summaryrefslogtreecommitdiff
path: root/functions
diff options
context:
space:
mode:
Diffstat (limited to 'functions')
-rw-r--r--functions/_mosh29
-rw-r--r--functions/_ssh700
2 files changed, 729 insertions, 0 deletions
diff --git a/functions/_mosh b/functions/_mosh
new file mode 100644
index 0000000..b8e7e49
--- /dev/null
+++ b/functions/_mosh
@@ -0,0 +1,29 @@
+#compdef mosh
+
+# load ssh completions to use _ssh_hosts
+_ssh
+
+local curcontext="$curcontext" state line
+local -a _comp_priv_prefix
+
+_arguments -C \
+ '(-)--help[display help information]' \
+ '(-)--version[display version information]' \
+ "--no-init[don't set terminal init string]" \
+ '--ssh=[specify ssh command to setup session]:ssh command:_normal' \
+ '--port=[specify server-side port range]:port:_sequence -n 2 -s \: _ports' \
+ '(-a -n)--predict=[control speculative local echo]:mode:(adaptive always never)' \
+ '(--predict -n)-a[synonym for --predict=always]' \
+ '(--predict -a)-n[synonym for --predict=never]' \
+ '--server[specify command to run server helper]:remote file:_files' \
+ '--client[specify command to run client helper]:_command_names -e' \
+ '1:remote host name:->userhost' \
+ '*:::args:_normal' && return
+
+case $state in
+ userhost)
+ _ssh_hosts || _user_at_host && return
+ ;;
+esac
+
+return 1
diff --git a/functions/_ssh b/functions/_ssh
new file mode 100644
index 0000000..a7babe9
--- /dev/null
+++ b/functions/_ssh
@@ -0,0 +1,700 @@
+#compdef ssh slogin=ssh scp ssh-add ssh-agent ssh-keygen sftp ssh-copy-id
+
+# TODO: sshd, ssh-keyscan, ssh-keysign
+
+_ssh () {
+ local curcontext="$curcontext" state line expl suf ret=1
+ local args common tmp p1 file cmn cmds sdesc
+ typeset -A opt_args
+
+ common=(
+ '(-2)-1[forces ssh to try protocol version 1 only]'
+ '(-1)-2[forces ssh to try protocol version 2 only]'
+ '(-6)-4[forces ssh to use IPv4 addresses only]'
+ '(-4)-6[forces ssh to use IPv6 addresses only]'
+ '-C[compress data]'
+ # for protocol version 2, this can be a comma-separated list
+ '-c+[select encryption cipher]:encryption cipher:(idea des 3des blowfish arcfour tss none)'
+ '-F+[specify alternate config file]:config file:_files'
+ '*-i+[select identity file]:SSH identity file:_files -g "*(-.^AR)"'
+ '*-o+[specify extra options]:option string:->option'
+ )
+ common_transfer=(
+ '-l[limit used bandwidth]:bandwidth in KiB/s:'
+ '-P+[specify port on remote host]:port number on remote host'
+ '-p[preserve modification times, access times and modes]'
+ '-q[disable progress meter and warnings]'
+ '-r[recursively copy directories (follows symbolic links)]'
+ '-S+[specify ssh program]:path to ssh:_command_names -e' \
+ '-v[verbose mode]'
+ )
+
+ case "$service" in
+ ssh)
+ _arguments -C -s \
+ '(-a)-A[enables forwarding of the authentication agent connection]' \
+ '(-A)-a[disable forwarding of authentication agent connection]' \
+ '(-P)-b+[specify interface to transmit on]:bind address:_bind_addresses' \
+ '-D+[specify a dynamic port forwarding]:dynamic port forwarding:->dynforward' \
+ '-e+[set escape character]:escape character (or `none'\''):' \
+ '-E[append log output to file instead of stderr]:_files' \
+ '(-n)-f[go to background]' \
+ '-g[allow remote hosts to connect to local forwarded ports]' \
+ '-G[output configuration and exit]' \
+ '-I+[specify smartcard device]:device:_files' \
+ '-J+[connect via a jump host]: :->userhost' \
+ '-K[enable GSSAPI-based authentication and forwarding]' \
+ '-k[disable forwarding of GSSAPI credentials]' \
+ '*-L[specify local port forwarding]:local port forwarding:->forward' \
+ '-l+[specify login name]:login name:_ssh_users' \
+ '-M[master mode for connection sharing]' \
+ '(-1)-m+[specify mac algorithms]:mac spec:->macs' \
+ '(-1)-N[do not execute a remote command (protocol version 2 only)]' \
+ '-n[redirect stdin from /dev/null]' \
+ '-O:multiplex control command:((check\:"check master process is running" exit\:"request the master to exit" forward\:"request forward without command execution" stop\:"request the master to stop accepting further multiplexing requests" cancel\:"cancel existing forwardings with -L and/or -R"))' \
+ '-P[use non privileged port]' \
+ '-p+[specify port on remote host]:port number on remote host' \
+ '(-v)*-q[quiet operation]' \
+ '*-R[specify remote port forwarding]:remote port forwarding:->forward' \
+ '-S+[specify location of control socket for connection sharing]:path to control socket:_files' \
+ '-Q[query parameters]:parameter type:((cipher\:"supported symmetric ciphers" cipher-auth\:"supported symmetric ciphers that support authenticated encryption" mac\:"supported message integrity codes" kex\:"key exchange algorithms" key\:"key types" protocol-version\:"supported SSH protocol versions"))' \
+ '(-1)-s[invoke subsystem]' \
+ '(-1 -t)-T[disable pseudo-tty allocation (protocol version 2 only)]' \
+ '(-T)-t[force pseudo-tty allocation]' \
+ '-V[show version number]' \
+ '(-q)*-v[verbose mode (multiple increase verbosity, up to 3)]' \
+ '-W[forward standard input and output to host]:stdinout forward:->hostport' \
+ '-w[request tunnel device forwarding]:local_tun[\:remote_tun] (integer or "any"):' \
+ '(-x -Y)-X[enable (untrusted) X11 forwarding]' \
+ '(-X -Y)-x[disable X11 forwarding]' \
+ '(-x -X)-Y[enable trusted X11 forwarding]' \
+ '-y[send log info via syslog instead of stderr]' \
+ ':remote host name:->userhost' \
+ '*::args:->command' "$common[@]" && ret=0
+ ;;
+ scp)
+ _arguments -C -s \
+ '-3[copy through local host, not directly between the remote hosts]' \
+ '-B[batch mode (don'\''t ask for passphrases)]' \
+ '*:file:->file' "$common[@]" "$common_transfer[@]" && ret=0
+ ;;
+ ssh-add)
+ _arguments -s \
+ '-c[identity is subject to confirmation via SSH_ASKPASS]' \
+ '-D[delete all identities]' \
+ '-d[remove identity]' \
+ '-E[specify hash algorithm for fingerprints]:algorithm:(md5 sha256)' \
+ '-e[remove keys provided by the PKCS#11 shared library]:library:_files -g "*.(so|dylib)(|.<->)(-.)"' \
+ '-k[load plain private keys only and skip certificates]' \
+ '-L[lists public key parameters of all identities in the agent]'\
+ '-l[list all identities]' \
+ '-s[add keys provided by the PKCS#11 shared library]:library:_files -g "*.(so|dylib)(|.<->)(-.)"' \
+ '-t[set maximum lifetime for identity]:maximum lifetime (in seconds or time format):' \
+ '-X[unlock the agent]' \
+ '-x[lock the agent with a password]' \
+ '*:SSH identity file:_files'
+ return
+ ;;
+ ssh-agent)
+ _arguments -s \
+ '(-k)-a[UNIX-domain socket to bind agent to]:UNIX-domain socket:_files' \
+ '(-k -s)-c[force csh-style shell]' \
+ '(-k)-d[debug mode]' \
+ '-k[kill current agent]' \
+ '(-k -c)-s[force sh-style shell]' \
+ '-t[set default maximum lifetime for identities]:maximum lifetime (in seconds or time format):' \
+ '*::command: _normal'
+ return
+ ;;
+ ssh-keygen)
+ # options can be in any order but use ! to limit those shown for the first argument
+ (( CURRENT == 2 )) && p1='!'
+ args=( '!-z:number' )
+ sdesc='certify keys with CA key'
+ (( $+words[(r)-s] )) && args=( '-z[specify serial number]:serial number' )
+ (( $+words[(r)-[ku]] )) && args=( '-z[specify version number]:version number' ) &&
+ sdesc='specify CA public key file'
+ file=key
+ (( $+words[(r)-[HR]] )) && file=known_hosts
+ (( $+words[(r)-T] )) && file=input
+ if (( $+words[(r)-[kQ]] )); then
+ file=krl
+ args+=( '*:file:_files' )
+ fi
+ cmds=( -p -i -e -y -c -l -B -D -H -R -r -G -T -s -L -A -k -Q ) # basic commands
+ cmn=( -b -P -N -C -m -v ) # options common to many basic commands (except -f which is common to most)
+ cms=( -E -q -t -g -M -S -a -J -j -K -W -I -h -n -O -V -u ) # options specific to one basic command
+ _arguments -s $args \
+ "(${${(@)cmds:#-G}} -P -m ${${(@)cms:#-[MS]}})-b[specify number of bits in key]:bits in key" \
+ "$p1(${${(@)cmds:#-[pc]}} -b -C $cms)-P[provide old passphrase]:old passphrase" \
+ "(${${(@)cmds:#-p}} -m -v ${${(@)cms:#-[qt]}})-N[provide new passphrase]:new passphrase" \
+ "(${${(@)cmds:#-c}} -m -v $cms)-C[provide new comment]:new comment" \
+ "(-D -G -M -S -I -h -n -O -V -A)-f[$file file]:$file file:_files" \
+ "$p1(${${(@)cmds:#-[ie]}})-m[specify conversion format]:format:(PEM PKCS7 RFC4716)" \
+ "(${${(@)cmds:#-[lGT]}} ${${(@)cmn:#-[bv]}} -f)*-v[verbose mode]" \
+ - '(commands)' \
+ "(-b -P -C -v)-p[change passphrase of private key file]" \
+ '(-b -P -N -C -v)-i[import key to OpenSSH format]' \
+ '(-b -P -N -C -v)-e[export key to SECSH file format]' \
+ "($cmn)-y[get public key from private key]" \
+ '(-b -N -m -v)-c[change comment in private and public key files]' \
+ "($cmn)-B[show the bubblebabble digest of key]" \
+ "(-)-D[download key stored in smartcard reader]:reader" \
+ "($cmn)-H[hash names in known_hosts file]" \
+ "($cmn)-R[remove host from known_hosts file]:host:_ssh_hosts" \
+ "($cmn)-L[print the contents of a certificate]" \
+ "(-)-A[generate host keys for all key types]" \
+ "($cmn)-Q[test whether keys have been revoked in a KRL]" \
+ - finger \
+ "($cmn)-l[show fingerprint of key file]" \
+ "$p1($cmn)-E[specify hash algorithm for displayed fingerprints]:hash algorithim:(md5 sha256)" \
+ - create \
+ '(-P -m)-q[silence ssh-keygen]' \
+ "(-P -m)-t[specify the type of the key to create]:key type:(rsa1 rsa dsa ecdsa ed25519)" \
+ - dns \
+ "($cmn)-r[print DNS resource record]:hostname:_hosts" \
+ "$p1($cmn)-g[use generic DNS format]" \
+ - primes \
+ "(-P -N -C -m -f)-G[generate candidates for DH-GEX moduli]" \
+ "$p1(-P -N -C -m -f)-M[specify amount of memory to use for generating DH-GEX moduli]:memory (MB)" \
+ "$p1(-P -N -C -m -f)-S[specify start point]:start point (hex)" \
+ - screen \
+ "(${${(@)cmn:#-v}})-T[screen candidates for DH-GEX moduli]:output file:_files" \
+ "${p1}(${${(@)cmn:#-v}})-a[specify number of rounds]:rounds" \
+ "${p1}(${${(@)cmn:#-v}})-J[exit after screening specified number of lines]" \
+ "${p1}(${${(@)cmn:#-v}})-j[start screening at the specified line number]:line number" \
+ "${p1}(${${(@)cmn:#-v}})-K[write the last line processed to file]:file:_files" \
+ "${p1}(${${(@)cmn:#-v}})-W[specify desired generator]:generator" \
+ - certify \
+ "($cmn)-s[$sdesc]:CA key:_files" \
+ "$p1($cmn -f -u)-I[specify key identifier to include in certificate]:key id" \
+ "$p1($cmn -f -u)-h[generate host certificate instead of a user certificate]" \
+ "$p1($cmn -f -u)-n[specify user/host principal names to include in certificate]:principals" \
+ "$p1($cmn -f -u)-O[specify a certificate option]:option" \
+ "$p1($cmn -f -u)-V[specify certificate validity interval]:interval" \
+ "($cmn -I -h -n -O -V)-k[generate a KRL file]" \
+ "$p1($cmn -I -h -n -O -V)-u[update a KRL]"
+ return
+ ;;
+ sftp)
+ _arguments -C -s \
+ '-a[attempt to continue interrupted transfers]' \
+ '-B+[specify buffer size]:buffer size (bytes) [32768]' \
+ '-b+[specify batch file to read]:batch file:_files' \
+ '-D[connect directly to a local sftp server]:sftp server path' \
+ '-f[request that files be flushed immediately after transfer]' \
+ '-R[specify number of outstanding requests]:number of requests [64]' \
+ '-s[SSH2 subsystem or path to sftp server on the remote host]' \
+ '1:file:->rfile' '*:file:->file' "$common[@]" "$common_transfer[@]" && ret=0
+ ;;
+ (ssh-copy-id)
+ _arguments \
+ '-i:SSH identity file:_files' \
+ ':remote host name:->userhost' \
+ ;;
+ esac
+
+ while [[ -n "$state" ]]; do
+ lstate="$state"
+ state=''
+
+ case "$lstate" in
+ option)
+ if compset -P 1 '*='; then
+ case "${IPREFIX#-o}" in
+ (#i)(ciphers|macs|kexalgorithms|hostkeyalgorithms|pubkeyacceptedkeytypes|hostbasedkeytypes)=)
+ if ! compset -P +; then
+ _wanted append expl 'append to default' compadd + && ret=0
+ fi
+ ;;
+ esac
+ case "${IPREFIX#-o}" in
+ (#i)(afstokenpassing|batchmode|canonicalizefallbacklocal|challengeresponseauthentication|checkhostip|clearallforwardings|compression|enablesshkeysign|exitonforwardfailure|fallbacktorsh|forward(agent|x11)|forwardx11trusted|gatewayports|gssapiauthentication|gssapidelegatecredentials|gssapitrustdns|hashknownhosts|hostbasedauthentication|identitiesonly|kbdinteractiveauthentication|(tcp|)keepalive|nohostauthenticationforlocalhost|passwordauthentication|permitlocalcommand|proxyusefdpass|pubkeyauthentication|rhosts(|rsa)authentication|rsaauthentication|streamlocalbindunlink|usersh|kerberos(authentication|tgtpassing)|useprivilegedport|visualhostkey)=*)
+ _wanted values expl 'truth value' compadd yes no && ret=0
+ ;;
+ (#i)addressfamily=*)
+ _wanted values expl 'address family' compadd any inet inet6 && ret=0
+ ;;
+ (#i)bindaddress=*)
+ _wanted bind-addresses expl 'bind address' _bind_addresses && ret=0
+ ;;
+ (#i)canonicaldomains=*)
+ _message -e 'canonical domains (space separated)' && ret=0
+ ;;
+ (#i)canonicalizehostname=*)
+ _wanted values expl 'truthish value' compadd yes no always && ret=0
+ ;;
+ (#i)canonicalizemaxdots=*)
+ _message -e 'number of dots' && ret=0
+ ;;
+ (#i)canonicalizepermittedcnames=*)
+ _message -e 'CNAME rule list (source_domain_list:target_domain_list, each pattern list comma separated)' && ret=0
+ ;;
+ (#i)ciphers=*)
+ _values -s , 'encryption cipher' \
+ '3des-cbc' \
+ 'aes128-cbc' \
+ 'aes192-cbc' \
+ 'aes256-cbc' \
+ 'aes128-ctr' \
+ 'aes192-ctr' \
+ 'aes256-ctr' \
+ 'arcfour128' \
+ 'arcfour256' \
+ 'arcfour' \
+ 'blowfish-cbc' \
+ 'cast128-cbc' \
+ \
+ 'rijndael128-cbc' \
+ 'rijndael192-cbc' \
+ 'rijndael256-cbc' \
+ 'rijndael-cbc@lysator.liu.se' \
+ && ret=0
+ ;;
+ (#i)cipher=*)
+ _wanted values expl 'encryption cipher (protocol version 1)' \
+ compadd blowfish 3des des idea arcfour tss none && ret=0
+ ;;
+ (#i)compressionlevel=*)
+ _values 'compression level' {1..9} && ret=0
+ ;;
+ (#i)connectionattempts=*)
+ _message -e 'connection attempts' && ret=0
+ ;;
+ (#i)connecttimeout=*)
+ _message -e 'connection timeout' && ret=0
+ ;;
+ (#i)controlmaster=*)
+ _wanted values expl 'truthish value' compadd yes no auto autoask && ret=0
+ ;;
+ (#i)controlpath=*)
+ _description files expl 'path to control socket'
+ _files "$expl[@]" && ret=0
+ ;;
+ (#i)controlpersist=*)
+ _message -e 'timeout'
+ ret=0
+ _wanted values expl 'truth value' compadd yes no && ret=0
+ ;;
+ (#i)escapechar=*)
+ _message -e 'escape character (or `none'\'')'
+ ret=0
+ ;;
+ (#i)fingerprinthash=*)
+ _values 'fingerprint hash algorithm' \
+ md5 ripemd160 sha1 sha256 sha384 sha512 && ret=0
+ ;;
+ (#i)forwardx11timeout=*)
+ _message -e 'timeout'
+ ret=0
+ ;;
+ (#i)globalknownhostsfile=*)
+ _description files expl 'global file with known hosts'
+ _files "$expl[@]" && ret=0
+ ;;
+ (#i)hostname=*)
+ _wanted hosts expl 'real host name to log into' _ssh_hosts && ret=0
+ ;;
+ (#i)(hostbasedkeytypes|hostkeyalgorithms|pubkeyacceptedkeytypes)=*)
+ _values -s , 'key types' \
+ 'ecdsa-sha2-nistp256-cert-v01@openssh.com' \
+ 'ecdsa-sha2-nistp384-cert-v01@openssh.com' \
+ 'ecdsa-sha2-nistp521-cert-v01@openssh.com' \
+ 'ssh-ed25519-cert-v01@openssh.com' \
+ 'ssh-rsa-cert-v01@openssh.com' \
+ 'ssh-dss-cert-v01@openssh.com' \
+ 'ssh-rsa-cert-v00@openssh.com' \
+ 'ssh-dss-cert-v00@openssh.com' \
+ 'ecdsa-sha2-nistp256' \
+ 'ecdsa-sha2-nistp384' \
+ 'ecdsa-sha2-nistp521' \
+ 'ssh-ed25519' \
+ 'ssh-rsa' \
+ 'ssh-dss' && ret=0
+ ;;
+ (#i)identityfile=*)
+ _description files expl 'SSH identity file'
+ _files "$expl[@]" && ret=0
+ ;;
+ (#i)ignoreunknown=*)
+ _message -e 'pattern list' && ret=0
+ ;;
+ (#i)ipqos=*)
+ local descr
+ if [[ $PREFIX = *\ *\ * ]]; then return 1; fi
+ if compset -P '* '; then
+ descr='QoS for non-interactive sessions'
+ else
+ descr='QoS [for interactive sessions if second value given, separated by white space]'
+ fi
+ _values $descr 'af11' 'af12' 'af13' 'af14' 'af22' \
+ 'af23' 'af31' 'af32' 'af33' 'af41' 'af42' 'af43' \
+ 'cs0' 'cs1' 'cs2' 'cs3' 'cs4' 'cs5' 'cs6' 'cs7' 'ef' \
+ 'lowdelay' 'throughput' 'reliability' && ret=0
+ ;;
+ (#i)(local|remote)forward=*)
+ state=forward
+ ;;
+ (#i)dynamicforward=*)
+ state=dynforward
+ ;;
+ (#i)kbdinteractivedevices=*)
+ _values -s , 'keyboard-interactive authentication methods' \
+ 'bsdauth' 'pam' 'skey' && ret=0
+ ;;
+ (#i)kexalgorithms=*)
+ _values -s , 'KEX algorithms' \
+ ecdh-sha2-nistp256 ecdh-sha2-nistp384 ecdh-sha2-nistp521 \
+ diffie-hellman-group-exchange-sha256 \
+ diffie-hellman-group-exchange-sha1 \
+ diffie-hellman-group14-sha1 diffie-hellman-group1-sha1 && ret=0
+ ;;
+ (#i)localcommand=*)
+ _description commands expl 'run command locally after connecting'
+ _command_names && ret=0
+ ;;
+ (#i)loglevel=*)
+ _values 'log level' QUIET FATAL ERROR INFO VERBOSE\
+ DEBUG DEBUG1 DEBUG2 DEBUG3 && ret=0
+ ;;
+ (#i)macs=*)
+ state=macs
+ ;;
+ (#i)numberofpasswordprompts=*)
+ _message -e 'number of password prompts'
+ ret=0
+ ;;
+ (#i)pkcs11provider=*)
+ _description files expl 'PKCS#11 shared library'
+ _files -g '*.(so|dylib)(|.<->)(-.)' "$expl[@]" && ret=0
+ ;;
+ (#i)port=*)
+ _message -e 'port number on remote host'
+ ret=0
+ ;;
+ (#i)preferredauthentications=*)
+ _values -s , 'authentication method' gssapi-with-mic \
+ hostbased publickey keyboard-interactive password && ret=0
+ ;;
+ (#i)protocol=*)
+ _values -s , 'protocol version' \
+ '1' \
+ '2' && ret=0
+ ;;
+ (#i)proxycommand=*)
+ _cmdstring && ret=0
+ ;;
+ (#i)rekeylimit=*)
+ _message -e 'maximum number of bytes transmitted before renegotiating session key'
+ ret=0
+ ;;
+ (#i)requesttty=*)
+ _values 'request a pseudo-tty' \
+ 'no[never request a TTY]' \
+ 'yes[always request a TTY when stdin is a TTY]' \
+ 'force[always request a TTY]' \
+ 'auto[request a TTY when opening a login session]' && ret=0
+ ;;
+ (#i)revokedhostkeys=*)
+ _description files expl 'revoked host keys file'
+ _files "$expl[@]" && ret=0
+ ;;
+ (#i)sendenv=*)
+ _wanted envs expl 'environment variable' _parameters -g 'scalar*export*' && ret=0
+ ;;
+ (#i)serveralivecountmax=*)
+ _message -e 'number of alive messages without replies before disconnecting'
+ ret=0
+ ;;
+ (#i)serveraliveinterval=*)
+ _message -e 'timeout in seconds since last data was received to send alive message'
+ ret=0
+ ;;
+ (#i)streamlocalbindmask=*)
+ _message -e 'octal mask' && ret=0
+ ;;
+ (#i)(stricthostkeychecking|verifyhostkeydns|updatehostkeys)=*)
+ _wanted values expl 'truthish value' compadd yes no ask && ret=0
+ ;;
+ (#i)transport=*)
+ _values 'transport protocol' TCP SCTP && ret=0
+ ;;
+ (#i)tunnel=*)
+ _values 'request device forwarding' \
+ 'yes' \
+ 'point-to-point' \
+ 'ethernet' \
+ 'no' && ret=0
+ ;;
+ (#i)tunneldevice=*)
+ _message -e 'local_tun[:remote_tun] (integer or "any")'
+ ret=0
+ ;;
+ (#i)userknownhostsfile=*)
+ _description files expl 'user file with known hosts'
+ _files "$expl[@]" && ret=0
+ ;;
+ (#i)user=*)
+ _wanted users expl 'user to log in as' _ssh_users && ret=0
+ ;;
+ (#i)xauthlocation=*)
+ _description files expl 'xauth program'
+ _files "$expl[@]" -g '*(-*)' && ret=0
+ ;;
+ esac
+ else
+ # old options are after the empty "\"-line
+ _wanted values expl 'configure file option' \
+ compadd -M 'm:{a-z}={A-Z}' -q -S '=' - \
+ AddKeysToAgent \
+ AddressFamily \
+ BatchMode \
+ BindAddress \
+ CanonicalDomains \
+ CanonicalizeFallbackLocal \
+ CanonicalizeHostname \
+ CanonicalizeMaxDots \
+ CanonicalizePermittedCNAMEs \
+ CertificateFile \
+ ChallengeResponseAuthentication \
+ CheckHostIP \
+ Cipher \
+ Ciphers \
+ ClearAllForwardings \
+ Compression \
+ CompressionLevel \
+ ConnectionAttempts \
+ ConnectTimeout \
+ ControlMaster \
+ ControlPath \
+ ControlPersist \
+ DynamicForward \
+ EnableSSHKeysign \
+ EscapeChar \
+ ExitOnForwardFailure \
+ FingerprintHash \
+ ForwardAgent \
+ ForwardX11 \
+ ForwardX11Timeout \
+ ForwardX11Trusted \
+ GatewayPorts \
+ GlobalKnownHostsFile \
+ GSSAPIAuthentication \
+ GSSAPIDelegateCredentials \
+ GSSAPITrustDns \
+ HashKnownHosts \
+ Host \
+ HostbasedAuthentication \
+ HostbasedKeyTypes \
+ HostKeyAlgorithms \
+ HostKeyAlias \
+ HostName \
+ IdentitiesOnly \
+ IdentityAgent \
+ IdentityFile \
+ IgnoreUnknown \
+ IPQoS \
+ KbdInteractiveAuthentication \
+ KbdInteractiveDevices \
+ KexAlgorithms \
+ LocalCommand \
+ LocalForward \
+ LogLevel \
+ MACs \
+ NoHostAuthenticationForLocalhost \
+ NumberOfPasswordPrompts \
+ PasswordAuthentication \
+ PermitLocalCommand \
+ PKCS11Provider \
+ Port \
+ PreferredAuthentications \
+ Protocol \
+ ProxyCommand \
+ ProxyJump \
+ ProxyUseFdpass \
+ PubkeyAcceptedKeyTypes \
+ PubkeyAuthentication \
+ RekeyLimit \
+ RemoteForward \
+ RequestTTY \
+ RevokedHostKeys \
+ RhostsRSAAuthentication \
+ RSAAuthentication \
+ SendEnv \
+ ServerAliveCountMax \
+ ServerAliveInterval \
+ StreamLocalBindMask \
+ StreamLocalBindUnlink \
+ StrictHostKeyChecking \
+ TCPKeepAlive \
+ Transport \
+ Tunnel \
+ TunnelDevice \
+ UpdateHostKeys \
+ UsePrivilegedPort \
+ User \
+ UserKnownHostsFile \
+ VerifyHostKeyDNS \
+ VisualHostKey \
+ XAuthLocation \
+ \
+ AFSTokenPassing \
+ FallBackToRsh \
+ KeepAlive \
+ KerberosAuthentication \
+ KerberosTgtPassing \
+ PreferredAuthentications \
+ ProtocolKeepAlives \
+ RhostsAuthentication \
+ SetupTimeOut \
+ SmartcardDevice \
+ UseRsh \
+ && ret=0
+ fi
+ ;;
+ forward)
+ local port=false host=false listen=false bind=false
+ if compset -P 1 '*:'; then
+ if [[ $IPREFIX != (*=|)<-65535>: ]]; then
+ if compset -P 1 '*:'; then
+ if compset -P '*:'; then
+ port=true
+ else
+ host=true
+ fi
+ else
+ listen=true
+ ret=0
+ fi
+ else
+ if compset -P '*:'; then
+ port=true
+ else
+ host=true
+ fi
+ fi
+ else
+ listen=true
+ bind=true
+ fi
+ $port && { _message -e port-numbers 'port number'; ret=0 }
+ $listen && { _message -e port-numbers 'listen-port number'; ret=0 }
+ $host && { _wanted hosts expl host _ssh_hosts -S: && ret=0 }
+ $bind && { _wanted bind-addresses expl bind-address _bind_addresses -S: && ret=0 }
+ return ret
+ ;;
+ dynforward)
+ _message -e port-numbers 'listen-port number'
+ if ! compset -P '*:'; then
+ _wanted bind-addresses expl bind-address _bind_addresses -qS:
+ fi
+ return 0
+ ;;
+ hostport)
+ if compset -P '*:'; then
+ _message -e port-numbers 'port number'
+ ret=0
+ else
+ _wanted hosts expl host _ssh_hosts -S: && ret=0
+ fi
+ return ret
+ ;;
+ macs)
+ _values -s , 'MAC algorithms' hmac-md5 hmac-sha1 umac-64@openssh.com \
+ hmac-ripemd160 hmac-sha1-96 hmac-md5-96 hmac-sha2-256 \
+ hmac-sha2-256-96 hmac-sha2-512 hmac-sha2-512-96 && ret=0
+ ;;
+ command)
+ local -a _comp_priv_prefix
+ shift 1 words
+ (( CURRENT-- ))
+ _normal
+ return
+ ;;
+ userhost)
+ if compset -P '*@'; then
+ _wanted hosts expl 'remote host name' _ssh_hosts && ret=0
+ elif compset -S '@*'; then
+ _wanted users expl 'login name' _ssh_users -S '' && ret=0
+ else
+ if (( $+opt_args[-l] )); then
+ tmp=()
+ else
+ tmp=( 'users:login name:_ssh_users -qS@' )
+ fi
+ _alternative \
+ 'hosts:remote host name:_ssh_hosts' \
+ "$tmp[@]" && ret=0
+ fi
+ ;;
+ file)
+ if compset -P 1 '[^./][^/]#:'; then
+ _remote_files -- ssh ${(kv)~opt_args[(I)-[FP1246]]/-P/-p} && ret=0
+ elif compset -P 1 '*@'; then
+ suf=( -S '' )
+ compset -S ':*' || suf=( -r: -S: )
+ _wanted hosts expl 'remote host name' _ssh_hosts $suf && ret=0
+ else
+ _alternative \
+ 'files:: _files' \
+ 'hosts:remote host name:_ssh_hosts -r: -S:' \
+ 'users:user:_ssh_users -qS@' && ret=0
+ fi
+ ;;
+ rfile)
+ if compset -P 1 '*:'; then
+ _remote_files -- ssh && ret=0
+ elif compset -P 1 '*@'; then
+ _wanted hosts expl host _ssh_hosts -r: -S: && ret=0
+ else
+ _alternative \
+ 'hosts:remote host name:_ssh_hosts -r: -S:' \
+ 'users:user:_ssh_users -qS@' && ret=0
+ fi
+ ;;
+ esac
+ done
+
+ return ret
+}
+
+_ssh_users () {
+ _combination -s '[:@]' my-accounts users-hosts users "$@"
+}
+
+_ssh_hosts () {
+ local -a config_hosts
+ local config
+ integer ind
+
+ if [[ "$IPREFIX" == *@ ]]; then
+ _combination -s '[:@]' my-accounts users-hosts "users=${IPREFIX/@}" hosts "$@"
+ else
+ _combination -s '[:@]' my-accounts users-hosts \
+ ${opt_args[-l]:+"users=${opt_args[-l]:q}"} hosts "$@"
+ fi
+ if (( ind = ${words[(I)-F]} )); then
+ config=${~words[ind+1]} 2>/dev/null
+ else
+ config="$HOME/.ssh/config"
+ fi
+ if [[ -r $config ]]; then
+ local key hosts host
+ while IFS=$'=\t ' read -r key hosts; do
+ if [[ "$key" == (#i)host ]]; then
+ for host in ${(z)hosts}; do
+ case $host in
+ (*[*?]*) ;;
+ (*) config_hosts+=("$host") ;;
+ esac
+ done
+ fi
+ done < "$config"
+ if (( ${#config_hosts} )); then
+ _wanted hosts expl 'remote host name' \
+ compadd -M 'm:{a-zA-Z}={A-Za-z} r:|.=* r:|=*' "$@" $config_hosts
+ fi
+ fi
+}
+
+_ssh "$@"