- jmc@cvs.openbsd.org 2006/02/24 10:25:14

[ssh_config.5] add section on patterns; from dtucker + myself
author: Damien Miller <djm@mindrot.org> 2006-03-15 11:54:05 +1100
committer: Damien Miller <djm@mindrot.org> 2006-03-15 11:54:05 +1100
commit: 6def55171fa7625da63f6b5c2fc0a45211208c11 (patch)
tree: 3c2b9531a142009561409fe454bac74e77f6a991
parent: c7b06369a846822b0da77b969d4ed72ea8ee38d4 (diff)
2 files changed, 48 insertions, 12 deletions
diff --git a/ChangeLog b/ChangeLog
index 8d19a746d..7f34f310f 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -150,6 +150,10 @@
     [canohost.c clientloop.c includes.h match.c readconf.c scp.c ssh.c]
     [sshconnect.c]
     move #include <ctype.h> out of includes.h; ok djm@
+   - jmc@cvs.openbsd.org 2006/02/24 10:25:14
+     [ssh_config.5]
+     add section on patterns;
+     from dtucker + myself
 20060313
 - (dtucker) [configure.ac] Bug #1171: Don't use printf("%lld", longlong)
@@ -4051,4 +4055,4 @@
   - (djm) Trim deprecated options from INSTALL. Mention UsePAM
   - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu
-$Id: ChangeLog,v 1.4181 2006/03/15 00:53:45 djm Exp $
+$Id: ChangeLog,v 1.4182 2006/03/15 00:54:05 djm Exp $
diff --git a/ssh_config.5 b/ssh_config.5
index 44107bfe7..5f1ced5b6 100644
--- a/ssh_config.5
+++ b/ssh_config.5
@@ -34,7 +34,7 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: ssh_config.5,v 1.79 2006/02/19 20:12:25 jmc Exp $
+.\" $OpenBSD: ssh_config.5,v 1.80 2006/02/24 10:25:14 jmc Exp $
 .Dd September 25, 1999
 .Dt SSH_CONFIG 5
 .Os
@@ -73,13 +73,47 @@ The matched host name is the one given on the command line.
 Since the first obtained value for each parameter is used, more
 host-specific declarations should be given near the beginning of the
 file, and general defaults at the end.
+.Sh PATTERNS
+A
+.Em pattern
+consists of zero or more non-whitespace characters,
+.Sq *
+(a wildcard that matches zero or more characters),
+or
+.Sq ?\&
+(a wildcard that matches exactly one character).
+For example, to specify a set of declarations for any host in the
+.Dq .co.uk
+set of domains,
+the following pattern could be used:
+.Pp
+.Dl Host *.co.uk
+.Pp
+The following pattern
+would match any host in the 192.168.0.[0-9] network range:
 .Pp
+.Dl Host 192.168.0.?
+.Pp
+A
+.Em pattern-list
+is a comma-separated list of patterns.
+Patterns within pattern-lists may be negated
+by preceding them with an exclamation mark
+.Pq Sq !\& .
+For example,
+to allow a key to be used from anywhere within an organisation
+except from the
+.Dq dialup
+pool,
+the following entry (in authorized_keys) could be used:
+.Pp
+.Dl from=\&"!*.dialup.example.com,*.example.com\&"
+.Sh FILE FORMAT
 The configuration file has the following format:
 .Pp
 Empty lines and lines starting with
 .Ql #
 are comments.
-.Pp
 Otherwise a line is of the format
 .Dq keyword arguments .
 Configuration options may be separated by whitespace or
@@ -103,15 +137,13 @@ Restricts the following declarations (up to the next
 .Cm Host
 keyword) to be only for those hosts that match one of the patterns
 given after the keyword.
-.Ql \&*
-and
-.Ql \&?
-can be used as wildcards in the
-patterns.
 A single
 .Ql \&*
 as a pattern can be used to provide global
 defaults for all hosts.
+See
+.Sx PATTERNS
+for more information on patterns.
 The host is the
 .Ar hostname
 argument given on the command line (i.e., the name is not converted to
@@ -805,10 +837,10 @@ Refer to
 in
 .Xr sshd_config 5
 for how to configure the server.
-Variables are specified by name, which may contain the wildcard characters
+Variables are specified by name, which may contain wildcard characters.
-.Ql \&*
+See
-and
+.Sx PATTERNS
-.Ql \&? .
+for more information on patterns.
 Multiple environment variables may be separated by whitespace or spread
 across multiple
 .Cm SendEnv
author	Damien Miller <djm@mindrot.org>	2006-03-15 11:54:05 +1100
committer	Damien Miller <djm@mindrot.org>	2006-03-15 11:54:05 +1100
commit	6def55171fa7625da63f6b5c2fc0a45211208c11 (patch)
tree	3c2b9531a142009561409fe454bac74e77f6a991
parent	c7b06369a846822b0da77b969d4ed72ea8ee38d4 (diff)

diff --git a/ChangeLog b/ChangeLog index 8d19a746d..7f34f310f 100644 --- a/ChangeLog +++ b/ChangeLog
@@ -150,6 +150,10 @@
150	[canohost.c clientloop.c includes.h match.c readconf.c scp.c ssh.c]	150	[canohost.c clientloop.c includes.h match.c readconf.c scp.c ssh.c]
151	[sshconnect.c]	151	[sshconnect.c]
152	move #include <ctype.h> out of includes.h; ok djm@	152	move #include <ctype.h> out of includes.h; ok djm@
		153	- jmc@cvs.openbsd.org 2006/02/24 10:25:14
		154	[ssh_config.5]
		155	add section on patterns;
		156	from dtucker + myself
153		157
154	20060313	158	20060313
155	- (dtucker) [configure.ac] Bug #1171: Don't use printf("%lld", longlong)	159	- (dtucker) [configure.ac] Bug #1171: Don't use printf("%lld", longlong)
@@ -4051,4 +4055,4 @@
4051	- (djm) Trim deprecated options from INSTALL. Mention UsePAM	4055	- (djm) Trim deprecated options from INSTALL. Mention UsePAM
4052	- (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu	4056	- (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu
4053		4057
4054	$Id: ChangeLog,v 1.4181 2006/03/15 00:53:45 djm Exp $	4058	$Id: ChangeLog,v 1.4182 2006/03/15 00:54:05 djm Exp $


diff --git a/ssh_config.5 b/ssh_config.5 index 44107bfe7..5f1ced5b6 100644 --- a/ssh_config.5 +++ b/ssh_config.5
@@ -34,7 +34,7 @@
34	.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF	34	.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
35	.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.	35	.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
36	.\"	36	.\"
37	.\" $OpenBSD: ssh_config.5,v 1.79 2006/02/19 20:12:25 jmc Exp $	37	.\" $OpenBSD: ssh_config.5,v 1.80 2006/02/24 10:25:14 jmc Exp $
38	.Dd September 25, 1999	38	.Dd September 25, 1999
39	.Dt SSH_CONFIG 5	39	.Dt SSH_CONFIG 5
40	.Os	40	.Os
@@ -73,13 +73,47 @@ The matched host name is the one given on the command line.
73	Since the first obtained value for each parameter is used, more	73	Since the first obtained value for each parameter is used, more
74	host-specific declarations should be given near the beginning of the	74	host-specific declarations should be given near the beginning of the
75	file, and general defaults at the end.	75	file, and general defaults at the end.
		76	.Sh PATTERNS
		77	A
		78	.Em pattern
		79	consists of zero or more non-whitespace characters,
		80	.Sq *
		81	(a wildcard that matches zero or more characters),
		82	or
		83	.Sq ?\&
		84	(a wildcard that matches exactly one character).
		85	For example, to specify a set of declarations for any host in the
		86	.Dq .co.uk
		87	set of domains,
		88	the following pattern could be used:
		89	.Pp
		90	.Dl Host *.co.uk
		91	.Pp
		92	The following pattern
		93	would match any host in the 192.168.0.[0-9] network range:
76	.Pp	94	.Pp
		95	.Dl Host 192.168.0.?
		96	.Pp
		97	A
		98	.Em pattern-list
		99	is a comma-separated list of patterns.
		100	Patterns within pattern-lists may be negated
		101	by preceding them with an exclamation mark
		102	.Pq Sq !\& .
		103	For example,
		104	to allow a key to be used from anywhere within an organisation
		105	except from the
		106	.Dq dialup
		107	pool,
		108	the following entry (in authorized_keys) could be used:
		109	.Pp
		110	.Dl from=\&"!.dialup.example.com,.example.com\&"
		111	.Sh FILE FORMAT
77	The configuration file has the following format:	112	The configuration file has the following format:
78	.Pp	113	.Pp
79	Empty lines and lines starting with	114	Empty lines and lines starting with
80	.Ql #	115	.Ql #
81	are comments.	116	are comments.
82	.Pp
83	Otherwise a line is of the format	117	Otherwise a line is of the format
84	.Dq keyword arguments .	118	.Dq keyword arguments .
85	Configuration options may be separated by whitespace or	119	Configuration options may be separated by whitespace or
@@ -103,15 +137,13 @@ Restricts the following declarations (up to the next
103	.Cm Host	137	.Cm Host
104	keyword) to be only for those hosts that match one of the patterns	138	keyword) to be only for those hosts that match one of the patterns
105	given after the keyword.	139	given after the keyword.
106	.Ql \&*
107	and
108	.Ql \&?
109	can be used as wildcards in the
110	patterns.
111	A single	140	A single
112	.Ql \&*	141	.Ql \&*
113	as a pattern can be used to provide global	142	as a pattern can be used to provide global
114	defaults for all hosts.	143	defaults for all hosts.
		144	See
		145	.Sx PATTERNS
		146	for more information on patterns.
115	The host is the	147	The host is the
116	.Ar hostname	148	.Ar hostname
117	argument given on the command line (i.e., the name is not converted to	149	argument given on the command line (i.e., the name is not converted to
@@ -805,10 +837,10 @@ Refer to
805	in	837	in
806	.Xr sshd_config 5	838	.Xr sshd_config 5
807	for how to configure the server.	839	for how to configure the server.
808	Variables are specified by name, which may contain the wildcard characters	840	Variables are specified by name, which may contain wildcard characters.
809	.Ql \&*	841	See
810	and	842	.Sx PATTERNS
811	.Ql \&? .	843	for more information on patterns.
812	Multiple environment variables may be separated by whitespace or spread	844	Multiple environment variables may be separated by whitespace or spread
813	across multiple	845	across multiple
814	.Cm SendEnv	846	.Cm SendEnv