1 files changed, 25 insertions, 3 deletions
diff --git a/ssh_config.5 b/ssh_config.5
index 35c578c3b..1a8e24bd1 100644
--- a/ssh_config.5
+++ b/ssh_config.5
@@ -33,8 +33,8 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: ssh_config.5,v 1.281 2018/07/23 19:02:49 kn Exp $
+.\" $OpenBSD: ssh_config.5,v 1.286 2018/10/03 06:38:35 djm Exp $
-.Dd $Mdocdate: July 23 2018 $
+.Dd $Mdocdate: October 3 2018 $
 .Dt SSH_CONFIG 5
 .Os
 .Sh NAME
@@ -310,7 +310,9 @@ hostname lookups.
 If set to
 .Cm yes
 then, for connections that do not use a
-.Cm ProxyCommand ,
+.Cm ProxyCommand
+or
+.Cm ProxyJump ,
 .Xr ssh 1
 will attempt to canonicalize the hostname specified on the command line
 using the
@@ -356,6 +358,18 @@ to be canonicalized to names in the
 or
 .Qq *.c.example.com
 domains.
+.It Cm CASignatureAlgorithms
+Specifies which algorithms are allowed for signing of certificates
+by certificate authorities (CAs).
+The default is:
+.Bd -literal -offset indent
+ecdsa-sha2-nistp256.ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
+ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa
+.Ed
+.Pp
+.Xr ssh 1
+will not accept host certificates signed using algorithms other than those
+specified.
 .It Cm CertificateFile
 Specifies a file from which the user's certificate is read.
 A corresponding private key must be provided separately in order
@@ -692,6 +706,10 @@ section of
 X11 connections received by
 .Xr ssh 1
 after this time will be refused.
+Setting
+.Cm ForwardX11Timeout
+to zero will disable the timeout and permit X11 forwarding for the life
+of the connection.
 The default is to disable untrusted X11 forwarding after twenty minutes has
 elapsed.
 .It Cm ForwardX11Trusted
@@ -915,6 +933,10 @@ If the string
 is specified, the location of the socket will be read from the
 .Ev SSH_AUTH_SOCK
 environment variable.
+Otherwise if the specified value begins with a
+.Sq $
+character, then it will be treated as an environment variable containing
+the location of the socket.
 .Pp
 Arguments to
 .Cm IdentityAgent

diff --git a/ssh_config.5 b/ssh_config.5 index 35c578c3b..1a8e24bd1 100644 --- a/ssh_config.5 +++ b/ssh_config.5
@@ -33,8 +33,8 @@
33	.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF	33	.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
34	.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.	34	.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
35	.\"	35	.\"
36	.\" $OpenBSD: ssh_config.5,v 1.281 2018/07/23 19:02:49 kn Exp $	36	.\" $OpenBSD: ssh_config.5,v 1.286 2018/10/03 06:38:35 djm Exp $
37	.Dd $Mdocdate: July 23 2018 $	37	.Dd $Mdocdate: October 3 2018 $
38	.Dt SSH_CONFIG 5	38	.Dt SSH_CONFIG 5
39	.Os	39	.Os
40	.Sh NAME	40	.Sh NAME
@@ -310,7 +310,9 @@ hostname lookups.
310	If set to	310	If set to
311	.Cm yes	311	.Cm yes
312	then, for connections that do not use a	312	then, for connections that do not use a
313	.Cm ProxyCommand ,	313	.Cm ProxyCommand
		314	or
		315	.Cm ProxyJump ,
314	.Xr ssh 1	316	.Xr ssh 1
315	will attempt to canonicalize the hostname specified on the command line	317	will attempt to canonicalize the hostname specified on the command line
316	using the	318	using the
@@ -356,6 +358,18 @@ to be canonicalized to names in the
356	or	358	or
357	.Qq *.c.example.com	359	.Qq *.c.example.com
358	domains.	360	domains.
		361	.It Cm CASignatureAlgorithms
		362	Specifies which algorithms are allowed for signing of certificates
		363	by certificate authorities (CAs).
		364	The default is:
		365	.Bd -literal -offset indent
		366	ecdsa-sha2-nistp256.ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
		367	ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa
		368	.Ed
		369	.Pp
		370	.Xr ssh 1
		371	will not accept host certificates signed using algorithms other than those
		372	specified.
359	.It Cm CertificateFile	373	.It Cm CertificateFile
360	Specifies a file from which the user's certificate is read.	374	Specifies a file from which the user's certificate is read.
361	A corresponding private key must be provided separately in order	375	A corresponding private key must be provided separately in order
@@ -692,6 +706,10 @@ section of
692	X11 connections received by	706	X11 connections received by
693	.Xr ssh 1	707	.Xr ssh 1
694	after this time will be refused.	708	after this time will be refused.
		709	Setting
		710	.Cm ForwardX11Timeout
		711	to zero will disable the timeout and permit X11 forwarding for the life
		712	of the connection.
695	The default is to disable untrusted X11 forwarding after twenty minutes has	713	The default is to disable untrusted X11 forwarding after twenty minutes has
696	elapsed.	714	elapsed.
697	.It Cm ForwardX11Trusted	715	.It Cm ForwardX11Trusted
@@ -915,6 +933,10 @@ If the string
915	is specified, the location of the socket will be read from the	933	is specified, the location of the socket will be read from the
916	.Ev SSH_AUTH_SOCK	934	.Ev SSH_AUTH_SOCK
917	environment variable.	935	environment variable.
		936	Otherwise if the specified value begins with a
		937	.Sq $
		938	character, then it will be treated as an environment variable containing
		939	the location of the socket.
918	.Pp	940	.Pp
919	Arguments to	941	Arguments to
920	.Cm IdentityAgent	942	.Cm IdentityAgent