* Add <command> tag.

* Capitalize protocol names.
* Add a more meaningful description to the second tunnel example.
* Add <userinput> tags.
* Add missing POP3-port to tunnel example.
* Wrap one of the examples in an <example> tag so that this useful
  example shows up in the front matter "list of examples".

PR:		docs/32436
Submitted by:	Martin Heinen <martin@sumuk.de>

en_US.ISO8859-1/books/handbook/security/chapter.sgml

@@ -3113,8 +3113,8 @@ Host 'example.com' added to the list of known hosts.
 user@example.com's password: <userinput>*******</userinput></screen>
 
       <para>The login will continue just as it would have if a session was
-        created using <command>rlogin</command> or telnet.  SSH utilizes a 
-	key fingerprint
+        created using <command>rlogin</command> or
+        <command>telnet</command>.  SSH utilizes a key fingerprint
         system for verifying the authenticity of the server when the 
         client connects.  The user is prompted to enter
 	<literal>yes</literal> only when
@@ -3317,10 +3317,12 @@ Your identification has been saved in /home/user/.ssh/identity.
 	this would create a secure telnet session through an SSH tunnel.</para>
 
       <para>This can be used to wrap any number of insecure TCP protocols 
-        such as smtp, pop3, ftp, etc.</para>
+        such as SMTP, POP3, FTP, etc.</para>
 
-       <para>A typical SSH Tunnel</para>
-       <screen>&prompt.user; <userinput>ssh -2 -N -f -L <replaceable>5025:localhost:25 user@mailserver.example.com</replaceable></userinput>
+      <example>
+	<title>Using SSH to create a secure tunnel for SMTP</title>
+
+        <screen>&prompt.user; <userinput>ssh -2 -N -f -L <replaceable>5025:localhost:25 user@mailserver.example.com</replaceable></userinput>
 user@mailserver.example.com's password: <userinput>*****</userinput>
 &prompt.user; <userinput>telnet localhost 5025</userinput>
 Trying 127.0.0.1...
@@ -3328,10 +3330,12 @@ Connected to localhost.
 Escape character is '^]'.
 220 mailserver.example.com ESMTP</screen>     
 
-       <para>This can be used in conjunction with an &man.ssh-keygen.1; 
-         and additional user accounts to create a more seamless/hassle-free
-         SSH tunneling environment.  Keys can be used in place of typing
-         a password, and the tunnels can be run as a separate user.</para>
+        <para>This can be used in conjunction with an
+          &man.ssh-keygen.1; and additional user accounts to create a
+          more seamless/hassle-free SSH tunneling environment.  Keys
+          can be used in place of typing a password, and the tunnels
+          can be run as a separate user.</para>
+      </example>
 
       <sect3>
 	<title>Practical SSH Tunneling Examples</title>
@@ -3348,7 +3352,7 @@ Escape character is '^]'.
 	    an SSH connection to your office's SSH server, and tunnel
 	    through to the mail server.</para>
 
-	  <screen>&prompt.user; ssh -2 -N -f -L 2110:mail.example.com user@ssh-server.example.com
+	  <screen>&prompt.user; <userinput>ssh -2 -N -f -L <replaceable>2110:mail.example.com:110 user@ssh-server.example.com</replaceable></userinput>
 user@ssh-server.example.com's password: ******</screen>
 
 	  <para>When the tunnel is up and running, you can point your
@@ -3375,7 +3379,7 @@ user@ssh-server.example.com's password: ******</screen>
 	    outside of your network's firewall, and use it to tunnel to
 	    the Ogg Vorbis server.</para>
 
-	  <screen>&prompt.user; ssh -2 -N -f -L 8888:music.example.com:8000 user@unfirewalled.myserver.com
+	  <screen>&prompt.user; <userinput>ssh -2 -N -f -L <replaceable>8888:music.example.com:8000 user@unfirewalled.myserver.com</replaceable></userinput>
 user@unfirewalled.myserver.com's password: *******</screen>
 
 	  <para>Your streaming client can now be pointed to