1 files changed, 26 insertions, 9 deletions

diff --git a/lib/ssh/doc/src/ssh.xml b/lib/ssh/doc/src/ssh.xml
index 7fbd70c87e..d481a75c9a 100644
--- a/lib/ssh/doc/src/ssh.xml
+++ b/lib/ssh/doc/src/ssh.xml
@@ -4,7 +4,7 @@
 <erlref>
   <header>
     <copyright>
-      <year>2004</year><year>2013</year>
+      <year>2004</year><year>2014</year>
       <holder>Ericsson AB. All Rights Reserved.</holder>
     </copyright>
     <legalnotice>
@@ -36,8 +36,8 @@
     <list type="bulleted">
       <item>SSH requires the crypto and public_key applications.</item>
       <item>Supported SSH version is 2.0 </item>
-      <item>Supported MAC algorithms: hmac-sha1</item>
-      <item>Supported encryption algorithms: aes128-cb and 3des-cbc</item>
+      <item>Supported MAC algorithms: hmac-sha2-256 and hmac-sha1</item>
+      <item>Supported encryption algorithms: aes128-ctr, aes128-cb and 3des-cbc</item>
       <item>Supports unicode filenames if the emulator and the underlaying OS supports it. See the DESCRIPTION section in <seealso marker="kernel:file">file</seealso> for information about this subject</item>
       <item>Supports unicode in shell and cli</item>
     </list>
@@ -97,6 +97,8 @@
 	<seealso marker="ssh_connection#session_channel/2">ssh_connection:session_channel/[2, 4]</seealso>.</p>
 	<p>Options are:</p>
 	<taglist>
+	  <tag><c><![CDATA[{inet, inet | inet6}]]></c></tag>
+	  <item> IP version to use.</item>
           <tag><c><![CDATA[{user_dir, string()}]]></c></tag>
 	  <item>
 	    <p>Sets the user directory i.e. the directory containing
@@ -230,11 +232,13 @@
         port.</p>
 	<p>Options are:</p>
         <taglist>
-	  <tag><c><![CDATA[{subsystems, [subsystem_spec()]]]></c></tag>
+	  <tag><c><![CDATA[{inet, inet | inet6}]]></c></tag>
+	  <item> IP version to use when the host address is specified as <c>any</c>. </item>
+	  <tag><c><![CDATA[{subsystems, [subsystem_spec()]}]]></c></tag>
 	  <item>
 	    Provides specifications for handling of subsystems. The
 	    "sftp" subsystem spec can be retrieved by calling
-	    ssh_sftpd:subsystem_spec/1. If the subsystems option in
+	    ssh_sftpd:subsystem_spec/1. If the subsystems option is
 	    not present the value of
 	    <c>[ssh_sftpd:subsystem_spec([])]</c> will be used.  It is
 	    of course possible to set the option to the empty list if
@@ -307,18 +311,31 @@
 
 	  <tag><c><![CDATA[{negotiation_timeout, integer()}]]></c></tag>
 	  <item>
-	    <p>Max time in milliseconds for the authentication negotiation.  The default value is 2 minutes.
+	    <p>Max time in milliseconds for the authentication negotiation.  The default value is 2 minutes. If the client fails to login within this time, the connection is closed.
+	    </p>
+	  </item>
+
+	  <tag><c><![CDATA[{max_sessions, pos_integer()}]]></c></tag>
+	  <item>
+	    <p>The maximum number of simultaneous sessions that are accepted at any time for this daemon.  This includes sessions that are being authorized.  So if set to <c>N</c>, and <c>N</c> clients have connected but not started the login process, the <c>N+1</c> connection attempt will be aborted.  If <c>N</c> connections are authenticated and still logged in, no more loggins will be accepted until one of the existing ones log out.
+	    </p>
+	    <p>The counter is per listening port, so if two daemons are started, one with <c>{max_sessions,N}</c> and the other with <c>{max_sessions,M}</c> there will be in total <c>N+M</c> connections accepted for the whole ssh application.
+	    </p>
+	    <p>Note that if <c>parallel_login</c> is <c>false</c>, only one client at a time may be in the authentication phase.
+	    </p>
+	    <p>As default, the option is not set. This means that the number is not limited.
 	    </p>
 	  </item>
 
 	  <tag><c><![CDATA[{parallel_login, boolean()}]]></c></tag>
 	  <item>
-	    <p>If set to false (the default value), only one login is handled a time.  If set to true, an unlimited logins will be allowed simultanously. Note that this affects only the connections with authentication in progress, not the already authenticated connections.
+	    <p>If set to false (the default value), only one login is handled a time.  If set to true, an unlimited number of login attempts will be allowed simultanously.
+	    </p>
+	    <p>If the <c>max_sessions</c> option is set to <c>N</c> and <c>parallel_login</c> is set to <c>true</c>, the max number of simultaneous login attempts at any time is limited to <c>N-K</c> where <c>K</c> is the number of authenticated connections present at this daemon.
 	    </p>
 	    <warning>
-	      <p>Do not enable parallel_logins without protecting the server by other means like a firewall. If set to true, there is no protection against dos attacs.</p>
+	      <p>Do not enable <c>parallel_logins</c> without protecting the server by other means, for example the <c>max_sessions</c> option or a firewall configuration. If set to <c>true</c>, there is no protection against DOS attacks.</p>
 	    </warning>
-
 	  </item>
 
 	  <tag><c><![CDATA[{key_cb, atom()}]]></c></tag>