diff options
Diffstat (limited to 'ssh_config.5')
-rw-r--r-- | ssh_config.5 | 48 |
1 files changed, 34 insertions, 14 deletions
diff --git a/ssh_config.5 b/ssh_config.5 index 1b8b8da5d..76e451079 100644 --- a/ssh_config.5 +++ b/ssh_config.5 | |||
@@ -34,8 +34,8 @@ | |||
34 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 34 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
35 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 35 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
36 | .\" | 36 | .\" |
37 | .\" $OpenBSD: ssh_config.5,v 1.111 2008/06/26 11:46:31 grunk Exp $ | 37 | .\" $OpenBSD: ssh_config.5,v 1.119 2009/02/22 23:50:57 djm Exp $ |
38 | .Dd $Mdocdate: June 26 2008 $ | 38 | .Dd $Mdocdate: February 22 2009 $ |
39 | .Dt SSH_CONFIG 5 | 39 | .Dt SSH_CONFIG 5 |
40 | .Os | 40 | .Os |
41 | .Sh NAME | 41 | .Sh NAME |
@@ -119,7 +119,7 @@ Restricts the following declarations (up to the next | |||
119 | .Cm Host | 119 | .Cm Host |
120 | keyword) to be only for those hosts that match one of the patterns | 120 | keyword) to be only for those hosts that match one of the patterns |
121 | given after the keyword. | 121 | given after the keyword. |
122 | If more than one pattern is provided, they should be separated by whitepsace. | 122 | If more than one pattern is provided, they should be separated by whitespace. |
123 | A single | 123 | A single |
124 | .Ql * | 124 | .Ql * |
125 | as a pattern can be used to provide global | 125 | as a pattern can be used to provide global |
@@ -224,9 +224,9 @@ and | |||
224 | .Dq cast128-cbc . | 224 | .Dq cast128-cbc . |
225 | The default is: | 225 | The default is: |
226 | .Bd -literal -offset 3n | 226 | .Bd -literal -offset 3n |
227 | aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128, | 227 | aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128, |
228 | arcfour256,arcfour,aes192-cbc,aes256-cbc,aes128-ctr, | 228 | aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc, |
229 | aes192-ctr,aes256-ctr | 229 | aes256-cbc,arcfour |
230 | .Ed | 230 | .Ed |
231 | .It Cm ClearAllForwardings | 231 | .It Cm ClearAllForwardings |
232 | Specifies that all local, remote, and dynamic port forwardings | 232 | Specifies that all local, remote, and dynamic port forwardings |
@@ -505,18 +505,28 @@ GSSAPI key exchange the server need not have a host key. | |||
505 | The default is | 505 | The default is |
506 | .Dq no . | 506 | .Dq no . |
507 | Note that this option applies to protocol version 2 only. | 507 | Note that this option applies to protocol version 2 only. |
508 | .It Cm GSSAPIClientIdentity | ||
509 | If set, specifies the GSSAPI client identity that ssh should use when | ||
510 | connecting to the server. The default is unset, which means that the default | ||
511 | identity will be used. | ||
508 | .It Cm GSSAPIDelegateCredentials | 512 | .It Cm GSSAPIDelegateCredentials |
509 | Forward (delegate) credentials to the server. | 513 | Forward (delegate) credentials to the server. |
510 | The default is | 514 | The default is |
511 | .Dq no . | 515 | .Dq no . |
512 | Note that this option applies to protocol version 2 only. | 516 | Note that this option applies to protocol version 2 connections using GSSAPI. |
517 | .It Cm GSSAPIRenewalForcesRekey | ||
518 | If set to | ||
519 | .Dq yes | ||
520 | then renewal of the client's GSSAPI credentials will force the rekeying of the | ||
521 | ssh connection. With a compatible server, this can delegate the renewed | ||
522 | credentials to a session on the server. | ||
523 | The default is | ||
524 | .Dq no . | ||
513 | .It Cm GSSAPITrustDns | 525 | .It Cm GSSAPITrustDns |
514 | Set to | 526 | Set to |
515 | .Dq yes | 527 | .Dq yes to indicate that the DNS is trusted to securely canonicalize |
516 | to indicate that the DNS is trusted to securely canonicalize | ||
517 | the name of the host being connected to. If | 528 | the name of the host being connected to. If |
518 | .Dq no , | 529 | .Dq no, the hostname entered on the |
519 | the hostname entered on the | ||
520 | command line will be passed untouched to the GSSAPI library. | 530 | command line will be passed untouched to the GSSAPI library. |
521 | The default is | 531 | The default is |
522 | .Dq no . | 532 | .Dq no . |
@@ -852,7 +862,15 @@ and | |||
852 | .Ar host Ns / Ns Ar hostport . | 862 | .Ar host Ns / Ns Ar hostport . |
853 | Multiple forwardings may be specified, and additional | 863 | Multiple forwardings may be specified, and additional |
854 | forwardings can be given on the command line. | 864 | forwardings can be given on the command line. |
855 | Only the superuser can forward privileged ports. | 865 | Privileged ports can be forwarded only when |
866 | logging in as root on the remote machine. | ||
867 | .Pp | ||
868 | If the | ||
869 | .Ar port | ||
870 | argument is | ||
871 | .Ql 0 , | ||
872 | the listen port will be dynamically allocated on the server and reported | ||
873 | to the client at run time. | ||
856 | .Pp | 874 | .Pp |
857 | If the | 875 | If the |
858 | .Ar bind_address | 876 | .Ar bind_address |
@@ -1138,10 +1156,12 @@ in | |||
1138 | If this flag is set to | 1156 | If this flag is set to |
1139 | .Dq yes , | 1157 | .Dq yes , |
1140 | an ASCII art representation of the remote host key fingerprint is | 1158 | an ASCII art representation of the remote host key fingerprint is |
1141 | printed additionally to the hex fingerprint string. | 1159 | printed in addition to the hex fingerprint string at login and |
1160 | for unknown host keys. | ||
1142 | If this flag is set to | 1161 | If this flag is set to |
1143 | .Dq no , | 1162 | .Dq no , |
1144 | only the hex fingerprint string will be printed. | 1163 | no fingerprint strings are printed at login and |
1164 | only the hex fingerprint string will be printed for unknown host keys. | ||
1145 | The default is | 1165 | The default is |
1146 | .Dq no . | 1166 | .Dq no . |
1147 | .It Cm XAuthLocation | 1167 | .It Cm XAuthLocation |