From 95d46d8f412295be2756bfab1a351c6b9d15a652 Mon Sep 17 00:00:00 2001 From: djm Date: Wed, 15 Mar 2006 00:54:05 +0000 Subject: [PATCH 1/1] - jmc@cvs.openbsd.org 2006/02/24 10:25:14 [ssh_config.5] add section on patterns; from dtucker + myself --- ChangeLog | 4 ++++ ssh_config.5 | 54 +++++++++++++++++++++++++++++++++++++++++----------- 2 files changed, 47 insertions(+), 11 deletions(-) diff --git a/ChangeLog b/ChangeLog index b78b607c..260afe11 100644 --- a/ChangeLog +++ b/ChangeLog @@ -150,6 +150,10 @@ [canohost.c clientloop.c includes.h match.c readconf.c scp.c ssh.c] [sshconnect.c] move #include out of includes.h; ok djm@ + - jmc@cvs.openbsd.org 2006/02/24 10:25:14 + [ssh_config.5] + add section on patterns; + from dtucker + myself 20060313 - (dtucker) [configure.ac] Bug #1171: Don't use printf("%lld", longlong) diff --git a/ssh_config.5 b/ssh_config.5 index 44107bfe..5f1ced5b 100644 --- a/ssh_config.5 +++ b/ssh_config.5 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh_config.5,v 1.79 2006/02/19 20:12:25 jmc Exp $ +.\" $OpenBSD: ssh_config.5,v 1.80 2006/02/24 10:25:14 jmc Exp $ .Dd September 25, 1999 .Dt SSH_CONFIG 5 .Os @@ -73,13 +73,47 @@ The matched host name is the one given on the command line. Since the first obtained value for each parameter is used, more host-specific declarations should be given near the beginning of the file, and general defaults at the end. +.Sh PATTERNS +A +.Em pattern +consists of zero or more non-whitespace characters, +.Sq * +(a wildcard that matches zero or more characters), +or +.Sq ?\& +(a wildcard that matches exactly one character). +For example, to specify a set of declarations for any host in the +.Dq .co.uk +set of domains, +the following pattern could be used: +.Pp +.Dl Host *.co.uk +.Pp +The following pattern +would match any host in the 192.168.0.[0-9] network range: .Pp +.Dl Host 192.168.0.? +.Pp +A +.Em pattern-list +is a comma-separated list of patterns. +Patterns within pattern-lists may be negated +by preceding them with an exclamation mark +.Pq Sq !\& . +For example, +to allow a key to be used from anywhere within an organisation +except from the +.Dq dialup +pool, +the following entry (in authorized_keys) could be used: +.Pp +.Dl from=\&"!*.dialup.example.com,*.example.com\&" +.Sh FILE FORMAT The configuration file has the following format: .Pp Empty lines and lines starting with .Ql # are comments. -.Pp Otherwise a line is of the format .Dq keyword arguments . Configuration options may be separated by whitespace or @@ -103,15 +137,13 @@ Restricts the following declarations (up to the next .Cm Host keyword) to be only for those hosts that match one of the patterns given after the keyword. -.Ql \&* -and -.Ql \&? -can be used as wildcards in the -patterns. A single .Ql \&* as a pattern can be used to provide global defaults for all hosts. +See +.Sx PATTERNS +for more information on patterns. The host is the .Ar hostname argument given on the command line (i.e., the name is not converted to @@ -805,10 +837,10 @@ Refer to in .Xr sshd_config 5 for how to configure the server. -Variables are specified by name, which may contain the wildcard characters -.Ql \&* -and -.Ql \&? . +Variables are specified by name, which may contain wildcard characters. +See +.Sx PATTERNS +for more information on patterns. Multiple environment variables may be separated by whitespace or spread across multiple .Cm SendEnv -- 2.45.2