1 files changed, 36 insertions, 21 deletions
diff --git a/ssh.1 b/ssh.1
index 2ab1697f9..b4078525b 100644
--- a/ssh.1
+++ b/ssh.1
@@ -33,8 +33,8 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: ssh.1,v 1.384 2017/09/21 19:16:53 markus Exp $
+.\" $OpenBSD: ssh.1,v 1.391 2018/02/23 07:38:09 jmc Exp $
-.Dd $Mdocdate: September 21 2017 $
+.Dd $Mdocdate: February 23 2018 $
 .Dt SSH 1
 .Os
 .Sh NAME
@@ -42,8 +42,8 @@
 .Nd OpenSSH SSH client (remote login program)
 .Sh SYNOPSIS
 .Nm ssh
-.Bk -words
 .Op Fl 46AaCfGgKkMNnqsTtVvXxYy
+.Op Fl B Ar bind_interface
 .Op Fl b Ar bind_address
 .Op Fl c Ar cipher_spec
 .Op Fl D Oo Ar bind_address : Oc Ns Ar port
@@ -52,7 +52,7 @@
 .Op Fl F Ar configfile
 .Op Fl I Ar pkcs11
 .Op Fl i Ar identity_file
-.Op Fl J Oo Ar user Ns @ Oc Ns Ar host Ns Op : Ns Ar port
+.Op Fl J Ar destination
 .Op Fl L Ar address
 .Op Fl l Ar login_name
 .Op Fl m Ar mac_spec
@@ -64,9 +64,8 @@
 .Op Fl S Ar ctl_path
 .Op Fl W Ar host : Ns Ar port
 .Op Fl w Ar local_tun Ns Op : Ns Ar remote_tun
-.Oo Ar user Ns @ Oc Ns Ar hostname
+.Ar destination
 .Op Ar command
-.Ek
 .Sh DESCRIPTION
 .Nm
 (SSH client) is a program for logging into a remote machine and for
@@ -79,15 +78,20 @@ sockets can also be forwarded over the secure channel.
 .Pp
 .Nm
 connects and logs into the specified
-.Ar hostname
+.Ar destination ,
-(with optional
+which may be specified as either
-.Ar user
+.Sm off
-name).
+.Oo user @ Oc hostname
+.Sm on
+or a URI of the form
+.Sm off
+.No ssh:// Oo user @ Oc hostname Op : port .
+.Sm on
 The user must prove
 his/her identity to the remote machine using one of several methods
 (see below).
 .Pp
-If
+If a
 .Ar command
 is specified,
 it is executed on the remote host instead of a login shell.
@@ -121,6 +125,12 @@ authenticate using the identities loaded into the agent.
 .It Fl a
 Disables forwarding of the authentication agent connection.
 .Pp
+.It Fl B Ar bind_interface
+Bind to the address of
+.Ar bind_interface
+before attempting to connect to the destination host.
+This is only useful on systems with more than one address.
+.Pp
 .It Fl b Ar bind_address
 Use
 .Ar bind_address
@@ -287,17 +297,11 @@ by appending
 .Pa -cert.pub
 to identity filenames.
 .Pp
-.It Fl J Xo
+.It Fl J Ar destination
-.Sm off
-.Op Ar user No @
-.Ar host
-.Op : Ar port
-.Sm on
-.Xc
 Connect to the target host by first making a
 .Nm
-connection to the jump
+connection to the jump host described by
-.Ar host
+.Ar destination
 and then establishing a TCP forwarding to the ultimate destination from
 there.
 Multiple jump hops may be specified separated by comma characters.
@@ -1393,6 +1397,17 @@ This is set to the name of the tty (path to the device) associated
 with the current shell or command.
 If the current session has no tty,
 this variable is not set.
+.It Ev SSH_TUNNEL
+Optionally set by
+.Xr sshd 8
+to contain the interface names assigned if tunnel forwarding was
+requested by the client.
+.It Ev SSH_USER_AUTH
+Optionally set by
+.Xr sshd 8 ,
+this variable may contain a pathname to a file that lists the authentication
+methods successfully used when the session was established, including any
+public keys that were used.
 .It Ev TZ
 This variable is set to indicate the present time zone if it
 was set when the daemon was started (i.e. the daemon passes the value
@@ -1474,7 +1489,7 @@ accessible by others (read/write/execute).
 will simply ignore a private key file if it is accessible by others.
 It is possible to specify a passphrase when
 generating the key which will be used to encrypt the
-sensitive part of this file using 3DES.
+sensitive part of this file using AES-128.
 .Pp
 .It Pa ~/.ssh/id_dsa.pub
 .It Pa ~/.ssh/id_ecdsa.pub

diff --git a/ssh.1 b/ssh.1 index 2ab1697f9..b4078525b 100644 --- a/ssh.1 +++ b/ssh.1
@@ -33,8 +33,8 @@
33	.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF	33	.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
34	.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.	34	.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
35	.\"	35	.\"
36	.\" $OpenBSD: ssh.1,v 1.384 2017/09/21 19:16:53 markus Exp $	36	.\" $OpenBSD: ssh.1,v 1.391 2018/02/23 07:38:09 jmc Exp $
37	.Dd $Mdocdate: September 21 2017 $	37	.Dd $Mdocdate: February 23 2018 $
38	.Dt SSH 1	38	.Dt SSH 1
39	.Os	39	.Os
40	.Sh NAME	40	.Sh NAME
@@ -42,8 +42,8 @@
42	.Nd OpenSSH SSH client (remote login program)	42	.Nd OpenSSH SSH client (remote login program)
43	.Sh SYNOPSIS	43	.Sh SYNOPSIS
44	.Nm ssh	44	.Nm ssh
45	.Bk -words
46	.Op Fl 46AaCfGgKkMNnqsTtVvXxYy	45	.Op Fl 46AaCfGgKkMNnqsTtVvXxYy
		46	.Op Fl B Ar bind_interface
47	.Op Fl b Ar bind_address	47	.Op Fl b Ar bind_address
48	.Op Fl c Ar cipher_spec	48	.Op Fl c Ar cipher_spec
49	.Op Fl D Oo Ar bind_address : Oc Ns Ar port	49	.Op Fl D Oo Ar bind_address : Oc Ns Ar port
@@ -52,7 +52,7 @@
52	.Op Fl F Ar configfile	52	.Op Fl F Ar configfile
53	.Op Fl I Ar pkcs11	53	.Op Fl I Ar pkcs11
54	.Op Fl i Ar identity_file	54	.Op Fl i Ar identity_file
55	.Op Fl J Oo Ar user Ns @ Oc Ns Ar host Ns Op : Ns Ar port	55	.Op Fl J Ar destination
56	.Op Fl L Ar address	56	.Op Fl L Ar address
57	.Op Fl l Ar login_name	57	.Op Fl l Ar login_name
58	.Op Fl m Ar mac_spec	58	.Op Fl m Ar mac_spec
@@ -64,9 +64,8 @@
64	.Op Fl S Ar ctl_path	64	.Op Fl S Ar ctl_path
65	.Op Fl W Ar host : Ns Ar port	65	.Op Fl W Ar host : Ns Ar port
66	.Op Fl w Ar local_tun Ns Op : Ns Ar remote_tun	66	.Op Fl w Ar local_tun Ns Op : Ns Ar remote_tun
67	.Oo Ar user Ns @ Oc Ns Ar hostname	67	.Ar destination
68	.Op Ar command	68	.Op Ar command
69	.Ek
70	.Sh DESCRIPTION	69	.Sh DESCRIPTION
71	.Nm	70	.Nm
72	(SSH client) is a program for logging into a remote machine and for	71	(SSH client) is a program for logging into a remote machine and for
@@ -79,15 +78,20 @@ sockets can also be forwarded over the secure channel.
79	.Pp	78	.Pp
80	.Nm	79	.Nm
81	connects and logs into the specified	80	connects and logs into the specified
82	.Ar hostname	81	.Ar destination ,
83	(with optional	82	which may be specified as either
84	.Ar user	83	.Sm off
85	name).	84	.Oo user @ Oc hostname
		85	.Sm on
		86	or a URI of the form
		87	.Sm off
		88	.No ssh:// Oo user @ Oc hostname Op : port .
		89	.Sm on
86	The user must prove	90	The user must prove
87	his/her identity to the remote machine using one of several methods	91	his/her identity to the remote machine using one of several methods
88	(see below).	92	(see below).
89	.Pp	93	.Pp
90	If	94	If a
91	.Ar command	95	.Ar command
92	is specified,	96	is specified,
93	it is executed on the remote host instead of a login shell.	97	it is executed on the remote host instead of a login shell.
@@ -121,6 +125,12 @@ authenticate using the identities loaded into the agent.
121	.It Fl a	125	.It Fl a
122	Disables forwarding of the authentication agent connection.	126	Disables forwarding of the authentication agent connection.
123	.Pp	127	.Pp
		128	.It Fl B Ar bind_interface
		129	Bind to the address of
		130	.Ar bind_interface
		131	before attempting to connect to the destination host.
		132	This is only useful on systems with more than one address.
		133	.Pp
124	.It Fl b Ar bind_address	134	.It Fl b Ar bind_address
125	Use	135	Use
126	.Ar bind_address	136	.Ar bind_address
@@ -287,17 +297,11 @@ by appending
287	.Pa -cert.pub	297	.Pa -cert.pub
288	to identity filenames.	298	to identity filenames.
289	.Pp	299	.Pp
290	.It Fl J Xo	300	.It Fl J Ar destination
291	.Sm off
292	.Op Ar user No @
293	.Ar host
294	.Op : Ar port
295	.Sm on
296	.Xc
297	Connect to the target host by first making a	301	Connect to the target host by first making a
298	.Nm	302	.Nm
299	connection to the jump	303	connection to the jump host described by
300	.Ar host	304	.Ar destination
301	and then establishing a TCP forwarding to the ultimate destination from	305	and then establishing a TCP forwarding to the ultimate destination from
302	there.	306	there.
303	Multiple jump hops may be specified separated by comma characters.	307	Multiple jump hops may be specified separated by comma characters.
@@ -1393,6 +1397,17 @@ This is set to the name of the tty (path to the device) associated
1393	with the current shell or command.	1397	with the current shell or command.
1394	If the current session has no tty,	1398	If the current session has no tty,
1395	this variable is not set.	1399	this variable is not set.
		1400	.It Ev SSH_TUNNEL
		1401	Optionally set by
		1402	.Xr sshd 8
		1403	to contain the interface names assigned if tunnel forwarding was
		1404	requested by the client.
		1405	.It Ev SSH_USER_AUTH
		1406	Optionally set by
		1407	.Xr sshd 8 ,
		1408	this variable may contain a pathname to a file that lists the authentication
		1409	methods successfully used when the session was established, including any
		1410	public keys that were used.
1396	.It Ev TZ	1411	.It Ev TZ
1397	This variable is set to indicate the present time zone if it	1412	This variable is set to indicate the present time zone if it
1398	was set when the daemon was started (i.e. the daemon passes the value	1413	was set when the daemon was started (i.e. the daemon passes the value
@@ -1474,7 +1489,7 @@ accessible by others (read/write/execute).
1474	will simply ignore a private key file if it is accessible by others.	1489	will simply ignore a private key file if it is accessible by others.
1475	It is possible to specify a passphrase when	1490	It is possible to specify a passphrase when
1476	generating the key which will be used to encrypt the	1491	generating the key which will be used to encrypt the
1477	sensitive part of this file using 3DES.	1492	sensitive part of this file using AES-128.
1478	.Pp	1493	.Pp
1479	.It Pa ~/.ssh/id_dsa.pub	1494	.It Pa ~/.ssh/id_dsa.pub
1480	.It Pa ~/.ssh/id_ecdsa.pub	1495	.It Pa ~/.ssh/id_ecdsa.pub