diff options
author | Colin Watson <cjwatson@debian.org> | 2016-02-29 12:15:15 +0000 |
---|---|---|
committer | Colin Watson <cjwatson@debian.org> | 2016-03-08 11:51:22 +0000 |
commit | 46961f5704f8e86cea3e99253faad55aef4d8f35 (patch) | |
tree | 0dd97fa4fb649a62b4639fe2674380872b1f3e98 /ssh_config.0 | |
parent | c753fe267efb1b027424fa8706cf0385fc3d14c1 (diff) | |
parent | 85e40e87a75fb80a0bf893ac05a417d6c353537d (diff) |
New upstream release (7.2).
Diffstat (limited to 'ssh_config.0')
-rw-r--r-- | ssh_config.0 | 140 |
1 files changed, 83 insertions, 57 deletions
diff --git a/ssh_config.0 b/ssh_config.0 index 67133cd4d..b823c021c 100644 --- a/ssh_config.0 +++ b/ssh_config.0 | |||
@@ -59,7 +59,7 @@ DESCRIPTION | |||
59 | Match Restricts the following declarations (up to the next Host or | 59 | Match Restricts the following declarations (up to the next Host or |
60 | Match keyword) to be used only when the conditions following the | 60 | Match keyword) to be used only when the conditions following the |
61 | Match keyword are satisfied. Match conditions are specified | 61 | Match keyword are satisfied. Match conditions are specified |
62 | using one or more critera or the single token all which always | 62 | using one or more criteria or the single token all which always |
63 | matches. The available criteria keywords are: canonical, exec, | 63 | matches. The available criteria keywords are: canonical, exec, |
64 | host, originalhost, user, and localuser. The all criteria must | 64 | host, originalhost, user, and localuser. The all criteria must |
65 | appear alone or immediately after canonical. Other criteria may | 65 | appear alone or immediately after canonical. Other criteria may |
@@ -94,10 +94,23 @@ DESCRIPTION | |||
94 | matches against the name of the local user running ssh(1) (this | 94 | matches against the name of the local user running ssh(1) (this |
95 | keyword may be useful in system-wide ssh_config files). | 95 | keyword may be useful in system-wide ssh_config files). |
96 | 96 | ||
97 | AddKeysToAgent | ||
98 | Specifies whether keys should be automatically added to a running | ||
99 | ssh-agent(1). If this option is set to M-bM-^@M-^\yesM-bM-^@M-^] and a key is loaded | ||
100 | from a file, the key and its passphrase are added to the agent | ||
101 | with the default lifetime, as if by ssh-add(1). If this option | ||
102 | is set to M-bM-^@M-^\askM-bM-^@M-^], ssh will require confirmation using the | ||
103 | SSH_ASKPASS program before adding a key (see ssh-add(1) for | ||
104 | details). If this option is set to M-bM-^@M-^\confirmM-bM-^@M-^], each use of the | ||
105 | key must be confirmed, as if the -c option was specified to | ||
106 | ssh-add(1). If this option is set to M-bM-^@M-^\noM-bM-^@M-^], no keys are added to | ||
107 | the agent. The argument must be M-bM-^@M-^\yesM-bM-^@M-^], M-bM-^@M-^\confirmM-bM-^@M-^], M-bM-^@M-^\askM-bM-^@M-^], or | ||
108 | M-bM-^@M-^\noM-bM-^@M-^]. The default is M-bM-^@M-^\noM-bM-^@M-^]. | ||
109 | |||
97 | AddressFamily | 110 | AddressFamily |
98 | Specifies which address family to use when connecting. Valid | 111 | Specifies which address family to use when connecting. Valid |
99 | arguments are M-bM-^@M-^\anyM-bM-^@M-^], M-bM-^@M-^\inetM-bM-^@M-^] (use IPv4 only), or M-bM-^@M-^\inet6M-bM-^@M-^] (use IPv6 | 112 | arguments are M-bM-^@M-^\anyM-bM-^@M-^], M-bM-^@M-^\inetM-bM-^@M-^] (use IPv4 only), or M-bM-^@M-^\inet6M-bM-^@M-^] (use IPv6 |
100 | only). | 113 | only). The default is M-bM-^@M-^\anyM-bM-^@M-^]. |
101 | 114 | ||
102 | BatchMode | 115 | BatchMode |
103 | If set to M-bM-^@M-^\yesM-bM-^@M-^], passphrase/password querying will be disabled. | 116 | If set to M-bM-^@M-^\yesM-bM-^@M-^], passphrase/password querying will be disabled. |
@@ -157,6 +170,22 @@ DESCRIPTION | |||
157 | canonicalized to names in the M-bM-^@M-^\*.b.example.comM-bM-^@M-^] or | 170 | canonicalized to names in the M-bM-^@M-^\*.b.example.comM-bM-^@M-^] or |
158 | M-bM-^@M-^\*.c.example.comM-bM-^@M-^] domains. | 171 | M-bM-^@M-^\*.c.example.comM-bM-^@M-^] domains. |
159 | 172 | ||
173 | CertificateFile | ||
174 | Specifies a file from which the user's certificate is read. A | ||
175 | corresponding private key must be provided separately in order to | ||
176 | use this certificate either from an IdentityFile directive or -i | ||
177 | flag to ssh(1), via ssh-agent(1), or via a PKCS11Provider. | ||
178 | |||
179 | The file name may use the tilde syntax to refer to a user's home | ||
180 | directory or one of the following escape characters: M-bM-^@M-^X%dM-bM-^@M-^Y (local | ||
181 | user's home directory), M-bM-^@M-^X%uM-bM-^@M-^Y (local user name), M-bM-^@M-^X%lM-bM-^@M-^Y (local host | ||
182 | name), M-bM-^@M-^X%hM-bM-^@M-^Y (remote host name) or M-bM-^@M-^X%rM-bM-^@M-^Y (remote user name). | ||
183 | |||
184 | It is possible to have multiple certificate files specified in | ||
185 | configuration files; these certificates will be tried in | ||
186 | sequence. Multiple CertificateFile directives will add to the | ||
187 | list of certificates used for authentication. | ||
188 | |||
160 | ChallengeResponseAuthentication | 189 | ChallengeResponseAuthentication |
161 | Specifies whether to use challenge-response authentication. The | 190 | Specifies whether to use challenge-response authentication. The |
162 | argument to this keyword must be M-bM-^@M-^\yesM-bM-^@M-^] or M-bM-^@M-^\noM-bM-^@M-^]. The default is | 191 | argument to this keyword must be M-bM-^@M-^\yesM-bM-^@M-^] or M-bM-^@M-^\noM-bM-^@M-^]. The default is |
@@ -208,9 +237,7 @@ DESCRIPTION | |||
208 | chacha20-poly1305@openssh.com, | 237 | chacha20-poly1305@openssh.com, |
209 | aes128-ctr,aes192-ctr,aes256-ctr, | 238 | aes128-ctr,aes192-ctr,aes256-ctr, |
210 | aes128-gcm@openssh.com,aes256-gcm@openssh.com, | 239 | aes128-gcm@openssh.com,aes256-gcm@openssh.com, |
211 | arcfour256,arcfour128, | 240 | aes128-cbc,aes192-cbc,aes256-cbc,3des-cbc |
212 | aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc, | ||
213 | aes192-cbc,aes256-cbc,arcfour | ||
214 | 241 | ||
215 | The list of available ciphers may also be obtained using the -Q | 242 | The list of available ciphers may also be obtained using the -Q |
216 | option of ssh(1) with an argument of M-bM-^@M-^\cipherM-bM-^@M-^]. | 243 | option of ssh(1) with an argument of M-bM-^@M-^\cipherM-bM-^@M-^]. |
@@ -282,13 +309,13 @@ DESCRIPTION | |||
282 | any domain name), M-bM-^@M-^X%hM-bM-^@M-^Y will be substituted by the target host | 309 | any domain name), M-bM-^@M-^X%hM-bM-^@M-^Y will be substituted by the target host |
283 | name, M-bM-^@M-^X%nM-bM-^@M-^Y will be substituted by the original target host name | 310 | name, M-bM-^@M-^X%nM-bM-^@M-^Y will be substituted by the original target host name |
284 | specified on the command line, M-bM-^@M-^X%pM-bM-^@M-^Y the destination port, M-bM-^@M-^X%rM-bM-^@M-^Y by | 311 | specified on the command line, M-bM-^@M-^X%pM-bM-^@M-^Y the destination port, M-bM-^@M-^X%rM-bM-^@M-^Y by |
285 | the remote login username, M-bM-^@M-^X%uM-bM-^@M-^Y by the username of the user | 312 | the remote login username, M-bM-^@M-^X%uM-bM-^@M-^Y by the username and M-bM-^@M-^X%iM-bM-^@M-^Y by the |
286 | running ssh(1), and M-bM-^@M-^X%CM-bM-^@M-^Y by a hash of the concatenation: | 313 | numeric user ID (uid) of the user running ssh(1), and M-bM-^@M-^X%CM-bM-^@M-^Y by a |
287 | %l%h%p%r. It is recommended that any ControlPath used for | 314 | hash of the concatenation: %l%h%p%r. It is recommended that any |
288 | opportunistic connection sharing include at least %h, %p, and %r | 315 | ControlPath used for opportunistic connection sharing include at |
289 | (or alternatively %C) and be placed in a directory that is not | 316 | least %h, %p, and %r (or alternatively %C) and be placed in a |
290 | writable by other users. This ensures that shared connections | 317 | directory that is not writable by other users. This ensures that |
291 | are uniquely identified. | 318 | shared connections are uniquely identified. |
292 | 319 | ||
293 | ControlPersist | 320 | ControlPersist |
294 | When used in conjunction with ControlMaster, specifies that the | 321 | When used in conjunction with ControlMaster, specifies that the |
@@ -342,8 +369,12 @@ DESCRIPTION | |||
342 | ExitOnForwardFailure | 369 | ExitOnForwardFailure |
343 | Specifies whether ssh(1) should terminate the connection if it | 370 | Specifies whether ssh(1) should terminate the connection if it |
344 | cannot set up all requested dynamic, tunnel, local, and remote | 371 | cannot set up all requested dynamic, tunnel, local, and remote |
345 | port forwardings. The argument must be M-bM-^@M-^\yesM-bM-^@M-^] or M-bM-^@M-^\noM-bM-^@M-^]. The | 372 | port forwardings, (e.g. if either end is unable to bind and |
346 | default is M-bM-^@M-^\noM-bM-^@M-^]. | 373 | listen on a specified port). Note that ExitOnForwardFailure does |
374 | not apply to connections made over port forwardings and will not, | ||
375 | for example, cause ssh(1) to exit if TCP connections to the | ||
376 | ultimate forwarding destination fail. The argument must be M-bM-^@M-^\yesM-bM-^@M-^] | ||
377 | or M-bM-^@M-^\noM-bM-^@M-^]. The default is M-bM-^@M-^\noM-bM-^@M-^]. | ||
347 | 378 | ||
348 | FingerprintHash | 379 | FingerprintHash |
349 | Specifies the hash algorithm used when displaying key | 380 | Specifies the hash algorithm used when displaying key |
@@ -415,12 +446,11 @@ DESCRIPTION | |||
415 | 446 | ||
416 | GSSAPIAuthentication | 447 | GSSAPIAuthentication |
417 | Specifies whether user authentication based on GSSAPI is allowed. | 448 | Specifies whether user authentication based on GSSAPI is allowed. |
418 | The default is M-bM-^@M-^\noM-bM-^@M-^]. Note that this option applies to protocol | 449 | The default is M-bM-^@M-^\noM-bM-^@M-^]. |
419 | version 2 only. | ||
420 | 450 | ||
421 | GSSAPIDelegateCredentials | 451 | GSSAPIDelegateCredentials |
422 | Forward (delegate) credentials to the server. The default is | 452 | Forward (delegate) credentials to the server. The default is |
423 | M-bM-^@M-^\noM-bM-^@M-^]. Note that this option applies to protocol version 2 only. | 453 | M-bM-^@M-^\noM-bM-^@M-^]. |
424 | 454 | ||
425 | HashKnownHosts | 455 | HashKnownHosts |
426 | Indicates that ssh(1) should hash host names and addresses when | 456 | Indicates that ssh(1) should hash host names and addresses when |
@@ -434,8 +464,7 @@ DESCRIPTION | |||
434 | HostbasedAuthentication | 464 | HostbasedAuthentication |
435 | Specifies whether to try rhosts based authentication with public | 465 | Specifies whether to try rhosts based authentication with public |
436 | key authentication. The argument must be M-bM-^@M-^\yesM-bM-^@M-^] or M-bM-^@M-^\noM-bM-^@M-^]. The | 466 | key authentication. The argument must be M-bM-^@M-^\yesM-bM-^@M-^] or M-bM-^@M-^\noM-bM-^@M-^]. The |
437 | default is M-bM-^@M-^\noM-bM-^@M-^]. This option applies to protocol version 2 only | 467 | default is M-bM-^@M-^\noM-bM-^@M-^]. |
438 | and is similar to RhostsRSAAuthentication. | ||
439 | 468 | ||
440 | HostbasedKeyTypes | 469 | HostbasedKeyTypes |
441 | Specifies the key types that will be used for hostbased | 470 | Specifies the key types that will be used for hostbased |
@@ -455,11 +484,11 @@ DESCRIPTION | |||
455 | The -Q option of ssh(1) may be used to list supported key types. | 484 | The -Q option of ssh(1) may be used to list supported key types. |
456 | 485 | ||
457 | HostKeyAlgorithms | 486 | HostKeyAlgorithms |
458 | Specifies the protocol version 2 host key algorithms that the | 487 | Specifies the host key algorithms that the client wants to use in |
459 | client wants to use in order of preference. Alternately if the | 488 | order of preference. Alternately if the specified value begins |
460 | specified value begins with a M-bM-^@M-^X+M-bM-^@M-^Y character, then the specified | 489 | with a M-bM-^@M-^X+M-bM-^@M-^Y character, then the specified key types will be |
461 | key types will be appended to the default set instead of | 490 | appended to the default set instead of replacing them. The |
462 | replacing them. The default for this option is: | 491 | default for this option is: |
463 | 492 | ||
464 | ecdsa-sha2-nistp256-cert-v01@openssh.com, | 493 | ecdsa-sha2-nistp256-cert-v01@openssh.com, |
465 | ecdsa-sha2-nistp384-cert-v01@openssh.com, | 494 | ecdsa-sha2-nistp384-cert-v01@openssh.com, |
@@ -496,8 +525,9 @@ DESCRIPTION | |||
496 | 525 | ||
497 | IdentitiesOnly | 526 | IdentitiesOnly |
498 | Specifies that ssh(1) should only use the authentication identity | 527 | Specifies that ssh(1) should only use the authentication identity |
499 | files configured in the ssh_config files, even if ssh-agent(1) or | 528 | and certificate files explicitly configured in the ssh_config |
500 | a PKCS11Provider offers more identities. The argument to this | 529 | files or passed on the ssh(1) command-line, even if ssh-agent(1) |
530 | or a PKCS11Provider offers more identities. The argument to this | ||
501 | keyword must be M-bM-^@M-^\yesM-bM-^@M-^] or M-bM-^@M-^\noM-bM-^@M-^]. This option is intended for | 531 | keyword must be M-bM-^@M-^\yesM-bM-^@M-^] or M-bM-^@M-^\noM-bM-^@M-^]. This option is intended for |
502 | situations where ssh-agent offers many different identities. The | 532 | situations where ssh-agent offers many different identities. The |
503 | default is M-bM-^@M-^\noM-bM-^@M-^]. | 533 | default is M-bM-^@M-^\noM-bM-^@M-^]. |
@@ -509,9 +539,10 @@ DESCRIPTION | |||
509 | ~/.ssh/id_ed25519 and ~/.ssh/id_rsa for protocol version 2. | 539 | ~/.ssh/id_ed25519 and ~/.ssh/id_rsa for protocol version 2. |
510 | Additionally, any identities represented by the authentication | 540 | Additionally, any identities represented by the authentication |
511 | agent will be used for authentication unless IdentitiesOnly is | 541 | agent will be used for authentication unless IdentitiesOnly is |
512 | set. ssh(1) will try to load certificate information from the | 542 | set. If no certificates have been explicitly specified by |
513 | filename obtained by appending -cert.pub to the path of a | 543 | CertificateFile, ssh(1) will try to load certificate information |
514 | specified IdentityFile. | 544 | from the filename obtained by appending -cert.pub to the path of |
545 | a specified IdentityFile. | ||
515 | 546 | ||
516 | The file name may use the tilde syntax to refer to a user's home | 547 | The file name may use the tilde syntax to refer to a user's home |
517 | directory or one of the following escape characters: M-bM-^@M-^X%dM-bM-^@M-^Y (local | 548 | directory or one of the following escape characters: M-bM-^@M-^X%dM-bM-^@M-^Y (local |
@@ -526,7 +557,9 @@ DESCRIPTION | |||
526 | 557 | ||
527 | IdentityFile may be used in conjunction with IdentitiesOnly to | 558 | IdentityFile may be used in conjunction with IdentitiesOnly to |
528 | select which identities in an agent are offered during | 559 | select which identities in an agent are offered during |
529 | authentication. | 560 | authentication. IdentityFile may also be used in conjunction |
561 | with CertificateFile in order to provide any certificate also | ||
562 | needed for authentication with the identity. | ||
530 | 563 | ||
531 | IgnoreUnknown | 564 | IgnoreUnknown |
532 | Specifies a pattern-list of unknown options to be ignored if they | 565 | Specifies a pattern-list of unknown options to be ignored if they |
@@ -620,11 +653,11 @@ DESCRIPTION | |||
620 | higher levels of verbose output. | 653 | higher levels of verbose output. |
621 | 654 | ||
622 | MACs Specifies the MAC (message authentication code) algorithms in | 655 | MACs Specifies the MAC (message authentication code) algorithms in |
623 | order of preference. The MAC algorithm is used in protocol | 656 | order of preference. The MAC algorithm is used for data |
624 | version 2 for data integrity protection. Multiple algorithms | 657 | integrity protection. Multiple algorithms must be comma- |
625 | must be comma-separated. If the specified value begins with a | 658 | separated. If the specified value begins with a M-bM-^@M-^X+M-bM-^@M-^Y character, |
626 | M-bM-^@M-^X+M-bM-^@M-^Y character, then the specified algorithms will be appended to | 659 | then the specified algorithms will be appended to the default set |
627 | the default set instead of replacing them. | 660 | instead of replacing them. |
628 | 661 | ||
629 | The algorithms that contain M-bM-^@M-^\-etmM-bM-^@M-^] calculate the MAC after | 662 | The algorithms that contain M-bM-^@M-^\-etmM-bM-^@M-^] calculate the MAC after |
630 | encryption (encrypt-then-mac). These are considered safer and | 663 | encryption (encrypt-then-mac). These are considered safer and |
@@ -634,13 +667,9 @@ DESCRIPTION | |||
634 | 667 | ||
635 | umac-64-etm@openssh.com,umac-128-etm@openssh.com, | 668 | umac-64-etm@openssh.com,umac-128-etm@openssh.com, |
636 | hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com, | 669 | hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com, |
670 | hmac-sha1-etm@openssh.com, | ||
637 | umac-64@openssh.com,umac-128@openssh.com, | 671 | umac-64@openssh.com,umac-128@openssh.com, |
638 | hmac-sha2-256,hmac-sha2-512, | 672 | hmac-sha2-256,hmac-sha2-512,hmac-sha1 |
639 | hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com, | ||
640 | hmac-ripemd160-etm@openssh.com, | ||
641 | hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com, | ||
642 | hmac-md5,hmac-sha1,hmac-ripemd160, | ||
643 | hmac-sha1-96,hmac-md5-96 | ||
644 | 673 | ||
645 | The list of available MAC algorithms may also be obtained using | 674 | The list of available MAC algorithms may also be obtained using |
646 | the -Q option of ssh(1) with an argument of M-bM-^@M-^\macM-bM-^@M-^]. | 675 | the -Q option of ssh(1) with an argument of M-bM-^@M-^\macM-bM-^@M-^]. |
@@ -677,10 +706,10 @@ DESCRIPTION | |||
677 | default is 22. | 706 | default is 22. |
678 | 707 | ||
679 | PreferredAuthentications | 708 | PreferredAuthentications |
680 | Specifies the order in which the client should try protocol 2 | 709 | Specifies the order in which the client should try authentication |
681 | authentication methods. This allows a client to prefer one | 710 | methods. This allows a client to prefer one method (e.g. |
682 | method (e.g. keyboard-interactive) over another method (e.g. | 711 | keyboard-interactive) over another method (e.g. password). The |
683 | password). The default is: | 712 | default is: |
684 | 713 | ||
685 | gssapi-with-mic,hostbased,publickey, | 714 | gssapi-with-mic,hostbased,publickey, |
686 | keyboard-interactive,password | 715 | keyboard-interactive,password |
@@ -690,7 +719,9 @@ DESCRIPTION | |||
690 | preference. The possible values are M-bM-^@M-^X1M-bM-^@M-^Y and M-bM-^@M-^X2M-bM-^@M-^Y. Multiple | 719 | preference. The possible values are M-bM-^@M-^X1M-bM-^@M-^Y and M-bM-^@M-^X2M-bM-^@M-^Y. Multiple |
691 | versions must be comma-separated. When this option is set to | 720 | versions must be comma-separated. When this option is set to |
692 | M-bM-^@M-^\2,1M-bM-^@M-^] ssh will try version 2 and fall back to version 1 if | 721 | M-bM-^@M-^\2,1M-bM-^@M-^] ssh will try version 2 and fall back to version 1 if |
693 | version 2 is not available. The default is M-bM-^@M-^X2M-bM-^@M-^Y. | 722 | version 2 is not available. The default is M-bM-^@M-^X2M-bM-^@M-^Y. Protocol 1 |
723 | suffers from a number of cryptographic weaknesses and should not | ||
724 | be used. It is only offered to support legacy devices. | ||
694 | 725 | ||
695 | ProxyCommand | 726 | ProxyCommand |
696 | Specifies the command to use to connect to the server. The | 727 | Specifies the command to use to connect to the server. The |
@@ -740,7 +771,6 @@ DESCRIPTION | |||
740 | PubkeyAuthentication | 771 | PubkeyAuthentication |
741 | Specifies whether to try public key authentication. The argument | 772 | Specifies whether to try public key authentication. The argument |
742 | to this keyword must be M-bM-^@M-^\yesM-bM-^@M-^] or M-bM-^@M-^\noM-bM-^@M-^]. The default is M-bM-^@M-^\yesM-bM-^@M-^]. | 773 | to this keyword must be M-bM-^@M-^\yesM-bM-^@M-^] or M-bM-^@M-^\noM-bM-^@M-^]. The default is M-bM-^@M-^\yesM-bM-^@M-^]. |
743 | This option applies to protocol version 2 only. | ||
744 | 774 | ||
745 | RekeyLimit | 775 | RekeyLimit |
746 | Specifies the maximum amount of data that may be transmitted | 776 | Specifies the maximum amount of data that may be transmitted |
@@ -755,7 +785,6 @@ DESCRIPTION | |||
755 | default value for RekeyLimit is M-bM-^@M-^\default noneM-bM-^@M-^], which means that | 785 | default value for RekeyLimit is M-bM-^@M-^\default noneM-bM-^@M-^], which means that |
756 | rekeying is performed after the cipher's default amount of data | 786 | rekeying is performed after the cipher's default amount of data |
757 | has been sent or received and no time based rekeying is done. | 787 | has been sent or received and no time based rekeying is done. |
758 | This option applies to protocol version 2 only. | ||
759 | 788 | ||
760 | RemoteForward | 789 | RemoteForward |
761 | Specifies that a TCP port on the remote machine be forwarded over | 790 | Specifies that a TCP port on the remote machine be forwarded over |
@@ -808,8 +837,7 @@ DESCRIPTION | |||
808 | 837 | ||
809 | SendEnv | 838 | SendEnv |
810 | Specifies what variables from the local environ(7) should be sent | 839 | Specifies what variables from the local environ(7) should be sent |
811 | to the server. Note that environment passing is only supported | 840 | to the server. The server must also support it, and the server |
812 | for protocol 2. The server must also support it, and the server | ||
813 | must be configured to accept these environment variables. Note | 841 | must be configured to accept these environment variables. Note |
814 | that the TERM environment variable is always sent whenever a | 842 | that the TERM environment variable is always sent whenever a |
815 | pseudo-terminal is requested as it is required by the protocol. | 843 | pseudo-terminal is requested as it is required by the protocol. |
@@ -838,15 +866,14 @@ DESCRIPTION | |||
838 | The default value is 3. If, for example, ServerAliveInterval | 866 | The default value is 3. If, for example, ServerAliveInterval |
839 | (see below) is set to 15 and ServerAliveCountMax is left at the | 867 | (see below) is set to 15 and ServerAliveCountMax is left at the |
840 | default, if the server becomes unresponsive, ssh will disconnect | 868 | default, if the server becomes unresponsive, ssh will disconnect |
841 | after approximately 45 seconds. This option applies to protocol | 869 | after approximately 45 seconds. |
842 | version 2 only. | ||
843 | 870 | ||
844 | ServerAliveInterval | 871 | ServerAliveInterval |
845 | Sets a timeout interval in seconds after which if no data has | 872 | Sets a timeout interval in seconds after which if no data has |
846 | been received from the server, ssh(1) will send a message through | 873 | been received from the server, ssh(1) will send a message through |
847 | the encrypted channel to request a response from the server. The | 874 | the encrypted channel to request a response from the server. The |
848 | default is 0, indicating that these messages will not be sent to | 875 | default is 0, indicating that these messages will not be sent to |
849 | the server. This option applies to protocol version 2 only. | 876 | the server. |
850 | 877 | ||
851 | StreamLocalBindMask | 878 | StreamLocalBindMask |
852 | Sets the octal file creation mode mask (umask) used when creating | 879 | Sets the octal file creation mode mask (umask) used when creating |
@@ -924,7 +951,7 @@ DESCRIPTION | |||
924 | graceful key rotation by allowing a server to send replacement | 951 | graceful key rotation by allowing a server to send replacement |
925 | public keys before old ones are removed. Additional hostkeys are | 952 | public keys before old ones are removed. Additional hostkeys are |
926 | only accepted if the key used to authenticate the host was | 953 | only accepted if the key used to authenticate the host was |
927 | already trusted or explicity accepted by the user. If | 954 | already trusted or explicitly accepted by the user. If |
928 | UpdateHostKeys is set to M-bM-^@M-^\askM-bM-^@M-^], then the user is asked to confirm | 955 | UpdateHostKeys is set to M-bM-^@M-^\askM-bM-^@M-^], then the user is asked to confirm |
929 | the modifications to the known_hosts file. Confirmation is | 956 | the modifications to the known_hosts file. Confirmation is |
930 | currently incompatible with ControlPersist, and will be disabled | 957 | currently incompatible with ControlPersist, and will be disabled |
@@ -960,8 +987,7 @@ DESCRIPTION | |||
960 | fingerprint match will be displayed, but the user will still need | 987 | fingerprint match will be displayed, but the user will still need |
961 | to confirm new host keys according to the StrictHostKeyChecking | 988 | to confirm new host keys according to the StrictHostKeyChecking |
962 | option. The argument must be M-bM-^@M-^\yesM-bM-^@M-^], M-bM-^@M-^\noM-bM-^@M-^], or M-bM-^@M-^\askM-bM-^@M-^]. The default | 989 | option. The argument must be M-bM-^@M-^\yesM-bM-^@M-^], M-bM-^@M-^\noM-bM-^@M-^], or M-bM-^@M-^\askM-bM-^@M-^]. The default |
963 | is M-bM-^@M-^\noM-bM-^@M-^]. Note that this option applies to protocol version 2 | 990 | is M-bM-^@M-^\noM-bM-^@M-^]. |
964 | only. | ||
965 | 991 | ||
966 | See also VERIFYING HOST KEYS in ssh(1). | 992 | See also VERIFYING HOST KEYS in ssh(1). |
967 | 993 | ||
@@ -1023,4 +1049,4 @@ AUTHORS | |||
1023 | created OpenSSH. Markus Friedl contributed the support for SSH protocol | 1049 | created OpenSSH. Markus Friedl contributed the support for SSH protocol |
1024 | versions 1.5 and 2.0. | 1050 | versions 1.5 and 2.0. |
1025 | 1051 | ||
1026 | OpenBSD 5.8 August 14, 2015 OpenBSD 5.8 | 1052 | OpenBSD 5.9 February 20, 2016 OpenBSD 5.9 |