From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on inbox.vuxu.org X-Spam-Level: X-Spam-Status: No, score=-3.4 required=5.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,MAILING_LIST_MULTI,RCVD_IN_DNSWL_MED autolearn=ham autolearn_force=no version=3.4.4 Received: (qmail 16979 invoked from network); 15 Mar 2023 23:45:09 -0000 Received: from zero.zsh.org (2a02:898:31:0:48:4558:7a:7368) by inbox.vuxu.org with ESMTPUTF8; 15 Mar 2023 23:45:09 -0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=zsh.org; s=rsa-20210803; h=List-Archive:List-Owner:List-Post:List-Unsubscribe: List-Subscribe:List-Help:List-Id:Sender:Message-ID:Date: Content-Transfer-Encoding:Content-ID:Content-Type:MIME-Version:Subject:To: From:Reply-To:Cc:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References; bh=Rwbl10uPZQI6YMk6QtACBP+6xfSADQjfbpQVqqvSdf0=; b=cVroI+h+kmV2rmKcBX6HxgSyxY ngaogFpimpqH+GLn1VMe7B7HDo+z7Lkx3doFARWkv5UIX2E7pQkKgBNc9TS3dVIqzP0Nd/kcIgzPl HLAQbFFUO5rviI0hDxboR3mbBZRhc1SNDr5pVDJRuSGU9IalpWbciJ7tDsTTC9DtyrRGfZXgEsDZf ykv5IY/kVQ5Rmfb9iDL2zN0oRMJ37xnh2GIjIrP5w0Z+RGYK8IE95bGR3yWwD21MSy6VMmknbYLes yE31IC4ok9II8PCi3Ix1uYJIMSLfS19cWrFAhk/cF/Z9DQl//z0p1GIb0DgMYjHnzLUH0psjzGHKk AVYSTp5A==; Received: by zero.zsh.org with local id 1pcans-000Ib1-Tk; Wed, 15 Mar 2023 23:45:09 +0000 Received: by zero.zsh.org with esmtpsa (TLS1.3:TLS_AES_256_GCM_SHA384:256) id 1pcanK-000IHa-K6; Wed, 15 Mar 2023 23:44:34 +0000 Received: from [192.168.178.21] (helo=hydra) by mail.kiddle.eu with esmtp(Exim 4.95) (envelope-from ) id 1pcanJ-000Fo7-96 for zsh-workers@zsh.org; Thu, 16 Mar 2023 00:44:33 +0100 From: Oliver Kiddle To: Zsh workers Subject: PATCH: update completion for openssh 9.3 MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-ID: <60765.1678923872.1@hydra> Content-Transfer-Encoding: quoted-printable Date: Thu, 16 Mar 2023 00:44:32 +0100 Message-ID: <60766-1678923872.988828@cute.xzNL.aEIA> X-Seq: 51582 Archived-At: X-Loop: zsh-workers@zsh.org Errors-To: zsh-workers-owner@zsh.org Precedence: list Precedence: bulk Sender: zsh-workers-request@zsh.org X-no-archive: yes List-Id: List-Help: , List-Subscribe: , List-Unsubscribe: , List-Post: List-Owner: List-Archive: A good proportion of this patch is applying _numbers to old options rather than adding new options. ssh allows things like 1h30m which _numbers doesn't handle (but could?). 9.3 was actually only released today but the only change since 9.2 is ssh-keyscan -O. I was more interested to test the newish features for limiting keys by destination with ssh-add but that needs server support so I'll have to wait. That also doesn't seem especially convenient to use because ssh-add doesn't have a configuration file so aliases may be needed. In terms of the effects on the completion there are more changes relating to scp now using sftp underneath. Oliver diff --git a/Completion/Unix/Command/_ssh b/Completion/Unix/Command/_ssh index 2385272f1..e9ca454b4 100644 --- a/Completion/Unix/Command/_ssh +++ b/Completion/Unix/Command/_ssh @@ -18,14 +18,18 @@ _ssh () { '*-o+[specify extra options]:option string:->option' ) common_transfer=3D( + '(-O)-D+[connect directly to a local sftp server]:sftp server path:_c= ommand_names -e' '-J+[connect via a jump host]: :->userhost' '-l+[limit used bandwidth]:bandwidth (Kbit/s)' '-P+[specify port on remote host]:port number on remote host' '-p[preserve modification times, access times and modes]' '-q[disable progress meter and warnings]' '-r[recursively copy directories (follows symbolic links)]' - '-S+[specify ssh program]:path to ssh:_command_names -e' \ + '-S+[specify ssh program]:path to ssh:_command_names -e' '-v[verbose mode]' + '*(-O)-X+[specify sftp protocol option]: : _values "sftp option" + "nrequests[set max concurrent SFTP read or write requests]\:request= s [64]" + "buffer[set max buffer size for a single SFTP read/write operation]= \: \:_numbers -l 0 -m 256K -d 32K -u bytes -f size \:B\:bytes \:K\:kilobyt= es"' ) algopt=3D'-E+[specify hash algorithm for fingerprints]:algorithm:(md5 s= ha256)' = @@ -58,7 +62,7 @@ _ssh () { '(-v)*-q[quiet operation]' \ '*-R+[specify remote port forwarding]:remote port forwarding:->forw= ard' \ '-S+[specify location of control socket for connection sharing]:pat= h to control socket:_files' \ - '-Q+[query parameters]:query option:((cipher\:"supported symmetric = ciphers" cipher-auth\:"supported symmetric ciphers that support authentica= ted encryption" mac\:"supported message integrity codes" kex\:"key exchang= e algorithms" key\:"key types" key-cert\:"certificate key types" key-plain= \:"non-certificate key types" protocol-version\:"supported SSH protocol ve= rsions" sig\:"supported signature algorithms" help\:"show supported querie= s"))' \ + '-Q+[query parameters]:query option:((cipher\:"supported symmetric = ciphers" cipher-auth\:"supported symmetric ciphers that support authentica= ted encryption" compression mac\:"supported message integrity codes" kex\:= "key exchange algorithms" kex-gss\:"GSSAPI key exchange algorithms" key\:"= key types" key-cert\:"certificate key types" key-plain\:"non-certificate k= ey types" key-sig\:"all key types and signature algorithms" protocol-versi= on\:"supported SSH protocol versions" sig\:"supported signature algorithms= " help\:"show supported queries" HostbasedAcceptedAlgorithms HostKeyAlgori= thms KexAlgorithms MACs PubkeyAcceptedAlgorithms))' \ '-s[invoke subsystem]' \ '(-t)-T[disable pseudo-tty allocation]' \ "(-T)*-t[force pseudo-tty allocation${tdesc}]" \ @@ -76,7 +80,8 @@ _ssh () { scp) _arguments -C -s \ '-3[copy through local host, not directly between the remote hosts]= ' \ - '-B[batch mode (don'\''t ask for passphrases)]' \ + "-B[batch mode (don't ask for passwords or passphrases)]" \ + '(-D -X)-O[use the original SCP protocol instead of the SFTP protoc= ol]' \ '-T[disable strict filename checking]' \ '*:file:->file' "$common[@]" "$common_transfer[@]" && ret=3D0 ;; @@ -95,12 +100,14 @@ _ssh () { '--apple-load-keychain[add identities from keychain]' '--apple-use-keychain[update keychain when adding/removing identiti= es]' ) - _arguments -s : $args \ + _arguments -C -s : $args \ '-c[identity is subject to confirmation via SSH_ASKPASS]' \ '-D[delete all identities]' \ '-d[remove identity]' \ $algopt \ '-e+[remove keys provided by the PKCS#11 shared library]:library:_f= iles -g "*.(so|dylib)(|.<->)(-.)"' \ + '*-H[specify a known hosts file to look up hostkeys]:known hosts fi= le:_files' \ + '*-h[constrain keys to specific hosts or destinations]:destination:= ->destinations' \ '-k[load plain private keys only and skip certificates]' \ '-K[load resident keys from a FIDO authenticator]' \ '-L[list public key parameters of all identities in the agent]'\ @@ -109,14 +116,13 @@ _ssh () { '-M+[specify maximum number of signatures]:number' \ '-S+[use specified library when adding FIDO authenticator-hosted ke= ys]:library:_files' \ '-s+[add keys provided by the PKCS#11 shared library]:library:_file= s -g "*.(so|dylib)(|.<->)(-.)"' \ - '-t+[set maximum lifetime for identity]:maximum lifetime (in second= s or time format):' \ + '-t+[set maximum lifetime for identity]: :_numbers -u seconds "maxi= mum lifetime" \:s\:seconds m\:minutes h\:hours d\:days w\:weeks' \ "-T[test usability of identity files' private keys]:*:public key fi= le:_files -g '*.pub(-.)'" \ '*-v[verbose mode]' \ '-q[be quiet after a successful operation]' \ '-X[unlock the agent]' \ '-x[lock the agent with a password]' \ - '*:SSH identity file:_files' - return + '*:SSH identity file:_files' && ret=3D0 ;; ssh-agent) _arguments -s \ @@ -128,7 +134,7 @@ _ssh () { '-k[kill current agent]' \ '(-k)-P[specify PKCS#11 shared library whitelist]:PKCS#11 library w= hitelist pattern' \ '(-k -c)-s[force sh-style shell]' \ - '-t[set default maximum lifetime for identities]:maximum lifetime (= in seconds or time format):' \ + '-t+[set default maximum lifetime for identities]: :_numbers -u sec= onds "maximum lifetime" \:s\:seconds m\:minutes h\:hours d\:days w\:weeks'= \ '-v[verbose mode]' \ '*::command: _normal' return @@ -183,15 +189,13 @@ _ssh () { case ${words[arg]#-Y} in ^find-*) sigargs+=3D( "$p1-n+[specify namespace]:namespace" ) ;| check*|find*|verify) - sigargs+=3D( "$p1-s+[specify signature file]:signature file:-files" ) + sigargs+=3D( "$p1-s+[specify signature file]:signature file:_files" ) ;| + match*|verify) sigargs+=3D( '-I+[specify signer identity]:identit= y' ) ;| sign) sigargs+=3D( '*:file:_files' ) ;; verify) args=3D() - sigargs+=3D( - '-I+[specify signer identity]:identity' - '-r+[specify revocation file]:revocation file:_files' - ) + sigargs+=3D( '-r+[specify revocation file]:revocation file:_files' ) ;; esac fi @@ -235,12 +239,6 @@ _ssh () { "($cmn)-L[print the contents of a certificate]" \ "(${${(@)cmn:#-a}})-A[generate host keys for all key types]" \ "($cmn)-Q[test whether keys have been revoked in a KRL]" \ - "($cmn)-Y+[signature action]:action:(( - find-principals\:find\ the\ principal\ associated\ with\ the\ pub= lic\ key\ of\ a\ signature - sign\:sign\ a\ file\ using\ SSH\ key - verify\:verify\ a\ signature\ generated\ using\ the\ sign\ option - check-novalidate\:check\ signature\ structure - ))" \ - finger \ "$p1($cmn)$algopt" \ - create \ @@ -260,6 +258,13 @@ _ssh () { "($cmn -I -h -n -D -O -U -V)-k[generate a KRL file]" \ "$p1($cmn -I -h -n -D -O -U -V)-u[update a KRL]" \ - signature \ + "(${${(@)cmn:#-O}})-Y+[signature action]:action:(( + find-principals\:find\ the\ principal\ associated\ with\ the\ pub= lic\ key\ of\ a\ signature + sign\:sign\ a\ file\ using\ SSH\ key + verify\:verify\ a\ signature\ generated\ using\ the\ sign\ option + check-novalidate\:check\ signature\ structure + match-principals\:find\ matching\ principal + ))" \ $sigargs return ;; @@ -271,8 +276,10 @@ _ssh () { '-D[print keys found as SSHFP DNS records]' \ '*-f+[read hosts from file, one per line]:file:_files' \ '-H[hash all hostnames and addresses in the output]' \ + '-O+[specify a key/value option]: : _values option + "hashalg[select a hash algorithm to use with -D]\:algorithm [both= ]\:(sha1 sha256)"' \ '-p+[specify port on remote host]:port number on remote host' \ - '-T+[specify timeout]:timeout (seconds) [5]' \ + '-T+[specify timeout]: :_numbers -u seconds -d 5 timeout \:s\:secon= ds m\:minutes h\:hours d\:days w\:weeks' \ '-t+[specify key types to fetch from scanned hosts]:key type:_seque= nce compadd - rsa dsa ecdsa ed25519' \ '-v[verbose mode]' return @@ -282,7 +289,6 @@ _ssh () { '-a[attempt to continue interrupted transfers]' \ '-B+[specify buffer size]:buffer size (bytes) [32768]' \ '-b+[specify batch file to read]:batch file:_files' \ - '-D+[connect directly to a local sftp server]:sftp server path' \ '-f[request that files be flushed immediately after transfer]' \ '-N[disable implicit quiet mode set by -b]' \ '-R+[specify number of outstanding requests]:number of requests [64= ]' \ @@ -309,22 +315,37 @@ _ssh () { option) if compset -P 1 '*=3D'; then case "${IPREFIX#-o}" in - (#i)(ciphers|macs|kexalgorithms|hostkeyalgorithms|pubkeyaccepte= dkeytypes|hostbasedkeytypes)=3D) - if ! compset -P '[+-]'; then - _wanted prefix expl 'relative to default' compadd - + - && re= t=3D0 + (#i)(ciphers|macs|kexalgorithms|hostkeyalgorithms|pubkeyaccepte= dalgorithms)=3D) + local sep + zstyle -s ":completion:${curcontext}:" list-separator sep || se= p=3D-- + if ! compset -P '[+-^]'; then + _wanted prefix expl 'relative to default' compadd -S '' -d \ + "( + +\ $sep\ append\ to\ default\ list + -\ $sep\ remove\ from\ default\ list + ^\ $sep\ insert\ at\ head\ of\ default\ list + )" - + - \^ && ret=3D0 fi ;; esac case "${IPREFIX#-o}" in - (#i)(afstokenpassing|batchmode|canonicalizefallbacklocal|challeng= eresponseauthentication|checkhostip|clearallforwardings|compression|enable= sshkeysign|exitonforwardfailure|fallbacktorsh|forward(agent|x11)|forwardx1= 1trusted|gatewayports|gssapiauthentication|gssapidelegatecredentials|gssap= ikeyexchange|gssapirenewalforcesrekey|gssapitrustdns|hashknownhosts|hostba= sedauthentication|identitiesonly|kbdinteractiveauthentication|(tcp|)keepal= ive|nohostauthenticationforlocalhost|passwordauthentication|permitlocalcom= mand|proxyusefdpass|pubkeyauthentication|rhosts(|rsa)authentication|rsaaut= hentication|streamlocalbindunlink|usersh|kerberos(authentication|tgtpassin= g)|useprivilegedport|visualhostkey)=3D*) + (#i)(batchmode|canonicalizefallbacklocal|checkhostip|clearallforw= ardings|compression|enableescapecommandline|enablesshkeysign|exitonforward= failure|fallbacktorsh|forkafterauthentication|forward(agent|x11)|forwardx1= 1trusted|gatewayports|gssapiauthentication|gssapidelegatecredentials|gssap= ikeyexchange|gssapirenewalforcesrekey|gssapitrustdns|hashknownhosts|hostba= sedauthentication|identitiesonly|kbdinteractiveauthentication|tcpkeepalive= |nohostauthenticationforlocalhost|passwordauthentication|permitlocalcomman= d|permitremoteopen|proxyusefdpass|stdinnull|streamlocalbindunlink|visualho= stkey)=3D*) _wanted values expl 'truth value' compadd yes no && ret=3D0 ;; + (#i)addkeystoagent=3D*) + _alternative \ + 'timeouts: :_numbers -u seconds "time interval" :s:seconds m:= minutes h:hours d:days w:weeks' \ + 'values:value:(yes no ask confirm)' && ret=3D0 + ;; (#i)addressfamily=3D*) _wanted values expl 'address family' compadd any inet inet6 && = ret=3D0 ;; (#i)bindaddress=3D*) _wanted bind-addresses expl 'bind address' _bind_addresses && r= et=3D0 ;; + (#i)bindinterface=3D*) + _wanted bind-interfaces expl 'bind interface' _network_interfac= es && ret=3D0 + ;; (#i)canonicaldomains=3D*) _message -e 'canonical domains (space separated)' && ret=3D0 ;; @@ -340,23 +361,27 @@ _ssh () { (#i)ciphers=3D*) state=3Dciphers ;; + (#i)certificatefile=3D*) + _description files expl 'file' + _files "$expl[@]" && ret=3D0 + ;; (#i)connectionattempts=3D*) _message -e 'connection attempts' && ret=3D0 ;; (#i)connecttimeout=3D*) - _message -e 'connection timeout' && ret=3D0 + _numbers -u seconds timeout :s:seconds m:minutes h:hours d:days= w:weeks && ret=3D0 ;; (#i)controlmaster=3D*) - _wanted values expl 'truthish value' compadd yes no auto autoas= k && ret=3D0 + _wanted values expl 'truthish value' compadd yes no auto ask au= toask && ret=3D0 ;; (#i)controlpath=3D*) _description files expl 'path to control socket' _files "$expl[@]" && ret=3D0 ;; (#i)controlpersist=3D*) - _message -e 'timeout' - ret=3D0 - _wanted values expl 'truth value' compadd yes no && ret=3D0 + _alternative \ + 'timeouts: :_numbers -u seconds timeout :s:seconds m:minutes = h:hours d:days w:weeks' \ + 'values:truth value:(yes no)' && ret=3D0 ;; (#i)escapechar=3D*) _message -e 'escape character (or `none'\'')' @@ -377,9 +402,10 @@ _ssh () { (#i)hostname=3D*) _wanted hosts expl 'real host name to log into' _ssh_hosts && r= et=3D0 ;; - (#i)(hostbasedkeytypes|hostkeyalgorithms|pubkeyacceptedkeytypes)=3D= *) - _wanted key-types expl 'key type' _sequence compadd - $(_call_program = key-types ssh -Q key) && ret=3D0 - ;; + (#i)identityagent=3D*) + _description files expl 'socket file' + _files -g "*(-=3D)" "$expl[@]" && ret=3D0 + ;; (#i)identityfile=3D*) _description files expl 'SSH identity file' _files "$expl[@]" && ret=3D0 @@ -410,13 +436,16 @@ _ssh () { _values -s , 'keyboard-interactive authentication method' \ 'bsdauth' 'pam' 'skey' && ret=3D0 ;; - (#i)(kexalgorithms|gssapikexalgorithms)=3D*) + (#i)kexalgorithms=3D*) _wanted algorithms expl 'key exchange algorithm' _sequence comp= add - \ $(_call_program algorithms ssh -Q kex) && ret=3D0 ;; - (#i)localcommand=3D*) - _description commands expl 'run command locally after connectin= g' - _command_names && ret=3D0 + (#i)gssapikexalgorithms=3D*) + _wanted algorithms expl 'key exchange algorithm' _sequence comp= add - \ + $(_call_program algorithms ssh -Q kex-gss) && ret=3D0 + ;; + (#i)(local|knownhosts)command=3D*) + _command_names -e && ret=3D0 ;; (#i)loglevel=3D*) _values 'log level' QUIET FATAL ERROR INFO VERBOSE\ @@ -429,8 +458,8 @@ _ssh () { _message -e 'number of password prompts' ret=3D0 ;; - (#i)pkcs11provider=3D*) - _description files expl 'PKCS#11 shared library' + (#i)(pkcs11|securitykey)provider=3D*) + _description files expl 'shared library' _files -g '*.(so|dylib)(|.<->)(-.)' "$expl[@]" && ret=3D0 ;; (#i)port=3D*) @@ -441,6 +470,17 @@ _ssh () { _values -s , 'authentication method' gssapi-with-mic \ hostbased publickey keyboard-interactive password && ret=3D= 0 ;; + (#i)proxyjump=3D*) + compset -P "* " + state=3Duserhost + ;; + (#i)(hostkey|(hostbased|pubkey)accepted)algorithms=3D*) + _wanted key-types expl 'key type' _sequence compadd - \ + $(_call_program key-types ssh -Q key-sig) && ret=3D0 + ;; + (#i)pubkeyauthentication=3D*) + _wanted values expl 'enable' compadd yes no unbound host-bound = && ret=3D0 + ;; (#i)protocol=3D*) _values -s , 'protocol version' \ '1' \ @@ -450,7 +490,13 @@ _ssh () { _cmdstring && ret=3D0 ;; (#i)rekeylimit=3D*) - _message -e 'maximum number of bytes transmitted before renegot= iating session key' + if compset -P "* "; then + _numbers -u seconds "maximum time before renegotiating sessio= n key" \ + :s:seconds h:hours d:days w:weeks + else + _numbers -u bytes "maximum amount of data transmitted before = renegotiating session key" \ + K:kilobytes M:megabytes G:gigabytes + fi ret=3D0 ;; (#i)requesttty=3D*) @@ -460,6 +506,9 @@ _ssh () { 'force[always request a TTY]' \ 'auto[request a TTY when opening a login session]' && ret=3D= 0 ;; + (#i)requiredrsasize=3D) + _wanted sizes expl 'minimum size [1024]' compadd 1024 2048 4096= && ret=3D0 + ;; (#i)revokedhostkeys=3D*) _description files expl 'revoked host keys file' _files "$expl[@]" && ret=3D0 @@ -478,6 +527,9 @@ _ssh () { (#i)streamlocalbindmask=3D*) _message -e 'octal mask' && ret=3D0 ;; + (#i)sessiontype=3D*) + _wanted session-types expl "session type" compadd none subsyste= m default && ret=3D0 + ;; (#i)stricthostkeychecking=3D*) _wanted values expl 'value' compadd yes no ask accept-new off &= & ret=3D0 ;; @@ -512,15 +564,18 @@ _ssh () { _description files expl 'xauth program' _files "$expl[@]" -g '*(-*)' && ret=3D0 ;; + *) _message -e values value ;; esac else - # old options are after the empty "\"-line + # Include, Host and Match not supported from the command-line + # final GSSAPI options are not in upstream but are widely patched= in _wanted values expl 'configure file option' \ compadd -M 'm:{a-z}=3D{A-Z} r:[^A-Z]||[A-Z]=3D* r:|=3D*' -q -= S '=3D' - \ AddKeysToAgent \ AddressFamily \ BatchMode \ BindAddress \ + BindInterface \ CanonicalDomains \ CanonicalizeFallbackLocal \ CanonicalizeHostname \ @@ -528,7 +583,6 @@ _ssh () { CanonicalizePermittedCNAMEs \ CASignatureAlgorithms \ CertificateFile \ - ChallengeResponseAuthentication \ CheckHostIP \ Ciphers \ ClearAllForwardings \ @@ -539,10 +593,12 @@ _ssh () { ControlPath \ ControlPersist \ DynamicForward \ + EnableEscapeCommandline \ EnableSSHKeysign \ EscapeChar \ ExitOnForwardFailure \ FingerprintHash \ + ForkAfterAuthentication \ ForwardAgent \ ForwardX11 \ ForwardX11Timeout \ @@ -550,19 +606,13 @@ _ssh () { GatewayPorts \ GlobalKnownHostsFile \ GSSAPIAuthentication \ - GSSAPIClientIdentity \ GSSAPIDelegateCredentials \ - GSSAPIKeyExchange \ - GSSAPIRenewalForcesRekey \ - GSSAPIServerIdentity \ - GSSAPITrustDns \ - GSSAPIKexAlgorithms \ HashKnownHosts \ + HostbasedAcceptedAlgorithms \ HostbasedAuthentication \ - HostbasedKeyTypes \ HostKeyAlgorithms \ HostKeyAlias \ - HostName \ + Hostname \ IdentitiesOnly \ IdentityAgent \ IdentityFile \ @@ -571,33 +621,38 @@ _ssh () { KbdInteractiveAuthentication \ KbdInteractiveDevices \ KexAlgorithms \ + KnownHostsCommand \ LocalCommand \ LocalForward \ LogLevel \ + LogVerbose \ MACs \ NoHostAuthenticationForLocalhost \ NumberOfPasswordPrompts \ PasswordAuthentication \ PermitLocalCommand \ + PermitRemoteOpen \ PKCS11Provider \ Port \ PreferredAuthentications \ ProxyCommand \ ProxyJump \ ProxyUseFdpass \ - PubkeyAcceptedKeyTypes \ PubkeyAuthentication \ + PubkeyAcceptedAlgorithms \ RekeyLimit \ RemoteCommand \ RemoteForward \ RequestTTY \ + RequiredRSASize \ RevokedHostKeys \ - RhostsRSAAuthentication \ - RSAAuthentication \ + SecurityKeyProvider \ SendEnv \ ServerAliveCountMax \ ServerAliveInterval \ SetEnv \ + SessionType \ + StdinNull \ StreamLocalBindMask \ StreamLocalBindUnlink \ StrictHostKeyChecking \ @@ -606,24 +661,17 @@ _ssh () { Tunnel \ TunnelDevice \ UpdateHostKeys \ - UsePrivilegedPort \ User \ UserKnownHostsFile \ VerifyHostKeyDNS \ VisualHostKey \ XAuthLocation \ - \ - AFSTokenPassing \ - FallBackToRsh \ - KeepAlive \ - KerberosAuthentication \ - KerberosTgtPassing \ - PreferredAuthentications \ - ProtocolKeepAlives \ - RhostsAuthentication \ - SetupTimeOut \ - SmartcardDevice \ - UseRsh \ + GSSAPIClientIdentity \ + GSSAPIKeyExchange \ + GSSAPIRenewalForcesRekey \ + GSSAPIServerIdentity \ + GSSAPITrustDns \ + GSSAPIKexAlgorithms \ && ret=3D0 fi ;; @@ -693,6 +741,10 @@ _ssh () { _normal return ;; + destinations) + compset -P 1 '*>' + compset -S '>*' + ;& # fall-through userhost) if compset -P '*@'; then _wanted hosts expl 'remote host name' _ssh_hosts && ret=3D0