upstream: add a `sshd -G` option that parses and prints the

effective configuration without attempting to load private keys and perform
other checks. This allows usage of the option before keys have been
generated.

bz3460 feedback/ok dtucker@

OpenBSD-Commit-ID: 774504f629023fc25a559ab1d95401adb3a7fb29

1 files changed, 17 insertions, 3 deletions

diff --git a/sshd.8 b/sshd.8
index bace97839..eb063c716 100644
--- a/sshd.8
+++ b/sshd.8
@@ -33,8 +33,8 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: sshd.8,v 1.322 2023/01/18 01:50:21 millert Exp $
-.Dd $Mdocdate: January 18 2023 $
+.\" $OpenBSD: sshd.8,v 1.323 2023/02/10 04:47:19 djm Exp $
+.Dd $Mdocdate: February 10 2023 $
 .Dt SSHD 8
 .Os
 .Sh NAME
@@ -43,7 +43,7 @@
 .Sh SYNOPSIS
 .Nm sshd
 .Bk -words
-.Op Fl 46DdeiqTtV
+.Op Fl 46DGdeiqTtV
 .Op Fl C Ar connection_spec
 .Op Fl c Ar host_certificate_file
 .Op Fl E Ar log_file
@@ -154,6 +154,15 @@ The default is
 .Pa /etc/ssh/sshd_config .
 .Nm
 refuses to start if there is no configuration file.
+.It Fl G
+Parse and print configuration file.
+Check the validity of the configuration file, output the effective configuration
+to stdout and then exit.
+Optionally,
+.Cm Match
+rules may be applied by specifying the connection parameters using one or more
+.Fl C
+options.
 .It Fl g Ar login_grace_time
 Gives the grace time for clients to authenticate themselves (default
 120 seconds).
@@ -208,6 +217,11 @@ Optionally,
 rules may be applied by specifying the connection parameters using one or more
 .Fl C
 options.
+This is similar to the
+.Fl G
+flag, but it includes the additional testing performed by the
+.Fl t
+flag.
 .It Fl t
 Test mode.
 Only check the validity of the configuration file and sanity of the keys.