1 files changed, 69 insertions, 6 deletions
diff --git a/ssh_config.5 b/ssh_config.5
index 0fd3ea5f8..a8767b493 100644
--- a/ssh_config.5
+++ b/ssh_config.5
@@ -34,7 +34,7 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: ssh_config.5,v 1.29 2004/03/05 10:53:58 markus Exp $
+.\" $OpenBSD: ssh_config.5,v 1.38 2004/06/26 09:11:14 jmc Exp $
 .Dd September 25, 1999
 .Dt SSH_CONFIG 5
 .Os
@@ -192,6 +192,18 @@ The default is
 Specifies the ciphers allowed for protocol version 2
 in order of preference.
 Multiple ciphers must be comma-separated.
+The supported ciphers are
+.Dq 3des-cbc ,
+.Dq aes128-cbc ,
+.Dq aes192-cbc ,
+.Dq aes256-cbc ,
+.Dq aes128-ctr ,
+.Dq aes192-ctr ,
+.Dq aes256-ctr ,
+.Dq arcfour ,
+.Dq blowfish-cbc ,
+and
+.Dq cast128-cbc .
 The default is
 .Bd -literal
  ``aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,
@@ -239,6 +251,37 @@ Specifies the timeout (in seconds) used when connecting to the ssh
 server, instead of using the default system TCP timeout.
 This value is used only when the target is down or really unreachable,
 not when it refuses the connection.
+.It Cm ControlMaster
+Enables the sharing of multiple sessions over a single network connection.
+When set to
+.Dq yes
+.Nm ssh
+will listen for connections on a control socket specified using the
+.Cm ControlPath
+argument.
+Additional sessions can connect to this socket using the same
+.Cm ControlPath
+with
+.Cm ControlMaster
+set to
+.Dq no
+(the default).
+These sessions will reuse the master instance's network connection rather
+than initiating new ones.
+Setting this to
+.Dq ask
+will cause
+.Nm ssh
+to listen for control connections, but require confirmation using the
+.Ev SSH_ASKPASS
+program before they are accepted (see
+.Xr ssh-add 1
+for details).
+.It Cm ControlPath
+Specify the path to the control socket used for connection sharing.
+See
+.Cm ControlMaster
+above.
 .It Cm DynamicForward
 Specifies that a TCP/IP port on the local machine be forwarded
 over the secure channel, and the application
@@ -320,7 +363,7 @@ if the
 .Cm ForwardX11Trusted
 option is also enabled.
 .It Cm ForwardX11Trusted
-If the this option is set to
+If this option is set to
 .Dq yes
 then remote X11 clients will have full access to the original X11 display.
 If this option is set to
@@ -418,7 +461,7 @@ identities will be tried in sequence.
 Specifies that
 .Nm ssh
 should only use the authentication identity files configured in the
-.Nm 
+.Nm
 files,
 even if the
 .Nm ssh-agent
@@ -578,6 +621,27 @@ running.
 The default is
 .Dq yes .
 Note that this option applies to protocol version 1 only.
+.It Cm SendEnv
+Specifies what variables from the local
+.Xr environ 7
+should be sent to the server.
+Note that environment passing is only supported for protocol 2, the
+server must also support it, and the server must be configured to
+accept these environment variables.
+Refer to
+.Cm AcceptEnv
+in
+.Xr sshd_config 5
+for how to configure the server.
+Variables are specified by name, which may contain the wildcard characters
+.Ql \&*
+and
+.Ql \&? .
+Multiple environment variables may be separated by whitespace or spread
+across multiple
+.Cm SendEnv
+directives.
+The default is not to send any environment variables.
 .It Cm ServerAliveInterval
 Sets a timeout interval in seconds after which if no data has been received
 from the server,
@@ -767,9 +831,8 @@ The format of this file is described above.
 This file is used by the
 .Nm ssh
 client.
-This file does not usually contain any sensitive information,
+Because of the potential for abuse, this file must have strict permissions:
-but the recommended permissions are read/write for the user, and not
+read/write for the user, and not accessible by others.
-accessible by others.
 .It Pa /etc/ssh/ssh_config
 Systemwide configuration file.
 This file provides defaults for those

diff --git a/ssh_config.5 b/ssh_config.5 index 0fd3ea5f8..a8767b493 100644 --- a/ssh_config.5 +++ b/ssh_config.5
@@ -34,7 +34,7 @@
34	.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF	34	.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
35	.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.	35	.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
36	.\"	36	.\"
37	.\" $OpenBSD: ssh_config.5,v 1.29 2004/03/05 10:53:58 markus Exp $	37	.\" $OpenBSD: ssh_config.5,v 1.38 2004/06/26 09:11:14 jmc Exp $
38	.Dd September 25, 1999	38	.Dd September 25, 1999
39	.Dt SSH_CONFIG 5	39	.Dt SSH_CONFIG 5
40	.Os	40	.Os
@@ -192,6 +192,18 @@ The default is
192	Specifies the ciphers allowed for protocol version 2	192	Specifies the ciphers allowed for protocol version 2
193	in order of preference.	193	in order of preference.
194	Multiple ciphers must be comma-separated.	194	Multiple ciphers must be comma-separated.
		195	The supported ciphers are
		196	.Dq 3des-cbc ,
		197	.Dq aes128-cbc ,
		198	.Dq aes192-cbc ,
		199	.Dq aes256-cbc ,
		200	.Dq aes128-ctr ,
		201	.Dq aes192-ctr ,
		202	.Dq aes256-ctr ,
		203	.Dq arcfour ,
		204	.Dq blowfish-cbc ,
		205	and
		206	.Dq cast128-cbc .
195	The default is	207	The default is
196	.Bd -literal	208	.Bd -literal
197	``aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,	209	``aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,
@@ -239,6 +251,37 @@ Specifies the timeout (in seconds) used when connecting to the ssh
239	server, instead of using the default system TCP timeout.	251	server, instead of using the default system TCP timeout.
240	This value is used only when the target is down or really unreachable,	252	This value is used only when the target is down or really unreachable,
241	not when it refuses the connection.	253	not when it refuses the connection.
		254	.It Cm ControlMaster
		255	Enables the sharing of multiple sessions over a single network connection.
		256	When set to
		257	.Dq yes
		258	.Nm ssh
		259	will listen for connections on a control socket specified using the
		260	.Cm ControlPath
		261	argument.
		262	Additional sessions can connect to this socket using the same
		263	.Cm ControlPath
		264	with
		265	.Cm ControlMaster
		266	set to
		267	.Dq no
		268	(the default).
		269	These sessions will reuse the master instance's network connection rather
		270	than initiating new ones.
		271	Setting this to
		272	.Dq ask
		273	will cause
		274	.Nm ssh
		275	to listen for control connections, but require confirmation using the
		276	.Ev SSH_ASKPASS
		277	program before they are accepted (see
		278	.Xr ssh-add 1
		279	for details).
		280	.It Cm ControlPath
		281	Specify the path to the control socket used for connection sharing.
		282	See
		283	.Cm ControlMaster
		284	above.
242	.It Cm DynamicForward	285	.It Cm DynamicForward
243	Specifies that a TCP/IP port on the local machine be forwarded	286	Specifies that a TCP/IP port on the local machine be forwarded
244	over the secure channel, and the application	287	over the secure channel, and the application
@@ -320,7 +363,7 @@ if the
320	.Cm ForwardX11Trusted	363	.Cm ForwardX11Trusted
321	option is also enabled.	364	option is also enabled.
322	.It Cm ForwardX11Trusted	365	.It Cm ForwardX11Trusted
323	If the this option is set to	366	If this option is set to
324	.Dq yes	367	.Dq yes
325	then remote X11 clients will have full access to the original X11 display.	368	then remote X11 clients will have full access to the original X11 display.
326	If this option is set to	369	If this option is set to
@@ -418,7 +461,7 @@ identities will be tried in sequence.
418	Specifies that	461	Specifies that
419	.Nm ssh	462	.Nm ssh
420	should only use the authentication identity files configured in the	463	should only use the authentication identity files configured in the
421	.Nm	464	.Nm
422	files,	465	files,
423	even if the	466	even if the
424	.Nm ssh-agent	467	.Nm ssh-agent
@@ -578,6 +621,27 @@ running.
578	The default is	621	The default is
579	.Dq yes .	622	.Dq yes .
580	Note that this option applies to protocol version 1 only.	623	Note that this option applies to protocol version 1 only.
		624	.It Cm SendEnv
		625	Specifies what variables from the local
		626	.Xr environ 7
		627	should be sent to the server.
		628	Note that environment passing is only supported for protocol 2, the
		629	server must also support it, and the server must be configured to
		630	accept these environment variables.
		631	Refer to
		632	.Cm AcceptEnv
		633	in
		634	.Xr sshd_config 5
		635	for how to configure the server.
		636	Variables are specified by name, which may contain the wildcard characters
		637	.Ql \&*
		638	and
		639	.Ql \&? .
		640	Multiple environment variables may be separated by whitespace or spread
		641	across multiple
		642	.Cm SendEnv
		643	directives.
		644	The default is not to send any environment variables.
581	.It Cm ServerAliveInterval	645	.It Cm ServerAliveInterval
582	Sets a timeout interval in seconds after which if no data has been received	646	Sets a timeout interval in seconds after which if no data has been received
583	from the server,	647	from the server,
@@ -767,9 +831,8 @@ The format of this file is described above.
767	This file is used by the	831	This file is used by the
768	.Nm ssh	832	.Nm ssh
769	client.	833	client.
770	This file does not usually contain any sensitive information,	834	Because of the potential for abuse, this file must have strict permissions:
771	but the recommended permissions are read/write for the user, and not	835	read/write for the user, and not accessible by others.
772	accessible by others.
773	.It Pa /etc/ssh/ssh_config	836	.It Pa /etc/ssh/ssh_config
774	Systemwide configuration file.	837	Systemwide configuration file.
775	This file provides defaults for those	838	This file provides defaults for those