diff options
author | Colin Watson <cjwatson@debian.org> | 2010-08-23 23:52:36 +0100 |
---|---|---|
committer | Colin Watson <cjwatson@debian.org> | 2010-08-23 23:52:36 +0100 |
commit | 78799892cb1858927be02be9737c594052e3f910 (patch) | |
tree | ac3dc2e848ab9dc62fe4252e01e52c3d456f628f /ssh_config.5 | |
parent | 3875951bb76a9ec62634ae4026c9cc885d933477 (diff) | |
parent | 31e30b835fd9695d3b6647cab4867001b092e28f (diff) |
* New upstream release (http://www.openssh.com/txt/release-5.6):
- Added a ControlPersist option to ssh_config(5) that automatically
starts a background ssh(1) multiplex master when connecting. This
connection can stay alive indefinitely, or can be set to automatically
close after a user-specified duration of inactivity (closes: #335697,
#350898, #454787, #500573, #550262).
- Support AuthorizedKeysFile, AuthorizedPrincipalsFile,
HostbasedUsesNameFromPacketOnly, and PermitTunnel in sshd_config(5)
Match blocks (closes: #549858).
- sftp(1): fix ls in working directories that contain globbing
characters in their pathnames (LP: #530714).
Diffstat (limited to 'ssh_config.5')
-rw-r--r-- | ssh_config.5 | 75 |
1 files changed, 53 insertions, 22 deletions
diff --git a/ssh_config.5 b/ssh_config.5 index 45496cfbc..2f0cd8c83 100644 --- a/ssh_config.5 +++ b/ssh_config.5 | |||
@@ -34,8 +34,8 @@ | |||
34 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 34 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
35 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 35 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
36 | .\" | 36 | .\" |
37 | .\" $OpenBSD: ssh_config.5,v 1.130 2010/03/26 01:06:13 dtucker Exp $ | 37 | .\" $OpenBSD: ssh_config.5,v 1.138 2010/08/04 05:37:01 djm Exp $ |
38 | .Dd $Mdocdate: March 26 2010 $ | 38 | .Dd $Mdocdate: August 4 2010 $ |
39 | .Dt SSH_CONFIG 5 | 39 | .Dt SSH_CONFIG 5 |
40 | .Os | 40 | .Os |
41 | .Sh NAME | 41 | .Sh NAME |
@@ -339,6 +339,28 @@ It is recommended that any | |||
339 | used for opportunistic connection sharing include | 339 | used for opportunistic connection sharing include |
340 | at least %h, %p, and %r. | 340 | at least %h, %p, and %r. |
341 | This ensures that shared connections are uniquely identified. | 341 | This ensures that shared connections are uniquely identified. |
342 | .It Cm ControlPersist | ||
343 | When used in conjunction with | ||
344 | .Cm ControlMaster , | ||
345 | specifies that the master connection should remain open | ||
346 | in the background (waiting for future client connections) | ||
347 | after the initial client connection has been closed. | ||
348 | If set to | ||
349 | .Dq no , | ||
350 | then the master connection will not be placed into the background, | ||
351 | and will close as soon as the initial client connection is closed. | ||
352 | If set to | ||
353 | .Dq yes , | ||
354 | then the master connection will remain in the background indefinitely | ||
355 | (until killed or closed via a mechanism such as the | ||
356 | .Xr ssh 1 | ||
357 | .Dq Fl O No exit | ||
358 | option). | ||
359 | If set to a time in seconds, or a time in any of the formats documented in | ||
360 | .Xr sshd_config 5 , | ||
361 | then the backgrounded master connection will automatically terminate | ||
362 | after it has remained idle (with no client connections) for the | ||
363 | specified time. | ||
342 | .It Cm DynamicForward | 364 | .It Cm DynamicForward |
343 | Specifies that a TCP port on the local machine be forwarded | 365 | Specifies that a TCP port on the local machine be forwarded |
344 | over the secure channel, and the application | 366 | over the secure channel, and the application |
@@ -349,9 +371,7 @@ The argument must be | |||
349 | .Sm off | 371 | .Sm off |
350 | .Oo Ar bind_address : Oc Ar port . | 372 | .Oo Ar bind_address : Oc Ar port . |
351 | .Sm on | 373 | .Sm on |
352 | IPv6 addresses can be specified by enclosing addresses in square brackets or | 374 | IPv6 addresses can be specified by enclosing addresses in square brackets. |
353 | by using an alternative syntax: | ||
354 | .Oo Ar bind_address Ns / Oc Ns Ar port . | ||
355 | By default, the local port is bound in accordance with the | 375 | By default, the local port is bound in accordance with the |
356 | .Cm GatewayPorts | 376 | .Cm GatewayPorts |
357 | setting. | 377 | setting. |
@@ -452,6 +472,17 @@ An attacker may then be able to perform activities such as keystroke monitoring | |||
452 | if the | 472 | if the |
453 | .Cm ForwardX11Trusted | 473 | .Cm ForwardX11Trusted |
454 | option is also enabled. | 474 | option is also enabled. |
475 | .It Cm ForwardX11Timeout | ||
476 | Specify a timeout for untrusted X11 forwarding | ||
477 | using the format described in the | ||
478 | .Sx TIME FORMATS | ||
479 | section of | ||
480 | .Xr sshd_config 5 . | ||
481 | X11 connections received by | ||
482 | .Xr ssh 1 | ||
483 | after this time will be refused. | ||
484 | The default is to disable untrusted X11 forwarding after twenty minutes has | ||
485 | elapsed. | ||
455 | .It Cm ForwardX11Trusted | 486 | .It Cm ForwardX11Trusted |
456 | If this option is set to | 487 | If this option is set to |
457 | .Dq yes , | 488 | .Dq yes , |
@@ -577,6 +608,10 @@ or for multiple servers running on a single host. | |||
577 | .It Cm HostName | 608 | .It Cm HostName |
578 | Specifies the real host name to log into. | 609 | Specifies the real host name to log into. |
579 | This can be used to specify nicknames or abbreviations for hosts. | 610 | This can be used to specify nicknames or abbreviations for hosts. |
611 | If the hostname contains the character sequence | ||
612 | .Ql %h , | ||
613 | then this will be replaced with the host name specified on the commandline | ||
614 | (this is useful for manipulating unqualified names). | ||
580 | The default is the name given on the command line. | 615 | The default is the name given on the command line. |
581 | Numeric IP addresses are also permitted (both on the command line and in | 616 | Numeric IP addresses are also permitted (both on the command line and in |
582 | .Cm HostName | 617 | .Cm HostName |
@@ -692,11 +727,7 @@ The first argument must be | |||
692 | .Sm on | 727 | .Sm on |
693 | and the second argument must be | 728 | and the second argument must be |
694 | .Ar host : Ns Ar hostport . | 729 | .Ar host : Ns Ar hostport . |
695 | IPv6 addresses can be specified by enclosing addresses in square brackets or | 730 | IPv6 addresses can be specified by enclosing addresses in square brackets. |
696 | by using an alternative syntax: | ||
697 | .Oo Ar bind_address Ns / Oc Ns Ar port | ||
698 | and | ||
699 | .Ar host Ns / Ns Ar hostport . | ||
700 | Multiple forwardings may be specified, and additional forwardings can be | 731 | Multiple forwardings may be specified, and additional forwardings can be |
701 | given on the command line. | 732 | given on the command line. |
702 | Only the superuser can forward privileged ports. | 733 | Only the superuser can forward privileged ports. |
@@ -783,10 +814,12 @@ authentication methods. | |||
783 | This allows a client to prefer one method (e.g.\& | 814 | This allows a client to prefer one method (e.g.\& |
784 | .Cm keyboard-interactive ) | 815 | .Cm keyboard-interactive ) |
785 | over another method (e.g.\& | 816 | over another method (e.g.\& |
786 | .Cm password ) | 817 | .Cm password ) . |
787 | The default for this option is: | 818 | The default is: |
788 | .Do gssapi-with-mic,hostbased,publickey,keyboard-interactive,password | 819 | .Bd -literal -offset indent |
789 | .Dc . | 820 | gssapi-with-mic,hostbased,publickey, |
821 | keyboard-interactive,password | ||
822 | .Ed | ||
790 | .It Cm Protocol | 823 | .It Cm Protocol |
791 | Specifies the protocol versions | 824 | Specifies the protocol versions |
792 | .Xr ssh 1 | 825 | .Xr ssh 1 |
@@ -808,12 +841,14 @@ Specifies the command to use to connect to the server. | |||
808 | The command | 841 | The command |
809 | string extends to the end of the line, and is executed with | 842 | string extends to the end of the line, and is executed with |
810 | the user's shell. | 843 | the user's shell. |
811 | In the command string, | 844 | In the command string, any occurrence of |
812 | .Ql %h | 845 | .Ql %h |
813 | will be substituted by the host name to | 846 | will be substituted by the host name to |
814 | connect and | 847 | connect, |
815 | .Ql %p | 848 | .Ql %p |
816 | by the port. | 849 | by the port, and |
850 | .Ql %r | ||
851 | by the remote user name. | ||
817 | The command can be basically anything, | 852 | The command can be basically anything, |
818 | and should read from its standard input and write to its standard output. | 853 | and should read from its standard input and write to its standard output. |
819 | It should eventually connect an | 854 | It should eventually connect an |
@@ -872,11 +907,7 @@ The first argument must be | |||
872 | .Sm on | 907 | .Sm on |
873 | and the second argument must be | 908 | and the second argument must be |
874 | .Ar host : Ns Ar hostport . | 909 | .Ar host : Ns Ar hostport . |
875 | IPv6 addresses can be specified by enclosing addresses in square brackets | 910 | IPv6 addresses can be specified by enclosing addresses in square brackets. |
876 | or by using an alternative syntax: | ||
877 | .Oo Ar bind_address Ns / Oc Ns Ar port | ||
878 | and | ||
879 | .Ar host Ns / Ns Ar hostport . | ||
880 | Multiple forwardings may be specified, and additional | 911 | Multiple forwardings may be specified, and additional |
881 | forwardings can be given on the command line. | 912 | forwardings can be given on the command line. |
882 | Privileged ports can be forwarded only when | 913 | Privileged ports can be forwarded only when |