openssh/debian/patches/openbsd-docs.patch

From f44687fdc6dcf48a38f32693d7e28034d4961d0d Mon Sep 17 00:00:00 2001
From: Colin Watson <cjwatson@debian.org>
Date: Sun, 9 Feb 2014 16:10:09 +0000
Subject: Adjust various OpenBSD-specific references in manual pages

No single bug reference for this patch, but history includes:
 https://bugs.debian.org/154434 (login.conf(5))
 https://bugs.debian.org/513417 (/etc/rc)
 https://bugs.debian.org/998069, https://bugs.debian.org/1095686 (rdomain(4))

Forwarded: not-needed
Last-Update: 2025-04-15

Patch-Name: openbsd-docs.patch
---
 moduli.5      |  4 ++--
 ssh-keygen.1  | 12 ++++--------
 sshd.8        |  5 ++---
 sshd_config.5 | 27 ++++++---------------------
 4 files changed, 14 insertions(+), 34 deletions(-)

diff --git a/moduli.5 b/moduli.5
index 5086a6d42..6dffdc7e6 100644
--- a/moduli.5
+++ b/moduli.5
@@ -21,7 +21,7 @@
 .Nd Diffie-Hellman moduli
 .Sh DESCRIPTION
 The
-.Pa /etc/moduli
+.Pa /etc/ssh/moduli
 file contains prime numbers and generators for use by
 .Xr sshd 8
 in the Diffie-Hellman Group Exchange key exchange method.
@@ -110,7 +110,7 @@ first estimates the size of the modulus required to produce enough
 Diffie-Hellman output to sufficiently key the selected symmetric cipher.
 .Xr sshd 8
 then randomly selects a modulus from
-.Fa /etc/moduli
+.Fa /etc/ssh/moduli
 that best meets the size requirement.
 .Sh SEE ALSO
 .Xr ssh-keygen 1 ,
diff --git a/ssh-keygen.1 b/ssh-keygen.1
index 00246a861..9c1514951 100644
--- a/ssh-keygen.1
+++ b/ssh-keygen.1
@@ -211,9 +211,7 @@ key in
 .Pa ~/.ssh/id_ed25519_sk
 or
 .Pa ~/.ssh/id_rsa .
-Additionally, the system administrator may use this to generate host keys,
-as seen in
-.Pa /etc/rc .
+Additionally, the system administrator may use this to generate host keys.
 .Pp
 Normally this program generates the key and asks for a file in which
 to store the private key.
@@ -278,9 +276,7 @@ If
 .Fl f
 has also been specified, its argument is used as a prefix to the
 default path for the resulting host key files.
-This is used by
-.Pa /etc/rc
-to generate new host keys.
+This is used by system administration scripts to generate new host keys.
 .It Fl a Ar rounds
 When saving a private key, this option specifies the number of KDF
 (key derivation function, currently
@@ -860,7 +856,7 @@ option.
 Valid generator values are 2, 3, and 5.
 .Pp
 Screened DH groups may be installed in
-.Pa /etc/moduli .
+.Pa /etc/ssh/moduli .
 It is important that this file contains moduli of a range of bit lengths.
 .Pp
 A number of options are available for moduli generation and screening via the
@@ -1314,7 +1310,7 @@ on all machines
 where the user wishes to log in using public key authentication.
 There is no need to keep the contents of this file secret.
 .Pp
-.It Pa /etc/moduli
+.It Pa /etc/ssh/moduli
 Contains Diffie-Hellman groups used for DH-GEX.
 The file format is described in
 .Xr moduli 5 .
diff --git a/sshd.8 b/sshd.8
index 464d402f6..bd1117bfe 100644
--- a/sshd.8
+++ b/sshd.8
@@ -64,7 +64,7 @@ over an insecure network.
 .Nm
 listens for connections from clients.
 It is normally started at boot from
-.Pa /etc/rc .
+.Pa /etc/init.d/ssh .
 It forks a new
 daemon for each incoming connection.
 The forked daemons handle
@@ -936,7 +936,7 @@ This file is for host-based authentication (see
 .Xr ssh 1 ) .
 It should only be writable by root.
 .Pp
-.It Pa /etc/moduli
+.It Pa /etc/ssh/moduli
 Contains Diffie-Hellman groups used for the "Diffie-Hellman Group Exchange"
 key exchange method.
 The file format is described in
@@ -1034,7 +1034,6 @@ The content of this file is not sensitive; it can be world-readable.
 .Xr ssh-keyscan 1 ,
 .Xr chroot 2 ,
 .Xr hosts_access 5 ,
-.Xr login.conf 5 ,
 .Xr moduli 5 ,
 .Xr sshd_config 5 ,
 .Xr inetd 8 ,
diff --git a/sshd_config.5 b/sshd_config.5
index 677567908..80a75fbb7 100644
--- a/sshd_config.5
+++ b/sshd_config.5
@@ -1001,9 +1001,6 @@ for interactive sessions and
 for non-interactive sessions.
 .It Cm KbdInteractiveAuthentication
 Specifies whether to allow keyboard-interactive authentication.
-All authentication styles from
-.Xr login.conf 5
-are supported.
 The default is
 .Cm yes .
 The argument to this keyword must be
@@ -1151,8 +1148,10 @@ routing domain.
 Multiple
 .Cm ListenAddress
 options are permitted.
-For more information on routing domains, see
-.Xr rdomain 4 .
+.Pp
+On Linux, routing domains are implemented using Virtual Routing and
+Forwarding domains (VRFs); for more information, see
+.Xr ip-vrf 8 .
 .It Cm LoginGraceTime
 The server disconnects after this time if the user has not
 successfully logged in.
@@ -1286,9 +1285,8 @@ and
 .Cm Address
 (with
 .Cm RDomain
-representing the
-.Xr rdomain 4
-on which the connection was received).
+representing the routing domain on which the connection was received; see
+.Xr ip-vrf 8 ) .
 .Pp
 The match patterns may consist of single entries or comma-separated
 lists and may use the wildcard and negation operators described in the
@@ -1369,7 +1367,6 @@ Available keywords are
 .Cm RefuseConnection ,
 .Cm RekeyLimit ,
 .Cm RevokedKeys ,
-.Cm RDomain ,
 .Cm SetEnv ,
 .Cm StreamLocalBindMask ,
 .Cm StreamLocalBindUnlink ,
@@ -1868,15 +1865,6 @@ an OpenSSH Key Revocation List (KRL) as generated by
 .Xr ssh-keygen 1 .
 For more information on KRLs, see the KEY REVOCATION LISTS section in
 .Xr ssh-keygen 1 .
-.It Cm RDomain
-Specifies an explicit routing domain that is applied after authentication
-has completed.
-The user session, as well as any forwarded or listening IP sockets,
-will be bound to this
-.Xr rdomain 4 .
-If the routing domain is set to
-.Cm \&%D ,
-then the domain in which the incoming connection was received will be applied.
 .It Cm SecurityKeyProvider
 Specifies a path to a library that will be used when loading
 FIDO authenticator-hosted keys, overriding the default of using
@@ -2257,9 +2245,6 @@ accepts the tokens %%, %h, %U, and %u.
 .Pp
 .Cm ChrootDirectory
 accepts the tokens %%, %h, %U, and %u.
-.Pp
-.Cm RoutingDomain
-accepts the token %D.
 .Sh FILES
 .Bl -tag -width Ds
 .It Pa /etc/ssh/sshd_config