1 files changed, 57 insertions, 13 deletions
diff --git a/ssh_config.5 b/ssh_config.5
index 50bcae82f..a782d6f41 100644
--- a/ssh_config.5
+++ b/ssh_config.5
@@ -33,8 +33,8 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: ssh_config.5,v 1.146 2010/12/08 04:02:47 djm Exp $
+.\" $OpenBSD: ssh_config.5,v 1.153 2011/08/02 01:22:11 djm Exp $
-.Dd $Mdocdate: December 8 2010 $
+.Dd $Mdocdate: August 2 2011 $
 .Dt SSH_CONFIG 5
 .Os
 .Sh NAME
@@ -112,6 +112,15 @@ The host is the
 argument given on the command line (i.e. the name is not converted to
 a canonicalized host name before matching).
 .Pp
+A pattern entry may be negated by prefixing it with an exclamation mark
+.Pq Sq !\& .
+If a negated entry is matched, then the
+.Cm Host
+entry is ignored, regardless of whether any other patterns on the line
+match.
+Negated matches are therefore useful to provide exceptions for wildcard
+matches.
+.Pp
 See
 .Sx PATTERNS
 for more information on patterns.
@@ -305,14 +314,22 @@ section above or the string
 .Dq none
 to disable connection sharing.
 In the path,
+.Ql %L
+will be substituted by the first component of the local host name,
 .Ql %l
-will be substituted by the local host name,
+will be substituted by the local host name (including any domain name),
 .Ql %h
 will be substituted by the target host name,
+.Ql %n
+will be substituted by the original target host name
+specified on the command line,
 .Ql %p
-the port, and
+the port,
 .Ql %r
-by the remote login username.
+by the remote login username, and
+.Ql %u
+by the username of the user running
+.Xr ssh 1 .
 It is recommended that any
 .Cm ControlPath
 used for opportunistic connection sharing include
@@ -500,9 +517,11 @@ or
 The default is
 .Dq no .
 .It Cm GlobalKnownHostsFile
-Specifies a file to use for the global
+Specifies one or more files to use for the global
-host key database instead of
+host key database, separated by whitespace.
-.Pa /etc/ssh/ssh_known_hosts .
+The default is
+.Pa /etc/ssh/ssh_known_hosts ,
+.Pa /etc/ssh/ssh_known_hosts2 .
 .It Cm GSSAPIAuthentication
 Specifies whether user authentication based on GSSAPI is allowed.
 The default is
@@ -569,7 +588,7 @@ Specifies the real host name to log into.
 This can be used to specify nicknames or abbreviations for hosts.
 If the hostname contains the character sequence
 .Ql %h ,
-then this will be replaced with the host name specified on the commandline
+then this will be replaced with the host name specified on the command line
 (this is useful for manipulating unqualified names).
 The default is the name given on the command line.
 Numeric IP addresses are also permitted (both on the command line and in
@@ -629,6 +648,10 @@ escape characters:
 It is possible to have
 multiple identity files specified in configuration files; all these
 identities will be tried in sequence.
+Multiple
+.Cm IdentityFile
+directives will add to the list of identities tried (this behaviour
+differs from that of other configuration directives).
 .It Cm IPQoS
 Specifies the IPv4 type-of-service or DSCP class for connections.
 Accepted values are
@@ -770,7 +793,9 @@ Multiple algorithms must be comma-separated.
 The default is:
 .Bd -literal -offset indent
 hmac-md5,hmac-sha1,umac-64@openssh.com,
-hmac-ripemd160,hmac-sha1-96,hmac-md5-96
+hmac-ripemd160,hmac-sha1-96,hmac-md5-96,
+hmac-sha2-256,hmac-sha2-256-96,hmac-sha2-512,
+hmac-sha2-512-96
 .Ed
 .It Cm NoHostAuthenticationForLocalhost
 This option can be used if the home directory is shared across machines.
@@ -943,6 +968,23 @@ will only succeed if the server's
 .Cm GatewayPorts
 option is enabled (see
 .Xr sshd_config 5 ) .
+.It Cm RequestTTY
+Specifies whether to request a pseudo-tty for the session.
+The argument may be one of:
+.Dq no
+(never request a TTY),
+.Dq yes
+(always request a TTY when standard input is a TTY),
+.Dq force
+(always request a TTY) or
+.Dq auto
+(request a TTY when opening a login session).
+This option mirrors the
+.Fl t
+and
+.Fl T
+flags for
+.Xr ssh 1 .
 .It Cm RhostsRSAAuthentication
 Specifies whether to try rhosts based authentication with RSA host
 authentication.
@@ -1137,9 +1179,11 @@ This can be useful when a different user name is used on different machines.
 This saves the trouble of
 having to remember to give the user name on the command line.
 .It Cm UserKnownHostsFile
-Specifies a file to use for the user
+Specifies one or more files to use for the user
-host key database instead of
+host key database, separated by whitespace.
-.Pa ~/.ssh/known_hosts .
+The default is
+.Pa ~/.ssh/known_hosts ,
+.Pa ~/.ssh/known_hosts2 .
 .It Cm VerifyHostKeyDNS
 Specifies whether to verify the remote key using DNS and SSHFP resource
 records.

diff --git a/ssh_config.5 b/ssh_config.5 index 50bcae82f..a782d6f41 100644 --- a/ssh_config.5 +++ b/ssh_config.5
@@ -33,8 +33,8 @@
33	.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF	33	.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
34	.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.	34	.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
35	.\"	35	.\"
36	.\" $OpenBSD: ssh_config.5,v 1.146 2010/12/08 04:02:47 djm Exp $	36	.\" $OpenBSD: ssh_config.5,v 1.153 2011/08/02 01:22:11 djm Exp $
37	.Dd $Mdocdate: December 8 2010 $	37	.Dd $Mdocdate: August 2 2011 $
38	.Dt SSH_CONFIG 5	38	.Dt SSH_CONFIG 5
39	.Os	39	.Os
40	.Sh NAME	40	.Sh NAME
@@ -112,6 +112,15 @@ The host is the
112	argument given on the command line (i.e. the name is not converted to	112	argument given on the command line (i.e. the name is not converted to
113	a canonicalized host name before matching).	113	a canonicalized host name before matching).
114	.Pp	114	.Pp
		115	A pattern entry may be negated by prefixing it with an exclamation mark
		116	.Pq Sq !\& .
		117	If a negated entry is matched, then the
		118	.Cm Host
		119	entry is ignored, regardless of whether any other patterns on the line
		120	match.
		121	Negated matches are therefore useful to provide exceptions for wildcard
		122	matches.
		123	.Pp
115	See	124	See
116	.Sx PATTERNS	125	.Sx PATTERNS
117	for more information on patterns.	126	for more information on patterns.
@@ -305,14 +314,22 @@ section above or the string
305	.Dq none	314	.Dq none
306	to disable connection sharing.	315	to disable connection sharing.
307	In the path,	316	In the path,
		317	.Ql %L
		318	will be substituted by the first component of the local host name,
308	.Ql %l	319	.Ql %l
309	will be substituted by the local host name,	320	will be substituted by the local host name (including any domain name),
310	.Ql %h	321	.Ql %h
311	will be substituted by the target host name,	322	will be substituted by the target host name,
		323	.Ql %n
		324	will be substituted by the original target host name
		325	specified on the command line,
312	.Ql %p	326	.Ql %p
313	the port, and	327	the port,
314	.Ql %r	328	.Ql %r
315	by the remote login username.	329	by the remote login username, and
		330	.Ql %u
		331	by the username of the user running
		332	.Xr ssh 1 .
316	It is recommended that any	333	It is recommended that any
317	.Cm ControlPath	334	.Cm ControlPath
318	used for opportunistic connection sharing include	335	used for opportunistic connection sharing include
@@ -500,9 +517,11 @@ or
500	The default is	517	The default is
501	.Dq no .	518	.Dq no .
502	.It Cm GlobalKnownHostsFile	519	.It Cm GlobalKnownHostsFile
503	Specifies a file to use for the global	520	Specifies one or more files to use for the global
504	host key database instead of	521	host key database, separated by whitespace.
505	.Pa /etc/ssh/ssh_known_hosts .	522	The default is
		523	.Pa /etc/ssh/ssh_known_hosts ,
		524	.Pa /etc/ssh/ssh_known_hosts2 .
506	.It Cm GSSAPIAuthentication	525	.It Cm GSSAPIAuthentication
507	Specifies whether user authentication based on GSSAPI is allowed.	526	Specifies whether user authentication based on GSSAPI is allowed.
508	The default is	527	The default is
@@ -569,7 +588,7 @@ Specifies the real host name to log into.
569	This can be used to specify nicknames or abbreviations for hosts.	588	This can be used to specify nicknames or abbreviations for hosts.
570	If the hostname contains the character sequence	589	If the hostname contains the character sequence
571	.Ql %h ,	590	.Ql %h ,
572	then this will be replaced with the host name specified on the commandline	591	then this will be replaced with the host name specified on the command line
573	(this is useful for manipulating unqualified names).	592	(this is useful for manipulating unqualified names).
574	The default is the name given on the command line.	593	The default is the name given on the command line.
575	Numeric IP addresses are also permitted (both on the command line and in	594	Numeric IP addresses are also permitted (both on the command line and in
@@ -629,6 +648,10 @@ escape characters:
629	It is possible to have	648	It is possible to have
630	multiple identity files specified in configuration files; all these	649	multiple identity files specified in configuration files; all these
631	identities will be tried in sequence.	650	identities will be tried in sequence.
		651	Multiple
		652	.Cm IdentityFile
		653	directives will add to the list of identities tried (this behaviour
		654	differs from that of other configuration directives).
632	.It Cm IPQoS	655	.It Cm IPQoS
633	Specifies the IPv4 type-of-service or DSCP class for connections.	656	Specifies the IPv4 type-of-service or DSCP class for connections.
634	Accepted values are	657	Accepted values are
@@ -770,7 +793,9 @@ Multiple algorithms must be comma-separated.
770	The default is:	793	The default is:
771	.Bd -literal -offset indent	794	.Bd -literal -offset indent
772	hmac-md5,hmac-sha1,umac-64@openssh.com,	795	hmac-md5,hmac-sha1,umac-64@openssh.com,
773	hmac-ripemd160,hmac-sha1-96,hmac-md5-96	796	hmac-ripemd160,hmac-sha1-96,hmac-md5-96,
		797	hmac-sha2-256,hmac-sha2-256-96,hmac-sha2-512,
		798	hmac-sha2-512-96
774	.Ed	799	.Ed
775	.It Cm NoHostAuthenticationForLocalhost	800	.It Cm NoHostAuthenticationForLocalhost
776	This option can be used if the home directory is shared across machines.	801	This option can be used if the home directory is shared across machines.
@@ -943,6 +968,23 @@ will only succeed if the server's
943	.Cm GatewayPorts	968	.Cm GatewayPorts
944	option is enabled (see	969	option is enabled (see
945	.Xr sshd_config 5 ) .	970	.Xr sshd_config 5 ) .
		971	.It Cm RequestTTY
		972	Specifies whether to request a pseudo-tty for the session.
		973	The argument may be one of:
		974	.Dq no
		975	(never request a TTY),
		976	.Dq yes
		977	(always request a TTY when standard input is a TTY),
		978	.Dq force
		979	(always request a TTY) or
		980	.Dq auto
		981	(request a TTY when opening a login session).
		982	This option mirrors the
		983	.Fl t
		984	and
		985	.Fl T
		986	flags for
		987	.Xr ssh 1 .
946	.It Cm RhostsRSAAuthentication	988	.It Cm RhostsRSAAuthentication
947	Specifies whether to try rhosts based authentication with RSA host	989	Specifies whether to try rhosts based authentication with RSA host
948	authentication.	990	authentication.
@@ -1137,9 +1179,11 @@ This can be useful when a different user name is used on different machines.
1137	This saves the trouble of	1179	This saves the trouble of
1138	having to remember to give the user name on the command line.	1180	having to remember to give the user name on the command line.
1139	.It Cm UserKnownHostsFile	1181	.It Cm UserKnownHostsFile
1140	Specifies a file to use for the user	1182	Specifies one or more files to use for the user
1141	host key database instead of	1183	host key database, separated by whitespace.
1142	.Pa ~/.ssh/known_hosts .	1184	The default is
		1185	.Pa ~/.ssh/known_hosts ,
		1186	.Pa ~/.ssh/known_hosts2 .
1143	.It Cm VerifyHostKeyDNS	1187	.It Cm VerifyHostKeyDNS
1144	Specifies whether to verify the remote key using DNS and SSHFP resource	1188	Specifies whether to verify the remote key using DNS and SSHFP resource
1145	records.	1189	records.