diff options
author | Colin Watson <cjwatson@debian.org> | 2020-06-07 10:19:24 +0100 |
---|---|---|
committer | Colin Watson <cjwatson@debian.org> | 2020-06-07 11:03:12 +0100 |
commit | 30337f8b66c66af6b368d1e3c789e75f1247176c (patch) | |
tree | 17e0b8652fea31c04faa19ffc4cd088552ee473a /ssh_config.5 | |
parent | aef2be11c5ea90bc66e774923e6570213e54c195 (diff) | |
parent | 39b8d128ef980a410bb1ea0ee80e95ac9fff59c3 (diff) |
New upstream release (8.3p1)
Also update GSSAPI key exchange patch from
https://github.com/openssh-gsskex/openssh-gsskex.
Diffstat (limited to 'ssh_config.5')
-rw-r--r-- | ssh_config.5 | 57 |
1 files changed, 31 insertions, 26 deletions
diff --git a/ssh_config.5 b/ssh_config.5 index 91beb6f50..2574b1004 100644 --- a/ssh_config.5 +++ b/ssh_config.5 | |||
@@ -33,8 +33,8 @@ | |||
33 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 33 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
34 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 34 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
35 | .\" | 35 | .\" |
36 | .\" $OpenBSD: ssh_config.5,v 1.322 2020/02/07 03:54:44 dtucker Exp $ | 36 | .\" $OpenBSD: ssh_config.5,v 1.325 2020/04/11 20:20:09 jmc Exp $ |
37 | .Dd $Mdocdate: February 7 2020 $ | 37 | .Dd $Mdocdate: April 11 2020 $ |
38 | .Dt SSH_CONFIG 5 | 38 | .Dt SSH_CONFIG 5 |
39 | .Os | 39 | .Os |
40 | .Sh NAME | 40 | .Sh NAME |
@@ -853,8 +853,8 @@ gss-curve25519-sha256- | |||
853 | .Ed | 853 | .Ed |
854 | .Pp | 854 | .Pp |
855 | The default is | 855 | The default is |
856 | .Dq gss-gex-sha1-,gss-group14-sha1- . | 856 | .Dq gss-group14-sha256-,gss-group16-sha512-,gss-nistp256-sha256-,gss-curve25519-sha256-,gss-gex-sha1-,gss-group14-sha1- . |
857 | This option only applies to protocol version 2 connections using GSSAPI. | 857 | This option only applies to connections using GSSAPI. |
858 | .It Cm HashKnownHosts | 858 | .It Cm HashKnownHosts |
859 | Indicates that | 859 | Indicates that |
860 | .Xr ssh 1 | 860 | .Xr ssh 1 |
@@ -1211,12 +1211,15 @@ has been enabled. | |||
1211 | .It Cm LocalForward | 1211 | .It Cm LocalForward |
1212 | Specifies that a TCP port on the local machine be forwarded over | 1212 | Specifies that a TCP port on the local machine be forwarded over |
1213 | the secure channel to the specified host and port from the remote machine. | 1213 | the secure channel to the specified host and port from the remote machine. |
1214 | The first argument must be | 1214 | The first argument specifies the listener and may be |
1215 | .Sm off | 1215 | .Sm off |
1216 | .Oo Ar bind_address : Oc Ar port | 1216 | .Oo Ar bind_address : Oc Ar port |
1217 | .Sm on | 1217 | .Sm on |
1218 | and the second argument must be | 1218 | or a Unix domain socket path. |
1219 | .Ar host : Ns Ar hostport . | 1219 | The second argument is the destination and may be |
1220 | .Ar host : Ns Ar hostport | ||
1221 | or a Unix domain socket path if the remote host supports it. | ||
1222 | .Pp | ||
1220 | IPv6 addresses can be specified by enclosing addresses in square brackets. | 1223 | IPv6 addresses can be specified by enclosing addresses in square brackets. |
1221 | Multiple forwardings may be specified, and additional forwardings can be | 1224 | Multiple forwardings may be specified, and additional forwardings can be |
1222 | given on the command line. | 1225 | given on the command line. |
@@ -1235,6 +1238,9 @@ indicates that the listening port be bound for local use only, while an | |||
1235 | empty address or | 1238 | empty address or |
1236 | .Sq * | 1239 | .Sq * |
1237 | indicates that the port should be available from all interfaces. | 1240 | indicates that the port should be available from all interfaces. |
1241 | Unix domain socket paths accept the tokens described in the | ||
1242 | .Sx TOKENS | ||
1243 | section. | ||
1238 | .It Cm LogLevel | 1244 | .It Cm LogLevel |
1239 | Gives the verbosity level that is used when logging messages from | 1245 | Gives the verbosity level that is used when logging messages from |
1240 | .Xr ssh 1 . | 1246 | .Xr ssh 1 . |
@@ -1487,12 +1493,14 @@ the secure channel. | |||
1487 | The remote port may either be forwarded to a specified host and port | 1493 | The remote port may either be forwarded to a specified host and port |
1488 | from the local machine, or may act as a SOCKS 4/5 proxy that allows a remote | 1494 | from the local machine, or may act as a SOCKS 4/5 proxy that allows a remote |
1489 | client to connect to arbitrary destinations from the local machine. | 1495 | client to connect to arbitrary destinations from the local machine. |
1490 | The first argument must be | 1496 | The first argument is the listening specification and may be |
1491 | .Sm off | 1497 | .Sm off |
1492 | .Oo Ar bind_address : Oc Ar port | 1498 | .Oo Ar bind_address : Oc Ar port |
1493 | .Sm on | 1499 | .Sm on |
1500 | or, if the remote host supports it, a Unix domain socket path. | ||
1494 | If forwarding to a specific destination then the second argument must be | 1501 | If forwarding to a specific destination then the second argument must be |
1495 | .Ar host : Ns Ar hostport , | 1502 | .Ar host : Ns Ar hostport |
1503 | or a Unix domain socket path, | ||
1496 | otherwise if no destination argument is specified then the remote forwarding | 1504 | otherwise if no destination argument is specified then the remote forwarding |
1497 | will be established as a SOCKS proxy. | 1505 | will be established as a SOCKS proxy. |
1498 | .Pp | 1506 | .Pp |
@@ -1501,6 +1509,9 @@ Multiple forwardings may be specified, and additional | |||
1501 | forwardings can be given on the command line. | 1509 | forwardings can be given on the command line. |
1502 | Privileged ports can be forwarded only when | 1510 | Privileged ports can be forwarded only when |
1503 | logging in as root on the remote machine. | 1511 | logging in as root on the remote machine. |
1512 | Unix domain socket paths accept the tokens described in the | ||
1513 | .Sx TOKENS | ||
1514 | section. | ||
1504 | .Pp | 1515 | .Pp |
1505 | If the | 1516 | If the |
1506 | .Ar port | 1517 | .Ar port |
@@ -1944,31 +1955,25 @@ otherwise. | |||
1944 | The local username. | 1955 | The local username. |
1945 | .El | 1956 | .El |
1946 | .Pp | 1957 | .Pp |
1947 | .Cm Match exec | 1958 | .Cm CertificateFile , |
1948 | accepts the tokens %%, %h, %i, %L, %l, %n, %p, %r, and %u. | 1959 | .Cm ControlPath , |
1949 | .Pp | 1960 | .Cm IdentityAgent , |
1950 | .Cm CertificateFile | 1961 | .Cm IdentityFile , |
1951 | accepts the tokens %%, %d, %h, %i, %l, %r, and %u. | 1962 | .Cm LocalForward , |
1952 | .Pp | 1963 | .Cm Match exec , |
1953 | .Cm ControlPath | 1964 | .Cm RemoteCommand , |
1954 | accepts the tokens %%, %C, %h, %i, %L, %l, %n, %p, %r, and %u. | 1965 | and |
1966 | .Cm RemoteForward | ||
1967 | accept the tokens %%, %C, %d, %h, %i, %L, %l, %n, %p, %r, and %u. | ||
1955 | .Pp | 1968 | .Pp |
1956 | .Cm Hostname | 1969 | .Cm Hostname |
1957 | accepts the tokens %% and %h. | 1970 | accepts the tokens %% and %h. |
1958 | .Pp | 1971 | .Pp |
1959 | .Cm IdentityAgent | ||
1960 | and | ||
1961 | .Cm IdentityFile | ||
1962 | accept the tokens %%, %d, %h, %i, %l, %r, and %u. | ||
1963 | .Pp | ||
1964 | .Cm LocalCommand | 1972 | .Cm LocalCommand |
1965 | accepts the tokens %%, %C, %d, %h, %i, %l, %n, %p, %r, %T, and %u. | 1973 | accepts all tokens. |
1966 | .Pp | 1974 | .Pp |
1967 | .Cm ProxyCommand | 1975 | .Cm ProxyCommand |
1968 | accepts the tokens %%, %h, %n, %p, and %r. | 1976 | accepts the tokens %%, %h, %n, %p, and %r. |
1969 | .Pp | ||
1970 | .Cm RemoteCommand | ||
1971 | accepts the tokens %%, %C, %d, %h, %i, %l, %n, %p, %r, and %u. | ||
1972 | .Sh FILES | 1977 | .Sh FILES |
1973 | .Bl -tag -width Ds | 1978 | .Bl -tag -width Ds |
1974 | .It Pa ~/.ssh/config | 1979 | .It Pa ~/.ssh/config |