dunkirk.sh
the home site for me: also iteration 3 or 4 of my site
feat: add ssh syntax highlighting
+2286
-1
+1
-1
content/verify.md
+1
-1
content/verify.md
···
25
25
26
26
> SSH
27
27
28
-
```ssh
28
+
```pub
29
29
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCzEEjvbL/ttqmYoDjxYQmDIq36BabROJoXgQKeh9liBxApwp+2PmgxROzTg42UrRc9pyrkq5kVfxG5hvkqCinhL1fMiowCSEs2L2/Cwi40g5ZU+QwdcwI8a4969kkI46PyB19RHkxg54OUORiIiso/WHGmqQsP+5wbV0+4riSnxwn/JXN4pmnE//stnyAyoiEZkPvBtwJjKb3Ni9n3eNLNs6gnaXrCtaygEZdebikr9kS2g9mM696HvIFgM6cdR/wZ7DcLbG3IdTXuHN7PC3xxL+Y4ek5iMreQIPmuvs4qslbthPGYoYbYLUQiRa9XO5s/ksIj5Z14f7anHE6cuTQVpvNWdGDOigyIVS5qU+4ZF7j+rifzOXVL48gmcAvw/uV68m5Wl/p0qsC/d8vI3GYwEsWG/EzpAlc07l8BU2LxWgN+d7uwBFaJV9VtmUDs5dcslsh8IbzmtC9gq3OLGjklxTfIl6qPiL8U33oc/UwqzvZUrI2BlbagvIZYy6rP+q0= me@dunkirk.sh
30
30
```
+8
sass/css/suCSS.css
+8
sass/css/suCSS.css
···
564
564
font-style: monospace;
565
565
}
566
566
567
+
/* Allow wrapping for specific code blocks (e.g., SSH keys) */
568
+
pre[data-lang="pub"],
569
+
pre.wrap {
570
+
white-space: pre-wrap;
571
+
word-break: break-all;
572
+
overflow-x: visible;
573
+
}
574
+
567
575
p code,
568
576
li code,
569
577
div code {
+305
syntaxes/known-hosts.sublime-syntax
+305
syntaxes/known-hosts.sublime-syntax
···
1
+
%YAML 1.2
2
+
---
3
+
# Standalone version of known-hosts.sublime-syntax
4
+
# Merged with: ssh-common.sublime-syntax, ssh-crypto.sublime-syntax
5
+
6
+
name: Known Hosts
7
+
scope: text.known_hosts
8
+
version: 2
9
+
file_extensions:
10
+
- known_hosts
11
+
hidden_file_extensions:
12
+
- known_hosts.old
13
+
variables:
14
+
base64_char: '[a-zA-Z0-9+/]'
15
+
ssh_fingerprint: (?:AAAA(?:E2V|[BC]3N){{base64_char}}+={0,3})
16
+
zero_to_32: (?:3[0-2]|[12][0-9]|[0-9])
17
+
zero_to_128: (?:12[0-8]|1[01][0-9]|[1-9][0-9]|[0-9])
18
+
zero_to_255: (?:(?:25[0-5])|(?:2[0-4][0-9])|(?:1[0-9][0-9])|(?:[1-9][0-9])|[0-9])
19
+
zero_to_65535: (?:6553[0-5]|655[0-2][0-9]|65[0-4][0-9]{2}|6[0-4][0-9]{3}|[1-5][0-9]{4}|[1-9][0-9]{1,3}|[0-9])
20
+
ipv4: (?:(?:{{zero_to_255}}\.){3}{{zero_to_255}})
21
+
ipv6: "(?xi:\n (?:::(?:ffff(?::0{1,4}){0,1}:){0,1}{{ipv4}}) # ::255.255.255.255\
22
+
\ ::ffff:255.255.255.255 ::ffff:0:255.255.255.255 (IPv4-mapped IPv6 addresses\
23
+
\ and IPv4-translated addresses)\n |(?:(?:[0-9a-f]{1,4}:){1,4}:{{ipv4}}) \
24
+
\ # 2001:db8:3:4::192.0.2.33 64:ff9b::192.0.2.33 \
25
+
\ (IPv4-Embedded IPv6 Address)\n |(?:fe80:(?::[0-9a-f]{1,4}){0,4}%[0-9a-z]{1,})\
26
+
\ # fe80::7:8%eth0 fe80::7:8%1 \
27
+
\ (link-local IPv6 addresses with zone index)\n |(?:(?:[0-9a-f]{1,4}:){7,7}\
28
+
\ [0-9a-f]{1,4}) # 1:2:3:4:5:6:7:8\n | (?:[0-9a-f]{1,4}: (?::[0-9a-f]{1,4}){1,6})\
29
+
\ # 1::3:4:5:6:7:8 1::3:4:5:6:7:8 1::8\n |(?:(?:[0-9a-f]{1,4}:){1,2}(?::[0-9a-f]{1,4}){1,5})\
30
+
\ # 1::4:5:6:7:8 1:2::4:5:6:7:8 1:2::8\n |(?:(?:[0-9a-f]{1,4}:){1,3}(?::[0-9a-f]{1,4}){1,4})\
31
+
\ # 1::5:6:7:8 1:2:3::5:6:7:8 1:2:3::8\n |(?:(?:[0-9a-f]{1,4}:){1,4}(?::[0-9a-f]{1,4}){1,3})\
32
+
\ # 1::6:7:8 1:2:3:4::6:7:8 1:2:3:4::8\n |(?:(?:[0-9a-f]{1,4}:){1,5}(?::[0-9a-f]{1,4}){1,2})\
33
+
\ # 1::7:8 1:2:3:4:5::7:8 1:2:3:4:5::8\n |(?:(?:[0-9a-f]{1,4}:){1,6}\
34
+
\ :[0-9a-f]{1,4}) # 1::8 1:2:3:4:5:6::8 1:2:3:4:5:6::8\n\
35
+
\ |(?:(?:[0-9a-f]{1,4}:){1,7} :) # 1:: \
36
+
\ 1:2:3:4:5:6:7::\n |(?::(?:(?::[0-9a-f]{1,4}){1,7}|:)) \
37
+
\ # ::2:3:4:5:6:7:8 ::2:3:4:5:6:7:8 ::8 ::\n)"
38
+
contexts:
39
+
main:
40
+
- include: comments-number-sign
41
+
- match: ^((@)(?:revoked|cert-authority))?
42
+
captures:
43
+
1: meta.annotation.known_hosts variable.annotation.known_hosts
44
+
2: punctuation.definition.annotation.known_hosts
45
+
push:
46
+
- meta_scope: meta.line.known-host.known_hosts
47
+
- include: pop-before-nl
48
+
- include: pop-nl
49
+
- include: punctuation-comma-sequence
50
+
- include: ssh-fingerprint-with-label
51
+
- include: ssh-key-types
52
+
- include: hostname-or-ip-value
53
+
comments:
54
+
- include: comments-number-sign
55
+
- include: comments-semicolon
56
+
comments-number-sign:
57
+
- match: ^\s*(#+)
58
+
captures:
59
+
1: comment.line.number-sign.ssh.common punctuation.definition.comment.ssh.common
60
+
push:
61
+
- meta_content_scope: comment.line.number-sign.ssh.common
62
+
- match: \n
63
+
scope: comment.line.number-sign.ssh.common
64
+
pop: true
65
+
comments-semicolon:
66
+
- match: ^\s*(;+)
67
+
captures:
68
+
1: comment.line.semi-colon.ssh.common punctuation.definition.comment.ssh.common
69
+
push:
70
+
- meta_content_scope: comment.line.semi-colon.ssh.common
71
+
- include: pop-nl
72
+
operator-exclamation:
73
+
- match: '!'
74
+
scope: keyword.operator.logical.ssh.common
75
+
wildcards:
76
+
- match: \*
77
+
scope: constant.other.wildcard.asterisk.ssh.common
78
+
- match: \?
79
+
scope: constant.other.wildcard.questionmark.ssh.common
80
+
punctuation-comma-sequence:
81
+
- match: ','
82
+
scope: punctuation.separator.sequence.ssh.common
83
+
punctuation-dot-sequence:
84
+
- match: \.
85
+
scope: punctuation.separator.sequence.ssh.common
86
+
punctuation-at:
87
+
- match: '@'
88
+
scope: punctuation.separator.sequence.ssh.common
89
+
ssh-fingerprint:
90
+
- match: '{{ssh_fingerprint}}'
91
+
scope: variable.other.fingerprint.ssh.common
92
+
ssh-fingerprint-with-label:
93
+
- match: '{{ssh_fingerprint}}'
94
+
scope: variable.other.fingerprint.ssh.common
95
+
push: expect-fingerprint-label
96
+
expect-fingerprint-label:
97
+
- include: pop-before-nl
98
+
- match: (?=\S)
99
+
push:
100
+
- meta_scope: meta.annotation.identifier.ssh.common string.unquoted.ssh.common
101
+
- match: (?=[ \t]*$)
102
+
pop: 1
103
+
- include: punctuation-at
104
+
time-values:
105
+
- match: \b(?=[\dsmhdw]*\d[smhdw][\s,"])
106
+
push:
107
+
- meta_scope: meta.constant.time.ssh.common meta.number.integer.decimal.ssh.common
108
+
- match: (?=[\s,"])
109
+
pop: 1
110
+
- match: (\d+)([smhdw])
111
+
captures:
112
+
1: constant.numeric.value.ssh.common
113
+
2: constant.numeric.suffix.ssh.common
114
+
bytes-values:
115
+
- match: \b(\d+)([KMG])(?=[\s,"])
116
+
scope: meta.constant.bytes.ssh.common meta.number.integer.other.ssh.common
117
+
captures:
118
+
1: constant.numeric.value.ssh.common
119
+
2: constant.numeric.suffix.ssh.common
120
+
mac-addresses:
121
+
- match: (?:[0-9a-fA-F]{2}:){5}(?:[0-9a-fA-F]{2})
122
+
scope: entity.name.constant.mac-address.ssh.common
123
+
ipv4:
124
+
- match: \b{{ipv4}}\b
125
+
scope: meta.number.integer.other.ssh.common constant.numeric.ip-address.v4.ssh.common
126
+
ipv6:
127
+
- match: '{{ipv6}}'
128
+
scope: meta.number.integer.other.ssh.common constant.numeric.ip-address.v6.ssh.common
129
+
ipv6-square-bracket:
130
+
- match: (\[){{ipv6}}(\])
131
+
scope: meta.number.integer.other.ssh.common constant.numeric.ip-address.v6.ssh.common
132
+
captures:
133
+
1: punctuation.definition.constant.begin.ssh.common
134
+
2: punctuation.definition.constant.end.ssh.common
135
+
ip-addresses:
136
+
- include: ipv6
137
+
- include: ipv4
138
+
ipv4-with-cidr:
139
+
- match: \b({{ipv4}})(?:(/)({{zero_to_32}}))?\b
140
+
captures:
141
+
1: meta.number.integer.other.ssh.common constant.numeric.ip-address.v4.ssh.common
142
+
2: punctuation.separator.sequence.ssh.common
143
+
3: constant.other.range.ssh.common
144
+
ipv6-with-cidr:
145
+
- match: ({{ipv6}})(?:(/)({{zero_to_128}})\b)?
146
+
captures:
147
+
1: meta.number.integer.other.ssh.common constant.numeric.ip-address.v6.ssh.common
148
+
2: punctuation.separator.sequence.ssh.common
149
+
3: constant.other.range.ssh.common
150
+
ip-addresses-with-cidr:
151
+
- include: ipv6-with-cidr
152
+
- include: ipv4-with-cidr
153
+
port-numbers:
154
+
- match: \b{{zero_to_65535}}(?![\w:])
155
+
scope: meta.number.integer.decimal.ssh.common constant.numeric.port-number.ssh.common
156
+
match-all:
157
+
- match: '\b(?xi: all )\b'
158
+
scope: constant.language.boolean.true.ssh.common
159
+
none:
160
+
- match: \bnone\b
161
+
scope: constant.language.null.ssh.common
162
+
any:
163
+
- match: \bany\b
164
+
scope: constant.language.set.ssh.common
165
+
boolean:
166
+
- match: \byes\b
167
+
scope: constant.language.boolean.true.ssh.common
168
+
- match: \bno\b
169
+
scope: constant.language.boolean.false.ssh.common
170
+
boolean-with-typing:
171
+
- include: boolean
172
+
- match: \b(?:ye?|n)\b
173
+
log-level:
174
+
- match: '\b(?x: QUIET | FATAL | ERROR | INFO | DEBUG[1-3]? )\b'
175
+
scope: constant.language.log-level.ssh.common
176
+
possibly-quoted-value:
177
+
- meta_content_scope: meta.mapping.value.ssh.common
178
+
- match: '"'
179
+
scope: punctuation.definition.string.begin.ssh.common
180
+
push:
181
+
- meta_scope: string.quoted.double.ssh.common
182
+
- match: (")(?:\s*(\S.*))?
183
+
captures:
184
+
1: punctuation.definition.string.end.ssh.common
185
+
2: invalid.illegal.ssh.common
186
+
pop: 1
187
+
- match: \n|$
188
+
scope: invalid.illegal.unclosed-string.ssh.common
189
+
pop: 2
190
+
- match: (?=\S)
191
+
push:
192
+
- meta_content_scope: string.unquoted.ssh.common
193
+
- include: pop-before-nl
194
+
- include: pop-nl
195
+
string-patterns:
196
+
- include: punctuation-comma-sequence
197
+
- include: operator-exclamation
198
+
- match: '"'
199
+
scope: punctuation.definition.string.begin.ssh.common
200
+
push:
201
+
- meta_content_scope: string.quoted.double.ssh.common
202
+
- match: '"'
203
+
scope: punctuation.definition.string.end.ssh.common
204
+
pop: 1
205
+
- include: wildcards
206
+
- match: (?=\S)
207
+
push:
208
+
- meta_content_scope: string.unquoted.ssh.common
209
+
- match: (?=[,!\s])
210
+
pop: 1
211
+
- include: wildcards
212
+
paths:
213
+
- match: (?=~?[\w.\-?*${}%]*/[\w.\-?*${}%]?)
214
+
push:
215
+
- meta_scope: meta.path.ssh.common entity.name.ssh.common
216
+
- match: (?=[\s,"])
217
+
pop: 1
218
+
- match: ~[\w\-.]*
219
+
scope: variable.language.home.ssh.common
220
+
- match: (/)(?:(\.{1,2})(?=/)|\.(?!/))?
221
+
captures:
222
+
1: punctuation.separator.path.ssh.common
223
+
2: constant.other.placeholder.ssh.common
224
+
- match: \.(?=[\w*?%])
225
+
scope: punctuation.separator.sequence.ssh.common
226
+
- include: wildcards
227
+
- include: tokens
228
+
- include: environment-variables
229
+
none-command-values:
230
+
- match: \s*(none)\b[ \t]*$
231
+
captures:
232
+
1: constant.language.null.ssh.common
233
+
- match: \s*((")(none)("))[ \t]*$
234
+
captures:
235
+
1: string.quoted.double.ssh.common
236
+
2: punctuation.definition.string.begin.ssh.common
237
+
3: constant.language.null.ssh.common
238
+
4: punctuation.definition.string.end.ssh.common
239
+
tokens: []
240
+
environment-variables: []
241
+
pop-nl:
242
+
- match: \n
243
+
pop: 1
244
+
pop-before-nl:
245
+
- match: (?=\n)
246
+
pop: 1
247
+
ssh-ciphers:
248
+
- match: \b(?:twofish256\-gcm@libassh\.org|twofish256\-ctr|twofish192\-ctr|twofish128\-gcm@libassh\.org|twofish128\-ctr|twofish\-ctr|crypticore128@ssh\.com|chacha20\-poly1305@openssh\.com|chacha20\-poly1305|camellia256\-ctr@openssh\.org|camellia256\-ctr|camellia192\-ctr@openssh\.org|camellia192\-ctr|camellia128\-ctr@openssh\.org|camellia128\-ctr|aes256\-gcm@openssh\.com|aes256\-gcm|aes256\-ctr|aes192\-gcm@openssh\.com|aes192\-ctr|aes128\-gcm@openssh\.com|aes128\-gcm|aes128\-ctr|AEAD_CAMELLIA_256_GCM|AEAD_CAMELLIA_128_GCM|AEAD_AES_256_GCM|AEAD_AES_128_GCM)(?=[,\s\"])
249
+
scope: support.function.cipher.ssh.crypto
250
+
- match: \b(?:twofish256\-cbc|twofish192\-cbc|twofish128\-cbc|twofish\-ofb|twofish\-ecb|twofish\-cfb|twofish\-cbc|serpent256\-gcm@libassh\.org|serpent256\-ctr|serpent256\-cbc|serpent192\-ctr|serpent192\-cbc|serpent128\-gcm@libassh\.org|serpent128\-ctr|serpent128\-cbc|seed\-ctr@ssh\.com|seed\-cbc@ssh\.com|rijndael256\-cbc|rijndael192\-cbc|rijndael128\-cbc|rijndael\-cbc@ssh\.com|rijndael\-cbc@lysator\.liu\.se|none|idea\-ofb|idea\-ecb|idea\-ctr|idea\-cfb|idea\-cbc|grasshopper\-ctr128|des\-ofb|des\-ecb|des\-cfb|des\-cbc@ssh\.com|des\-cbc\-ssh1|des\-cbc|des|cast128\-ofb|cast128\-ecb|cast128\-ctr|cast128\-cfb|cast128\-cbc|cast128\-12\-ofb|cast128\-12\-ecb|cast128\-12\-ctr|cast128\-12\-cfb|cast128\-12\-cbc|camellia256\-cbc@openssh\.org|camellia256\-cbc|camellia192\-cbc@openssh\.org|camellia192\-cbc|camellia128\-cbc@openssh\.org|camellia128\-cbc|blowfish\-ecb|blowfish\-ctr|blowfish\-cfb|blowfish\-cbc|blowfish|arcfour256|arcfour128|arcfour|aes256\-cbc|aes192\-cbc|aes128\-ocb@libassh\.org|aes128\-cbc|3des\-ofb|3des\-ecb|3des\-ctr|3des\-cfb|3des\-cbc|3des)(?=[,\s\"])
251
+
scope: invalid.deprecated.cipher.ssh.crypto
252
+
ssh-kex-algorithms:
253
+
- match: \b(?:x25519\-kyber512\-sha512@aws\.amazon\.com|x25519\-kyber\-512r3\-sha256\-d00@amazon\.com|sntrup761x25519\-sha512@openssh\.com|sntrup4591761x25519\-sha512@tinyssh\.org|sm2kep\-sha2\-nistp256|rsa2048\-sha256|mlkem768x25519\-sha256|mlkem768nistp256\-sha256|mlkem1024nistp384\-sha384|m511\-sha512@libassh\.org|m383\-sha384@libassh\.org|kexguess2@matt\.ucc\.asn\.au|kexAlgoECDH521|kexAlgoECDH384|kexAlgoECDH256|kexAlgoCurve25519SHA256|kex\-strict\-s\-v00@openssh\.com|kex\-strict\-c\-v00@openssh\.com|gss\-nistp521\-sha512\-|gss\-nistp384\-sha384\-|gss\-nistp384\-sha256\-|gss\-nistp256\-sha256\-|gss\-group18\-sha512\-|gss\-group17\-sha512\-|gss\-group16\-sha512\-|gss\-group15\-sha512\-toWM5Slw5Ew8Mqkay\+al2g==|gss\-group15\-sha512\-|gss\-group14\-sha256\-toWM5Slw5Ew8Mqkay\+al2g==|gss\-group14\-sha256\-|gss\-gex\-sha256\-|gss\-curve448\-sha512\-|gss\-curve25519\-sha256\-|gss\-13\.3\.132\.0\.10\-sha256\-|ext\-info\-s|ext\-info\-c|ecmqv\-sha2|ecdh\-sha2\-wiRIU8TKjMZ418sMqlqtvQ==|ecdh\-sha2\-qcFQaMAMGhTziMT0z\+Tuzw==|ecdh\-sha2\-nistt571|ecdh\-sha2\-nistp521|ecdh\-sha2\-nistp384|ecdh\-sha2\-nistp256|ecdh\-sha2\-nistp224|ecdh\-sha2\-nistp192|ecdh\-sha2\-nistk409|ecdh\-sha2\-nistk283|ecdh\-sha2\-nistb409|ecdh\-sha2\-mNVwCXAoS1HGmHpLvBC94w==|ecdh\-sha2\-m/FtSAmrV4j/Wy6RVUaK7A==|ecdh\-sha2\-h/SsxnLCtRBh7I9ATyeB3A==|ecdh\-sha2\-curve25519|ecdh\-sha2\-brainpoolp521r1@genua\.de|ecdh\-sha2\-brainpoolp384r1@genua\.de|ecdh\-sha2\-brainpoolp256r1@genua\.de|ecdh\-sha2\-D3FefCjYoJ/kfXgAyLddYA==|ecdh\-sha2\-9UzNcgwTlEnSCECZa7V1mw==|ecdh\-sha2\-1\.3\.132\.0\.38|ecdh\-sha2\-1\.3\.132\.0\.37|ecdh\-sha2\-1\.3\.132\.0\.36|ecdh\-sha2\-1\.3\.132\.0\.35|ecdh\-sha2\-1\.3\.132\.0\.34|ecdh\-sha2\-1\.3\.132\.0\.16|ecdh\-sha2\-1\.3\.132\.0\.10|ecdh\-sha2\-1\.2\.840\.10045\.3\.1\.7|ecdh\-nistp521\-kyber\-1024r3\-sha512\-d00@openquantumsafe\.org|ecdh\-nistp384\-kyber\-768r3\-sha384\-d00@openquantumsafe\.org|ecdh\-nistp256\-kyber\-512r3\-sha256\-d00@openquantumsafe\.org|diffie\-hellman_group17\-sha512|diffie\-hellman\-group18\-sha512@ssh\.com|diffie\-hellman\-group18\-sha512|diffie\-hellman\-group17\-sha512|diffie\-hellman\-group16\-sha512@ssh\.com|diffie\-hellman\-group16\-sha512|diffie\-hellman\-group16\-sha384@ssh\.com|diffie\-hellman\-group16\-sha256|diffie\-hellman\-group15\-sha512|diffie\-hellman\-group15\-sha384@ssh\.com|diffie\-hellman\-group15\-sha256@ssh\.com|diffie\-hellman\-group15\-sha256|diffie\-hellman\-group14\-sha256@ssh\.com|diffie\-hellman\-group14\-sha256|diffie\-hellman\-group14\-sha224@ssh\.com|diffie\-hellman\-group1\-sha256|diffie\-hellman\-group\-exchange\-sha512@ssh\.com|diffie\-hellman\-group\-exchange\-sha512@ssh\.com|diffie\-hellman\-group\-exchange\-sha384@ssh\.com|diffie\-hellman\-group\-exchange\-sha256@ssh\.com|diffie\-hellman\-group\-exchange\-sha256@ssh\.com|diffie\-hellman\-group\-exchange\-sha256|diffie\-hellman\-group\-exchange\-sha256|diffie\-hellman\-group\-exchange\-sha224@ssh\.com|curve448\-sha512@libssh\.org|curve448\-sha512|curve25519\-sha256@libssh\.org|curve25519\-sha256|Curve25519SHA256)(?=[,\s\"])
254
+
scope: support.function.kex-algorithm.ssh.crypto
255
+
- match: \b(?:rsa1024\-sha1|kexAlgoDH1SHA1|kexAlgoDH14SHA1|gss\-group14\-sha1\-toWM5Slw5Ew8Mqkay\+al2g==|gss\-group14\-sha1\-|gss\-group1\-sha1\-toWM5Slw5Ew8Mqkay\+al2g==|gss\-group1\-sha1\-|gss\-gex\-sha1\-toWM5Slw5Ew8Mqkay\+al2g==|gss\-gex\-sha1\-|ecdh\-sha2\-zD/b3hu/71952ArpUG4OjQ==|ecdh\-sha2\-qCbG5Cn/jjsZ7nBeR7EnOA==|ecdh\-sha2\-nistk233|ecdh\-sha2\-nistk163|ecdh\-sha2\-nistb233|ecdh\-sha2\-VqBg4QRPjxx1EXZdV0GdWQ==|ecdh\-sha2\-5pPrSUQtIaTjUSt5VZNBjg==|ecdh\-sha2\-4MHB\+NBt3AlaSRQ7MnB4cg==|ecdh\-sha2\-1\.3\.132\.0\.33|ecdh\-sha2\-1\.3\.132\.0\.27|ecdh\-sha2\-1\.3\.132\.0\.26|ecdh\-sha2\-1\.3\.132\.0\.1|ecdh\-sha2\-1\.2\.840\.10045\.3\.1\.1|diffie\-hellman\-group14\-sha1|diffie\-hellman\-group1\-sha1|diffie\-hellman\-group\-exchange\-sha1)(?=[,\s\"])
256
+
scope: invalid.deprecated.kex-algorithm.ssh.crypto
257
+
ssh-key-types:
258
+
- match: \b(?:x509v3\-sign\-rsa\-sha512@ssh\.com|x509v3\-sign\-rsa\-sha384@ssh\.com|x509v3\-sign\-rsa\-sha256@ssh\.com|x509v3\-sign\-rsa\-sha256@ssh\.com|x509v3\-sign\-rsa\-sha256|x509v3\-sign\-rsa\-sha224@ssh\.com|x509v3\-sign\-dss\-sha512@ssh\.com|x509v3\-sign\-dss\-sha384@ssh\.com|x509v3\-sign\-dss\-sha256@ssh\.com|x509v3\-sign\-dss\-sha224@ssh\.com|x509v3\-rsa2048\-sha256|x509v3\-ecdsa\-sha2\-nistp521|x509v3\-ecdsa\-sha2\-nistp384|x509v3\-ecdsa\-sha2\-nistp256|x509v3\-ecdsa\-sha2\-1\.3\.132\.0\.10|webauthn\-sk\-ecdsa\-sha2\-nistp256@openssh\.com|ssh\-rsa\-sha512@ssh\.com|ssh\-rsa\-sha384@ssh\.com|ssh\-rsa\-sha256@ssh\.com|ssh\-rsa\-sha256@ssh\.com|ssh\-rsa\-sha2\-512|ssh\-rsa\-sha2\-256|ssh\-rsa|ssh\-gost\-2012\-512|ssh\-gost\-2012\-256|ssh\-gost\-2001|ssh\-ed448|ssh\-ed25519\-cert\-v01@openssh\.com|ssh\-ed25519|spi\-sign\-rsa|sk\-ecdsa\-sha2\-nistp256@openssh\.com|sk\-ecdsa\-sha2\-nistp256\-cert\-v01@openssh\.com|rsa\-sha2\-512\-cert\-v01@openssh\.com|rsa\-sha2\-512|rsa\-sha2\-256\-cert\-v01@openssh\.com|rsa\-sha2\-256|eddsa\-e521\-shake256@libassh\.org|eddsa\-e382\-shake256@libassh\.org|ecdsa\-sha2\-nistt571|ecdsa\-sha2\-nistp521\-cert\-v01@openssh\.com|ecdsa\-sha2\-nistp521|ecdsa\-sha2\-nistp384\-cert\-v01@openssh\.com|ecdsa\-sha2\-nistp384|ecdsa\-sha2\-nistp256\-cert\-v01@openssh\.com|ecdsa\-sha2\-nistp256|ecdsa\-sha2\-nistk409|ecdsa\-sha2\-nistk283|ecdsa\-sha2\-nistk233|ecdsa\-sha2\-nistk163|ecdsa\-sha2\-nistb409|ecdsa\-sha2\-curve25519|ecdsa\-sha2\-1\.3\.132\.0\.10\-cert\-v01@openssh\.com|ecdsa\-sha2\-1\.3\.132\.0\.10|dsa3072\-sha256@libassh\.org|dsa2048\-sha256@libassh\.org|dsa2048\-sha224@libassh\.org)(?=[,\s\"])
259
+
scope: support.type.key-type.ssh.crypto
260
+
- match: \b(?:x509v3\-ssh\-rsa|x509v3\-ssh\-dss|x509v3\-sign\-rsa\-sha1|x509v3\-sign\-rsa|x509v3\-sign\-dss\-sha1|x509v3\-sign\-dss|ssh\-xmss@openssh\.com|ssh\-xmss\-cert\-v01@openssh\.com|ssh\-rsa1|ssh\-rsa\-cert\-v01@openssh\.com|ssh\-rsa\-cert\-v00@openssh\.com|ssh\-dss\-sha512@ssh\.com|ssh\-dss\-sha384@ssh\.com|ssh\-dss\-sha256@ssh\.com|ssh\-dss\-sha224@ssh\.com|ssh\-dss\-cert\-v01@openssh\.com|ssh\-dss\-cert\-v00@openssh\.com|ssh\-dss|ssh\-dsa|spki\-sign\-rsa|spki\-sign\-dss|pgp\-sign\-rsa|pgp\-sign\-dss|null|ecdsa\-sha2\-nistp224|ecdsa\-sha2\-nistp192|ecdsa\-sha2\-nistb233)(?=[,\s\"])
261
+
scope: invalid.deprecated.key-type.ssh.crypto
262
+
ssh-mac-algorithms:
263
+
- match: \b(?:umac\-96@openssh\.com|umac\-64@openssh\.com|umac\-64\-etm@openssh\.com|umac\-32@openssh\.com|umac\-128@openssh\.com|umac\-128\-etm@openssh\.com|umac\-128|hmac\-sha512@ssh\.com|hmac\-sha512|hmac\-sha3\-512|hmac\-sha3\-384|hmac\-sha3\-256|hmac\-sha3\-224|hmac\-sha256@ssh\.com|hmac\-sha256\-96@ssh\.com|hmac\-sha256|hmac\-sha2\-56|hmac\-sha2\-512\-etm@openssh\.com|hmac\-sha2\-512\-96\-etm@openssh\.com|hmac\-sha2\-512|hmac\-sha2\-384|hmac\-sha2\-256\-etm@openssh\.com|hmac\-sha2\-256\-96\-etm@openssh\.com|hmac\-sha2\-256|hmac\-sha2\-224|crypticore\-mac@ssh\.com|chacha20\-poly1305@openssh\.com|cbcmac\-twofish|cbcmac\-aes|aes256\-gcm|aes128\-gcm|AEAD_AES_256_GCM|AEAD_AES_128_GCM)(?=[,\s\"])
264
+
scope: support.function.mac-algorithm.ssh.crypto
265
+
- match: \b(?:sha1\-8|sha1|ripemd160\-8|ripemd160|none|md5\-8|md5|hmac\-sha2\-512\-96|hmac\-sha2\-256\-96|hmac\-sha1\-etm@openssh\.com|hmac\-sha1\-96\-etm@openssh\.com|hmac\-sha1\-96|hmac\-sha1|hmac\-ripemd160@openssh\.com|hmac\-ripemd160\-etm@openssh\.com|hmac\-ripemd160\-96|hmac\-ripemd160|hmac\-ripemd|hmac\-md5\-etm@openssh\.com|hmac\-md5\-96\-etm@openssh\.com|hmac\-md5\-96|hmac\-md5|cbcmac\-rijndael|cbcmac\-des|cbcmac\-blowfish|cbcmac\-3des)(?=[,\s\"])
266
+
scope: invalid.deprecated.mac-algorithm.ssh.crypto
267
+
hostname-or-ip-value:
268
+
- include: operator-exclamation
269
+
- match: \[
270
+
scope: punctuation.definition.string.begin.known_hosts
271
+
push:
272
+
- meta_scope: meta.brackets.host.known_hosts
273
+
- match: (\])(?:(:)({{zero_to_65535}}))?
274
+
captures:
275
+
1: punctuation.definition.string.end.known_hosts
276
+
2: punctuation.separator.sequence.known_hosts
277
+
3: meta.number.integer.decimal.known_hosts constant.numeric.port-number.known_hosts
278
+
pop: 1
279
+
- include: operator-exclamation
280
+
- include: ip-addresses
281
+
- match: ''
282
+
push:
283
+
- meta_scope: meta.string.host.known_hosts string.quoted.other.known_hosts
284
+
- match: (?=,|\])
285
+
pop: 1
286
+
- include: wildcards
287
+
- include: punctuation-dot-sequence
288
+
- include: ip-addresses
289
+
- match: (\|)(\d+)(\|)({{base64_char}}{27}=)(\|)({{base64_char}}{27}=)
290
+
scope: meta.string.host.obfuscated.known_hosts
291
+
captures:
292
+
1: punctuation.definition.known_hosts
293
+
2: constant.numeric.integer.algorithm.known_hosts
294
+
3: punctuation.definition.known_hosts
295
+
4: string.unquoted.salt.known_hosts
296
+
5: punctuation.definition.known_hosts
297
+
6: string.unquoted.hash.known_hosts
298
+
- match: (?=\S)
299
+
push: hostname
300
+
hostname:
301
+
- meta_content_scope: meta.string.host.known_hosts string.unquoted.known_hosts
302
+
- match: (?=[,\[\s])
303
+
pop: 1
304
+
- include: wildcards
305
+
- include: punctuation-dot-sequence
+151
syntaxes/pem.sublime-syntax
+151
syntaxes/pem.sublime-syntax
···
1
+
%YAML 1.2
2
+
---
3
+
# Not strictly just PEM. Includes some other stuff, just to be helpful.
4
+
5
+
# https://www.sublimetext.com/docs/syntax.html
6
+
# https://datatracker.ietf.org/doc/html/rfc7468 (PEM)
7
+
# https://datatracker.ietf.org/doc/html/rfc4716 (OpenSSH)
8
+
# https://datatracker.ietf.org/doc/html/rfc4880 (OpenPGP)
9
+
10
+
name: Private Encrypted Mail (PEM) Key
11
+
scope: source.pem
12
+
version: 2
13
+
extends: SSH Common.sublime-syntax
14
+
15
+
file_extensions:
16
+
- pem
17
+
18
+
hidden_file_extensions:
19
+
- cer
20
+
- cert
21
+
- crt
22
+
- id_dsa
23
+
- id_ed25519
24
+
- id_ed448
25
+
- id_eddsa
26
+
- id_rsa
27
+
28
+
first_line_match: |-
29
+
^(?x:
30
+
(-{4}[ -])
31
+
BEGIN [ ]
32
+
( (?:[0-9A-Z -]+[ ])? (?: PUBLIC | PRIVATE ) [ ] KEY
33
+
| (?:[0-9A-Z -]+[ ])? CERTIFICATE (?:[ ] REQUEST )?
34
+
| (?:[0-9A-Z -]+[ ])? PARAMETERS
35
+
| X509 [ ] CRL
36
+
| PKCS7
37
+
| PKCS [ ] \#7 [ ] SIGNED [ ] DATA
38
+
| CMS
39
+
| PGP [ ] MESSAGE (?:,[ ] PART [ ] \d+(?:/\d+)?)?
40
+
| PGP [ ] (?: PUBLIC | PRIVATE ) [ ] KEY [ ] BLOCK
41
+
| PGP [ ] SIGNATURE
42
+
)
43
+
([ -]-{4})
44
+
)
45
+
46
+
contexts:
47
+
main:
48
+
- include: comments-number-sign
49
+
- match: |-
50
+
^(?x:
51
+
(-{4}[ -])
52
+
BEGIN [ ]
53
+
( (?:[0-9A-Z -]+[ ])? (?: PUBLIC | PRIVATE ) [ ] KEY
54
+
| (?:[0-9A-Z -]+[ ])? CERTIFICATE (?:[ ] REQUEST )?
55
+
| (?:[0-9A-Z -]+[ ])? PARAMETERS
56
+
| X509 [ ] CRL
57
+
| PKCS7
58
+
| PKCS [ ] \#7 [ ] SIGNED [ ] DATA
59
+
| CMS
60
+
| PGP [ ] MESSAGE (?:,[ ] PART [ ] \d+(?:/\d+)?)?
61
+
| PGP [ ] (?: PUBLIC | PRIVATE ) [ ] KEY [ ] BLOCK
62
+
| PGP [ ] SIGNATURE
63
+
)
64
+
([ -]-{4})
65
+
)
66
+
scope: punctuation.section.block.begin.pem
67
+
push: pem-key
68
+
- include: setext-headings
69
+
70
+
pem-key:
71
+
- meta_scope: meta.block.pem
72
+
- match: ^\1END \2\3
73
+
scope: punctuation.section.block.end.pem
74
+
pop: 1
75
+
- include: comments-number-sign
76
+
- match: ^{{base64_char}}{1,100}(={0,3})?$
77
+
scope: string.unquoted.pem
78
+
captures:
79
+
1: punctuation.definition.string.end.pem
80
+
- include: headers
81
+
82
+
headers:
83
+
- match: ^(?i:(Comment))(:)
84
+
captures:
85
+
1: keyword.other.comment.pem
86
+
2: punctuation.separator.key-value.pem
87
+
push:
88
+
- meta_content_scope: comment.line.pem
89
+
- include: header-end
90
+
- match: ^((x-)?[\w-]+)(:)
91
+
captures:
92
+
1: meta.mapping.key.pem keyword.other.pem
93
+
2: variable.annotation.pem
94
+
3: punctuation.separator.key-value.pem
95
+
push: header-value
96
+
97
+
header-value:
98
+
- meta_scope: meta.mapping.pem
99
+
- meta_content_scope: meta.mapping.value.pem
100
+
- include: header-end
101
+
- include: punctuation-comma-sequence
102
+
- match: =
103
+
scope: punctuation.separator.key-value.pem
104
+
- match: '\b(?x: ENCRYPTED | MIC-ONLY | MIC-CLEAR )\b'
105
+
scope: storage.modifier.pem
106
+
- match: |-
107
+
\b(?x:
108
+
( AES-(?:128|256)-CBC
109
+
| DES-(?:EDE3-)?CBC
110
+
)\b
111
+
( (,) .+ )?
112
+
)
113
+
captures:
114
+
1: meta.function-call.identifier.pem
115
+
support.function.cipher.ssh.crypto
116
+
2: meta.function-call.arguments.pem
117
+
3: punctuation.section.arguments.begin.pem
118
+
119
+
header-end:
120
+
- match: \\\r?\n
121
+
scope: punctuation.separator.continuation.line.pem
122
+
push:
123
+
- match: ^
124
+
pop: 1
125
+
- match: (?=$)
126
+
pop: 1
127
+
128
+
setext-headings:
129
+
- match: ^(?:=+|(?=\S))
130
+
branch_point: maybe-heading
131
+
branch:
132
+
- setext-heading
133
+
- not-heading
134
+
135
+
setext-heading:
136
+
- meta_scope: markup.heading.pem
137
+
- meta_content_scope: entity.name.section.pem
138
+
- match: ^(={5,})[ \t]*$(\n?)
139
+
captures:
140
+
1: punctuation.definition.heading.setext.pem
141
+
2: meta.whitespace.newline.pem
142
+
pop: 1
143
+
- match: ^(?!=+)$
144
+
fail: maybe-heading
145
+
146
+
not-heading:
147
+
- match: ''
148
+
pop: 1
149
+
150
+
variables:
151
+
base64_char: '[a-zA-Z0-9+/]'
+288
syntaxes/ssh-common.sublime-syntax
+288
syntaxes/ssh-common.sublime-syntax
···
1
+
%YAML 1.2
2
+
---
3
+
# This file is some kind of internal library which is used to store
4
+
# common rules which are used by the visible syntax files.
5
+
name: SSH Common
6
+
scope: text.ssh.common
7
+
version: 2
8
+
hidden: true
9
+
10
+
contexts:
11
+
main:
12
+
- include: comments-number-sign
13
+
14
+
###[ COMMENTS ]################################################################
15
+
16
+
comments:
17
+
- include: comments-number-sign
18
+
- include: comments-semicolon
19
+
20
+
comments-number-sign:
21
+
- match: ^\s*(#+)
22
+
captures:
23
+
1: comment.line.number-sign.ssh.common punctuation.definition.comment.ssh.common
24
+
push:
25
+
- meta_content_scope: comment.line.number-sign.ssh.common
26
+
- match: \n
27
+
scope: comment.line.number-sign.ssh.common
28
+
pop: true
29
+
30
+
comments-semicolon:
31
+
- match: ^\s*(;+)
32
+
captures:
33
+
1: comment.line.semi-colon.ssh.common punctuation.definition.comment.ssh.common
34
+
push:
35
+
- meta_content_scope: comment.line.semi-colon.ssh.common
36
+
- include: pop-nl
37
+
38
+
###[ COMPONENTS ]##############################################################
39
+
40
+
operator-exclamation:
41
+
- match: '!'
42
+
scope: keyword.operator.logical.ssh.common
43
+
44
+
wildcards:
45
+
- match: \*
46
+
scope: constant.other.wildcard.asterisk.ssh.common
47
+
- match: \?
48
+
scope: constant.other.wildcard.questionmark.ssh.common
49
+
50
+
punctuation-comma-sequence:
51
+
- match: ','
52
+
scope: punctuation.separator.sequence.ssh.common
53
+
54
+
punctuation-dot-sequence:
55
+
- match: \.
56
+
scope: punctuation.separator.sequence.ssh.common
57
+
58
+
punctuation-at:
59
+
- match: '@'
60
+
scope: punctuation.separator.sequence.ssh.common
61
+
62
+
ssh-fingerprint:
63
+
- match: '{{ssh_fingerprint}}'
64
+
scope: variable.other.fingerprint.ssh.common
65
+
66
+
ssh-fingerprint-with-label:
67
+
- match: '{{ssh_fingerprint}}'
68
+
scope: variable.other.fingerprint.ssh.common
69
+
push: expect-fingerprint-label
70
+
71
+
expect-fingerprint-label:
72
+
- include: pop-before-nl
73
+
- match: (?=\S)
74
+
push:
75
+
- meta_scope: meta.annotation.identifier.ssh.common
76
+
string.unquoted.ssh.common
77
+
- match: '(?=[ \t]*$)'
78
+
pop: 1
79
+
- include: punctuation-at
80
+
81
+
time-values:
82
+
# https://man.openbsd.org/sshd_config.5#TIME_FORMATS
83
+
# seconds, minutes, hours, days, weeks
84
+
- match: \b(?=[\dsmhdw]*\d[smhdw][\s,"])
85
+
push:
86
+
- meta_scope: meta.constant.time.ssh.common
87
+
meta.number.integer.decimal.ssh.common
88
+
- match: (?=[\s,"])
89
+
pop: 1
90
+
- match: (\d+)([smhdw])
91
+
captures:
92
+
1: constant.numeric.value.ssh.common
93
+
2: constant.numeric.suffix.ssh.common
94
+
95
+
bytes-values:
96
+
- match: \b(\d+)([KMG])(?=[\s,"])
97
+
scope: meta.constant.bytes.ssh.common
98
+
meta.number.integer.other.ssh.common
99
+
captures:
100
+
1: constant.numeric.value.ssh.common
101
+
2: constant.numeric.suffix.ssh.common
102
+
103
+
mac-addresses:
104
+
- match: (?:[0-9a-fA-F]{2}:){5}(?:[0-9a-fA-F]{2})
105
+
scope: entity.name.constant.mac-address.ssh.common
106
+
107
+
ipv4:
108
+
- match: '\b{{ipv4}}\b'
109
+
scope: meta.number.integer.other.ssh.common constant.numeric.ip-address.v4.ssh.common
110
+
111
+
ipv6:
112
+
- match: '{{ipv6}}'
113
+
scope: meta.number.integer.other.ssh.common constant.numeric.ip-address.v6.ssh.common
114
+
115
+
ipv6-square-bracket:
116
+
- match: (\[){{ipv6}}(\])
117
+
scope: meta.number.integer.other.ssh.common constant.numeric.ip-address.v6.ssh.common
118
+
captures:
119
+
1: punctuation.definition.constant.begin.ssh.common
120
+
2: punctuation.definition.constant.end.ssh.common
121
+
122
+
ip-addresses:
123
+
- include: ipv6
124
+
- include: ipv4
125
+
126
+
ipv4-with-cidr:
127
+
- match: \b({{ipv4}})(?:(/)({{zero_to_32}}))?\b
128
+
captures:
129
+
1: meta.number.integer.other.ssh.common constant.numeric.ip-address.v4.ssh.common
130
+
2: punctuation.separator.sequence.ssh.common
131
+
3: constant.other.range.ssh.common
132
+
133
+
ipv6-with-cidr:
134
+
- match: ({{ipv6}})(?:(/)({{zero_to_128}})\b)?
135
+
captures:
136
+
1: meta.number.integer.other.ssh.common constant.numeric.ip-address.v6.ssh.common
137
+
2: punctuation.separator.sequence.ssh.common
138
+
3: constant.other.range.ssh.common
139
+
140
+
ip-addresses-with-cidr:
141
+
- include: ipv6-with-cidr
142
+
- include: ipv4-with-cidr
143
+
144
+
port-numbers:
145
+
- match: \b{{zero_to_65535}}(?![\w:])
146
+
scope: meta.number.integer.decimal.ssh.common
147
+
constant.numeric.port-number.ssh.common
148
+
149
+
match-all:
150
+
- match: '\b(?xi: all )\b'
151
+
scope: constant.language.boolean.true.ssh.common
152
+
153
+
none:
154
+
- match: \bnone\b
155
+
scope: constant.language.null.ssh.common
156
+
157
+
any:
158
+
- match: \bany\b
159
+
scope: constant.language.set.ssh.common
160
+
161
+
boolean:
162
+
- match: \byes\b
163
+
scope: constant.language.boolean.true.ssh.common
164
+
- match: \bno\b
165
+
scope: constant.language.boolean.false.ssh.common
166
+
167
+
boolean-with-typing:
168
+
- include: boolean
169
+
# Consume while typing as well, but unscoped
170
+
- match: \b(?:ye?|n)\b
171
+
172
+
log-level:
173
+
- match: '\b(?x: QUIET | FATAL | ERROR | INFO | DEBUG[1-3]? )\b'
174
+
scope: constant.language.log-level.ssh.common
175
+
176
+
possibly-quoted-value:
177
+
- meta_content_scope: meta.mapping.value.ssh.common
178
+
- match: '"'
179
+
scope: punctuation.definition.string.begin.ssh.common
180
+
push:
181
+
- meta_scope: string.quoted.double.ssh.common
182
+
- match: (")(?:\s*(\S.*))?
183
+
captures:
184
+
1: punctuation.definition.string.end.ssh.common
185
+
2: invalid.illegal.ssh.common
186
+
pop: 1
187
+
- match: \n|$
188
+
scope: invalid.illegal.unclosed-string.ssh.common
189
+
pop: 2
190
+
- match: (?=\S)
191
+
push:
192
+
- meta_content_scope: string.unquoted.ssh.common
193
+
- include: pop-before-nl
194
+
- include: pop-nl
195
+
196
+
string-patterns:
197
+
# https://man7.org/linux/man-pages/man5/ssh_config.5.html#PATTERNS
198
+
# https://man.openbsd.org/ssh_config.5#PATTERNS
199
+
# https://man7.org/linux/man-pages/man5/sshd_config.5.html#PATTERNS
200
+
# https://man.openbsd.org/sshd_config.5#PATTERNS
201
+
- include: punctuation-comma-sequence
202
+
- include: operator-exclamation
203
+
- match: '"'
204
+
scope: punctuation.definition.string.begin.ssh.common
205
+
push:
206
+
- meta_content_scope: string.quoted.double.ssh.common
207
+
- match: '"'
208
+
scope: punctuation.definition.string.end.ssh.common
209
+
pop: 1
210
+
- include: wildcards
211
+
- match: (?=\S)
212
+
push:
213
+
- meta_content_scope: string.unquoted.ssh.common
214
+
- match: (?=[,!\s])
215
+
pop: 1
216
+
- include: wildcards
217
+
218
+
paths:
219
+
# This is just heuristic. Expect failures.
220
+
- match: (?=~?[\w.\-?*${}%]*/[\w.\-?*${}%]?)
221
+
push:
222
+
- meta_scope: meta.path.ssh.common
223
+
entity.name.ssh.common
224
+
- match: (?=[\s,"])
225
+
pop: 1
226
+
- match: ~[\w\-.]*
227
+
scope: variable.language.home.ssh.common
228
+
- match: (/)(?:(\.{1,2})(?=/)|\.(?!/))?
229
+
captures:
230
+
1: punctuation.separator.path.ssh.common
231
+
2: constant.other.placeholder.ssh.common
232
+
- match: \.(?=[\w*?%])
233
+
scope: punctuation.separator.sequence.ssh.common
234
+
- include: wildcards
235
+
- include: tokens
236
+
- include: environment-variables
237
+
238
+
none-command-values:
239
+
- match: \s*(none)\b[ \t]*$
240
+
captures:
241
+
1: constant.language.null.ssh.common
242
+
- match: \s*((")(none)("))[ \t]*$
243
+
captures:
244
+
1: string.quoted.double.ssh.common
245
+
2: punctuation.definition.string.begin.ssh.common
246
+
3: constant.language.null.ssh.common
247
+
4: punctuation.definition.string.end.ssh.common
248
+
249
+
tokens: []
250
+
environment-variables: []
251
+
252
+
###[ PROTOTYPE ]###############################################################
253
+
254
+
pop-nl:
255
+
- match: \n
256
+
pop: 1
257
+
258
+
pop-before-nl:
259
+
- match: (?=\n)
260
+
pop: 1
261
+
262
+
###############################################################################
263
+
264
+
variables:
265
+
base64_char: '[a-zA-Z0-9+/]'
266
+
ssh_fingerprint: (?:AAAA(?:E2V|[BC]3N){{base64_char}}+={0,3})
267
+
# ipv4_basic: (?:(?:\d{1,3}\.){3}\d{1,3})
268
+
# ipv6_basic: (?i:(?:[a-f0-9:]+:+)+[a-f0-9]+)
269
+
zero_to_32: (?:3[0-2]|[12][0-9]|[0-9])
270
+
zero_to_128: (?:12[0-8]|1[01][0-9]|[1-9][0-9]|[0-9])
271
+
zero_to_255: (?:(?:25[0-5])|(?:2[0-4][0-9])|(?:1[0-9][0-9])|(?:[1-9][0-9])|[0-9])
272
+
zero_to_65535: (?:6553[0-5]|655[0-2][0-9]|65[0-4][0-9]{2}|6[0-4][0-9]{3}|[1-5][0-9]{4}|[1-9][0-9]{1,3}|[0-9])
273
+
ipv4: (?:(?:{{zero_to_255}}\.){3}{{zero_to_255}})
274
+
ipv6: |-
275
+
(?xi:
276
+
(?:::(?:ffff(?::0{1,4}){0,1}:){0,1}{{ipv4}}) # ::255.255.255.255 ::ffff:255.255.255.255 ::ffff:0:255.255.255.255 (IPv4-mapped IPv6 addresses and IPv4-translated addresses)
277
+
|(?:(?:[0-9a-f]{1,4}:){1,4}:{{ipv4}}) # 2001:db8:3:4::192.0.2.33 64:ff9b::192.0.2.33 (IPv4-Embedded IPv6 Address)
278
+
|(?:fe80:(?::[0-9a-f]{1,4}){0,4}%[0-9a-z]{1,}) # fe80::7:8%eth0 fe80::7:8%1 (link-local IPv6 addresses with zone index)
279
+
|(?:(?:[0-9a-f]{1,4}:){7,7} [0-9a-f]{1,4}) # 1:2:3:4:5:6:7:8
280
+
| (?:[0-9a-f]{1,4}: (?::[0-9a-f]{1,4}){1,6}) # 1::3:4:5:6:7:8 1::3:4:5:6:7:8 1::8
281
+
|(?:(?:[0-9a-f]{1,4}:){1,2}(?::[0-9a-f]{1,4}){1,5}) # 1::4:5:6:7:8 1:2::4:5:6:7:8 1:2::8
282
+
|(?:(?:[0-9a-f]{1,4}:){1,3}(?::[0-9a-f]{1,4}){1,4}) # 1::5:6:7:8 1:2:3::5:6:7:8 1:2:3::8
283
+
|(?:(?:[0-9a-f]{1,4}:){1,4}(?::[0-9a-f]{1,4}){1,3}) # 1::6:7:8 1:2:3:4::6:7:8 1:2:3:4::8
284
+
|(?:(?:[0-9a-f]{1,4}:){1,5}(?::[0-9a-f]{1,4}){1,2}) # 1::7:8 1:2:3:4:5::7:8 1:2:3:4:5::8
285
+
|(?:(?:[0-9a-f]{1,4}:){1,6} :[0-9a-f]{1,4}) # 1::8 1:2:3:4:5:6::8 1:2:3:4:5:6::8
286
+
|(?:(?:[0-9a-f]{1,4}:){1,7} :) # 1:: 1:2:3:4:5:6:7::
287
+
|(?::(?:(?::[0-9a-f]{1,4}){1,7}|:)) # ::2:3:4:5:6:7:8 ::2:3:4:5:6:7:8 ::8 ::
288
+
)
+556
syntaxes/ssh-config.sublime-syntax
+556
syntaxes/ssh-config.sublime-syntax
···
1
+
%YAML 1.2
2
+
---
3
+
# Standalone version of ssh-config.sublime-syntax
4
+
# Merged with: ssh-common.sublime-syntax, ssh-crypto.sublime-syntax
5
+
6
+
name: SSH Config
7
+
scope: source.ssh_config
8
+
version: 2
9
+
file_extensions:
10
+
- ssh_config
11
+
variables:
12
+
base64_char: '[a-zA-Z0-9+/]'
13
+
ssh_fingerprint: (?:AAAA(?:E2V|[BC]3N){{base64_char}}+={0,3})
14
+
zero_to_32: (?:3[0-2]|[12][0-9]|[0-9])
15
+
zero_to_128: (?:12[0-8]|1[01][0-9]|[1-9][0-9]|[0-9])
16
+
zero_to_255: (?:(?:25[0-5])|(?:2[0-4][0-9])|(?:1[0-9][0-9])|(?:[1-9][0-9])|[0-9])
17
+
zero_to_65535: (?:6553[0-5]|655[0-2][0-9]|65[0-4][0-9]{2}|6[0-4][0-9]{3}|[1-5][0-9]{4}|[1-9][0-9]{1,3}|[0-9])
18
+
ipv4: (?:(?:{{zero_to_255}}\.){3}{{zero_to_255}})
19
+
ipv6: "(?xi:\n (?:::(?:ffff(?::0{1,4}){0,1}:){0,1}{{ipv4}}) # ::255.255.255.255\
20
+
\ ::ffff:255.255.255.255 ::ffff:0:255.255.255.255 (IPv4-mapped IPv6 addresses\
21
+
\ and IPv4-translated addresses)\n |(?:(?:[0-9a-f]{1,4}:){1,4}:{{ipv4}}) \
22
+
\ # 2001:db8:3:4::192.0.2.33 64:ff9b::192.0.2.33 \
23
+
\ (IPv4-Embedded IPv6 Address)\n |(?:fe80:(?::[0-9a-f]{1,4}){0,4}%[0-9a-z]{1,})\
24
+
\ # fe80::7:8%eth0 fe80::7:8%1 \
25
+
\ (link-local IPv6 addresses with zone index)\n |(?:(?:[0-9a-f]{1,4}:){7,7}\
26
+
\ [0-9a-f]{1,4}) # 1:2:3:4:5:6:7:8\n | (?:[0-9a-f]{1,4}: (?::[0-9a-f]{1,4}){1,6})\
27
+
\ # 1::3:4:5:6:7:8 1::3:4:5:6:7:8 1::8\n |(?:(?:[0-9a-f]{1,4}:){1,2}(?::[0-9a-f]{1,4}){1,5})\
28
+
\ # 1::4:5:6:7:8 1:2::4:5:6:7:8 1:2::8\n |(?:(?:[0-9a-f]{1,4}:){1,3}(?::[0-9a-f]{1,4}){1,4})\
29
+
\ # 1::5:6:7:8 1:2:3::5:6:7:8 1:2:3::8\n |(?:(?:[0-9a-f]{1,4}:){1,4}(?::[0-9a-f]{1,4}){1,3})\
30
+
\ # 1::6:7:8 1:2:3:4::6:7:8 1:2:3:4::8\n |(?:(?:[0-9a-f]{1,4}:){1,5}(?::[0-9a-f]{1,4}){1,2})\
31
+
\ # 1::7:8 1:2:3:4:5::7:8 1:2:3:4:5::8\n |(?:(?:[0-9a-f]{1,4}:){1,6}\
32
+
\ :[0-9a-f]{1,4}) # 1::8 1:2:3:4:5:6::8 1:2:3:4:5:6::8\n\
33
+
\ |(?:(?:[0-9a-f]{1,4}:){1,7} :) # 1:: \
34
+
\ 1:2:3:4:5:6:7::\n |(?::(?:(?::[0-9a-f]{1,4}){1,7}|:)) \
35
+
\ # ::2:3:4:5:6:7:8 ::2:3:4:5:6:7:8 ::8 ::\n)"
36
+
tokens_standard: (?:%[%CdhikLlnpru])
37
+
tokens_knownhosts: (?:{{tokens_standard}}|%[%fHIKt])
38
+
tokens_hostname: (?:%[%h])
39
+
tokens_proxycommand: (?:%[%hnpr])
40
+
tokens_all: (?:{{tokens_knownhosts}}|%T)
41
+
tokens_localcommand: '{{tokens_all}}'
42
+
match_parameters: "\\b(?xi:\n all | canonical | final | exec | localnetwork | host\
43
+
\ | originalhost\n| tagged | command | user | localuser | version | sessiontype\n\
44
+
)\\b"
45
+
contexts:
46
+
main:
47
+
- include: comments
48
+
- include: host-block
49
+
- include: match
50
+
- include: naked-parameters
51
+
comments:
52
+
- include: comments-number-sign
53
+
- include: comments-semicolon
54
+
comments-number-sign:
55
+
- match: ^\s*(#+)
56
+
captures:
57
+
1: comment.line.number-sign.ssh.common punctuation.definition.comment.ssh.common
58
+
push:
59
+
- meta_content_scope: comment.line.number-sign.ssh.common
60
+
- match: \n
61
+
scope: comment.line.number-sign.ssh.common
62
+
pop: true
63
+
comments-semicolon:
64
+
- match: ^\s*(;+)
65
+
captures:
66
+
1: comment.line.semi-colon.ssh.common punctuation.definition.comment.ssh.common
67
+
push:
68
+
- meta_content_scope: comment.line.semi-colon.ssh.common
69
+
- include: pop-nl
70
+
operator-exclamation:
71
+
- match: '!'
72
+
scope: keyword.operator.logical.ssh.common
73
+
wildcards:
74
+
- match: \*
75
+
scope: constant.other.wildcard.asterisk.ssh.common
76
+
- match: \?
77
+
scope: constant.other.wildcard.questionmark.ssh.common
78
+
punctuation-comma-sequence:
79
+
- match: ','
80
+
scope: punctuation.separator.sequence.ssh.common
81
+
punctuation-dot-sequence:
82
+
- match: \.
83
+
scope: punctuation.separator.sequence.ssh.common
84
+
punctuation-at:
85
+
- match: '@'
86
+
scope: punctuation.separator.sequence.ssh.common
87
+
ssh-fingerprint:
88
+
- match: '{{ssh_fingerprint}}'
89
+
scope: variable.other.fingerprint.ssh.common
90
+
ssh-fingerprint-with-label:
91
+
- match: '{{ssh_fingerprint}}'
92
+
scope: variable.other.fingerprint.ssh.common
93
+
push: expect-fingerprint-label
94
+
expect-fingerprint-label:
95
+
- include: pop-before-nl
96
+
- match: (?=\S)
97
+
push:
98
+
- meta_scope: meta.annotation.identifier.ssh.common string.unquoted.ssh.common
99
+
- match: (?=[ \t]*$)
100
+
pop: 1
101
+
- include: punctuation-at
102
+
time-values:
103
+
- match: \b(?=[\dsmhdw]*\d[smhdw][\s,"])
104
+
push:
105
+
- meta_scope: meta.constant.time.ssh.common meta.number.integer.decimal.ssh.common
106
+
- match: (?=[\s,"])
107
+
pop: 1
108
+
- match: (\d+)([smhdw])
109
+
captures:
110
+
1: constant.numeric.value.ssh.common
111
+
2: constant.numeric.suffix.ssh.common
112
+
bytes-values:
113
+
- match: \b(\d+)([KMG])(?=[\s,"])
114
+
scope: meta.constant.bytes.ssh.common meta.number.integer.other.ssh.common
115
+
captures:
116
+
1: constant.numeric.value.ssh.common
117
+
2: constant.numeric.suffix.ssh.common
118
+
mac-addresses:
119
+
- match: (?:[0-9a-fA-F]{2}:){5}(?:[0-9a-fA-F]{2})
120
+
scope: entity.name.constant.mac-address.ssh.common
121
+
ipv4:
122
+
- match: \b{{ipv4}}\b
123
+
scope: meta.number.integer.other.ssh.common constant.numeric.ip-address.v4.ssh.common
124
+
ipv6:
125
+
- match: '{{ipv6}}'
126
+
scope: meta.number.integer.other.ssh.common constant.numeric.ip-address.v6.ssh.common
127
+
ipv6-square-bracket:
128
+
- match: (\[){{ipv6}}(\])
129
+
scope: meta.number.integer.other.ssh.common constant.numeric.ip-address.v6.ssh.common
130
+
captures:
131
+
1: punctuation.definition.constant.begin.ssh.common
132
+
2: punctuation.definition.constant.end.ssh.common
133
+
ip-addresses:
134
+
- include: ipv6
135
+
- include: ipv4
136
+
ipv4-with-cidr:
137
+
- match: \b({{ipv4}})(?:(/)({{zero_to_32}}))?\b
138
+
captures:
139
+
1: meta.number.integer.other.ssh.common constant.numeric.ip-address.v4.ssh.common
140
+
2: punctuation.separator.sequence.ssh.common
141
+
3: constant.other.range.ssh.common
142
+
ipv6-with-cidr:
143
+
- match: ({{ipv6}})(?:(/)({{zero_to_128}})\b)?
144
+
captures:
145
+
1: meta.number.integer.other.ssh.common constant.numeric.ip-address.v6.ssh.common
146
+
2: punctuation.separator.sequence.ssh.common
147
+
3: constant.other.range.ssh.common
148
+
ip-addresses-with-cidr:
149
+
- include: ipv6-with-cidr
150
+
- include: ipv4-with-cidr
151
+
port-numbers:
152
+
- match: \b{{zero_to_65535}}(?![\w:])
153
+
scope: meta.number.integer.decimal.ssh.common constant.numeric.port-number.ssh.common
154
+
match-all:
155
+
- match: '\b(?xi: all )\b'
156
+
scope: constant.language.boolean.true.ssh.common
157
+
none:
158
+
- match: \bnone\b
159
+
scope: constant.language.null.ssh.common
160
+
any:
161
+
- match: \bany\b
162
+
scope: constant.language.set.ssh.common
163
+
boolean:
164
+
- match: \byes\b
165
+
scope: constant.language.boolean.true.ssh.common
166
+
- match: \bno\b
167
+
scope: constant.language.boolean.false.ssh.common
168
+
boolean-with-typing:
169
+
- include: boolean
170
+
- match: \b(?:ye?|n)\b
171
+
log-level:
172
+
- match: '\b(?x: QUIET | FATAL | ERROR | INFO | DEBUG[1-3]? )\b'
173
+
scope: constant.language.log-level.ssh.common
174
+
possibly-quoted-value:
175
+
- meta_content_scope: meta.mapping.value.ssh_config
176
+
- match: '"'
177
+
scope: punctuation.definition.string.begin.ssh_config
178
+
push:
179
+
- meta_scope: string.quoted.double.ssh_config
180
+
- match: (")(?:\s*(\S.*))?
181
+
captures:
182
+
1: punctuation.definition.string.end.ssh_config
183
+
2: invalid.illegal.ssh_config
184
+
pop: 1
185
+
- match: \n|$
186
+
scope: invalid.illegal.unclosed-string.ssh_config
187
+
pop: 2
188
+
- match: (?=\S)
189
+
push:
190
+
- meta_content_scope: string.unquoted.ssh_config
191
+
- include: pop-before-nl
192
+
- include: pop-nl
193
+
string-patterns:
194
+
- include: punctuation-comma-sequence
195
+
- include: operator-exclamation
196
+
- match: '"'
197
+
scope: punctuation.definition.string.begin.ssh.common
198
+
push:
199
+
- meta_content_scope: string.quoted.double.ssh.common
200
+
- match: '"'
201
+
scope: punctuation.definition.string.end.ssh.common
202
+
pop: 1
203
+
- include: wildcards
204
+
- match: (?=\S)
205
+
push:
206
+
- meta_content_scope: string.unquoted.ssh.common
207
+
- match: (?=[,!\s])
208
+
pop: 1
209
+
- include: wildcards
210
+
paths:
211
+
- match: (?=~?[\w.\-?*${}%]*/[\w.\-?*${}%]?)
212
+
push:
213
+
- meta_scope: meta.path.ssh.common entity.name.ssh.common
214
+
- match: (?=[\s,"])
215
+
pop: 1
216
+
- match: ~[\w\-.]*
217
+
scope: variable.language.home.ssh.common
218
+
- match: (/)(?:(\.{1,2})(?=/)|\.(?!/))?
219
+
captures:
220
+
1: punctuation.separator.path.ssh.common
221
+
2: constant.other.placeholder.ssh.common
222
+
- match: \.(?=[\w*?%])
223
+
scope: punctuation.separator.sequence.ssh.common
224
+
- include: wildcards
225
+
- include: tokens
226
+
- include: environment-variables
227
+
none-command-values:
228
+
- match: \s*(none)\b[ \t]*$
229
+
captures:
230
+
1: constant.language.null.ssh.common
231
+
- match: \s*((")(none)("))[ \t]*$
232
+
captures:
233
+
1: string.quoted.double.ssh.common
234
+
2: punctuation.definition.string.begin.ssh.common
235
+
3: constant.language.null.ssh.common
236
+
4: punctuation.definition.string.end.ssh.common
237
+
tokens:
238
+
- match: '%%'
239
+
scope: constant.character.escape.ssh_config
240
+
- match: '{{tokens_standard}}'
241
+
scope: constant.other.placeholder.ssh_config
242
+
environment-variables:
243
+
- include: scope:source.shell#parameter-expansions
244
+
pop-nl:
245
+
- match: \n
246
+
pop: 1
247
+
pop-before-nl:
248
+
- match: (?=\n)
249
+
pop: 1
250
+
ssh-ciphers:
251
+
- match: \b(?:twofish256\-gcm@libassh\.org|twofish256\-ctr|twofish192\-ctr|twofish128\-gcm@libassh\.org|twofish128\-ctr|twofish\-ctr|crypticore128@ssh\.com|chacha20\-poly1305@openssh\.com|chacha20\-poly1305|camellia256\-ctr@openssh\.org|camellia256\-ctr|camellia192\-ctr@openssh\.org|camellia192\-ctr|camellia128\-ctr@openssh\.org|camellia128\-ctr|aes256\-gcm@openssh\.com|aes256\-gcm|aes256\-ctr|aes192\-gcm@openssh\.com|aes192\-ctr|aes128\-gcm@openssh\.com|aes128\-gcm|aes128\-ctr|AEAD_CAMELLIA_256_GCM|AEAD_CAMELLIA_128_GCM|AEAD_AES_256_GCM|AEAD_AES_128_GCM)(?=[,\s\"])
252
+
scope: support.function.cipher.ssh.crypto
253
+
- match: \b(?:twofish256\-cbc|twofish192\-cbc|twofish128\-cbc|twofish\-ofb|twofish\-ecb|twofish\-cfb|twofish\-cbc|serpent256\-gcm@libassh\.org|serpent256\-ctr|serpent256\-cbc|serpent192\-ctr|serpent192\-cbc|serpent128\-gcm@libassh\.org|serpent128\-ctr|serpent128\-cbc|seed\-ctr@ssh\.com|seed\-cbc@ssh\.com|rijndael256\-cbc|rijndael192\-cbc|rijndael128\-cbc|rijndael\-cbc@ssh\.com|rijndael\-cbc@lysator\.liu\.se|none|idea\-ofb|idea\-ecb|idea\-ctr|idea\-cfb|idea\-cbc|grasshopper\-ctr128|des\-ofb|des\-ecb|des\-cfb|des\-cbc@ssh\.com|des\-cbc\-ssh1|des\-cbc|des|cast128\-ofb|cast128\-ecb|cast128\-ctr|cast128\-cfb|cast128\-cbc|cast128\-12\-ofb|cast128\-12\-ecb|cast128\-12\-ctr|cast128\-12\-cfb|cast128\-12\-cbc|camellia256\-cbc@openssh\.org|camellia256\-cbc|camellia192\-cbc@openssh\.org|camellia192\-cbc|camellia128\-cbc@openssh\.org|camellia128\-cbc|blowfish\-ecb|blowfish\-ctr|blowfish\-cfb|blowfish\-cbc|blowfish|arcfour256|arcfour128|arcfour|aes256\-cbc|aes192\-cbc|aes128\-ocb@libassh\.org|aes128\-cbc|3des\-ofb|3des\-ecb|3des\-ctr|3des\-cfb|3des\-cbc|3des)(?=[,\s\"])
254
+
scope: invalid.deprecated.cipher.ssh.crypto
255
+
ssh-kex-algorithms:
256
+
- match: \b(?:x25519\-kyber512\-sha512@aws\.amazon\.com|x25519\-kyber\-512r3\-sha256\-d00@amazon\.com|sntrup761x25519\-sha512@openssh\.com|sntrup4591761x25519\-sha512@tinyssh\.org|sm2kep\-sha2\-nistp256|rsa2048\-sha256|mlkem768x25519\-sha256|mlkem768nistp256\-sha256|mlkem1024nistp384\-sha384|m511\-sha512@libassh\.org|m383\-sha384@libassh\.org|kexguess2@matt\.ucc\.asn\.au|kexAlgoECDH521|kexAlgoECDH384|kexAlgoECDH256|kexAlgoCurve25519SHA256|kex\-strict\-s\-v00@openssh\.com|kex\-strict\-c\-v00@openssh\.com|gss\-nistp521\-sha512\-|gss\-nistp384\-sha384\-|gss\-nistp384\-sha256\-|gss\-nistp256\-sha256\-|gss\-group18\-sha512\-|gss\-group17\-sha512\-|gss\-group16\-sha512\-|gss\-group15\-sha512\-toWM5Slw5Ew8Mqkay\+al2g==|gss\-group15\-sha512\-|gss\-group14\-sha256\-toWM5Slw5Ew8Mqkay\+al2g==|gss\-group14\-sha256\-|gss\-gex\-sha256\-|gss\-curve448\-sha512\-|gss\-curve25519\-sha256\-|gss\-13\.3\.132\.0\.10\-sha256\-|ext\-info\-s|ext\-info\-c|ecmqv\-sha2|ecdh\-sha2\-wiRIU8TKjMZ418sMqlqtvQ==|ecdh\-sha2\-qcFQaMAMGhTziMT0z\+Tuzw==|ecdh\-sha2\-nistt571|ecdh\-sha2\-nistp521|ecdh\-sha2\-nistp384|ecdh\-sha2\-nistp256|ecdh\-sha2\-nistp224|ecdh\-sha2\-nistp192|ecdh\-sha2\-nistk409|ecdh\-sha2\-nistk283|ecdh\-sha2\-nistb409|ecdh\-sha2\-mNVwCXAoS1HGmHpLvBC94w==|ecdh\-sha2\-m/FtSAmrV4j/Wy6RVUaK7A==|ecdh\-sha2\-h/SsxnLCtRBh7I9ATyeB3A==|ecdh\-sha2\-curve25519|ecdh\-sha2\-brainpoolp521r1@genua\.de|ecdh\-sha2\-brainpoolp384r1@genua\.de|ecdh\-sha2\-brainpoolp256r1@genua\.de|ecdh\-sha2\-D3FefCjYoJ/kfXgAyLddYA==|ecdh\-sha2\-9UzNcgwTlEnSCECZa7V1mw==|ecdh\-sha2\-1\.3\.132\.0\.38|ecdh\-sha2\-1\.3\.132\.0\.37|ecdh\-sha2\-1\.3\.132\.0\.36|ecdh\-sha2\-1\.3\.132\.0\.35|ecdh\-sha2\-1\.3\.132\.0\.34|ecdh\-sha2\-1\.3\.132\.0\.16|ecdh\-sha2\-1\.3\.132\.0\.10|ecdh\-sha2\-1\.2\.840\.10045\.3\.1\.7|ecdh\-nistp521\-kyber\-1024r3\-sha512\-d00@openquantumsafe\.org|ecdh\-nistp384\-kyber\-768r3\-sha384\-d00@openquantumsafe\.org|ecdh\-nistp256\-kyber\-512r3\-sha256\-d00@openquantumsafe\.org|diffie\-hellman_group17\-sha512|diffie\-hellman\-group18\-sha512@ssh\.com|diffie\-hellman\-group18\-sha512|diffie\-hellman\-group17\-sha512|diffie\-hellman\-group16\-sha512@ssh\.com|diffie\-hellman\-group16\-sha512|diffie\-hellman\-group16\-sha384@ssh\.com|diffie\-hellman\-group16\-sha256|diffie\-hellman\-group15\-sha512|diffie\-hellman\-group15\-sha384@ssh\.com|diffie\-hellman\-group15\-sha256@ssh\.com|diffie\-hellman\-group15\-sha256|diffie\-hellman\-group14\-sha256@ssh\.com|diffie\-hellman\-group14\-sha256|diffie\-hellman\-group14\-sha224@ssh\.com|diffie\-hellman\-group1\-sha256|diffie\-hellman\-group\-exchange\-sha512@ssh\.com|diffie\-hellman\-group\-exchange\-sha512@ssh\.com|diffie\-hellman\-group\-exchange\-sha384@ssh\.com|diffie\-hellman\-group\-exchange\-sha256@ssh\.com|diffie\-hellman\-group\-exchange\-sha256@ssh\.com|diffie\-hellman\-group\-exchange\-sha256|diffie\-hellman\-group\-exchange\-sha256|diffie\-hellman\-group\-exchange\-sha224@ssh\.com|curve448\-sha512@libssh\.org|curve448\-sha512|curve25519\-sha256@libssh\.org|curve25519\-sha256|Curve25519SHA256)(?=[,\s\"])
257
+
scope: support.function.kex-algorithm.ssh.crypto
258
+
- match: \b(?:rsa1024\-sha1|kexAlgoDH1SHA1|kexAlgoDH14SHA1|gss\-group14\-sha1\-toWM5Slw5Ew8Mqkay\+al2g==|gss\-group14\-sha1\-|gss\-group1\-sha1\-toWM5Slw5Ew8Mqkay\+al2g==|gss\-group1\-sha1\-|gss\-gex\-sha1\-toWM5Slw5Ew8Mqkay\+al2g==|gss\-gex\-sha1\-|ecdh\-sha2\-zD/b3hu/71952ArpUG4OjQ==|ecdh\-sha2\-qCbG5Cn/jjsZ7nBeR7EnOA==|ecdh\-sha2\-nistk233|ecdh\-sha2\-nistk163|ecdh\-sha2\-nistb233|ecdh\-sha2\-VqBg4QRPjxx1EXZdV0GdWQ==|ecdh\-sha2\-5pPrSUQtIaTjUSt5VZNBjg==|ecdh\-sha2\-4MHB\+NBt3AlaSRQ7MnB4cg==|ecdh\-sha2\-1\.3\.132\.0\.33|ecdh\-sha2\-1\.3\.132\.0\.27|ecdh\-sha2\-1\.3\.132\.0\.26|ecdh\-sha2\-1\.3\.132\.0\.1|ecdh\-sha2\-1\.2\.840\.10045\.3\.1\.1|diffie\-hellman\-group14\-sha1|diffie\-hellman\-group1\-sha1|diffie\-hellman\-group\-exchange\-sha1)(?=[,\s\"])
259
+
scope: invalid.deprecated.kex-algorithm.ssh.crypto
260
+
ssh-key-types:
261
+
- match: \b(?:x509v3\-sign\-rsa\-sha512@ssh\.com|x509v3\-sign\-rsa\-sha384@ssh\.com|x509v3\-sign\-rsa\-sha256@ssh\.com|x509v3\-sign\-rsa\-sha256@ssh\.com|x509v3\-sign\-rsa\-sha256|x509v3\-sign\-rsa\-sha224@ssh\.com|x509v3\-sign\-dss\-sha512@ssh\.com|x509v3\-sign\-dss\-sha384@ssh\.com|x509v3\-sign\-dss\-sha256@ssh\.com|x509v3\-sign\-dss\-sha224@ssh\.com|x509v3\-rsa2048\-sha256|x509v3\-ecdsa\-sha2\-nistp521|x509v3\-ecdsa\-sha2\-nistp384|x509v3\-ecdsa\-sha2\-nistp256|x509v3\-ecdsa\-sha2\-1\.3\.132\.0\.10|webauthn\-sk\-ecdsa\-sha2\-nistp256@openssh\.com|ssh\-rsa\-sha512@ssh\.com|ssh\-rsa\-sha384@ssh\.com|ssh\-rsa\-sha256@ssh\.com|ssh\-rsa\-sha256@ssh\.com|ssh\-rsa\-sha2\-512|ssh\-rsa\-sha2\-256|ssh\-rsa|ssh\-gost\-2012\-512|ssh\-gost\-2012\-256|ssh\-gost\-2001|ssh\-ed448|ssh\-ed25519\-cert\-v01@openssh\.com|ssh\-ed25519|spi\-sign\-rsa|sk\-ecdsa\-sha2\-nistp256@openssh\.com|sk\-ecdsa\-sha2\-nistp256\-cert\-v01@openssh\.com|rsa\-sha2\-512\-cert\-v01@openssh\.com|rsa\-sha2\-512|rsa\-sha2\-256\-cert\-v01@openssh\.com|rsa\-sha2\-256|eddsa\-e521\-shake256@libassh\.org|eddsa\-e382\-shake256@libassh\.org|ecdsa\-sha2\-nistt571|ecdsa\-sha2\-nistp521\-cert\-v01@openssh\.com|ecdsa\-sha2\-nistp521|ecdsa\-sha2\-nistp384\-cert\-v01@openssh\.com|ecdsa\-sha2\-nistp384|ecdsa\-sha2\-nistp256\-cert\-v01@openssh\.com|ecdsa\-sha2\-nistp256|ecdsa\-sha2\-nistk409|ecdsa\-sha2\-nistk283|ecdsa\-sha2\-nistk233|ecdsa\-sha2\-nistk163|ecdsa\-sha2\-nistb409|ecdsa\-sha2\-curve25519|ecdsa\-sha2\-1\.3\.132\.0\.10\-cert\-v01@openssh\.com|ecdsa\-sha2\-1\.3\.132\.0\.10|dsa3072\-sha256@libassh\.org|dsa2048\-sha256@libassh\.org|dsa2048\-sha224@libassh\.org)(?=[,\s\"])
262
+
scope: support.type.key-type.ssh.crypto
263
+
- match: \b(?:x509v3\-ssh\-rsa|x509v3\-ssh\-dss|x509v3\-sign\-rsa\-sha1|x509v3\-sign\-rsa|x509v3\-sign\-dss\-sha1|x509v3\-sign\-dss|ssh\-xmss@openssh\.com|ssh\-xmss\-cert\-v01@openssh\.com|ssh\-rsa1|ssh\-rsa\-cert\-v01@openssh\.com|ssh\-rsa\-cert\-v00@openssh\.com|ssh\-dss\-sha512@ssh\.com|ssh\-dss\-sha384@ssh\.com|ssh\-dss\-sha256@ssh\.com|ssh\-dss\-sha224@ssh\.com|ssh\-dss\-cert\-v01@openssh\.com|ssh\-dss\-cert\-v00@openssh\.com|ssh\-dss|ssh\-dsa|spki\-sign\-rsa|spki\-sign\-dss|pgp\-sign\-rsa|pgp\-sign\-dss|null|ecdsa\-sha2\-nistp224|ecdsa\-sha2\-nistp192|ecdsa\-sha2\-nistb233)(?=[,\s\"])
264
+
scope: invalid.deprecated.key-type.ssh.crypto
265
+
ssh-mac-algorithms:
266
+
- match: \b(?:umac\-96@openssh\.com|umac\-64@openssh\.com|umac\-64\-etm@openssh\.com|umac\-32@openssh\.com|umac\-128@openssh\.com|umac\-128\-etm@openssh\.com|umac\-128|hmac\-sha512@ssh\.com|hmac\-sha512|hmac\-sha3\-512|hmac\-sha3\-384|hmac\-sha3\-256|hmac\-sha3\-224|hmac\-sha256@ssh\.com|hmac\-sha256\-96@ssh\.com|hmac\-sha256|hmac\-sha2\-56|hmac\-sha2\-512\-etm@openssh\.com|hmac\-sha2\-512\-96\-etm@openssh\.com|hmac\-sha2\-512|hmac\-sha2\-384|hmac\-sha2\-256\-etm@openssh\.com|hmac\-sha2\-256\-96\-etm@openssh\.com|hmac\-sha2\-256|hmac\-sha2\-224|crypticore\-mac@ssh\.com|chacha20\-poly1305@openssh\.com|cbcmac\-twofish|cbcmac\-aes|aes256\-gcm|aes128\-gcm|AEAD_AES_256_GCM|AEAD_AES_128_GCM)(?=[,\s\"])
267
+
scope: support.function.mac-algorithm.ssh.crypto
268
+
- match: \b(?:sha1\-8|sha1|ripemd160\-8|ripemd160|none|md5\-8|md5|hmac\-sha2\-512\-96|hmac\-sha2\-256\-96|hmac\-sha1\-etm@openssh\.com|hmac\-sha1\-96\-etm@openssh\.com|hmac\-sha1\-96|hmac\-sha1|hmac\-ripemd160@openssh\.com|hmac\-ripemd160\-etm@openssh\.com|hmac\-ripemd160\-96|hmac\-ripemd160|hmac\-ripemd|hmac\-md5\-etm@openssh\.com|hmac\-md5\-96\-etm@openssh\.com|hmac\-md5\-96|hmac\-md5|cbcmac\-rijndael|cbcmac\-des|cbcmac\-blowfish|cbcmac\-3des)(?=[,\s\"])
269
+
scope: invalid.deprecated.mac-algorithm.ssh.crypto
270
+
parameters:
271
+
- include: comments
272
+
- include: parameter-hostname
273
+
- include: parameter-localcommand
274
+
- include: parameter-proxycommand
275
+
- include: parameter-proxyjump
276
+
- include: parameter-knownhostscommand
277
+
- include: parameter-with-boolean-values
278
+
- include: parameter-with-boolean-values-plus-ask
279
+
- include: parameter-generic
280
+
pop-before-match-parameter:
281
+
- include: pop-before-nl
282
+
- match: (?=\s*{{match_parameters}})
283
+
pop: 1
284
+
pop-before-next-host:
285
+
- match: '(?=^\s*(?xi: Host | Match )\b)'
286
+
pop: 1
287
+
naked-parameters:
288
+
- match: (?=\S)
289
+
push:
290
+
- meta_scope: meta.block.naked.ssh_config
291
+
- include: pop-before-next-host
292
+
- include: parameters
293
+
host-pattern:
294
+
- meta_content_scope: entity.name.label.host-alias.ssh_config
295
+
- include: punctuation-dot-sequence
296
+
- include: wildcards
297
+
- match: (?=\s|,)
298
+
pop: 1
299
+
host-patterns:
300
+
- include: operator-exclamation
301
+
- include: punctuation-comma-sequence
302
+
- match: (?=\S)
303
+
push: host-pattern
304
+
host-block:
305
+
- match: ^\s*((?i:Host))\b
306
+
captures:
307
+
1: keyword.declaration.host-alias.ssh_config
308
+
set: host-aliases
309
+
host-aliases:
310
+
- meta_scope: meta.block.host.ssh_config
311
+
- match: (?=\n)
312
+
set: host-body
313
+
- include: host-patterns
314
+
host-body:
315
+
- meta_scope: meta.block.host.ssh_config
316
+
- include: pop-before-next-host
317
+
- include: parameters
318
+
match:
319
+
- match: ^\s*((?i:Match))\b
320
+
captures:
321
+
1: keyword.control.conditional.ssh_config
322
+
set: match-conditions
323
+
match-conditions:
324
+
- meta_scope: meta.block.match.ssh_config
325
+
- meta_content_scope: meta.statement.conditional.ssh_config
326
+
- match: \n
327
+
set: match-body
328
+
- include: operator-exclamation
329
+
- include: match-all
330
+
- match: '\b(?xi: canonical | final )\b'
331
+
scope: keyword.other.ssh_config
332
+
- match: '\b((?xi: exec ))\b\s*(\")'
333
+
captures:
334
+
1: keyword.other.ssh_config
335
+
2: string.quoted.double.ssh_config punctuation.definition.string.begin.ssh_config
336
+
escape: (?<!\\)\"(?=\s*(?:#.*)?)
337
+
escape_captures:
338
+
0: meta.block.match.ssh_config meta.statement.conditional.ssh_config string.quoted.double.ssh_config
339
+
punctuation.definition.string.end.ssh_config
340
+
embed_scope: string.quoted.double.ssh_config
341
+
embed: scope:source.shell.embedded.ssh
342
+
- match: '\b((?xi: exec ))\b[ \t]+'
343
+
captures:
344
+
1: keyword.other.ssh_config
345
+
embed: scope:source.shell.embedded.ssh
346
+
escape: (?=\s*(?:{{match_parameters}}|$))
347
+
- match: '\b(?xi: (?:original)? host )\b'
348
+
scope: keyword.other.ssh_config
349
+
push:
350
+
- include: pop-before-match-parameter
351
+
- include: punctuation-comma-sequence
352
+
- include: host-patterns
353
+
- match: '\b(?xi: (?:local)? user | tagged | version | command | sessiontype )\b'
354
+
scope: keyword.other.ssh_config
355
+
push:
356
+
- include: pop-before-match-parameter
357
+
- include: string-patterns
358
+
- match: '\b(?xi: localnetwork )\b'
359
+
scope: keyword.other.ssh_config
360
+
push:
361
+
- include: pop-before-match-parameter
362
+
- include: punctuation-comma-sequence
363
+
- include: ip-addresses-with-cidr
364
+
match-body:
365
+
- meta_content_scope: meta.block.match.ssh_config
366
+
- include: pop-before-next-host
367
+
- include: parameters
368
+
parameter-hostname:
369
+
- match: ^\s*((?i:HostName))\b\s*(=)?
370
+
captures:
371
+
1: meta.mapping.key.ssh_config keyword.declaration.host.ssh_config
372
+
2: keyword.operator.assignment.ssh_config
373
+
push:
374
+
- meta_content_scope: meta.string.host.ssh_config
375
+
- include: pop-nl
376
+
- include: ip-addresses
377
+
- match: (?=\S+)
378
+
push:
379
+
- meta_content_scope: string.unquoted.hostname.ssh_config
380
+
- include: pop-before-nl
381
+
- include: punctuation-dot-sequence
382
+
- match: '{{tokens_hostname}}'
383
+
scope: constant.character.escape.ssh_config
384
+
- match: \s+(\S+)
385
+
captures:
386
+
1: invalid.illegal.ssh_config
387
+
parameter-proxyjump:
388
+
- match: ^\s*((?i:ProxyJump))\b\s*(=)?
389
+
captures:
390
+
1: meta.mapping.key.ssh_config keyword.other.ssh_config
391
+
2: keyword.operator.assignment.ssh_config
392
+
push:
393
+
- meta_content_scope: meta.mapping.value.ssh_config
394
+
- include: pop-nl
395
+
- include: none-command-values
396
+
- match: '"'
397
+
scope: string.quoted.double.ssh_config punctuation.definition.string.begin.ssh_config
398
+
escape: (")|(?=\n|$)
399
+
escape_captures:
400
+
1: meta.mapping.value.ssh_config string.quoted.double.ssh_config punctuation.definition.string.end.ssh_config
401
+
embed_scope: string.quoted.double.ssh_config
402
+
embed: proxyjump-values
403
+
- match: (?=\S)
404
+
escape: (?=\n|$)
405
+
embed: proxyjump-values
406
+
proxyjump-values:
407
+
- include: ip-addresses
408
+
- include: punctuation-comma-sequence
409
+
- match: (?=[\w%]+@)
410
+
push:
411
+
- meta_content_scope: meta.string.user.ssh_config string.unquoted.ssh_config
412
+
- match: '%%'
413
+
scope: constant.character.escape.ssh_config
414
+
- match: '{{tokens_proxycommand}}'
415
+
scope: constant.other.placeholder.ssh_config
416
+
- match: '@'
417
+
scope: punctuation.separator.ssh_config
418
+
pop: 1
419
+
- match: :(?={{zero_to_65535}}(?![\w:]))
420
+
scope: punctuation.separator.ssh_config
421
+
push:
422
+
- match: (?=\D)
423
+
pop: 1
424
+
- include: port-numbers
425
+
- match: (?=\S+)
426
+
push:
427
+
- meta_content_scope: string.unquoted.hostname.ssh_config
428
+
- match: (?=[\s,:"])
429
+
pop: 1
430
+
- include: punctuation-dot-sequence
431
+
- match: '%%'
432
+
scope: constant.character.escape.ssh_config
433
+
- match: '{{tokens_proxycommand}}'
434
+
scope: constant.other.placeholder.ssh_config
435
+
parameter-proxycommand:
436
+
- match: ^\s*((?i:ProxyCommand))\b\s*(=)?
437
+
captures:
438
+
1: meta.mapping.key.ssh_config keyword.other.ssh_config
439
+
2: keyword.operator.assignment.ssh_config
440
+
push:
441
+
- meta_content_scope: meta.mapping.value.ssh_config
442
+
- include: pop-nl
443
+
- include: none-command-values
444
+
- match: '"'
445
+
scope: string.quoted.double.ssh_config punctuation.definition.string.begin.ssh_config
446
+
escape: (")|(?=\n|$)
447
+
escape_captures:
448
+
1: meta.mapping.value.ssh_config string.quoted.double.ssh_config punctuation.definition.string.end.ssh_config
449
+
embed_scope: string.quoted.double.ssh_config source.shell.embedded.ssh.proxycommand
450
+
embed: scope:source.shell.embedded.ssh.proxycommand
451
+
- match: (?=\S)
452
+
escape: (?=\n|$)
453
+
embed: scope:source.shell.embedded.ssh.proxycommand
454
+
parameter-localcommand:
455
+
- match: ^\s*((?i:LocalCommand))\b\s*(=)?
456
+
captures:
457
+
1: meta.mapping.key.ssh_config keyword.other.ssh_config
458
+
2: keyword.operator.assignment.ssh_config
459
+
push:
460
+
- meta_content_scope: meta.mapping.value.ssh_config
461
+
- include: pop-nl
462
+
- include: none-command-values
463
+
- match: '"'
464
+
scope: string.quoted.double.ssh_config punctuation.definition.string.begin.ssh_config
465
+
escape: (")|(?=$)
466
+
escape_captures:
467
+
1: meta.mapping.value.ssh_config string.quoted.double.ssh_config punctuation.definition.string.end.ssh_config
468
+
embed_scope: string.quoted.double.ssh_config source.shell.embedded.ssh.localcommand
469
+
embed: scope:source.shell.embedded.ssh.localcommand
470
+
- match: (?=\S)
471
+
escape: (?=$)
472
+
embed: scope:source.shell.embedded.ssh.localcommand
473
+
parameter-knownhostscommand:
474
+
- match: ^\s*((?i:KnownHostsCommand))\b\s*(=)?
475
+
captures:
476
+
1: meta.mapping.key.ssh_config keyword.other.ssh_config
477
+
2: keyword.operator.assignment.ssh_config
478
+
push:
479
+
- meta_content_scope: meta.mapping.value.ssh_config
480
+
- include: pop-nl
481
+
- include: none-command-values
482
+
- match: '"'
483
+
scope: string.quoted.double.ssh_config punctuation.definition.string.begin.ssh_config
484
+
escape: (")|(?=$)
485
+
escape_captures:
486
+
1: meta.mapping.value.ssh_config string.quoted.double.ssh_config punctuation.definition.string.end.ssh_config
487
+
embed_scope: string.quoted.double.ssh_config source.shell.embedded.ssh.knownhostscommand
488
+
embed: scope:source.shell.embedded.ssh.knownhostscommand
489
+
- match: (?=\S)
490
+
escape: (?=$)
491
+
embed: scope:source.shell.embedded.ssh.knownhostscommand
492
+
parameter-with-boolean-values:
493
+
- match: "(?xi:\n ^\\s*\n (\n (?: Pubkey | HostBased | Password | ChallengeResponse\n\
494
+
\ | KbdInteractive | (?:Rhosts)? RSA\n ) Authentication # Auth\n | ForwardAgent\
495
+
\ | ForwardX11(?:Trusted)? | ClearAllForwardings\n | ExitOnForwardFailure #\
496
+
\ Fwds\n | BatchMode | CanonicalizeFallbackLocal | CheckHostIP | Compression\n\
497
+
\ | EnableEscapeCommandLine | EnableSSHKeySign\n | ForkAfterAuthentication\
498
+
\ | GatewayPorts | HashKnownHosts\n | IdentitiesOnly | NoHostAuthenticationForLocalhost\n\
499
+
\ | PermitLocalCommand | ProxyUseFdpass | RefuseConnection | StdinNull\n |\
500
+
\ StreamLocalBindUnlink | TCPKeepAlive\n | UseKeychain | UsePrivilegedPort\
501
+
\ | VisualHostKey\n | GSSAPI (?:\n Authentication | KeyExchange | DelegateCredentials\n\
502
+
\ | RenewalForcesRekey | TrustDNS ) # GSSAPI\n )\n \\b[ \\t]*(=)?\n)"
503
+
captures:
504
+
1: meta.mapping.key.ssh_config keyword.other.ssh_config
505
+
2: keyword.operator.assignment.ssh_config
506
+
with_prototype:
507
+
- include: boolean-with-typing
508
+
- match: '[^"\s]+'
509
+
scope: invalid.illegal.sshd_config
510
+
push: possibly-quoted-value
511
+
parameter-with-boolean-values-plus-ask:
512
+
- match: "(?xi:\n ^\\s*\n ( ControlMaster | StrictHostKeyChecking | UpdateHostKeys\n\
513
+
\ | VerifyHostKeyDNS\n )\n \\b[ \\t]*(=)?\n)"
514
+
captures:
515
+
1: meta.mapping.key.ssh_config keyword.other.ssh_config
516
+
2: keyword.operator.assignment.ssh_config
517
+
with_prototype:
518
+
- include: boolean-with-typing
519
+
- include: ask
520
+
- match: \bas?\b
521
+
- match: '[^"\s]+'
522
+
scope: invalid.illegal.sshd_config
523
+
push: possibly-quoted-value
524
+
parameter-generic:
525
+
- match: ^\s*([a-zA-Z1]+)\b[ \t]*(=)?
526
+
captures:
527
+
1: meta.mapping.key.ssh_config keyword.other.ssh_config
528
+
2: keyword.operator.assignment.ssh_config
529
+
with_prototype:
530
+
- include: generic-parameter-values
531
+
push: possibly-quoted-value
532
+
ask:
533
+
- match: \bask\b
534
+
scope: constant.language.ssh_config
535
+
generic-parameter-values:
536
+
- include: environment-variables
537
+
- include: none
538
+
- include: boolean
539
+
- include: any
540
+
- include: ask
541
+
- include: tokens
542
+
- include: wildcards
543
+
- include: operator-exclamation
544
+
- include: punctuation-comma-sequence
545
+
- include: ssh-key-types
546
+
- include: ssh-ciphers
547
+
- include: ssh-kex-algorithms
548
+
- include: ssh-mac-algorithms
549
+
- include: ipv6-square-bracket
550
+
- include: ip-addresses-with-cidr
551
+
- include: time-values
552
+
- include: bytes-values
553
+
- include: log-level
554
+
- include: paths
555
+
- match: \b\d+(?=[\s,"])
556
+
scope: meta.number.integer.ssh_config constant.numeric.value.ssh_config
+48
syntaxes/ssh-crypto.sublime-syntax
+48
syntaxes/ssh-crypto.sublime-syntax
···
1
+
%YAML 1.2
2
+
---
3
+
contexts:
4
+
main:
5
+
- include: comments
6
+
- match: '^key type:'
7
+
push:
8
+
- include: pop-before-nl
9
+
- include: ssh-key-types
10
+
- match: '^cipher:'
11
+
push:
12
+
- include: pop-before-nl
13
+
- include: ssh-ciphers
14
+
- match: '^kex:'
15
+
push:
16
+
- include: pop-before-nl
17
+
- include: ssh-kex-algorithms
18
+
- match: '^mac:'
19
+
push:
20
+
- include: pop-before-nl
21
+
- include: ssh-mac-algorithms
22
+
ssh-ciphers:
23
+
- match: \b(?:twofish256\-gcm@libassh\.org|twofish256\-ctr|twofish192\-ctr|twofish128\-gcm@libassh\.org|twofish128\-ctr|twofish\-ctr|crypticore128@ssh\.com|chacha20\-poly1305@openssh\.com|chacha20\-poly1305|camellia256\-ctr@openssh\.org|camellia256\-ctr|camellia192\-ctr@openssh\.org|camellia192\-ctr|camellia128\-ctr@openssh\.org|camellia128\-ctr|aes256\-gcm@openssh\.com|aes256\-gcm|aes256\-ctr|aes192\-gcm@openssh\.com|aes192\-ctr|aes128\-gcm@openssh\.com|aes128\-gcm|aes128\-ctr|AEAD_CAMELLIA_256_GCM|AEAD_CAMELLIA_128_GCM|AEAD_AES_256_GCM|AEAD_AES_128_GCM)(?=[,\s\"])
24
+
scope: support.function.cipher.ssh.crypto
25
+
- match: \b(?:twofish256\-cbc|twofish192\-cbc|twofish128\-cbc|twofish\-ofb|twofish\-ecb|twofish\-cfb|twofish\-cbc|serpent256\-gcm@libassh\.org|serpent256\-ctr|serpent256\-cbc|serpent192\-ctr|serpent192\-cbc|serpent128\-gcm@libassh\.org|serpent128\-ctr|serpent128\-cbc|seed\-ctr@ssh\.com|seed\-cbc@ssh\.com|rijndael256\-cbc|rijndael192\-cbc|rijndael128\-cbc|rijndael\-cbc@ssh\.com|rijndael\-cbc@lysator\.liu\.se|none|idea\-ofb|idea\-ecb|idea\-ctr|idea\-cfb|idea\-cbc|grasshopper\-ctr128|des\-ofb|des\-ecb|des\-cfb|des\-cbc@ssh\.com|des\-cbc\-ssh1|des\-cbc|des|cast128\-ofb|cast128\-ecb|cast128\-ctr|cast128\-cfb|cast128\-cbc|cast128\-12\-ofb|cast128\-12\-ecb|cast128\-12\-ctr|cast128\-12\-cfb|cast128\-12\-cbc|camellia256\-cbc@openssh\.org|camellia256\-cbc|camellia192\-cbc@openssh\.org|camellia192\-cbc|camellia128\-cbc@openssh\.org|camellia128\-cbc|blowfish\-ecb|blowfish\-ctr|blowfish\-cfb|blowfish\-cbc|blowfish|arcfour256|arcfour128|arcfour|aes256\-cbc|aes192\-cbc|aes128\-ocb@libassh\.org|aes128\-cbc|3des\-ofb|3des\-ecb|3des\-ctr|3des\-cfb|3des\-cbc|3des)(?=[,\s\"])
26
+
scope: invalid.deprecated.cipher.ssh.crypto
27
+
ssh-kex-algorithms:
28
+
- match: \b(?:x25519\-kyber512\-sha512@aws\.amazon\.com|x25519\-kyber\-512r3\-sha256\-d00@amazon\.com|sntrup761x25519\-sha512@openssh\.com|sntrup4591761x25519\-sha512@tinyssh\.org|sm2kep\-sha2\-nistp256|rsa2048\-sha256|mlkem768x25519\-sha256|mlkem768nistp256\-sha256|mlkem1024nistp384\-sha384|m511\-sha512@libassh\.org|m383\-sha384@libassh\.org|kexguess2@matt\.ucc\.asn\.au|kexAlgoECDH521|kexAlgoECDH384|kexAlgoECDH256|kexAlgoCurve25519SHA256|kex\-strict\-s\-v00@openssh\.com|kex\-strict\-c\-v00@openssh\.com|gss\-nistp521\-sha512\-|gss\-nistp384\-sha384\-|gss\-nistp384\-sha256\-|gss\-nistp256\-sha256\-|gss\-group18\-sha512\-|gss\-group17\-sha512\-|gss\-group16\-sha512\-|gss\-group15\-sha512\-toWM5Slw5Ew8Mqkay\+al2g==|gss\-group15\-sha512\-|gss\-group14\-sha256\-toWM5Slw5Ew8Mqkay\+al2g==|gss\-group14\-sha256\-|gss\-gex\-sha256\-|gss\-curve448\-sha512\-|gss\-curve25519\-sha256\-|gss\-13\.3\.132\.0\.10\-sha256\-|ext\-info\-s|ext\-info\-c|ecmqv\-sha2|ecdh\-sha2\-wiRIU8TKjMZ418sMqlqtvQ==|ecdh\-sha2\-qcFQaMAMGhTziMT0z\+Tuzw==|ecdh\-sha2\-nistt571|ecdh\-sha2\-nistp521|ecdh\-sha2\-nistp384|ecdh\-sha2\-nistp256|ecdh\-sha2\-nistp224|ecdh\-sha2\-nistp192|ecdh\-sha2\-nistk409|ecdh\-sha2\-nistk283|ecdh\-sha2\-nistb409|ecdh\-sha2\-mNVwCXAoS1HGmHpLvBC94w==|ecdh\-sha2\-m/FtSAmrV4j/Wy6RVUaK7A==|ecdh\-sha2\-h/SsxnLCtRBh7I9ATyeB3A==|ecdh\-sha2\-curve25519|ecdh\-sha2\-brainpoolp521r1@genua\.de|ecdh\-sha2\-brainpoolp384r1@genua\.de|ecdh\-sha2\-brainpoolp256r1@genua\.de|ecdh\-sha2\-D3FefCjYoJ/kfXgAyLddYA==|ecdh\-sha2\-9UzNcgwTlEnSCECZa7V1mw==|ecdh\-sha2\-1\.3\.132\.0\.38|ecdh\-sha2\-1\.3\.132\.0\.37|ecdh\-sha2\-1\.3\.132\.0\.36|ecdh\-sha2\-1\.3\.132\.0\.35|ecdh\-sha2\-1\.3\.132\.0\.34|ecdh\-sha2\-1\.3\.132\.0\.16|ecdh\-sha2\-1\.3\.132\.0\.10|ecdh\-sha2\-1\.2\.840\.10045\.3\.1\.7|ecdh\-nistp521\-kyber\-1024r3\-sha512\-d00@openquantumsafe\.org|ecdh\-nistp384\-kyber\-768r3\-sha384\-d00@openquantumsafe\.org|ecdh\-nistp256\-kyber\-512r3\-sha256\-d00@openquantumsafe\.org|diffie\-hellman_group17\-sha512|diffie\-hellman\-group18\-sha512@ssh\.com|diffie\-hellman\-group18\-sha512|diffie\-hellman\-group17\-sha512|diffie\-hellman\-group16\-sha512@ssh\.com|diffie\-hellman\-group16\-sha512|diffie\-hellman\-group16\-sha384@ssh\.com|diffie\-hellman\-group16\-sha256|diffie\-hellman\-group15\-sha512|diffie\-hellman\-group15\-sha384@ssh\.com|diffie\-hellman\-group15\-sha256@ssh\.com|diffie\-hellman\-group15\-sha256|diffie\-hellman\-group14\-sha256@ssh\.com|diffie\-hellman\-group14\-sha256|diffie\-hellman\-group14\-sha224@ssh\.com|diffie\-hellman\-group1\-sha256|diffie\-hellman\-group\-exchange\-sha512@ssh\.com|diffie\-hellman\-group\-exchange\-sha512@ssh\.com|diffie\-hellman\-group\-exchange\-sha384@ssh\.com|diffie\-hellman\-group\-exchange\-sha256@ssh\.com|diffie\-hellman\-group\-exchange\-sha256@ssh\.com|diffie\-hellman\-group\-exchange\-sha256|diffie\-hellman\-group\-exchange\-sha256|diffie\-hellman\-group\-exchange\-sha224@ssh\.com|curve448\-sha512@libssh\.org|curve448\-sha512|curve25519\-sha256@libssh\.org|curve25519\-sha256|Curve25519SHA256)(?=[,\s\"])
29
+
scope: support.function.kex-algorithm.ssh.crypto
30
+
- match: \b(?:rsa1024\-sha1|kexAlgoDH1SHA1|kexAlgoDH14SHA1|gss\-group14\-sha1\-toWM5Slw5Ew8Mqkay\+al2g==|gss\-group14\-sha1\-|gss\-group1\-sha1\-toWM5Slw5Ew8Mqkay\+al2g==|gss\-group1\-sha1\-|gss\-gex\-sha1\-toWM5Slw5Ew8Mqkay\+al2g==|gss\-gex\-sha1\-|ecdh\-sha2\-zD/b3hu/71952ArpUG4OjQ==|ecdh\-sha2\-qCbG5Cn/jjsZ7nBeR7EnOA==|ecdh\-sha2\-nistk233|ecdh\-sha2\-nistk163|ecdh\-sha2\-nistb233|ecdh\-sha2\-VqBg4QRPjxx1EXZdV0GdWQ==|ecdh\-sha2\-5pPrSUQtIaTjUSt5VZNBjg==|ecdh\-sha2\-4MHB\+NBt3AlaSRQ7MnB4cg==|ecdh\-sha2\-1\.3\.132\.0\.33|ecdh\-sha2\-1\.3\.132\.0\.27|ecdh\-sha2\-1\.3\.132\.0\.26|ecdh\-sha2\-1\.3\.132\.0\.1|ecdh\-sha2\-1\.2\.840\.10045\.3\.1\.1|diffie\-hellman\-group14\-sha1|diffie\-hellman\-group1\-sha1|diffie\-hellman\-group\-exchange\-sha1)(?=[,\s\"])
31
+
scope: invalid.deprecated.kex-algorithm.ssh.crypto
32
+
ssh-key-types:
33
+
- match: \b(?:x509v3\-sign\-rsa\-sha512@ssh\.com|x509v3\-sign\-rsa\-sha384@ssh\.com|x509v3\-sign\-rsa\-sha256@ssh\.com|x509v3\-sign\-rsa\-sha256@ssh\.com|x509v3\-sign\-rsa\-sha256|x509v3\-sign\-rsa\-sha224@ssh\.com|x509v3\-sign\-dss\-sha512@ssh\.com|x509v3\-sign\-dss\-sha384@ssh\.com|x509v3\-sign\-dss\-sha256@ssh\.com|x509v3\-sign\-dss\-sha224@ssh\.com|x509v3\-rsa2048\-sha256|x509v3\-ecdsa\-sha2\-nistp521|x509v3\-ecdsa\-sha2\-nistp384|x509v3\-ecdsa\-sha2\-nistp256|x509v3\-ecdsa\-sha2\-1\.3\.132\.0\.10|webauthn\-sk\-ecdsa\-sha2\-nistp256@openssh\.com|ssh\-rsa\-sha512@ssh\.com|ssh\-rsa\-sha384@ssh\.com|ssh\-rsa\-sha256@ssh\.com|ssh\-rsa\-sha256@ssh\.com|ssh\-rsa\-sha2\-512|ssh\-rsa\-sha2\-256|ssh\-rsa|ssh\-gost\-2012\-512|ssh\-gost\-2012\-256|ssh\-gost\-2001|ssh\-ed448|ssh\-ed25519\-cert\-v01@openssh\.com|ssh\-ed25519|spi\-sign\-rsa|sk\-ecdsa\-sha2\-nistp256@openssh\.com|sk\-ecdsa\-sha2\-nistp256\-cert\-v01@openssh\.com|rsa\-sha2\-512\-cert\-v01@openssh\.com|rsa\-sha2\-512|rsa\-sha2\-256\-cert\-v01@openssh\.com|rsa\-sha2\-256|eddsa\-e521\-shake256@libassh\.org|eddsa\-e382\-shake256@libassh\.org|ecdsa\-sha2\-nistt571|ecdsa\-sha2\-nistp521\-cert\-v01@openssh\.com|ecdsa\-sha2\-nistp521|ecdsa\-sha2\-nistp384\-cert\-v01@openssh\.com|ecdsa\-sha2\-nistp384|ecdsa\-sha2\-nistp256\-cert\-v01@openssh\.com|ecdsa\-sha2\-nistp256|ecdsa\-sha2\-nistk409|ecdsa\-sha2\-nistk283|ecdsa\-sha2\-nistk233|ecdsa\-sha2\-nistk163|ecdsa\-sha2\-nistb409|ecdsa\-sha2\-curve25519|ecdsa\-sha2\-1\.3\.132\.0\.10\-cert\-v01@openssh\.com|ecdsa\-sha2\-1\.3\.132\.0\.10|dsa3072\-sha256@libassh\.org|dsa2048\-sha256@libassh\.org|dsa2048\-sha224@libassh\.org)(?=[,\s\"])
34
+
scope: support.type.key-type.ssh.crypto
35
+
- match: \b(?:x509v3\-ssh\-rsa|x509v3\-ssh\-dss|x509v3\-sign\-rsa\-sha1|x509v3\-sign\-rsa|x509v3\-sign\-dss\-sha1|x509v3\-sign\-dss|ssh\-xmss@openssh\.com|ssh\-xmss\-cert\-v01@openssh\.com|ssh\-rsa1|ssh\-rsa\-cert\-v01@openssh\.com|ssh\-rsa\-cert\-v00@openssh\.com|ssh\-dss\-sha512@ssh\.com|ssh\-dss\-sha384@ssh\.com|ssh\-dss\-sha256@ssh\.com|ssh\-dss\-sha224@ssh\.com|ssh\-dss\-cert\-v01@openssh\.com|ssh\-dss\-cert\-v00@openssh\.com|ssh\-dss|ssh\-dsa|spki\-sign\-rsa|spki\-sign\-dss|pgp\-sign\-rsa|pgp\-sign\-dss|null|ecdsa\-sha2\-nistp224|ecdsa\-sha2\-nistp192|ecdsa\-sha2\-nistb233)(?=[,\s\"])
36
+
scope: invalid.deprecated.key-type.ssh.crypto
37
+
ssh-mac-algorithms:
38
+
- match: \b(?:umac\-96@openssh\.com|umac\-64@openssh\.com|umac\-64\-etm@openssh\.com|umac\-32@openssh\.com|umac\-128@openssh\.com|umac\-128\-etm@openssh\.com|umac\-128|hmac\-sha512@ssh\.com|hmac\-sha512|hmac\-sha3\-512|hmac\-sha3\-384|hmac\-sha3\-256|hmac\-sha3\-224|hmac\-sha256@ssh\.com|hmac\-sha256\-96@ssh\.com|hmac\-sha256|hmac\-sha2\-56|hmac\-sha2\-512\-etm@openssh\.com|hmac\-sha2\-512\-96\-etm@openssh\.com|hmac\-sha2\-512|hmac\-sha2\-384|hmac\-sha2\-256\-etm@openssh\.com|hmac\-sha2\-256\-96\-etm@openssh\.com|hmac\-sha2\-256|hmac\-sha2\-224|crypticore\-mac@ssh\.com|chacha20\-poly1305@openssh\.com|cbcmac\-twofish|cbcmac\-aes|aes256\-gcm|aes128\-gcm|AEAD_AES_256_GCM|AEAD_AES_128_GCM)(?=[,\s\"])
39
+
scope: support.function.mac-algorithm.ssh.crypto
40
+
- match: \b(?:sha1\-8|sha1|ripemd160\-8|ripemd160|none|md5\-8|md5|hmac\-sha2\-512\-96|hmac\-sha2\-256\-96|hmac\-sha1\-etm@openssh\.com|hmac\-sha1\-96\-etm@openssh\.com|hmac\-sha1\-96|hmac\-sha1|hmac\-ripemd160@openssh\.com|hmac\-ripemd160\-etm@openssh\.com|hmac\-ripemd160\-96|hmac\-ripemd160|hmac\-ripemd|hmac\-md5\-etm@openssh\.com|hmac\-md5\-96\-etm@openssh\.com|hmac\-md5\-96|hmac\-md5|cbcmac\-rijndael|cbcmac\-des|cbcmac\-blowfish|cbcmac\-3des)(?=[,\s\"])
41
+
scope: invalid.deprecated.mac-algorithm.ssh.crypto
42
+
extends: SSH Common.sublime-syntax
43
+
hidden: true
44
+
hidden_file_extensions:
45
+
- syntax_test_crypto
46
+
name: SSH Crypto
47
+
scope: text.ssh.crypto
48
+
version: 2
+496
syntaxes/sshd-config.sublime-syntax
+496
syntaxes/sshd-config.sublime-syntax
···
1
+
%YAML 1.2
2
+
---
3
+
# Standalone version of sshd-config.sublime-syntax
4
+
# Merged with: ssh-common.sublime-syntax, ssh-crypto.sublime-syntax
5
+
6
+
name: SSHD Config
7
+
scope: source.sshd_config
8
+
version: 2
9
+
file_extensions:
10
+
- sshd_config
11
+
variables:
12
+
base64_char: '[a-zA-Z0-9+/]'
13
+
ssh_fingerprint: (?:AAAA(?:E2V|[BC]3N){{base64_char}}+={0,3})
14
+
zero_to_32: (?:3[0-2]|[12][0-9]|[0-9])
15
+
zero_to_128: (?:12[0-8]|1[01][0-9]|[1-9][0-9]|[0-9])
16
+
zero_to_255: (?:(?:25[0-5])|(?:2[0-4][0-9])|(?:1[0-9][0-9])|(?:[1-9][0-9])|[0-9])
17
+
zero_to_65535: (?:6553[0-5]|655[0-2][0-9]|65[0-4][0-9]{2}|6[0-4][0-9]{3}|[1-5][0-9]{4}|[1-9][0-9]{1,3}|[0-9])
18
+
ipv4: (?:(?:{{zero_to_255}}\.){3}{{zero_to_255}})
19
+
ipv6: "(?xi:\n (?:::(?:ffff(?::0{1,4}){0,1}:){0,1}{{ipv4}}) # ::255.255.255.255\
20
+
\ ::ffff:255.255.255.255 ::ffff:0:255.255.255.255 (IPv4-mapped IPv6 addresses\
21
+
\ and IPv4-translated addresses)\n |(?:(?:[0-9a-f]{1,4}:){1,4}:{{ipv4}}) \
22
+
\ # 2001:db8:3:4::192.0.2.33 64:ff9b::192.0.2.33 \
23
+
\ (IPv4-Embedded IPv6 Address)\n |(?:fe80:(?::[0-9a-f]{1,4}){0,4}%[0-9a-z]{1,})\
24
+
\ # fe80::7:8%eth0 fe80::7:8%1 \
25
+
\ (link-local IPv6 addresses with zone index)\n |(?:(?:[0-9a-f]{1,4}:){7,7}\
26
+
\ [0-9a-f]{1,4}) # 1:2:3:4:5:6:7:8\n | (?:[0-9a-f]{1,4}: (?::[0-9a-f]{1,4}){1,6})\
27
+
\ # 1::3:4:5:6:7:8 1::3:4:5:6:7:8 1::8\n |(?:(?:[0-9a-f]{1,4}:){1,2}(?::[0-9a-f]{1,4}){1,5})\
28
+
\ # 1::4:5:6:7:8 1:2::4:5:6:7:8 1:2::8\n |(?:(?:[0-9a-f]{1,4}:){1,3}(?::[0-9a-f]{1,4}){1,4})\
29
+
\ # 1::5:6:7:8 1:2:3::5:6:7:8 1:2:3::8\n |(?:(?:[0-9a-f]{1,4}:){1,4}(?::[0-9a-f]{1,4}){1,3})\
30
+
\ # 1::6:7:8 1:2:3:4::6:7:8 1:2:3:4::8\n |(?:(?:[0-9a-f]{1,4}:){1,5}(?::[0-9a-f]{1,4}){1,2})\
31
+
\ # 1::7:8 1:2:3:4:5::7:8 1:2:3:4:5::8\n |(?:(?:[0-9a-f]{1,4}:){1,6}\
32
+
\ :[0-9a-f]{1,4}) # 1::8 1:2:3:4:5:6::8 1:2:3:4:5:6::8\n\
33
+
\ |(?:(?:[0-9a-f]{1,4}:){1,7} :) # 1:: \
34
+
\ 1:2:3:4:5:6:7::\n |(?::(?:(?::[0-9a-f]{1,4}){1,7}|:)) \
35
+
\ # ::2:3:4:5:6:7:8 ::2:3:4:5:6:7:8 ::8 ::\n)"
36
+
all_parameters: "\\b(?xi:\n AcceptEnv | AddressFamily\n | Allow (?: AgentForwarding\
37
+
\ | Groups | StreamLocalForwarding\n | TcpForwarding | Users)\n | AuthenticationMethods\n\
38
+
\ | Authorized (?: Keys | Principals )(?: Command | CommandUser | File )\n |\
39
+
\ Banner\n | CASignatureAlgorithms | ChallengeResponseAuthentication\n | ChannelTimeout\
40
+
\ | ChrootDirectory | Ciphers | ClientAliveCountMax\n | ClientAliveInterval |\
41
+
\ Compression\n | DenyGroups | DenyUsers | DisableForwarding\n | ExposeAuthInfo\n\
42
+
\ | FingerprintHash | ForceCommand\n | GatewayPorts | GSSAPIAuthentication |\
43
+
\ GSSAPICleanupCredentials\n | GSSAPIStrictAcceptorCheck\n | Hostbased (?: AcceptedAlgorithms\
44
+
\ | AcceptedKeyTypes | Authentication\n | UsesNameFromPacketOnly\
45
+
\ )\n | HostCertificate | HostKey | HostKeyAgent | HostKeyAlgorithms\n | IgnoreRhosts\
46
+
\ | IgnoreUserKnownHosts | Include | IPQoS\n | KbdInteractiveAuthentication\n\
47
+
\ | Kerberos (?: Authentication | GetAFSToken | OrLocalPasswd\n |\
48
+
\ TicketCleanup )\n | KexAlgorithms | KeyRegenerationInterval\n | ListenAddress\
49
+
\ | LoginGraceTime | LogLevel | LogVerbose\n | MACs | Match | MaxAuthTries |\
50
+
\ MaxSessions | MaxStartups | ModuliFile\n | PasswordAuthentication | PAMServiceName\n\
51
+
\ | Permit (?: EmptyPasswords | Listen | Open | RootLogin | TTY | Tunnel\n \
52
+
\ | UserEnvironment | UserRC )\n | PerSource (?: MaxStartups | NetBlockSize\
53
+
\ | Penalties\n | PenaltyExemptList )\n | PidFile | Port | PrintLastLog\
54
+
\ | PrintMotd | Protocol\n | Pubkey (?: AcceptedAlgorithms | AcceptedKeyTypes\
55
+
\ | AuthOptions\n | Authentication )\n | RefuseConnection | RekeyLimit\
56
+
\ | RequiredRSASize | RevokedKeys | RDomain\n | RhostsRSAAuthentication | RSAAuthentication\n\
57
+
\ | SecurityKeyProvider | ServerKeyBits | SetEnv | ShowPatchLevel\n # SshdAuthPath\
58
+
\ and SshSessionPath are just for tests\n | StreamLocalBindMask | StreamLocalBindUnlink\n\
59
+
\ | StrictModes | Subsystem | SyslogFacility\n | TCPKeepAlive | TrustedUserCAKeys\n\
60
+
\ | UnusedConnectionTimeout | UseDNS | UseLogin | UsePAM\n | UsePrivilegeSeparation\n\
61
+
\ | VersionAddendum\n | X11DisplayOffset | X11Forwarding | X11UseLocalhost |\
62
+
\ XAuthLocation\n)\\b"
63
+
parameters_boolean: "\\b(?xi:\n AllowAgentForwarding\n | ChallengeResponseAuthentication\
64
+
\ | Compression\n | ExposeAuthInfo\n | GSSAPIAuthentication | GSSAPICleanupCredentials\n\
65
+
\ | GSSAPIStrictAcceptorCheck\n | HostbasedAuthentication | HostbasedUsesNameFromPacketOnly\n\
66
+
\ | IgnoreRhosts | IgnoreUserKnownHosts\n | KbdInteractiveAuthentication | KerberosAuthentication\n\
67
+
\ | KerberosGetAFSToken | KerberosOrLocalPasswd\n | KerberosTicketCleanup\n\
68
+
\ | PasswordAuthentication | PermitEmptyPasswords | PermitTTY\n | PermitUserEnvironment\
69
+
\ | PermitUserRC | PrintLastLog | PrintMotd\n | PubkeyAuthentication\n | RefuseConnection\n\
70
+
\ | StreamLocalBindUnlink | StrictModes\n | TCPKeepAlive\n | UseDNS | UsePAM\n\
71
+
\ | X11Forwarding | X11UseLocalhost\n)\\b"
72
+
contexts:
73
+
main:
74
+
- include: comments
75
+
- include: match
76
+
- include: parameters
77
+
comments:
78
+
- match: (#+)(?:\s*({{all_parameters}}))?
79
+
captures:
80
+
1: punctuation.definition.comment.sshd_config
81
+
2: meta.keyword.comment.sshd_config
82
+
push:
83
+
- meta_scope: comment.line.number-sign.sshd_config
84
+
- include: pop-nl
85
+
- match: (;+)(?:\s*({{all_parameters}}))?
86
+
captures:
87
+
1: punctuation.definition.comment.sshd_config
88
+
2: meta.keyword.comment.sshd_config
89
+
push:
90
+
- meta_scope: comment.line.semi-colon.sshd_config
91
+
- include: pop-nl
92
+
comments-number-sign:
93
+
- match: ^\s*(#+)
94
+
captures:
95
+
1: comment.line.number-sign.ssh.common punctuation.definition.comment.ssh.common
96
+
push:
97
+
- meta_content_scope: comment.line.number-sign.ssh.common
98
+
- match: \n
99
+
scope: comment.line.number-sign.ssh.common
100
+
pop: true
101
+
comments-semicolon:
102
+
- match: ^\s*(;+)
103
+
captures:
104
+
1: comment.line.semi-colon.ssh.common punctuation.definition.comment.ssh.common
105
+
push:
106
+
- meta_content_scope: comment.line.semi-colon.ssh.common
107
+
- include: pop-nl
108
+
operator-exclamation:
109
+
- match: '!'
110
+
scope: keyword.operator.logical.ssh.common
111
+
wildcards:
112
+
- match: \*
113
+
scope: constant.other.wildcard.asterisk.ssh.common
114
+
- match: \?
115
+
scope: constant.other.wildcard.questionmark.ssh.common
116
+
punctuation-comma-sequence:
117
+
- match: ','
118
+
scope: punctuation.separator.sequence.ssh.common
119
+
punctuation-dot-sequence:
120
+
- match: \.
121
+
scope: punctuation.separator.sequence.ssh.common
122
+
punctuation-at:
123
+
- match: '@'
124
+
scope: punctuation.separator.sequence.ssh.common
125
+
ssh-fingerprint:
126
+
- match: '{{ssh_fingerprint}}'
127
+
scope: variable.other.fingerprint.ssh.common
128
+
ssh-fingerprint-with-label:
129
+
- match: '{{ssh_fingerprint}}'
130
+
scope: variable.other.fingerprint.ssh.common
131
+
push: expect-fingerprint-label
132
+
expect-fingerprint-label:
133
+
- include: pop-before-nl
134
+
- match: (?=\S)
135
+
push:
136
+
- meta_scope: meta.annotation.identifier.ssh.common string.unquoted.ssh.common
137
+
- match: (?=[ \t]*$)
138
+
pop: 1
139
+
- include: punctuation-at
140
+
time-values:
141
+
- match: \b(?=[\dsmhdw]*\d[smhdw][\s,"])
142
+
push:
143
+
- meta_scope: meta.constant.time.ssh.common meta.number.integer.decimal.ssh.common
144
+
- match: (?=[\s,"])
145
+
pop: 1
146
+
- match: (\d+)([smhdw])
147
+
captures:
148
+
1: constant.numeric.value.ssh.common
149
+
2: constant.numeric.suffix.ssh.common
150
+
bytes-values:
151
+
- match: \b(\d+)([KMG])(?=[\s,"])
152
+
scope: meta.constant.bytes.ssh.common meta.number.integer.other.ssh.common
153
+
captures:
154
+
1: constant.numeric.value.ssh.common
155
+
2: constant.numeric.suffix.ssh.common
156
+
mac-addresses:
157
+
- match: (?:[0-9a-fA-F]{2}:){5}(?:[0-9a-fA-F]{2})
158
+
scope: entity.name.constant.mac-address.ssh.common
159
+
ipv4:
160
+
- match: \b{{ipv4}}\b
161
+
scope: meta.number.integer.other.ssh.common constant.numeric.ip-address.v4.ssh.common
162
+
ipv6:
163
+
- match: '{{ipv6}}'
164
+
scope: meta.number.integer.other.ssh.common constant.numeric.ip-address.v6.ssh.common
165
+
ipv6-square-bracket:
166
+
- match: (\[){{ipv6}}(\])
167
+
scope: meta.number.integer.other.ssh.common constant.numeric.ip-address.v6.ssh.common
168
+
captures:
169
+
1: punctuation.definition.constant.begin.ssh.common
170
+
2: punctuation.definition.constant.end.ssh.common
171
+
ip-addresses:
172
+
- include: ipv6
173
+
- include: ipv4
174
+
ipv4-with-cidr:
175
+
- match: \b({{ipv4}})(?:(/)({{zero_to_32}}))?\b
176
+
captures:
177
+
1: meta.number.integer.other.ssh.common constant.numeric.ip-address.v4.ssh.common
178
+
2: punctuation.separator.sequence.ssh.common
179
+
3: constant.other.range.ssh.common
180
+
ipv6-with-cidr:
181
+
- match: ({{ipv6}})(?:(/)({{zero_to_128}})\b)?
182
+
captures:
183
+
1: meta.number.integer.other.ssh.common constant.numeric.ip-address.v6.ssh.common
184
+
2: punctuation.separator.sequence.ssh.common
185
+
3: constant.other.range.ssh.common
186
+
ip-addresses-with-cidr:
187
+
- include: ipv6-with-cidr
188
+
- include: ipv4-with-cidr
189
+
port-numbers:
190
+
- match: \b{{zero_to_65535}}(?![\w:])
191
+
scope: meta.number.integer.decimal.ssh.common constant.numeric.port-number.ssh.common
192
+
match-all:
193
+
- match: '\b(?xi: all )\b'
194
+
scope: constant.language.boolean.true.ssh.common
195
+
none:
196
+
- match: \bnone\b
197
+
scope: constant.language.null.ssh.common
198
+
any:
199
+
- match: \bany\b
200
+
scope: constant.language.set.ssh.common
201
+
boolean:
202
+
- match: \byes\b
203
+
scope: constant.language.boolean.true.ssh.common
204
+
- match: \bno\b
205
+
scope: constant.language.boolean.false.ssh.common
206
+
boolean-with-typing:
207
+
- include: boolean
208
+
- match: \b(?:ye?|n)\b
209
+
log-level:
210
+
- match: '\b(?x: QUIET | FATAL | ERROR | INFO | DEBUG[1-3]? )\b'
211
+
scope: constant.language.log-level.ssh.common
212
+
possibly-quoted-value:
213
+
- meta_content_scope: meta.mapping.value.sshd_config
214
+
- match: '"'
215
+
scope: punctuation.definition.string.begin.sshd_config
216
+
push:
217
+
- meta_scope: string.quoted.double.sshd_config
218
+
- match: (")(?:\s*(\S.*))?
219
+
captures:
220
+
1: punctuation.definition.string.end.sshd_config
221
+
2: invalid.illegal.sshd_config
222
+
pop: 1
223
+
- match: \n|$
224
+
scope: invalid.illegal.unclosed-string.sshd_config
225
+
pop: 2
226
+
- match: (?=\S)
227
+
push:
228
+
- meta_content_scope: string.unquoted.sshd_config
229
+
- include: pop-before-nl
230
+
- include: pop-nl
231
+
string-patterns:
232
+
- include: punctuation-comma-sequence
233
+
- include: operator-exclamation
234
+
- match: '"'
235
+
scope: punctuation.definition.string.begin.ssh.common
236
+
push:
237
+
- meta_content_scope: string.quoted.double.ssh.common
238
+
- match: '"'
239
+
scope: punctuation.definition.string.end.ssh.common
240
+
pop: 1
241
+
- include: wildcards
242
+
- match: (?=\S)
243
+
push:
244
+
- meta_content_scope: string.unquoted.ssh.common
245
+
- match: (?=[,!\s])
246
+
pop: 1
247
+
- include: wildcards
248
+
paths:
249
+
- match: (?=~?[\w.\-?*${}%]*/[\w.\-?*${}%]?)
250
+
push:
251
+
- meta_scope: meta.path.ssh.common entity.name.ssh.common
252
+
- match: (?=[\s,"])
253
+
pop: 1
254
+
- match: ~[\w\-.]*
255
+
scope: variable.language.home.ssh.common
256
+
- match: (/)(?:(\.{1,2})(?=/)|\.(?!/))?
257
+
captures:
258
+
1: punctuation.separator.path.ssh.common
259
+
2: constant.other.placeholder.ssh.common
260
+
- match: \.(?=[\w*?%])
261
+
scope: punctuation.separator.sequence.ssh.common
262
+
- include: wildcards
263
+
- include: tokens
264
+
- include: environment-variables
265
+
none-command-values:
266
+
- match: \s*(none)\b[ \t]*$
267
+
captures:
268
+
1: constant.language.null.ssh.common
269
+
- match: \s*((")(none)("))[ \t]*$
270
+
captures:
271
+
1: string.quoted.double.ssh.common
272
+
2: punctuation.definition.string.begin.ssh.common
273
+
3: constant.language.null.ssh.common
274
+
4: punctuation.definition.string.end.ssh.common
275
+
tokens:
276
+
- match: '%%'
277
+
scope: constant.character.escape.sshd_config
278
+
- match: '%[hUu]'
279
+
scope: constant.other.placeholder.sshd_config
280
+
environment-variables: []
281
+
pop-nl:
282
+
- match: \n
283
+
pop: 1
284
+
pop-before-nl:
285
+
- match: (?=\n)
286
+
pop: 1
287
+
ssh-ciphers:
288
+
- match: \b(?:twofish256\-gcm@libassh\.org|twofish256\-ctr|twofish192\-ctr|twofish128\-gcm@libassh\.org|twofish128\-ctr|twofish\-ctr|crypticore128@ssh\.com|chacha20\-poly1305@openssh\.com|chacha20\-poly1305|camellia256\-ctr@openssh\.org|camellia256\-ctr|camellia192\-ctr@openssh\.org|camellia192\-ctr|camellia128\-ctr@openssh\.org|camellia128\-ctr|aes256\-gcm@openssh\.com|aes256\-gcm|aes256\-ctr|aes192\-gcm@openssh\.com|aes192\-ctr|aes128\-gcm@openssh\.com|aes128\-gcm|aes128\-ctr|AEAD_CAMELLIA_256_GCM|AEAD_CAMELLIA_128_GCM|AEAD_AES_256_GCM|AEAD_AES_128_GCM)(?=[,\s\"])
289
+
scope: support.function.cipher.ssh.crypto
290
+
- match: \b(?:twofish256\-cbc|twofish192\-cbc|twofish128\-cbc|twofish\-ofb|twofish\-ecb|twofish\-cfb|twofish\-cbc|serpent256\-gcm@libassh\.org|serpent256\-ctr|serpent256\-cbc|serpent192\-ctr|serpent192\-cbc|serpent128\-gcm@libassh\.org|serpent128\-ctr|serpent128\-cbc|seed\-ctr@ssh\.com|seed\-cbc@ssh\.com|rijndael256\-cbc|rijndael192\-cbc|rijndael128\-cbc|rijndael\-cbc@ssh\.com|rijndael\-cbc@lysator\.liu\.se|none|idea\-ofb|idea\-ecb|idea\-ctr|idea\-cfb|idea\-cbc|grasshopper\-ctr128|des\-ofb|des\-ecb|des\-cfb|des\-cbc@ssh\.com|des\-cbc\-ssh1|des\-cbc|des|cast128\-ofb|cast128\-ecb|cast128\-ctr|cast128\-cfb|cast128\-cbc|cast128\-12\-ofb|cast128\-12\-ecb|cast128\-12\-ctr|cast128\-12\-cfb|cast128\-12\-cbc|camellia256\-cbc@openssh\.org|camellia256\-cbc|camellia192\-cbc@openssh\.org|camellia192\-cbc|camellia128\-cbc@openssh\.org|camellia128\-cbc|blowfish\-ecb|blowfish\-ctr|blowfish\-cfb|blowfish\-cbc|blowfish|arcfour256|arcfour128|arcfour|aes256\-cbc|aes192\-cbc|aes128\-ocb@libassh\.org|aes128\-cbc|3des\-ofb|3des\-ecb|3des\-ctr|3des\-cfb|3des\-cbc|3des)(?=[,\s\"])
291
+
scope: invalid.deprecated.cipher.ssh.crypto
292
+
ssh-kex-algorithms:
293
+
- match: \b(?:x25519\-kyber512\-sha512@aws\.amazon\.com|x25519\-kyber\-512r3\-sha256\-d00@amazon\.com|sntrup761x25519\-sha512@openssh\.com|sntrup4591761x25519\-sha512@tinyssh\.org|sm2kep\-sha2\-nistp256|rsa2048\-sha256|mlkem768x25519\-sha256|mlkem768nistp256\-sha256|mlkem1024nistp384\-sha384|m511\-sha512@libassh\.org|m383\-sha384@libassh\.org|kexguess2@matt\.ucc\.asn\.au|kexAlgoECDH521|kexAlgoECDH384|kexAlgoECDH256|kexAlgoCurve25519SHA256|kex\-strict\-s\-v00@openssh\.com|kex\-strict\-c\-v00@openssh\.com|gss\-nistp521\-sha512\-|gss\-nistp384\-sha384\-|gss\-nistp384\-sha256\-|gss\-nistp256\-sha256\-|gss\-group18\-sha512\-|gss\-group17\-sha512\-|gss\-group16\-sha512\-|gss\-group15\-sha512\-toWM5Slw5Ew8Mqkay\+al2g==|gss\-group15\-sha512\-|gss\-group14\-sha256\-toWM5Slw5Ew8Mqkay\+al2g==|gss\-group14\-sha256\-|gss\-gex\-sha256\-|gss\-curve448\-sha512\-|gss\-curve25519\-sha256\-|gss\-13\.3\.132\.0\.10\-sha256\-|ext\-info\-s|ext\-info\-c|ecmqv\-sha2|ecdh\-sha2\-wiRIU8TKjMZ418sMqlqtvQ==|ecdh\-sha2\-qcFQaMAMGhTziMT0z\+Tuzw==|ecdh\-sha2\-nistt571|ecdh\-sha2\-nistp521|ecdh\-sha2\-nistp384|ecdh\-sha2\-nistp256|ecdh\-sha2\-nistp224|ecdh\-sha2\-nistp192|ecdh\-sha2\-nistk409|ecdh\-sha2\-nistk283|ecdh\-sha2\-nistb409|ecdh\-sha2\-mNVwCXAoS1HGmHpLvBC94w==|ecdh\-sha2\-m/FtSAmrV4j/Wy6RVUaK7A==|ecdh\-sha2\-h/SsxnLCtRBh7I9ATyeB3A==|ecdh\-sha2\-curve25519|ecdh\-sha2\-brainpoolp521r1@genua\.de|ecdh\-sha2\-brainpoolp384r1@genua\.de|ecdh\-sha2\-brainpoolp256r1@genua\.de|ecdh\-sha2\-D3FefCjYoJ/kfXgAyLddYA==|ecdh\-sha2\-9UzNcgwTlEnSCECZa7V1mw==|ecdh\-sha2\-1\.3\.132\.0\.38|ecdh\-sha2\-1\.3\.132\.0\.37|ecdh\-sha2\-1\.3\.132\.0\.36|ecdh\-sha2\-1\.3\.132\.0\.35|ecdh\-sha2\-1\.3\.132\.0\.34|ecdh\-sha2\-1\.3\.132\.0\.16|ecdh\-sha2\-1\.3\.132\.0\.10|ecdh\-sha2\-1\.2\.840\.10045\.3\.1\.7|ecdh\-nistp521\-kyber\-1024r3\-sha512\-d00@openquantumsafe\.org|ecdh\-nistp384\-kyber\-768r3\-sha384\-d00@openquantumsafe\.org|ecdh\-nistp256\-kyber\-512r3\-sha256\-d00@openquantumsafe\.org|diffie\-hellman_group17\-sha512|diffie\-hellman\-group18\-sha512@ssh\.com|diffie\-hellman\-group18\-sha512|diffie\-hellman\-group17\-sha512|diffie\-hellman\-group16\-sha512@ssh\.com|diffie\-hellman\-group16\-sha512|diffie\-hellman\-group16\-sha384@ssh\.com|diffie\-hellman\-group16\-sha256|diffie\-hellman\-group15\-sha512|diffie\-hellman\-group15\-sha384@ssh\.com|diffie\-hellman\-group15\-sha256@ssh\.com|diffie\-hellman\-group15\-sha256|diffie\-hellman\-group14\-sha256@ssh\.com|diffie\-hellman\-group14\-sha256|diffie\-hellman\-group14\-sha224@ssh\.com|diffie\-hellman\-group1\-sha256|diffie\-hellman\-group\-exchange\-sha512@ssh\.com|diffie\-hellman\-group\-exchange\-sha512@ssh\.com|diffie\-hellman\-group\-exchange\-sha384@ssh\.com|diffie\-hellman\-group\-exchange\-sha256@ssh\.com|diffie\-hellman\-group\-exchange\-sha256@ssh\.com|diffie\-hellman\-group\-exchange\-sha256|diffie\-hellman\-group\-exchange\-sha256|diffie\-hellman\-group\-exchange\-sha224@ssh\.com|curve448\-sha512@libssh\.org|curve448\-sha512|curve25519\-sha256@libssh\.org|curve25519\-sha256|Curve25519SHA256)(?=[,\s\"])
294
+
scope: support.function.kex-algorithm.ssh.crypto
295
+
- match: \b(?:rsa1024\-sha1|kexAlgoDH1SHA1|kexAlgoDH14SHA1|gss\-group14\-sha1\-toWM5Slw5Ew8Mqkay\+al2g==|gss\-group14\-sha1\-|gss\-group1\-sha1\-toWM5Slw5Ew8Mqkay\+al2g==|gss\-group1\-sha1\-|gss\-gex\-sha1\-toWM5Slw5Ew8Mqkay\+al2g==|gss\-gex\-sha1\-|ecdh\-sha2\-zD/b3hu/71952ArpUG4OjQ==|ecdh\-sha2\-qCbG5Cn/jjsZ7nBeR7EnOA==|ecdh\-sha2\-nistk233|ecdh\-sha2\-nistk163|ecdh\-sha2\-nistb233|ecdh\-sha2\-VqBg4QRPjxx1EXZdV0GdWQ==|ecdh\-sha2\-5pPrSUQtIaTjUSt5VZNBjg==|ecdh\-sha2\-4MHB\+NBt3AlaSRQ7MnB4cg==|ecdh\-sha2\-1\.3\.132\.0\.33|ecdh\-sha2\-1\.3\.132\.0\.27|ecdh\-sha2\-1\.3\.132\.0\.26|ecdh\-sha2\-1\.3\.132\.0\.1|ecdh\-sha2\-1\.2\.840\.10045\.3\.1\.1|diffie\-hellman\-group14\-sha1|diffie\-hellman\-group1\-sha1|diffie\-hellman\-group\-exchange\-sha1)(?=[,\s\"])
296
+
scope: invalid.deprecated.kex-algorithm.ssh.crypto
297
+
ssh-key-types:
298
+
- match: \b(?:x509v3\-sign\-rsa\-sha512@ssh\.com|x509v3\-sign\-rsa\-sha384@ssh\.com|x509v3\-sign\-rsa\-sha256@ssh\.com|x509v3\-sign\-rsa\-sha256@ssh\.com|x509v3\-sign\-rsa\-sha256|x509v3\-sign\-rsa\-sha224@ssh\.com|x509v3\-sign\-dss\-sha512@ssh\.com|x509v3\-sign\-dss\-sha384@ssh\.com|x509v3\-sign\-dss\-sha256@ssh\.com|x509v3\-sign\-dss\-sha224@ssh\.com|x509v3\-rsa2048\-sha256|x509v3\-ecdsa\-sha2\-nistp521|x509v3\-ecdsa\-sha2\-nistp384|x509v3\-ecdsa\-sha2\-nistp256|x509v3\-ecdsa\-sha2\-1\.3\.132\.0\.10|webauthn\-sk\-ecdsa\-sha2\-nistp256@openssh\.com|ssh\-rsa\-sha512@ssh\.com|ssh\-rsa\-sha384@ssh\.com|ssh\-rsa\-sha256@ssh\.com|ssh\-rsa\-sha256@ssh\.com|ssh\-rsa\-sha2\-512|ssh\-rsa\-sha2\-256|ssh\-rsa|ssh\-gost\-2012\-512|ssh\-gost\-2012\-256|ssh\-gost\-2001|ssh\-ed448|ssh\-ed25519\-cert\-v01@openssh\.com|ssh\-ed25519|spi\-sign\-rsa|sk\-ecdsa\-sha2\-nistp256@openssh\.com|sk\-ecdsa\-sha2\-nistp256\-cert\-v01@openssh\.com|rsa\-sha2\-512\-cert\-v01@openssh\.com|rsa\-sha2\-512|rsa\-sha2\-256\-cert\-v01@openssh\.com|rsa\-sha2\-256|eddsa\-e521\-shake256@libassh\.org|eddsa\-e382\-shake256@libassh\.org|ecdsa\-sha2\-nistt571|ecdsa\-sha2\-nistp521\-cert\-v01@openssh\.com|ecdsa\-sha2\-nistp521|ecdsa\-sha2\-nistp384\-cert\-v01@openssh\.com|ecdsa\-sha2\-nistp384|ecdsa\-sha2\-nistp256\-cert\-v01@openssh\.com|ecdsa\-sha2\-nistp256|ecdsa\-sha2\-nistk409|ecdsa\-sha2\-nistk283|ecdsa\-sha2\-nistk233|ecdsa\-sha2\-nistk163|ecdsa\-sha2\-nistb409|ecdsa\-sha2\-curve25519|ecdsa\-sha2\-1\.3\.132\.0\.10\-cert\-v01@openssh\.com|ecdsa\-sha2\-1\.3\.132\.0\.10|dsa3072\-sha256@libassh\.org|dsa2048\-sha256@libassh\.org|dsa2048\-sha224@libassh\.org)(?=[,\s\"])
299
+
scope: support.type.key-type.ssh.crypto
300
+
- match: \b(?:x509v3\-ssh\-rsa|x509v3\-ssh\-dss|x509v3\-sign\-rsa\-sha1|x509v3\-sign\-rsa|x509v3\-sign\-dss\-sha1|x509v3\-sign\-dss|ssh\-xmss@openssh\.com|ssh\-xmss\-cert\-v01@openssh\.com|ssh\-rsa1|ssh\-rsa\-cert\-v01@openssh\.com|ssh\-rsa\-cert\-v00@openssh\.com|ssh\-dss\-sha512@ssh\.com|ssh\-dss\-sha384@ssh\.com|ssh\-dss\-sha256@ssh\.com|ssh\-dss\-sha224@ssh\.com|ssh\-dss\-cert\-v01@openssh\.com|ssh\-dss\-cert\-v00@openssh\.com|ssh\-dss|ssh\-dsa|spki\-sign\-rsa|spki\-sign\-dss|pgp\-sign\-rsa|pgp\-sign\-dss|null|ecdsa\-sha2\-nistp224|ecdsa\-sha2\-nistp192|ecdsa\-sha2\-nistb233)(?=[,\s\"])
301
+
scope: invalid.deprecated.key-type.ssh.crypto
302
+
ssh-mac-algorithms:
303
+
- match: \b(?:umac\-96@openssh\.com|umac\-64@openssh\.com|umac\-64\-etm@openssh\.com|umac\-32@openssh\.com|umac\-128@openssh\.com|umac\-128\-etm@openssh\.com|umac\-128|hmac\-sha512@ssh\.com|hmac\-sha512|hmac\-sha3\-512|hmac\-sha3\-384|hmac\-sha3\-256|hmac\-sha3\-224|hmac\-sha256@ssh\.com|hmac\-sha256\-96@ssh\.com|hmac\-sha256|hmac\-sha2\-56|hmac\-sha2\-512\-etm@openssh\.com|hmac\-sha2\-512\-96\-etm@openssh\.com|hmac\-sha2\-512|hmac\-sha2\-384|hmac\-sha2\-256\-etm@openssh\.com|hmac\-sha2\-256\-96\-etm@openssh\.com|hmac\-sha2\-256|hmac\-sha2\-224|crypticore\-mac@ssh\.com|chacha20\-poly1305@openssh\.com|cbcmac\-twofish|cbcmac\-aes|aes256\-gcm|aes128\-gcm|AEAD_AES_256_GCM|AEAD_AES_128_GCM)(?=[,\s\"])
304
+
scope: support.function.mac-algorithm.ssh.crypto
305
+
- match: \b(?:sha1\-8|sha1|ripemd160\-8|ripemd160|none|md5\-8|md5|hmac\-sha2\-512\-96|hmac\-sha2\-256\-96|hmac\-sha1\-etm@openssh\.com|hmac\-sha1\-96\-etm@openssh\.com|hmac\-sha1\-96|hmac\-sha1|hmac\-ripemd160@openssh\.com|hmac\-ripemd160\-etm@openssh\.com|hmac\-ripemd160\-96|hmac\-ripemd160|hmac\-ripemd|hmac\-md5\-etm@openssh\.com|hmac\-md5\-96\-etm@openssh\.com|hmac\-md5\-96|hmac\-md5|cbcmac\-rijndael|cbcmac\-des|cbcmac\-blowfish|cbcmac\-3des)(?=[,\s\"])
306
+
scope: invalid.deprecated.mac-algorithm.ssh.crypto
307
+
parameters:
308
+
- include: comments
309
+
- include: parameter-forcecommand
310
+
- include: parameter-authorizedkeyscommand
311
+
- include: parameter-authorizedprincipalscommand
312
+
- include: parameter-path-with-tokens
313
+
- include: parameter-routingdomain
314
+
- include: parameter-with-boolean-values
315
+
- include: parameter-generic
316
+
pop-before-match-option:
317
+
- include: pop-before-nl
318
+
- match: '(?=\s*(?xi: all | user | group | host | (?:local)? address | localport
319
+
)\b)'
320
+
pop: 1
321
+
pop-before-next-match:
322
+
- match: (?=^\s*(?i:Match)\b)
323
+
pop: 1
324
+
match:
325
+
- match: ^\s*((?i:Match))\b
326
+
captures:
327
+
1: keyword.control.conditional.sshd_config
328
+
set: match-conditions
329
+
match-conditions:
330
+
- meta_scope: meta.block.match.sshd_config
331
+
- meta_content_scope: meta.statement.conditional.sshd_config
332
+
- match: \n
333
+
set: match-body
334
+
- include: operator-exclamation
335
+
- include: match-all
336
+
- match: '\b(?xi: invalid-user )\b'
337
+
scope: constant.language.null.sshd_config
338
+
- match: '\b(?xi: host )\b'
339
+
scope: meta.mapping.key.sshd_config keyword.other.sshd_config
340
+
with_prototype:
341
+
- include: punctuation-dot-sequence
342
+
push:
343
+
- meta_content_scope: meta.mapping.value.sshd_config
344
+
- include: pop-before-match-option
345
+
- include: string-patterns
346
+
- match: '\b(?xi: user | group )\b'
347
+
scope: meta.mapping.key.sshd_config keyword.other.sshd_config
348
+
push:
349
+
- meta_content_scope: meta.mapping.value.sshd_config
350
+
- include: pop-before-match-option
351
+
- include: string-patterns
352
+
- match: '\b(?xi: (?:local)? address )\b'
353
+
scope: meta.mapping.key.sshd_config keyword.other.sshd_config
354
+
push:
355
+
- meta_content_scope: meta.mapping.value.sshd_config
356
+
- include: pop-before-match-option
357
+
- include: operator-exclamation
358
+
- include: wildcards
359
+
- include: punctuation-comma-sequence
360
+
- include: ip-addresses-with-cidr
361
+
- match: '\b(?xi: localport )\b'
362
+
scope: meta.mapping.key.sshd_config keyword.other.sshd_config
363
+
push:
364
+
- meta_content_scope: meta.mapping.value.sshd_config
365
+
- include: pop-before-match-option
366
+
- include: port-numbers
367
+
- match: '\b(?xi: rdomain )\b'
368
+
scope: meta.mapping.key.sshd_config keyword.other.sshd_config
369
+
push:
370
+
- meta_content_scope: meta.mapping.value.sshd_config
371
+
- include: pop-before-match-option
372
+
- match: \b{{zero_to_255}}\b
373
+
scope: meta.number.integer.decimal.sshd_config constant.numeric.value.sshd_config
374
+
match-body:
375
+
- meta_content_scope: meta.block.match.sshd_config
376
+
- include: pop-before-next-match
377
+
- include: parameters
378
+
parameter-forcecommand:
379
+
- match: ^\s*((?i:ForceCommand))\b\s*(=)?
380
+
captures:
381
+
1: meta.mapping.key.sshd_config keyword.other.sshd_config
382
+
2: keyword.operator.assignment.sshd_config
383
+
push:
384
+
- meta_content_scope: meta.mapping.value.sshd_config
385
+
- include: pop-nl
386
+
- include: none-command-values
387
+
- match: '"'
388
+
scope: string.quoted.double.sshd_config punctuation.definition.string.begin.sshd_config
389
+
escape: (")|(?=$)
390
+
escape_captures:
391
+
1: meta.mapping.value.sshd_config string.quoted.double.sshd_config punctuation.definition.string.end.sshd_config
392
+
embed_scope: string.quoted.double.sshd_config
393
+
embed: scope:source.shell
394
+
- match: (?=\S)
395
+
escape: (?=$)
396
+
embed: scope:source.shell
397
+
parameter-authorizedkeyscommand:
398
+
- match: ^\s*((?i:AuthorizedKeysCommand))\b\s*(=)?
399
+
captures:
400
+
1: meta.mapping.key.sshd_config keyword.other.sshd_config
401
+
2: keyword.operator.assignment.sshd_config
402
+
push:
403
+
- meta_content_scope: meta.mapping.value.sshd_config
404
+
- include: pop-nl
405
+
- match: '"'
406
+
scope: string.quoted.double.sshd_config punctuation.definition.string.begin.sshd_config
407
+
escape: (")|(?=$)
408
+
escape_captures:
409
+
1: meta.mapping.value.sshd_config string.quoted.double.sshd_config punctuation.definition.string.end.sshd_config
410
+
embed_scope: string.quoted.double.ssh_config source.shell.embedded.ssh.authorizedkeyscommand
411
+
embed: scope:source.shell.embedded.ssh.authorizedkeyscommand
412
+
- match: (?=\S)
413
+
escape: (?=$)
414
+
embed: scope:source.shell.embedded.ssh.authorizedkeyscommand
415
+
parameter-authorizedprincipalscommand:
416
+
- match: ^\s*((?i:AuthorizedPrincipalsCommand))\b\s*(=)?
417
+
captures:
418
+
1: meta.mapping.key.sshd_config keyword.other.sshd_config
419
+
2: keyword.operator.assignment.sshd_config
420
+
push:
421
+
- meta_content_scope: meta.mapping.value.sshd_config
422
+
- include: pop-nl
423
+
- match: '"'
424
+
scope: string.quoted.double.sshd_config punctuation.definition.string.begin.sshd_config
425
+
escape: (")|(?=$)
426
+
escape_captures:
427
+
1: meta.mapping.value.sshd_config string.quoted.double.sshd_config punctuation.definition.string.end.sshd_config
428
+
embed_scope: string.quoted.double.ssh_config source.shell.embedded.ssh.authorizedprincipalscommand
429
+
embed: scope:source.shell.embedded.ssh.authorizedprincipalscommand
430
+
- match: (?=\S)
431
+
escape: (?=$)
432
+
embed: scope:source.shell.embedded.ssh.authorizedprincipalscommand
433
+
parameter-path-with-tokens:
434
+
- match: '^\s*((?ix: AuthorizedKeysFile | AuthorizedPrincipalsFile | ChrootDirectory
435
+
))\b\s*(=)?'
436
+
captures:
437
+
1: meta.mapping.key.sshd_config keyword.other.sshd_config
438
+
2: keyword.operator.assignment.sshd_config
439
+
with_prototype:
440
+
- include: tokens
441
+
- include: none
442
+
- include: paths
443
+
push: possibly-quoted-value
444
+
parameter-routingdomain:
445
+
- match: ^\s*((?i:RoutingDomain))\b\s*(=)?
446
+
captures:
447
+
1: meta.mapping.key.sshd_config keyword.other.sshd_config
448
+
2: keyword.operator.assignment.sshd_config
449
+
with_prototype:
450
+
- match: '%D'
451
+
scope: constant.other.placeholder.sshd_config
452
+
- include: numeric-values
453
+
push: possibly-quoted-value
454
+
parameter-with-boolean-values:
455
+
- match: ^\s*({{parameters_boolean}})\s*(=)?
456
+
captures:
457
+
1: meta.mapping.key.sshd_config keyword.other.sshd_config
458
+
2: keyword.operator.assignment.sshd_config
459
+
with_prototype:
460
+
- include: boolean-with-typing
461
+
- match: '[^"\s]+'
462
+
scope: invalid.illegal.sshd_config
463
+
push: possibly-quoted-value
464
+
parameter-generic:
465
+
- match: ^\s*([a-zA-Z1]+)\b\s*(=)?
466
+
captures:
467
+
1: meta.mapping.key.sshd_config keyword.other.sshd_config
468
+
2: keyword.operator.assignment.sshd_config
469
+
with_prototype:
470
+
- include: generic-parameter-values
471
+
push: possibly-quoted-value
472
+
generic-parameter-values:
473
+
- include: boolean
474
+
- include: none
475
+
- include: any
476
+
- match: '\b(?xi: default )\b'
477
+
scope: constant.language.default.sshd_config
478
+
- include: ssh-key-types
479
+
- include: ssh-ciphers
480
+
- include: ssh-kex-algorithms
481
+
- include: ssh-mac-algorithms
482
+
- include: ipv6-square-bracket
483
+
- include: ip-addresses-with-cidr
484
+
- include: time-values
485
+
- include: bytes-values
486
+
- include: operator-exclamation
487
+
- include: wildcards
488
+
- include: punctuation-comma-sequence
489
+
- include: log-level
490
+
- include: paths
491
+
- include: numeric-values
492
+
- match: ':'
493
+
scope: punctuation.separator.sequence.sshd_config
494
+
numeric-values:
495
+
- match: \b\d+(?=[\s,:"])
496
+
scope: constant.numeric.sshd_config