add some cautionary text about % token expansion and shell metacharacters;

author djm <djm@openbsd.org>

Wed, 4 Oct 2023 04:03:50 +0000 (04:03 +0000)

committer djm <djm@openbsd.org>

Wed, 4 Oct 2023 04:03:50 +0000 (04:03 +0000)
author djm <djm@openbsd.org>
Wed, 4 Oct 2023 04:03:50 +0000 (04:03 +0000)
committer djm <djm@openbsd.org>
Wed, 4 Oct 2023 04:03:50 +0000 (04:03 +0000)
diff --git a/usr.bin/ssh/ssh_config.5 b/usr.bin/ssh/ssh_config.5

index 6f526b6..84ec99d 100644 (file)
--- a/usr.bin/ssh/ssh_config.5
+++ b/usr.bin/ssh/ssh_config.5
@@ -33,8 +33,8 @@
  .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
  .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  .\"
-.\" $OpenBSD: ssh_config.5,v 1.386 2023/08/28 09:52:09 djm Exp $
-.Dd $Mdocdate: August 28 2023 $
+.\" $OpenBSD: ssh_config.5,v 1.387 2023/10/04 04:03:50 djm Exp $
+.Dd $Mdocdate: October 4 2023 $
  .Dt SSH_CONFIG 5
  .Os
  .Sh NAME
@@ -2207,6 +2207,16 @@ accepts all tokens.
  and
  .Cm ProxyJump
  accept the tokens %%, %h, %n, %p, and %r.
+.Pp
+Note that some of these directives build commands for execution via the shell.
+Because
+.Xr ssh 1
+performs no filtering or escaping of characters that have special meaning in
+shell commands (e.g. quotes), it is the user's reposibility to ensure that
+the arguments passed to
+.Xr ssh 1
+do not contain such characters and that tokens are appropriately quoted
+when used.
  .Sh ENVIRONMENT VARIABLES
  Arguments to some keywords can be expanded at runtime from environment
  variables on the client by enclosing them in
author	djm <djm@openbsd.org>
	Wed, 4 Oct 2023 04:03:50 +0000 (04:03 +0000)
committer	djm <djm@openbsd.org>
	Wed, 4 Oct 2023 04:03:50 +0000 (04:03 +0000)