CheckHostIP has defaulted to 'no' for a while; make the commented-
out config option match. From Ed Maste

Add a '%k' TOKEN that expands to the effective HostKey of the
destination. This allows, eg, keeping host keys in individual files
using "UserKnownHostsFile ~/.ssh/known_hosts.d/%k".
bz#1654, ok djm@

Add a '%k' TOKEN that expands to the effective HostKey of the
destination. This allows, eg, keeping host keys in individual files
using "UserKnownHostsFile ~/.ssh/known_hosts.d/%k".
bz#1654, ok djm@, jmc@ (man page bits)

show more ...

Remove obsolete "Protocol" from commented out examples.
Patch from samy.mahmoudi at gmail com.

As promised in last release announcement: remove support for
Blowfish, RC4 and CAST ciphers. ok markus@ deraadt@

more protocol 1 bits removed; ok djm

remove SSHv1 configuration options and man pages bits

ok markus@

set ssh(1) protocol version to 2 only.

ok djm@

add missing ~/.ssh/id_ecdsa and ~/.ssh/id_ed25519 to IdentityFile.

ok djm@

Remove gssapi config parts from ssh_config, as was already done for sshd_config.
Req by/ok ajacoutot@

Add an optional second argument to RekeyLimit in the client to allow
rekeying based on elapsed time in addition to amount of traffic.
with djm@ jmc@, ok djm

Add a 'netcat mode' (ssh -W). This connects stdio on the client to a single
port forward on the server. This allows, for example, using ssh as
a ProxyCommand to route connections via intermediate s

Add a 'netcat mode' (ssh -W). This connects stdio on the client to a single
port forward on the server. This allows, for example, using ssh as
a ProxyCommand to route connections via intermediate servers.
bz #1618, man page help from jmc@, ok markus@

show more ...

sync with revised default ciphers; pointed out by dkrause@

Add VisualHostKey to example file, ok djm@

Add a "MACs" line after "Ciphers" with the default MAC algorithms,
to ease people who want to tweak both (eg. for performance reasons).
ok deraadt@ djm@ dtucker@

Add GSSAPIAuthentication and GSSAPIDelegateCredentials to examples in sample
ssh_config. ok markus@

Add support for tun(4) forwarding over OpenSSH, based on an idea and
initial channel code bits by markus@. This is a simple and easy way to
use OpenSSH for ad hoc virtual private network connections,

Add support for tun(4) forwarding over OpenSSH, based on an idea and
initial channel code bits by markus@. This is a simple and easy way to
use OpenSSH for ad hoc virtual private network connections, e.g.
administrative tunnels or secure wireless access. It's based on a new
ssh channel and works similar to the existing TCP forwarding support,
except that it depends on the tun(4) network interface on both ends of
the connection for layer 2 or layer 3 tunneling. This diff also adds
support for LocalCommand in the ssh(1) client.

ok djm@, markus@, jmc@ (manpages), tested and discussed with others

show more ...

Make it clear that the example entries in ssh_config are only some of the
commonly-used options and refer the user to ssh_config(5) for more
details; ok djm@

remove RhostsAuthentication; suggested by djm@ before; ok djm@, deraadt@,
fgsch@, miod@, henning@, jakob@ and others

add AddressFamily option to ssh_config (like -4, -6 on commandline).
Portable bug #534; ok markus@

add a ConnectTimeout option to ssh, based on patch from
Jean-Charles Longuet (jclonguet at free.fr); portable #207 ok markus@

re-enable ssh-keysign's sbit, but make ssh-keysign read /etc/ssh/ssh_config
and exit if HostbasedAuthentication is disabled globally. based on discussions
with deraadt, itojun and sommerfeld; ok itoj

re-enable ssh-keysign's sbit, but make ssh-keysign read /etc/ssh/ssh_config
and exit if HostbasedAuthentication is disabled globally. based on discussions
with deraadt, itojun and sommerfeld; ok itojun@

show more ...

refer to config file man page

update defaults for RhostsRSAAuthentication and RhostsAuthentication
here too (all options commented out with default value).

remove FallBackToRsh/UseRsh

correct some commented defaults. add Ciphers default. ok markus@