X-Git-Url: http://andersk.mit.edu/gitweb/openssh.git/blobdiff_plain/eb86ca9d3e741994b50150c9b1e1fc08f15b2571..7f24626bd8b952e65394adf5f99bced26251b2ce:/ssh_config.5 diff --git a/ssh_config.5 b/ssh_config.5 index 43eaf1e9..b9ec9457 100644 --- a/ssh_config.5 +++ b/ssh_config.5 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh_config.5,v 1.105 2007/10/29 07:48:19 jmc Exp $ +.\" $OpenBSD: ssh_config.5,v 1.116 2009/01/24 17:10:22 naddy Exp $ .Dd $Mdocdate$ .Dt SSH_CONFIG 5 .Os @@ -103,6 +103,7 @@ Restricts the following declarations (up to the next .Cm Host keyword) to be only for those hosts that match one of the patterns given after the keyword. +If more than one pattern is provided, they should be separated by whitespace. A single .Ql * as a pattern can be used to provide global @@ -203,9 +204,9 @@ and .Dq cast128-cbc . The default is: .Bd -literal -offset 3n -aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128, -arcfour256,arcfour,aes192-cbc,aes256-cbc,aes128-ctr, -aes192-ctr,aes256-ctr +aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128, +aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc, +aes256-cbc,arcfour .Ed .It Cm ClearAllForwardings Specifies that all local, remote, and dynamic port forwardings @@ -600,6 +601,21 @@ Specifies a command to execute on the local machine after successfully connecting to the server. The command string extends to the end of the line, and is executed with the user's shell. +The following escape character substitutions will be performed: +.Ql %d +(local user's home directory), +.Ql %h +(remote host name), +.Ql %l +(local host name), +.Ql %n +(host name as provided on the command line), +.Ql %p +(remote port), +.Ql %r +(remote user name) or +.Ql %u +(local user name). This directive is ignored unless .Cm PermitLocalCommand has been enabled. @@ -795,7 +811,8 @@ and .Ar host Ns / Ns Ar hostport . Multiple forwardings may be specified, and additional forwardings can be given on the command line. -Only the superuser can forward privileged ports. +Privileged ports can be forwarded only when +logging in as root on the remote machine. .Pp If the .Ar bind_address @@ -1044,12 +1061,35 @@ See also .Sx VERIFYING HOST KEYS in .Xr ssh 1 . +.It Cm VisualHostKey +If this flag is set to +.Dq yes , +an ASCII art representation of the remote host key fingerprint is +printed in addition to the hex fingerprint string at login and +for unknown host keys. +If this flag is set to +.Dq no , +no fingerprint strings are printed at login and +only the hex fingerprint string will be printed for unknown host keys. +The default is +.Dq no . .It Cm XAuthLocation Specifies the full pathname of the .Xr xauth 1 program. The default is .Pa /usr/X11R6/bin/xauth . +.It Cm ZeroKnowledgePasswordAuthentication +Specifies whether to use zero knowledge password authentication. +This authentication method avoids exposure of password to untrusted +hosts. +The argument to this keyword must be +.Dq yes +or +.Dq no . +The default is currently +.Dq no +as this method is considered experimental. .El .Sh PATTERNS A