1 files changed, 75 insertions, 48 deletions
diff --git a/ssh_config.0 b/ssh_config.0
index 9577abc48..a2706b69c 100644
--- a/ssh_config.0
+++ b/ssh_config.0
@@ -4,14 +4,14 @@ NAME
     ssh_config - OpenSSH SSH client configuration files
 SYNOPSIS
-     $HOME/.ssh/config
+     ~/.ssh/config
     /etc/ssh/ssh_config
 DESCRIPTION
     ssh obtains configuration data from the following sources in the follow-
     ing order:
           1.   command-line options
-           2.   user's configuration file ($HOME/.ssh/config)
+           2.   user's configuration file (~/.ssh/config)
           3.   system-wide configuration file (/etc/ssh/ssh_config)
     For each parameter, the first obtained value will be used.  The configu-
@@ -57,9 +57,10 @@ DESCRIPTION
             ``yes'' or ``no''.  The default is ``no''.
     BindAddress
-             Specify the interface to transmit from on machines with multiple
+             Use the specified address on the local machine as the source ad-
-             interfaces or aliased addresses.  Note that this option does not
+             dress of the connection.  Only useful on systems with more than
-             work if UsePrivilegedPort is set to ``yes''.
+             one address.  Note that this option does not work if
+             UsePrivilegedPort is set to ``yes''.
     ChallengeResponseAuthentication
             Specifies whether to use challenge response authentication.  The
@@ -85,11 +86,12 @@ DESCRIPTION
             preference.  Multiple ciphers must be comma-separated.  The sup-
             ported ciphers are ``3des-cbc'', ``aes128-cbc'', ``aes192-cbc'',
             ``aes256-cbc'', ``aes128-ctr'', ``aes192-ctr'', ``aes256-ctr'',
-             ``arcfour'', ``blowfish-cbc'', and ``cast128-cbc''.  The default
+             ``arcfour128'', ``arcfour256'', ``arcfour'', ``blowfish-cbc'',
-             is
+             and ``cast128-cbc''.  The default is
-               ``aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,
+               ``aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,
-                 aes192-cbc,aes256-cbc''
+                 arcfour256,arcfour,aes192-cbc,aes256-cbc,aes128-ctr,
+                 aes192-ctr,aes256-ctr''
     ClearAllForwardings
             Specifies that all local, remote and dynamic port forwardings
@@ -131,11 +133,30 @@ DESCRIPTION
             tion rather than initiating new ones.  Setting this to ``ask''
             will cause ssh to listen for control connections, but require
             confirmation using the SSH_ASKPASS program before they are ac-
-             cepted (see ssh-add(1) for details).
+             cepted (see ssh-add(1) for details).  If the ControlPath can not
+             be opened, ssh will continue without connecting to a master in-
+             stance.
+             X11 and ssh-agent(1) forwarding is supported over these multi-
+             plexed connections, however the display and agent fowarded will
+             be the one belonging to the master connection i.e. it is not pos-
+             sible to forward multiple displays or agents.
+             Two additional options allow for opportunistic multiplexing: try
+             to use a master connection but fall back to creating a new one if
+             one does not already exist.  These options are: ``auto'' and
+             ``autoask''.  The latter requires confirmation like the ``ask''
+             option.
     ControlPath
             Specify the path to the control socket used for connection shar-
-             ing.  See ControlMaster above.
+             ing as described in the ControlMaster section above or the string
+             ``none'' to disable connection sharing.  In the path, `%h' will
+             be substituted by the target host name, `%p' the port and `%r' by
+             the remote login username.  It is recommended that any
+             ControlPath used for opportunistic connection sharing include all
+             three of these escape sequences.  This ensures that shared con-
+             nections are uniquely identified.
     DynamicForward
             Specifies that a TCP/IP port on the local machine be forwarded
@@ -228,9 +249,9 @@ DESCRIPTION
     HashKnownHosts
             Indicates that ssh should hash host names and addresses when they
-             are added to $HOME/.ssh/known_hosts.  These hashed names may be
+             are added to ~/.ssh/known_hosts.  These hashed names may be used
-             used normally by ssh and sshd, but they do not reveal identifying
+             normally by ssh and sshd, but they do not reveal identifying in-
-             information should the file's contents be disclosed.  The default
+             formation should the file's contents be disclosed.  The default
             is ``no''.  Note that hashing of names and addresses will not be
             retrospectively applied to existing known hosts files, but these
             may be manually hashed using ssh-keygen(1).
@@ -261,14 +282,13 @@ DESCRIPTION
     IdentityFile
             Specifies a file from which the user's RSA or DSA authentication
-             identity is read.  The default is $HOME/.ssh/identity for proto-
+             identity is read.  The default is ~/.ssh/identity for protocol
-             col version 1, and $HOME/.ssh/id_rsa and $HOME/.ssh/id_dsa for
+             version 1, and ~/.ssh/id_rsa and ~/.ssh/id_dsa for protocol ver-
-             protocol version 2.  Additionally, any identities represented by
+             sion 2.  Additionally, any identities represented by the authen-
-             the authentication agent will be used for authentication.  The
+             tication agent will be used for authentication.  The file name
-             file name may use the tilde syntax to refer to a user's home di-
+             may use the tilde syntax to refer to a user's home directory.  It
-             rectory.  It is possible to have multiple identity files speci-
+             is possible to have multiple identity files specified in configu-
-             fied in configuration files; all these identities will be tried
+             ration files; all these identities will be tried in sequence.
-             in sequence.
     IdentitiesOnly
             Specifies that ssh should only use the authentication identity
@@ -286,18 +306,19 @@ DESCRIPTION
     LocalForward
             Specifies that a TCP/IP port on the local machine be forwarded
             over the secure channel to the specified host and port from the
-             remote machine.  The first argument must be a port number, and
+             remote machine.  The first argument must be [bind_address:]port
-             the second must be [bind_address:]host:port.  IPv6 addresses can
+             and the second argument must be host:hostport.  IPv6 addresses
-             be specified by enclosing addresses in square brackets or by us-
+             can be specified by enclosing addresses in square brackets or by
-             ing an alternative syntax: [bind_address/]host/port.  Multiple
+             using an alternative syntax: [bind_address/]port and
-             forwardings may be specified, and additional forwardings can be
+             host/hostport.  Multiple forwardings may be specified, and addi-
-             given on the command line.  Only the superuser can forward privi-
+             tional forwardings can be given on the command line.  Only the
-             leged ports.  By default, the local port is bound in accordance
+             superuser can forward privileged ports.  By default, the local
-             with the GatewayPorts setting.  However, an explicit bind_address
+             port is bound in accordance with the GatewayPorts setting.  How-
-             may be used to bind the connection to a specific address.  The
+             ever, an explicit bind_address may be used to bind the connection
-             bind_address of ``localhost'' indicates that the listening port
+             to a specific address.  The bind_address of ``localhost'' indi-
-             be bound for local use only, while an empty address or `*' indi-
+             cates that the listening port be bound for local use only, while
-             cates that the port should be available from all interfaces.
+             an empty address or `*' indicates that the port should be avail-
+             able from all interfaces.
     LogLevel
             Gives the verbosity level that is used when logging messages from
@@ -336,7 +357,7 @@ DESCRIPTION
     PreferredAuthentications
             Specifies the order in which the client should try protocol 2 au-
             thentication methods.  This allows a client to prefer one method
-             (e.g.  keyboard-interactive) over another method (e.g.  password)
+             (e.g. keyboard-interactive) over another method (e.g. password)
             The default for this option is: ``hostbased,publickey,keyboard-
             interactive,password''.
@@ -361,6 +382,12 @@ DESCRIPTION
             tirely.  Note that CheckHostIP is not available for connects with
             a proxy command.
+             This directive is useful in conjunction with nc(1) and its proxy
+             support.  For example, the following directive would connect via
+             an HTTP proxy at 192.0.2.0:
+                ProxyCommand /usr/bin/nc -X connect -x 192.0.2.0:8080 %h %p
     PubkeyAuthentication
             Specifies whether to try public key authentication.  The argument
             to this keyword must be ``yes'' or ``no''.  The default is
@@ -369,13 +396,13 @@ DESCRIPTION
     RemoteForward
             Specifies that a TCP/IP port on the remote machine be forwarded
             over the secure channel to the specified host and port from the
-             local machine.  The first argument must be a port number, and the
+             local machine.  The first argument must be [bind_address:]port
-             second must be [bind_address:]host:port.  IPv6 addresses can be
+             and the second argument must be host:hostport.  IPv6 addresses
-             specified by enclosing any addresses in square brackets or by us-
+             can be specified by enclosing addresses in square brackets or by
-             ing the alternative syntax: [bind_address/]host/port.  Multiple
+             using an alternative syntax: [bind_address/]port and
-             forwardings may be specified, and additional forwardings can be
+             host/hostport.  Multiple forwardings may be specified, and addi-
-             given on the command line.  Only the superuser can forward privi-
+             tional forwardings can be given on the command line.  Only the
-             leged ports.
+             superuser can forward privileged ports.
             If the bind_address is not specified, the default is to only bind
             to loopback addresses.  If the bind_address is `*' or an empty
@@ -440,9 +467,9 @@ DESCRIPTION
     StrictHostKeyChecking
             If this flag is set to ``yes'', ssh will never automatically add
-             host keys to the $HOME/.ssh/known_hosts file, and refuses to con-
+             host keys to the ~/.ssh/known_hosts file, and refuses to connect
-             nect to hosts whose host key has changed.  This provides maximum
+             to hosts whose host key has changed.  This provides maximum pro-
-             protection against trojan horse attacks, however, can be annoying
+             tection against trojan horse attacks, however, can be annoying
             when the /etc/ssh/ssh_known_hosts file is poorly maintained, or
             connections to new hosts are frequently made.  This option forces
             the user to manually add all new hosts.  If this flag is set to
@@ -483,7 +510,7 @@ DESCRIPTION
     UserKnownHostsFile
             Specifies a file to use for the user host key database instead of
-             $HOME/.ssh/known_hosts.
+             ~/.ssh/known_hosts.
     VerifyHostKeyDNS
             Specifies whether to verify the remote key using DNS and SSHFP
@@ -502,7 +529,7 @@ DESCRIPTION
             is /usr/X11R6/bin/xauth.
 FILES
-     $HOME/.ssh/config
+     ~/.ssh/config
             This is the per-user configuration file.  The format of this file
             is described above.  This file is used by the ssh client.  Be-
             cause of the potential for abuse, this file must have strict per-
@@ -524,4 +551,4 @@ AUTHORS
     ated OpenSSH.  Markus Friedl contributed the support for SSH protocol
     versions 1.5 and 2.0.
-OpenBSD 3.6                   September 25, 1999                             8
+OpenBSD 3.8                   September 25, 1999                             9