dunkirk.sh / zera
the home site for me: also iteration 3 or 4 of my site
fork atom
zera / syntaxes / sshd-config.sublime-syntax
at main 29 kB view raw
1%YAML 1.2 2--- 3# Standalone version of sshd-config.sublime-syntax 4# Merged with: ssh-common.sublime-syntax, ssh-crypto.sublime-syntax 5 6name: SSHD Config 7scope: source.sshd_config 8version: 2 9file_extensions: 10- sshd_config 11variables: 12 base64_char: '[a-zA-Z0-9+/]' 13 ssh_fingerprint: (?:AAAA(?:E2V|[BC]3N){{base64_char}}+={0,3}) 14 zero_to_32: (?:3[0-2]|[12][0-9]|[0-9]) 15 zero_to_128: (?:12[0-8]|1[01][0-9]|[1-9][0-9]|[0-9]) 16 zero_to_255: (?:(?:25[0-5])|(?:2[0-4][0-9])|(?:1[0-9][0-9])|(?:[1-9][0-9])|[0-9]) 17 zero_to_65535: (?:6553[0-5]|655[0-2][0-9]|65[0-4][0-9]{2}|6[0-4][0-9]{3}|[1-5][0-9]{4}|[1-9][0-9]{1,3}|[0-9]) 18 ipv4: (?:(?:{{zero_to_255}}\.){3}{{zero_to_255}}) 19 ipv6: "(?xi:\n (?:::(?:ffff(?::0{1,4}){0,1}:){0,1}{{ipv4}}) # ::255.255.255.255\ 20 \ ::ffff:255.255.255.255 ::ffff:0:255.255.255.255 (IPv4-mapped IPv6 addresses\ 21 \ and IPv4-translated addresses)\n |(?:(?:[0-9a-f]{1,4}:){1,4}:{{ipv4}}) \ 22 \ # 2001:db8:3:4::192.0.2.33 64:ff9b::192.0.2.33 \ 23 \ (IPv4-Embedded IPv6 Address)\n |(?:fe80:(?::[0-9a-f]{1,4}){0,4}%[0-9a-z]{1,})\ 24 \ # fe80::7:8%eth0 fe80::7:8%1 \ 25 \ (link-local IPv6 addresses with zone index)\n |(?:(?:[0-9a-f]{1,4}:){7,7}\ 26 \ [0-9a-f]{1,4}) # 1:2:3:4:5:6:7:8\n | (?:[0-9a-f]{1,4}: (?::[0-9a-f]{1,4}){1,6})\ 27 \ # 1::3:4:5:6:7:8 1::3:4:5:6:7:8 1::8\n |(?:(?:[0-9a-f]{1,4}:){1,2}(?::[0-9a-f]{1,4}){1,5})\ 28 \ # 1::4:5:6:7:8 1:2::4:5:6:7:8 1:2::8\n |(?:(?:[0-9a-f]{1,4}:){1,3}(?::[0-9a-f]{1,4}){1,4})\ 29 \ # 1::5:6:7:8 1:2:3::5:6:7:8 1:2:3::8\n |(?:(?:[0-9a-f]{1,4}:){1,4}(?::[0-9a-f]{1,4}){1,3})\ 30 \ # 1::6:7:8 1:2:3:4::6:7:8 1:2:3:4::8\n |(?:(?:[0-9a-f]{1,4}:){1,5}(?::[0-9a-f]{1,4}){1,2})\ 31 \ # 1::7:8 1:2:3:4:5::7:8 1:2:3:4:5::8\n |(?:(?:[0-9a-f]{1,4}:){1,6}\ 32 \ :[0-9a-f]{1,4}) # 1::8 1:2:3:4:5:6::8 1:2:3:4:5:6::8\n\ 33 \ |(?:(?:[0-9a-f]{1,4}:){1,7} :) # 1:: \ 34 \ 1:2:3:4:5:6:7::\n |(?::(?:(?::[0-9a-f]{1,4}){1,7}|:)) \ 35 \ # ::2:3:4:5:6:7:8 ::2:3:4:5:6:7:8 ::8 ::\n)" 36 all_parameters: "\\b(?xi:\n AcceptEnv | AddressFamily\n | Allow (?: AgentForwarding\ 37 \ | Groups | StreamLocalForwarding\n | TcpForwarding | Users)\n | AuthenticationMethods\n\ 38 \ | Authorized (?: Keys | Principals )(?: Command | CommandUser | File )\n |\ 39 \ Banner\n | CASignatureAlgorithms | ChallengeResponseAuthentication\n | ChannelTimeout\ 40 \ | ChrootDirectory | Ciphers | ClientAliveCountMax\n | ClientAliveInterval |\ 41 \ Compression\n | DenyGroups | DenyUsers | DisableForwarding\n | ExposeAuthInfo\n\ 42 \ | FingerprintHash | ForceCommand\n | GatewayPorts | GSSAPIAuthentication |\ 43 \ GSSAPICleanupCredentials\n | GSSAPIStrictAcceptorCheck\n | Hostbased (?: AcceptedAlgorithms\ 44 \ | AcceptedKeyTypes | Authentication\n | UsesNameFromPacketOnly\ 45 \ )\n | HostCertificate | HostKey | HostKeyAgent | HostKeyAlgorithms\n | IgnoreRhosts\ 46 \ | IgnoreUserKnownHosts | Include | IPQoS\n | KbdInteractiveAuthentication\n\ 47 \ | Kerberos (?: Authentication | GetAFSToken | OrLocalPasswd\n |\ 48 \ TicketCleanup )\n | KexAlgorithms | KeyRegenerationInterval\n | ListenAddress\ 49 \ | LoginGraceTime | LogLevel | LogVerbose\n | MACs | Match | MaxAuthTries |\ 50 \ MaxSessions | MaxStartups | ModuliFile\n | PasswordAuthentication | PAMServiceName\n\ 51 \ | Permit (?: EmptyPasswords | Listen | Open | RootLogin | TTY | Tunnel\n \ 52 \ | UserEnvironment | UserRC )\n | PerSource (?: MaxStartups | NetBlockSize\ 53 \ | Penalties\n | PenaltyExemptList )\n | PidFile | Port | PrintLastLog\ 54 \ | PrintMotd | Protocol\n | Pubkey (?: AcceptedAlgorithms | AcceptedKeyTypes\ 55 \ | AuthOptions\n | Authentication )\n | RefuseConnection | RekeyLimit\ 56 \ | RequiredRSASize | RevokedKeys | RDomain\n | RhostsRSAAuthentication | RSAAuthentication\n\ 57 \ | SecurityKeyProvider | ServerKeyBits | SetEnv | ShowPatchLevel\n # SshdAuthPath\ 58 \ and SshSessionPath are just for tests\n | StreamLocalBindMask | StreamLocalBindUnlink\n\ 59 \ | StrictModes | Subsystem | SyslogFacility\n | TCPKeepAlive | TrustedUserCAKeys\n\ 60 \ | UnusedConnectionTimeout | UseDNS | UseLogin | UsePAM\n | UsePrivilegeSeparation\n\ 61 \ | VersionAddendum\n | X11DisplayOffset | X11Forwarding | X11UseLocalhost |\ 62 \ XAuthLocation\n)\\b" 63 parameters_boolean: "\\b(?xi:\n AllowAgentForwarding\n | ChallengeResponseAuthentication\ 64 \ | Compression\n | ExposeAuthInfo\n | GSSAPIAuthentication | GSSAPICleanupCredentials\n\ 65 \ | GSSAPIStrictAcceptorCheck\n | HostbasedAuthentication | HostbasedUsesNameFromPacketOnly\n\ 66 \ | IgnoreRhosts | IgnoreUserKnownHosts\n | KbdInteractiveAuthentication | KerberosAuthentication\n\ 67 \ | KerberosGetAFSToken | KerberosOrLocalPasswd\n | KerberosTicketCleanup\n\ 68 \ | PasswordAuthentication | PermitEmptyPasswords | PermitTTY\n | PermitUserEnvironment\ 69 \ | PermitUserRC | PrintLastLog | PrintMotd\n | PubkeyAuthentication\n | RefuseConnection\n\ 70 \ | StreamLocalBindUnlink | StrictModes\n | TCPKeepAlive\n | UseDNS | UsePAM\n\ 71 \ | X11Forwarding | X11UseLocalhost\n)\\b" 72contexts: 73 main: 74 - include: comments 75 - include: match 76 - include: parameters 77 comments: 78 - match: (#+)(?:\s*({{all_parameters}}))? 79 captures: 80 1: punctuation.definition.comment.sshd_config 81 2: meta.keyword.comment.sshd_config 82 push: 83 - meta_scope: comment.line.number-sign.sshd_config 84 - include: pop-nl 85 - match: (;+)(?:\s*({{all_parameters}}))? 86 captures: 87 1: punctuation.definition.comment.sshd_config 88 2: meta.keyword.comment.sshd_config 89 push: 90 - meta_scope: comment.line.semi-colon.sshd_config 91 - include: pop-nl 92 comments-number-sign: 93 - match: ^\s*(#+) 94 captures: 95 1: comment.line.number-sign.ssh.common punctuation.definition.comment.ssh.common 96 push: 97 - meta_content_scope: comment.line.number-sign.ssh.common 98 - match: \n 99 scope: comment.line.number-sign.ssh.common 100 pop: true 101 comments-semicolon: 102 - match: ^\s*(;+) 103 captures: 104 1: comment.line.semi-colon.ssh.common punctuation.definition.comment.ssh.common 105 push: 106 - meta_content_scope: comment.line.semi-colon.ssh.common 107 - include: pop-nl 108 operator-exclamation: 109 - match: '!' 110 scope: keyword.operator.logical.ssh.common 111 wildcards: 112 - match: \* 113 scope: constant.other.wildcard.asterisk.ssh.common 114 - match: \? 115 scope: constant.other.wildcard.questionmark.ssh.common 116 punctuation-comma-sequence: 117 - match: ',' 118 scope: punctuation.separator.sequence.ssh.common 119 punctuation-dot-sequence: 120 - match: \. 121 scope: punctuation.separator.sequence.ssh.common 122 punctuation-at: 123 - match: '@' 124 scope: punctuation.separator.sequence.ssh.common 125 ssh-fingerprint: 126 - match: '{{ssh_fingerprint}}' 127 scope: variable.other.fingerprint.ssh.common 128 ssh-fingerprint-with-label: 129 - match: '{{ssh_fingerprint}}' 130 scope: variable.other.fingerprint.ssh.common 131 push: expect-fingerprint-label 132 expect-fingerprint-label: 133 - include: pop-before-nl 134 - match: (?=\S) 135 push: 136 - meta_scope: meta.annotation.identifier.ssh.common string.unquoted.ssh.common 137 - match: (?=[ \t]*$) 138 pop: 1 139 - include: punctuation-at 140 time-values: 141 - match: \b(?=[\dsmhdw]*\d[smhdw][\s,"]) 142 push: 143 - meta_scope: meta.constant.time.ssh.common meta.number.integer.decimal.ssh.common 144 - match: (?=[\s,"]) 145 pop: 1 146 - match: (\d+)([smhdw]) 147 captures: 148 1: constant.numeric.value.ssh.common 149 2: constant.numeric.suffix.ssh.common 150 bytes-values: 151 - match: \b(\d+)([KMG])(?=[\s,"]) 152 scope: meta.constant.bytes.ssh.common meta.number.integer.other.ssh.common 153 captures: 154 1: constant.numeric.value.ssh.common 155 2: constant.numeric.suffix.ssh.common 156 mac-addresses: 157 - match: (?:[0-9a-fA-F]{2}:){5}(?:[0-9a-fA-F]{2}) 158 scope: entity.name.constant.mac-address.ssh.common 159 ipv4: 160 - match: \b{{ipv4}}\b 161 scope: meta.number.integer.other.ssh.common constant.numeric.ip-address.v4.ssh.common 162 ipv6: 163 - match: '{{ipv6}}' 164 scope: meta.number.integer.other.ssh.common constant.numeric.ip-address.v6.ssh.common 165 ipv6-square-bracket: 166 - match: (\[){{ipv6}}(\]) 167 scope: meta.number.integer.other.ssh.common constant.numeric.ip-address.v6.ssh.common 168 captures: 169 1: punctuation.definition.constant.begin.ssh.common 170 2: punctuation.definition.constant.end.ssh.common 171 ip-addresses: 172 - include: ipv6 173 - include: ipv4 174 ipv4-with-cidr: 175 - match: \b({{ipv4}})(?:(/)({{zero_to_32}}))?\b 176 captures: 177 1: meta.number.integer.other.ssh.common constant.numeric.ip-address.v4.ssh.common 178 2: punctuation.separator.sequence.ssh.common 179 3: constant.other.range.ssh.common 180 ipv6-with-cidr: 181 - match: ({{ipv6}})(?:(/)({{zero_to_128}})\b)? 182 captures: 183 1: meta.number.integer.other.ssh.common constant.numeric.ip-address.v6.ssh.common 184 2: punctuation.separator.sequence.ssh.common 185 3: constant.other.range.ssh.common 186 ip-addresses-with-cidr: 187 - include: ipv6-with-cidr 188 - include: ipv4-with-cidr 189 port-numbers: 190 - match: \b{{zero_to_65535}}(?![\w:]) 191 scope: meta.number.integer.decimal.ssh.common constant.numeric.port-number.ssh.common 192 match-all: 193 - match: '\b(?xi: all )\b' 194 scope: constant.language.boolean.true.ssh.common 195 none: 196 - match: \bnone\b 197 scope: constant.language.null.ssh.common 198 any: 199 - match: \bany\b 200 scope: constant.language.set.ssh.common 201 boolean: 202 - match: \byes\b 203 scope: constant.language.boolean.true.ssh.common 204 - match: \bno\b 205 scope: constant.language.boolean.false.ssh.common 206 boolean-with-typing: 207 - include: boolean 208 - match: \b(?:ye?|n)\b 209 log-level: 210 - match: '\b(?x: QUIET | FATAL | ERROR | INFO | DEBUG[1-3]? )\b' 211 scope: constant.language.log-level.ssh.common 212 possibly-quoted-value: 213 - meta_content_scope: meta.mapping.value.sshd_config 214 - match: '"' 215 scope: punctuation.definition.string.begin.sshd_config 216 push: 217 - meta_scope: string.quoted.double.sshd_config 218 - match: (")(?:\s*(\S.*))? 219 captures: 220 1: punctuation.definition.string.end.sshd_config 221 2: invalid.illegal.sshd_config 222 pop: 1 223 - match: \n|$ 224 scope: invalid.illegal.unclosed-string.sshd_config 225 pop: 2 226 - match: (?=\S) 227 push: 228 - meta_content_scope: string.unquoted.sshd_config 229 - include: pop-before-nl 230 - include: pop-nl 231 string-patterns: 232 - include: punctuation-comma-sequence 233 - include: operator-exclamation 234 - match: '"' 235 scope: punctuation.definition.string.begin.ssh.common 236 push: 237 - meta_content_scope: string.quoted.double.ssh.common 238 - match: '"' 239 scope: punctuation.definition.string.end.ssh.common 240 pop: 1 241 - include: wildcards 242 - match: (?=\S) 243 push: 244 - meta_content_scope: string.unquoted.ssh.common 245 - match: (?=[,!\s]) 246 pop: 1 247 - include: wildcards 248 paths: 249 - match: (?=~?[\w.\-?*${}%]*/[\w.\-?*${}%]?) 250 push: 251 - meta_scope: meta.path.ssh.common entity.name.ssh.common 252 - match: (?=[\s,"]) 253 pop: 1 254 - match: ~[\w\-.]* 255 scope: variable.language.home.ssh.common 256 - match: (/)(?:(\.{1,2})(?=/)|\.(?!/))? 257 captures: 258 1: punctuation.separator.path.ssh.common 259 2: constant.other.placeholder.ssh.common 260 - match: \.(?=[\w*?%]) 261 scope: punctuation.separator.sequence.ssh.common 262 - include: wildcards 263 - include: tokens 264 - include: environment-variables 265 none-command-values: 266 - match: \s*(none)\b[ \t]*$ 267 captures: 268 1: constant.language.null.ssh.common 269 - match: \s*((")(none)("))[ \t]*$ 270 captures: 271 1: string.quoted.double.ssh.common 272 2: punctuation.definition.string.begin.ssh.common 273 3: constant.language.null.ssh.common 274 4: punctuation.definition.string.end.ssh.common 275 tokens: 276 - match: '%%' 277 scope: constant.character.escape.sshd_config 278 - match: '%[hUu]' 279 scope: constant.other.placeholder.sshd_config 280 environment-variables: [] 281 pop-nl: 282 - match: \n 283 pop: 1 284 pop-before-nl: 285 - match: (?=\n) 286 pop: 1 287 ssh-ciphers: 288 - match: \b(?:twofish256\-gcm@libassh\.org|twofish256\-ctr|twofish192\-ctr|twofish128\-gcm@libassh\.org|twofish128\-ctr|twofish\-ctr|crypticore128@ssh\.com|chacha20\-poly1305@openssh\.com|chacha20\-poly1305|camellia256\-ctr@openssh\.org|camellia256\-ctr|camellia192\-ctr@openssh\.org|camellia192\-ctr|camellia128\-ctr@openssh\.org|camellia128\-ctr|aes256\-gcm@openssh\.com|aes256\-gcm|aes256\-ctr|aes192\-gcm@openssh\.com|aes192\-ctr|aes128\-gcm@openssh\.com|aes128\-gcm|aes128\-ctr|AEAD_CAMELLIA_256_GCM|AEAD_CAMELLIA_128_GCM|AEAD_AES_256_GCM|AEAD_AES_128_GCM)(?=[,\s\"]) 289 scope: support.function.cipher.ssh.crypto 290 - match: \b(?:twofish256\-cbc|twofish192\-cbc|twofish128\-cbc|twofish\-ofb|twofish\-ecb|twofish\-cfb|twofish\-cbc|serpent256\-gcm@libassh\.org|serpent256\-ctr|serpent256\-cbc|serpent192\-ctr|serpent192\-cbc|serpent128\-gcm@libassh\.org|serpent128\-ctr|serpent128\-cbc|seed\-ctr@ssh\.com|seed\-cbc@ssh\.com|rijndael256\-cbc|rijndael192\-cbc|rijndael128\-cbc|rijndael\-cbc@ssh\.com|rijndael\-cbc@lysator\.liu\.se|none|idea\-ofb|idea\-ecb|idea\-ctr|idea\-cfb|idea\-cbc|grasshopper\-ctr128|des\-ofb|des\-ecb|des\-cfb|des\-cbc@ssh\.com|des\-cbc\-ssh1|des\-cbc|des|cast128\-ofb|cast128\-ecb|cast128\-ctr|cast128\-cfb|cast128\-cbc|cast128\-12\-ofb|cast128\-12\-ecb|cast128\-12\-ctr|cast128\-12\-cfb|cast128\-12\-cbc|camellia256\-cbc@openssh\.org|camellia256\-cbc|camellia192\-cbc@openssh\.org|camellia192\-cbc|camellia128\-cbc@openssh\.org|camellia128\-cbc|blowfish\-ecb|blowfish\-ctr|blowfish\-cfb|blowfish\-cbc|blowfish|arcfour256|arcfour128|arcfour|aes256\-cbc|aes192\-cbc|aes128\-ocb@libassh\.org|aes128\-cbc|3des\-ofb|3des\-ecb|3des\-ctr|3des\-cfb|3des\-cbc|3des)(?=[,\s\"]) 291 scope: invalid.deprecated.cipher.ssh.crypto 292 ssh-kex-algorithms: 293 - match: \b(?:x25519\-kyber512\-sha512@aws\.amazon\.com|x25519\-kyber\-512r3\-sha256\-d00@amazon\.com|sntrup761x25519\-sha512@openssh\.com|sntrup4591761x25519\-sha512@tinyssh\.org|sm2kep\-sha2\-nistp256|rsa2048\-sha256|mlkem768x25519\-sha256|mlkem768nistp256\-sha256|mlkem1024nistp384\-sha384|m511\-sha512@libassh\.org|m383\-sha384@libassh\.org|kexguess2@matt\.ucc\.asn\.au|kexAlgoECDH521|kexAlgoECDH384|kexAlgoECDH256|kexAlgoCurve25519SHA256|kex\-strict\-s\-v00@openssh\.com|kex\-strict\-c\-v00@openssh\.com|gss\-nistp521\-sha512\-|gss\-nistp384\-sha384\-|gss\-nistp384\-sha256\-|gss\-nistp256\-sha256\-|gss\-group18\-sha512\-|gss\-group17\-sha512\-|gss\-group16\-sha512\-|gss\-group15\-sha512\-toWM5Slw5Ew8Mqkay\+al2g==|gss\-group15\-sha512\-|gss\-group14\-sha256\-toWM5Slw5Ew8Mqkay\+al2g==|gss\-group14\-sha256\-|gss\-gex\-sha256\-|gss\-curve448\-sha512\-|gss\-curve25519\-sha256\-|gss\-13\.3\.132\.0\.10\-sha256\-|ext\-info\-s|ext\-info\-c|ecmqv\-sha2|ecdh\-sha2\-wiRIU8TKjMZ418sMqlqtvQ==|ecdh\-sha2\-qcFQaMAMGhTziMT0z\+Tuzw==|ecdh\-sha2\-nistt571|ecdh\-sha2\-nistp521|ecdh\-sha2\-nistp384|ecdh\-sha2\-nistp256|ecdh\-sha2\-nistp224|ecdh\-sha2\-nistp192|ecdh\-sha2\-nistk409|ecdh\-sha2\-nistk283|ecdh\-sha2\-nistb409|ecdh\-sha2\-mNVwCXAoS1HGmHpLvBC94w==|ecdh\-sha2\-m/FtSAmrV4j/Wy6RVUaK7A==|ecdh\-sha2\-h/SsxnLCtRBh7I9ATyeB3A==|ecdh\-sha2\-curve25519|ecdh\-sha2\-brainpoolp521r1@genua\.de|ecdh\-sha2\-brainpoolp384r1@genua\.de|ecdh\-sha2\-brainpoolp256r1@genua\.de|ecdh\-sha2\-D3FefCjYoJ/kfXgAyLddYA==|ecdh\-sha2\-9UzNcgwTlEnSCECZa7V1mw==|ecdh\-sha2\-1\.3\.132\.0\.38|ecdh\-sha2\-1\.3\.132\.0\.37|ecdh\-sha2\-1\.3\.132\.0\.36|ecdh\-sha2\-1\.3\.132\.0\.35|ecdh\-sha2\-1\.3\.132\.0\.34|ecdh\-sha2\-1\.3\.132\.0\.16|ecdh\-sha2\-1\.3\.132\.0\.10|ecdh\-sha2\-1\.2\.840\.10045\.3\.1\.7|ecdh\-nistp521\-kyber\-1024r3\-sha512\-d00@openquantumsafe\.org|ecdh\-nistp384\-kyber\-768r3\-sha384\-d00@openquantumsafe\.org|ecdh\-nistp256\-kyber\-512r3\-sha256\-d00@openquantumsafe\.org|diffie\-hellman_group17\-sha512|diffie\-hellman\-group18\-sha512@ssh\.com|diffie\-hellman\-group18\-sha512|diffie\-hellman\-group17\-sha512|diffie\-hellman\-group16\-sha512@ssh\.com|diffie\-hellman\-group16\-sha512|diffie\-hellman\-group16\-sha384@ssh\.com|diffie\-hellman\-group16\-sha256|diffie\-hellman\-group15\-sha512|diffie\-hellman\-group15\-sha384@ssh\.com|diffie\-hellman\-group15\-sha256@ssh\.com|diffie\-hellman\-group15\-sha256|diffie\-hellman\-group14\-sha256@ssh\.com|diffie\-hellman\-group14\-sha256|diffie\-hellman\-group14\-sha224@ssh\.com|diffie\-hellman\-group1\-sha256|diffie\-hellman\-group\-exchange\-sha512@ssh\.com|diffie\-hellman\-group\-exchange\-sha512@ssh\.com|diffie\-hellman\-group\-exchange\-sha384@ssh\.com|diffie\-hellman\-group\-exchange\-sha256@ssh\.com|diffie\-hellman\-group\-exchange\-sha256@ssh\.com|diffie\-hellman\-group\-exchange\-sha256|diffie\-hellman\-group\-exchange\-sha256|diffie\-hellman\-group\-exchange\-sha224@ssh\.com|curve448\-sha512@libssh\.org|curve448\-sha512|curve25519\-sha256@libssh\.org|curve25519\-sha256|Curve25519SHA256)(?=[,\s\"]) 294 scope: support.function.kex-algorithm.ssh.crypto 295 - match: \b(?:rsa1024\-sha1|kexAlgoDH1SHA1|kexAlgoDH14SHA1|gss\-group14\-sha1\-toWM5Slw5Ew8Mqkay\+al2g==|gss\-group14\-sha1\-|gss\-group1\-sha1\-toWM5Slw5Ew8Mqkay\+al2g==|gss\-group1\-sha1\-|gss\-gex\-sha1\-toWM5Slw5Ew8Mqkay\+al2g==|gss\-gex\-sha1\-|ecdh\-sha2\-zD/b3hu/71952ArpUG4OjQ==|ecdh\-sha2\-qCbG5Cn/jjsZ7nBeR7EnOA==|ecdh\-sha2\-nistk233|ecdh\-sha2\-nistk163|ecdh\-sha2\-nistb233|ecdh\-sha2\-VqBg4QRPjxx1EXZdV0GdWQ==|ecdh\-sha2\-5pPrSUQtIaTjUSt5VZNBjg==|ecdh\-sha2\-4MHB\+NBt3AlaSRQ7MnB4cg==|ecdh\-sha2\-1\.3\.132\.0\.33|ecdh\-sha2\-1\.3\.132\.0\.27|ecdh\-sha2\-1\.3\.132\.0\.26|ecdh\-sha2\-1\.3\.132\.0\.1|ecdh\-sha2\-1\.2\.840\.10045\.3\.1\.1|diffie\-hellman\-group14\-sha1|diffie\-hellman\-group1\-sha1|diffie\-hellman\-group\-exchange\-sha1)(?=[,\s\"]) 296 scope: invalid.deprecated.kex-algorithm.ssh.crypto 297 ssh-key-types: 298 - match: \b(?:x509v3\-sign\-rsa\-sha512@ssh\.com|x509v3\-sign\-rsa\-sha384@ssh\.com|x509v3\-sign\-rsa\-sha256@ssh\.com|x509v3\-sign\-rsa\-sha256@ssh\.com|x509v3\-sign\-rsa\-sha256|x509v3\-sign\-rsa\-sha224@ssh\.com|x509v3\-sign\-dss\-sha512@ssh\.com|x509v3\-sign\-dss\-sha384@ssh\.com|x509v3\-sign\-dss\-sha256@ssh\.com|x509v3\-sign\-dss\-sha224@ssh\.com|x509v3\-rsa2048\-sha256|x509v3\-ecdsa\-sha2\-nistp521|x509v3\-ecdsa\-sha2\-nistp384|x509v3\-ecdsa\-sha2\-nistp256|x509v3\-ecdsa\-sha2\-1\.3\.132\.0\.10|webauthn\-sk\-ecdsa\-sha2\-nistp256@openssh\.com|ssh\-rsa\-sha512@ssh\.com|ssh\-rsa\-sha384@ssh\.com|ssh\-rsa\-sha256@ssh\.com|ssh\-rsa\-sha256@ssh\.com|ssh\-rsa\-sha2\-512|ssh\-rsa\-sha2\-256|ssh\-rsa|ssh\-gost\-2012\-512|ssh\-gost\-2012\-256|ssh\-gost\-2001|ssh\-ed448|ssh\-ed25519\-cert\-v01@openssh\.com|ssh\-ed25519|spi\-sign\-rsa|sk\-ecdsa\-sha2\-nistp256@openssh\.com|sk\-ecdsa\-sha2\-nistp256\-cert\-v01@openssh\.com|rsa\-sha2\-512\-cert\-v01@openssh\.com|rsa\-sha2\-512|rsa\-sha2\-256\-cert\-v01@openssh\.com|rsa\-sha2\-256|eddsa\-e521\-shake256@libassh\.org|eddsa\-e382\-shake256@libassh\.org|ecdsa\-sha2\-nistt571|ecdsa\-sha2\-nistp521\-cert\-v01@openssh\.com|ecdsa\-sha2\-nistp521|ecdsa\-sha2\-nistp384\-cert\-v01@openssh\.com|ecdsa\-sha2\-nistp384|ecdsa\-sha2\-nistp256\-cert\-v01@openssh\.com|ecdsa\-sha2\-nistp256|ecdsa\-sha2\-nistk409|ecdsa\-sha2\-nistk283|ecdsa\-sha2\-nistk233|ecdsa\-sha2\-nistk163|ecdsa\-sha2\-nistb409|ecdsa\-sha2\-curve25519|ecdsa\-sha2\-1\.3\.132\.0\.10\-cert\-v01@openssh\.com|ecdsa\-sha2\-1\.3\.132\.0\.10|dsa3072\-sha256@libassh\.org|dsa2048\-sha256@libassh\.org|dsa2048\-sha224@libassh\.org)(?=[,\s\"]) 299 scope: support.type.key-type.ssh.crypto 300 - match: \b(?:x509v3\-ssh\-rsa|x509v3\-ssh\-dss|x509v3\-sign\-rsa\-sha1|x509v3\-sign\-rsa|x509v3\-sign\-dss\-sha1|x509v3\-sign\-dss|ssh\-xmss@openssh\.com|ssh\-xmss\-cert\-v01@openssh\.com|ssh\-rsa1|ssh\-rsa\-cert\-v01@openssh\.com|ssh\-rsa\-cert\-v00@openssh\.com|ssh\-dss\-sha512@ssh\.com|ssh\-dss\-sha384@ssh\.com|ssh\-dss\-sha256@ssh\.com|ssh\-dss\-sha224@ssh\.com|ssh\-dss\-cert\-v01@openssh\.com|ssh\-dss\-cert\-v00@openssh\.com|ssh\-dss|ssh\-dsa|spki\-sign\-rsa|spki\-sign\-dss|pgp\-sign\-rsa|pgp\-sign\-dss|null|ecdsa\-sha2\-nistp224|ecdsa\-sha2\-nistp192|ecdsa\-sha2\-nistb233)(?=[,\s\"]) 301 scope: invalid.deprecated.key-type.ssh.crypto 302 ssh-mac-algorithms: 303 - match: \b(?:umac\-96@openssh\.com|umac\-64@openssh\.com|umac\-64\-etm@openssh\.com|umac\-32@openssh\.com|umac\-128@openssh\.com|umac\-128\-etm@openssh\.com|umac\-128|hmac\-sha512@ssh\.com|hmac\-sha512|hmac\-sha3\-512|hmac\-sha3\-384|hmac\-sha3\-256|hmac\-sha3\-224|hmac\-sha256@ssh\.com|hmac\-sha256\-96@ssh\.com|hmac\-sha256|hmac\-sha2\-56|hmac\-sha2\-512\-etm@openssh\.com|hmac\-sha2\-512\-96\-etm@openssh\.com|hmac\-sha2\-512|hmac\-sha2\-384|hmac\-sha2\-256\-etm@openssh\.com|hmac\-sha2\-256\-96\-etm@openssh\.com|hmac\-sha2\-256|hmac\-sha2\-224|crypticore\-mac@ssh\.com|chacha20\-poly1305@openssh\.com|cbcmac\-twofish|cbcmac\-aes|aes256\-gcm|aes128\-gcm|AEAD_AES_256_GCM|AEAD_AES_128_GCM)(?=[,\s\"]) 304 scope: support.function.mac-algorithm.ssh.crypto 305 - match: \b(?:sha1\-8|sha1|ripemd160\-8|ripemd160|none|md5\-8|md5|hmac\-sha2\-512\-96|hmac\-sha2\-256\-96|hmac\-sha1\-etm@openssh\.com|hmac\-sha1\-96\-etm@openssh\.com|hmac\-sha1\-96|hmac\-sha1|hmac\-ripemd160@openssh\.com|hmac\-ripemd160\-etm@openssh\.com|hmac\-ripemd160\-96|hmac\-ripemd160|hmac\-ripemd|hmac\-md5\-etm@openssh\.com|hmac\-md5\-96\-etm@openssh\.com|hmac\-md5\-96|hmac\-md5|cbcmac\-rijndael|cbcmac\-des|cbcmac\-blowfish|cbcmac\-3des)(?=[,\s\"]) 306 scope: invalid.deprecated.mac-algorithm.ssh.crypto 307 parameters: 308 - include: comments 309 - include: parameter-forcecommand 310 - include: parameter-authorizedkeyscommand 311 - include: parameter-authorizedprincipalscommand 312 - include: parameter-path-with-tokens 313 - include: parameter-routingdomain 314 - include: parameter-with-boolean-values 315 - include: parameter-generic 316 pop-before-match-option: 317 - include: pop-before-nl 318 - match: '(?=\s*(?xi: all | user | group | host | (?:local)? address | localport 319 )\b)' 320 pop: 1 321 pop-before-next-match: 322 - match: (?=^\s*(?i:Match)\b) 323 pop: 1 324 match: 325 - match: ^\s*((?i:Match))\b 326 captures: 327 1: keyword.control.conditional.sshd_config 328 set: match-conditions 329 match-conditions: 330 - meta_scope: meta.block.match.sshd_config 331 - meta_content_scope: meta.statement.conditional.sshd_config 332 - match: \n 333 set: match-body 334 - include: operator-exclamation 335 - include: match-all 336 - match: '\b(?xi: invalid-user )\b' 337 scope: constant.language.null.sshd_config 338 - match: '\b(?xi: host )\b' 339 scope: meta.mapping.key.sshd_config keyword.other.sshd_config 340 with_prototype: 341 - include: punctuation-dot-sequence 342 push: 343 - meta_content_scope: meta.mapping.value.sshd_config 344 - include: pop-before-match-option 345 - include: string-patterns 346 - match: '\b(?xi: user | group )\b' 347 scope: meta.mapping.key.sshd_config keyword.other.sshd_config 348 push: 349 - meta_content_scope: meta.mapping.value.sshd_config 350 - include: pop-before-match-option 351 - include: string-patterns 352 - match: '\b(?xi: (?:local)? address )\b' 353 scope: meta.mapping.key.sshd_config keyword.other.sshd_config 354 push: 355 - meta_content_scope: meta.mapping.value.sshd_config 356 - include: pop-before-match-option 357 - include: operator-exclamation 358 - include: wildcards 359 - include: punctuation-comma-sequence 360 - include: ip-addresses-with-cidr 361 - match: '\b(?xi: localport )\b' 362 scope: meta.mapping.key.sshd_config keyword.other.sshd_config 363 push: 364 - meta_content_scope: meta.mapping.value.sshd_config 365 - include: pop-before-match-option 366 - include: port-numbers 367 - match: '\b(?xi: rdomain )\b' 368 scope: meta.mapping.key.sshd_config keyword.other.sshd_config 369 push: 370 - meta_content_scope: meta.mapping.value.sshd_config 371 - include: pop-before-match-option 372 - match: \b{{zero_to_255}}\b 373 scope: meta.number.integer.decimal.sshd_config constant.numeric.value.sshd_config 374 match-body: 375 - meta_content_scope: meta.block.match.sshd_config 376 - include: pop-before-next-match 377 - include: parameters 378 parameter-forcecommand: 379 - match: ^\s*((?i:ForceCommand))\b\s*(=)? 380 captures: 381 1: meta.mapping.key.sshd_config keyword.other.sshd_config 382 2: keyword.operator.assignment.sshd_config 383 push: 384 - meta_content_scope: meta.mapping.value.sshd_config 385 - include: pop-nl 386 - include: none-command-values 387 - match: '"' 388 scope: string.quoted.double.sshd_config punctuation.definition.string.begin.sshd_config 389 escape: (")|(?=$) 390 escape_captures: 391 1: meta.mapping.value.sshd_config string.quoted.double.sshd_config punctuation.definition.string.end.sshd_config 392 embed_scope: string.quoted.double.sshd_config 393 embed: scope:source.shell 394 - match: (?=\S) 395 escape: (?=$) 396 embed: scope:source.shell 397 parameter-authorizedkeyscommand: 398 - match: ^\s*((?i:AuthorizedKeysCommand))\b\s*(=)? 399 captures: 400 1: meta.mapping.key.sshd_config keyword.other.sshd_config 401 2: keyword.operator.assignment.sshd_config 402 push: 403 - meta_content_scope: meta.mapping.value.sshd_config 404 - include: pop-nl 405 - match: '"' 406 scope: string.quoted.double.sshd_config punctuation.definition.string.begin.sshd_config 407 escape: (")|(?=$) 408 escape_captures: 409 1: meta.mapping.value.sshd_config string.quoted.double.sshd_config punctuation.definition.string.end.sshd_config 410 embed_scope: string.quoted.double.ssh_config source.shell.embedded.ssh.authorizedkeyscommand 411 embed: scope:source.shell.embedded.ssh.authorizedkeyscommand 412 - match: (?=\S) 413 escape: (?=$) 414 embed: scope:source.shell.embedded.ssh.authorizedkeyscommand 415 parameter-authorizedprincipalscommand: 416 - match: ^\s*((?i:AuthorizedPrincipalsCommand))\b\s*(=)? 417 captures: 418 1: meta.mapping.key.sshd_config keyword.other.sshd_config 419 2: keyword.operator.assignment.sshd_config 420 push: 421 - meta_content_scope: meta.mapping.value.sshd_config 422 - include: pop-nl 423 - match: '"' 424 scope: string.quoted.double.sshd_config punctuation.definition.string.begin.sshd_config 425 escape: (")|(?=$) 426 escape_captures: 427 1: meta.mapping.value.sshd_config string.quoted.double.sshd_config punctuation.definition.string.end.sshd_config 428 embed_scope: string.quoted.double.ssh_config source.shell.embedded.ssh.authorizedprincipalscommand 429 embed: scope:source.shell.embedded.ssh.authorizedprincipalscommand 430 - match: (?=\S) 431 escape: (?=$) 432 embed: scope:source.shell.embedded.ssh.authorizedprincipalscommand 433 parameter-path-with-tokens: 434 - match: '^\s*((?ix: AuthorizedKeysFile | AuthorizedPrincipalsFile | ChrootDirectory 435 ))\b\s*(=)?' 436 captures: 437 1: meta.mapping.key.sshd_config keyword.other.sshd_config 438 2: keyword.operator.assignment.sshd_config 439 with_prototype: 440 - include: tokens 441 - include: none 442 - include: paths 443 push: possibly-quoted-value 444 parameter-routingdomain: 445 - match: ^\s*((?i:RoutingDomain))\b\s*(=)? 446 captures: 447 1: meta.mapping.key.sshd_config keyword.other.sshd_config 448 2: keyword.operator.assignment.sshd_config 449 with_prototype: 450 - match: '%D' 451 scope: constant.other.placeholder.sshd_config 452 - include: numeric-values 453 push: possibly-quoted-value 454 parameter-with-boolean-values: 455 - match: ^\s*({{parameters_boolean}})\s*(=)? 456 captures: 457 1: meta.mapping.key.sshd_config keyword.other.sshd_config 458 2: keyword.operator.assignment.sshd_config 459 with_prototype: 460 - include: boolean-with-typing 461 - match: '[^"\s]+' 462 scope: invalid.illegal.sshd_config 463 push: possibly-quoted-value 464 parameter-generic: 465 - match: ^\s*([a-zA-Z1]+)\b\s*(=)? 466 captures: 467 1: meta.mapping.key.sshd_config keyword.other.sshd_config 468 2: keyword.operator.assignment.sshd_config 469 with_prototype: 470 - include: generic-parameter-values 471 push: possibly-quoted-value 472 generic-parameter-values: 473 - include: boolean 474 - include: none 475 - include: any 476 - match: '\b(?xi: default )\b' 477 scope: constant.language.default.sshd_config 478 - include: ssh-key-types 479 - include: ssh-ciphers 480 - include: ssh-kex-algorithms 481 - include: ssh-mac-algorithms 482 - include: ipv6-square-bracket 483 - include: ip-addresses-with-cidr 484 - include: time-values 485 - include: bytes-values 486 - include: operator-exclamation 487 - include: wildcards 488 - include: punctuation-comma-sequence 489 - include: log-level 490 - include: paths 491 - include: numeric-values 492 - match: ':' 493 scope: punctuation.separator.sequence.sshd_config 494 numeric-values: 495 - match: \b\d+(?=[\s,:"]) 496 scope: constant.numeric.sshd_config