$DragonFly: src/secure/usr.sbin/sshd/Attic/sshd_config.5.no_obj.patch,v 1.1 2004/07/31 20:05:00 geekgod Exp $
--- sshd_config.5.orig	2004-07-23 14:26:51.000000000 +0200
+++ sshd_config.5	2004-07-23 14:26:49.000000000 +0200
@@ -122,10 +122,17 @@
 By default, no banner is displayed.
 .Pp
 .It Cm ChallengeResponseAuthentication
-Specifies whether challenge response authentication is allowed.
-All authentication styles from
-.Xr login.conf 5
-are supported.
+Specifies whether challenge-response authentication is allowed.
+Specifically, in
+.Fx ,
+this controls the use of PAM (see
+.Xr pam 3 )
+for authentication.
+Note that this affects the effectiveness of the
+.Cm PasswordAuthentication
+and
+.Cm PermitRootLogin
+variables.
 The default is
 .Dq yes .
 .It Cm Ciphers
@@ -251,8 +258,6 @@
 The default is
 .Pa /etc/ssh/ssh_host_key
 for protocol version 1, and
-.Pa /etc/ssh/ssh_host_rsa_key
-and
 .Pa /etc/ssh/ssh_host_dsa_key
 for protocol version 2.
 Note that
@@ -277,7 +282,7 @@
 .Pp
 .Pa /etc/hosts.equiv
 and
-.Pa /etc/shosts.equiv
+.Pa /etc/ssh/shosts.equiv 
 are still used.
 The default is
 .Dq yes .
@@ -415,6 +420,20 @@
 Specifies whether password authentication is allowed.
 The default is
 .Dq yes .
+Note that if
+.Cm ChallengeResponseAuthentication
+is
+.Dq yes ,
+.Cm UsePAM
+is
+.Dq yes ,
+and the PAM authentication policy for
+.Nm sshd
+includes
+.Xr pam_unix 8 ,
+password authentication will be allowed through the challenge-response
+mechanism regardless of the value of
+.Cm PasswordAuthentication .
 .It Cm PermitEmptyPasswords
 When password authentication is allowed, it specifies whether the
 server allows login to accounts with empty password strings.
@@ -430,7 +449,14 @@
 or
 .Dq no .
 The default is
-.Dq yes .
+.Dq no .
+Note that if
+.Cm ChallengeResponseAuthentication
+is
+.Dq yes ,
+the root user may be allowed in with its password even if
+.Cm PermitRootLogin is set to
+.Dq without-password .
 .Pp
 If this option is set to
 .Dq without-password
@@ -506,7 +532,7 @@
 .Dq 2 .
 Multiple versions must be comma-separated.
 The default is
-.Dq 2,1 .
+.Dq 2 .
 Note that the order of the protocol list does not indicate preference,
 because the client selects among multiple protocol versions offered
 by the server.
@@ -520,7 +546,9 @@
 .Dq yes .
 Note that this option applies to protocol version 2 only.
 .It Cm RhostsRSAAuthentication
-Specifies whether rhosts or /etc/hosts.equiv authentication together
+Specifies whether rhosts or
+.Pa /etc/hosts.equiv
+authentication together
 with successful RSA host authentication is allowed.
 The default is
 .Dq no .
@@ -626,6 +654,11 @@
 escalation by containing any corruption within the unprivileged processes.
 The default is
 .Dq yes .
+.It Cm VersionAddendum
+Specifies a string to append to the regular version string to identify
+OS- or site-specific modifications.
+The default is
+.Dq DragonFly-20040710 .
 .It Cm X11DisplayOffset
 Specifies the first display number available for
 .Nm sshd Ns 's
@@ -641,7 +674,7 @@
 or
 .Dq no .
 The default is
-.Dq no .
+.Dq yes .
 .Pp
 When X11 forwarding is enabled, there may be additional exposure to
 the server and to client displays if the