1 files changed, 53 insertions, 22 deletions
diff --git a/ssh_config.5 b/ssh_config.5
index 410853560..ddb806ec0 100644
--- a/ssh_config.5
+++ b/ssh_config.5
@@ -34,8 +34,8 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: ssh_config.5,v 1.130 2010/03/26 01:06:13 dtucker Exp $
+.\" $OpenBSD: ssh_config.5,v 1.138 2010/08/04 05:37:01 djm Exp $
-.Dd $Mdocdate: March 26 2010 $
+.Dd $Mdocdate: August 4 2010 $
 .Dt SSH_CONFIG 5
 .Os
 .Sh NAME
@@ -319,6 +319,28 @@ It is recommended that any
 used for opportunistic connection sharing include
 at least %h, %p, and %r.
 This ensures that shared connections are uniquely identified.
+.It Cm ControlPersist
+When used in conjunction with
+.Cm ControlMaster ,
+specifies that the master connection should remain open
+in the background (waiting for future client connections)
+after the initial client connection has been closed.
+If set to
+.Dq no ,
+then the master connection will not be placed into the background,
+and will close as soon as the initial client connection is closed.
+If set to
+.Dq yes ,
+then the master connection will remain in the background indefinitely
+(until killed or closed via a mechanism such as the
+.Xr ssh 1
+.Dq Fl O No exit
+option).
+If set to a time in seconds, or a time in any of the formats documented in
+.Xr sshd_config 5 ,
+then the backgrounded master connection will automatically terminate
+after it has remained idle (with no client connections) for the
+specified time.
 .It Cm DynamicForward
 Specifies that a TCP port on the local machine be forwarded
 over the secure channel, and the application
@@ -329,9 +351,7 @@ The argument must be
 .Sm off
 .Oo Ar bind_address : Oc Ar port .
 .Sm on
-IPv6 addresses can be specified by enclosing addresses in square brackets or
+IPv6 addresses can be specified by enclosing addresses in square brackets.
-by using an alternative syntax:
-.Oo Ar bind_address Ns / Oc Ns Ar port .
 By default, the local port is bound in accordance with the
 .Cm GatewayPorts
 setting.
@@ -432,6 +452,17 @@ An attacker may then be able to perform activities such as keystroke monitoring
 if the
 .Cm ForwardX11Trusted
 option is also enabled.
+.It Cm ForwardX11Timeout
+Specify a timeout for untrusted X11 forwarding
+using the format described in the
+.Sx TIME FORMATS
+section of
+.Xr sshd_config 5 .
+X11 connections received by
+.Xr ssh 1
+after this time will be refused.
+The default is to disable untrusted X11 forwarding after twenty minutes has
+elapsed.
 .It Cm ForwardX11Trusted
 If this option is set to
 .Dq yes ,
@@ -526,6 +557,10 @@ or for multiple servers running on a single host.
 .It Cm HostName
 Specifies the real host name to log into.
 This can be used to specify nicknames or abbreviations for hosts.
+If the hostname contains the character sequence
+.Ql %h ,
+then this will be replaced with the host name specified on the commandline
+(this is useful for manipulating unqualified names).
 The default is the name given on the command line.
 Numeric IP addresses are also permitted (both on the command line and in
 .Cm HostName
@@ -641,11 +676,7 @@ The first argument must be
 .Sm on
 and the second argument must be
 .Ar host : Ns Ar hostport .
-IPv6 addresses can be specified by enclosing addresses in square brackets or
+IPv6 addresses can be specified by enclosing addresses in square brackets.
-by using an alternative syntax:
-.Oo Ar bind_address Ns / Oc Ns Ar port
-and
-.Ar host Ns / Ns Ar hostport .
 Multiple forwardings may be specified, and additional forwardings can be
 given on the command line.
 Only the superuser can forward privileged ports.
@@ -732,10 +763,12 @@ authentication methods.
 This allows a client to prefer one method (e.g.\&
 .Cm keyboard-interactive )
 over another method (e.g.\&
-.Cm password )
+.Cm password ) .
-The default for this option is:
+The default is:
-.Do gssapi-with-mic,hostbased,publickey,keyboard-interactive,password
+.Bd -literal -offset indent
-.Dc .
+gssapi-with-mic,hostbased,publickey,
+keyboard-interactive,password
+.Ed
 .It Cm Protocol
 Specifies the protocol versions
 .Xr ssh 1
@@ -757,12 +790,14 @@ Specifies the command to use to connect to the server.
 The command
 string extends to the end of the line, and is executed with
 the user's shell.
-In the command string,
+In the command string, any occurrence of
 .Ql %h
 will be substituted by the host name to
-connect and
+connect,
 .Ql %p
-by the port.
+by the port, and
+.Ql %r
+by the remote user name.
 The command can be basically anything,
 and should read from its standard input and write to its standard output.
 It should eventually connect an
@@ -821,11 +856,7 @@ The first argument must be
 .Sm on
 and the second argument must be
 .Ar host : Ns Ar hostport .
-IPv6 addresses can be specified by enclosing addresses in square brackets
+IPv6 addresses can be specified by enclosing addresses in square brackets.
-or by using an alternative syntax:
-.Oo Ar bind_address Ns / Oc Ns Ar port
-and
-.Ar host Ns / Ns Ar hostport .
 Multiple forwardings may be specified, and additional
 forwardings can be given on the command line.
 Privileged ports can be forwarded only when

diff --git a/ssh_config.5 b/ssh_config.5 index 410853560..ddb806ec0 100644 --- a/ssh_config.5 +++ b/ssh_config.5
@@ -34,8 +34,8 @@
34	.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF	34	.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
35	.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.	35	.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
36	.\"	36	.\"
37	.\" $OpenBSD: ssh_config.5,v 1.130 2010/03/26 01:06:13 dtucker Exp $	37	.\" $OpenBSD: ssh_config.5,v 1.138 2010/08/04 05:37:01 djm Exp $
38	.Dd $Mdocdate: March 26 2010 $	38	.Dd $Mdocdate: August 4 2010 $
39	.Dt SSH_CONFIG 5	39	.Dt SSH_CONFIG 5
40	.Os	40	.Os
41	.Sh NAME	41	.Sh NAME
@@ -319,6 +319,28 @@ It is recommended that any
319	used for opportunistic connection sharing include	319	used for opportunistic connection sharing include
320	at least %h, %p, and %r.	320	at least %h, %p, and %r.
321	This ensures that shared connections are uniquely identified.	321	This ensures that shared connections are uniquely identified.
		322	.It Cm ControlPersist
		323	When used in conjunction with
		324	.Cm ControlMaster ,
		325	specifies that the master connection should remain open
		326	in the background (waiting for future client connections)
		327	after the initial client connection has been closed.
		328	If set to
		329	.Dq no ,
		330	then the master connection will not be placed into the background,
		331	and will close as soon as the initial client connection is closed.
		332	If set to
		333	.Dq yes ,
		334	then the master connection will remain in the background indefinitely
		335	(until killed or closed via a mechanism such as the
		336	.Xr ssh 1
		337	.Dq Fl O No exit
		338	option).
		339	If set to a time in seconds, or a time in any of the formats documented in
		340	.Xr sshd_config 5 ,
		341	then the backgrounded master connection will automatically terminate
		342	after it has remained idle (with no client connections) for the
		343	specified time.
322	.It Cm DynamicForward	344	.It Cm DynamicForward
323	Specifies that a TCP port on the local machine be forwarded	345	Specifies that a TCP port on the local machine be forwarded
324	over the secure channel, and the application	346	over the secure channel, and the application
@@ -329,9 +351,7 @@ The argument must be
329	.Sm off	351	.Sm off
330	.Oo Ar bind_address : Oc Ar port .	352	.Oo Ar bind_address : Oc Ar port .
331	.Sm on	353	.Sm on
332	IPv6 addresses can be specified by enclosing addresses in square brackets or	354	IPv6 addresses can be specified by enclosing addresses in square brackets.
333	by using an alternative syntax:
334	.Oo Ar bind_address Ns / Oc Ns Ar port .
335	By default, the local port is bound in accordance with the	355	By default, the local port is bound in accordance with the
336	.Cm GatewayPorts	356	.Cm GatewayPorts
337	setting.	357	setting.
@@ -432,6 +452,17 @@ An attacker may then be able to perform activities such as keystroke monitoring
432	if the	452	if the
433	.Cm ForwardX11Trusted	453	.Cm ForwardX11Trusted
434	option is also enabled.	454	option is also enabled.
		455	.It Cm ForwardX11Timeout
		456	Specify a timeout for untrusted X11 forwarding
		457	using the format described in the
		458	.Sx TIME FORMATS
		459	section of
		460	.Xr sshd_config 5 .
		461	X11 connections received by
		462	.Xr ssh 1
		463	after this time will be refused.
		464	The default is to disable untrusted X11 forwarding after twenty minutes has
		465	elapsed.
435	.It Cm ForwardX11Trusted	466	.It Cm ForwardX11Trusted
436	If this option is set to	467	If this option is set to
437	.Dq yes ,	468	.Dq yes ,
@@ -526,6 +557,10 @@ or for multiple servers running on a single host.
526	.It Cm HostName	557	.It Cm HostName
527	Specifies the real host name to log into.	558	Specifies the real host name to log into.
528	This can be used to specify nicknames or abbreviations for hosts.	559	This can be used to specify nicknames or abbreviations for hosts.
		560	If the hostname contains the character sequence
		561	.Ql %h ,
		562	then this will be replaced with the host name specified on the commandline
		563	(this is useful for manipulating unqualified names).
529	The default is the name given on the command line.	564	The default is the name given on the command line.
530	Numeric IP addresses are also permitted (both on the command line and in	565	Numeric IP addresses are also permitted (both on the command line and in
531	.Cm HostName	566	.Cm HostName
@@ -641,11 +676,7 @@ The first argument must be
641	.Sm on	676	.Sm on
642	and the second argument must be	677	and the second argument must be
643	.Ar host : Ns Ar hostport .	678	.Ar host : Ns Ar hostport .
644	IPv6 addresses can be specified by enclosing addresses in square brackets or	679	IPv6 addresses can be specified by enclosing addresses in square brackets.
645	by using an alternative syntax:
646	.Oo Ar bind_address Ns / Oc Ns Ar port
647	and
648	.Ar host Ns / Ns Ar hostport .
649	Multiple forwardings may be specified, and additional forwardings can be	680	Multiple forwardings may be specified, and additional forwardings can be
650	given on the command line.	681	given on the command line.
651	Only the superuser can forward privileged ports.	682	Only the superuser can forward privileged ports.
@@ -732,10 +763,12 @@ authentication methods.
732	This allows a client to prefer one method (e.g.\&	763	This allows a client to prefer one method (e.g.\&
733	.Cm keyboard-interactive )	764	.Cm keyboard-interactive )
734	over another method (e.g.\&	765	over another method (e.g.\&
735	.Cm password )	766	.Cm password ) .
736	The default for this option is:	767	The default is:
737	.Do gssapi-with-mic,hostbased,publickey,keyboard-interactive,password	768	.Bd -literal -offset indent
738	.Dc .	769	gssapi-with-mic,hostbased,publickey,
		770	keyboard-interactive,password
		771	.Ed
739	.It Cm Protocol	772	.It Cm Protocol
740	Specifies the protocol versions	773	Specifies the protocol versions
741	.Xr ssh 1	774	.Xr ssh 1
@@ -757,12 +790,14 @@ Specifies the command to use to connect to the server.
757	The command	790	The command
758	string extends to the end of the line, and is executed with	791	string extends to the end of the line, and is executed with
759	the user's shell.	792	the user's shell.
760	In the command string,	793	In the command string, any occurrence of
761	.Ql %h	794	.Ql %h
762	will be substituted by the host name to	795	will be substituted by the host name to
763	connect and	796	connect,
764	.Ql %p	797	.Ql %p
765	by the port.	798	by the port, and
		799	.Ql %r
		800	by the remote user name.
766	The command can be basically anything,	801	The command can be basically anything,
767	and should read from its standard input and write to its standard output.	802	and should read from its standard input and write to its standard output.
768	It should eventually connect an	803	It should eventually connect an
@@ -821,11 +856,7 @@ The first argument must be
821	.Sm on	856	.Sm on
822	and the second argument must be	857	and the second argument must be
823	.Ar host : Ns Ar hostport .	858	.Ar host : Ns Ar hostport .
824	IPv6 addresses can be specified by enclosing addresses in square brackets	859	IPv6 addresses can be specified by enclosing addresses in square brackets.
825	or by using an alternative syntax:
826	.Oo Ar bind_address Ns / Oc Ns Ar port
827	and
828	.Ar host Ns / Ns Ar hostport .
829	Multiple forwardings may be specified, and additional	860	Multiple forwardings may be specified, and additional
830	forwardings can be given on the command line.	861	forwardings can be given on the command line.
831	Privileged ports can be forwarded only when	862	Privileged ports can be forwarded only when