1 files changed, 25 insertions, 3 deletions
diff --git a/ssh_config.5 b/ssh_config.5
index f499396a3..4d5b01d3e 100644
--- a/ssh_config.5
+++ b/ssh_config.5
@@ -33,8 +33,8 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: ssh_config.5,v 1.281 2018/07/23 19:02:49 kn Exp $
+.\" $OpenBSD: ssh_config.5,v 1.286 2018/10/03 06:38:35 djm Exp $
-.Dd $Mdocdate: July 23 2018 $
+.Dd $Mdocdate: October 3 2018 $
 .Dt SSH_CONFIG 5
 .Os
 .Sh NAME
@@ -290,7 +290,9 @@ hostname lookups.
 If set to
 .Cm yes
 then, for connections that do not use a
-.Cm ProxyCommand ,
+.Cm ProxyCommand
+or
+.Cm ProxyJump ,
 .Xr ssh 1
 will attempt to canonicalize the hostname specified on the command line
 using the
@@ -336,6 +338,18 @@ to be canonicalized to names in the
 or
 .Qq *.c.example.com
 domains.
+.It Cm CASignatureAlgorithms
+Specifies which algorithms are allowed for signing of certificates
+by certificate authorities (CAs).
+The default is:
+.Bd -literal -offset indent
+ecdsa-sha2-nistp256.ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
+ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa
+.Ed
+.Pp
+.Xr ssh 1
+will not accept host certificates signed using algorithms other than those
+specified.
 .It Cm CertificateFile
 Specifies a file from which the user's certificate is read.
 A corresponding private key must be provided separately in order
@@ -672,6 +686,10 @@ section of
 X11 connections received by
 .Xr ssh 1
 after this time will be refused.
+Setting
+.Cm ForwardX11Timeout
+to zero will disable the timeout and permit X11 forwarding for the life
+of the connection.
 The default is to disable untrusted X11 forwarding after twenty minutes has
 elapsed.
 .It Cm ForwardX11Trusted
@@ -859,6 +877,10 @@ If the string
 is specified, the location of the socket will be read from the
 .Ev SSH_AUTH_SOCK
 environment variable.
+Otherwise if the specified value begins with a
+.Sq $
+character, then it will be treated as an environment variable containing
+the location of the socket.
 .Pp
 Arguments to
 .Cm IdentityAgent

diff --git a/ssh_config.5 b/ssh_config.5 index f499396a3..4d5b01d3e 100644 --- a/ssh_config.5 +++ b/ssh_config.5
@@ -33,8 +33,8 @@
33	.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF	33	.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
34	.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.	34	.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
35	.\"	35	.\"
36	.\" $OpenBSD: ssh_config.5,v 1.281 2018/07/23 19:02:49 kn Exp $	36	.\" $OpenBSD: ssh_config.5,v 1.286 2018/10/03 06:38:35 djm Exp $
37	.Dd $Mdocdate: July 23 2018 $	37	.Dd $Mdocdate: October 3 2018 $
38	.Dt SSH_CONFIG 5	38	.Dt SSH_CONFIG 5
39	.Os	39	.Os
40	.Sh NAME	40	.Sh NAME
@@ -290,7 +290,9 @@ hostname lookups.
290	If set to	290	If set to
291	.Cm yes	291	.Cm yes
292	then, for connections that do not use a	292	then, for connections that do not use a
293	.Cm ProxyCommand ,	293	.Cm ProxyCommand
		294	or
		295	.Cm ProxyJump ,
294	.Xr ssh 1	296	.Xr ssh 1
295	will attempt to canonicalize the hostname specified on the command line	297	will attempt to canonicalize the hostname specified on the command line
296	using the	298	using the
@@ -336,6 +338,18 @@ to be canonicalized to names in the
336	or	338	or
337	.Qq *.c.example.com	339	.Qq *.c.example.com
338	domains.	340	domains.
		341	.It Cm CASignatureAlgorithms
		342	Specifies which algorithms are allowed for signing of certificates
		343	by certificate authorities (CAs).
		344	The default is:
		345	.Bd -literal -offset indent
		346	ecdsa-sha2-nistp256.ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
		347	ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa
		348	.Ed
		349	.Pp
		350	.Xr ssh 1
		351	will not accept host certificates signed using algorithms other than those
		352	specified.
339	.It Cm CertificateFile	353	.It Cm CertificateFile
340	Specifies a file from which the user's certificate is read.	354	Specifies a file from which the user's certificate is read.
341	A corresponding private key must be provided separately in order	355	A corresponding private key must be provided separately in order
@@ -672,6 +686,10 @@ section of
672	X11 connections received by	686	X11 connections received by
673	.Xr ssh 1	687	.Xr ssh 1
674	after this time will be refused.	688	after this time will be refused.
		689	Setting
		690	.Cm ForwardX11Timeout
		691	to zero will disable the timeout and permit X11 forwarding for the life
		692	of the connection.
675	The default is to disable untrusted X11 forwarding after twenty minutes has	693	The default is to disable untrusted X11 forwarding after twenty minutes has
676	elapsed.	694	elapsed.
677	.It Cm ForwardX11Trusted	695	.It Cm ForwardX11Trusted
@@ -859,6 +877,10 @@ If the string
859	is specified, the location of the socket will be read from the	877	is specified, the location of the socket will be read from the
860	.Ev SSH_AUTH_SOCK	878	.Ev SSH_AUTH_SOCK
861	environment variable.	879	environment variable.
		880	Otherwise if the specified value begins with a
		881	.Sq $
		882	character, then it will be treated as an environment variable containing
		883	the location of the socket.
862	.Pp	884	.Pp
863	Arguments to	885	Arguments to
864	.Cm IdentityAgent	886	.Cm IdentityAgent