- djm@cvs.openbsd.org 2007/05/30 05:58:13

[openssh.git] / ssh_config.5

diff --git a/ssh_config.5 b/ssh_config.5
index a1c2a5fbe6c3969302bcf3ba55fb1b73a2fd7da2..c1ad53dcfab1af793becb0b1e02563f80f1e08b6 100644 (file)
--- a/ssh_config.5
+++ b/ssh_config.5
@@ -34,7 +34,7 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"

-.\" $OpenBSD: ssh_config.5,v 1.91 2006/03/31 09:09:30 jmc Exp $
+.\" $OpenBSD: ssh_config.5,v 1.98 2007/01/10 13:23:22 jmc Exp $

 .Dd September 25, 1999
 .Dt SSH_CONFIG 5
 .Os
 .Dd September 25, 1999
 .Dt SSH_CONFIG 5
 .Os


@@ -42,10 +42,8 @@
 .Nm ssh_config
 .Nd OpenSSH SSH client configuration files
 .Sh SYNOPSIS
 .Nm ssh_config
 .Nd OpenSSH SSH client configuration files
 .Sh SYNOPSIS

-.Bl -tag -width Ds -compact
-.It Pa ~/.ssh/config
-.It Pa /etc/ssh/ssh_config
-.El
+.Nm ~/.ssh/config
+.Nm /etc/ssh/ssh_config

 .Sh DESCRIPTION
 .Xr ssh 1
 obtains configuration data from the following sources in
 .Sh DESCRIPTION
 .Xr ssh 1
 obtains configuration data from the following sources in


@@ -385,6 +383,17 @@ followed by a letter, or
 to disable the escape
 character entirely (making the connection transparent for binary
 data).
 to disable the escape
 character entirely (making the connection transparent for binary
 data).

+.It Cm ExitOnForwardFailure
+Specifies whether
+.Xr ssh 1
+should terminate the connection if it cannot set up all requested
+dynamic, local, and remote port forwardings.
+The argument must be
+.Dq yes
+or
+.Dq no .
+The default is
+.Dq no .

 .It Cm ForwardAgent
 Specifies whether the connection to the authentication agent (if any)
 will be forwarded to the remote machine.
 .It Cm ForwardAgent
 Specifies whether the connection to the authentication agent (if any)
 will be forwarded to the remote machine.


@@ -486,8 +495,9 @@ but they do not reveal identifying information should the file's contents
 be disclosed.
 The default is
 .Dq no .
 be disclosed.
 The default is
 .Dq no .

-Note that hashing of names and addresses will not be retrospectively applied
-to existing known hosts files, but these may be manually hashed using
+Note that existing names and addresses in known hosts files
+will not be converted automatically,
+but may be manually hashed using

 .Xr ssh-keygen 1 .
 .It Cm HostbasedAuthentication
 Specifies whether to try rhosts based authentication with public key
 .Xr ssh-keygen 1 .
 .It Cm HostbasedAuthentication
 Specifies whether to try rhosts based authentication with public key


@@ -560,7 +570,7 @@ escape characters:
 (local host name),
 .Ql %h
 (remote host name) or
 (local host name),
 .Ql %h
 (remote host name) or

-.Ql %h
+.Ql %r

 (remote user name).
 .Pp
 It is possible to have
 (remote user name).
 .Pp
 It is possible to have


@@ -678,7 +688,12 @@ This allows a client to prefer one method (e.g.\&
 over another method (e.g.\&
 .Cm password )
 The default for this option is:
 over another method (e.g.\&
 .Cm password )
 The default for this option is:

-.Dq hostbased,publickey,keyboard-interactive,password .
+.Do gssapi-with-mic ,
+hostbased,
+publickey,
+keyboard-interactive,
+password
+.Dc .

 .It Cm Protocol
 Specifies the protocol versions
 .Xr ssh 1
 .It Cm Protocol
 Specifies the protocol versions
 .Xr ssh 1


@@ -926,24 +941,44 @@ This is important in scripts, and many users want it too.
 To disable TCP keepalive messages, the value should be set to
 .Dq no .
 .It Cm Tunnel
 To disable TCP keepalive messages, the value should be set to
 .Dq no .
 .It Cm Tunnel

-Request starting
+Request

 .Xr tun 4
 device forwarding between the client and the server.
 .Xr tun 4
 device forwarding between the client and the server.

-This option also allows requesting layer 2 (ethernet)
-instead of layer 3 (point-to-point) tunneling from the server.

 The argument must be
 .Dq yes ,
 The argument must be
 .Dq yes ,

-.Dq point-to-point ,
-.Dq ethernet ,
+.Dq point-to-point
+(layer 3),
+.Dq ethernet
+(layer 2),

 or
 .Dq no .
 or
 .Dq no .

+Specifying
+.Dq yes
+requests the default tunnel mode, which is
+.Dq point-to-point .

 The default is
 .Dq no .
 .It Cm TunnelDevice
 The default is
 .Dq no .
 .It Cm TunnelDevice

-Force a specified
+Specifies the

 .Xr tun 4
 .Xr tun 4

-device on the client.
-Without this option, the next available device will be used.
+devices to open on the client
+.Pq Ar local_tun
+and the server
+.Pq Ar remote_tun .
+.Pp
+The argument must be
+.Sm off
+.Ar local_tun Op : Ar remote_tun .
+.Sm on
+The devices may be specified by numerical ID or the keyword
+.Dq any ,
+which uses the next available tunnel device.
+If
+.Ar remote_tun
+is not specified, it defaults to
+.Dq any .
+The default is
+.Dq any:any .

 .It Cm UsePrivilegedPort
 Specifies whether to use a privileged port for outgoing connections.
 The argument must be
 .It Cm UsePrivilegedPort
 Specifies whether to use a privileged port for outgoing connections.
 The argument must be