1 files changed, 27 insertions, 13 deletions
diff --git a/ssh_config.5 b/ssh_config.5
index 76e451079..0ce851aa8 100644
--- a/ssh_config.5
+++ b/ssh_config.5
@@ -34,8 +34,8 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: ssh_config.5,v 1.119 2009/02/22 23:50:57 djm Exp $
+.\" $OpenBSD: ssh_config.5,v 1.129 2010/03/05 10:28:21 djm Exp $
-.Dd $Mdocdate: February 22 2009 $
+.Dd $Mdocdate: March 5 2010 $
 .Dt SSH_CONFIG 5
 .Os
 .Sh NAME
@@ -610,6 +610,12 @@ and
 for protocol version 2.
 Additionally, any identities represented by the authentication agent
 will be used for authentication.
+.Xr ssh 1
+will try to load certificate information from the filename obtained by
+appending
+.Pa -cert.pub
+to the path of a specified
+.Cm IdentityFile .
 .Pp
 The file name may use the tilde
 syntax to refer to a user's home directory or one of the following
@@ -667,6 +673,13 @@ The following escape character substitutions will be performed:
 (remote user name) or
 .Ql %u
 (local user name).
+.Pp
+The command is run synchronously and does not have access to the
+session of the
+.Xr ssh 1
+that spawned it.
+It should not be used for interactive commands.
+.Pp
 This directive is ignored unless
 .Cm PermitLocalCommand
 has been enabled.
@@ -755,6 +768,12 @@ or
 .Dq no .
 The default is
 .Dq no .
+.It Cm PKCS11Provider
+Specifies which PKCS#11 provider to use.
+The argument to this keyword is the PKCS#11 shared libary
+.Xr ssh 1
+should use to communicate with a PKCS#11 token providing the user's
+private RSA key.
 .It Cm Port
 Specifies the port number to connect on the remote host.
 The default is 22.
@@ -781,11 +800,13 @@ The possible values are
 and
 .Sq 2 .
 Multiple versions must be comma-separated.
-The default is
+When this option is set to
-.Dq 2,1 .
+.Dq 2,1
-This means that ssh
+.Nm ssh
-tries version 2 and falls back to version 1
+will try version 2 and fall back to version 1
 if version 2 is not available.
+The default is
+.Sq 2 .
 .It Cm ProxyCommand
 Specifies the command to use to connect to the server.
 The command
@@ -979,13 +1000,6 @@ This option applies to protocol version 2 only.
 and
 .Cm SetupTimeOut
 are Debian-specific compatibility aliases for this option.
-.It Cm SmartcardDevice
-Specifies which smartcard device to use.
-The argument to this keyword is the device
-.Xr ssh 1
-should use to communicate with a smartcard used for storing the user's
-private RSA key.
-By default, no device is specified and smartcard support is not activated.
 .It Cm StrictHostKeyChecking
 If this flag is set to
 .Dq yes ,

diff --git a/ssh_config.5 b/ssh_config.5 index 76e451079..0ce851aa8 100644 --- a/ssh_config.5 +++ b/ssh_config.5
@@ -34,8 +34,8 @@
34	.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF	34	.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
35	.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.	35	.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
36	.\"	36	.\"
37	.\" $OpenBSD: ssh_config.5,v 1.119 2009/02/22 23:50:57 djm Exp $	37	.\" $OpenBSD: ssh_config.5,v 1.129 2010/03/05 10:28:21 djm Exp $
38	.Dd $Mdocdate: February 22 2009 $	38	.Dd $Mdocdate: March 5 2010 $
39	.Dt SSH_CONFIG 5	39	.Dt SSH_CONFIG 5
40	.Os	40	.Os
41	.Sh NAME	41	.Sh NAME
@@ -610,6 +610,12 @@ and
610	for protocol version 2.	610	for protocol version 2.
611	Additionally, any identities represented by the authentication agent	611	Additionally, any identities represented by the authentication agent
612	will be used for authentication.	612	will be used for authentication.
		613	.Xr ssh 1
		614	will try to load certificate information from the filename obtained by
		615	appending
		616	.Pa -cert.pub
		617	to the path of a specified
		618	.Cm IdentityFile .
613	.Pp	619	.Pp
614	The file name may use the tilde	620	The file name may use the tilde
615	syntax to refer to a user's home directory or one of the following	621	syntax to refer to a user's home directory or one of the following
@@ -667,6 +673,13 @@ The following escape character substitutions will be performed:
667	(remote user name) or	673	(remote user name) or
668	.Ql %u	674	.Ql %u
669	(local user name).	675	(local user name).
		676	.Pp
		677	The command is run synchronously and does not have access to the
		678	session of the
		679	.Xr ssh 1
		680	that spawned it.
		681	It should not be used for interactive commands.
		682	.Pp
670	This directive is ignored unless	683	This directive is ignored unless
671	.Cm PermitLocalCommand	684	.Cm PermitLocalCommand
672	has been enabled.	685	has been enabled.
@@ -755,6 +768,12 @@ or
755	.Dq no .	768	.Dq no .
756	The default is	769	The default is
757	.Dq no .	770	.Dq no .
		771	.It Cm PKCS11Provider
		772	Specifies which PKCS#11 provider to use.
		773	The argument to this keyword is the PKCS#11 shared libary
		774	.Xr ssh 1
		775	should use to communicate with a PKCS#11 token providing the user's
		776	private RSA key.
758	.It Cm Port	777	.It Cm Port
759	Specifies the port number to connect on the remote host.	778	Specifies the port number to connect on the remote host.
760	The default is 22.	779	The default is 22.
@@ -781,11 +800,13 @@ The possible values are
781	and	800	and
782	.Sq 2 .	801	.Sq 2 .
783	Multiple versions must be comma-separated.	802	Multiple versions must be comma-separated.
784	The default is	803	When this option is set to
785	.Dq 2,1 .	804	.Dq 2,1
786	This means that ssh	805	.Nm ssh
787	tries version 2 and falls back to version 1	806	will try version 2 and fall back to version 1
788	if version 2 is not available.	807	if version 2 is not available.
		808	The default is
		809	.Sq 2 .
789	.It Cm ProxyCommand	810	.It Cm ProxyCommand
790	Specifies the command to use to connect to the server.	811	Specifies the command to use to connect to the server.
791	The command	812	The command
@@ -979,13 +1000,6 @@ This option applies to protocol version 2 only.
979	and	1000	and
980	.Cm SetupTimeOut	1001	.Cm SetupTimeOut
981	are Debian-specific compatibility aliases for this option.	1002	are Debian-specific compatibility aliases for this option.
982	.It Cm SmartcardDevice
983	Specifies which smartcard device to use.
984	The argument to this keyword is the device
985	.Xr ssh 1
986	should use to communicate with a smartcard used for storing the user's
987	private RSA key.
988	By default, no device is specified and smartcard support is not activated.
989	.It Cm StrictHostKeyChecking	1003	.It Cm StrictHostKeyChecking
990	If this flag is set to	1004	If this flag is set to
991	.Dq yes ,	1005	.Dq yes ,