X-Git-Url: http://andersk.mit.edu/gitweb/openssh.git/blobdiff_plain/e9d0b573d1966f5c063b669c08d0f7450ebfda20..e4393625c351307ca341ddb0c93c7b5acaea9b4e:/ssh_config.5 diff --git a/ssh_config.5 b/ssh_config.5 index 4f4678d5..7d577360 100644 --- a/ssh_config.5 +++ b/ssh_config.5 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh_config.5,v 1.109 2008/06/12 16:35:31 dtucker Exp $ +.\" $OpenBSD: ssh_config.5,v 1.126 2010/01/09 23:04:13 dtucker Exp $ .Dd $Mdocdate$ .Dt SSH_CONFIG 5 .Os @@ -103,7 +103,7 @@ Restricts the following declarations (up to the next .Cm Host keyword) to be only for those hosts that match one of the patterns given after the keyword. -If more than one pattern is provided, they should be separated by whitepsace. +If more than one pattern is provided, they should be separated by whitespace. A single .Ql * as a pattern can be used to provide global @@ -161,11 +161,6 @@ will additionally check the host IP address in the file. This allows ssh to detect if a host key changed due to DNS spoofing. If the option is set to -.Dq fingerprint , -not only the host IP address will be checked, but also a fingerprint -along with an ASCII art -representation of the key will be printed. -If the option is set to .Dq no , the check will not be executed. The default is @@ -209,9 +204,9 @@ and .Dq cast128-cbc . The default is: .Bd -literal -offset 3n -aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128, -arcfour256,arcfour,aes192-cbc,aes256-cbc,aes128-ctr, -aes192-ctr,aes256-ctr +aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128, +aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc, +aes256-cbc,arcfour .Ed .It Cm ClearAllForwardings Specifies that all local, remote, and dynamic port forwardings @@ -621,6 +616,13 @@ The following escape character substitutions will be performed: (remote user name) or .Ql %u (local user name). +.Pp +The command is run synchronously and does not have access to the +session of the +.Xr ssh 1 +that spawned it. +It should not be used for interactive commands. +.Pp This directive is ignored unless .Cm PermitLocalCommand has been enabled. @@ -735,11 +737,13 @@ The possible values are and .Sq 2 . Multiple versions must be comma-separated. -The default is -.Dq 2,1 . -This means that ssh -tries version 2 and falls back to version 1 +When this option is set to +.Dq 2,1 +.Nm ssh +will try version 2 and fall back to version 1 if version 2 is not available. +The default is +.Sq 2 . .It Cm ProxyCommand Specifies the command to use to connect to the server. The command @@ -816,7 +820,15 @@ and .Ar host Ns / Ns Ar hostport . Multiple forwardings may be specified, and additional forwardings can be given on the command line. -Only the superuser can forward privileged ports. +Privileged ports can be forwarded only when +logging in as root on the remote machine. +.Pp +If the +.Ar port +argument is +.Ql 0 , +the listen port will be dynamically allocated on the server and reported +to the client at run time. .Pp If the .Ar bind_address @@ -1065,6 +1077,18 @@ See also .Sx VERIFYING HOST KEYS in .Xr ssh 1 . +.It Cm VisualHostKey +If this flag is set to +.Dq yes , +an ASCII art representation of the remote host key fingerprint is +printed in addition to the hex fingerprint string at login and +for unknown host keys. +If this flag is set to +.Dq no , +no fingerprint strings are printed at login and +only the hex fingerprint string will be printed for unknown host keys. +The default is +.Dq no . .It Cm XAuthLocation Specifies the full pathname of the .Xr xauth 1