- jmc@cvs.openbsd.org 2006/02/24 10:25:14

     [ssh_config.5]
     add section on patterns;
     from dtucker + myself

diff --git a/ChangeLog b/ChangeLog
index b78b607c2d570630616a777f08b3b0c2ccfb2020..260afe11158ea9161071e0459f71acd78a95a45a 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -150,6 +150,10 @@
      [canohost.c clientloop.c includes.h match.c readconf.c scp.c ssh.c]
      [sshconnect.c]
      move #include <ctype.h> out of includes.h; ok djm@
+   - jmc@cvs.openbsd.org 2006/02/24 10:25:14
+     [ssh_config.5]
+     add section on patterns;
+     from dtucker + myself
 
 20060313
  - (dtucker) [configure.ac] Bug #1171: Don't use printf("%lld", longlong)

diff --git a/ssh_config.5 b/ssh_config.5
index 44107bfe72df3a31524805d1b904673cbd4bf891..5f1ced5b6f9d86ffc867e04f3646321f214fc638 100644 (file)
--- a/ssh_config.5
+++ b/ssh_config.5
@@ -34,7 +34,7 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: ssh_config.5,v 1.79 2006/02/19 20:12:25 jmc Exp $
+.\" $OpenBSD: ssh_config.5,v 1.80 2006/02/24 10:25:14 jmc Exp $
 .Dd September 25, 1999
 .Dt SSH_CONFIG 5
 .Os
@@ -73,13 +73,47 @@ The matched host name is the one given on the command line.
 Since the first obtained value for each parameter is used, more
 host-specific declarations should be given near the beginning of the
 file, and general defaults at the end.
+.Sh PATTERNS
+A
+.Em pattern
+consists of zero or more non-whitespace characters,
+.Sq *
+(a wildcard that matches zero or more characters),
+or
+.Sq ?\&
+(a wildcard that matches exactly one character).
+For example, to specify a set of declarations for any host in the
+.Dq .co.uk
+set of domains,
+the following pattern could be used:
+.Pp
+.Dl Host *.co.uk
+.Pp
+The following pattern
+would match any host in the 192.168.0.[0-9] network range:
 .Pp
+.Dl Host 192.168.0.?
+.Pp
+A
+.Em pattern-list
+is a comma-separated list of patterns.
+Patterns within pattern-lists may be negated
+by preceding them with an exclamation mark
+.Pq Sq !\& .
+For example,
+to allow a key to be used from anywhere within an organisation
+except from the
+.Dq dialup
+pool,
+the following entry (in authorized_keys) could be used:
+.Pp
+.Dl from=\&"!*.dialup.example.com,*.example.com\&"
+.Sh FILE FORMAT
 The configuration file has the following format:
 .Pp
 Empty lines and lines starting with
 .Ql #
 are comments.
-.Pp
 Otherwise a line is of the format
 .Dq keyword arguments .
 Configuration options may be separated by whitespace or
@@ -103,15 +137,13 @@ Restricts the following declarations (up to the next
 .Cm Host
 keyword) to be only for those hosts that match one of the patterns
 given after the keyword.
-.Ql \&*
-and
-.Ql \&?
-can be used as wildcards in the
-patterns.
 A single
 .Ql \&*
 as a pattern can be used to provide global
 defaults for all hosts.
+See
+.Sx PATTERNS
+for more information on patterns.
 The host is the
 .Ar hostname
 argument given on the command line (i.e., the name is not converted to
@@ -805,10 +837,10 @@ Refer to
 in
 .Xr sshd_config 5
 for how to configure the server.
-Variables are specified by name, which may contain the wildcard characters
-.Ql \&*
-and
-.Ql \&? .
+Variables are specified by name, which may contain wildcard characters.
+See
+.Sx PATTERNS
+for more information on patterns.
 Multiple environment variables may be separated by whitespace or spread
 across multiple
 .Cm SendEnv