1 files changed, 75 insertions, 2 deletions
diff --git a/ssh_config.5 b/ssh_config.5
index caf13a62d..7630e7bcb 100644
--- a/ssh_config.5
+++ b/ssh_config.5
@@ -33,8 +33,8 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: ssh_config.5,v 1.228 2016/02/20 23:01:46 sobrado Exp $
+.\" $OpenBSD: ssh_config.5,v 1.236 2016/07/22 07:00:46 djm Exp $
-.Dd $Mdocdate: February 20 2016 $
+.Dd $Mdocdate: July 22 2016 $
 .Dt SSH_CONFIG 5
 .Os
 .Sh NAME
@@ -952,6 +952,36 @@ This option is intended for situations where ssh-agent
 offers many different identities.
 The default is
 .Dq no .
+.It Cm IdentityAgent
+Specifies the
+.Ux Ns -domain
+socket used to communicate with the authentication agent.
+.Pp
+This option overrides the
+.Dq SSH_AUTH_SOCK
+environment variable and can be used to select a specific agent.
+Setting the socket name to
+.Dq none
+disables the use of an authentication agent.
+If the string
+.Dq SSH_AUTH_SOCK
+is specified, the location of the socket will be read from the
+.Ev SSH_AUTH_SOCK
+environment variable.
+.Pp
+The socket name may use the tilde
+syntax to refer to a user's home directory or one of the following
+escape characters:
+.Ql %d
+(local user's home directory),
+.Ql %u
+(local user name),
+.Ql %l
+(local host name),
+.Ql %h
+(remote host name) or
+.Ql %r
+(remote user name).
 .It Cm IdentityFile
 Specifies a file from which the user's DSA, ECDSA, Ed25519 or RSA authentication
 identity is read.
@@ -1019,6 +1049,25 @@ It is recommended that
 .Cm IgnoreUnknown
 be listed early in the configuration file as it will not be applied
 to unknown options that appear before it.
+.It Cm Include
+Include the specified configuration file(s).
+Multiple pathnames may be specified and each pathname may contain
+.Xr glob 3
+wildcards and, for user configurations, shell-like
+.Dq ~
+references to user home directories.
+Files without absolute paths are assumed to be in
+.Pa ~/.ssh
+if included in a user configuration file or
+.Pa /etc/ssh
+if included from the system configuration file.
+.Cm Include
+directive may appear inside a
+.Cm Match
+or
+.Cm Host
+block
+to perform conditional inclusion.
 .It Cm IPQoS
 Specifies the IPv4 type-of-service or DSCP class for connections.
 Accepted values are
@@ -1309,6 +1358,30 @@ For example, the following directive would connect via an HTTP proxy at
 .Bd -literal -offset 3n
 ProxyCommand /usr/bin/nc -X connect -x 192.0.2.0:8080 %h %p
 .Ed
+.It Cm ProxyJump
+Specifies one or more jump proxies as
+.Xo
+.Sm off
+.Op Ar user No @
+.Ar host
+.Op : Ns Ar port
+.Sm on
+.Xc .
+Multiple proxies may be separated by comma characters and will be visited
+sequentially.
+Setting this option will cause
+.Xr ssh 1
+to connect to the target host by first making a
+.Xr ssh 1
+connection to the specified
+.Cm ProxyJump
+host and then establishing a
+TCP forwarding to the ultimate target from there.
+.Pp
+Note that this option will compete with the
+.Cm ProxyCommand
+option - whichever is specified first will prevent later instances of the
+other from taking effect.
 .It Cm ProxyUseFdpass
 Specifies that
 .Cm ProxyCommand

diff --git a/ssh_config.5 b/ssh_config.5 index caf13a62d..7630e7bcb 100644 --- a/ssh_config.5 +++ b/ssh_config.5
@@ -33,8 +33,8 @@
33	.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF	33	.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
34	.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.	34	.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
35	.\"	35	.\"
36	.\" $OpenBSD: ssh_config.5,v 1.228 2016/02/20 23:01:46 sobrado Exp $	36	.\" $OpenBSD: ssh_config.5,v 1.236 2016/07/22 07:00:46 djm Exp $
37	.Dd $Mdocdate: February 20 2016 $	37	.Dd $Mdocdate: July 22 2016 $
38	.Dt SSH_CONFIG 5	38	.Dt SSH_CONFIG 5
39	.Os	39	.Os
40	.Sh NAME	40	.Sh NAME
@@ -952,6 +952,36 @@ This option is intended for situations where ssh-agent
952	offers many different identities.	952	offers many different identities.
953	The default is	953	The default is
954	.Dq no .	954	.Dq no .
		955	.It Cm IdentityAgent
		956	Specifies the
		957	.Ux Ns -domain
		958	socket used to communicate with the authentication agent.
		959	.Pp
		960	This option overrides the
		961	.Dq SSH_AUTH_SOCK
		962	environment variable and can be used to select a specific agent.
		963	Setting the socket name to
		964	.Dq none
		965	disables the use of an authentication agent.
		966	If the string
		967	.Dq SSH_AUTH_SOCK
		968	is specified, the location of the socket will be read from the
		969	.Ev SSH_AUTH_SOCK
		970	environment variable.
		971	.Pp
		972	The socket name may use the tilde
		973	syntax to refer to a user's home directory or one of the following
		974	escape characters:
		975	.Ql %d
		976	(local user's home directory),
		977	.Ql %u
		978	(local user name),
		979	.Ql %l
		980	(local host name),
		981	.Ql %h
		982	(remote host name) or
		983	.Ql %r
		984	(remote user name).
955	.It Cm IdentityFile	985	.It Cm IdentityFile
956	Specifies a file from which the user's DSA, ECDSA, Ed25519 or RSA authentication	986	Specifies a file from which the user's DSA, ECDSA, Ed25519 or RSA authentication
957	identity is read.	987	identity is read.
@@ -1019,6 +1049,25 @@ It is recommended that
1019	.Cm IgnoreUnknown	1049	.Cm IgnoreUnknown
1020	be listed early in the configuration file as it will not be applied	1050	be listed early in the configuration file as it will not be applied
1021	to unknown options that appear before it.	1051	to unknown options that appear before it.
		1052	.It Cm Include
		1053	Include the specified configuration file(s).
		1054	Multiple pathnames may be specified and each pathname may contain
		1055	.Xr glob 3
		1056	wildcards and, for user configurations, shell-like
		1057	.Dq ~
		1058	references to user home directories.
		1059	Files without absolute paths are assumed to be in
		1060	.Pa ~/.ssh
		1061	if included in a user configuration file or
		1062	.Pa /etc/ssh
		1063	if included from the system configuration file.
		1064	.Cm Include
		1065	directive may appear inside a
		1066	.Cm Match
		1067	or
		1068	.Cm Host
		1069	block
		1070	to perform conditional inclusion.
1022	.It Cm IPQoS	1071	.It Cm IPQoS
1023	Specifies the IPv4 type-of-service or DSCP class for connections.	1072	Specifies the IPv4 type-of-service or DSCP class for connections.
1024	Accepted values are	1073	Accepted values are
@@ -1309,6 +1358,30 @@ For example, the following directive would connect via an HTTP proxy at
1309	.Bd -literal -offset 3n	1358	.Bd -literal -offset 3n
1310	ProxyCommand /usr/bin/nc -X connect -x 192.0.2.0:8080 %h %p	1359	ProxyCommand /usr/bin/nc -X connect -x 192.0.2.0:8080 %h %p
1311	.Ed	1360	.Ed
		1361	.It Cm ProxyJump
		1362	Specifies one or more jump proxies as
		1363	.Xo
		1364	.Sm off
		1365	.Op Ar user No @
		1366	.Ar host
		1367	.Op : Ns Ar port
		1368	.Sm on
		1369	.Xc .
		1370	Multiple proxies may be separated by comma characters and will be visited
		1371	sequentially.
		1372	Setting this option will cause
		1373	.Xr ssh 1
		1374	to connect to the target host by first making a
		1375	.Xr ssh 1
		1376	connection to the specified
		1377	.Cm ProxyJump
		1378	host and then establishing a
		1379	TCP forwarding to the ultimate target from there.
		1380	.Pp
		1381	Note that this option will compete with the
		1382	.Cm ProxyCommand
		1383	option - whichever is specified first will prevent later instances of the
		1384	other from taking effect.
1312	.It Cm ProxyUseFdpass	1385	.It Cm ProxyUseFdpass
1313	Specifies that	1386	Specifies that
1314	.Cm ProxyCommand	1387	.Cm ProxyCommand