- jmc@cvs.openbsd.org 2013/06/27 14:05:37

[ssh-keygen.1 ssh.1 ssh_config.5 sshd.8 sshd_config.5]
     do not use Sx for sections outwith the man page - ingo informs me that
     stuff like html will render with broken links;

     issue reported by Eric S. Raymond, via djm

ChangeLog

@@ -29,6 +29,11 @@
    - djm@cvs.openbsd.org 2013/06/22 06:31:57
      [scp.c]
      improved time_t overflow check suggested by guenther@
+   - jmc@cvs.openbsd.org 2013/06/27 14:05:37
+     [ssh-keygen.1 ssh.1 ssh_config.5 sshd.8 sshd_config.5]
+     do not use Sx for sections outwith the man page - ingo informs me that
+     stuff like html will render with broken links;
+     issue reported by Eric S. Raymond, via djm
 
 20130702
  - (dtucker) [contrib/cygwin/README contrib/cygwin/ssh-host-config

ssh-keygen.1

@@ -1,4 +1,4 @@
-.\"	$OpenBSD: ssh-keygen.1,v 1.115 2013/01/19 07:13:25 jmc Exp $
+.\"	$OpenBSD: ssh-keygen.1,v 1.116 2013/06/27 14:05:37 jmc Exp $
 .\"
 .\" Author: Tatu Ylonen <ylo@cs.hut.fi>
 .\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -35,7 +35,7 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: January 19 2013 $
+.Dd $Mdocdate: June 27 2013 $
 .Dt SSH-KEYGEN 1
 .Os
 .Sh NAME
@@ -516,8 +516,7 @@ of two times separated by a colon to indicate an explicit time interval.
 The start time may be specified as a date in YYYYMMDD format, a time
 in YYYYMMDDHHMMSS format or a relative time (to the current time) consisting
 of a minus sign followed by a relative time in the format described in the
-.Sx TIME FORMATS
-section of
+TIME FORMATS section of
 .Xr sshd_config 5 .
 The end time may be specified as a YYYYMMDD date, a YYYYMMDDHHMMSS time or
 a relative time starting with a plus character.

ssh.1

@@ -33,8 +33,8 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: ssh.1,v 1.332 2013/04/19 01:06:50 djm Exp $
-.Dd $Mdocdate: April 19 2013 $
+.\" $OpenBSD: ssh.1,v 1.333 2013/06/27 14:05:37 jmc Exp $
+.Dd $Mdocdate: June 27 2013 $
 .Dt SSH 1
 .Os
 .Sh NAME
@@ -754,9 +754,7 @@ implements public key authentication protocol automatically,
 using one of the DSA, ECDSA or RSA algorithms.
 Protocol 1 is restricted to using only RSA keys,
 but protocol 2 may use any.
-The
-.Sx HISTORY
-section of
+The HISTORY section of
 .Xr ssl 8
 contains a brief discussion of the DSA and RSA algorithms.
 .Pp
@@ -812,9 +810,7 @@ instead of a set of public/private keys,
 signed certificates are used.
 This has the advantage that a single trusted certification authority
 can be used in place of many public/private keys.
-See the
-.Sx CERTIFICATES
-section of
+See the CERTIFICATES section of
 .Xr ssh-keygen 1
 for more information.
 .Pp

ssh_config.5

@@ -33,8 +33,8 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: ssh_config.5,v 1.165 2013/06/21 00:37:49 djm Exp $
-.Dd $Mdocdate: June 21 2013 $
+.\" $OpenBSD: ssh_config.5,v 1.166 2013/06/27 14:05:37 jmc Exp $
+.Dd $Mdocdate: June 27 2013 $
 .Dt SSH_CONFIG 5
 .Os
 .Sh NAME
@@ -474,8 +474,7 @@ option is also enabled.
 .It Cm ForwardX11Timeout
 Specify a timeout for untrusted X11 forwarding
 using the format described in the
-.Sx TIME FORMATS
-section of
+TIME FORMATS section of
 .Xr sshd_config 5 .
 X11 connections received by
 .Xr ssh 1
@@ -964,8 +963,7 @@ and
 depending on the cipher.
 The optional second value is specified in seconds and may use any of the
 units documented in the
-.Sx TIME FORMATS
-section of
+TIME FORMATS section of
 .Xr sshd_config 5 .
 The default value for
 .Cm RekeyLimit
@@ -1251,9 +1249,7 @@ The default is
 .Dq no .
 Note that this option applies to protocol version 2 only.
 .Pp
-See also
-.Sx VERIFYING HOST KEYS
-in
+See also VERIFYING HOST KEYS in
 .Xr ssh 1 .
 .It Cm VisualHostKey
 If this flag is set to

sshd.8

@@ -33,8 +33,8 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: sshd.8,v 1.269 2013/04/07 09:40:27 dtucker Exp $
-.Dd $Mdocdate: April 7 2013 $
+.\" $OpenBSD: sshd.8,v 1.270 2013/06/27 14:05:37 jmc Exp $
+.Dd $Mdocdate: June 27 2013 $
 .Dt SSHD 8
 .Os
 .Sh NAME
@@ -567,9 +567,7 @@ is enabled.
 Specifies that in addition to public key authentication, either the canonical
 name of the remote host or its IP address must be present in the
 comma-separated list of patterns.
-See
-.Sx PATTERNS
-in
+See PATTERNS in
 .Xr ssh_config 5
 for more information on patterns.
 .Pp

sshd_config.5

@@ -33,8 +33,8 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: sshd_config.5,v 1.160 2013/05/16 06:30:06 jmc Exp $
-.Dd $Mdocdate: May 16 2013 $
+.\" $OpenBSD: sshd_config.5,v 1.161 2013/06/27 14:05:37 jmc Exp $
+.Dd $Mdocdate: June 27 2013 $
 .Dt SSHD_CONFIG 5
 .Os
 .Sh NAME
@@ -117,9 +117,7 @@ The allow/deny directives are processed in the following order:
 and finally
 .Cm AllowGroups .
 .Pp
-See
-.Sx PATTERNS
-in
+See PATTERNS in
 .Xr ssh_config 5
 for more information on patterns.
 .It Cm AllowTcpForwarding
@@ -159,9 +157,7 @@ The allow/deny directives are processed in the following order:
 and finally
 .Cm AllowGroups .
 .Pp
-See
-.Sx PATTERNS
-in
+See PATTERNS in
 .Xr ssh_config 5
 for more information on patterns.
 .It Cm AuthenticationMethods
@@ -205,9 +201,7 @@ Specifies a program to be used to look up the user's public keys.
 The program must be owned by root and not writable by group or others.
 It will be invoked with a single argument of the username
 being authenticated, and should produce on standard output zero or
-more lines of authorized_keys output (see
-.Sx AUTHORIZED_KEYS
-in
+more lines of authorized_keys output (see AUTHORIZED_KEYS in
 .Xr sshd 8 ) .
 If a key supplied by AuthorizedKeysCommand does not successfully authenticate
 and authorize the user then public key authentication continues using the usual
@@ -222,7 +216,7 @@ than running authorized keys commands.
 Specifies the file that contains the public keys that can be used
 for user authentication.
 The format is described in the
-.Sx AUTHORIZED_KEYS FILE FORMAT
+AUTHORIZED_KEYS FILE FORMAT
 section of
 .Xr sshd 8 .
 .Cm AuthorizedKeysFile
@@ -246,9 +240,7 @@ When using certificates signed by a key listed in
 this file lists names, one of which must appear in the certificate for it
 to be accepted for authentication.
 Names are listed one per line preceded by key options (as described
-in
-.Sx AUTHORIZED_KEYS FILE FORMAT
-in
+in AUTHORIZED_KEYS FILE FORMAT in
 .Xr sshd 8 ) .
 Empty lines and comments starting with
 .Ql #
@@ -426,9 +418,7 @@ The allow/deny directives are processed in the following order:
 and finally
 .Cm AllowGroups .
 .Pp
-See
-.Sx PATTERNS
-in
+See PATTERNS in
 .Xr ssh_config 5
 for more information on patterns.
 .It Cm DenyUsers
@@ -447,9 +437,7 @@ The allow/deny directives are processed in the following order:
 and finally
 .Cm AllowGroups .
 .Pp
-See
-.Sx PATTERNS
-in
+See PATTERNS in
 .Xr ssh_config 5
 for more information on patterns.
 .It Cm ForceCommand
@@ -761,8 +749,7 @@ and
 .Cm Address .
 The match patterns may consist of single entries or comma-separated
 lists and may use the wildcard and negation operators described in the
-.Sx PATTERNS
-section of
+PATTERNS section of
 .Xr ssh_config 5 .
 .Pp
 The patterns in an
@@ -1043,9 +1030,7 @@ be refused for all users.
 Keys may be specified as a text file, listing one public key per line, or as
 an OpenSSH Key Revocation List (KRL) as generated by
 .Xr ssh-keygen 1 .
-For more information on KRLs, see the
-.Sx KEY REVOCATION LISTS
-section in
+For more information on KRLs, see the KEY REVOCATION LISTS section in
 .Xr ssh-keygen 1 .
 .It Cm RhostsRSAAuthentication
 Specifies whether rhosts or /etc/hosts.equiv authentication together
@@ -1134,9 +1119,7 @@ listed in the certificate's principals list.
 Note that certificates that lack a list of principals will not be permitted
 for authentication using
 .Cm TrustedUserCAKeys .
-For more details on certificates, see the
-.Sx CERTIFICATES
-section in
+For more details on certificates, see the CERTIFICATES section in
 .Xr ssh-keygen 1 .
 .It Cm UseDNS
 Specifies whether