1" Vim syntax file
2" Language:	OpenSSH server configuration file (sshd_config)
3" Author:	David Necas (Yeti)
4" Maintainer:	Jakub Jelen <jakuje at gmail dot com>
5" Previous Maintainer:	Dominik Fischer <d dot f dot fischer at web dot de>
6" Contributor:	Thilo Six
7" Contributor:  Leonard Ehrenfried <[email protected]>
8" Contributor:  Karsten Hopp <[email protected]>
9" Originally:	2009-07-09
10" Last Change:	2020-10-20
11" SSH Version:	8.4p1
12"
13
14" Setup
15" quit when a syntax file was already loaded
16if exists("b:current_syntax")
17  finish
18endif
19
20setlocal iskeyword=_,-,a-z,A-Z,48-57
21
22
23" case on
24syn case match
25
26
27" Comments
28syn match sshdconfigComment "^#.*$" contains=sshdconfigTodo
29syn match sshdconfigComment "\s#.*$" contains=sshdconfigTodo
30
31syn keyword sshdconfigTodo TODO FIXME NOTE contained
32
33" Constants
34syn keyword sshdconfigYesNo yes no none
35
36syn keyword sshdconfigAddressFamily any inet inet6
37
38syn keyword sshdconfigPrivilegeSeparation sandbox
39
40syn keyword sshdconfigTcpForwarding local remote
41
42syn keyword sshdconfigRootLogin prohibit-password without-password forced-commands-only
43
44syn keyword sshdconfigCiphers 3des-cbc
45syn keyword sshdconfigCiphers blowfish-cbc
46syn keyword sshdconfigCiphers cast128-cbc
47syn keyword sshdconfigCiphers arcfour
48syn keyword sshdconfigCiphers arcfour128
49syn keyword sshdconfigCiphers arcfour256
50syn keyword sshdconfigCiphers aes128-cbc
51syn keyword sshdconfigCiphers aes192-cbc
52syn keyword sshdconfigCiphers aes256-cbc
53syn match sshdconfigCiphers "\<rijndael-cbc@lysator\.liu.se\>"
54syn keyword sshdconfigCiphers aes128-ctr
55syn keyword sshdconfigCiphers aes192-ctr
56syn keyword sshdconfigCiphers aes256-ctr
57syn match sshdconfigCiphers "\<aes128-gcm@openssh\.com\>"
58syn match sshdconfigCiphers "\<aes256-gcm@openssh\.com\>"
59syn match sshdconfigCiphers "\<chacha20-poly1305@openssh\.com\>"
60
61syn keyword sshdconfigMAC hmac-sha1
62syn keyword sshdconfigMAC mac-sha1-96
63syn keyword sshdconfigMAC mac-sha2-256
64syn keyword sshdconfigMAC mac-sha2-512
65syn keyword sshdconfigMAC mac-md5
66syn keyword sshdconfigMAC mac-md5-96
67syn keyword sshdconfigMAC mac-ripemd160
68syn match   sshdconfigMAC "\<hmac-ripemd160@openssh\.com\>"
69syn match   sshdconfigMAC "\<umac-64@openssh\.com\>"
70syn match   sshdconfigMAC "\<umac-128@openssh\.com\>"
71syn match   sshdconfigMAC "\<hmac-sha1-etm@openssh\.com\>"
72syn match   sshdconfigMAC "\<hmac-sha1-96-etm@openssh\.com\>"
73syn match   sshdconfigMAC "\<hmac-sha2-256-etm@openssh\.com\>"
74syn match   sshdconfigMAC "\<hmac-sha2-512-etm@openssh\.com\>"
75syn match   sshdconfigMAC "\<hmac-md5-etm@openssh\.com\>"
76syn match   sshdconfigMAC "\<hmac-md5-96-etm@openssh\.com\>"
77syn match   sshdconfigMAC "\<hmac-ripemd160-etm@openssh\.com\>"
78syn match   sshdconfigMAC "\<umac-64-etm@openssh\.com\>"
79syn match   sshdconfigMAC "\<umac-128-etm@openssh\.com\>"
80
81syn keyword sshdconfigHostKeyAlgo ssh-ed25519
82syn match sshdconfigHostKeyAlgo "\<ssh-ed25519-cert-v01@openssh\.com\>"
83syn match sshdconfigHostKeyAlgo "\<sk-ssh-ed25519@openssh\.com\>"
84syn match sshdconfigHostKeyAlgo "\<sk-ssh-ed25519-cert-v01@openssh\.com\>"
85syn keyword sshdconfigHostKeyAlgo ssh-rsa
86syn keyword sshdconfigHostKeyAlgo rsa-sha2-256
87syn keyword sshdconfigHostKeyAlgo rsa-sha2-512
88syn keyword sshdconfigHostKeyAlgo ssh-dss
89syn keyword sshdconfigHostKeyAlgo ecdsa-sha2-nistp256
90syn keyword sshdconfigHostKeyAlgo ecdsa-sha2-nistp384
91syn keyword sshdconfigHostKeyAlgo ecdsa-sha2-nistp521
92syn match sshdconfigHostKeyAlgo "\<ssh-rsa-cert-v01@openssh\.com\>"
93syn match sshdconfigHostKeyAlgo "\<rsa-sha2-256-cert-v01@openssh\.com\>"
94syn match sshdconfigHostKeyAlgo "\<rsa-sha2-512-cert-v01@openssh\.com\>"
95syn match sshdconfigHostKeyAlgo "\<ssh-dss-cert-v01@openssh\.com\>"
96syn match sshdconfigHostKeyAlgo "\<ecdsa-sha2-nistp256-cert-v01@openssh\.com\>"
97syn match sshdconfigHostKeyAlgo "\<ecdsa-sha2-nistp384-cert-v01@openssh\.com\>"
98syn match sshdconfigHostKeyAlgo "\<ecdsa-sha2-nistp521-cert-v01@openssh\.com\>"
99syn match sshdconfigHostKeyAlgo "\<sk-ecdsa-sha2-nistp256@openssh\.com\>"
100syn match sshdconfigHostKeyAlgo "\<sk-ecdsa-sha2-nistp256-cert-v01@openssh\.com\>"
101
102syn keyword sshdconfigRootLogin prohibit-password without-password forced-commands-only
103
104syn keyword sshdconfigLogLevel QUIET FATAL ERROR INFO VERBOSE
105syn keyword sshdconfigLogLevel DEBUG DEBUG1 DEBUG2 DEBUG3
106syn keyword sshdconfigSysLogFacility DAEMON USER AUTH AUTHPRIV LOCAL0 LOCAL1
107syn keyword sshdconfigSysLogFacility LOCAL2 LOCAL3 LOCAL4 LOCAL5 LOCAL6 LOCAL7
108
109syn keyword sshdconfigCompression    delayed
110
111syn match   sshdconfigIPQoS	"af1[123]"
112syn match   sshdconfigIPQoS	"af2[123]"
113syn match   sshdconfigIPQoS	"af3[123]"
114syn match   sshdconfigIPQoS	"af4[123]"
115syn match   sshdconfigIPQoS	"cs[0-7]"
116syn keyword sshdconfigIPQoS	ef lowdelay throughput reliability
117
118syn keyword sshdconfigKexAlgo diffie-hellman-group1-sha1
119syn keyword sshdconfigKexAlgo diffie-hellman-group14-sha1
120syn keyword sshdconfigKexAlgo diffie-hellman-group14-sha256
121syn keyword sshdconfigKexAlgo diffie-hellman-group16-sha512
122syn keyword sshdconfigKexAlgo diffie-hellman-group18-sha512
123syn keyword sshdconfigKexAlgo diffie-hellman-group-exchange-sha1
124syn keyword sshdconfigKexAlgo diffie-hellman-group-exchange-sha256
125syn keyword sshdconfigKexAlgo ecdh-sha2-nistp256
126syn keyword sshdconfigKexAlgo ecdh-sha2-nistp384
127syn keyword sshdconfigKexAlgo ecdh-sha2-nistp521
128syn keyword sshdconfigKexAlgo curve25519-sha256
129syn match sshdconfigKexAlgo "\<curve25519-sha256@libssh\.org\>"
130syn match sshdconfigKexAlgo "\<sntrup4591761x25519-sha512@tinyssh\.org\>"
131
132syn keyword sshdconfigTunnel	point-to-point ethernet
133
134syn keyword sshdconfigSubsystem internal-sftp
135
136syn match sshdconfigVar	    "%[hu]\>"
137syn match sshdconfigVar	    "%%"
138
139syn match sshdconfigSpecial "[*?]"
140
141syn match sshdconfigNumber "\d\+"
142syn match sshdconfigHostPort "\<\(\d\{1,3}\.\)\{3}\d\{1,3}\(:\d\+\)\?\>"
143syn match sshdconfigHostPort "\<\([-a-zA-Z0-9]\+\.\)\+[-a-zA-Z0-9]\{2,}\(:\d\+\)\?\>"
144" FIXME: this matches quite a few things which are NOT valid IPv6 addresses
145syn match sshdconfigHostPort "\<\(\x\{,4}:\)\+\x\{,4}:\d\+\>"
146syn match sshdconfigTime "\<\(\d\+[sSmMhHdDwW]\)\+\>"
147
148
149" case off
150syn case ignore
151
152
153" Keywords
154" Also includes RDomain, but that is a keyword.
155syn keyword sshdconfigMatch Host User Group Address LocalAddress LocalPort
156
157syn keyword sshdconfigKeyword AcceptEnv
158syn keyword sshdconfigKeyword AddressFamily
159syn keyword sshdconfigKeyword AllowAgentForwarding
160syn keyword sshdconfigKeyword AllowGroups
161syn keyword sshdconfigKeyword AllowStreamLocalForwarding
162syn keyword sshdconfigKeyword AllowTcpForwarding
163syn keyword sshdconfigKeyword AllowUsers
164syn keyword sshdconfigKeyword AuthenticationMethods
165syn keyword sshdconfigKeyword AuthorizedKeysFile
166syn keyword sshdconfigKeyword AuthorizedKeysCommand
167syn keyword sshdconfigKeyword AuthorizedKeysCommandUser
168syn keyword sshdconfigKeyword AuthorizedPrincipalsCommand
169syn keyword sshdconfigKeyword AuthorizedPrincipalsCommandUser
170syn keyword sshdconfigKeyword AuthorizedPrincipalsFile
171syn keyword sshdconfigKeyword Banner
172syn keyword sshdconfigKeyword CASignatureAlgorithms
173syn keyword sshdconfigKeyword ChallengeResponseAuthentication
174syn keyword sshdconfigKeyword ChrootDirectory
175syn keyword sshdconfigKeyword Ciphers
176syn keyword sshdconfigKeyword ClientAliveCountMax
177syn keyword sshdconfigKeyword ClientAliveInterval
178syn keyword sshdconfigKeyword Compression
179syn keyword sshdconfigKeyword DebianBanner
180syn keyword sshdconfigKeyword DenyGroups
181syn keyword sshdconfigKeyword DenyUsers
182syn keyword sshdconfigKeyword DisableForwarding
183syn keyword sshdconfigKeyword ExposeAuthInfo
184syn keyword sshdconfigKeyword FingerprintHash
185syn keyword sshdconfigKeyword ForceCommand
186syn keyword sshdconfigKeyword GatewayPorts
187syn keyword sshdconfigKeyword GSSAPIAuthentication
188syn keyword sshdconfigKeyword GSSAPICleanupCredentials
189syn keyword sshdconfigKeyword GSSAPIEnablek5users
190syn keyword sshdconfigKeyword GSSAPIKeyExchange
191syn keyword sshdconfigKeyword GSSAPIKexAlgorithms
192syn keyword sshdconfigKeyword GSSAPIStoreCredentialsOnRekey
193syn keyword sshdconfigKeyword GSSAPIStrictAcceptorCheck
194syn keyword sshdconfigKeyword HostCertificate
195syn keyword sshdconfigKeyword HostKey
196syn keyword sshdconfigKeyword HostKeyAgent
197syn keyword sshdconfigKeyword HostKeyAlgorithms
198syn keyword sshdconfigKeyword HostbasedAcceptedKeyTypes
199syn keyword sshdconfigKeyword HostbasedAuthentication
200syn keyword sshdconfigKeyword HostbasedUsesNameFromPacketOnly
201syn keyword sshdconfigKeyword IPQoS
202syn keyword sshdconfigKeyword IgnoreRhosts
203syn keyword sshdconfigKeyword IgnoreUserKnownHosts
204syn keyword sshdconfigKeyword Include
205syn keyword sshdconfigKeyword KbdInteractiveAuthentication
206syn keyword sshdconfigKeyword KerberosAuthentication
207syn keyword sshdconfigKeyword KerberosGetAFSToken
208syn keyword sshdconfigKeyword KerberosOrLocalPasswd
209syn keyword sshdconfigKeyword KerberosTicketCleanup
210syn keyword sshdconfigKeyword KerberosUniqueCCache
211syn keyword sshdconfigKeyword KerberosUseKuserok
212syn keyword sshdconfigKeyword KexAlgorithms
213syn keyword sshdconfigKeyword KeyRegenerationInterval
214syn keyword sshdconfigKeyword ListenAddress
215syn keyword sshdconfigKeyword LogLevel
216syn keyword sshdconfigKeyword LoginGraceTime
217syn keyword sshdconfigKeyword MACs
218syn keyword sshdconfigKeyword Match
219syn keyword sshdconfigKeyword MaxAuthTries
220syn keyword sshdconfigKeyword MaxSessions
221syn keyword sshdconfigKeyword MaxStartups
222syn keyword sshdconfigKeyword PasswordAuthentication
223syn keyword sshdconfigKeyword PermitBlacklistedKeys
224syn keyword sshdconfigKeyword PermitEmptyPasswords
225syn keyword sshdconfigKeyword PermitListen
226syn keyword sshdconfigKeyword PermitOpen
227syn keyword sshdconfigKeyword PermitRootLogin
228syn keyword sshdconfigKeyword PermitTTY
229syn keyword sshdconfigKeyword PermitTunnel
230syn keyword sshdconfigKeyword PermitUserEnvironment
231syn keyword sshdconfigKeyword PermitUserRC
232syn keyword sshdconfigKeyword PidFile
233syn keyword sshdconfigKeyword Port
234syn keyword sshdconfigKeyword PrintLastLog
235syn keyword sshdconfigKeyword PrintMotd
236syn keyword sshdconfigKeyword Protocol
237syn keyword sshdconfigKeyword PubkeyAcceptedKeyTypes
238syn keyword sshdconfigKeyword PubkeyAuthentication
239syn keyword sshdconfigKeyword PubkeyAuthOptions
240syn keyword sshdconfigKeyword RSAAuthentication
241syn keyword sshdconfigKeyword RekeyLimit
242syn keyword sshdconfigKeyword RevokedKeys
243syn keyword sshdconfigKeyword RDomain
244syn keyword sshdconfigKeyword RhostsRSAAuthentication
245syn keyword sshdconfigKeyword SecurityKeyProvider
246syn keyword sshdconfigKeyword ServerKeyBits
247syn keyword sshdconfigKeyword SetEnv
248syn keyword sshdconfigKeyword ShowPatchLevel
249syn keyword sshdconfigKeyword StrictModes
250syn keyword sshdconfigKeyword StreamLocalBindMask
251syn keyword sshdconfigKeyword StreamLocalBindUnlink
252syn keyword sshdconfigKeyword Subsystem
253syn keyword sshdconfigKeyword SyslogFacility
254syn keyword sshdconfigKeyword TCPKeepAlive
255syn keyword sshdconfigKeyword TrustedUserCAKeys
256syn keyword sshdconfigKeyword UseDNS
257syn keyword sshdconfigKeyword UseLogin
258syn keyword sshdconfigKeyword UsePAM
259syn keyword sshdconfigKeyword VersionAddendum
260syn keyword sshdconfigKeyword X11DisplayOffset
261syn keyword sshdconfigKeyword X11Forwarding
262syn keyword sshdconfigKeyword X11MaxDisplays
263syn keyword sshdconfigKeyword X11UseLocalhost
264syn keyword sshdconfigKeyword XAuthLocation
265
266
267" Define the default highlighting
268
269hi def link sshdconfigComment              Comment
270hi def link sshdconfigTodo                 Todo
271hi def link sshdconfigHostPort             sshdconfigConstant
272hi def link sshdconfigTime                 sshdconfigConstant
273hi def link sshdconfigNumber               sshdconfigConstant
274hi def link sshdconfigConstant             Constant
275hi def link sshdconfigYesNo                sshdconfigEnum
276hi def link sshdconfigAddressFamily        sshdconfigEnum
277hi def link sshdconfigPrivilegeSeparation  sshdconfigEnum
278hi def link sshdconfigTcpForwarding        sshdconfigEnum
279hi def link sshdconfigRootLogin            sshdconfigEnum
280hi def link sshdconfigCiphers              sshdconfigEnum
281hi def link sshdconfigMAC                  sshdconfigEnum
282hi def link sshdconfigHostKeyAlgo          sshdconfigEnum
283hi def link sshdconfigRootLogin            sshdconfigEnum
284hi def link sshdconfigLogLevel             sshdconfigEnum
285hi def link sshdconfigSysLogFacility       sshdconfigEnum
286hi def link sshdconfigVar                  sshdconfigEnum
287hi def link sshdconfigCompression          sshdconfigEnum
288hi def link sshdconfigIPQoS                sshdconfigEnum
289hi def link sshdconfigKexAlgo              sshdconfigEnum
290hi def link sshdconfigTunnel               sshdconfigEnum
291hi def link sshdconfigSubsystem            sshdconfigEnum
292hi def link sshdconfigEnum                 Function
293hi def link sshdconfigSpecial              Special
294hi def link sshdconfigKeyword              Keyword
295hi def link sshdconfigMatch                Type
296
297let b:current_syntax = "sshdconfig"
298
299" vim:set ts=8 sw=2 sts=2:
300