*** sshd_config.man.orig	Fri Sep 11 16:16:43 2009
--- sshd_config.man.new	Fri Sep 25 10:57:36 2009
***************
*** 500,505 ****
--- 500,557 ----
  	 md5,hmac-sha1,hmac-sha1-96,hmac-md5-96.
  
  
+      Match
+ 
+          Introduces a conditional block.  If all of the criteria on the
+          Match line are satisfied, the keywords on the following lines
+          override those set in the global section of the config file,
+          until either another Match line or the end of the file.  Note 
+          that Match blocks must be located at the end of the file, after
+          all the global settings.
+ 
+          The arguments to Match are one or more criteria-pattern pairs.
+          The available criteria are User, Group, Host, and Address.  The
+          match patterns may consist of single entries or comma-separated
+          lists and may use the wildcard (Asterisk "*" and question mark "?")
+          and negation operators.
+ 
+          The patterns in a Host criteria should be hostname. The patterns
+          in an Address criteria should be IP address, which may
+          additionally contain addresses to match in CIDR address/masklen
+          format, e.g. ``192.0.2.0/24'' or ``2001:DB8::/32''.
+          Note that the mask length provided must be consistent with the
+          address - it is an error to specify a mask length that is too
+          long for the address or one with bits set in this host portion
+          of the address.  For example, ``192.0.2.0/33'' and ``192.0.2.0/8''
+          respectively.
+ 
+          Only a subset of keywords may be used on the lines following a
+          Match keyword.  Available keywords are AllowTcpForwarding,
+          Banner, ChrootDirectory, GatewayPorts, GSSAPIAuthentication,
+          HostbasedAuthentication, KbdInteractiveAuthentication,
+          MaxAuthTries, PasswordAuthentication, PermitEmptyPasswords,
+          PermitRootLogin, PubkeyAuthentication, RhostsRSAAuthentication,
+          RSAAuthentication, X11DisplayOffset, X11Forwarding and
+          X11UseLocalhost.
+ 
+          Example 1: Disallow user "testuser" to use TCP forwarding
+          Match User testuser
+ 	     AllowTcpForwarding no
+ 
+          Example 2: Display a special banner for users not in the
+                     "staff" group
+          Match Group *,!staff
+              Banner /etc/banner.text
+ 
+          Example 3: Allow root login from host "rootallowed.example.com"
+          Match Host rootallowed.example.com
+             PermitRootLogin yes
+ 	     
+          Example 4: Allow anyone to use GatewayPorts from the local net
+          Match Address 192.168.0.0/24
+              GatewayPorts yes
+ 
+ 
       MaxStartups
  
  	 Specifies the maximum number of  concurrent  unauthenti-