Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

===================================================================
RCS file: /ftp/cvs/cvsroot/src/crypto/external/bsd/openssh/dist/ssh_config.5,v
rcsdiff: /ftp/cvs/cvsroot/src/crypto/external/bsd/openssh/dist/ssh_config.5,v: warning: Unknown phrases like `commitid ...;' are present.
retrieving revision 1.10
retrieving revision 1.11
diff -u -p -r1.10 -r1.11
--- src/crypto/external/bsd/openssh/dist/ssh_config.5	2013/03/29 16:19:45	1.10
+++ src/crypto/external/bsd/openssh/dist/ssh_config.5	2013/11/08 19:18:25	1.11
@@ -1,4 +1,4 @@
-.\"	$NetBSD: ssh_config.5,v 1.10 2013/03/29 16:19:45 christos Exp $
+.\"	$NetBSD: ssh_config.5,v 1.11 2013/11/08 19:18:25 christos Exp $
 .\"  -*- nroff -*-
 .\"
 .\" Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -35,8 +35,8 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: ssh_config.5,v 1.161 2013/01/08 18:49:04 markus Exp $
-.Dd January 8 2013
+.\" $OpenBSD: ssh_config.5,v 1.166 2013/06/27 14:05:37 jmc Exp $
+.Dd June 27 2013
 .Dt SSH_CONFIG 5
 .Os
 .Sh NAME
@@ -476,8 +476,7 @@ option is also enabled.
 .It Cm ForwardX11Timeout
 Specify a timeout for untrusted X11 forwarding
 using the format described in the
-.Sx TIME FORMATS
-section of
+TIME FORMATS section of
 .Xr sshd_config 5 .
 X11 connections received by
 .Xr ssh 1
@@ -630,7 +629,9 @@ and
 .Pa ~/.ssh/id_rsa
 for protocol version 2.
 Additionally, any identities represented by the authentication agent
-will be used for authentication.
+will be used for authentication unless
+.Cm IdentitiesOnly
+is set.
 .Xr ssh 1
 will try to load certificate information from the filename obtained by
 appending
@@ -659,6 +660,22 @@ Multiple
 .Cm IdentityFile
 directives will add to the list of identities tried (this behaviour
 differs from that of other configuration directives).
+.Pp
+.Cm IdentityFile
+may be used in conjunction with
+.Cm IdentitiesOnly
+to select which identities in an agent are offered during authentication.
+.It Cm IgnoreUnknown
+Specifies a pattern-list of unknown options to be ignored if they are
+encountered in configuration parsing.
+This may be used to suppress errors if
+.Nm
+contains options that are unrecognised by
+.Xr ssh 1 .
+It is recommended that
+.Cm IgnoreUnknown
+be listed early in the configuration file as it will not be applied
+to unknown options that appear before it.
 .It Cm IPQoS
 Specifies the IPv4 type-of-service or DSCP class for connections.
 Accepted values are
@@ -933,8 +950,9 @@ The default is
 This option applies to protocol version 2 only.
 .It Cm RekeyLimit
 Specifies the maximum amount of data that may be transmitted before the
-session key is renegotiated.
-The argument is the number of bytes, with an optional suffix of
+session key is renegotiated, optionally followed a maximum amount of
+time that may pass before the session key is renegotiated.
+The first argument is specified in bytes and may have a suffix of
 .Sq K ,
 .Sq M ,
 or
@@ -945,6 +963,16 @@ The default is between
 and
 .Sq 4G ,
 depending on the cipher.
+The optional second value is specified in seconds and may use any of the
+units documented in the
+TIME FORMATS section of
+.Xr sshd_config 5 .
+The default value for
+.Cm RekeyLimit
+is
+.Dq default none ,
+which means that rekeying is performed after the cipher's default amount
+of data has been sent or received and no time based rekeying is done.
 This option applies to protocol version 2 only.
 .It Cm RemoteForward
 Specifies that a TCP port on the remote machine be forwarded over
@@ -1223,9 +1251,7 @@ The default is
 .Dq no .
 Note that this option applies to protocol version 2 only.
 .Pp
-See also
-.Sx VERIFYING HOST KEYS
-in
+See also VERIFYING HOST KEYS in
 .Xr ssh 1 .
 .It Cm VisualHostKey
 If this flag is set to