diff options
Diffstat (limited to 'ssh_config.5')
-rw-r--r-- | ssh_config.5 | 77 |
1 files changed, 36 insertions, 41 deletions
diff --git a/ssh_config.5 b/ssh_config.5 index 71705cabddaa..f499396a3741 100644 --- a/ssh_config.5 +++ b/ssh_config.5 @@ -33,8 +33,8 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh_config.5,v 1.268 2018/02/23 07:38:09 jmc Exp $ -.Dd $Mdocdate: February 23 2018 $ +.\" $OpenBSD: ssh_config.5,v 1.281 2018/07/23 19:02:49 kn Exp $ +.Dd $Mdocdate: July 23 2018 $ .Dt SSH_CONFIG 5 .Os .Sh NAME @@ -258,17 +258,9 @@ or Use the specified address on the local machine as the source address of the connection. Only useful on systems with more than one address. -Note that this option does not work if -.Cm UsePrivilegedPort -is set to -.Cm yes . .It Cm BindInterface Use the address of the specified interface on the local machine as the source address of the connection. -Note that this option does not work if -.Cm UsePrivilegedPort -is set to -.Cm yes . .It Cm CanonicalDomains When .Cm CanonicalizeHostname @@ -425,8 +417,7 @@ The default is: .Bd -literal -offset indent chacha20-poly1305@openssh.com, aes128-ctr,aes192-ctr,aes256-ctr, -aes128-gcm@openssh.com,aes256-gcm@openssh.com, -aes128-cbc,aes192-cbc,aes256-cbc +aes128-gcm@openssh.com,aes256-gcm@openssh.com .Ed .Pp The list of available ciphers may also be obtained using @@ -758,7 +749,7 @@ or (the default). .It Cm HostbasedKeyTypes Specifies the key types that will be used for hostbased authentication -as a comma-separated pattern list. +as a comma-separated list of patterns. Alternately if the specified value begins with a .Sq + character, then the specified key types will be appended to the default set @@ -773,9 +764,10 @@ ecdsa-sha2-nistp256-cert-v01@openssh.com, ecdsa-sha2-nistp384-cert-v01@openssh.com, ecdsa-sha2-nistp521-cert-v01@openssh.com, ssh-ed25519-cert-v01@openssh.com, +rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com, ssh-rsa-cert-v01@openssh.com, ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, -ssh-ed25519,ssh-rsa +ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa .Ed .Pp The @@ -800,9 +792,10 @@ ecdsa-sha2-nistp256-cert-v01@openssh.com, ecdsa-sha2-nistp384-cert-v01@openssh.com, ecdsa-sha2-nistp521-cert-v01@openssh.com, ssh-ed25519-cert-v01@openssh.com, +rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com, ssh-rsa-cert-v01@openssh.com, ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, -ssh-ed25519,ssh-rsa +ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa .Ed .Pp If hostkeys are known for the destination host then this default is modified @@ -933,7 +926,7 @@ to unknown options that appear before it. .It Cm Include Include the specified configuration file(s). Multiple pathnames may be specified and each pathname may contain -.Xr glob 3 +.Xr glob 7 wildcards and, for user configurations, shell-like .Sq ~ references to user home directories. @@ -984,9 +977,11 @@ If one argument is specified, it is used as the packet class unconditionally. If two values are specified, the first is automatically selected for interactive sessions and the second for non-interactive sessions. The default is -.Cm lowdelay +.Cm af21 +(Low-Latency Data) for interactive sessions and -.Cm throughput +.Cm cs1 +(Lower Effort) for non-interactive sessions. .It Cm KbdInteractiveAuthentication Specifies whether to use keyboard-interactive authentication. @@ -1002,10 +997,9 @@ The default is to use the server specified list. The methods available vary depending on what the server supports. For an OpenSSH server, it may be zero or more of: -.Cm bsdauth , -.Cm pam , +.Cm bsdauth and -.Cm skey . +.Cm pam . .It Cm KexAlgorithms Specifies the available KEX (Key Exchange) algorithms. Multiple algorithms must be comma-separated. @@ -1239,7 +1233,7 @@ The default is .Cm no . .It Cm PubkeyAcceptedKeyTypes Specifies the key types that will be used for public key authentication -as a comma-separated pattern list. +as a comma-separated list of patterns. Alternately if the specified value begins with a .Sq + character, then the key types after it will be appended to the default @@ -1254,9 +1248,10 @@ ecdsa-sha2-nistp256-cert-v01@openssh.com, ecdsa-sha2-nistp384-cert-v01@openssh.com, ecdsa-sha2-nistp521-cert-v01@openssh.com, ssh-ed25519-cert-v01@openssh.com, +rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com, ssh-rsa-cert-v01@openssh.com, ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, -ssh-ed25519,ssh-rsa +ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa .Ed .Pp The list of available key types may also be obtained using @@ -1307,7 +1302,7 @@ section. .It Cm RemoteForward Specifies that a TCP port on the remote machine be forwarded over the secure channel. -The remote port may either be fowarded to a specified host and port +The remote port may either be forwarded to a specified host and port from the local machine, or may act as a SOCKS 4/5 proxy that allows a remote client to connect to arbitrary destinations from the local machine. The first argument must be @@ -1393,11 +1388,16 @@ Multiple environment variables may be separated by whitespace or spread across multiple .Cm SendEnv directives. -The default is not to send any environment variables. .Pp See .Sx PATTERNS for more information on patterns. +.Pp +It is possible to clear previously set +.Cm SendEnv +variable names by prefixing patterns with +.Pa - . +The default is not to send any environment variables. .It Cm ServerAliveCountMax Sets the number of server alive messages (see below) which may be sent without @@ -1432,6 +1432,12 @@ will send a message through the encrypted channel to request a response from the server. The default is 0, indicating that these messages will not be sent to the server. +.It Cm SetEnv +Directly specify one or more environment variables and their contents to +be sent to the server. +Similarly to +.Cm SendEnv , +the server must be prepared to accept the environment variable. .It Cm StreamLocalBindMask Sets the octal file creation mode mask .Pq umask @@ -1588,17 +1594,6 @@ Presently, only from OpenSSH 6.8 and greater support the .Qq hostkeys@openssh.com protocol extension used to inform the client of all the server's hostkeys. -.It Cm UsePrivilegedPort -Specifies whether to use a privileged port for outgoing connections. -The argument must be -.Cm yes -or -.Cm no -(the default). -If set to -.Cm yes , -.Xr ssh 1 -must be setuid root. .It Cm User Specifies the user to log in as. This can be useful when a different user name is used on different machines. @@ -1737,10 +1732,10 @@ The local username. .El .Pp .Cm Match exec -accepts the tokens %%, %h, %L, %l, %n, %p, %r, and %u. +accepts the tokens %%, %h, %i, %L, %l, %n, %p, %r, and %u. .Pp .Cm CertificateFile -accepts the tokens %%, %d, %h, %l, %r, and %u. +accepts the tokens %%, %d, %h, %i, %l, %r, and %u. .Pp .Cm ControlPath accepts the tokens %%, %C, %h, %i, %L, %l, %n, %p, %r, and %u. @@ -1751,16 +1746,16 @@ accepts the tokens %% and %h. .Cm IdentityAgent and .Cm IdentityFile -accept the tokens %%, %d, %h, %l, %r, and %u. +accept the tokens %%, %d, %h, %i, %l, %r, and %u. .Pp .Cm LocalCommand -accepts the tokens %%, %C, %d, %h, %l, %n, %p, %r, %T, and %u. +accepts the tokens %%, %C, %d, %h, %i, %l, %n, %p, %r, %T, and %u. .Pp .Cm ProxyCommand accepts the tokens %%, %h, %p, and %r. .Pp .Cm RemoteCommand -accepts the tokens %%, %C, %d, %h, %l, %n, %p, %r, and %u. +accepts the tokens %%, %C, %d, %h, %i, %l, %n, %p, %r, and %u. .Sh FILES .Bl -tag -width Ds .It Pa ~/.ssh/config |