1 files changed, 57 insertions, 13 deletions
diff --git a/ssh_config.5 b/ssh_config.5
index 269d3941b..9e1e9a6af 100644
--- a/ssh_config.5
+++ b/ssh_config.5
@@ -33,8 +33,8 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: ssh_config.5,v 1.146 2010/12/08 04:02:47 djm Exp $
+.\" $OpenBSD: ssh_config.5,v 1.153 2011/08/02 01:22:11 djm Exp $
-.Dd $Mdocdate: December 8 2010 $
+.Dd $Mdocdate: August 2 2011 $
 .Dt SSH_CONFIG 5
 .Os
 .Sh NAME
@@ -112,6 +112,15 @@ The host is the
 argument given on the command line (i.e. the name is not converted to
 a canonicalized host name before matching).
 .Pp
+A pattern entry may be negated by prefixing it with an exclamation mark
+.Pq Sq !\& .
+If a negated entry is matched, then the
+.Cm Host
+entry is ignored, regardless of whether any other patterns on the line
+match.
+Negated matches are therefore useful to provide exceptions for wildcard
+matches.
+.Pp
 See
 .Sx PATTERNS
 for more information on patterns.
@@ -305,14 +314,22 @@ section above or the string
 .Dq none
 to disable connection sharing.
 In the path,
+.Ql %L
+will be substituted by the first component of the local host name,
 .Ql %l
-will be substituted by the local host name,
+will be substituted by the local host name (including any domain name),
 .Ql %h
 will be substituted by the target host name,
+.Ql %n
+will be substituted by the original target host name
+specified on the command line,
 .Ql %p
-the port, and
+the port,
 .Ql %r
-by the remote login username.
+by the remote login username, and
+.Ql %u
+by the username of the user running
+.Xr ssh 1 .
 It is recommended that any
 .Cm ControlPath
 used for opportunistic connection sharing include
@@ -500,9 +517,11 @@ or
 The default is
 .Dq no .
 .It Cm GlobalKnownHostsFile
-Specifies a file to use for the global
+Specifies one or more files to use for the global
-host key database instead of
+host key database, separated by whitespace.
-.Pa /etc/ssh/ssh_known_hosts .
+The default is
+.Pa /etc/ssh/ssh_known_hosts ,
+.Pa /etc/ssh/ssh_known_hosts2 .
 .It Cm GSSAPIAuthentication
 Specifies whether user authentication based on GSSAPI is allowed.
 The default is
@@ -601,7 +620,7 @@ Specifies the real host name to log into.
 This can be used to specify nicknames or abbreviations for hosts.
 If the hostname contains the character sequence
 .Ql %h ,
-then this will be replaced with the host name specified on the commandline
+then this will be replaced with the host name specified on the command line
 (this is useful for manipulating unqualified names).
 The default is the name given on the command line.
 Numeric IP addresses are also permitted (both on the command line and in
@@ -661,6 +680,10 @@ escape characters:
 It is possible to have
 multiple identity files specified in configuration files; all these
 identities will be tried in sequence.
+Multiple
+.Cm IdentityFile
+directives will add to the list of identities tried (this behaviour
+differs from that of other configuration directives).
 .It Cm IPQoS
 Specifies the IPv4 type-of-service or DSCP class for connections.
 Accepted values are
@@ -802,7 +825,9 @@ Multiple algorithms must be comma-separated.
 The default is:
 .Bd -literal -offset indent
 hmac-md5,hmac-sha1,umac-64@openssh.com,
-hmac-ripemd160,hmac-sha1-96,hmac-md5-96
+hmac-ripemd160,hmac-sha1-96,hmac-md5-96,
+hmac-sha2-256,hmac-sha2-256-96,hmac-sha2-512,
+hmac-sha2-512-96
 .Ed
 .It Cm NoHostAuthenticationForLocalhost
 This option can be used if the home directory is shared across machines.
@@ -975,6 +1000,23 @@ will only succeed if the server's
 .Cm GatewayPorts
 option is enabled (see
 .Xr sshd_config 5 ) .
+.It Cm RequestTTY
+Specifies whether to request a pseudo-tty for the session.
+The argument may be one of:
+.Dq no
+(never request a TTY),
+.Dq yes
+(always request a TTY when standard input is a TTY),
+.Dq force
+(always request a TTY) or
+.Dq auto
+(request a TTY when opening a login session).
+This option mirrors the
+.Fl t
+and
+.Fl T
+flags for
+.Xr ssh 1 .
 .It Cm RhostsRSAAuthentication
 Specifies whether to try rhosts based authentication with RSA host
 authentication.
@@ -1169,9 +1211,11 @@ This can be useful when a different user name is used on different machines.
 This saves the trouble of
 having to remember to give the user name on the command line.
 .It Cm UserKnownHostsFile
-Specifies a file to use for the user
+Specifies one or more files to use for the user
-host key database instead of
+host key database, separated by whitespace.
-.Pa ~/.ssh/known_hosts .
+The default is
+.Pa ~/.ssh/known_hosts ,
+.Pa ~/.ssh/known_hosts2 .
 .It Cm VerifyHostKeyDNS
 Specifies whether to verify the remote key using DNS and SSHFP resource
 records.

diff --git a/ssh_config.5 b/ssh_config.5 index 269d3941b..9e1e9a6af 100644 --- a/ssh_config.5 +++ b/ssh_config.5
@@ -33,8 +33,8 @@
33	.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF	33	.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
34	.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.	34	.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
35	.\"	35	.\"
36	.\" $OpenBSD: ssh_config.5,v 1.146 2010/12/08 04:02:47 djm Exp $	36	.\" $OpenBSD: ssh_config.5,v 1.153 2011/08/02 01:22:11 djm Exp $
37	.Dd $Mdocdate: December 8 2010 $	37	.Dd $Mdocdate: August 2 2011 $
38	.Dt SSH_CONFIG 5	38	.Dt SSH_CONFIG 5
39	.Os	39	.Os
40	.Sh NAME	40	.Sh NAME
@@ -112,6 +112,15 @@ The host is the
112	argument given on the command line (i.e. the name is not converted to	112	argument given on the command line (i.e. the name is not converted to
113	a canonicalized host name before matching).	113	a canonicalized host name before matching).
114	.Pp	114	.Pp
		115	A pattern entry may be negated by prefixing it with an exclamation mark
		116	.Pq Sq !\& .
		117	If a negated entry is matched, then the
		118	.Cm Host
		119	entry is ignored, regardless of whether any other patterns on the line
		120	match.
		121	Negated matches are therefore useful to provide exceptions for wildcard
		122	matches.
		123	.Pp
115	See	124	See
116	.Sx PATTERNS	125	.Sx PATTERNS
117	for more information on patterns.	126	for more information on patterns.
@@ -305,14 +314,22 @@ section above or the string
305	.Dq none	314	.Dq none
306	to disable connection sharing.	315	to disable connection sharing.
307	In the path,	316	In the path,
		317	.Ql %L
		318	will be substituted by the first component of the local host name,
308	.Ql %l	319	.Ql %l
309	will be substituted by the local host name,	320	will be substituted by the local host name (including any domain name),
310	.Ql %h	321	.Ql %h
311	will be substituted by the target host name,	322	will be substituted by the target host name,
		323	.Ql %n
		324	will be substituted by the original target host name
		325	specified on the command line,
312	.Ql %p	326	.Ql %p
313	the port, and	327	the port,
314	.Ql %r	328	.Ql %r
315	by the remote login username.	329	by the remote login username, and
		330	.Ql %u
		331	by the username of the user running
		332	.Xr ssh 1 .
316	It is recommended that any	333	It is recommended that any
317	.Cm ControlPath	334	.Cm ControlPath
318	used for opportunistic connection sharing include	335	used for opportunistic connection sharing include
@@ -500,9 +517,11 @@ or
500	The default is	517	The default is
501	.Dq no .	518	.Dq no .
502	.It Cm GlobalKnownHostsFile	519	.It Cm GlobalKnownHostsFile
503	Specifies a file to use for the global	520	Specifies one or more files to use for the global
504	host key database instead of	521	host key database, separated by whitespace.
505	.Pa /etc/ssh/ssh_known_hosts .	522	The default is
		523	.Pa /etc/ssh/ssh_known_hosts ,
		524	.Pa /etc/ssh/ssh_known_hosts2 .
506	.It Cm GSSAPIAuthentication	525	.It Cm GSSAPIAuthentication
507	Specifies whether user authentication based on GSSAPI is allowed.	526	Specifies whether user authentication based on GSSAPI is allowed.
508	The default is	527	The default is
@@ -601,7 +620,7 @@ Specifies the real host name to log into.
601	This can be used to specify nicknames or abbreviations for hosts.	620	This can be used to specify nicknames or abbreviations for hosts.
602	If the hostname contains the character sequence	621	If the hostname contains the character sequence
603	.Ql %h ,	622	.Ql %h ,
604	then this will be replaced with the host name specified on the commandline	623	then this will be replaced with the host name specified on the command line
605	(this is useful for manipulating unqualified names).	624	(this is useful for manipulating unqualified names).
606	The default is the name given on the command line.	625	The default is the name given on the command line.
607	Numeric IP addresses are also permitted (both on the command line and in	626	Numeric IP addresses are also permitted (both on the command line and in
@@ -661,6 +680,10 @@ escape characters:
661	It is possible to have	680	It is possible to have
662	multiple identity files specified in configuration files; all these	681	multiple identity files specified in configuration files; all these
663	identities will be tried in sequence.	682	identities will be tried in sequence.
		683	Multiple
		684	.Cm IdentityFile
		685	directives will add to the list of identities tried (this behaviour
		686	differs from that of other configuration directives).
664	.It Cm IPQoS	687	.It Cm IPQoS
665	Specifies the IPv4 type-of-service or DSCP class for connections.	688	Specifies the IPv4 type-of-service or DSCP class for connections.
666	Accepted values are	689	Accepted values are
@@ -802,7 +825,9 @@ Multiple algorithms must be comma-separated.
802	The default is:	825	The default is:
803	.Bd -literal -offset indent	826	.Bd -literal -offset indent
804	hmac-md5,hmac-sha1,umac-64@openssh.com,	827	hmac-md5,hmac-sha1,umac-64@openssh.com,
805	hmac-ripemd160,hmac-sha1-96,hmac-md5-96	828	hmac-ripemd160,hmac-sha1-96,hmac-md5-96,
		829	hmac-sha2-256,hmac-sha2-256-96,hmac-sha2-512,
		830	hmac-sha2-512-96
806	.Ed	831	.Ed
807	.It Cm NoHostAuthenticationForLocalhost	832	.It Cm NoHostAuthenticationForLocalhost
808	This option can be used if the home directory is shared across machines.	833	This option can be used if the home directory is shared across machines.
@@ -975,6 +1000,23 @@ will only succeed if the server's
975	.Cm GatewayPorts	1000	.Cm GatewayPorts
976	option is enabled (see	1001	option is enabled (see
977	.Xr sshd_config 5 ) .	1002	.Xr sshd_config 5 ) .
		1003	.It Cm RequestTTY
		1004	Specifies whether to request a pseudo-tty for the session.
		1005	The argument may be one of:
		1006	.Dq no
		1007	(never request a TTY),
		1008	.Dq yes
		1009	(always request a TTY when standard input is a TTY),
		1010	.Dq force
		1011	(always request a TTY) or
		1012	.Dq auto
		1013	(request a TTY when opening a login session).
		1014	This option mirrors the
		1015	.Fl t
		1016	and
		1017	.Fl T
		1018	flags for
		1019	.Xr ssh 1 .
978	.It Cm RhostsRSAAuthentication	1020	.It Cm RhostsRSAAuthentication
979	Specifies whether to try rhosts based authentication with RSA host	1021	Specifies whether to try rhosts based authentication with RSA host
980	authentication.	1022	authentication.
@@ -1169,9 +1211,11 @@ This can be useful when a different user name is used on different machines.
1169	This saves the trouble of	1211	This saves the trouble of
1170	having to remember to give the user name on the command line.	1212	having to remember to give the user name on the command line.
1171	.It Cm UserKnownHostsFile	1213	.It Cm UserKnownHostsFile
1172	Specifies a file to use for the user	1214	Specifies one or more files to use for the user
1173	host key database instead of	1215	host key database, separated by whitespace.
1174	.Pa ~/.ssh/known_hosts .	1216	The default is
		1217	.Pa ~/.ssh/known_hosts ,
		1218	.Pa ~/.ssh/known_hosts2 .
1175	.It Cm VerifyHostKeyDNS	1219	.It Cm VerifyHostKeyDNS
1176	Specifies whether to verify the remote key using DNS and SSHFP resource	1220	Specifies whether to verify the remote key using DNS and SSHFP resource
1177	records.	1221	records.