summaryrefslogtreecommitdiff
path: root/ssh_config.5
diff options
context:
space:
mode:
authorColin Watson <cjwatson@debian.org>2011-09-06 09:45:52 +0100
committerColin Watson <cjwatson@debian.org>2011-09-06 09:45:52 +0100
commitf38224d546cdde55f45c13d3d8225d273a3f920e (patch)
treea91a26b88ac90dc72d0ea3767feabb341eaa50a8 /ssh_config.5
parent338146a3fc257e216fe5c10fe40e6896b40d7739 (diff)
parente90790abaf031e037f444a6658e136e48577ea49 (diff)
merge 5.9p1
Diffstat (limited to 'ssh_config.5')
-rw-r--r--ssh_config.570
1 files changed, 57 insertions, 13 deletions
diff --git a/ssh_config.5 b/ssh_config.5
index 269d3941b..9e1e9a6af 100644
--- a/ssh_config.5
+++ b/ssh_config.5
@@ -33,8 +33,8 @@
33.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 33.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
34.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 34.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
35.\" 35.\"
36.\" $OpenBSD: ssh_config.5,v 1.146 2010/12/08 04:02:47 djm Exp $ 36.\" $OpenBSD: ssh_config.5,v 1.153 2011/08/02 01:22:11 djm Exp $
37.Dd $Mdocdate: December 8 2010 $ 37.Dd $Mdocdate: August 2 2011 $
38.Dt SSH_CONFIG 5 38.Dt SSH_CONFIG 5
39.Os 39.Os
40.Sh NAME 40.Sh NAME
@@ -112,6 +112,15 @@ The host is the
112argument given on the command line (i.e. the name is not converted to 112argument given on the command line (i.e. the name is not converted to
113a canonicalized host name before matching). 113a canonicalized host name before matching).
114.Pp 114.Pp
115A pattern entry may be negated by prefixing it with an exclamation mark
116.Pq Sq !\& .
117If a negated entry is matched, then the
118.Cm Host
119entry is ignored, regardless of whether any other patterns on the line
120match.
121Negated matches are therefore useful to provide exceptions for wildcard
122matches.
123.Pp
115See 124See
116.Sx PATTERNS 125.Sx PATTERNS
117for more information on patterns. 126for more information on patterns.
@@ -305,14 +314,22 @@ section above or the string
305.Dq none 314.Dq none
306to disable connection sharing. 315to disable connection sharing.
307In the path, 316In the path,
317.Ql %L
318will be substituted by the first component of the local host name,
308.Ql %l 319.Ql %l
309will be substituted by the local host name, 320will be substituted by the local host name (including any domain name),
310.Ql %h 321.Ql %h
311will be substituted by the target host name, 322will be substituted by the target host name,
323.Ql %n
324will be substituted by the original target host name
325specified on the command line,
312.Ql %p 326.Ql %p
313the port, and 327the port,
314.Ql %r 328.Ql %r
315by the remote login username. 329by the remote login username, and
330.Ql %u
331by the username of the user running
332.Xr ssh 1 .
316It is recommended that any 333It is recommended that any
317.Cm ControlPath 334.Cm ControlPath
318used for opportunistic connection sharing include 335used for opportunistic connection sharing include
@@ -500,9 +517,11 @@ or
500The default is 517The default is
501.Dq no . 518.Dq no .
502.It Cm GlobalKnownHostsFile 519.It Cm GlobalKnownHostsFile
503Specifies a file to use for the global 520Specifies one or more files to use for the global
504host key database instead of 521host key database, separated by whitespace.
505.Pa /etc/ssh/ssh_known_hosts . 522The default is
523.Pa /etc/ssh/ssh_known_hosts ,
524.Pa /etc/ssh/ssh_known_hosts2 .
506.It Cm GSSAPIAuthentication 525.It Cm GSSAPIAuthentication
507Specifies whether user authentication based on GSSAPI is allowed. 526Specifies whether user authentication based on GSSAPI is allowed.
508The default is 527The default is
@@ -601,7 +620,7 @@ Specifies the real host name to log into.
601This can be used to specify nicknames or abbreviations for hosts. 620This can be used to specify nicknames or abbreviations for hosts.
602If the hostname contains the character sequence 621If the hostname contains the character sequence
603.Ql %h , 622.Ql %h ,
604then this will be replaced with the host name specified on the commandline 623then this will be replaced with the host name specified on the command line
605(this is useful for manipulating unqualified names). 624(this is useful for manipulating unqualified names).
606The default is the name given on the command line. 625The default is the name given on the command line.
607Numeric IP addresses are also permitted (both on the command line and in 626Numeric IP addresses are also permitted (both on the command line and in
@@ -661,6 +680,10 @@ escape characters:
661It is possible to have 680It is possible to have
662multiple identity files specified in configuration files; all these 681multiple identity files specified in configuration files; all these
663identities will be tried in sequence. 682identities will be tried in sequence.
683Multiple
684.Cm IdentityFile
685directives will add to the list of identities tried (this behaviour
686differs from that of other configuration directives).
664.It Cm IPQoS 687.It Cm IPQoS
665Specifies the IPv4 type-of-service or DSCP class for connections. 688Specifies the IPv4 type-of-service or DSCP class for connections.
666Accepted values are 689Accepted values are
@@ -802,7 +825,9 @@ Multiple algorithms must be comma-separated.
802The default is: 825The default is:
803.Bd -literal -offset indent 826.Bd -literal -offset indent
804hmac-md5,hmac-sha1,umac-64@openssh.com, 827hmac-md5,hmac-sha1,umac-64@openssh.com,
805hmac-ripemd160,hmac-sha1-96,hmac-md5-96 828hmac-ripemd160,hmac-sha1-96,hmac-md5-96,
829hmac-sha2-256,hmac-sha2-256-96,hmac-sha2-512,
830hmac-sha2-512-96
806.Ed 831.Ed
807.It Cm NoHostAuthenticationForLocalhost 832.It Cm NoHostAuthenticationForLocalhost
808This option can be used if the home directory is shared across machines. 833This option can be used if the home directory is shared across machines.
@@ -975,6 +1000,23 @@ will only succeed if the server's
975.Cm GatewayPorts 1000.Cm GatewayPorts
976option is enabled (see 1001option is enabled (see
977.Xr sshd_config 5 ) . 1002.Xr sshd_config 5 ) .
1003.It Cm RequestTTY
1004Specifies whether to request a pseudo-tty for the session.
1005The argument may be one of:
1006.Dq no
1007(never request a TTY),
1008.Dq yes
1009(always request a TTY when standard input is a TTY),
1010.Dq force
1011(always request a TTY) or
1012.Dq auto
1013(request a TTY when opening a login session).
1014This option mirrors the
1015.Fl t
1016and
1017.Fl T
1018flags for
1019.Xr ssh 1 .
978.It Cm RhostsRSAAuthentication 1020.It Cm RhostsRSAAuthentication
979Specifies whether to try rhosts based authentication with RSA host 1021Specifies whether to try rhosts based authentication with RSA host
980authentication. 1022authentication.
@@ -1169,9 +1211,11 @@ This can be useful when a different user name is used on different machines.
1169This saves the trouble of 1211This saves the trouble of
1170having to remember to give the user name on the command line. 1212having to remember to give the user name on the command line.
1171.It Cm UserKnownHostsFile 1213.It Cm UserKnownHostsFile
1172Specifies a file to use for the user 1214Specifies one or more files to use for the user
1173host key database instead of 1215host key database, separated by whitespace.
1174.Pa ~/.ssh/known_hosts . 1216The default is
1217.Pa ~/.ssh/known_hosts ,
1218.Pa ~/.ssh/known_hosts2 .
1175.It Cm VerifyHostKeyDNS 1219.It Cm VerifyHostKeyDNS
1176Specifies whether to verify the remote key using DNS and SSHFP resource 1220Specifies whether to verify the remote key using DNS and SSHFP resource
1177records. 1221records.