1 files changed, 69 insertions, 16 deletions
diff --git a/ssh_config.5 b/ssh_config.5
index 2574b1004..080d289a7 100644
--- a/ssh_config.5
+++ b/ssh_config.5
@@ -33,8 +33,8 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: ssh_config.5,v 1.325 2020/04/11 20:20:09 jmc Exp $
+.\" $OpenBSD: ssh_config.5,v 1.332 2020/08/11 09:49:57 djm Exp $
-.Dd $Mdocdate: April 11 2020 $
+.Dd $Mdocdate: August 11 2020 $
 .Dt SSH_CONFIG 5
 .Os
 .Sh NAME
@@ -268,13 +268,22 @@ option was specified to
 If this option is set to
 .Cm no ,
 no keys are added to the agent.
+Alternately, this option may be specified as a time interval
+using the format described in the
+.Sx TIME FORMATS
+section of
+.Xr sshd_config 5
+to specify the key's lifetime in
+.Xr ssh-agent 1 ,
+after which it will automatically be removed.
 The argument must be
-.Cm yes ,
-.Cm confirm ,
-.Cm ask ,
-or
 .Cm no
-(the default).
+(the default),
+.Cm yes ,
+.Cm confirm
+(optionally followed by a time interval),
+.Cm ask
+or a time interval.
 .It Cm AddressFamily
 Specifies which address family to use when connecting.
 Valid arguments are
@@ -416,9 +425,11 @@ or
 .Pp
 Arguments to
 .Cm CertificateFile
-may use the tilde syntax to refer to a user's home directory
+may use the tilde syntax to refer to a user's home directory,
-or the tokens described in the
+the tokens described in the
 .Sx TOKENS
+section and environment variables as described in the
+.Sx ENVIRONMENT VARIABLES
 section.
 .Pp
 It is possible to have multiple certificate files specified in
@@ -578,9 +589,11 @@ section above or the string
 to disable connection sharing.
 Arguments to
 .Cm ControlPath
-may use the tilde syntax to refer to a user's home directory
+may use the tilde syntax to refer to a user's home directory,
-or the tokens described in the
+the tokens described in the
 .Sx TOKENS
+section and environment variables as described in the
+.Sx ENVIRONMENT VARIABLES
 section.
 It is recommended that any
 .Cm ControlPath
@@ -1022,9 +1035,11 @@ the location of the socket.
 .Pp
 Arguments to
 .Cm IdentityAgent
-may use the tilde syntax to refer to a user's home directory
+may use the tilde syntax to refer to a user's home directory,
-or the tokens described in the
+the tokens described in the
 .Sx TOKENS
+section and environment variables as described in the
+.Sx ENVIRONMENT VARIABLES
 section.
 .It Cm IdentityFile
 Specifies a file from which the user's DSA, ECDSA, authenticator-hosted ECDSA,
@@ -1092,6 +1107,7 @@ Multiple pathnames may be specified and each pathname may contain
 wildcards and, for user configurations, shell-like
 .Sq ~
 references to user home directories.
+Wildcards will be expanded and processed in lexical order.
 Files without absolute paths are assumed to be in
 .Pa ~/.ssh
 if included in a user configuration file or
@@ -1238,8 +1254,10 @@ indicates that the listening port be bound for local use only, while an
 empty address or
 .Sq *
 indicates that the port should be available from all interfaces.
-Unix domain socket paths accept the tokens described in the
+Unix domain socket paths may use the tokens described in the
 .Sx TOKENS
+section and environment variables as described in the
+.Sx ENVIRONMENT VARIABLES
 section.
 .It Cm LogLevel
 Gives the verbosity level that is used when logging messages from
@@ -1509,8 +1527,10 @@ Multiple forwardings may be specified, and additional
 forwardings can be given on the command line.
 Privileged ports can be forwarded only when
 logging in as root on the remote machine.
-Unix domain socket paths accept the tokens described in the
+Unix domain socket paths may use the tokens described in the
 .Sx TOKENS
+section and environment variables as described in the
+.Sx ENVIRONMENT VARIABLES
 section.
 .Pp
 If the
@@ -1826,6 +1846,12 @@ having to remember to give the user name on the command line.
 .It Cm UserKnownHostsFile
 Specifies one or more files to use for the user
 host key database, separated by whitespace.
+Each filename may use tilde notation to refer to the user's home directory,
+the tokens described in the
+.Sx TOKENS
+section and environment variables as described in the
+.Sx ENVIRONMENT VARIABLES
+section.
 The default is
 .Pa ~/.ssh/known_hosts ,
 .Pa ~/.ssh/known_hosts2 .
@@ -1932,6 +1958,9 @@ Local user's home directory.
 The remote hostname.
 .It %i
 The local user ID.
+.It %k
+The host key alias if specified, otherwise the orignal remote hostname given
+on the command line.
 .It %L
 The local hostname.
 .It %l
@@ -1962,8 +1991,9 @@ The local username.
 .Cm LocalForward ,
 .Cm Match exec ,
 .Cm RemoteCommand ,
+.Cm RemoteForward ,
 and
-.Cm RemoteForward
+.Cm UserKnownHostsFile
 accept the tokens %%, %C, %d, %h, %i, %L, %l, %n, %p, %r, and %u.
 .Pp
 .Cm Hostname
@@ -1974,6 +2004,29 @@ accepts all tokens.
 .Pp
 .Cm ProxyCommand
 accepts the tokens %%, %h, %n, %p, and %r.
+.Sh ENVIRONMENT VARIABLES
+Arguments to some keywords can be expanded at runtime from environment
+variables on the client by enclosing them in
+.Ic ${} ,
+for example
+.Ic ${HOME}/.ssh
+would refer to the user's .ssh directory.
+If a specified environment variable does not exist then an error will be
+returned and the setting for that keyword will be ignored.
+.Pp
+The keywords
+.Cm CertificateFile ,
+.Cm ControlPath ,
+.Cm IdentityAgent ,
+.Cm IdentityFile
+and
+.Cm UserKnownHostsFile
+support environment variables.
+The keywords
+.Cm LocalForward
+and
+.Cm RemoteForward
+support environment variables only for Unix domain socket paths.
 .Sh FILES
 .Bl -tag -width Ds
 .It Pa ~/.ssh/config

diff --git a/ssh_config.5 b/ssh_config.5 index 2574b1004..080d289a7 100644 --- a/ssh_config.5 +++ b/ssh_config.5
@@ -33,8 +33,8 @@
33	.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF	33	.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
34	.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.	34	.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
35	.\"	35	.\"
36	.\" $OpenBSD: ssh_config.5,v 1.325 2020/04/11 20:20:09 jmc Exp $	36	.\" $OpenBSD: ssh_config.5,v 1.332 2020/08/11 09:49:57 djm Exp $
37	.Dd $Mdocdate: April 11 2020 $	37	.Dd $Mdocdate: August 11 2020 $
38	.Dt SSH_CONFIG 5	38	.Dt SSH_CONFIG 5
39	.Os	39	.Os
40	.Sh NAME	40	.Sh NAME
@@ -268,13 +268,22 @@ option was specified to
268	If this option is set to	268	If this option is set to
269	.Cm no ,	269	.Cm no ,
270	no keys are added to the agent.	270	no keys are added to the agent.
		271	Alternately, this option may be specified as a time interval
		272	using the format described in the
		273	.Sx TIME FORMATS
		274	section of
		275	.Xr sshd_config 5
		276	to specify the key's lifetime in
		277	.Xr ssh-agent 1 ,
		278	after which it will automatically be removed.
271	The argument must be	279	The argument must be
272	.Cm yes ,
273	.Cm confirm ,
274	.Cm ask ,
275	or
276	.Cm no	280	.Cm no
277	(the default).	281	(the default),
		282	.Cm yes ,
		283	.Cm confirm
		284	(optionally followed by a time interval),
		285	.Cm ask
		286	or a time interval.
278	.It Cm AddressFamily	287	.It Cm AddressFamily
279	Specifies which address family to use when connecting.	288	Specifies which address family to use when connecting.
280	Valid arguments are	289	Valid arguments are
@@ -416,9 +425,11 @@ or
416	.Pp	425	.Pp
417	Arguments to	426	Arguments to
418	.Cm CertificateFile	427	.Cm CertificateFile
419	may use the tilde syntax to refer to a user's home directory	428	may use the tilde syntax to refer to a user's home directory,
420	or the tokens described in the	429	the tokens described in the
421	.Sx TOKENS	430	.Sx TOKENS
		431	section and environment variables as described in the
		432	.Sx ENVIRONMENT VARIABLES
422	section.	433	section.
423	.Pp	434	.Pp
424	It is possible to have multiple certificate files specified in	435	It is possible to have multiple certificate files specified in
@@ -578,9 +589,11 @@ section above or the string
578	to disable connection sharing.	589	to disable connection sharing.
579	Arguments to	590	Arguments to
580	.Cm ControlPath	591	.Cm ControlPath
581	may use the tilde syntax to refer to a user's home directory	592	may use the tilde syntax to refer to a user's home directory,
582	or the tokens described in the	593	the tokens described in the
583	.Sx TOKENS	594	.Sx TOKENS
		595	section and environment variables as described in the
		596	.Sx ENVIRONMENT VARIABLES
584	section.	597	section.
585	It is recommended that any	598	It is recommended that any
586	.Cm ControlPath	599	.Cm ControlPath
@@ -1022,9 +1035,11 @@ the location of the socket.
1022	.Pp	1035	.Pp
1023	Arguments to	1036	Arguments to
1024	.Cm IdentityAgent	1037	.Cm IdentityAgent
1025	may use the tilde syntax to refer to a user's home directory	1038	may use the tilde syntax to refer to a user's home directory,
1026	or the tokens described in the	1039	the tokens described in the
1027	.Sx TOKENS	1040	.Sx TOKENS
		1041	section and environment variables as described in the
		1042	.Sx ENVIRONMENT VARIABLES
1028	section.	1043	section.
1029	.It Cm IdentityFile	1044	.It Cm IdentityFile
1030	Specifies a file from which the user's DSA, ECDSA, authenticator-hosted ECDSA,	1045	Specifies a file from which the user's DSA, ECDSA, authenticator-hosted ECDSA,
@@ -1092,6 +1107,7 @@ Multiple pathnames may be specified and each pathname may contain
1092	wildcards and, for user configurations, shell-like	1107	wildcards and, for user configurations, shell-like
1093	.Sq ~	1108	.Sq ~
1094	references to user home directories.	1109	references to user home directories.
		1110	Wildcards will be expanded and processed in lexical order.
1095	Files without absolute paths are assumed to be in	1111	Files without absolute paths are assumed to be in
1096	.Pa ~/.ssh	1112	.Pa ~/.ssh
1097	if included in a user configuration file or	1113	if included in a user configuration file or
@@ -1238,8 +1254,10 @@ indicates that the listening port be bound for local use only, while an
1238	empty address or	1254	empty address or
1239	.Sq *	1255	.Sq *
1240	indicates that the port should be available from all interfaces.	1256	indicates that the port should be available from all interfaces.
1241	Unix domain socket paths accept the tokens described in the	1257	Unix domain socket paths may use the tokens described in the
1242	.Sx TOKENS	1258	.Sx TOKENS
		1259	section and environment variables as described in the
		1260	.Sx ENVIRONMENT VARIABLES
1243	section.	1261	section.
1244	.It Cm LogLevel	1262	.It Cm LogLevel
1245	Gives the verbosity level that is used when logging messages from	1263	Gives the verbosity level that is used when logging messages from
@@ -1509,8 +1527,10 @@ Multiple forwardings may be specified, and additional
1509	forwardings can be given on the command line.	1527	forwardings can be given on the command line.
1510	Privileged ports can be forwarded only when	1528	Privileged ports can be forwarded only when
1511	logging in as root on the remote machine.	1529	logging in as root on the remote machine.
1512	Unix domain socket paths accept the tokens described in the	1530	Unix domain socket paths may use the tokens described in the
1513	.Sx TOKENS	1531	.Sx TOKENS
		1532	section and environment variables as described in the
		1533	.Sx ENVIRONMENT VARIABLES
1514	section.	1534	section.
1515	.Pp	1535	.Pp
1516	If the	1536	If the
@@ -1826,6 +1846,12 @@ having to remember to give the user name on the command line.
1826	.It Cm UserKnownHostsFile	1846	.It Cm UserKnownHostsFile
1827	Specifies one or more files to use for the user	1847	Specifies one or more files to use for the user
1828	host key database, separated by whitespace.	1848	host key database, separated by whitespace.
		1849	Each filename may use tilde notation to refer to the user's home directory,
		1850	the tokens described in the
		1851	.Sx TOKENS
		1852	section and environment variables as described in the
		1853	.Sx ENVIRONMENT VARIABLES
		1854	section.
1829	The default is	1855	The default is
1830	.Pa ~/.ssh/known_hosts ,	1856	.Pa ~/.ssh/known_hosts ,
1831	.Pa ~/.ssh/known_hosts2 .	1857	.Pa ~/.ssh/known_hosts2 .
@@ -1932,6 +1958,9 @@ Local user's home directory.
1932	The remote hostname.	1958	The remote hostname.
1933	.It %i	1959	.It %i
1934	The local user ID.	1960	The local user ID.
		1961	.It %k
		1962	The host key alias if specified, otherwise the orignal remote hostname given
		1963	on the command line.
1935	.It %L	1964	.It %L
1936	The local hostname.	1965	The local hostname.
1937	.It %l	1966	.It %l
@@ -1962,8 +1991,9 @@ The local username.
1962	.Cm LocalForward ,	1991	.Cm LocalForward ,
1963	.Cm Match exec ,	1992	.Cm Match exec ,
1964	.Cm RemoteCommand ,	1993	.Cm RemoteCommand ,
		1994	.Cm RemoteForward ,
1965	and	1995	and
1966	.Cm RemoteForward	1996	.Cm UserKnownHostsFile
1967	accept the tokens %%, %C, %d, %h, %i, %L, %l, %n, %p, %r, and %u.	1997	accept the tokens %%, %C, %d, %h, %i, %L, %l, %n, %p, %r, and %u.
1968	.Pp	1998	.Pp
1969	.Cm Hostname	1999	.Cm Hostname
@@ -1974,6 +2004,29 @@ accepts all tokens.
1974	.Pp	2004	.Pp
1975	.Cm ProxyCommand	2005	.Cm ProxyCommand
1976	accepts the tokens %%, %h, %n, %p, and %r.	2006	accepts the tokens %%, %h, %n, %p, and %r.
		2007	.Sh ENVIRONMENT VARIABLES
		2008	Arguments to some keywords can be expanded at runtime from environment
		2009	variables on the client by enclosing them in
		2010	.Ic ${} ,
		2011	for example
		2012	.Ic ${HOME}/.ssh
		2013	would refer to the user's .ssh directory.
		2014	If a specified environment variable does not exist then an error will be
		2015	returned and the setting for that keyword will be ignored.
		2016	.Pp
		2017	The keywords
		2018	.Cm CertificateFile ,
		2019	.Cm ControlPath ,
		2020	.Cm IdentityAgent ,
		2021	.Cm IdentityFile
		2022	and
		2023	.Cm UserKnownHostsFile
		2024	support environment variables.
		2025	The keywords
		2026	.Cm LocalForward
		2027	and
		2028	.Cm RemoteForward
		2029	support environment variables only for Unix domain socket paths.
1977	.Sh FILES	2030	.Sh FILES
1978	.Bl -tag -width Ds	2031	.Bl -tag -width Ds
1979	.It Pa ~/.ssh/config	2032	.It Pa ~/.ssh/config