diff options
author | djm@openbsd.org <djm@openbsd.org> | 2023-07-17 06:04:36 +0200 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2023-07-17 06:53:53 +0200 |
commit | 3071d85a47061c1bdaf11a0ac233b501ecba862c (patch) | |
tree | 23983c51c5138a36d8d8a9c41bbeeeabb56d3c43 /ssh_config.5 | |
parent | upstream: remove vestigal support for KRL signatures (diff) | |
download | openssh-3071d85a47061c1bdaf11a0ac233b501ecba862c.tar.xz openssh-3071d85a47061c1bdaf11a0ac233b501ecba862c.zip |
upstream: add a "match localnetwork" predicate.
This allows matching on the addresses of available network interfaces
and may be used to vary the effective client configuration based on
network location (e.g. to use a ProxyJump when not on a particular
network).
ok markus@
OpenBSD-Commit-ID: cffb6ff9a3803abfc52b5cad0aa190c5e424c139
Diffstat (limited to '')
-rw-r--r-- | ssh_config.5 | 16 |
1 files changed, 14 insertions, 2 deletions
diff --git a/ssh_config.5 b/ssh_config.5 index 0b7d4d192..3d18fb2a2 100644 --- a/ssh_config.5 +++ b/ssh_config.5 @@ -33,8 +33,8 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh_config.5,v 1.380 2023/03/27 03:56:11 dtucker Exp $ -.Dd $Mdocdate: March 27 2023 $ +.\" $OpenBSD: ssh_config.5,v 1.381 2023/07/17 04:04:36 djm Exp $ +.Dd $Mdocdate: July 17 2023 $ .Dt SSH_CONFIG 5 .Os .Sh NAME @@ -141,6 +141,7 @@ The available criteria keywords are: .Cm canonical , .Cm final , .Cm exec , +.Cm localnetwork , .Cm host , .Cm originalhost , .Cm user , @@ -195,6 +196,17 @@ accept the tokens described in the .Sx TOKENS section. .Pp +The +.Cm localnetwork +keyword matches the addresses of active local network interfaces against the +supplied list of networks in CIDR format. +This may be convenient for varying the effective configuration on devices that +roam between networks. +Note that network address is not a trustworthy criteria in many +situations (e.g. when the network is automatically configured using DHCP) +and so caution should be applied if using it to control security-sensitive +configuration. +.Pp The other keywords' criteria must be single entries or comma-separated lists and may use the wildcard and negation operators described in the .Sx PATTERNS |