diff options
Diffstat (limited to 'Completion/Unix/Command/_ssh')
| -rw-r--r-- | Completion/Unix/Command/_ssh | 112 |
1 files changed, 73 insertions, 39 deletions
diff --git a/Completion/Unix/Command/_ssh b/Completion/Unix/Command/_ssh index d1bd8f04b..0775590e6 100644 --- a/Completion/Unix/Command/_ssh +++ b/Completion/Unix/Command/_ssh @@ -3,13 +3,13 @@ # TODO: sshd, ssh-keysign _ssh () { - local curcontext="$curcontext" state line expl suf ret=1 - local args common common_transfer algopt tmp p1 file cmn cmds sdesc + local curcontext="$curcontext" state line expl suf arg ret=1 + local args sigargs common common_transfer algopt tmp p1 file cmn cmds sdesc tdesc typeset -A opt_args common=( - '(-6)-4[forces ssh to use IPv4 addresses only]' - '(-4)-6[forces ssh to use IPv6 addresses only]' + '(-6)-4[force ssh to use IPv4 addresses only]' + '(-4)-6[force ssh to use IPv6 addresses only]' '-C[compress data]' '-c+[select encryption cipher]:encryption cipher:->ciphers' '-F+[specify alternate config file]:config file:_files' @@ -17,6 +17,7 @@ _ssh () { '*-o+[specify extra options]:option string:->option' ) common_transfer=( + '-J+[connect via a jump host]: :->userhost' '-l+[limit used bandwidth]:bandwidth (Kbit/s)' '-P+[specify port on remote host]:port number on remote host' '-p[preserve modification times, access times and modes]' @@ -29,6 +30,7 @@ _ssh () { case "$service" in ssh) + (( $+words[(r)-[^-]#t*] )) && tdesc=' even if there is no controlling tty' _arguments -C -s \ '(-a)-A[enable forwarding of the authentication agent connection]' \ '(-A)-a[disable forwarding of authentication agent connection]' \ @@ -59,7 +61,7 @@ _ssh () { '-Q+[query parameters]:query option:((cipher\:"supported symmetric ciphers" cipher-auth\:"supported symmetric ciphers that support authenticated encryption" mac\:"supported message integrity codes" kex\:"key exchange algorithms" key\:"key types" key-cert\:"certificate key types" key-plain\:"non-certificate key types" protocol-version\:"supported SSH protocol versions" sig\:"supported signature algorithms" help\:"show supported queries"))' \ '-s[invoke subsystem]' \ '(-t)-T[disable pseudo-tty allocation]' \ - '(-T)-t[force pseudo-tty allocation]' \ + "(-T)*-t[force pseudo-tty allocation${tdesc}]" \ '-V[show version number]' \ '(-q)*-v[verbose mode (multiple increase verbosity, up to 3)]' \ '-W+[forward standard input and output to host]:stdinout forward:->hostport' \ @@ -75,6 +77,7 @@ _ssh () { _arguments -C -s \ '-3[copy through local host, not directly between the remote hosts]' \ '-B[batch mode (don'\''t ask for passphrases)]' \ + '-T[disable strict filename checking]' \ '*:file:->file' "$common[@]" "$common_transfer[@]" && ret=0 ;; ssh-add) @@ -95,6 +98,8 @@ _ssh () { '-M+[specify maximum number of signatures]:number' \ '-s+[add keys provided by the PKCS#11 shared library]:library:_files -g "*.(so|dylib)(|.<->)(-.)"' \ '-t+[set maximum lifetime for identity]:maximum lifetime (in seconds or time format):' \ + "-T[test usability of identity files' private keys]:*:public key file:_files -g '*.pub(-.)'" \ + '-v[verbose mode]' \ '-q[be quiet after a successful operation]' \ '-X[unlock the agent]' \ '-x[lock the agent with a password]' \ @@ -103,7 +108,7 @@ _ssh () { ;; ssh-agent) _arguments -s \ - '(-k)-a+[UNIX-domain socket to bind agent to]:UNIX-domain socket:_files' \ + '(-k)-a+[specify UNIX-domain socket to bind agent to]:UNIX-domain socket:_files' \ '(-k -s)-c[force csh-style shell]' \ '(-k)-d[debug mode]' \ '(-k)-D[foreground mode]' \ @@ -112,6 +117,7 @@ _ssh () { '(-k)-P[specify PKCS#11 shared library whitelist]:PKCS#11 library whitelist pattern' \ '(-k -c)-s[force sh-style shell]' \ '-t[set default maximum lifetime for identities]:maximum lifetime (in seconds or time format):' \ + '-v[verbose mode]' \ '*::command: _normal' return ;; @@ -120,53 +126,71 @@ _ssh () { (( CURRENT == 2 )) && p1='!' args=( '!-z:number' ) sdesc='certify keys with CA key' - (( $+words[(r)-s] )) && args=( '-z[specify serial number]:serial number' ) + (( $+words[(r)-I] )) && args=( '-z[specify serial number]:serial number' ) (( $+words[(r)-[ku]] )) && args=( '-z[specify version number]:version number' ) && sdesc='specify CA public key file' file=key - (( $+words[(r)-[HR]] )) && file=known_hosts + (( $+words[(r)-[FHR]] )) && file=known_hosts (( $+words[(r)-T] )) && file=input - if (( $+words[(r)-[kQ]] )); then + (( $+words[(r)-A] )) && file='prefix for host key' + if (( $+words[(r)-[kIQ]] )); then file=krl args+=( '*:file:_files' ) fi - cmds=( -p -i -e -y -c -l -B -D -H -R -r -G -T -s -L -A -k -Q ) # basic commands - cmn=( -b -P -N -C -m -v ) # options common to many basic commands (except -f which is common to most) - cms=( -E -q -t -g -M -S -a -J -j -K -W -I -h -n -O -V -u ) # options specific to one basic command + if (( arg = $words[(I)-Y*] )); then + [[ $words[arg] = -Y?* ]] || (( arg++ )) + case $words[arg] in + check*|verify) + sigargs+=( "$p1-s+[specify signature file]:signature file:-files" ) + ;| + sign) sigargs+=( '*:file:_files' ) ;; + verify) + args=() + sigargs+=( + '-I+[specify signer identity]:identity' + '-r+[specify revocation file]:revocation file:_files' + ) + ;; + esac + fi + cmds=( -p -i -e -y -c -l -B -D -F -H -R -r -G -T -s -L -A -k -Q -Y ) # basic commands + cmn=( -b -P -N -C -l -m -v ) # options common to many basic commands (except -f which is common to most) + cms=( -E -q -t -g -M -S -a -J -j -K -W -I -h -n -O -V -u -U ) # options specific to one basic command _arguments -s $args \ - "(${${(@)cmds:#-G}} -P -m ${${(@)cms:#-[MS]}})-b+[specify number of bits in key]:bits in key" \ - "$p1(${${(@)cmds:#-[pc]}} -b -C $cms)-P+[provide old passphrase]:old passphrase" \ - "(${${(@)cmds:#-p}} -m -v ${${(@)cms:#-[qt]}})-N+[provide new passphrase]:new passphrase" \ - "(${${(@)cmds:#-c}} -m -v $cms)-C+[provide new comment]:new comment" \ + "(${${(@)cmds:#-G}} -P ${${(@)cms:#-[MS]}})-b+[specify number of bits in key]:bits in key" \ + "$p1(${${(@)cmds:#-[pc]}} -b $cms)-P+[provide old passphrase]:old passphrase" \ + "(${${(@)cmds:#-p}} -v ${${(@)cms:#-[qt]}})-N+[provide new passphrase]:new passphrase" \ + "(${${(@)cmds:#-c}} -v $cms)-C+[provide new comment]:new comment" \ "(-D -G -M -S -I -h -n -O -V -A)-f+[$file file]:$file file:_files" \ - "$p1(${${(@)cmds:#-[ie]}})-m+[specify conversion format]:format:(PEM PKCS7 RFC4716)" \ + "$p1(${${(@)cmds:#-[FE]}} ${${(@)cmn:#-v}} ${${(@)cms:#-E}})-l[show fingerprint of key file]" \ + "$p1(${${(@)cmds:#-[iep]}} $cms)-m+[specify conversion format]:format [RFC4716]:(PEM PKCS8 RFC4716)" \ "(${${(@)cmds:#-[lGT]}} ${${(@)cmn:#-[bv]}} -f)*-v[verbose mode]" \ - '(commands)' \ - "(-b -P -C -v)-p[change passphrase of private key file]" \ - '(-b -P -N -C -v)-i[import key to OpenSSH format]' \ - '(-b -P -N -C -v)-e[export key to SECSH file format]' \ + "(-b -l -C -v)-p[change passphrase of private key file]" \ + '(-b -l -P -N -C -v)-i[import key to OpenSSH format]' \ + '(-b -l -P -N -C -v)-e[export key to SECSH file format]' \ "($cmn)-y[get public key from private key]" \ - '(-b -N -m -v)-c[change comment in private and public key files]' \ + '(-b -l -N -m -v)-c[change comment in private and public key files]' \ "($cmn)-B[show the bubblebabble digest of key]" \ "(-)-D+[download key stored in smartcard reader]:reader" \ + "(${${(@)cmn:#-[lv]}})-F+[search for host in known_hosts file]:host:_ssh_hosts" \ "($cmn)-H[hash names in known_hosts file]" \ "($cmn)-R+[remove host from known_hosts file]:host:_ssh_hosts" \ "($cmn)-L[print the contents of a certificate]" \ - "(-)-A[generate host keys for all key types]" \ + "($cmn -l)-A[generate host keys for all key types]" \ "($cmn)-Q[test whether keys have been revoked in a KRL]" \ - finger \ - "($cmn)-l[show fingerprint of key file]" \ "$p1($cmn)$algopt" \ - create \ - '(-P -m)-q[silence ssh-keygen]' \ - "(-P -m)-t+[specify the type of the key to create]:key type:(rsa dsa ecdsa ed25519)" \ + '(-P -l)-q[silence ssh-keygen]' \ + "(-P -l)-t+[specify the type of the key to create]:key type:(rsa dsa ecdsa ed25519)" \ - dns \ "($cmn)-r[print DNS resource record]:hostname:_hosts" \ "$p1($cmn)-g[use generic DNS format]" \ - primes \ - "(-P -N -C -m -f)-G[generate candidates for DH-GEX moduli]" \ - "$p1(-P -N -C -m -f)-M+[specify amount of memory to use for generating DH-GEX moduli]:memory (MB)" \ - "$p1(-P -N -C -m -f)-S+[specify start point]:start point (hex)" \ + "(-P -N -C -l -m -f)-G+[generate candidates for DH-GEX moduli]:output file:_files" \ + "$p1(-P -N -C -l -m -f)-M+[specify amount of memory to use for generating DH-GEX moduli]:memory (MB)" \ + "$p1(-P -N -C -l -m -f)-S+[specify start point]:start point (hex)" \ - screen \ "(${${(@)cmn:#-v}})-T+[screen candidates for DH-GEX moduli]:output file:_files" \ "${p1}(${${(@)cmn:#-v}})-a+[specify number of rounds]:rounds" \ @@ -176,26 +200,35 @@ _ssh () { "${p1}(${${(@)cmn:#-v}})-W[specify desired generator]:generator" \ - certify \ "($cmn)-s[$sdesc]:CA key:_files" \ - "$p1($cmn -f -u)-I+[specify key identifier to include in certificate]:key id" \ - "$p1($cmn -f -u)-h[generate host certificate instead of a user certificate]" \ - "$p1($cmn -f -u -D)-U[indicate that CA key is held by ssh-agent]" \ - "$p1($cmn -f -u -U)-D+[indicate the CA key is stored in a PKCS#11 token]:PKCS11 shared library:_files -g '*.(so|dylib)(|.<->)(-.)'" \ - "$p1($cmn -f -u)-n+[specify user/host principal names to include in certificate]:principals" \ - "$p1($cmn -f -u)*-O+[specify a certificate option]: : _values 'option' + "$p1($cmn -f -k -u)-I+[specify key identifier to include in certificate]:key id" \ + "$p1($cmn -f -k -u)-h[generate host certificate instead of a user certificate]" \ + "$p1($cmn -f -k -u -D)-U[indicate that CA key is held by ssh-agent]" \ + "$p1($cmn -f -k -u -U)-D+[indicate the CA key is stored in a PKCS#11 token]:PKCS11 shared library:_files -g '*.(so|dylib)(|.<->)(-.)'" \ + "$p1($cmn -f -k -u)-n+[specify user/host principal names to include in certificate]:principals" \ + "$p1($cmn -f -k -u)*-O+[specify a certificate option]: : _values 'option' clear critical\:name extension\:name force-command\:command\:_cmdstring no-agent-forwarding no-port-forwarding no-pty no-user-rc no-x11-forwarding permit-agent-forwarding permit-port-forwarding permit-pty permit-user-rc permit-x11-forwarding source-address\:source\ address" \ "$p1($cmn -f -u)-V+[specify certificate validity interval]:interval" \ - "($cmn -I -h -n -O -V)-k[generate a KRL file]" \ - "$p1($cmn -I -h -n -O -V)-u[update a KRL]" + "($cmn -I -h -n -D -O -U -V)-k[generate a KRL file]" \ + "$p1($cmn -I -h -n -D -O -U -V)-u[update a KRL]" \ + - signature \ + "($cmn)-Y+[signature action]:action:(( + sign\:sign\ a\ file\ using\ SSH\ key + verify\:verify\ a\ signature\ generated\ using\ the\ sign\ option + check-novalidate\:check\ signature\ structure + ))" \ + "$p1-n+[specify namespace]:namespace" \ + $sigargs return ;; ssh-keyscan) _arguments \ - '(-6)-4[forces ssh to use IPv4 addresses only]' \ - '(-4)-6[forces ssh to use IPv6 addresses only]' \ + '(-6)-4[force ssh to use IPv4 addresses only]' \ + '(-4)-6[force ssh to use IPv6 addresses only]' \ '-c[request certificates from target hosts instead of plain keys]' \ + '-D[print keys found as SSHFP DNS records]' \ '*-f+[read hosts from file, one per line]:file:_files' \ '-H[hash all hostnames and addresses in the output]' \ '-p+[specify port on remote host]:port number on remote host' \ @@ -212,7 +245,7 @@ _ssh () { '-D+[connect directly to a local sftp server]:sftp server path' \ '-f[request that files be flushed immediately after transfer]' \ '-R+[specify number of outstanding requests]:number of requests [64]' \ - '-s+[SSH2 subsystem or path to sftp server on the remote host]:subsystem/path' \ + '-s+[specify SSH2 subsystem or path to sftp server on the remote host]:subsystem/path' \ '1:file:->rfile' '*:file:->file' "$common[@]" "$common_transfer[@]" && ret=0 ;; ssh-copy-id) @@ -523,6 +556,7 @@ _ssh () { SendEnv \ ServerAliveCountMax \ ServerAliveInterval \ + SetEnv \ StreamLocalBindMask \ StreamLocalBindUnlink \ StrictHostKeyChecking \ |