diff options
Diffstat (limited to 'ssh_config.0')
| -rw-r--r-- | ssh_config.0 | 25 |
1 files changed, 20 insertions, 5 deletions
diff --git a/ssh_config.0 b/ssh_config.0 index 00afda1ca..eb7f929e6 100644 --- a/ssh_config.0 +++ b/ssh_config.0 | |||
| @@ -132,9 +132,9 @@ DESCRIPTION | |||
| 132 | Controls whether explicit hostname canonicalization is performed. | 132 | Controls whether explicit hostname canonicalization is performed. |
| 133 | The default, no, is not to perform any name rewriting and let the | 133 | The default, no, is not to perform any name rewriting and let the |
| 134 | system resolver handle all hostname lookups. If set to yes then, | 134 | system resolver handle all hostname lookups. If set to yes then, |
| 135 | for connections that do not use a ProxyCommand, ssh(1) will | 135 | for connections that do not use a ProxyCommand or ProxyJump, |
| 136 | attempt to canonicalize the hostname specified on the command | 136 | ssh(1) will attempt to canonicalize the hostname specified on the |
| 137 | line using the CanonicalDomains suffixes and | 137 | command line using the CanonicalDomains suffixes and |
| 138 | CanonicalizePermittedCNAMEs rules. If CanonicalizeHostname is | 138 | CanonicalizePermittedCNAMEs rules. If CanonicalizeHostname is |
| 139 | set to always, then canonicalization is applied to proxied | 139 | set to always, then canonicalization is applied to proxied |
| 140 | connections too. | 140 | connections too. |
| @@ -161,6 +161,16 @@ DESCRIPTION | |||
| 161 | canonicalized to names in the "*.b.example.com" or | 161 | canonicalized to names in the "*.b.example.com" or |
| 162 | "*.c.example.com" domains. | 162 | "*.c.example.com" domains. |
| 163 | 163 | ||
| 164 | CASignatureAlgorithms | ||
| 165 | Specifies which algorithms are allowed for signing of | ||
| 166 | certificates by certificate authorities (CAs). The default is: | ||
| 167 | |||
| 168 | ecdsa-sha2-nistp256.ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, | ||
| 169 | ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa | ||
| 170 | |||
| 171 | ssh(1) will not accept host certificates signed using algorithms | ||
| 172 | other than those specified. | ||
| 173 | |||
| 164 | CertificateFile | 174 | CertificateFile |
| 165 | Specifies a file from which the user's certificate is read. A | 175 | Specifies a file from which the user's certificate is read. A |
| 166 | corresponding private key must be provided separately in order to | 176 | corresponding private key must be provided separately in order to |
| @@ -372,7 +382,9 @@ DESCRIPTION | |||
| 372 | Specify a timeout for untrusted X11 forwarding using the format | 382 | Specify a timeout for untrusted X11 forwarding using the format |
| 373 | described in the TIME FORMATS section of sshd_config(5). X11 | 383 | described in the TIME FORMATS section of sshd_config(5). X11 |
| 374 | connections received by ssh(1) after this time will be refused. | 384 | connections received by ssh(1) after this time will be refused. |
| 375 | The default is to disable untrusted X11 forwarding after twenty | 385 | Setting ForwardX11Timeout to zero will disable the timeout and |
| 386 | permit X11 forwarding for the life of the connection. The | ||
| 387 | default is to disable untrusted X11 forwarding after twenty | ||
| 376 | minutes has elapsed. | 388 | minutes has elapsed. |
| 377 | 389 | ||
| 378 | ForwardX11Trusted | 390 | ForwardX11Trusted |
| @@ -501,6 +513,9 @@ DESCRIPTION | |||
| 501 | to none disables the use of an authentication agent. If the | 513 | to none disables the use of an authentication agent. If the |
| 502 | string "SSH_AUTH_SOCK" is specified, the location of the socket | 514 | string "SSH_AUTH_SOCK" is specified, the location of the socket |
| 503 | will be read from the SSH_AUTH_SOCK environment variable. | 515 | will be read from the SSH_AUTH_SOCK environment variable. |
| 516 | Otherwise if the specified value begins with a M-bM-^@M-^X$M-bM-^@M-^Y character, | ||
| 517 | then it will be treated as an environment variable containing the | ||
| 518 | location of the socket. | ||
| 504 | 519 | ||
| 505 | Arguments to IdentityAgent may use the tilde syntax to refer to a | 520 | Arguments to IdentityAgent may use the tilde syntax to refer to a |
| 506 | user's home directory or the tokens described in the TOKENS | 521 | user's home directory or the tokens described in the TOKENS |
| @@ -1091,4 +1106,4 @@ AUTHORS | |||
| 1091 | created OpenSSH. Markus Friedl contributed the support for SSH protocol | 1106 | created OpenSSH. Markus Friedl contributed the support for SSH protocol |
| 1092 | versions 1.5 and 2.0. | 1107 | versions 1.5 and 2.0. |
| 1093 | 1108 | ||
| 1094 | OpenBSD 6.4 July 23, 2018 OpenBSD 6.4 | 1109 | OpenBSD 6.4 October 3, 2018 OpenBSD 6.4 |