetime descriptions, or ANY. In the former case, each
+A list of lifetime descriptions, or ANY.
+In the former case, each
element is in itself a name of the section that defines the lifetime.
-Look at <Lifetime> below. If it is set to ANY, then any type of
+Look at <Lifetime> below.
+If it is set to ANY, then any type of
proposed lifetime type and value will be accepted.
.El
.It Em <Lifetime>
.Li SECONDS
or
.Li BYTES
-depending on the type of the duration. Notice that this field may NOT
-be set to ANY.
+depending on the type of the duration.
+Notice that this field may NOT be set to ANY.
.It Em LIFE_DURATION
-An offer/accept kind of value, see above. Can also be set to ANY.
+An offer/accept kind of value, see above.
+Can also be set to ANY.
.El
.It Em <IPSec-connection>
.Bl -tag -width 12n
-.\" $OpenBSD: isakmpd.policy.5,v 1.4 2000/02/11 10:22:08 niklas Exp $
+.\" $OpenBSD: isakmpd.policy.5,v 1.5 2000/03/23 21:39:56 aaron Exp $
.\" $EOM: isakmpd.policy.5,v 1.11 2000/02/10 16:25:01 angelos Exp $
.\"
.\" Copyright (c) 1999, Angelos D. Keromytis. All rights reserved.
.Xr isakmpd 1
daemon (also known as IKE, for Internet Key Exchange) is used when two
systems need to automatically setup a pair of Security Associations
-(SAs) for securely communicating using IPsec. IKE operates in two
-stages:
+(SAs) for securely communicating using IPsec.
+IKE operates in two stages:
.Pp
In the first stage (Main or Identity Protection Mode), the two IKE
daemons establish a secure link between themselves, fully
authenticating each other and establishing key material for
-encrypting/authenticating future communications between them. This
-step is typically only performed once for every pair of IKE daemons.
+encrypting/authenticating future communications between them.
+This step is typically only performed once for every pair of IKE daemons.
.Pp
In the second stage (also called Quick Mode), the two IKE daemon
create the pair of SAs for the parties that wish to communicate using
-IPsec. These parties may be the hosts the IKE daemons run on, a host
+IPsec.
+These parties may be the hosts the IKE daemons run on, a host
and a network behind a firewall, or two networks behind their
-respective firewalls. At this stage, the exact parameters of the SAs
+respective firewalls.
+At this stage, the exact parameters of the SAs
(e.g., algorithms to use, encapsulation mode, lifetime) and the
identities of the communicating parties (hosts, networks, etc.) are
-specified. The reason of existance of Quick Mode is to allow for fast
+specified.
+The reason of existance of Quick Mode is to allow for fast
SA setup, once the more heavy-weight Main Mode has been completed.
Generally, Quick Mode uses the key material derived from Main Mode to
-provide keys to the IPsec transforms to be used. Alternatively, a new
+provide keys to the IPsec transforms to be used.
+Alternatively, a new
Diffie-Hellman computation may be performed (significantly slowing
down the exchange, but at the same time providing Perfect Forward
-Secrecy (PFS)). Briefly, this means that even should an attacker
+Secrecy (PFS)).
+Briefly, this means that even should an attacker
manage to break long-term keys used in other sessions (or,
specifically, if an attacker breaks the Diffie-Hellman exchange
performed during Main Mode), they will not be able to decrypt this
-traffic. Normally, no PFS is provided (the key material used by the
+traffic.
+Normally, no PFS is provided (the key material used by the
IPsec SAs established as a result of this exchange will be derived
from the key material of the Main Mode exchange), allowing for a
faster Quick Mode exchange (no public key computations).
.Pp
IKE proposals are "suggestions" by the initiator of an exchange to the
responder as to what protocols and attributes should be used on a
-class of packets. For example, a given exchange may ask for ESP with
+class of packets.
+For example, a given exchange may ask for ESP with
3DES and MD5 and AH with SHA1 (applied successively on the same
-packet), or just ESP with Blowfish and RIPEMD-160. The responder
+packet), or just ESP with Blowfish and RIPEMD-160.
+The responder
examines the proposals and determines which of them are acceptable,
according to policy and any credentials.
.Pp
man pages.
.Pp
In the KeyNote policy model for IPsec, no distinction is currently
-made based on the ordering of AH and ESP in the packet. Should this
+made based on the ordering of AH and ESP in the packet.
+Should this
change in the future, an appropriate attribute (see below) will be
added.
.Pp
through other means), the SA attributes proposed during the exchange,
and perhaps other (side-channel) information, whether a pair of SAs
should be installed in the system (in fact, whether both the IPsec SAs
-and the flows should be installed). For each proposal suggested by or
+and the flows should be installed).
+For each proposal suggested by or
to the remote IKE daemon, the KeyNote system is consulted as to
whether the proposal is acceptable based on local policy (contained in
.Nm isakmpd.policy ,
KeyNote credentials have the same format as policy assertions, with
one difference: the Authorizer field always contains a public key, and
the assertion is signed (and thus its integrity can be
-cryptographically verified). Credentials are used to build chains of
-delegation of authority. They can be exchanged during an IKE exchange,
+cryptographically verified).
+Credentials are used to build chains of delegation of authority.
+They can be exchanged during an IKE exchange,
or can be retrieved through some out-of-band mechanism (no such
mechanism is currently supported in this implementation however).
.Pp
.Pp
When X509-based authentication is performed in Main Mode, any X509
certificates received from the remote IKE daemon are converted to very
-simple KeyNote credentials. The conversion is straightforward: the
+simple KeyNote credentials.
+The conversion is straightforward: the
issuer of the X509 certificate becomes the Authorizer of the KeyNote
credential, the subject becomes the only Licensees entry, while the
Conditions field simply asserts that the credential is only valid for
Similarly, any X509 CA certificates present in the directory pointed
to by the appropriate
.Xr isakmpd.conf 5
-entry, are converted to such pseudo-credentials. This allows one to
+entry, are converted to such pseudo-credentials.
+This allows one to
write KeyNote policies that delegate specific authority to CAs (and
the keys those CAs certify, recursively).
.Pp
.Pp
Information about the proposals, the identity of the remote IKE
daemon, the packet classes to be protected, etc. are encoded in what
-is called an action set. The action set is composed of name-value
-attribute, similar in some way to a shell environment variables. These
-values are initialized by
+is called an action set.
+The action set is composed of name-value
+attribute, similar in some way to a shell environment variables.
+These values are initialized by
.Nm isakmpd
before each query to the KeyNote system, and can be tested against in
-the Conditions field of assertions. See
+the Conditions field of assertions.
+See
.Xr keynote 4
and
.Xr keynote 5
Note that assertions and credentials can make reference to
non-existant attributes without catastrophic failures (access may be
denied, depending on the overall structure, but will not be
-accidentally granted). One reason for credentials referencing
+accidentally granted).
+One reason for credentials referencing
non-existant attributes is that they were defined within a specific
implementation or network only.
.Pp
In the following attribute set, IPv4 addresses are encoded as ASCII
-strings in the usual dotted-quad format. However, all quads are
-three digits long. For example, the IPv4 address
+strings in the usual dotted-quad format.
+However, all quads are three digits long.
+For example, the IPv4 address
.Va 10.128.1.12
would be encoded as
.Va 010.128.001.012 .
Similarly, IPv6 addresses are encoded in the standard x:x:x:x:x:x:x:x
format, where the 'x's are the hexadecimal values of the eight 16-bit
-pieces of the address. All 'x's are four digits long. For example, the
-address
+pieces of the address.
+All 'x's are four digits long.
+For example, the address
.Va 1080:0:12:0:8:800:200C:417A
would be encoded as
.Va 1080:0000:0012:0000:0008:0800:200C:417A .
.Va sha ,
or
.Va des ,
-based on the hash algorithm specified in the AH proposal. This
-attribute describes the generic transform to be used in the AH
+based on the hash algorithm specified in the AH proposal.
+This attribute describes the generic transform to be used in the AH
authentication.
.It esp_enc_alg
One of
based on the authentication method specified in the ESP proposal.
.It ah_life_seconds, esp_life_seconds, comp_life_seconds
Set to the lifetime of the AH, ESP, and compression proposal, in
-seconds. If no lifetime was proposed for the corresponding protocol
+seconds.
+If no lifetime was proposed for the corresponding protocol
(e.g., there was no proposal for AH), the corresponding attribute will
be set to zero.
.It ah_life_kbytes, esp_life_kbytes, comp_life_kbytes
Set to the lifetime of the AH, ESP, and compression proposal, in
-kbytes of traffic. If no lifetime was proposed for the corresponding
+kbytes of traffic.
+If no lifetime was proposed for the corresponding
protocol (e.g., there was no proposal for AH), the corresponding
attribute will be set to zero.
.It ah_encapsulation, esp_encapsulation, comp_encapsulation
.It ah_group_desc, esp_group_desc, comp_group_desc
The Diffie-Hellman group identifier from the AH, ESP, and compression
proposal, used for PFS during Quick Mode (see the pfs attribute
-above). If more than one of these attributes are set to a value other
+above).
+If more than one of these attributes are set to a value other
than zero, they should have the same value (in valid IKE proposals).
.It remote_filter_type, local_filter_type, remote_id_type
Set to
.Va IPv4 address
or
.Va IPv6 address ,
-these contain the respective address. For
+these contain the respective address.
+For
.Va IPv4 range
or
.Va IPv6 range ,
-they contain the upper end of the address range. For
+they contain the upper end of the address range.
+For
.Va IPv4 subnet
or
.Va IPv6 subnet ,
.Va IPv4 address
or
.Va IPv6 address ,
-these contain the respective address. For
+these contain the respective address.
+For
.Va IPv4 range
or
.Va IPv6 range ,
-these contain the lower end of the address range. For
+these contain the lower end of the address range.
+For
.Va IPv4 subnet
or
.Va IPv6 subnet ,
When the corresponding filter_type specifies an address (or range, or
subnet), theseares set to the upper and lower part of the address
space separated by a dash ('-') character (if the type specifies a
-single address, both parts are set to the same address). For FQDN and
-User FQDN types, these are set to the respective string.
+single address, both parts are set to the same address).
+For FQDN and User FQDN types, these are set to the respective string.
.It remote_filter_port, local_filter_port, remote_id_port
Set to the transport protocol port.
.It remote_filter_proto, local_filter_proto, remote_id_proto
-.\" $OpenBSD: biff.1,v 1.9 2000/03/04 21:12:00 aaron Exp $
+.\" $OpenBSD: biff.1,v 1.10 2000/03/23 21:39:53 aaron Exp $
.\" $NetBSD: biff.1,v 1.3 1995/03/26 02:34:21 glass Exp $
.\"
.\" Copyright (c) 1980, 1990, 1993
command appeared in
.Bx 4.0 .
.Qq Biff
-was Heidi Stettner's dog. He died in August 1993, at 15.
+was Heidi Stettner's dog.
+He died in August 1993, at 15.
-.\" $OpenBSD: calendar.1,v 1.12 2000/03/04 21:12:01 aaron Exp $
+.\" $OpenBSD: calendar.1,v 1.13 2000/03/23 21:39:53 aaron Exp $
.\"
.\" Copyright (c) 1989, 1990, 1993
.\" The Regents of the University of California. All rights reserved.
.Pp
To handle calendars in your national code table you can specify
.Dq LANG=<locale_name>
-in the calendar file as early as possible. To handle national Easter
-names in the calendars,
+in the calendar file as early as possible.
+To handle national Easter names in the calendars,
.Dq Easter=<national_name>
(for Catholic Easter) or
.Dq Paskha=<national_name>
-.\" $OpenBSD: elf2ecoff.1,v 1.6 1999/07/04 11:53:53 aaron Exp $
+.\" $OpenBSD: elf2ecoff.1,v 1.7 2000/03/23 21:39:53 aaron Exp $
.\"
.\" Copyright (c) 1996 Per Fogelstrom
.\"
.Ar ecoffexec ,
suitable for bootstrapping certain
.Nm MIPS
-systems. Systems requiring this
-conversion are the
+systems.
+Systems requiring this conversion are the
.Nm arc
and
.Nm pmax .
-.\" $OpenBSD: magic.5,v 1.4 2000/03/06 02:38:19 aaron Exp $
+.\" $OpenBSD: magic.5,v 1.5 2000/03/23 21:39:53 aaron Exp $
.\"
.\" @(#)$FreeBSD: src/usr.bin/file/magic.5,v 1.11 2000/03/01 12:19:39 sheldonh Exp $
.\"
This manual page documents the format of the magic file as
used by the
.Xr file 1
-command, version 3.22. The
+command, version 3.22.
+The
.Nm file
command identifies the type of a file using,
among other tests,
-.\" $OpenBSD: indent.1,v 1.8 2000/03/08 03:11:27 aaron Exp $
+.\" $OpenBSD: indent.1,v 1.9 2000/03/23 21:39:53 aaron Exp $
.\"
.\" Copyright (c) 1980, 1990 The Regents of the University of California.
.\" Copyright (c) 1985 Sun Microsystems, Inc.
When in verbose mode,
.Nm
reports when it splits one line of input into two or more lines of output,
-and gives some size statistics at completion. The default is
+and gives some size statistics at completion.
+The default is
.Fl \&nv .
.El
.Pp
-.\" $OpenBSD: last.1,v 1.13 2000/03/08 03:11:30 aaron Exp $
+.\" $OpenBSD: last.1,v 1.14 2000/03/23 21:39:53 aaron Exp $
.\" $NetBSD: last.1,v 1.3 1994/12/21 22:41:23 jtc Exp $
.\"
.\" Copyright (c) 1980, 1990, 1993
.Op Ar user ...
.Sh DESCRIPTION
The
-.Nm last
+.Nm
utility will either (1) list the sessions of specified
.Ar users ,
.Ar ttys ,
of the session.
If the session is still continuing or was cut short by
a crash or shutdown,
-.Nm last
+.Nm
will so indicate.
.Pp
The options are as follows:
.It Fl c
Calculates the total time displayed and prints it after the output.
.It Fl f Ar file
-.Nm last
+.Nm
reads the file
.Ar file
instead of the default,
.Ic last root -t console
would list all of
.Li root Ns 's
-sessions as well as all sessions on the console terminal. If no
-users, hostnames, or terminals are specified,
-.Nm last
+sessions as well as all sessions on the console terminal.
+If no users, hostnames, or terminals are specified,
+.Nm
prints a record of
all logins and logouts.
.Pp
will give an indication of mean time between reboot.
.Pp
If
-.Nm last
+.Nm
is interrupted, it indicates to what date the search has
progressed.
If interrupted with a quit signal
-.Nm last
+.Nm
indicates how
far the search has progressed and then continues.
.Sh FILES
.Xr ac 8
.Sh HISTORY
The
-.Nm last
+.Nm
command appeared in
.Bx 3.0 .
-.\" $OpenBSD: leave.1,v 1.6 2000/03/08 03:11:31 aaron Exp $
+.\" $OpenBSD: leave.1,v 1.7 2000/03/23 21:39:54 aaron Exp $
.\" $NetBSD: leave.1,v 1.5 1995/08/31 22:32:10 jtc Exp $
.\"
.\" Copyright (c) 1980, 1990, 1993
If no argument is given,
.Nm leave
prompts with "When do you
-have to leave?". A reply of newline causes
+have to leave?".
+A reply of newline causes
.Nm leave
to exit,
otherwise the reply is assumed to be a time.
-.\" $OpenBSD: locate.1,v 1.12 2000/03/08 03:11:31 aaron Exp $
+.\" $OpenBSD: locate.1,v 1.13 2000/03/23 21:39:54 aaron Exp $
.\"
.\" Copyright (c) 1995 Wolfram Schneider <wosch@FreeBSD.org>. Berlin.
.\" Copyright (c) 1990, 1993
.\" SUCH DAMAGE.
.\"
.\" @(#)locate.1 8.1 (Berkeley) 6/6/93
-.\" $Id: locate.1,v 1.12 2000/03/08 03:11:31 aaron Exp $
+.\" $Id: locate.1,v 1.13 2000/03/23 21:39:54 aaron Exp $
.\"
.Dd June 6, 1993
.Dt LOCATE 1
of databases to be searched.
.Pp
.Ar database
-may be a colon-separated list of databases. A single colon is a reference
-to the default database.
+may be a colon-separated list of databases.
+A single colon is a reference to the default database.
.Pp
$ locate -d $HOME/lib/mydb: foo
.Pp
.Xr mmap 2
instead of the
.Xr stdio 3
-library. This is the default behavior. Usually faster in most cases.
+library.
+This is the default behavior.
+Usually faster in most cases.
.It Fl s
Use the
.Xr stdio 3
.Pp
The
.Nm
-database is not byte order independent. It is not possible
+database is not byte order independent.
+It is not possible
to share the databases between machines with different byte order.
The current
.Nm
-.\" @(#) $OpenBSD: m4.1,v 1.13 2000/03/23 21:10:17 aaron Exp $
+.\" @(#) $OpenBSD: m4.1,v 1.14 2000/03/23 21:39:54 aaron Exp $
.\"
.\"
.Dd January 26, 1993
.It Ic regexp
Finds a regular expression in a string.
If no further arguments are given,
-it returns the first match position or \-1 if no match. If a third argument
+it returns the first match position or \-1 if no match.
+If a third argument
is provided, it returns the replacement string, with sub-patterns replaced.
.It Ic shift
Returns all but the first argument, the remaining arguments are
-.\" $OpenBSD: rusers.1,v 1.6 2000/03/10 20:17:51 aaron Exp $
+.\" $OpenBSD: rusers.1,v 1.7 2000/03/23 21:39:54 aaron Exp $
.\"
.\" Copyright (c) 1983, 1990 The Regents of the University of California.
.\" All rights reserved.
.Nm
command produces output similar to
.Xr who 1 ,
-but for the list of hosts or all machines on the local
-network. For each host responding to the rusers query,
+but for the list of hosts or all machines on the local network.
+For each host responding to the rusers query,
the hostname with the names of the users currently logged
-on is printed on each line. The
+on is printed on each line.
+The
.Nm
command will wait for
one minute to catch late responders.
.It Fl a
Print all machines responding even if no one is currently logged in.
.It Fl l
-Print a long format listing. This includes the user name, host name,
+Print a long format listing.
+This includes the user name, host name,
tty that the user is logged in to, the date and time the user
logged in, the amount of time since the user typed on the keyboard,
and the remote host they logged in from (if applicable).
-.\" $OpenBSD: rwall.1,v 1.4 2000/03/10 20:17:51 aaron Exp $
+.\" $OpenBSD: rwall.1,v 1.5 2000/03/23 21:39:54 aaron Exp $
.\"
.\" Copyright (c) 1983, 1990 The Regents of the University of California.
.\" All rights reserved.
.Sh DESCRIPTION
The
.Nm
-command sends a message to the users logged into the specified host. The
-message to be sent can be typed in and terminated with EOF or it can
+command sends a message to the users logged into the specified host.
+The message to be sent can be typed in and terminated with EOF or it can
be in a
.Ar file .
.Sh DIAGNOSTICS
-.\" $OpenBSD: showmount.8,v 1.8 2000/03/10 20:17:52 aaron Exp $
+.\" $OpenBSD: showmount.8,v 1.9 2000/03/23 21:39:54 aaron Exp $
.\" $NetBSD: showmount.8,v 1.5 1995/08/31 22:26:07 jtc Exp $
.\"
.\" Copyright (c) 1989, 1991, 1993
By default it prints the names of all hosts that have
.Tn NFS
file systems mounted
-on the host. See
+on the host.
+See
.%T "NFS: Network File System Protocol Specification" ,
RFC 1094,
Appendix A,
-.\" $OpenBSD: skey.1,v 1.19 2000/03/10 20:17:52 aaron Exp $
+.\" $OpenBSD: skey.1,v 1.20 2000/03/23 21:39:54 aaron Exp $
.\" @(#)skey.1 1.1 10/28/93
.\"
.Dd October 28, 1993
.Sh DESCRIPTION
.Nm S/key
is a procedure for using one-time passwords to authenticate access to
-computer systems. It uses 64 bits of information transformed by the
-MD4, MD5, SHA1, or RIPEMD-160 algorithms. The user supplies the 64 bits
+computer systems.
+It uses 64 bits of information transformed by the
+MD4, MD5, SHA1, or RIPEMD-160 algorithms.
+The user supplies the 64 bits
in the form of 6 English words that are generated by a secure computer.
This implementation of
.Nm s/key
-.\" $OpenBSD: skeyinit.1,v 1.16 2000/03/23 21:10:19 aaron Exp $
+.\" $OpenBSD: skeyinit.1,v 1.17 2000/03/23 21:39:55 aaron Exp $
.\" $NetBSD: skeyinit.1,v 1.4 1995/07/07 22:24:09 jtc Exp $
.\" @(#)skeyinit.1 1.1 10/28/93
.\"
.Nm
initializes the system so you can use S/Key one-time passwords to login.
The program will ask you to enter a secret pass phrase;
-enter a phrase of several words in response. After the S/Key database
+enter a phrase of several words in response.
+After the S/Key database
has been updated you can login using either your regular password
or using S/Key one-time passwords.
.Pp
.It Fl rmd160
Selects RMD-160 (160 bit Ripe Message Digest) as the hash algorithm.
.It Ar user
-The username to be changed/added. By default the current user is
-operated on.
+The username to be changed/added.
+By default the current user is operated on.
.Sh ERRORS
.Bl -tag -width "skey disabled"
.It skey disabled
.\"
.\" Created: Sat Apr 22 21:55:14 1995 ylo
.\"
-.\" $Id: ssh.1,v 1.41 2000/03/23 21:11:38 aaron Exp $
+.\" $Id: ssh.1,v 1.42 2000/03/23 21:39:55 aaron Exp $
.\"
.Dd September 25, 1999
.Dt SSH 1
.Sh OPTIONS
.Bl -tag -width Ds
.It Fl a
-Disables forwarding of the authentication agent connection. This may
-also be specified on a per-host basis in the configuration file.
+Disables forwarding of the authentication agent connection.
+This may also be specified on a per-host basis in the configuration file.
.It Fl c Ar blowfish|3des
Selects the cipher to use for encrypting the session.
.Ar 3des
options (and multiple identities specified in
configuration files).
.It Fl k
-Disables forwarding of Kerberos tickets and AFS tokens. This may
-also be specified on a per-host basis in the configuration file.
+Disables forwarding of Kerberos tickets and AFS tokens.
+This may also be specified on a per-host basis in the configuration file.
.It Fl l Ar login_name
Specifies the user to log in as on the remote machine.
This also may be specified on a per-host basis in the configuration file.
argument given on the command line (i.e., the name is not converted to
a canonicalized host name before matching).
.It Cm AFSTokenPassing
-Specifies whether to pass AFS tokens to remote host. The argument to
-this keyword must be
+Specifies whether to pass AFS tokens to remote host.
+The argument to this keyword must be
.Dq yes
or
.Dq no .
.Dq yes ,
ssh will additionally check the host ip address in the
.Pa known_hosts
-file. This allows ssh to detect if a host key changed due to DNS spoofing.
+file.
+This allows ssh to detect if a host key changed due to DNS spoofing.
If the option is set to
.Dq no ,
the check will not be executed.
.Dq no
in both the server and the client configuration files.
.It Cm KerberosAuthentication
-Specifies whether Kerberos authentication will be used. The argument to
-this keyword must be
+Specifies whether Kerberos authentication will be used.
+The argument to this keyword must be
.Dq yes
or
.Dq no .
.It Cm KerberosTgtPassing
-Specifies whether a Kerberos TGT will be forwarded to the server. This
-will only work if the Kerberos server is actually an AFS kaserver. The
-argument to this keyword must be
+Specifies whether a Kerberos TGT will be forwarded to the server.
+This will only work if the Kerberos server is actually an AFS kaserver.
+The argument to this keyword must be
.Dq yes
or
.Dq no .
QUIET, FATAL, ERROR, INFO, VERBOSE and DEBUG.
The default is INFO.
.It Cm NumberOfPasswordPrompts
-Specifies the number of password prompts before giving up. The
-argument to this keyword must be an integer. Default is 3.
+Specifies the number of password prompts before giving up.
+The argument to this keyword must be an integer.
+Default is 3.
.It Cm PasswordAuthentication
Specifies whether to use password authentication.
The argument to this keyword must be
-.\" $OpenBSD: systat.1,v 1.17 2000/03/23 21:10:19 aaron Exp $
+.\" $OpenBSD: systat.1,v 1.18 2000/03/23 21:39:55 aaron Exp $
.\" $NetBSD: systat.1,v 1.6 1996/05/10 23:16:39 thorpej Exp $
.\"
.\" Copyright (c) 1985, 1990, 1993
Only devices that have interrupted at least once since boot time are shown.
.Pp
Below the SWAPPING display and slightly to the left of the Interrupts
-display is a list of virtual memory statistics. The abbreviations are:
+display is a list of virtual memory statistics.
+The abbreviations are:
.Bl -tag -compact -width XXXXXX -offset indent
.It cow
copy-on-write faults
-.\" $OpenBSD: talk.1,v 1.10 2000/03/11 21:40:04 aaron Exp $
+.\" $OpenBSD: talk.1,v 1.11 2000/03/23 21:39:55 aaron Exp $
.\" $NetBSD: talk.1,v 1.3 1994/12/09 02:14:23 jtc Exp $
.\"
.\" Copyright (c) 1983, 1990, 1993
talk: respond with: talk your_name@your_machine
.Ed
.Pp
-to the user you wish to talk to. At this point, the recipient
-of the message should reply by typing
+to the user you wish to talk to.
+At this point, the recipient of the message should reply by typing
.Pp
.Dl talk \ your_name@your_machine
.Pp
-.\" $OpenBSD: telnet.1,v 1.22 2000/03/11 21:40:04 aaron Exp $
+.\" $OpenBSD: telnet.1,v 1.23 2000/03/23 21:39:55 aaron Exp $
.\" $NetBSD: telnet.1,v 1.5 1996/02/28 21:04:12 thorpej Exp $
.\"
.\" Copyright (c) 1983, 1990, 1993
Note that the escape character will return to the command mode of the initial
invocation of
.Nm
-that has the controlling terminal. Use the
+that has the controlling terminal.
+Use the
.Cm send escape
command to switch to command mode in subsequent
.Nm
.It Ic skey Ar sequence challenge
The
.Ic skey
-command computes a response to the S/Key challenge. See
+command computes a response to the S/Key challenge.
+See
.Xr skey 1
for more information on the S/Key system.
.It Ic slc Ar state
-.\" $OpenBSD: wc.1,v 1.9 2000/03/14 14:58:25 aaron Exp $
+.\" $OpenBSD: wc.1,v 1.10 2000/03/23 21:39:55 aaron Exp $
.\"
.\" Copyright (c) 1991, 1993
.\" The Regents of the University of California. All rights reserved.
.El
.Pp
If no file names are specified, the standard input is used
-and a file name is not output. The resulting output is one
+and a file name is not output.
+The resulting output is one
line of the requested count(s) with the cumulative sum
of all files read in via standard input.
.Pp
-.\" $OpenBSD: who.1,v 1.10 2000/03/14 14:58:26 aaron Exp $
+.\" $OpenBSD: who.1,v 1.11 2000/03/23 21:39:56 aaron Exp $
.\" $NetBSD: who.1,v 1.5 1994/12/07 04:28:47 jtc Exp $
.\"
.\" Copyright (c) 1986, 1991, 1993
.Ar am i .
.It Fl q
(Quick.) List only the names and the number of users currently
-logged on. When this option is used, all other options are ignored.
+logged on.
+When this option is used, all other options are ignored.
.It Fl T
Print a character after the user name indicating the state of the
terminal line:
-.\" $OpenBSD: whois.1,v 1.13 2000/03/14 14:58:26 aaron Exp $
+.\" $OpenBSD: whois.1,v 1.14 2000/03/23 21:39:56 aaron Exp $
.\" $NetBSD: whois.1,v 1.5 1995/08/31 21:51:32 jtc Exp $
.\"
.\" Copyright (c) 1985, 1990, 1993
.It Fl m
Use the Route Arbiter Database
.Pq Tn RADB
-database. It contains route policy specifications for a large
+database.
+It contains route policy specifications for a large
number of operators' networks.
.It Fl p
Use the Asia/Pacific Network Information Center
-.\" $OpenBSD: install.1,v 1.11 2000/03/14 14:58:27 aaron Exp $
+.\" $OpenBSD: install.1,v 1.12 2000/03/23 21:39:56 aaron Exp $
.\" $NetBSD: install.1,v 1.4 1994/11/14 04:57:17 jtc Exp $
.\"
.\" Copyright (c) 1987, 1990, 1993
.It Fl b
Backup any existing files before overwriting them by renaming
them to
-.Ar file.old . See
+.Ar file.old .
+See
.Fl B
for specifying a different backup suffix.
.It Fl B Ar suffix
-.\" $OpenBSD: yacc.1,v 1.10 2000/03/14 14:58:27 aaron Exp $
+.\" $OpenBSD: yacc.1,v 1.11 2000/03/23 21:39:56 aaron Exp $
.\"
.\" Copyright (c) 1989, 1990 The Regents of the University of California.
.\" All rights reserved.
The
.Fl o
option specifies an explicit name for the parser's output file name instead
-of the default. The names of the other output files are constructed from
+of the default.
+The names of the other output files are constructed from
.Pa output_file
as described under the
.Fl d
.\" * Paul Vixie <paul@vix.com> uunet!decwrl!vixie!paul
.\" */
.\"
-.\" $Id: crontab.1,v 1.6 2000/03/19 17:57:03 aaron Exp $
+.\" $Id: crontab.1,v 1.7 2000/03/23 21:39:57 aaron Exp $
.\"
.Dd June 8, 1999
.Dt CRONTAB 1
is the program used to install, deinstall, or list the tables
used to drive the
.Xr cron 8
-daemon in Vixie Cron. Each user can have their own
+daemon in Vixie Cron.
+Each user can have their own
.Xr crontab 5 ,
and though these are files in
.Pa /var/cron/tabs ,
specifies the name of the user whose
.Xr crontab 5
is to be
-tweaked. If this option is not given,
+tweaked.
+If this option is not given,
.Nm
examines
.Dq your
.Ev VISUAL
or
.Ev EDITOR
-environment variables. After you exit
-from the editor, the modified
+environment variables.
+After you exit from the editor, the modified
.Xr crontab 5
will be installed automatically.
.Sh FILES
-.\" $OpenBSD: mopa.out.1,v 1.6 1999/07/07 10:50:12 aaron Exp $
+.\" $OpenBSD: mopa.out.1,v 1.7 2000/03/23 21:39:57 aaron Exp $
.\"
.\" Copyright (c) 1996 Mats O Jansson. All rights reserved.
.\"
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.\" @(#) $OpenBSD: mopa.out.1,v 1.6 1999/07/07 10:50:12 aaron Exp $
+.\" @(#) $OpenBSD: mopa.out.1,v 1.7 2000/03/23 21:39:57 aaron Exp $
.\"
.Dd August 11, 1996
.Dt MOPA.OUT 1
.Pp
This program will check if
.Xr a.out 5
-machine-id is recognized. If not it will try to swap the
+machine-id is recognized.
+If not it will try to swap the
.Xr a.out 5
header, and try again.
.Sh BUGS
-.\" $OpenBSD: rtadvd.conf.5,v 1.4 2000/03/14 21:31:38 aaron Exp $
+.\" $OpenBSD: rtadvd.conf.5,v 1.5 2000/03/23 21:39:57 aaron Exp $
.\"
.\" Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
.\" All rights reserved.
(num) The maximum time allowed between sending unsolicited
multicast router advertisements
.Pq unit: seconds .
-The default value is 600. Its value must be no less than 4 seconds
+The default value is 600.
+Its value must be no less than 4 seconds
and no greater than 1800 seconds.
.It Cm \&mininterval
(num) The minimum time allowed between sending unsolicited multicast
.It Cm \&mtu
(num or str) MTU (maximum transmission unit) field.
If 0 is specified, it means that the option will not be included.
-The default value is 0. If the special string
+The default value is 0.
+If the special string
.Dq auto
is specified for this item, MTU option will be included and its value
will be set to the interface MTU automatically.
.\" $NetBSD: $
-.\" $OpenBSD: getencstat.8,v 1.1 2000/02/21 08:45:14 mjacob Exp $
+.\" $OpenBSD: getencstat.8,v 1.2 2000/03/23 21:39:57 aaron Exp $
.\" $FreeBSD: $
.\"
.\" Copyright (c) 2000 Matthew Jacob
.Sh DESCRIPTION
.Nm
gets summary and detailed SCSI Environmental Services (or SAF-TE) device
-enclosure status. The overall status is printed out. If the overall status
+enclosure status.
+The overall status is printed out.
+If the overall status
is considered okay, nothing else is printed out (unless the the
.Fl v
option is used).
.Pp
A SCSI Environmental Services device enclosure may be either in the state
of being \fBOK\fR, or in one or more of the states of \fBINFORMATIONAL\fR,
-\fBNON-CRITICAL\fR, \fBCRITICAL\fB or \fBUNRECOVERABLE\fR states. These
-overall states reflect a summary of the states of each object within
+\fBNON-CRITICAL\fR, \fBCRITICAL\fB or \fBUNRECOVERABLE\fR states.
+These overall states reflect a summary of the states of each object within
such a device (such as power supplies or disk drives).
.Pp
With the
.Fl v
option, the status of all objects within the device is printed, whether
-\fBOK\fR or not. Along with the status of each object is the object identifier.
+\fBOK\fR or not.
+Along with the status of each object is the object identifier.
.Pp
The user may then use
.Xr setencstat 8
.\" $NetBSD: $
-.\" $OpenBSD: setobjstat.8,v 1.1 2000/02/21 08:45:15 mjacob Exp $
+.\" $OpenBSD: setobjstat.8,v 1.2 2000/03/23 21:39:57 aaron Exp $
.\" $FreeBSD: $
.\"
.\" Copyright (c) 2000 Matthew Jacob
.Xr getencstat 8 .
.Pp
The status fields are partially common (first byte only, which must
-have a value of 0x80 contained in it), but otherwise quite device
-specific. A complete discussion of the possible values is impractical
-here. Please refer to the ANSI SCSI specification (available on
+have a value of 0x80 contained in it), but otherwise quite device specific.
+A complete discussion of the possible values is impractical here.
+Please refer to the ANSI SCSI specification (available on
the FTP site ftp.t10.org).
.Pp
Note that devices may simply and silently ignore the setting of these values.
-.\" $OpenBSD: traceroute.8,v 1.17 2000/03/19 17:57:16 aaron Exp $
+.\" $OpenBSD: traceroute.8,v 1.18 2000/03/23 21:39:57 aaron Exp $
.\" $NetBSD: traceroute.8,v 1.6 1995/10/12 03:05:50 mycroft Exp $
.\"
.\" Copyright (c) 1990, 1991, 1993
.Tn UDP
to a numeric protocol or a name as specified in
.Pa /etc/protocols .
-This will not work reliably for most protocols. If set to 1 (ICMP), then
+This will not work reliably for most protocols.
+If set to 1 (ICMP), then
ICMP Echo Request messages will be used (same as
.Xr ping 8
).
listening on a port in the default range, this option can be used
to pick an unused port range.
.It Fl c
-Do not increment the destination port number in successive UDP
-packets. Rather, all UDP packets will have the same destination port,
-as set via the
+Do not increment the destination port number in successive UDP packets.
+Rather, all UDP packets will have the same destination port, as set via the
.Fl p
flag (or 33434 if none is specified).
.It Fl q Ar nqueries
-.\" $OpenBSD: netid.5,v 1.6 1999/06/05 22:18:25 aaron Exp $
+.\" $OpenBSD: netid.5,v 1.7 2000/03/23 21:39:57 aaron Exp $
+.\"
.\" Copyright (c) 1996 Mats O Jansson <moj@stacken.kth.se>
.\" All rights reserved.
.\"
.Sh DESCRIPTION
Files in
.Xr netid 5
-format are rare. One lives in the
+format are rare.
+One lives in the
.Nm YP
map
.Dq netid.byname .
-The format is rather simple. Each row consists of two
-items, a key and a value. When created by
+The format is rather simple.
+Each row consists of two items: a key and a value.
+When created by
.Xr mknetid 8
there are three types of records.
.Pp
-.\" $OpenBSD: securenet.5,v 1.6 1999/06/05 22:18:32 aaron Exp $
+.\" $OpenBSD: securenet.5,v 1.7 2000/03/23 21:39:58 aaron Exp $
+.\"
.\" Copyright (c) 1994 Mats O Jansson <moj@stacken.kth.se>
.\" All rights reserved.
.\"
.Nm YP
server.
.Pp
-The format is rather simple. Each row consists of two items. The first item
-is the network mask. The second item is the network.
+The format is rather simple.
+Each row consists of two items.
+The first item is the network mask.
+The second item is the network.
.Sh EXAMPLES
A configuration file might look like the following:
.Bd -literal
-.\" $OpenBSD: ypserv.acl.5,v 1.10 1999/07/09 13:35:53 aaron Exp $
+.\" $OpenBSD: ypserv.acl.5,v 1.11 2000/03/23 21:39:58 aaron Exp $
+.\"
.\" Copyright (c) 1994 Mats O Jansson <moj@stacken.kth.se>
.\" All rights reserved.
.\"
.Pp
The
.Nm YP
-server reads the configuration file and builds a list in memory. This list
-is processed from the beginning for every incomming request. As soon a
+server reads the configuration file and builds a list in memory.
+This list is processed from the beginning for every incomming request.
+As soon a
match is found in the list the search terminates and it returns success
or failure depending on which of
.Nm allow
.Nm ypserv
to be able to access it too.
.Pp
-There is no default name for this file. Start
+There is no default name for this file.
+Start
.Nm ypserv
with a
.Fl a Ar filename
projects / openbsd / commitdiff