Final CUG corrections.

doc/src/cylc-user-guide/cug.tex

@@ -6214,8 +6214,8 @@ \subsubsection{Ssh Task Messaging}
 (User-invoked client commands (aside from the GUI, which requires HTTPS) can do
 the same thing with the \lstinline=--use-ssh= command option).
 
-This is less efficient than direct HTTPS messaging, but it may be at sites where
-the HTTPS ports are blocked but non-interactive ssh is allowed.
+This is less efficient than direct HTTPS messaging, but it may be useful at
+sites where the HTTPS ports are blocked but non-interactive ssh is allowed.
 
 \subsubsection{Task Job Polling}
 
@@ -6325,13 +6325,15 @@ \subsection{Client-Server Interaction}
 and GUIs).
 
 Use \lstinline=cylc scan= to see which suites are listening on which ports on
-scanned hosts (this lists your own suites, by default, but can show others).
+scanned hosts (this lists your own suites, by default, but it can show others
+too).
 
 Cylc currently supports two kinds of access to suite daemons:
 \begin{myitemize}
-    \item {\em public} (non-authenticated) - the level of information revealed
-        is configurable, see~\ref{PublicAccess}
-    \item {\em control} (authenticated) - suite passphrase required, see~\ref{passphrases}
+    \item {\em public} (non-authenticated) - the amount of information
+      revealed is configurable, see~\ref{PublicAccess}
+    \item {\em control} (authenticated) - full control, suite passphrase
+      required, see~\ref{passphrases}
 \end{myitemize}
 
 {\em Note in both cases the suite {\em SSL certificate} is required to