summaryrefslogtreecommitdiffstats
path: root/ssh_config.5 (follow)
Commit message (Collapse)AuthorAgeFilesLines
* upstream: mlkem768x25519-sha256 has been promoted to default keynaddy@openbsd.org2024-10-271-3/+3
| | | | | | exchange OpenBSD-Commit-ID: 5a3259a193fd42108a869ebf650b95b5f2d08dcf
* upstream: mention that LocalForward and RemoteForward can accept Unixdjm@openbsd.org2024-10-181-7/+20
| | | | | | domain socket paths; GHPR115 OpenBSD-Commit-ID: a8a34d0a0c51a9ddab3dfce615f9878fa76ef842
* upstream: remove some unneeded Xo/Xc calls; from evan silberman thejmc@openbsd.org2024-09-271-5/+3
| | | | | | original diff had a couple of errors, which i've fixed OpenBSD-Commit-ID: f37ad5888adbc0d4e1cd6b6de237841f4b1e650d
* upstream: document the mlkem768x25519-sha256 key exchange algorithmnaddy@openbsd.org2024-09-111-2/+3
| | | | OpenBSD-Commit-ID: fa18dccdd9753dd287e62ecab189b3de45672521
* upstream: envrionment -> environment;jmc@openbsd.org2024-09-041-2/+2
| | | | OpenBSD-Commit-ID: b719f39c20e8c671ec6135c832d6cc67a595af9c
* upstream: allow the "Include" directive to expand the same set ofdjm@openbsd.org2024-09-031-3/+10
| | | | | | | | %-tokens that "Match Exec" and environment variables. ok dtucker@ OpenBSD-Commit-ID: 12ef521eaa966a9241e684258564f52f1f3c5d37
* upstream: sntrup761x25519-sha512 now has an IANA codepoint assigned, sodjm@openbsd.org2024-08-231-3/+3
| | | | | | | we can make the algorithm available without the @openssh.com suffix too. ok markus@ deraadt@ OpenBSD-Commit-ID: eeed8fcde688143a737729d3d56d20ab4353770f
* upstream: fix double word; ok dtucker@jsg@openbsd.org2024-07-261-3/+3
| | | | OpenBSD-Commit-ID: e6aff005914fa350b896d2be030be3d3b56ec0e8
* upstream: fix grammar: "a pattern lists" -> "one or more patterndjm@openbsd.org2024-07-081-4/+4
| | | | | | lists" OpenBSD-Commit-ID: f3c844763398faa9800687e8ff6621225498202a
* upstream: disable the DSA signature algorithm by default; okdjm@openbsd.org2024-06-171-6/+5
| | | | | | | | | markus@ (yes, I know this expands to "the Digitial Signature Algorithm signature algorithm) OpenBSD-Commit-ID: 961ef594e46dd2dcade8dd5721fa565cee79ffed
* upstream: clarify KEXAlgorithms supported vs available. Inspired bydjm@openbsd.org2024-06-141-4/+9
| | | | | | bz3701 from Colin Watson. OpenBSD-Commit-ID: e698e69bea19bd52971d253f2b1094490c4701f7
* upstream: fix typo in match directive predicate (s/tagged/tag) GHPR#462djm@openbsd.org2024-02-211-3/+3
| | | | | | from Tobias Manske OpenBSD-Commit-ID: 05b23b772677d48aa82eefd7ebebd369ae758908
* upstream: fix incorrect capitalisation;jmc@openbsd.org2024-01-111-3/+3
| | | | OpenBSD-Commit-ID: cb07eb06e15fa2334660ac73e98f29b6a1931984
* upstream: add a "global" ChannelTimeout type to ssh(1) and sshd(8)djm@openbsd.org2024-01-091-6/+16
| | | | | | | | | | | | | | | that watches all open channels and will close all open channels if there is no traffic on any of them for the specified interval. This is in addition to the existing per-channel timeouts added a few releases ago. This supports use-cases like having a session + x11 forwarding channel open where one may be idle for an extended period but the other is actively used. The global timeout would allow closing both channels when both have been idle for too long. ok dtucker@ OpenBSD-Commit-ID: 0054157d24d2eaa5dc1a9a9859afefc13d1d7eb3
* upstream: add %j token that expands to the configured ProxyJumpdjm@openbsd.org2023-10-121-4/+7
| | | | | | | hostname (or the empty string if this option is not being used). bz3610, ok dtucker OpenBSD-Commit-ID: ce9983f7efe6a178db90dc5c1698df025df5e339
* upstream: add ChannelTimeout support to the client, mirroring thedjm@openbsd.org2023-10-121-1/+68
| | | | | | same option in the server. ok markus@ OpenBSD-Commit-ID: 55630b26f390ac063980cfe7ad8c54b03284ef02
* upstream: mention "none" is a valid argument to IdentityFile; bz3080djm@openbsd.org2023-10-111-2/+5
| | | | OpenBSD-Commit-ID: 1b4fb590ef731099349a7d468b77f02b240ac926
* upstream: spelling fix;jmc@openbsd.org2023-10-061-2/+2
| | | | OpenBSD-Commit-ID: 493f95121567e5ab0d9dd1150f873b5535ca0195
* upstream: add some cautionary text about % token expansion anddjm@openbsd.org2023-10-041-2/+12
| | | | | | shell metacharacters; based on report from vinci AT protonmail.ch OpenBSD-Commit-ID: aa1450a54fcee2f153ef70368d90edb1e7019113
* upstream: descriptive text shouldn't be under .Cmdjm@openbsd.org2023-08-291-2/+3
| | | | OpenBSD-Commit-ID: b1afaeb456a52bc8a58f4f9f8b2f9fa8f6bf651b
* upstream: add spacing for punctuation when macro args;jmc@openbsd.org2023-08-281-2/+2
| | | | OpenBSD-Commit-ID: e80343c16ce0420b2aec98701527cf90371bd0db
* upstream: Add keystroke timing obfuscation to the client.djm@openbsd.org2023-08-281-2/+20
| | | | | | | | | | | | This attempts to hide inter-keystroke timings by sending interactive traffic at fixed intervals (default: every 20ms) when there is only a small amount of data being sent. It also sends fake "chaff" keystrokes for a random interval after the last real keystroke. These are controlled by a new ssh_config ObscureKeystrokeTiming keyword/ feedback/ok markus@ OpenBSD-Commit-ID: 02231ddd4f442212820976068c34a36e3c1b15be
* upstream: configuation -> configurationjsg@openbsd.org2023-07-171-2/+2
| | | | OpenBSD-Commit-ID: 4776ced33b780f1db0b2902faec99312f26a726b
* upstream: Add support for configuration tags to ssh(1).djm@openbsd.org2023-07-171-1/+15
| | | | | | | | | | | This adds a ssh_config(5) "Tag" directive and corresponding "Match tag" predicate that may be used to select blocks of configuration similar to the pf.conf(5) keywords of the same name. ok markus OpenBSD-Commit-ID: dc08358e70e702b59ac3e591827e5a96141b06a3
* upstream: add a "match localnetwork" predicate.djm@openbsd.org2023-07-171-2/+14
| | | | | | | | | | | This allows matching on the addresses of available network interfaces and may be used to vary the effective client configuration based on network location (e.g. to use a ProxyJump when not on a particular network). ok markus@ OpenBSD-Commit-ID: cffb6ff9a3803abfc52b5cad0aa190c5e424c139
* upstream: Add tilde and environment variable expansion todtucker@openbsd.org2023-03-271-2/+11
| | | | | | RevokedHostKeys. bz#3552, ok djm@ OpenBSD-Commit-ID: ce5d8e0219b63cded594c17d4c2958c06918ec0d
* upstream: Like sshd_config, some ssh_config options are notdjm@openbsd.org2023-03-101-3/+3
| | | | | | | first-match-wins. sshd_config.5 was fixed in r1.348, this is the same for this file OpenBSD-Commit-ID: 7be55b9351cde449b136afcc52d07aa4113b215e
* upstream: fix double phrase in previous;jmc@openbsd.org2023-01-141-3/+2
| | | | OpenBSD-Commit-ID: 671e6c8dc5e9230518b2bbfa143daaa88adc66c2
* upstream: Document "UserKnownHostsFile none". ok djm@dtucker@openbsd.org2023-01-141-2/+8
| | | | OpenBSD-Commit-ID: f695742d39e34ecdcc3c861c3739a84648a4bce5
* upstream: New EnableEscapeCommandline ssh_config(5) optiondjm@openbsd.org2022-11-301-2/+8
| | | | | | | | | | This option (default "no") controls whether the ~C escape is available. Turning it off by default means we will soon be able to use a stricter default pledge(2) in the client. feedback deraadt@ dtucker@; tested in snaps for a while OpenBSD-Commit-ID: 7e277595d60acb8263118dcb66554472257b387a
* upstream: The IdentityFile option in ssh_config can also be used todtucker@openbsd.org2022-11-071-2/+6
| | | | | | | | specify a public key file, as documented in ssh.1 for the -i option. Document this also for IdentityFile in ssh_config.5, for documentation completeness. From laalsaas at systemli.org via portable github PR#352, ok jmc@ djm@ OpenBSD-Commit-ID: 2f943be9f96e60ef81a9a4faa25b009999f9883b
* upstream: add a RequiredRSASize for checking RSA key length indjm@openbsd.org2022-09-171-2/+13
| | | | | | | | | | | ssh(1). User authentication keys that fall beneath this limit will be ignored. If a host presents a host key beneath this limit then the connection will be terminated (unfortunately there are no fallbacks in the protocol for host authentication). feedback deraadt, Dmitry Belyavskiy; ok markus@ OpenBSD-Commit-ID: 430e339b2a79fa9ecc63f2837b06fdd88a7da13a
* upstream: make it clear that RekeyLimit applies to both transmitteddjm@openbsd.org2022-06-241-5/+5
| | | | | | and received data. GHPR#328 from Jan Pazdziora OpenBSD-Commit-ID: d180a905fec9ff418a75c07bb96ea41c9308c3f9
* upstream: Note that ProxyJump also accepts the same tokens asdtucker@openbsd.org2022-05-271-3/+5
| | | | | | ProxyCommand. From pallxk via github PR#305. OpenBSD-Commit-ID: 7115ac351b129205f1f1ffa6bbfd62abd76be7c5
* upstream: ssh: document sntrup761x25519-sha512@openssh.com asnaddy@openbsd.org2022-04-061-2/+2
| | | | | | default KEX OpenBSD-Commit-ID: 12545bfa10bcbf552d04d9d9520d0f4e98b0e171
* upstream: man pages: add missing commas between subordinate andnaddy@openbsd.org2022-04-061-4/+4
| | | | | | | | | | | main clauses jmc@ dislikes a comma before "then" in a conditional, so leave those untouched. ok jmc@ OpenBSD-Commit-ID: 9520801729bebcb3c9fe43ad7f9776ab4dd05ea3
* upstream: document the unbound/host-bound options todjm@openbsd.org2022-02-151-4/+11
| | | | | | PubkeyAuthentication; spotted by HARUYAMA Seigo OpenBSD-Commit-ID: 298f681b66a9ecd498f0700082c7a6c46e948981
* upstream: Since they are deprecated, move DSA to the end of thedtucker@openbsd.org2022-02-071-4/+4
| | | | | | | default list of public keys so that they will be tried last. From github PR#295 from "ProBackup-nl", ok djm@ OpenBSD-Commit-ID: 7e5d575cf4971d4e2de92e0b6d6efaba53598bf0
* upstream: add the sntrup761x25519-sha512@openssh.com hybriddjm@openbsd.org2021-11-101-2/+3
| | | | | | | | | | ECDH/x25519 + Streamlined NTRU Prime post-quantum KEX to the default KEXAlgorithms list (after the ECDH methods but before the prime-group DH ones). ok markus@ OpenBSD-Commit-ID: 22b77e27a04e497a10e22f138107579652854210
* upstream: RSA/SHA-1 is not used by default anymorekn@openbsd.org2021-09-261-8/+5
| | | | | | OK dtucker deraadt djm OpenBSD-Commit-ID: 055c51a221c3f099dd75c95362f902da1b8678c6
* upstream: allow CanonicalizePermittedCNAMEs=none in ssh_config; okdjm@openbsd.org2021-09-161-2/+7
| | | | | | markus@ OpenBSD-Commit-ID: 668a82ba8e56d731b26ffc5703213bfe071df623
* upstream: Use .Cm instead of .Dq in StrictHostKeyChecking list fordtucker@openbsd.org2021-09-031-4/+4
| | | | | | consistency. Patch from scop via github PR#257, ok jmc@ OpenBSD-Commit-ID: 3652a91564570779431802c31224fb4a9cf39872
* upstream: Refer to KEX "algorithms" instead of "methods" to matchdtucker@openbsd.org2021-09-031-5/+5
| | | | | | | other references and improve consistency. Patch from scop via github PR#241, ok djm@ OpenBSD-Commit-ID: 840bc94ff6861b28d8603c8e8c16499bfb65e32c
* upstream: mention that CASignatureAlgorithms accepts +/- similarly todjm@openbsd.org2021-08-131-4/+15
| | | | | | the other algorithm list directives; ok jmc bz#3335 OpenBSD-Commit-ID: 0d46b53995817052c78e2dce9dbd133963b073d9
* upstream: Document "ProxyJump none". bz#3334.dtucker@openbsd.org2021-08-061-2/+7
| | | | OpenBSD-Commit-ID: f78cc6f55731f2cd35c3a41d5352ac1ee419eba7
* upstream: fix a formatting error and mark up known_hostsjmc@openbsd.org2021-08-031-5/+6
| | | | | | | | consistently; issues reported by debian at helgefjell de ok djm dtucker OpenBSD-Commit-ID: a1fd8d21dc77f507685443832df0c9700481b0ce
* upstream: Add a ForkAfterAuthentication ssh_config(5) counterpartdjm@openbsd.org2021-07-231-1/+40
| | | | | | | to the ssh(1) -f flag. Last part of GHPR231 from Volker Diels-Grabsch. ok dtucker OpenBSD-Commit-ID: b18aeda12efdebe2093d55263c90fe4ea0bce0d3
* upstream: Add a StdinNull directive to ssh_config(5) that allowsdjm@openbsd.org2021-07-231-2/+18
| | | | | | | the config file to do the same thing as -n does on the ssh(1) commandline. Patch from Volker Diels-Grabsch via GHPR231; ok dtucker OpenBSD-Commit-ID: 66ddf3f15c76796d4dcd22ff464aed1edd62468e
* upstream: reorder SessionType; ok djmjmc@openbsd.org2021-07-161-17/+17
| | | | OpenBSD-Commit-ID: c7dd0b39e942b1caf4976a0b1cf0fed33d05418c
* upstream: add a SessionType directive to ssh_config, allowing thedjm@openbsd.org2021-07-141-2/+17
| | | | | | | | | | configuration file to offer equivalent control to the -N (no session) and -s (subsystem) command-line flags. Part of GHPR#231 by Volker Diels-Grabsch with some minor tweaks; feedback and ok dtucker@ OpenBSD-Commit-ID: 726ee931dd4c5cc7f1d7a187b26f41257f9a2d12
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-01 20:57:40 +0100