diff options
Diffstat (limited to 'ssh_config.5')
| -rw-r--r-- | ssh_config.5 | 52 |
1 files changed, 42 insertions, 10 deletions
diff --git a/ssh_config.5 b/ssh_config.5 index eab8dd01c22a..71705cabddaa 100644 --- a/ssh_config.5 +++ b/ssh_config.5 @@ -33,8 +33,8 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh_config.5,v 1.256 2017/09/21 19:16:53 markus Exp $ -.Dd $Mdocdate: September 21 2017 $ +.\" $OpenBSD: ssh_config.5,v 1.268 2018/02/23 07:38:09 jmc Exp $ +.Dd $Mdocdate: February 23 2018 $ .Dt SSH_CONFIG 5 .Os .Sh NAME @@ -262,6 +262,13 @@ Note that this option does not work if .Cm UsePrivilegedPort is set to .Cm yes . +.It Cm BindInterface +Use the address of the specified interface on the local machine as the +source address of the connection. +Note that this option does not work if +.Cm UsePrivilegedPort +is set to +.Cm yes . .It Cm CanonicalDomains When .Cm CanonicalizeHostname @@ -1015,7 +1022,10 @@ The default is: curve25519-sha256,curve25519-sha256@libssh.org, ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521, diffie-hellman-group-exchange-sha256, +diffie-hellman-group16-sha512, +diffie-hellman-group18-sha512, diffie-hellman-group-exchange-sha1, +diffie-hellman-group14-sha256, diffie-hellman-group14-sha1 .Ed .Pp @@ -1107,10 +1117,7 @@ hmac-sha2-256,hmac-sha2-512,hmac-sha1 The list of available MAC algorithms may also be obtained using .Qq ssh -Q mac . .It Cm NoHostAuthenticationForLocalhost -This option can be used if the home directory is shared across machines. -In this case localhost will refer to a different machine on each of -the machines and the user will get many warnings about changed host keys. -However, this option disables host authentication for localhost. +Disable host authentication for localhost (loopback addresses). The argument to this keyword must be .Cm yes or @@ -1198,13 +1205,14 @@ For example, the following directive would connect via an HTTP proxy at ProxyCommand /usr/bin/nc -X connect -x 192.0.2.0:8080 %h %p .Ed .It Cm ProxyJump -Specifies one or more jump proxies as +Specifies one or more jump proxies as either .Xo .Sm off .Op Ar user No @ .Ar host .Op : Ns Ar port .Sm on +or an ssh URI .Xc . Multiple proxies may be separated by comma characters and will be visited sequentially. @@ -1457,7 +1465,7 @@ If this flag is set to will never automatically add host keys to the .Pa ~/.ssh/known_hosts file, and refuses to connect to hosts whose host key has changed. -This provides maximum protection against trojan horse attacks, +This provides maximum protection against man-in-the-middle (MITM) attacks, though it can be annoying when the .Pa /etc/ssh/ssh_known_hosts file is poorly maintained or when connections to new hosts are @@ -1509,6 +1517,9 @@ This is important in scripts, and many users want it too. .Pp To disable TCP keepalive messages, the value should be set to .Cm no . +See also +.Cm ServerAliveInterval +for protocol-level keepalives. .It Cm Tunnel Request .Xr tun 4 @@ -1674,6 +1685,18 @@ pool, the following entry (in authorized_keys) could be used: .Pp .Dl from=\&"!*.dialup.example.com,*.example.com\&" +.Pp +Note that a negated match will never produce a positive result by itself. +For example, attempting to match +.Qq host3 +against the following pattern-list will fail: +.Pp +.Dl from=\&"!host1,!host2\&" +.Pp +The solution here is to include a term that will yield a positive match, +such as a wildcard: +.Pp +.Dl from=\&"!host1,!host2,*\&" .Sh TOKENS Arguments to some keywords can make use of tokens, which are expanded at runtime: @@ -1683,7 +1706,7 @@ which are expanded at runtime: A literal .Sq % . .It \&%C -Shorthand for %l%h%p%r. +Hash of %l%h%p%r. .It %d Local user's home directory. .It %h @@ -1700,6 +1723,15 @@ The original remote hostname, as given on the command line. The remote port. .It %r The remote username. +.It \&%T +The local +.Xr tun 4 +or +.Xr tap 4 +network interface assigned if +tunnel forwarding was requested, or +.Qq NONE +otherwise. .It %u The local username. .El @@ -1722,7 +1754,7 @@ and accept the tokens %%, %d, %h, %l, %r, and %u. .Pp .Cm LocalCommand -accepts the tokens %%, %C, %d, %h, %l, %n, %p, %r, and %u. +accepts the tokens %%, %C, %d, %h, %l, %n, %p, %r, %T, and %u. .Pp .Cm ProxyCommand accepts the tokens %%, %h, %p, and %r. |