summaryrefslogtreecommitdiff
path: root/ssh_config.0
diff options
context:
space:
mode:
authorColin Watson <cjwatson@debian.org>2016-02-29 12:15:15 +0000
committerColin Watson <cjwatson@debian.org>2016-03-08 11:51:22 +0000
commit46961f5704f8e86cea3e99253faad55aef4d8f35 (patch)
tree0dd97fa4fb649a62b4639fe2674380872b1f3e98 /ssh_config.0
parentc753fe267efb1b027424fa8706cf0385fc3d14c1 (diff)
parent85e40e87a75fb80a0bf893ac05a417d6c353537d (diff)
New upstream release (7.2).
Diffstat (limited to 'ssh_config.0')
-rw-r--r--ssh_config.0140
1 files changed, 83 insertions, 57 deletions
diff --git a/ssh_config.0 b/ssh_config.0
index 67133cd4d..b823c021c 100644
--- a/ssh_config.0
+++ b/ssh_config.0
@@ -59,7 +59,7 @@ DESCRIPTION
59 Match Restricts the following declarations (up to the next Host or 59 Match Restricts the following declarations (up to the next Host or
60 Match keyword) to be used only when the conditions following the 60 Match keyword) to be used only when the conditions following the
61 Match keyword are satisfied. Match conditions are specified 61 Match keyword are satisfied. Match conditions are specified
62 using one or more critera or the single token all which always 62 using one or more criteria or the single token all which always
63 matches. The available criteria keywords are: canonical, exec, 63 matches. The available criteria keywords are: canonical, exec,
64 host, originalhost, user, and localuser. The all criteria must 64 host, originalhost, user, and localuser. The all criteria must
65 appear alone or immediately after canonical. Other criteria may 65 appear alone or immediately after canonical. Other criteria may
@@ -94,10 +94,23 @@ DESCRIPTION
94 matches against the name of the local user running ssh(1) (this 94 matches against the name of the local user running ssh(1) (this
95 keyword may be useful in system-wide ssh_config files). 95 keyword may be useful in system-wide ssh_config files).
96 96
97 AddKeysToAgent
98 Specifies whether keys should be automatically added to a running
99 ssh-agent(1). If this option is set to M-bM-^@M-^\yesM-bM-^@M-^] and a key is loaded
100 from a file, the key and its passphrase are added to the agent
101 with the default lifetime, as if by ssh-add(1). If this option
102 is set to M-bM-^@M-^\askM-bM-^@M-^], ssh will require confirmation using the
103 SSH_ASKPASS program before adding a key (see ssh-add(1) for
104 details). If this option is set to M-bM-^@M-^\confirmM-bM-^@M-^], each use of the
105 key must be confirmed, as if the -c option was specified to
106 ssh-add(1). If this option is set to M-bM-^@M-^\noM-bM-^@M-^], no keys are added to
107 the agent. The argument must be M-bM-^@M-^\yesM-bM-^@M-^], M-bM-^@M-^\confirmM-bM-^@M-^], M-bM-^@M-^\askM-bM-^@M-^], or
108 M-bM-^@M-^\noM-bM-^@M-^]. The default is M-bM-^@M-^\noM-bM-^@M-^].
109
97 AddressFamily 110 AddressFamily
98 Specifies which address family to use when connecting. Valid 111 Specifies which address family to use when connecting. Valid
99 arguments are M-bM-^@M-^\anyM-bM-^@M-^], M-bM-^@M-^\inetM-bM-^@M-^] (use IPv4 only), or M-bM-^@M-^\inet6M-bM-^@M-^] (use IPv6 112 arguments are M-bM-^@M-^\anyM-bM-^@M-^], M-bM-^@M-^\inetM-bM-^@M-^] (use IPv4 only), or M-bM-^@M-^\inet6M-bM-^@M-^] (use IPv6
100 only). 113 only). The default is M-bM-^@M-^\anyM-bM-^@M-^].
101 114
102 BatchMode 115 BatchMode
103 If set to M-bM-^@M-^\yesM-bM-^@M-^], passphrase/password querying will be disabled. 116 If set to M-bM-^@M-^\yesM-bM-^@M-^], passphrase/password querying will be disabled.
@@ -157,6 +170,22 @@ DESCRIPTION
157 canonicalized to names in the M-bM-^@M-^\*.b.example.comM-bM-^@M-^] or 170 canonicalized to names in the M-bM-^@M-^\*.b.example.comM-bM-^@M-^] or
158 M-bM-^@M-^\*.c.example.comM-bM-^@M-^] domains. 171 M-bM-^@M-^\*.c.example.comM-bM-^@M-^] domains.
159 172
173 CertificateFile
174 Specifies a file from which the user's certificate is read. A
175 corresponding private key must be provided separately in order to
176 use this certificate either from an IdentityFile directive or -i
177 flag to ssh(1), via ssh-agent(1), or via a PKCS11Provider.
178
179 The file name may use the tilde syntax to refer to a user's home
180 directory or one of the following escape characters: M-bM-^@M-^X%dM-bM-^@M-^Y (local
181 user's home directory), M-bM-^@M-^X%uM-bM-^@M-^Y (local user name), M-bM-^@M-^X%lM-bM-^@M-^Y (local host
182 name), M-bM-^@M-^X%hM-bM-^@M-^Y (remote host name) or M-bM-^@M-^X%rM-bM-^@M-^Y (remote user name).
183
184 It is possible to have multiple certificate files specified in
185 configuration files; these certificates will be tried in
186 sequence. Multiple CertificateFile directives will add to the
187 list of certificates used for authentication.
188
160 ChallengeResponseAuthentication 189 ChallengeResponseAuthentication
161 Specifies whether to use challenge-response authentication. The 190 Specifies whether to use challenge-response authentication. The
162 argument to this keyword must be M-bM-^@M-^\yesM-bM-^@M-^] or M-bM-^@M-^\noM-bM-^@M-^]. The default is 191 argument to this keyword must be M-bM-^@M-^\yesM-bM-^@M-^] or M-bM-^@M-^\noM-bM-^@M-^]. The default is
@@ -208,9 +237,7 @@ DESCRIPTION
208 chacha20-poly1305@openssh.com, 237 chacha20-poly1305@openssh.com,
209 aes128-ctr,aes192-ctr,aes256-ctr, 238 aes128-ctr,aes192-ctr,aes256-ctr,
210 aes128-gcm@openssh.com,aes256-gcm@openssh.com, 239 aes128-gcm@openssh.com,aes256-gcm@openssh.com,
211 arcfour256,arcfour128, 240 aes128-cbc,aes192-cbc,aes256-cbc,3des-cbc
212 aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,
213 aes192-cbc,aes256-cbc,arcfour
214 241
215 The list of available ciphers may also be obtained using the -Q 242 The list of available ciphers may also be obtained using the -Q
216 option of ssh(1) with an argument of M-bM-^@M-^\cipherM-bM-^@M-^]. 243 option of ssh(1) with an argument of M-bM-^@M-^\cipherM-bM-^@M-^].
@@ -282,13 +309,13 @@ DESCRIPTION
282 any domain name), M-bM-^@M-^X%hM-bM-^@M-^Y will be substituted by the target host 309 any domain name), M-bM-^@M-^X%hM-bM-^@M-^Y will be substituted by the target host
283 name, M-bM-^@M-^X%nM-bM-^@M-^Y will be substituted by the original target host name 310 name, M-bM-^@M-^X%nM-bM-^@M-^Y will be substituted by the original target host name
284 specified on the command line, M-bM-^@M-^X%pM-bM-^@M-^Y the destination port, M-bM-^@M-^X%rM-bM-^@M-^Y by 311 specified on the command line, M-bM-^@M-^X%pM-bM-^@M-^Y the destination port, M-bM-^@M-^X%rM-bM-^@M-^Y by
285 the remote login username, M-bM-^@M-^X%uM-bM-^@M-^Y by the username of the user 312 the remote login username, M-bM-^@M-^X%uM-bM-^@M-^Y by the username and M-bM-^@M-^X%iM-bM-^@M-^Y by the
286 running ssh(1), and M-bM-^@M-^X%CM-bM-^@M-^Y by a hash of the concatenation: 313 numeric user ID (uid) of the user running ssh(1), and M-bM-^@M-^X%CM-bM-^@M-^Y by a
287 %l%h%p%r. It is recommended that any ControlPath used for 314 hash of the concatenation: %l%h%p%r. It is recommended that any
288 opportunistic connection sharing include at least %h, %p, and %r 315 ControlPath used for opportunistic connection sharing include at
289 (or alternatively %C) and be placed in a directory that is not 316 least %h, %p, and %r (or alternatively %C) and be placed in a
290 writable by other users. This ensures that shared connections 317 directory that is not writable by other users. This ensures that
291 are uniquely identified. 318 shared connections are uniquely identified.
292 319
293 ControlPersist 320 ControlPersist
294 When used in conjunction with ControlMaster, specifies that the 321 When used in conjunction with ControlMaster, specifies that the
@@ -342,8 +369,12 @@ DESCRIPTION
342 ExitOnForwardFailure 369 ExitOnForwardFailure
343 Specifies whether ssh(1) should terminate the connection if it 370 Specifies whether ssh(1) should terminate the connection if it
344 cannot set up all requested dynamic, tunnel, local, and remote 371 cannot set up all requested dynamic, tunnel, local, and remote
345 port forwardings. The argument must be M-bM-^@M-^\yesM-bM-^@M-^] or M-bM-^@M-^\noM-bM-^@M-^]. The 372 port forwardings, (e.g. if either end is unable to bind and
346 default is M-bM-^@M-^\noM-bM-^@M-^]. 373 listen on a specified port). Note that ExitOnForwardFailure does
374 not apply to connections made over port forwardings and will not,
375 for example, cause ssh(1) to exit if TCP connections to the
376 ultimate forwarding destination fail. The argument must be M-bM-^@M-^\yesM-bM-^@M-^]
377 or M-bM-^@M-^\noM-bM-^@M-^]. The default is M-bM-^@M-^\noM-bM-^@M-^].
347 378
348 FingerprintHash 379 FingerprintHash
349 Specifies the hash algorithm used when displaying key 380 Specifies the hash algorithm used when displaying key
@@ -415,12 +446,11 @@ DESCRIPTION
415 446
416 GSSAPIAuthentication 447 GSSAPIAuthentication
417 Specifies whether user authentication based on GSSAPI is allowed. 448 Specifies whether user authentication based on GSSAPI is allowed.
418 The default is M-bM-^@M-^\noM-bM-^@M-^]. Note that this option applies to protocol 449 The default is M-bM-^@M-^\noM-bM-^@M-^].
419 version 2 only.
420 450
421 GSSAPIDelegateCredentials 451 GSSAPIDelegateCredentials
422 Forward (delegate) credentials to the server. The default is 452 Forward (delegate) credentials to the server. The default is
423 M-bM-^@M-^\noM-bM-^@M-^]. Note that this option applies to protocol version 2 only. 453 M-bM-^@M-^\noM-bM-^@M-^].
424 454
425 HashKnownHosts 455 HashKnownHosts
426 Indicates that ssh(1) should hash host names and addresses when 456 Indicates that ssh(1) should hash host names and addresses when
@@ -434,8 +464,7 @@ DESCRIPTION
434 HostbasedAuthentication 464 HostbasedAuthentication
435 Specifies whether to try rhosts based authentication with public 465 Specifies whether to try rhosts based authentication with public
436 key authentication. The argument must be M-bM-^@M-^\yesM-bM-^@M-^] or M-bM-^@M-^\noM-bM-^@M-^]. The 466 key authentication. The argument must be M-bM-^@M-^\yesM-bM-^@M-^] or M-bM-^@M-^\noM-bM-^@M-^]. The
437 default is M-bM-^@M-^\noM-bM-^@M-^]. This option applies to protocol version 2 only 467 default is M-bM-^@M-^\noM-bM-^@M-^].
438 and is similar to RhostsRSAAuthentication.
439 468
440 HostbasedKeyTypes 469 HostbasedKeyTypes
441 Specifies the key types that will be used for hostbased 470 Specifies the key types that will be used for hostbased
@@ -455,11 +484,11 @@ DESCRIPTION
455 The -Q option of ssh(1) may be used to list supported key types. 484 The -Q option of ssh(1) may be used to list supported key types.
456 485
457 HostKeyAlgorithms 486 HostKeyAlgorithms
458 Specifies the protocol version 2 host key algorithms that the 487 Specifies the host key algorithms that the client wants to use in
459 client wants to use in order of preference. Alternately if the 488 order of preference. Alternately if the specified value begins
460 specified value begins with a M-bM-^@M-^X+M-bM-^@M-^Y character, then the specified 489 with a M-bM-^@M-^X+M-bM-^@M-^Y character, then the specified key types will be
461 key types will be appended to the default set instead of 490 appended to the default set instead of replacing them. The
462 replacing them. The default for this option is: 491 default for this option is:
463 492
464 ecdsa-sha2-nistp256-cert-v01@openssh.com, 493 ecdsa-sha2-nistp256-cert-v01@openssh.com,
465 ecdsa-sha2-nistp384-cert-v01@openssh.com, 494 ecdsa-sha2-nistp384-cert-v01@openssh.com,
@@ -496,8 +525,9 @@ DESCRIPTION
496 525
497 IdentitiesOnly 526 IdentitiesOnly
498 Specifies that ssh(1) should only use the authentication identity 527 Specifies that ssh(1) should only use the authentication identity
499 files configured in the ssh_config files, even if ssh-agent(1) or 528 and certificate files explicitly configured in the ssh_config
500 a PKCS11Provider offers more identities. The argument to this 529 files or passed on the ssh(1) command-line, even if ssh-agent(1)
530 or a PKCS11Provider offers more identities. The argument to this
501 keyword must be M-bM-^@M-^\yesM-bM-^@M-^] or M-bM-^@M-^\noM-bM-^@M-^]. This option is intended for 531 keyword must be M-bM-^@M-^\yesM-bM-^@M-^] or M-bM-^@M-^\noM-bM-^@M-^]. This option is intended for
502 situations where ssh-agent offers many different identities. The 532 situations where ssh-agent offers many different identities. The
503 default is M-bM-^@M-^\noM-bM-^@M-^]. 533 default is M-bM-^@M-^\noM-bM-^@M-^].
@@ -509,9 +539,10 @@ DESCRIPTION
509 ~/.ssh/id_ed25519 and ~/.ssh/id_rsa for protocol version 2. 539 ~/.ssh/id_ed25519 and ~/.ssh/id_rsa for protocol version 2.
510 Additionally, any identities represented by the authentication 540 Additionally, any identities represented by the authentication
511 agent will be used for authentication unless IdentitiesOnly is 541 agent will be used for authentication unless IdentitiesOnly is
512 set. ssh(1) will try to load certificate information from the 542 set. If no certificates have been explicitly specified by
513 filename obtained by appending -cert.pub to the path of a 543 CertificateFile, ssh(1) will try to load certificate information
514 specified IdentityFile. 544 from the filename obtained by appending -cert.pub to the path of
545 a specified IdentityFile.
515 546
516 The file name may use the tilde syntax to refer to a user's home 547 The file name may use the tilde syntax to refer to a user's home
517 directory or one of the following escape characters: M-bM-^@M-^X%dM-bM-^@M-^Y (local 548 directory or one of the following escape characters: M-bM-^@M-^X%dM-bM-^@M-^Y (local
@@ -526,7 +557,9 @@ DESCRIPTION
526 557
527 IdentityFile may be used in conjunction with IdentitiesOnly to 558 IdentityFile may be used in conjunction with IdentitiesOnly to
528 select which identities in an agent are offered during 559 select which identities in an agent are offered during
529 authentication. 560 authentication. IdentityFile may also be used in conjunction
561 with CertificateFile in order to provide any certificate also
562 needed for authentication with the identity.
530 563
531 IgnoreUnknown 564 IgnoreUnknown
532 Specifies a pattern-list of unknown options to be ignored if they 565 Specifies a pattern-list of unknown options to be ignored if they
@@ -620,11 +653,11 @@ DESCRIPTION
620 higher levels of verbose output. 653 higher levels of verbose output.
621 654
622 MACs Specifies the MAC (message authentication code) algorithms in 655 MACs Specifies the MAC (message authentication code) algorithms in
623 order of preference. The MAC algorithm is used in protocol 656 order of preference. The MAC algorithm is used for data
624 version 2 for data integrity protection. Multiple algorithms 657 integrity protection. Multiple algorithms must be comma-
625 must be comma-separated. If the specified value begins with a 658 separated. If the specified value begins with a M-bM-^@M-^X+M-bM-^@M-^Y character,
626 M-bM-^@M-^X+M-bM-^@M-^Y character, then the specified algorithms will be appended to 659 then the specified algorithms will be appended to the default set
627 the default set instead of replacing them. 660 instead of replacing them.
628 661
629 The algorithms that contain M-bM-^@M-^\-etmM-bM-^@M-^] calculate the MAC after 662 The algorithms that contain M-bM-^@M-^\-etmM-bM-^@M-^] calculate the MAC after
630 encryption (encrypt-then-mac). These are considered safer and 663 encryption (encrypt-then-mac). These are considered safer and
@@ -634,13 +667,9 @@ DESCRIPTION
634 667
635 umac-64-etm@openssh.com,umac-128-etm@openssh.com, 668 umac-64-etm@openssh.com,umac-128-etm@openssh.com,
636 hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com, 669 hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,
670 hmac-sha1-etm@openssh.com,
637 umac-64@openssh.com,umac-128@openssh.com, 671 umac-64@openssh.com,umac-128@openssh.com,
638 hmac-sha2-256,hmac-sha2-512, 672 hmac-sha2-256,hmac-sha2-512,hmac-sha1
639 hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com,
640 hmac-ripemd160-etm@openssh.com,
641 hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,
642 hmac-md5,hmac-sha1,hmac-ripemd160,
643 hmac-sha1-96,hmac-md5-96
644 673
645 The list of available MAC algorithms may also be obtained using 674 The list of available MAC algorithms may also be obtained using
646 the -Q option of ssh(1) with an argument of M-bM-^@M-^\macM-bM-^@M-^]. 675 the -Q option of ssh(1) with an argument of M-bM-^@M-^\macM-bM-^@M-^].
@@ -677,10 +706,10 @@ DESCRIPTION
677 default is 22. 706 default is 22.
678 707
679 PreferredAuthentications 708 PreferredAuthentications
680 Specifies the order in which the client should try protocol 2 709 Specifies the order in which the client should try authentication
681 authentication methods. This allows a client to prefer one 710 methods. This allows a client to prefer one method (e.g.
682 method (e.g. keyboard-interactive) over another method (e.g. 711 keyboard-interactive) over another method (e.g. password). The
683 password). The default is: 712 default is:
684 713
685 gssapi-with-mic,hostbased,publickey, 714 gssapi-with-mic,hostbased,publickey,
686 keyboard-interactive,password 715 keyboard-interactive,password
@@ -690,7 +719,9 @@ DESCRIPTION
690 preference. The possible values are M-bM-^@M-^X1M-bM-^@M-^Y and M-bM-^@M-^X2M-bM-^@M-^Y. Multiple 719 preference. The possible values are M-bM-^@M-^X1M-bM-^@M-^Y and M-bM-^@M-^X2M-bM-^@M-^Y. Multiple
691 versions must be comma-separated. When this option is set to 720 versions must be comma-separated. When this option is set to
692 M-bM-^@M-^\2,1M-bM-^@M-^] ssh will try version 2 and fall back to version 1 if 721 M-bM-^@M-^\2,1M-bM-^@M-^] ssh will try version 2 and fall back to version 1 if
693 version 2 is not available. The default is M-bM-^@M-^X2M-bM-^@M-^Y. 722 version 2 is not available. The default is M-bM-^@M-^X2M-bM-^@M-^Y. Protocol 1
723 suffers from a number of cryptographic weaknesses and should not
724 be used. It is only offered to support legacy devices.
694 725
695 ProxyCommand 726 ProxyCommand
696 Specifies the command to use to connect to the server. The 727 Specifies the command to use to connect to the server. The
@@ -740,7 +771,6 @@ DESCRIPTION
740 PubkeyAuthentication 771 PubkeyAuthentication
741 Specifies whether to try public key authentication. The argument 772 Specifies whether to try public key authentication. The argument
742 to this keyword must be M-bM-^@M-^\yesM-bM-^@M-^] or M-bM-^@M-^\noM-bM-^@M-^]. The default is M-bM-^@M-^\yesM-bM-^@M-^]. 773 to this keyword must be M-bM-^@M-^\yesM-bM-^@M-^] or M-bM-^@M-^\noM-bM-^@M-^]. The default is M-bM-^@M-^\yesM-bM-^@M-^].
743 This option applies to protocol version 2 only.
744 774
745 RekeyLimit 775 RekeyLimit
746 Specifies the maximum amount of data that may be transmitted 776 Specifies the maximum amount of data that may be transmitted
@@ -755,7 +785,6 @@ DESCRIPTION
755 default value for RekeyLimit is M-bM-^@M-^\default noneM-bM-^@M-^], which means that 785 default value for RekeyLimit is M-bM-^@M-^\default noneM-bM-^@M-^], which means that
756 rekeying is performed after the cipher's default amount of data 786 rekeying is performed after the cipher's default amount of data
757 has been sent or received and no time based rekeying is done. 787 has been sent or received and no time based rekeying is done.
758 This option applies to protocol version 2 only.
759 788
760 RemoteForward 789 RemoteForward
761 Specifies that a TCP port on the remote machine be forwarded over 790 Specifies that a TCP port on the remote machine be forwarded over
@@ -808,8 +837,7 @@ DESCRIPTION
808 837
809 SendEnv 838 SendEnv
810 Specifies what variables from the local environ(7) should be sent 839 Specifies what variables from the local environ(7) should be sent
811 to the server. Note that environment passing is only supported 840 to the server. The server must also support it, and the server
812 for protocol 2. The server must also support it, and the server
813 must be configured to accept these environment variables. Note 841 must be configured to accept these environment variables. Note
814 that the TERM environment variable is always sent whenever a 842 that the TERM environment variable is always sent whenever a
815 pseudo-terminal is requested as it is required by the protocol. 843 pseudo-terminal is requested as it is required by the protocol.
@@ -838,15 +866,14 @@ DESCRIPTION
838 The default value is 3. If, for example, ServerAliveInterval 866 The default value is 3. If, for example, ServerAliveInterval
839 (see below) is set to 15 and ServerAliveCountMax is left at the 867 (see below) is set to 15 and ServerAliveCountMax is left at the
840 default, if the server becomes unresponsive, ssh will disconnect 868 default, if the server becomes unresponsive, ssh will disconnect
841 after approximately 45 seconds. This option applies to protocol 869 after approximately 45 seconds.
842 version 2 only.
843 870
844 ServerAliveInterval 871 ServerAliveInterval
845 Sets a timeout interval in seconds after which if no data has 872 Sets a timeout interval in seconds after which if no data has
846 been received from the server, ssh(1) will send a message through 873 been received from the server, ssh(1) will send a message through
847 the encrypted channel to request a response from the server. The 874 the encrypted channel to request a response from the server. The
848 default is 0, indicating that these messages will not be sent to 875 default is 0, indicating that these messages will not be sent to
849 the server. This option applies to protocol version 2 only. 876 the server.
850 877
851 StreamLocalBindMask 878 StreamLocalBindMask
852 Sets the octal file creation mode mask (umask) used when creating 879 Sets the octal file creation mode mask (umask) used when creating
@@ -924,7 +951,7 @@ DESCRIPTION
924 graceful key rotation by allowing a server to send replacement 951 graceful key rotation by allowing a server to send replacement
925 public keys before old ones are removed. Additional hostkeys are 952 public keys before old ones are removed. Additional hostkeys are
926 only accepted if the key used to authenticate the host was 953 only accepted if the key used to authenticate the host was
927 already trusted or explicity accepted by the user. If 954 already trusted or explicitly accepted by the user. If
928 UpdateHostKeys is set to M-bM-^@M-^\askM-bM-^@M-^], then the user is asked to confirm 955 UpdateHostKeys is set to M-bM-^@M-^\askM-bM-^@M-^], then the user is asked to confirm
929 the modifications to the known_hosts file. Confirmation is 956 the modifications to the known_hosts file. Confirmation is
930 currently incompatible with ControlPersist, and will be disabled 957 currently incompatible with ControlPersist, and will be disabled
@@ -960,8 +987,7 @@ DESCRIPTION
960 fingerprint match will be displayed, but the user will still need 987 fingerprint match will be displayed, but the user will still need
961 to confirm new host keys according to the StrictHostKeyChecking 988 to confirm new host keys according to the StrictHostKeyChecking
962 option. The argument must be M-bM-^@M-^\yesM-bM-^@M-^], M-bM-^@M-^\noM-bM-^@M-^], or M-bM-^@M-^\askM-bM-^@M-^]. The default 989 option. The argument must be M-bM-^@M-^\yesM-bM-^@M-^], M-bM-^@M-^\noM-bM-^@M-^], or M-bM-^@M-^\askM-bM-^@M-^]. The default
963 is M-bM-^@M-^\noM-bM-^@M-^]. Note that this option applies to protocol version 2 990 is M-bM-^@M-^\noM-bM-^@M-^].
964 only.
965 991
966 See also VERIFYING HOST KEYS in ssh(1). 992 See also VERIFYING HOST KEYS in ssh(1).
967 993
@@ -1023,4 +1049,4 @@ AUTHORS
1023 created OpenSSH. Markus Friedl contributed the support for SSH protocol 1049 created OpenSSH. Markus Friedl contributed the support for SSH protocol
1024 versions 1.5 and 2.0. 1050 versions 1.5 and 2.0.
1025 1051
1026OpenBSD 5.8 August 14, 2015 OpenBSD 5.8 1052OpenBSD 5.9 February 20, 2016 OpenBSD 5.9