diff options
Diffstat (limited to 'ssh_config.0')
-rw-r--r-- | ssh_config.0 | 25 |
1 files changed, 20 insertions, 5 deletions
diff --git a/ssh_config.0 b/ssh_config.0 index 00afda1ca..eb7f929e6 100644 --- a/ssh_config.0 +++ b/ssh_config.0 | |||
@@ -132,9 +132,9 @@ DESCRIPTION | |||
132 | Controls whether explicit hostname canonicalization is performed. | 132 | Controls whether explicit hostname canonicalization is performed. |
133 | The default, no, is not to perform any name rewriting and let the | 133 | The default, no, is not to perform any name rewriting and let the |
134 | system resolver handle all hostname lookups. If set to yes then, | 134 | system resolver handle all hostname lookups. If set to yes then, |
135 | for connections that do not use a ProxyCommand, ssh(1) will | 135 | for connections that do not use a ProxyCommand or ProxyJump, |
136 | attempt to canonicalize the hostname specified on the command | 136 | ssh(1) will attempt to canonicalize the hostname specified on the |
137 | line using the CanonicalDomains suffixes and | 137 | command line using the CanonicalDomains suffixes and |
138 | CanonicalizePermittedCNAMEs rules. If CanonicalizeHostname is | 138 | CanonicalizePermittedCNAMEs rules. If CanonicalizeHostname is |
139 | set to always, then canonicalization is applied to proxied | 139 | set to always, then canonicalization is applied to proxied |
140 | connections too. | 140 | connections too. |
@@ -161,6 +161,16 @@ DESCRIPTION | |||
161 | canonicalized to names in the "*.b.example.com" or | 161 | canonicalized to names in the "*.b.example.com" or |
162 | "*.c.example.com" domains. | 162 | "*.c.example.com" domains. |
163 | 163 | ||
164 | CASignatureAlgorithms | ||
165 | Specifies which algorithms are allowed for signing of | ||
166 | certificates by certificate authorities (CAs). The default is: | ||
167 | |||
168 | ecdsa-sha2-nistp256.ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, | ||
169 | ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa | ||
170 | |||
171 | ssh(1) will not accept host certificates signed using algorithms | ||
172 | other than those specified. | ||
173 | |||
164 | CertificateFile | 174 | CertificateFile |
165 | Specifies a file from which the user's certificate is read. A | 175 | Specifies a file from which the user's certificate is read. A |
166 | corresponding private key must be provided separately in order to | 176 | corresponding private key must be provided separately in order to |
@@ -372,7 +382,9 @@ DESCRIPTION | |||
372 | Specify a timeout for untrusted X11 forwarding using the format | 382 | Specify a timeout for untrusted X11 forwarding using the format |
373 | described in the TIME FORMATS section of sshd_config(5). X11 | 383 | described in the TIME FORMATS section of sshd_config(5). X11 |
374 | connections received by ssh(1) after this time will be refused. | 384 | connections received by ssh(1) after this time will be refused. |
375 | The default is to disable untrusted X11 forwarding after twenty | 385 | Setting ForwardX11Timeout to zero will disable the timeout and |
386 | permit X11 forwarding for the life of the connection. The | ||
387 | default is to disable untrusted X11 forwarding after twenty | ||
376 | minutes has elapsed. | 388 | minutes has elapsed. |
377 | 389 | ||
378 | ForwardX11Trusted | 390 | ForwardX11Trusted |
@@ -501,6 +513,9 @@ DESCRIPTION | |||
501 | to none disables the use of an authentication agent. If the | 513 | to none disables the use of an authentication agent. If the |
502 | string "SSH_AUTH_SOCK" is specified, the location of the socket | 514 | string "SSH_AUTH_SOCK" is specified, the location of the socket |
503 | will be read from the SSH_AUTH_SOCK environment variable. | 515 | will be read from the SSH_AUTH_SOCK environment variable. |
516 | Otherwise if the specified value begins with a M-bM-^@M-^X$M-bM-^@M-^Y character, | ||
517 | then it will be treated as an environment variable containing the | ||
518 | location of the socket. | ||
504 | 519 | ||
505 | Arguments to IdentityAgent may use the tilde syntax to refer to a | 520 | Arguments to IdentityAgent may use the tilde syntax to refer to a |
506 | user's home directory or the tokens described in the TOKENS | 521 | user's home directory or the tokens described in the TOKENS |
@@ -1091,4 +1106,4 @@ AUTHORS | |||
1091 | created OpenSSH. Markus Friedl contributed the support for SSH protocol | 1106 | created OpenSSH. Markus Friedl contributed the support for SSH protocol |
1092 | versions 1.5 and 2.0. | 1107 | versions 1.5 and 2.0. |
1093 | 1108 | ||
1094 | OpenBSD 6.4 July 23, 2018 OpenBSD 6.4 | 1109 | OpenBSD 6.4 October 3, 2018 OpenBSD 6.4 |