summaryrefslogtreecommitdiffstats
path: root/ssh_config.5
diff options
context:
space:
mode:
authordjm@openbsd.org <djm@openbsd.org>2023-07-17 06:04:36 +0200
committerDamien Miller <djm@mindrot.org>2023-07-17 06:53:53 +0200
commit3071d85a47061c1bdaf11a0ac233b501ecba862c (patch)
tree23983c51c5138a36d8d8a9c41bbeeeabb56d3c43 /ssh_config.5
parentupstream: remove vestigal support for KRL signatures (diff)
downloadopenssh-3071d85a47061c1bdaf11a0ac233b501ecba862c.tar.xz
openssh-3071d85a47061c1bdaf11a0ac233b501ecba862c.zip
upstream: add a "match localnetwork" predicate.
This allows matching on the addresses of available network interfaces and may be used to vary the effective client configuration based on network location (e.g. to use a ProxyJump when not on a particular network). ok markus@ OpenBSD-Commit-ID: cffb6ff9a3803abfc52b5cad0aa190c5e424c139
Diffstat (limited to '')
-rw-r--r--ssh_config.516
1 files changed, 14 insertions, 2 deletions
diff --git a/ssh_config.5 b/ssh_config.5
index 0b7d4d192..3d18fb2a2 100644
--- a/ssh_config.5
+++ b/ssh_config.5
@@ -33,8 +33,8 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.\" $OpenBSD: ssh_config.5,v 1.380 2023/03/27 03:56:11 dtucker Exp $
-.Dd $Mdocdate: March 27 2023 $
+.\" $OpenBSD: ssh_config.5,v 1.381 2023/07/17 04:04:36 djm Exp $
+.Dd $Mdocdate: July 17 2023 $
.Dt SSH_CONFIG 5
.Os
.Sh NAME
@@ -141,6 +141,7 @@ The available criteria keywords are:
.Cm canonical ,
.Cm final ,
.Cm exec ,
+.Cm localnetwork ,
.Cm host ,
.Cm originalhost ,
.Cm user ,
@@ -195,6 +196,17 @@ accept the tokens described in the
.Sx TOKENS
section.
.Pp
+The
+.Cm localnetwork
+keyword matches the addresses of active local network interfaces against the
+supplied list of networks in CIDR format.
+This may be convenient for varying the effective configuration on devices that
+roam between networks.
+Note that network address is not a trustworthy criteria in many
+situations (e.g. when the network is automatically configured using DHCP)
+and so caution should be applied if using it to control security-sensitive
+configuration.
+.Pp
The other keywords' criteria must be single entries or comma-separated
lists and may use the wildcard and negation operators described in the
.Sx PATTERNS