===================================================================
RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/ssh/ssh_config.5,v
retrieving revision 1.380
retrieving revision 1.381
diff -u -r1.380 -r1.381
--- src/usr.bin/ssh/ssh_config.5	2023/03/27 03:56:11	1.380
+++ src/usr.bin/ssh/ssh_config.5	2023/07/17 04:04:36	1.381
@@ -33,8 +33,8 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: ssh_config.5,v 1.380 2023/03/27 03:56:11 dtucker Exp $
-.Dd $Mdocdate: March 27 2023 $
+.\" $OpenBSD: ssh_config.5,v 1.381 2023/07/17 04:04:36 djm Exp $
+.Dd $Mdocdate: July 17 2023 $
 .Dt SSH_CONFIG 5
 .Os
 .Sh NAME
@@ -141,6 +141,7 @@
 .Cm canonical ,
 .Cm final ,
 .Cm exec ,
+.Cm localnetwork ,
 .Cm host ,
 .Cm originalhost ,
 .Cm user ,
@@ -194,6 +195,17 @@
 accept the tokens described in the
 .Sx TOKENS
 section.
+.Pp
+The
+.Cm localnetwork
+keyword matches the addresses of active local network interfaces against the
+supplied list of networks in CIDR format.
+This may be convenient for varying the effective configuration on devices that
+roam between networks.
+Note that network address is not a trustworthy criteria in many
+situations (e.g. when the network is automatically configured using DHCP)
+and so caution should be applied if using it to control security-sensitive
+configuration.
 .Pp
 The other keywords' criteria must be single entries or comma-separated
 lists and may use the wildcard and negation operators described in the