upstream: Add tilde and environment variable expansion to

RevokedHostKeys. bz#3552, ok djm@

OpenBSD-Commit-ID: ce5d8e0219b63cded594c17d4c2958c06918ec0d

1 files changed, 11 insertions, 2 deletions

diff --git a/ssh_config.5 b/ssh_config.5
index c56b9d7b..0b7d4d19 100644
--- a/ssh_config.5
+++ b/ssh_config.5
@@ -33,8 +33,8 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: ssh_config.5,v 1.379 2023/03/10 02:32:04 djm Exp $
-.Dd $Mdocdate: March 10 2023 $
+.\" $OpenBSD: ssh_config.5,v 1.380 2023/03/27 03:56:11 dtucker Exp $
+.Dd $Mdocdate: March 27 2023 $
 .Dt SSH_CONFIG 5
 .Os
 .Sh NAME
@@ -1665,6 +1665,14 @@ an OpenSSH Key Revocation List (KRL) as generated by
 .Xr ssh-keygen 1 .
 For more information on KRLs, see the KEY REVOCATION LISTS section in
 .Xr ssh-keygen 1 .
+Arguments to
+.Cm RevokedHostKeys
+may use the tilde syntax to refer to a user's home directory,
+the tokens described in the
+.Sx TOKENS
+section and environment variables as described in the
+.Sx ENVIRONMENT VARIABLES
+section.
 .It Cm SecurityKeyProvider
 Specifies a path to a library that will be used when loading any
 FIDO authenticator-hosted keys, overriding the default of using
@@ -2135,6 +2143,7 @@ The local username.
 .Cm Match exec ,
 .Cm RemoteCommand ,
 .Cm RemoteForward ,
+.Cm RevokedHostKeys ,
 and
 .Cm UserKnownHostsFile
 accept the tokens %%, %C, %d, %h, %i, %k, %L, %l, %n, %p, %r, and %u.