1 files changed, 53 insertions, 22 deletions
diff --git a/ssh_config.5 b/ssh_config.5
index 19d13f5c7..91c2cd2c6 100644
--- a/ssh_config.5
+++ b/ssh_config.5
@@ -34,8 +34,8 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: ssh_config.5,v 1.130 2010/03/26 01:06:13 dtucker Exp $
+.\" $OpenBSD: ssh_config.5,v 1.138 2010/08/04 05:37:01 djm Exp $
-.Dd $Mdocdate: March 26 2010 $
+.Dd $Mdocdate: August 4 2010 $
 .Dt SSH_CONFIG 5
 .Os
 .Sh NAME
@@ -319,6 +319,28 @@ It is recommended that any
 used for opportunistic connection sharing include
 at least %h, %p, and %r.
 This ensures that shared connections are uniquely identified.
+.It Cm ControlPersist
+When used in conjunction with
+.Cm ControlMaster ,
+specifies that the master connection should remain open
+in the background (waiting for future client connections)
+after the initial client connection has been closed.
+If set to
+.Dq no ,
+then the master connection will not be placed into the background,
+and will close as soon as the initial client connection is closed.
+If set to
+.Dq yes ,
+then the master connection will remain in the background indefinitely
+(until killed or closed via a mechanism such as the
+.Xr ssh 1
+.Dq Fl O No exit
+option).
+If set to a time in seconds, or a time in any of the formats documented in
+.Xr sshd_config 5 ,
+then the backgrounded master connection will automatically terminate
+after it has remained idle (with no client connections) for the
+specified time.
 .It Cm DynamicForward
 Specifies that a TCP port on the local machine be forwarded
 over the secure channel, and the application
@@ -329,9 +351,7 @@ The argument must be
 .Sm off
 .Oo Ar bind_address : Oc Ar port .
 .Sm on
-IPv6 addresses can be specified by enclosing addresses in square brackets or
+IPv6 addresses can be specified by enclosing addresses in square brackets.
-by using an alternative syntax:
-.Oo Ar bind_address Ns / Oc Ns Ar port .
 By default, the local port is bound in accordance with the
 .Cm GatewayPorts
 setting.
@@ -432,6 +452,17 @@ An attacker may then be able to perform activities such as keystroke monitoring
 if the
 .Cm ForwardX11Trusted
 option is also enabled.
+.It Cm ForwardX11Timeout
+Specify a timeout for untrusted X11 forwarding
+using the format described in the
+.Sx TIME FORMATS
+section of
+.Xr sshd_config 5 .
+X11 connections received by
+.Xr ssh 1
+after this time will be refused.
+The default is to disable untrusted X11 forwarding after twenty minutes has
+elapsed.
 .It Cm ForwardX11Trusted
 If this option is set to
 .Dq yes ,
@@ -553,6 +584,10 @@ or for multiple servers running on a single host.
 .It Cm HostName
 Specifies the real host name to log into.
 This can be used to specify nicknames or abbreviations for hosts.
+If the hostname contains the character sequence
+.Ql %h ,
+then this will be replaced with the host name specified on the commandline
+(this is useful for manipulating unqualified names).
 The default is the name given on the command line.
 Numeric IP addresses are also permitted (both on the command line and in
 .Cm HostName
@@ -668,11 +703,7 @@ The first argument must be
 .Sm on
 and the second argument must be
 .Ar host : Ns Ar hostport .
-IPv6 addresses can be specified by enclosing addresses in square brackets or
+IPv6 addresses can be specified by enclosing addresses in square brackets.
-by using an alternative syntax:
-.Oo Ar bind_address Ns / Oc Ns Ar port
-and
-.Ar host Ns / Ns Ar hostport .
 Multiple forwardings may be specified, and additional forwardings can be
 given on the command line.
 Only the superuser can forward privileged ports.
@@ -759,10 +790,12 @@ authentication methods.
 This allows a client to prefer one method (e.g.\&
 .Cm keyboard-interactive )
 over another method (e.g.\&
-.Cm password )
+.Cm password ) .
-The default for this option is:
+The default is:
-.Do gssapi-with-mic,hostbased,publickey,keyboard-interactive,password
+.Bd -literal -offset indent
-.Dc .
+gssapi-with-mic,hostbased,publickey,
+keyboard-interactive,password
+.Ed
 .It Cm Protocol
 Specifies the protocol versions
 .Xr ssh 1
@@ -784,12 +817,14 @@ Specifies the command to use to connect to the server.
 The command
 string extends to the end of the line, and is executed with
 the user's shell.
-In the command string,
+In the command string, any occurrence of
 .Ql %h
 will be substituted by the host name to
-connect and
+connect,
 .Ql %p
-by the port.
+by the port, and
+.Ql %r
+by the remote user name.
 The command can be basically anything,
 and should read from its standard input and write to its standard output.
 It should eventually connect an
@@ -848,11 +883,7 @@ The first argument must be
 .Sm on
 and the second argument must be
 .Ar host : Ns Ar hostport .
-IPv6 addresses can be specified by enclosing addresses in square brackets
+IPv6 addresses can be specified by enclosing addresses in square brackets.
-or by using an alternative syntax:
-.Oo Ar bind_address Ns / Oc Ns Ar port
-and
-.Ar host Ns / Ns Ar hostport .
 Multiple forwardings may be specified, and additional
 forwardings can be given on the command line.
 Privileged ports can be forwarded only when

diff --git a/ssh_config.5 b/ssh_config.5 index 19d13f5c7..91c2cd2c6 100644 --- a/ssh_config.5 +++ b/ssh_config.5
@@ -34,8 +34,8 @@
34	.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF	34	.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
35	.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.	35	.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
36	.\"	36	.\"
37	.\" $OpenBSD: ssh_config.5,v 1.130 2010/03/26 01:06:13 dtucker Exp $	37	.\" $OpenBSD: ssh_config.5,v 1.138 2010/08/04 05:37:01 djm Exp $
38	.Dd $Mdocdate: March 26 2010 $	38	.Dd $Mdocdate: August 4 2010 $
39	.Dt SSH_CONFIG 5	39	.Dt SSH_CONFIG 5
40	.Os	40	.Os
41	.Sh NAME	41	.Sh NAME
@@ -319,6 +319,28 @@ It is recommended that any
319	used for opportunistic connection sharing include	319	used for opportunistic connection sharing include
320	at least %h, %p, and %r.	320	at least %h, %p, and %r.
321	This ensures that shared connections are uniquely identified.	321	This ensures that shared connections are uniquely identified.
		322	.It Cm ControlPersist
		323	When used in conjunction with
		324	.Cm ControlMaster ,
		325	specifies that the master connection should remain open
		326	in the background (waiting for future client connections)
		327	after the initial client connection has been closed.
		328	If set to
		329	.Dq no ,
		330	then the master connection will not be placed into the background,
		331	and will close as soon as the initial client connection is closed.
		332	If set to
		333	.Dq yes ,
		334	then the master connection will remain in the background indefinitely
		335	(until killed or closed via a mechanism such as the
		336	.Xr ssh 1
		337	.Dq Fl O No exit
		338	option).
		339	If set to a time in seconds, or a time in any of the formats documented in
		340	.Xr sshd_config 5 ,
		341	then the backgrounded master connection will automatically terminate
		342	after it has remained idle (with no client connections) for the
		343	specified time.
322	.It Cm DynamicForward	344	.It Cm DynamicForward
323	Specifies that a TCP port on the local machine be forwarded	345	Specifies that a TCP port on the local machine be forwarded
324	over the secure channel, and the application	346	over the secure channel, and the application
@@ -329,9 +351,7 @@ The argument must be
329	.Sm off	351	.Sm off
330	.Oo Ar bind_address : Oc Ar port .	352	.Oo Ar bind_address : Oc Ar port .
331	.Sm on	353	.Sm on
332	IPv6 addresses can be specified by enclosing addresses in square brackets or	354	IPv6 addresses can be specified by enclosing addresses in square brackets.
333	by using an alternative syntax:
334	.Oo Ar bind_address Ns / Oc Ns Ar port .
335	By default, the local port is bound in accordance with the	355	By default, the local port is bound in accordance with the
336	.Cm GatewayPorts	356	.Cm GatewayPorts
337	setting.	357	setting.
@@ -432,6 +452,17 @@ An attacker may then be able to perform activities such as keystroke monitoring
432	if the	452	if the
433	.Cm ForwardX11Trusted	453	.Cm ForwardX11Trusted
434	option is also enabled.	454	option is also enabled.
		455	.It Cm ForwardX11Timeout
		456	Specify a timeout for untrusted X11 forwarding
		457	using the format described in the
		458	.Sx TIME FORMATS
		459	section of
		460	.Xr sshd_config 5 .
		461	X11 connections received by
		462	.Xr ssh 1
		463	after this time will be refused.
		464	The default is to disable untrusted X11 forwarding after twenty minutes has
		465	elapsed.
435	.It Cm ForwardX11Trusted	466	.It Cm ForwardX11Trusted
436	If this option is set to	467	If this option is set to
437	.Dq yes ,	468	.Dq yes ,
@@ -553,6 +584,10 @@ or for multiple servers running on a single host.
553	.It Cm HostName	584	.It Cm HostName
554	Specifies the real host name to log into.	585	Specifies the real host name to log into.
555	This can be used to specify nicknames or abbreviations for hosts.	586	This can be used to specify nicknames or abbreviations for hosts.
		587	If the hostname contains the character sequence
		588	.Ql %h ,
		589	then this will be replaced with the host name specified on the commandline
		590	(this is useful for manipulating unqualified names).
556	The default is the name given on the command line.	591	The default is the name given on the command line.
557	Numeric IP addresses are also permitted (both on the command line and in	592	Numeric IP addresses are also permitted (both on the command line and in
558	.Cm HostName	593	.Cm HostName
@@ -668,11 +703,7 @@ The first argument must be
668	.Sm on	703	.Sm on
669	and the second argument must be	704	and the second argument must be
670	.Ar host : Ns Ar hostport .	705	.Ar host : Ns Ar hostport .
671	IPv6 addresses can be specified by enclosing addresses in square brackets or	706	IPv6 addresses can be specified by enclosing addresses in square brackets.
672	by using an alternative syntax:
673	.Oo Ar bind_address Ns / Oc Ns Ar port
674	and
675	.Ar host Ns / Ns Ar hostport .
676	Multiple forwardings may be specified, and additional forwardings can be	707	Multiple forwardings may be specified, and additional forwardings can be
677	given on the command line.	708	given on the command line.
678	Only the superuser can forward privileged ports.	709	Only the superuser can forward privileged ports.
@@ -759,10 +790,12 @@ authentication methods.
759	This allows a client to prefer one method (e.g.\&	790	This allows a client to prefer one method (e.g.\&
760	.Cm keyboard-interactive )	791	.Cm keyboard-interactive )
761	over another method (e.g.\&	792	over another method (e.g.\&
762	.Cm password )	793	.Cm password ) .
763	The default for this option is:	794	The default is:
764	.Do gssapi-with-mic,hostbased,publickey,keyboard-interactive,password	795	.Bd -literal -offset indent
765	.Dc .	796	gssapi-with-mic,hostbased,publickey,
		797	keyboard-interactive,password
		798	.Ed
766	.It Cm Protocol	799	.It Cm Protocol
767	Specifies the protocol versions	800	Specifies the protocol versions
768	.Xr ssh 1	801	.Xr ssh 1
@@ -784,12 +817,14 @@ Specifies the command to use to connect to the server.
784	The command	817	The command
785	string extends to the end of the line, and is executed with	818	string extends to the end of the line, and is executed with
786	the user's shell.	819	the user's shell.
787	In the command string,	820	In the command string, any occurrence of
788	.Ql %h	821	.Ql %h
789	will be substituted by the host name to	822	will be substituted by the host name to
790	connect and	823	connect,
791	.Ql %p	824	.Ql %p
792	by the port.	825	by the port, and
		826	.Ql %r
		827	by the remote user name.
793	The command can be basically anything,	828	The command can be basically anything,
794	and should read from its standard input and write to its standard output.	829	and should read from its standard input and write to its standard output.
795	It should eventually connect an	830	It should eventually connect an
@@ -848,11 +883,7 @@ The first argument must be
848	.Sm on	883	.Sm on
849	and the second argument must be	884	and the second argument must be
850	.Ar host : Ns Ar hostport .	885	.Ar host : Ns Ar hostport .
851	IPv6 addresses can be specified by enclosing addresses in square brackets	886	IPv6 addresses can be specified by enclosing addresses in square brackets.
852	or by using an alternative syntax:
853	.Oo Ar bind_address Ns / Oc Ns Ar port
854	and
855	.Ar host Ns / Ns Ar hostport .
856	Multiple forwardings may be specified, and additional	887	Multiple forwardings may be specified, and additional
857	forwardings can be given on the command line.	888	forwardings can be given on the command line.
858	Privileged ports can be forwarded only when	889	Privileged ports can be forwarded only when