- jmc@cvs.openbsd.org 2006/02/24 10:39:52

[sshd.8]
     signpost to PATTERNS section;

ChangeLog

@@ -160,6 +160,9 @@
    - jmc@cvs.openbsd.org 2006/02/24 10:37:07
      [ssh_config.5]
      tidy up the refs to PATTERNS;
+   - jmc@cvs.openbsd.org 2006/02/24 10:39:52
+     [sshd.8]
+     signpost to PATTERNS section;
 
 20060313
  - (dtucker) [configure.ac] Bug #1171: Don't use printf("%lld", longlong)
@@ -4061,4 +4064,4 @@
    - (djm) Trim deprecated options from INSTALL. Mention UsePAM
    - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu
 
-$Id: ChangeLog,v 1.4184 2006/03/15 00:54:36 djm Exp $
+$Id: ChangeLog,v 1.4185 2006/03/15 00:55:08 djm Exp $

sshd.8

@@ -34,7 +34,7 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: sshd.8,v 1.228 2006/02/19 20:05:00 jmc Exp $
+.\" $OpenBSD: sshd.8,v 1.229 2006/02/24 10:39:52 jmc Exp $
 .Dd September 25, 1999
 .Dt SSHD 8
 .Os
@@ -498,15 +498,7 @@ is enabled.
 .It Cm from="pattern-list"
 Specifies that in addition to public key authentication, the canonical name
 of the remote host must be present in the comma-separated list of
-patterns
-.Pf ( Ql *
-and
-.Ql \&?
-serve as wildcards).
-The list may also contain
-patterns negated by prefixing them with
-.Ql \&! ;
-if the canonical host name matches a negated pattern, the key is not accepted.
+patterns.
 The purpose
 of this option is to optionally increase security: public key authentication
 by itself does not trust the network or name servers or anything (but
@@ -515,6 +507,12 @@ permits an intruder to log in from anywhere in the world.
 This additional option makes using a stolen key more difficult (name
 servers and/or routers would have to be compromised in addition to
 just the key).
+.Pp
+See
+.Sx PATTERNS
+in
+.Xr ssh_config 5
+for more information on patterns.
 .It Cm no-agent-forwarding
 Forbids authentication agent forwarding when this key is used for
 authentication.