1 files changed, 27 insertions, 13 deletions
diff --git a/ssh_config.5 b/ssh_config.5
index ea9a20b23..8cf02597d 100644
--- a/ssh_config.5
+++ b/ssh_config.5
@@ -34,8 +34,8 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: ssh_config.5,v 1.119 2009/02/22 23:50:57 djm Exp $
+.\" $OpenBSD: ssh_config.5,v 1.129 2010/03/05 10:28:21 djm Exp $
-.Dd $Mdocdate: February 22 2009 $
+.Dd $Mdocdate: March 5 2010 $
 .Dt SSH_CONFIG 5
 .Os
 .Sh NAME
@@ -559,6 +559,12 @@ and
 for protocol version 2.
 Additionally, any identities represented by the authentication agent
 will be used for authentication.
+.Xr ssh 1
+will try to load certificate information from the filename obtained by
+appending
+.Pa -cert.pub
+to the path of a specified
+.Cm IdentityFile .
 .Pp
 The file name may use the tilde
 syntax to refer to a user's home directory or one of the following
@@ -616,6 +622,13 @@ The following escape character substitutions will be performed:
 (remote user name) or
 .Ql %u
 (local user name).
+.Pp
+The command is run synchronously and does not have access to the
+session of the
+.Xr ssh 1
+that spawned it.
+It should not be used for interactive commands.
+.Pp
 This directive is ignored unless
 .Cm PermitLocalCommand
 has been enabled.
@@ -704,6 +717,12 @@ or
 .Dq no .
 The default is
 .Dq no .
+.It Cm PKCS11Provider
+Specifies which PKCS#11 provider to use.
+The argument to this keyword is the PKCS#11 shared libary
+.Xr ssh 1
+should use to communicate with a PKCS#11 token providing the user's
+private RSA key.
 .It Cm Port
 Specifies the port number to connect on the remote host.
 The default is 22.
@@ -730,11 +749,13 @@ The possible values are
 and
 .Sq 2 .
 Multiple versions must be comma-separated.
-The default is
+When this option is set to
-.Dq 2,1 .
+.Dq 2,1
-This means that ssh
+.Nm ssh
-tries version 2 and falls back to version 1
+will try version 2 and fall back to version 1
 if version 2 is not available.
+The default is
+.Sq 2 .
 .It Cm ProxyCommand
 Specifies the command to use to connect to the server.
 The command
@@ -918,13 +939,6 @@ channel to request a response from the server.
 The default
 is 0, indicating that these messages will not be sent to the server.
 This option applies to protocol version 2 only.
-.It Cm SmartcardDevice
-Specifies which smartcard device to use.
-The argument to this keyword is the device
-.Xr ssh 1
-should use to communicate with a smartcard used for storing the user's
-private RSA key.
-By default, no device is specified and smartcard support is not activated.
 .It Cm StrictHostKeyChecking
 If this flag is set to
 .Dq yes ,

diff --git a/ssh_config.5 b/ssh_config.5 index ea9a20b23..8cf02597d 100644 --- a/ssh_config.5 +++ b/ssh_config.5
@@ -34,8 +34,8 @@
34	.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF	34	.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
35	.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.	35	.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
36	.\"	36	.\"
37	.\" $OpenBSD: ssh_config.5,v 1.119 2009/02/22 23:50:57 djm Exp $	37	.\" $OpenBSD: ssh_config.5,v 1.129 2010/03/05 10:28:21 djm Exp $
38	.Dd $Mdocdate: February 22 2009 $	38	.Dd $Mdocdate: March 5 2010 $
39	.Dt SSH_CONFIG 5	39	.Dt SSH_CONFIG 5
40	.Os	40	.Os
41	.Sh NAME	41	.Sh NAME
@@ -559,6 +559,12 @@ and
559	for protocol version 2.	559	for protocol version 2.
560	Additionally, any identities represented by the authentication agent	560	Additionally, any identities represented by the authentication agent
561	will be used for authentication.	561	will be used for authentication.
		562	.Xr ssh 1
		563	will try to load certificate information from the filename obtained by
		564	appending
		565	.Pa -cert.pub
		566	to the path of a specified
		567	.Cm IdentityFile .
562	.Pp	568	.Pp
563	The file name may use the tilde	569	The file name may use the tilde
564	syntax to refer to a user's home directory or one of the following	570	syntax to refer to a user's home directory or one of the following
@@ -616,6 +622,13 @@ The following escape character substitutions will be performed:
616	(remote user name) or	622	(remote user name) or
617	.Ql %u	623	.Ql %u
618	(local user name).	624	(local user name).
		625	.Pp
		626	The command is run synchronously and does not have access to the
		627	session of the
		628	.Xr ssh 1
		629	that spawned it.
		630	It should not be used for interactive commands.
		631	.Pp
619	This directive is ignored unless	632	This directive is ignored unless
620	.Cm PermitLocalCommand	633	.Cm PermitLocalCommand
621	has been enabled.	634	has been enabled.
@@ -704,6 +717,12 @@ or
704	.Dq no .	717	.Dq no .
705	The default is	718	The default is
706	.Dq no .	719	.Dq no .
		720	.It Cm PKCS11Provider
		721	Specifies which PKCS#11 provider to use.
		722	The argument to this keyword is the PKCS#11 shared libary
		723	.Xr ssh 1
		724	should use to communicate with a PKCS#11 token providing the user's
		725	private RSA key.
707	.It Cm Port	726	.It Cm Port
708	Specifies the port number to connect on the remote host.	727	Specifies the port number to connect on the remote host.
709	The default is 22.	728	The default is 22.
@@ -730,11 +749,13 @@ The possible values are
730	and	749	and
731	.Sq 2 .	750	.Sq 2 .
732	Multiple versions must be comma-separated.	751	Multiple versions must be comma-separated.
733	The default is	752	When this option is set to
734	.Dq 2,1 .	753	.Dq 2,1
735	This means that ssh	754	.Nm ssh
736	tries version 2 and falls back to version 1	755	will try version 2 and fall back to version 1
737	if version 2 is not available.	756	if version 2 is not available.
		757	The default is
		758	.Sq 2 .
738	.It Cm ProxyCommand	759	.It Cm ProxyCommand
739	Specifies the command to use to connect to the server.	760	Specifies the command to use to connect to the server.
740	The command	761	The command
@@ -918,13 +939,6 @@ channel to request a response from the server.
918	The default	939	The default
919	is 0, indicating that these messages will not be sent to the server.	940	is 0, indicating that these messages will not be sent to the server.
920	This option applies to protocol version 2 only.	941	This option applies to protocol version 2 only.
921	.It Cm SmartcardDevice
922	Specifies which smartcard device to use.
923	The argument to this keyword is the device
924	.Xr ssh 1
925	should use to communicate with a smartcard used for storing the user's
926	private RSA key.
927	By default, no device is specified and smartcard support is not activated.
928	.It Cm StrictHostKeyChecking	942	.It Cm StrictHostKeyChecking
929	If this flag is set to	943	If this flag is set to
930	.Dq yes ,	944	.Dq yes ,