diff options
author | Colin Watson <cjwatson@debian.org> | 2003-09-01 18:33:32 +0000 |
---|---|---|
committer | Colin Watson <cjwatson@debian.org> | 2003-09-01 18:33:32 +0000 |
commit | 58bfa257481a1c6938ada9bbd38801cc45633fb0 (patch) | |
tree | 385160ff5c19376a1e1bfd34fcf5c91cff42908e /ssh_config.0 | |
parent | ae225aa5594655e3fa5685b4dd7f2ae0e1a5e2d7 (diff) | |
parent | 58657d96514cd6f16d82add8d6f4adbb36765758 (diff) |
Import OpenSSH 3.6p1.
Diffstat (limited to 'ssh_config.0')
-rw-r--r-- | ssh_config.0 | 400 |
1 files changed, 400 insertions, 0 deletions
diff --git a/ssh_config.0 b/ssh_config.0 new file mode 100644 index 000000000..559705343 --- /dev/null +++ b/ssh_config.0 | |||
@@ -0,0 +1,400 @@ | |||
1 | SSH_CONFIG(5) BSD File Formats Manual SSH_CONFIG(5) | ||
2 | |||
3 | ^[[1mNAME^[[0m | ||
4 | ^[[1mssh_config ^[[22mM-bMM-^R OpenSSH SSH client configuration files | ||
5 | |||
6 | ^[[1mSYNOPSIS^[[0m | ||
7 | ^[[4m$HOME/.ssh/config^[[0m | ||
8 | ^[[4m/etc/ssh/ssh_config^[[0m | ||
9 | |||
10 | ^[[1mDESCRIPTION^[[0m | ||
11 | ^[[1mssh ^[[22mobtains configuration data from the following sources in the followM-bM-^@M-^P | ||
12 | ing order: | ||
13 | 1. commandM-bM-^@M-^Pline options | ||
14 | 2. userM-bM-^@M-^Ys configuration file (^[[4m$HOME/.ssh/config^[[24m) | ||
15 | 3. systemM-bM-^@M-^Pwide configuration file (^[[4m/etc/ssh/ssh_config^[[24m) | ||
16 | |||
17 | For each parameter, the first obtained value will be used. The configuM-bM-^@M-^P | ||
18 | ration files contain sections bracketed by M-bM-^@M-^\HostM-bM-^@M-^] specifications, and | ||
19 | that section is only applied for hosts that match one of the patterns | ||
20 | given in the specification. The matched host name is the one given on | ||
21 | the command line. | ||
22 | |||
23 | Since the first obtained value for each parameter is used, more hostM-bM-^@M-^PspeM-bM-^@M-^P | ||
24 | cific declarations should be given near the beginning of the file, and | ||
25 | general defaults at the end. | ||
26 | |||
27 | The configuration file has the following format: | ||
28 | |||
29 | Empty lines and lines starting with M-bM-^@M-^X#M-bM-^@M-^Y are comments. | ||
30 | |||
31 | Otherwise a line is of the format M-bM-^@M-^\keyword argumentsM-bM-^@M-^]. Configuration | ||
32 | options may be separated by whitespace or optional whitespace and exactly | ||
33 | one M-bM-^@M-^X=M-bM-^@M-^Y; the latter format is useful to avoid the need to quote whitesM-bM-^@M-^P | ||
34 | pace when specifying configuration options using the ^[[1mssh^[[22m, ^[[1mscp ^[[22mand ^[[1msftp M-bMM-^Ro^[[0m | ||
35 | option. | ||
36 | |||
37 | The possible keywords and their meanings are as follows (note that keyM-bM-^@M-^P | ||
38 | words are caseM-bM-^@M-^Pinsensitive and arguments are caseM-bM-^@M-^Psensitive): | ||
39 | |||
40 | ^[[1mHost ^[[22mRestricts the following declarations (up to the next ^[[1mHost ^[[22mkeyM-bM-^@M-^P | ||
41 | word) to be only for those hosts that match one of the patterns | ||
42 | given after the keyword. M-bM-^@M-^X*M-bM-^@M-^Y and M-bM-^@M-^XM-bM-^@M-^Y? can be used as wildcards | ||
43 | in the patterns. A single M-bM-^@M-^X*M-bM-^@M-^Y as a pattern can be used to proM-bM-^@M-^P | ||
44 | vide global defaults for all hosts. The host is the ^[[4mhostname^[[0m | ||
45 | argument given on the command line (i.e., the name is not conM-bM-^@M-^P | ||
46 | verted to a canonicalized host name before matching). | ||
47 | |||
48 | ^[[1mAFSTokenPassing^[[0m | ||
49 | Specifies whether to pass AFS tokens to remote host. The arguM-bM-^@M-^P | ||
50 | ment to this keyword must be M-bM-^@M-^\yesM-bM-^@M-^] or M-bM-^@M-^\noM-bM-^@M-^]. This option applies | ||
51 | to protocol version 1 only. | ||
52 | |||
53 | ^[[1mBatchMode^[[0m | ||
54 | If set to M-bM-^@M-^\yesM-bM-^@M-^], passphrase/password querying will be disabled. | ||
55 | This option is useful in scripts and other batch jobs where no | ||
56 | user is present to supply the password. The argument must be | ||
57 | M-bM-^@M-^\yesM-bM-^@M-^] or M-bM-^@M-^\noM-bM-^@M-^]. The default is M-bM-^@M-^\noM-bM-^@M-^]. | ||
58 | |||
59 | ^[[1mBindAddress^[[0m | ||
60 | Specify the interface to transmit from on machines with multiple | ||
61 | interfaces or aliased addresses. Note that this option does not | ||
62 | work if ^[[1mUsePrivilegedPort ^[[22mis set to M-bM-^@M-^\yesM-bM-^@M-^]. | ||
63 | |||
64 | ^[[1mChallengeResponseAuthentication^[[0m | ||
65 | Specifies whether to use challenge response authentication. The | ||
66 | argument to this keyword must be M-bM-^@M-^\yesM-bM-^@M-^] or M-bM-^@M-^\noM-bM-^@M-^]. The default is | ||
67 | M-bM-^@M-^\yesM-bM-^@M-^]. | ||
68 | |||
69 | ^[[1mCheckHostIP^[[0m | ||
70 | If this flag is set to M-bM-^@M-^\yesM-bM-^@M-^], ssh will additionally check the | ||
71 | host IP address in the ^[[4mknown_hosts^[[24m file. This allows ssh to | ||
72 | detect if a host key changed due to DNS spoofing. If the option | ||
73 | is set to M-bM-^@M-^\noM-bM-^@M-^], the check will not be executed. The default is | ||
74 | M-bM-^@M-^\yesM-bM-^@M-^]. | ||
75 | |||
76 | ^[[1mCipher ^[[22mSpecifies the cipher to use for encrypting the session in protoM-bM-^@M-^P | ||
77 | col version 1. Currently, M-bM-^@M-^\blowfishM-bM-^@M-^], M-bM-^@M-^\3desM-bM-^@M-^], and M-bM-^@M-^\desM-bM-^@M-^] are supM-bM-^@M-^P | ||
78 | ported. ^[[4mdes^[[24m is only supported in the ^[[1mssh ^[[22mclient for interoperM-bM-^@M-^P | ||
79 | ability with legacy protocol 1 implementations that do not supM-bM-^@M-^P | ||
80 | port the ^[[4m3des^[[24m cipher. Its use is strongly discouraged due to | ||
81 | cryptographic weaknesses. The default is M-bM-^@M-^\3desM-bM-^@M-^]. | ||
82 | |||
83 | ^[[1mCiphers^[[0m | ||
84 | Specifies the ciphers allowed for protocol version 2 in order of | ||
85 | preference. Multiple ciphers must be commaM-bM-^@M-^Pseparated. The | ||
86 | default is | ||
87 | |||
88 | M-bM-^@M-^XM-bM-^@M-^Xaes128M-bM-^@M-^Pcbc,3desM-bM-^@M-^Pcbc,blowfishM-bM-^@M-^Pcbc,cast128M-bM-^@M-^Pcbc,arcfour, | ||
89 | aes192M-bM-^@M-^Pcbc,aes256M-bM-^@M-^PcbcM-bM-^@M-^YM-bM-^@M-^Y | ||
90 | |||
91 | ^[[1mClearAllForwardings^[[0m | ||
92 | Specifies that all local, remote and dynamic port forwardings | ||
93 | specified in the configuration files or on the command line be | ||
94 | cleared. This option is primarily useful when used from the ^[[1mssh^[[0m | ||
95 | command line to clear port forwardings set in configuration | ||
96 | files, and is automatically set by scp(1) and sftp(1). The arguM-bM-^@M-^P | ||
97 | ment must be M-bM-^@M-^\yesM-bM-^@M-^] or M-bM-^@M-^\noM-bM-^@M-^]. The default is M-bM-^@M-^\noM-bM-^@M-^]. | ||
98 | |||
99 | ^[[1mCompression^[[0m | ||
100 | Specifies whether to use compression. The argument must be M-bM-^@M-^\yesM-bM-^@M-^] | ||
101 | or M-bM-^@M-^\noM-bM-^@M-^]. The default is M-bM-^@M-^\noM-bM-^@M-^]. | ||
102 | |||
103 | ^[[1mCompressionLevel^[[0m | ||
104 | Specifies the compression level to use if compression is enabled. | ||
105 | The argument must be an integer from 1 (fast) to 9 (slow, best). | ||
106 | The default level is 6, which is good for most applications. The | ||
107 | meaning of the values is the same as in gzip(1). Note that this | ||
108 | option applies to protocol version 1 only. | ||
109 | |||
110 | ^[[1mConnectionAttempts^[[0m | ||
111 | Specifies the number of tries (one per second) to make before | ||
112 | exiting. The argument must be an integer. This may be useful in | ||
113 | scripts if the connection sometimes fails. The default is 1. | ||
114 | |||
115 | ^[[1mDynamicForward^[[0m | ||
116 | Specifies that a TCP/IP port on the local machine be forwarded | ||
117 | over the secure channel, and the application protocol is then | ||
118 | used to determine where to connect to from the remote machine. | ||
119 | The argument must be a port number. Currently the SOCKS4 protoM-bM-^@M-^P | ||
120 | col is supported, and ^[[1mssh ^[[22mwill act as a SOCKS4 server. Multiple | ||
121 | forwardings may be specified, and additional forwardings can be | ||
122 | given on the command line. Only the superuser can forward priviM-bM-^@M-^P | ||
123 | leged ports. | ||
124 | |||
125 | ^[[1mEscapeChar^[[0m | ||
126 | Sets the escape character (default: M-bM-^@M-^X~M-bM-^@M-^Y). The escape character | ||
127 | can also be set on the command line. The argument should be a | ||
128 | single character, M-bM-^@M-^X^M-bM-^@M-^Y followed by a letter, or M-bM-^@M-^\noneM-bM-^@M-^] to disable | ||
129 | the escape character entirely (making the connection transparent | ||
130 | for binary data). | ||
131 | |||
132 | ^[[1mForwardAgent^[[0m | ||
133 | Specifies whether the connection to the authentication agent (if | ||
134 | any) will be forwarded to the remote machine. The argument must | ||
135 | be M-bM-^@M-^\yesM-bM-^@M-^] or M-bM-^@M-^\noM-bM-^@M-^]. The default is M-bM-^@M-^\noM-bM-^@M-^]. | ||
136 | |||
137 | Agent forwarding should be enabled with caution. Users with the | ||
138 | ability to bypass file permissions on the remote host (for the | ||
139 | agentM-bM-^@M-^Ys UnixM-bM-^@M-^Pdomain socket) can access the local agent through | ||
140 | the forwarded connection. An attacker cannot obtain key material | ||
141 | from the agent, however they can perform operations on the keys | ||
142 | that enable them to authenticate using the identities loaded into | ||
143 | the agent. | ||
144 | |||
145 | ^[[1mForwardX11^[[0m | ||
146 | Specifies whether X11 connections will be automatically rediM-bM-^@M-^P | ||
147 | rected over the secure channel and DISPLAY set. The argument | ||
148 | must be M-bM-^@M-^\yesM-bM-^@M-^] or M-bM-^@M-^\noM-bM-^@M-^]. The default is M-bM-^@M-^\noM-bM-^@M-^]. | ||
149 | |||
150 | X11 forwarding should be enabled with caution. Users with the | ||
151 | ability to bypass file permissions on the remote host (for the | ||
152 | userM-bM-^@M-^Ys X authorization database) can access the local X11 display | ||
153 | through the forwarded connection. An attacker may then be able | ||
154 | to perform activities such as keystroke monitoring. | ||
155 | |||
156 | ^[[1mGatewayPorts^[[0m | ||
157 | Specifies whether remote hosts are allowed to connect to local | ||
158 | forwarded ports. By default, ^[[1mssh ^[[22mbinds local port forwardings to | ||
159 | the loopback address. This prevents other remote hosts from conM-bM-^@M-^P | ||
160 | necting to forwarded ports. ^[[1mGatewayPorts ^[[22mcan be used to specify | ||
161 | that ^[[1mssh ^[[22mshould bind local port forwardings to the wildcard | ||
162 | address, thus allowing remote hosts to connect to forwarded | ||
163 | ports. The argument must be M-bM-^@M-^\yesM-bM-^@M-^] or M-bM-^@M-^\noM-bM-^@M-^]. The default is M-bM-^@M-^\noM-bM-^@M-^]. | ||
164 | |||
165 | ^[[1mGlobalKnownHostsFile^[[0m | ||
166 | Specifies a file to use for the global host key database instead | ||
167 | of ^[[4m/etc/ssh/ssh_known_hosts^[[24m. | ||
168 | |||
169 | ^[[1mHostbasedAuthentication^[[0m | ||
170 | Specifies whether to try rhosts based authentication with public | ||
171 | key authentication. The argument must be M-bM-^@M-^\yesM-bM-^@M-^] or M-bM-^@M-^\noM-bM-^@M-^]. The | ||
172 | default is M-bM-^@M-^\noM-bM-^@M-^]. This option applies to protocol version 2 only | ||
173 | and is similar to ^[[1mRhostsRSAAuthentication^[[22m. | ||
174 | |||
175 | ^[[1mHostKeyAlgorithms^[[0m | ||
176 | Specifies the protocol version 2 host key algorithms that the | ||
177 | client wants to use in order of preference. The default for this | ||
178 | option is: M-bM-^@M-^\sshM-bM-^@M-^Prsa,sshM-bM-^@M-^PdssM-bM-^@M-^]. | ||
179 | |||
180 | ^[[1mHostKeyAlias^[[0m | ||
181 | Specifies an alias that should be used instead of the real host | ||
182 | name when looking up or saving the host key in the host key | ||
183 | database files. This option is useful for tunneling ssh connecM-bM-^@M-^P | ||
184 | tions or for multiple servers running on a single host. | ||
185 | |||
186 | ^[[1mHostName^[[0m | ||
187 | Specifies the real host name to log into. This can be used to | ||
188 | specify nicknames or abbreviations for hosts. Default is the | ||
189 | name given on the command line. Numeric IP addresses are also | ||
190 | permitted (both on the command line and in ^[[1mHostName ^[[22mspecificaM-bM-^@M-^P | ||
191 | tions). | ||
192 | |||
193 | ^[[1mIdentityFile^[[0m | ||
194 | Specifies a file from which the userM-bM-^@M-^Ys RSA or DSA authentication | ||
195 | identity is read. The default is ^[[4m$HOME/.ssh/identity^[[24m for protocol | ||
196 | version 1, and ^[[4m$HOME/.ssh/id_rsa^[[24m and ^[[4m$HOME/.ssh/id_dsa^[[24m for protoM-bM-^@M-^P | ||
197 | col version 2. Additionally, any identities represented by the | ||
198 | authentication agent will be used for authentication. The file | ||
199 | name may use the tilde syntax to refer to a userM-bM-^@M-^Ys home direcM-bM-^@M-^P | ||
200 | tory. It is possible to have multiple identity files specified | ||
201 | in configuration files; all these identities will be tried in | ||
202 | sequence. | ||
203 | |||
204 | ^[[1mKeepAlive^[[0m | ||
205 | Specifies whether the system should send TCP keepalive messages | ||
206 | to the other side. If they are sent, death of the connection or | ||
207 | crash of one of the machines will be properly noticed. However, | ||
208 | this means that connections will die if the route is down temM-bM-^@M-^P | ||
209 | porarily, and some people find it annoying. | ||
210 | |||
211 | The default is M-bM-^@M-^\yesM-bM-^@M-^] (to send keepalives), and the client will | ||
212 | notice if the network goes down or the remote host dies. This is | ||
213 | important in scripts, and many users want it too. | ||
214 | |||
215 | To disable keepalives, the value should be set to M-bM-^@M-^\noM-bM-^@M-^]. | ||
216 | |||
217 | ^[[1mKerberosAuthentication^[[0m | ||
218 | Specifies whether Kerberos authentication will be used. The | ||
219 | argument to this keyword must be M-bM-^@M-^\yesM-bM-^@M-^] or M-bM-^@M-^\noM-bM-^@M-^]. | ||
220 | |||
221 | ^[[1mKerberosTgtPassing^[[0m | ||
222 | Specifies whether a Kerberos TGT will be forwarded to the server. | ||
223 | This will only work if the Kerberos server is actually an AFS | ||
224 | kaserver. The argument to this keyword must be M-bM-^@M-^\yesM-bM-^@M-^] or M-bM-^@M-^\noM-bM-^@M-^]. | ||
225 | |||
226 | ^[[1mLocalForward^[[0m | ||
227 | Specifies that a TCP/IP port on the local machine be forwarded | ||
228 | over the secure channel to the specified host and port from the | ||
229 | remote machine. The first argument must be a port number, and | ||
230 | the second must be ^[[4mhost:port^[[24m. IPv6 addresses can be specified | ||
231 | with an alternative syntax: ^[[4mhost/port^[[24m. Multiple forwardings may | ||
232 | be specified, and additional forwardings can be given on the comM-bM-^@M-^P | ||
233 | mand line. Only the superuser can forward privileged ports. | ||
234 | |||
235 | ^[[1mLogLevel^[[0m | ||
236 | Gives the verbosity level that is used when logging messages from | ||
237 | ^[[1mssh^[[22m. The possible values are: QUIET, FATAL, ERROR, INFO, VERM-bM-^@M-^P | ||
238 | BOSE, DEBUG, DEBUG1, DEBUG2 and DEBUG3. The default is INFO. | ||
239 | DEBUG and DEBUG1 are equivalent. DEBUG2 and DEBUG3 each specify | ||
240 | higher levels of verbose output. | ||
241 | |||
242 | ^[[1mMACs ^[[22mSpecifies the MAC (message authentication code) algorithms in | ||
243 | order of preference. The MAC algorithm is used in protocol verM-bM-^@M-^P | ||
244 | sion 2 for data integrity protection. Multiple algorithms must | ||
245 | be commaM-bM-^@M-^Pseparated. The default is | ||
246 | M-bM-^@M-^\hmacM-bM-^@M-^Pmd5,hmacM-bM-^@M-^Psha1,hmacM-bM-^@M-^Pripemd160,hmacM-bM-^@M-^Psha1M-bM-^@M-^P96,hmacM-bM-^@M-^Pmd5M-bM-^@M-^P96M-bM-^@M-^]. | ||
247 | |||
248 | ^[[1mNoHostAuthenticationForLocalhost^[[0m | ||
249 | This option can be used if the home directory is shared across | ||
250 | machines. In this case localhost will refer to a different | ||
251 | machine on each of the machines and the user will get many warnM-bM-^@M-^P | ||
252 | ings about changed host keys. However, this option disables host | ||
253 | authentication for localhost. The argument to this keyword must | ||
254 | be M-bM-^@M-^\yesM-bM-^@M-^] or M-bM-^@M-^\noM-bM-^@M-^]. The default is to check the host key for | ||
255 | localhost. | ||
256 | |||
257 | ^[[1mNumberOfPasswordPrompts^[[0m | ||
258 | Specifies the number of password prompts before giving up. The | ||
259 | argument to this keyword must be an integer. Default is 3. | ||
260 | |||
261 | ^[[1mPasswordAuthentication^[[0m | ||
262 | Specifies whether to use password authentication. The argument | ||
263 | to this keyword must be M-bM-^@M-^\yesM-bM-^@M-^] or M-bM-^@M-^\noM-bM-^@M-^]. The default is M-bM-^@M-^\yesM-bM-^@M-^]. | ||
264 | |||
265 | ^[[1mPort ^[[22mSpecifies the port number to connect on the remote host. Default | ||
266 | is 22. | ||
267 | |||
268 | ^[[1mPreferredAuthentications^[[0m | ||
269 | Specifies the order in which the client should try protocol 2 | ||
270 | authentication methods. This allows a client to prefer one method | ||
271 | (e.g. ^[[1mkeyboardM-bM-^@M-^Pinteractive^[[22m) over another method (e.g. ^[[1mpassword^[[22m) | ||
272 | The default for this option is: | ||
273 | M-bM-^@M-^\hostbased,publickey,keyboardM-bM-^@M-^Pinteractive,passwordM-bM-^@M-^]. | ||
274 | |||
275 | ^[[1mProtocol^[[0m | ||
276 | Specifies the protocol versions ^[[1mssh ^[[22mshould support in order of | ||
277 | preference. The possible values are M-bM-^@M-^\1M-bM-^@M-^] and M-bM-^@M-^\2M-bM-^@M-^]. Multiple verM-bM-^@M-^P | ||
278 | sions must be commaM-bM-^@M-^Pseparated. The default is M-bM-^@M-^\2,1M-bM-^@M-^]. This means | ||
279 | that ^[[1mssh ^[[22mtries version 2 and falls back to version 1 if version 2 | ||
280 | is not available. | ||
281 | |||
282 | ^[[1mProxyCommand^[[0m | ||
283 | Specifies the command to use to connect to the server. The comM-bM-^@M-^P | ||
284 | mand string extends to the end of the line, and is executed with | ||
285 | ^[[4m/bin/sh^[[24m. In the command string, M-bM-^@M-^X%hM-bM-^@M-^Y will be substituted by the | ||
286 | host name to connect and M-bM-^@M-^X%pM-bM-^@M-^Y by the port. The command can be | ||
287 | basically anything, and should read from its standard input and | ||
288 | write to its standard output. It should eventually connect an | ||
289 | sshd(8) server running on some machine, or execute ^[[1msshd M-bM-^@M-^Pi ^[[22msomeM-bM-^@M-^P | ||
290 | where. Host key management will be done using the HostName of | ||
291 | the host being connected (defaulting to the name typed by the | ||
292 | user). Setting the command to M-bM-^@M-^\noneM-bM-^@M-^] disables this option | ||
293 | entirely. Note that ^[[1mCheckHostIP ^[[22mis not available for connects | ||
294 | with a proxy command. | ||
295 | |||
296 | ^[[1mPubkeyAuthentication^[[0m | ||
297 | Specifies whether to try public key authentication. The argument | ||
298 | to this keyword must be M-bM-^@M-^\yesM-bM-^@M-^] or M-bM-^@M-^\noM-bM-^@M-^]. The default is M-bM-^@M-^\yesM-bM-^@M-^]. | ||
299 | This option applies to protocol version 2 only. | ||
300 | |||
301 | ^[[1mRemoteForward^[[0m | ||
302 | Specifies that a TCP/IP port on the remote machine be forwarded | ||
303 | over the secure channel to the specified host and port from the | ||
304 | local machine. The first argument must be a port number, and the | ||
305 | second must be ^[[4mhost:port^[[24m. IPv6 addresses can be specified with | ||
306 | an alternative syntax: ^[[4mhost/port^[[24m. Multiple forwardings may be | ||
307 | specified, and additional forwardings can be given on the command | ||
308 | line. Only the superuser can forward privileged ports. | ||
309 | |||
310 | ^[[1mRhostsAuthentication^[[0m | ||
311 | Specifies whether to try rhosts based authentication. Note that | ||
312 | this declaration only affects the client side and has no effect | ||
313 | whatsoever on security. Most servers do not permit RhostsAuthenM-bM-^@M-^P | ||
314 | tication because it is not secure (see ^[[1mRhostsRSAAuthentication^[[22m). | ||
315 | The argument to this keyword must be M-bM-^@M-^\yesM-bM-^@M-^] or M-bM-^@M-^\noM-bM-^@M-^]. The default | ||
316 | is M-bM-^@M-^\noM-bM-^@M-^]. This option applies to protocol version 1 only and | ||
317 | requires ^[[1mssh ^[[22mto be setuid root and ^[[1mUsePrivilegedPort ^[[22mto be set to | ||
318 | M-bM-^@M-^\yesM-bM-^@M-^]. | ||
319 | |||
320 | ^[[1mRhostsRSAAuthentication^[[0m | ||
321 | Specifies whether to try rhosts based authentication with RSA | ||
322 | host authentication. The argument must be M-bM-^@M-^\yesM-bM-^@M-^] or M-bM-^@M-^\noM-bM-^@M-^]. The | ||
323 | default is M-bM-^@M-^\noM-bM-^@M-^]. This option applies to protocol version 1 only | ||
324 | and requires ^[[1mssh ^[[22mto be setuid root. | ||
325 | |||
326 | ^[[1mRSAAuthentication^[[0m | ||
327 | Specifies whether to try RSA authentication. The argument to | ||
328 | this keyword must be M-bM-^@M-^\yesM-bM-^@M-^] or M-bM-^@M-^\noM-bM-^@M-^]. RSA authentication will only | ||
329 | be attempted if the identity file exists, or an authentication | ||
330 | agent is running. The default is M-bM-^@M-^\yesM-bM-^@M-^]. Note that this option | ||
331 | applies to protocol version 1 only. | ||
332 | |||
333 | ^[[1mSmartcardDevice^[[0m | ||
334 | Specifies which smartcard device to use. The argument to this | ||
335 | keyword is the device ^[[1mssh ^[[22mshould use to communicate with a smartM-bM-^@M-^P | ||
336 | card used for storing the userM-bM-^@M-^Ys private RSA key. By default, no | ||
337 | device is specified and smartcard support is not activated. | ||
338 | |||
339 | ^[[1mStrictHostKeyChecking^[[0m | ||
340 | If this flag is set to M-bM-^@M-^\yesM-bM-^@M-^], ^[[1mssh ^[[22mwill never automatically add | ||
341 | host keys to the ^[[4m$HOME/.ssh/known_hosts^[[24m file, and refuses to conM-bM-^@M-^P | ||
342 | nect to hosts whose host key has changed. This provides maximum | ||
343 | protection against trojan horse attacks, however, can be annoying | ||
344 | when the ^[[4m/etc/ssh/ssh_known_hosts^[[24m file is poorly maintained, or | ||
345 | connections to new hosts are frequently made. This option forces | ||
346 | the user to manually add all new hosts. If this flag is set to | ||
347 | M-bM-^@M-^\noM-bM-^@M-^], ^[[1mssh ^[[22mwill automatically add new host keys to the user known | ||
348 | hosts files. If this flag is set to M-bM-^@M-^\askM-bM-^@M-^], new host keys will be | ||
349 | added to the user known host files only after the user has conM-bM-^@M-^P | ||
350 | firmed that is what they really want to do, and ^[[1mssh ^[[22mwill refuse | ||
351 | to connect to hosts whose host key has changed. The host keys of | ||
352 | known hosts will be verified automatically in all cases. The | ||
353 | argument must be M-bM-^@M-^\yesM-bM-^@M-^], M-bM-^@M-^\noM-bM-^@M-^] or M-bM-^@M-^\askM-bM-^@M-^]. The default is M-bM-^@M-^\askM-bM-^@M-^]. | ||
354 | |||
355 | ^[[1mUsePrivilegedPort^[[0m | ||
356 | Specifies whether to use a privileged port for outgoing connecM-bM-^@M-^P | ||
357 | tions. The argument must be M-bM-^@M-^\yesM-bM-^@M-^] or M-bM-^@M-^\noM-bM-^@M-^]. The default is M-bM-^@M-^\noM-bM-^@M-^]. | ||
358 | If set to M-bM-^@M-^\yesM-bM-^@M-^] ^[[1mssh ^[[22mmust be setuid root. Note that this option | ||
359 | must be set to M-bM-^@M-^\yesM-bM-^@M-^] if ^[[1mRhostsAuthentication ^[[22mand | ||
360 | ^[[1mRhostsRSAAuthentication ^[[22mauthentications are needed with older | ||
361 | servers. | ||
362 | |||
363 | ^[[1mUser ^[[22mSpecifies the user to log in as. This can be useful when a difM-bM-^@M-^P | ||
364 | ferent user name is used on different machines. This saves the | ||
365 | trouble of having to remember to give the user name on the comM-bM-^@M-^P | ||
366 | mand line. | ||
367 | |||
368 | ^[[1mUserKnownHostsFile^[[0m | ||
369 | Specifies a file to use for the user host key database instead of | ||
370 | ^[[4m$HOME/.ssh/known_hosts^[[24m. | ||
371 | |||
372 | ^[[1mXAuthLocation^[[0m | ||
373 | Specifies the full pathname of the xauth(1) program. The default | ||
374 | is ^[[4m/usr/X11R6/bin/xauth^[[24m. | ||
375 | |||
376 | ^[[1mFILES^[[0m | ||
377 | $HOME/.ssh/config | ||
378 | This is the perM-bM-^@M-^Puser configuration file. The format of this file | ||
379 | is described above. This file is used by the ^[[1mssh ^[[22mclient. This | ||
380 | file does not usually contain any sensitive information, but the | ||
381 | recommended permissions are read/write for the user, and not | ||
382 | accessible by others. | ||
383 | |||
384 | /etc/ssh/ssh_config | ||
385 | Systemwide configuration file. This file provides defaults for | ||
386 | those values that are not specified in the userM-bM-^@M-^Ys configuration | ||
387 | file, and for those users who do not have a configuration file. | ||
388 | This file must be worldM-bM-^@M-^Preadable. | ||
389 | |||
390 | ^[[1mAUTHORS^[[0m | ||
391 | OpenSSH is a derivative of the original and free ssh 1.2.12 release by | ||
392 | Tatu Ylonen. Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, Theo | ||
393 | de Raadt and Dug Song removed many bugs, reM-bM-^@M-^Padded newer features and creM-bM-^@M-^P | ||
394 | ated OpenSSH. Markus Friedl contributed the support for SSH protocol | ||
395 | versions 1.5 and 2.0. | ||
396 | |||
397 | ^[[1mSEE ALSO^[[0m | ||
398 | ssh(1) | ||
399 | |||
400 | BSD September 25, 1999 BSD | ||