- jmc@cvs.openbsd.org 2006/02/24 10:25:14

[ssh_config.5] add section on patterns; from dtucker + myself
2006-03-15 11:54:05 +11:00 · 2006-03-15 11:54:05 +11:00 · 6def55171f
parent c7b06369a8
commit 6def55171f
2 changed files with 48 additions and 12 deletions
--- a/6
+++ b/6
@ -150,6 +150,10 @@
     [canohost.c clientloop.c includes.h match.c readconf.c scp.c ssh.c]
     [sshconnect.c]
     move #include <ctype.h> out of includes.h; ok djm@
+   - jmc@cvs.openbsd.org 2006/02/24 10:25:14
+     [ssh_config.5]
+     add section on patterns;
+     from dtucker + myself

 20060313
 - (dtucker) [configure.ac] Bug #1171: Don't use printf("%lld", longlong)
@ -4051,4 +4055,4 @@
   - (djm) Trim deprecated options from INSTALL. Mention UsePAM
   - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu

-$Id: ChangeLog,v 1.4181 2006/03/15 00:53:45 djm Exp $
+$Id: ChangeLog,v 1.4182 2006/03/15 00:54:05 djm Exp $
--- a/ssh_config.5
+++ b/ssh_config.5
@ -34,7 +34,7 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: ssh_config.5,v 1.79 2006/02/19 20:12:25 jmc Exp $
+.\" $OpenBSD: ssh_config.5,v 1.80 2006/02/24 10:25:14 jmc Exp $
 .Dd September 25, 1999
 .Dt SSH_CONFIG 5
 .Os
@ -73,13 +73,47 @@ The matched host name is the one given on the command line.
 Since the first obtained value for each parameter is used, more
 host-specific declarations should be given near the beginning of the
 file, and general defaults at the end.
+.Sh PATTERNS
+A
+.Em pattern
+consists of zero or more non-whitespace characters,
+.Sq *
+(a wildcard that matches zero or more characters),
+or
+.Sq ?\&
+(a wildcard that matches exactly one character).
+For example, to specify a set of declarations for any host in the
+.Dq .co.uk
+set of domains,
+the following pattern could be used:
 .Pp
+.Dl Host *.co.uk
+.Pp
+The following pattern
+would match any host in the 192.168.0.[0-9] network range:
+.Pp
+.Dl Host 192.168.0.?
+.Pp
+A
+.Em pattern-list
+is a comma-separated list of patterns.
+Patterns within pattern-lists may be negated
+by preceding them with an exclamation mark
+.Pq Sq !\& .
+For example,
+to allow a key to be used from anywhere within an organisation
+except from the
+.Dq dialup
+pool,
+the following entry (in authorized_keys) could be used:
+.Pp
+.Dl from=\&"!*.dialup.example.com,*.example.com\&"
+.Sh FILE FORMAT
 The configuration file has the following format:
 .Pp
 Empty lines and lines starting with
 .Ql #
 are comments.
-.Pp
 Otherwise a line is of the format
 .Dq keyword arguments .
 Configuration options may be separated by whitespace or
@ -103,15 +137,13 @@ Restricts the following declarations (up to the next
 .Cm Host
 keyword) to be only for those hosts that match one of the patterns
 given after the keyword.
-.Ql \&*
-and
-.Ql \&?
-can be used as wildcards in the
-patterns.
 A single
 .Ql \&*
 as a pattern can be used to provide global
 defaults for all hosts.
+See
+.Sx PATTERNS
+for more information on patterns.
 The host is the
 .Ar hostname
 argument given on the command line (i.e., the name is not converted to
@ -805,10 +837,10 @@ Refer to
 in
 .Xr sshd_config 5
 for how to configure the server.
-Variables are specified by name, which may contain the wildcard characters
-.Ql \&*
-and
-.Ql \&? .
+Variables are specified by name, which may contain wildcard characters.
+See
+.Sx PATTERNS
+for more information on patterns.
 Multiple environment variables may be separated by whitespace or spread
 across multiple
 .Cm SendEnv