[BACK]Return to ssh_config.5 CVS log [TXT][DIR] Up to [cvs.NetBSD.org] / src / crypto / external / bsd / openssh / dist

Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.

Diff for /src/crypto/external/bsd/openssh/dist/ssh_config.5 between version 1.21 and 1.21.2.2

version 1.21, 2017/10/07 19:39:19 version 1.21.2.2, 2018/09/06 06:51:33
Line 35 
Line 35 
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF  .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.  .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"  .\"
 .\" $OpenBSD: ssh_config.5,v 1.256 2017/09/21 19:16:53 markus Exp $  .\" $OpenBSD: ssh_config.5,v 1.281 2018/07/23 19:02:49 kn Exp $
 .Dd September 21 2017  .Dd July 23 2018
 .Dt SSH_CONFIG 5  .Dt SSH_CONFIG 5
 .Os  .Os
 .Sh NAME  .Sh NAME
Line 260  or
Line 260  or
 Use the specified address on the local machine as the source address of  Use the specified address on the local machine as the source address of
 the connection.  the connection.
 Only useful on systems with more than one address.  Only useful on systems with more than one address.
 Note that this option does not work if  .It Cm BindInterface
 .Cm UsePrivilegedPort  Use the address of the specified interface on the local machine as the
 is set to  source address of the connection.
 .Cm yes .  
 .It Cm CanonicalDomains  .It Cm CanonicalDomains
 When  When
 .Cm CanonicalizeHostname  .Cm CanonicalizeHostname
Line 420  The default is:
Line 419  The default is:
 .Bd -literal -offset indent  .Bd -literal -offset indent
 chacha20-poly1305@openssh.com,  chacha20-poly1305@openssh.com,
 aes128-ctr,aes192-ctr,aes256-ctr,  aes128-ctr,aes192-ctr,aes256-ctr,
 aes128-gcm@openssh.com,aes256-gcm@openssh.com,  aes128-gcm@openssh.com,aes256-gcm@openssh.com
 aes128-cbc,aes192-cbc,aes256-cbc  
 .Ed  .Ed
 .Pp  .Pp
 The list of available ciphers may also be obtained using  The list of available ciphers may also be obtained using
Line 753  or
Line 751  or
 (the default).  (the default).
 .It Cm HostbasedKeyTypes  .It Cm HostbasedKeyTypes
 Specifies the key types that will be used for hostbased authentication  Specifies the key types that will be used for hostbased authentication
 as a comma-separated pattern list.  as a comma-separated list of patterns.
 Alternately if the specified value begins with a  Alternately if the specified value begins with a
 .Sq +  .Sq +
 character, then the specified key types will be appended to the default set  character, then the specified key types will be appended to the default set
Line 768  ecdsa-sha2-nistp256-cert-v01@openssh.com
Line 766  ecdsa-sha2-nistp256-cert-v01@openssh.com
 ecdsa-sha2-nistp384-cert-v01@openssh.com,  ecdsa-sha2-nistp384-cert-v01@openssh.com,
 ecdsa-sha2-nistp521-cert-v01@openssh.com,  ecdsa-sha2-nistp521-cert-v01@openssh.com,
 ssh-ed25519-cert-v01@openssh.com,  ssh-ed25519-cert-v01@openssh.com,
   rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com,
 ssh-rsa-cert-v01@openssh.com,  ssh-rsa-cert-v01@openssh.com,
 ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,  ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
 ssh-ed25519,ssh-rsa  ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa
 .Ed  .Ed
 .Pp  .Pp
 The  The
Line 795  ecdsa-sha2-nistp256-cert-v01@openssh.com
Line 794  ecdsa-sha2-nistp256-cert-v01@openssh.com
 ecdsa-sha2-nistp384-cert-v01@openssh.com,  ecdsa-sha2-nistp384-cert-v01@openssh.com,
 ecdsa-sha2-nistp521-cert-v01@openssh.com,  ecdsa-sha2-nistp521-cert-v01@openssh.com,
 ssh-ed25519-cert-v01@openssh.com,  ssh-ed25519-cert-v01@openssh.com,
   rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com,
 ssh-rsa-cert-v01@openssh.com,  ssh-rsa-cert-v01@openssh.com,
 ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,  ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
 ssh-ed25519,ssh-rsa  ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa
 .Ed  .Ed
 .Pp  .Pp
 If hostkeys are known for the destination host then this default is modified  If hostkeys are known for the destination host then this default is modified
Line 928  to unknown options that appear before it
Line 928  to unknown options that appear before it
 .It Cm Include  .It Cm Include
 Include the specified configuration file(s).  Include the specified configuration file(s).
 Multiple pathnames may be specified and each pathname may contain  Multiple pathnames may be specified and each pathname may contain
 .Xr glob 3  .Xr glob 7
 wildcards and, for user configurations, shell-like  wildcards and, for user configurations, shell-like
 .Sq ~  .Sq ~
 references to user home directories.  references to user home directories.
Line 979  If one argument is specified, it is used
Line 979  If one argument is specified, it is used
 If two values are specified, the first is automatically selected for  If two values are specified, the first is automatically selected for
 interactive sessions and the second for non-interactive sessions.  interactive sessions and the second for non-interactive sessions.
 The default is  The default is
 .Cm lowdelay  .Cm af21
   (Low-Latency Data)
 for interactive sessions and  for interactive sessions and
 .Cm throughput  .Cm cs1
   (Lower Effort)
 for non-interactive sessions.  for non-interactive sessions.
 .It Cm KbdInteractiveAuthentication  .It Cm KbdInteractiveAuthentication
 Specifies whether to use keyboard-interactive authentication.  Specifies whether to use keyboard-interactive authentication.
Line 1017  The default is:
Line 1019  The default is:
 curve25519-sha256,curve25519-sha256@libssh.org,  curve25519-sha256,curve25519-sha256@libssh.org,
 ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,  ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,
 diffie-hellman-group-exchange-sha256,  diffie-hellman-group-exchange-sha256,
   diffie-hellman-group16-sha512,
   diffie-hellman-group18-sha512,
 diffie-hellman-group-exchange-sha1,  diffie-hellman-group-exchange-sha1,
   diffie-hellman-group14-sha256,
 diffie-hellman-group14-sha1  diffie-hellman-group14-sha1
 .Ed  .Ed
 .Pp  .Pp
Line 1109  hmac-sha2-256,hmac-sha2-512,hmac-sha1
Line 1114  hmac-sha2-256,hmac-sha2-512,hmac-sha1
 The list of available MAC algorithms may also be obtained using  The list of available MAC algorithms may also be obtained using
 .Qq ssh -Q mac .  .Qq ssh -Q mac .
 .It Cm NoHostAuthenticationForLocalhost  .It Cm NoHostAuthenticationForLocalhost
 This option can be used if the home directory is shared across machines.  Disable host authentication for localhost (loopback addresses).
 In this case localhost will refer to a different machine on each of  
 the machines and the user will get many warnings about changed host keys.  
 However, this option disables host authentication for localhost.  
 The argument to this keyword must be  The argument to this keyword must be
 .Cm yes  .Cm yes
 or  or
Line 1200  For example, the following directive wou
Line 1202  For example, the following directive wou
 ProxyCommand /usr/bin/nc -X connect -x 192.0.2.0:8080 %h %p  ProxyCommand /usr/bin/nc -X connect -x 192.0.2.0:8080 %h %p
 .Ed  .Ed
 .It Cm ProxyJump  .It Cm ProxyJump
 Specifies one or more jump proxies as  Specifies one or more jump proxies as either
 .Xo  .Xo
 .Sm off  .Sm off
 .Op Ar user No @  .Op Ar user No @
 .Ar host  .Ar host
 .Op : Ns Ar port  .Op : Ns Ar port
 .Sm on  .Sm on
   or an ssh URI
 .Xc .  .Xc .
 Multiple proxies may be separated by comma characters and will be visited  Multiple proxies may be separated by comma characters and will be visited
 sequentially.  sequentially.
Line 1233  The default is
Line 1236  The default is
 .Cm no .  .Cm no .
 .It Cm PubkeyAcceptedKeyTypes  .It Cm PubkeyAcceptedKeyTypes
 Specifies the key types that will be used for public key authentication  Specifies the key types that will be used for public key authentication
 as a comma-separated pattern list.  as a comma-separated list of patterns.
 Alternately if the specified value begins with a  Alternately if the specified value begins with a
 .Sq +  .Sq +
 character, then the key types after it will be appended to the default  character, then the key types after it will be appended to the default
Line 1248  ecdsa-sha2-nistp256-cert-v01@openssh.com
Line 1251  ecdsa-sha2-nistp256-cert-v01@openssh.com
 ecdsa-sha2-nistp384-cert-v01@openssh.com,  ecdsa-sha2-nistp384-cert-v01@openssh.com,
 ecdsa-sha2-nistp521-cert-v01@openssh.com,  ecdsa-sha2-nistp521-cert-v01@openssh.com,
 ssh-ed25519-cert-v01@openssh.com,  ssh-ed25519-cert-v01@openssh.com,
   rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com,
 ssh-rsa-cert-v01@openssh.com,  ssh-rsa-cert-v01@openssh.com,
 ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,  ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
 ssh-ed25519,ssh-rsa  ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa
 .Ed  .Ed
 .Pp  .Pp
 The list of available key types may also be obtained using  The list of available key types may also be obtained using
Line 1301  section.
Line 1305  section.
 .It Cm RemoteForward  .It Cm RemoteForward
 Specifies that a TCP port on the remote machine be forwarded over  Specifies that a TCP port on the remote machine be forwarded over
 the secure channel.  the secure channel.
 The remote port may either be fowarded to a specified host and port  The remote port may either be forwarded to a specified host and port
 from the local machine, or may act as a SOCKS 4/5 proxy that allows a remote  from the local machine, or may act as a SOCKS 4/5 proxy that allows a remote
 client to connect to arbitrary destinations from the local machine.  client to connect to arbitrary destinations from the local machine.
 The first argument must be  The first argument must be
Line 1387  Multiple environment variables may be se
Line 1391  Multiple environment variables may be se
 across multiple  across multiple
 .Cm SendEnv  .Cm SendEnv
 directives.  directives.
 The default is not to send any environment variables.  
 .Pp  .Pp
 See  See
 .Sx PATTERNS  .Sx PATTERNS
 for more information on patterns.  for more information on patterns.
   .Pp
   It is possible to clear previously set
   .Cm SendEnv
   variable names by prefixing patterns with
   .Pa - .
   The default is not to send any environment variables.
 .It Cm ServerAliveCountMax  .It Cm ServerAliveCountMax
 Sets the number of server alive messages (see below) which may be  Sets the number of server alive messages (see below) which may be
 sent without  sent without
Line 1426  will send a message through the encrypte
Line 1435  will send a message through the encrypte
 channel to request a response from the server.  channel to request a response from the server.
 The default  The default
 is 0, indicating that these messages will not be sent to the server.  is 0, indicating that these messages will not be sent to the server.
   .It Cm SetEnv
   Directly specify one or more environment variables and their contents to
   be sent to the server.
   Similarly to
   .Cm SendEnv ,
   the server must be prepared to accept the environment variable.
 .It Cm StreamLocalBindMask  .It Cm StreamLocalBindMask
 Sets the octal file creation mode mask  Sets the octal file creation mode mask
 .Pq umask  .Pq umask
Line 1459  If this flag is set to
Line 1474  If this flag is set to
 will never automatically add host keys to the  will never automatically add host keys to the
 .Pa ~/.ssh/known_hosts  .Pa ~/.ssh/known_hosts
 file, and refuses to connect to hosts whose host key has changed.  file, and refuses to connect to hosts whose host key has changed.
 This provides maximum protection against trojan horse attacks,  This provides maximum protection against man-in-the-middle (MITM) attacks,
 though it can be annoying when the  though it can be annoying when the
 .Pa /etc/ssh/ssh_known_hosts  .Pa /etc/ssh/ssh_known_hosts
 file is poorly maintained or when connections to new hosts are  file is poorly maintained or when connections to new hosts are
Line 1511  This is important in scripts, and many u
Line 1526  This is important in scripts, and many u
 .Pp  .Pp
 To disable TCP keepalive messages, the value should be set to  To disable TCP keepalive messages, the value should be set to
 .Cm no .  .Cm no .
   See also
   .Cm ServerAliveInterval
   for protocol-level keepalives.
 .It Cm Tunnel  .It Cm Tunnel
 Request  Request
 .Xr tun 4  .Xr tun 4
Line 1579  Presently, only
Line 1597  Presently, only
 from OpenSSH 6.8 and greater support the  from OpenSSH 6.8 and greater support the
 .Qq hostkeys@openssh.com  .Qq hostkeys@openssh.com
 protocol extension used to inform the client of all the server's hostkeys.  protocol extension used to inform the client of all the server's hostkeys.
 .It Cm UsePrivilegedPort  
 Specifies whether to use a privileged port for outgoing connections.  
 The argument must be  
 .Cm yes  
 or  
 .Cm no  
 (the default).  
 If set to  
 .Cm yes ,  
 .Xr ssh 1  
 must be setuid root.  
 .It Cm User  .It Cm User
 Specifies the user to log in as.  Specifies the user to log in as.
 This can be useful when a different user name is used on different machines.  This can be useful when a different user name is used on different machines.
Line 1676  pool,
Line 1683  pool,
 the following entry (in authorized_keys) could be used:  the following entry (in authorized_keys) could be used:
 .Pp  .Pp
 .Dl from=\&"!*.dialup.example.com,*.example.com\&"  .Dl from=\&"!*.dialup.example.com,*.example.com\&"
   .Pp
   Note that a negated match will never produce a positive result by itself.
   For example, attempting to match
   .Qq host3
   against the following pattern-list will fail:
   .Pp
   .Dl from=\&"!host1,!host2\&"
   .Pp
   The solution here is to include a term that will yield a positive match,
   such as a wildcard:
   .Pp
   .Dl from=\&"!host1,!host2,*\&"
 .Sh TOKENS  .Sh TOKENS
 Arguments to some keywords can make use of tokens,  Arguments to some keywords can make use of tokens,
 which are expanded at runtime:  which are expanded at runtime:
Line 1685  which are expanded at runtime:
Line 1704  which are expanded at runtime:
 A literal  A literal
 .Sq % .  .Sq % .
 .It \&%C  .It \&%C
 Shorthand for %l%h%p%r.  Hash of %l%h%p%r.
 .It %d  .It %d
 Local user's home directory.  Local user's home directory.
 .It %h  .It %h
Line 1702  The original remote hostname, as given o
Line 1721  The original remote hostname, as given o
 The remote port.  The remote port.
 .It %r  .It %r
 The remote username.  The remote username.
   .It \&%T
   The local
   .Xr tun 4
   or
   .Xr tap 4
   network interface assigned if
   tunnel forwarding was requested, or
   .Qq NONE
   otherwise.
 .It %u  .It %u
 The local username.  The local username.
 .El  .El
 .Pp  .Pp
 .Cm Match exec  .Cm Match exec
 accepts the tokens %%, %h, %L, %l, %n, %p, %r, and %u.  accepts the tokens %%, %h, %i, %L, %l, %n, %p, %r, and %u.
 .Pp  .Pp
 .Cm CertificateFile  .Cm CertificateFile
 accepts the tokens %%, %d, %h, %l, %r, and %u.  accepts the tokens %%, %d, %h, %i, %l, %r, and %u.
 .Pp  .Pp
 .Cm ControlPath  .Cm ControlPath
 accepts the tokens %%, %C, %h, %i, %L, %l, %n, %p, %r, and %u.  accepts the tokens %%, %C, %h, %i, %L, %l, %n, %p, %r, and %u.
Line 1721  accepts the tokens %% and %h.
Line 1749  accepts the tokens %% and %h.
 .Cm IdentityAgent  .Cm IdentityAgent
 and  and
 .Cm IdentityFile  .Cm IdentityFile
 accept the tokens %%, %d, %h, %l, %r, and %u.  accept the tokens %%, %d, %h, %i, %l, %r, and %u.
 .Pp  .Pp
 .Cm LocalCommand  .Cm LocalCommand
 accepts the tokens %%, %C, %d, %h, %l, %n, %p, %r, and %u.  accepts the tokens %%, %C, %d, %h, %i, %l, %n, %p, %r, %T, and %u.
 .Pp  .Pp
 .Cm ProxyCommand  .Cm ProxyCommand
 accepts the tokens %%, %h, %p, and %r.  accepts the tokens %%, %h, %p, and %r.
 .Pp  .Pp
 .Cm RemoteCommand  .Cm RemoteCommand
 accepts the tokens %%, %C, %d, %h, %l, %n, %p, %r, and %u.  accepts the tokens %%, %C, %d, %h, %i, %l, %n, %p, %r, and %u.
 .Sh FILES  .Sh FILES
 .Bl -tag -width Ds  .Bl -tag -width Ds
 .It Pa ~/.ssh/config  .It Pa ~/.ssh/config

Legend:
Removed from v.1.21  
changed lines
  Added in v.1.21.2.2

CVSweb <webmaster@jp.NetBSD.org>