1 files changed, 29 insertions, 24 deletions
diff --git a/ssh_config.5 b/ssh_config.5
index 06a32d314..dc010ccbd 100644
--- a/ssh_config.5
+++ b/ssh_config.5
@@ -33,8 +33,8 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: ssh_config.5,v 1.322 2020/02/07 03:54:44 dtucker Exp $
+.\" $OpenBSD: ssh_config.5,v 1.325 2020/04/11 20:20:09 jmc Exp $
-.Dd $Mdocdate: February 7 2020 $
+.Dd $Mdocdate: April 11 2020 $
 .Dt SSH_CONFIG 5
 .Os
 .Sh NAME
@@ -1125,12 +1125,15 @@ has been enabled.
 .It Cm LocalForward
 Specifies that a TCP port on the local machine be forwarded over
 the secure channel to the specified host and port from the remote machine.
-The first argument must be
+The first argument specifies the listener and may be
 .Sm off
 .Oo Ar bind_address : Oc Ar port
 .Sm on
-and the second argument must be
+or a Unix domain socket path.
-.Ar host : Ns Ar hostport .
+The second argument is the destination and may be
+.Ar host : Ns Ar hostport
+or a Unix domain socket path if the remote host supports it.
+.Pp
 IPv6 addresses can be specified by enclosing addresses in square brackets.
 Multiple forwardings may be specified, and additional forwardings can be
 given on the command line.
@@ -1149,6 +1152,9 @@ indicates that the listening port be bound for local use only, while an
 empty address or
 .Sq *
 indicates that the port should be available from all interfaces.
+Unix domain socket paths accept the tokens described in the
+.Sx TOKENS
+section.
 .It Cm LogLevel
 Gives the verbosity level that is used when logging messages from
 .Xr ssh 1 .
@@ -1401,12 +1407,14 @@ the secure channel.
 The remote port may either be forwarded to a specified host and port
 from the local machine, or may act as a SOCKS 4/5 proxy that allows a remote
 client to connect to arbitrary destinations from the local machine.
-The first argument must be
+The first argument is the listening specification and may be
 .Sm off
 .Oo Ar bind_address : Oc Ar port
 .Sm on
+or, if the remote host supports it, a Unix domain socket path.
 If forwarding to a specific destination then the second argument must be
-.Ar host : Ns Ar hostport ,
+.Ar host : Ns Ar hostport
+or a Unix domain socket path,
 otherwise if no destination argument is specified then the remote forwarding
 will be established as a SOCKS proxy.
 .Pp
@@ -1415,6 +1423,9 @@ Multiple forwardings may be specified, and additional
 forwardings can be given on the command line.
 Privileged ports can be forwarded only when
 logging in as root on the remote machine.
+Unix domain socket paths accept the tokens described in the
+.Sx TOKENS
+section.
 .Pp
 If the
 .Ar port
@@ -1845,31 +1856,25 @@ otherwise.
 The local username.
 .El
 .Pp
-.Cm Match exec
+.Cm CertificateFile ,
-accepts the tokens %%, %h, %i, %L, %l, %n, %p, %r, and %u.
+.Cm ControlPath ,
-.Pp
+.Cm IdentityAgent ,
-.Cm CertificateFile
+.Cm IdentityFile ,
-accepts the tokens %%, %d, %h, %i, %l, %r, and %u.
+.Cm LocalForward ,
-.Pp
+.Cm Match exec ,
-.Cm ControlPath
+.Cm RemoteCommand ,
-accepts the tokens %%, %C, %h, %i, %L, %l, %n, %p, %r, and %u.
+and
+.Cm RemoteForward
+accept the tokens %%, %C, %d, %h, %i, %L, %l, %n, %p, %r, and %u.
 .Pp
 .Cm Hostname
 accepts the tokens %% and %h.
 .Pp
-.Cm IdentityAgent
-and
-.Cm IdentityFile
-accept the tokens %%, %d, %h, %i, %l, %r, and %u.
-.Pp
 .Cm LocalCommand
-accepts the tokens %%, %C, %d, %h, %i, %l, %n, %p, %r, %T, and %u.
+accepts all tokens.
 .Pp
 .Cm ProxyCommand
 accepts the tokens %%, %h, %n, %p, and %r.
-.Pp
-.Cm RemoteCommand
-accepts the tokens %%, %C, %d, %h, %i, %l, %n, %p, %r, and %u.
 .Sh FILES
 .Bl -tag -width Ds
 .It Pa ~/.ssh/config

diff --git a/ssh_config.5 b/ssh_config.5 index 06a32d314..dc010ccbd 100644 --- a/ssh_config.5 +++ b/ssh_config.5
@@ -33,8 +33,8 @@
33	.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF	33	.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
34	.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.	34	.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
35	.\"	35	.\"
36	.\" $OpenBSD: ssh_config.5,v 1.322 2020/02/07 03:54:44 dtucker Exp $	36	.\" $OpenBSD: ssh_config.5,v 1.325 2020/04/11 20:20:09 jmc Exp $
37	.Dd $Mdocdate: February 7 2020 $	37	.Dd $Mdocdate: April 11 2020 $
38	.Dt SSH_CONFIG 5	38	.Dt SSH_CONFIG 5
39	.Os	39	.Os
40	.Sh NAME	40	.Sh NAME
@@ -1125,12 +1125,15 @@ has been enabled.
1125	.It Cm LocalForward	1125	.It Cm LocalForward
1126	Specifies that a TCP port on the local machine be forwarded over	1126	Specifies that a TCP port on the local machine be forwarded over
1127	the secure channel to the specified host and port from the remote machine.	1127	the secure channel to the specified host and port from the remote machine.
1128	The first argument must be	1128	The first argument specifies the listener and may be
1129	.Sm off	1129	.Sm off
1130	.Oo Ar bind_address : Oc Ar port	1130	.Oo Ar bind_address : Oc Ar port
1131	.Sm on	1131	.Sm on
1132	and the second argument must be	1132	or a Unix domain socket path.
1133	.Ar host : Ns Ar hostport .	1133	The second argument is the destination and may be
		1134	.Ar host : Ns Ar hostport
		1135	or a Unix domain socket path if the remote host supports it.
		1136	.Pp
1134	IPv6 addresses can be specified by enclosing addresses in square brackets.	1137	IPv6 addresses can be specified by enclosing addresses in square brackets.
1135	Multiple forwardings may be specified, and additional forwardings can be	1138	Multiple forwardings may be specified, and additional forwardings can be
1136	given on the command line.	1139	given on the command line.
@@ -1149,6 +1152,9 @@ indicates that the listening port be bound for local use only, while an
1149	empty address or	1152	empty address or
1150	.Sq *	1153	.Sq *
1151	indicates that the port should be available from all interfaces.	1154	indicates that the port should be available from all interfaces.
		1155	Unix domain socket paths accept the tokens described in the
		1156	.Sx TOKENS
		1157	section.
1152	.It Cm LogLevel	1158	.It Cm LogLevel
1153	Gives the verbosity level that is used when logging messages from	1159	Gives the verbosity level that is used when logging messages from
1154	.Xr ssh 1 .	1160	.Xr ssh 1 .
@@ -1401,12 +1407,14 @@ the secure channel.
1401	The remote port may either be forwarded to a specified host and port	1407	The remote port may either be forwarded to a specified host and port
1402	from the local machine, or may act as a SOCKS 4/5 proxy that allows a remote	1408	from the local machine, or may act as a SOCKS 4/5 proxy that allows a remote
1403	client to connect to arbitrary destinations from the local machine.	1409	client to connect to arbitrary destinations from the local machine.
1404	The first argument must be	1410	The first argument is the listening specification and may be
1405	.Sm off	1411	.Sm off
1406	.Oo Ar bind_address : Oc Ar port	1412	.Oo Ar bind_address : Oc Ar port
1407	.Sm on	1413	.Sm on
		1414	or, if the remote host supports it, a Unix domain socket path.
1408	If forwarding to a specific destination then the second argument must be	1415	If forwarding to a specific destination then the second argument must be
1409	.Ar host : Ns Ar hostport ,	1416	.Ar host : Ns Ar hostport
		1417	or a Unix domain socket path,
1410	otherwise if no destination argument is specified then the remote forwarding	1418	otherwise if no destination argument is specified then the remote forwarding
1411	will be established as a SOCKS proxy.	1419	will be established as a SOCKS proxy.
1412	.Pp	1420	.Pp
@@ -1415,6 +1423,9 @@ Multiple forwardings may be specified, and additional
1415	forwardings can be given on the command line.	1423	forwardings can be given on the command line.
1416	Privileged ports can be forwarded only when	1424	Privileged ports can be forwarded only when
1417	logging in as root on the remote machine.	1425	logging in as root on the remote machine.
		1426	Unix domain socket paths accept the tokens described in the
		1427	.Sx TOKENS
		1428	section.
1418	.Pp	1429	.Pp
1419	If the	1430	If the
1420	.Ar port	1431	.Ar port
@@ -1845,31 +1856,25 @@ otherwise.
1845	The local username.	1856	The local username.
1846	.El	1857	.El
1847	.Pp	1858	.Pp
1848	.Cm Match exec	1859	.Cm CertificateFile ,
1849	accepts the tokens %%, %h, %i, %L, %l, %n, %p, %r, and %u.	1860	.Cm ControlPath ,
1850	.Pp	1861	.Cm IdentityAgent ,
1851	.Cm CertificateFile	1862	.Cm IdentityFile ,
1852	accepts the tokens %%, %d, %h, %i, %l, %r, and %u.	1863	.Cm LocalForward ,
1853	.Pp	1864	.Cm Match exec ,
1854	.Cm ControlPath	1865	.Cm RemoteCommand ,
1855	accepts the tokens %%, %C, %h, %i, %L, %l, %n, %p, %r, and %u.	1866	and
		1867	.Cm RemoteForward
		1868	accept the tokens %%, %C, %d, %h, %i, %L, %l, %n, %p, %r, and %u.
1856	.Pp	1869	.Pp
1857	.Cm Hostname	1870	.Cm Hostname
1858	accepts the tokens %% and %h.	1871	accepts the tokens %% and %h.
1859	.Pp	1872	.Pp
1860	.Cm IdentityAgent
1861	and
1862	.Cm IdentityFile
1863	accept the tokens %%, %d, %h, %i, %l, %r, and %u.
1864	.Pp
1865	.Cm LocalCommand	1873	.Cm LocalCommand
1866	accepts the tokens %%, %C, %d, %h, %i, %l, %n, %p, %r, %T, and %u.	1874	accepts all tokens.
1867	.Pp	1875	.Pp
1868	.Cm ProxyCommand	1876	.Cm ProxyCommand
1869	accepts the tokens %%, %h, %n, %p, and %r.	1877	accepts the tokens %%, %h, %n, %p, and %r.
1870	.Pp
1871	.Cm RemoteCommand
1872	accepts the tokens %%, %C, %d, %h, %i, %l, %n, %p, %r, and %u.
1873	.Sh FILES	1878	.Sh FILES
1874	.Bl -tag -width Ds	1879	.Bl -tag -width Ds
1875	.It Pa ~/.ssh/config	1880	.It Pa ~/.ssh/config