summaryrefslogtreecommitdiff
path: root/ssh_config.0
diff options
context:
space:
mode:
Diffstat (limited to 'ssh_config.0')
-rw-r--r--ssh_config.094
1 files changed, 54 insertions, 40 deletions
diff --git a/ssh_config.0 b/ssh_config.0
index 10f1c2e9d..94ef73676 100644
--- a/ssh_config.0
+++ b/ssh_config.0
@@ -171,7 +171,7 @@ DESCRIPTION
171 Specifies which algorithms are allowed for signing of 171 Specifies which algorithms are allowed for signing of
172 certificates by certificate authorities (CAs). The default is: 172 certificates by certificate authorities (CAs). The default is:
173 173
174 ecdsa-sha2-nistp256.ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, 174 ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
175 ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa 175 ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa
176 176
177 ssh(1) will not accept host certificates signed using algorithms 177 ssh(1) will not accept host certificates signed using algorithms
@@ -206,12 +206,14 @@ DESCRIPTION
206 206
207 Ciphers 207 Ciphers
208 Specifies the ciphers allowed and their order of preference. 208 Specifies the ciphers allowed and their order of preference.
209 Multiple ciphers must be comma-separated. If the specified value 209 Multiple ciphers must be comma-separated. If the specified list
210 begins with a M-bM-^@M-^X+M-bM-^@M-^Y character, then the specified ciphers will be 210 begins with a M-bM-^@M-^X+M-bM-^@M-^Y character, then the specified ciphers will be
211 appended to the default set instead of replacing them. If the 211 appended to the default set instead of replacing them. If the
212 specified value begins with a M-bM-^@M-^X-M-bM-^@M-^Y character, then the specified 212 specified list begins with a M-bM-^@M-^X-M-bM-^@M-^Y character, then the specified
213 ciphers (including wildcards) will be removed from the default 213 ciphers (including wildcards) will be removed from the default
214 set instead of replacing them. 214 set instead of replacing them. If the specified list begins with
215 a M-bM-^@M-^X^M-bM-^@M-^Y character, then the specified ciphers will be placed at the
216 head of the default set.
215 217
216 The supported ciphers are: 218 The supported ciphers are:
217 219
@@ -255,8 +257,9 @@ DESCRIPTION
255 ConnectTimeout 257 ConnectTimeout
256 Specifies the timeout (in seconds) used when connecting to the 258 Specifies the timeout (in seconds) used when connecting to the
257 SSH server, instead of using the default system TCP timeout. 259 SSH server, instead of using the default system TCP timeout.
258 This value is used only when the target is down or really 260 This timeout is applied both to establishing the connection and
259 unreachable, not when it refuses the connection. 261 to performing the initial SSH protocol handshake and key
262 exchange.
260 263
261 ControlMaster 264 ControlMaster
262 Enables the sharing of multiple sessions over a single network 265 Enables the sharing of multiple sessions over a single network
@@ -445,12 +448,14 @@ DESCRIPTION
445 HostbasedKeyTypes 448 HostbasedKeyTypes
446 Specifies the key types that will be used for hostbased 449 Specifies the key types that will be used for hostbased
447 authentication as a comma-separated list of patterns. 450 authentication as a comma-separated list of patterns.
448 Alternately if the specified value begins with a M-bM-^@M-^X+M-bM-^@M-^Y character, 451 Alternately if the specified list begins with a M-bM-^@M-^X+M-bM-^@M-^Y character,
449 then the specified key types will be appended to the default set 452 then the specified key types will be appended to the default set
450 instead of replacing them. If the specified value begins with a 453 instead of replacing them. If the specified list begins with a
451 M-bM-^@M-^X-M-bM-^@M-^Y character, then the specified key types (including wildcards) 454 M-bM-^@M-^X-M-bM-^@M-^Y character, then the specified key types (including wildcards)
452 will be removed from the default set instead of replacing them. 455 will be removed from the default set instead of replacing them.
453 The default for this option is: 456 If the specified list begins with a M-bM-^@M-^X^M-bM-^@M-^Y character, then the
457 specified key types will be placed at the head of the default
458 set. The default for this option is:
454 459
455 ecdsa-sha2-nistp256-cert-v01@openssh.com, 460 ecdsa-sha2-nistp256-cert-v01@openssh.com,
456 ecdsa-sha2-nistp384-cert-v01@openssh.com, 461 ecdsa-sha2-nistp384-cert-v01@openssh.com,
@@ -465,12 +470,14 @@ DESCRIPTION
465 470
466 HostKeyAlgorithms 471 HostKeyAlgorithms
467 Specifies the host key algorithms that the client wants to use in 472 Specifies the host key algorithms that the client wants to use in
468 order of preference. Alternately if the specified value begins 473 order of preference. Alternately if the specified list begins
469 with a M-bM-^@M-^X+M-bM-^@M-^Y character, then the specified key types will be 474 with a M-bM-^@M-^X+M-bM-^@M-^Y character, then the specified key types will be
470 appended to the default set instead of replacing them. If the 475 appended to the default set instead of replacing them. If the
471 specified value begins with a M-bM-^@M-^X-M-bM-^@M-^Y character, then the specified 476 specified list begins with a M-bM-^@M-^X-M-bM-^@M-^Y character, then the specified
472 key types (including wildcards) will be removed from the default 477 key types (including wildcards) will be removed from the default
473 set instead of replacing them. The default for this option is: 478 set instead of replacing them. If the specified list begins with
479 a M-bM-^@M-^X^M-bM-^@M-^Y character, then the specified key types will be placed at
480 the head of the default set. The default for this option is:
474 481
475 ecdsa-sha2-nistp256-cert-v01@openssh.com, 482 ecdsa-sha2-nistp256-cert-v01@openssh.com,
476 ecdsa-sha2-nistp384-cert-v01@openssh.com, 483 ecdsa-sha2-nistp384-cert-v01@openssh.com,
@@ -494,19 +501,20 @@ DESCRIPTION
494 option is useful for tunneling SSH connections or for multiple 501 option is useful for tunneling SSH connections or for multiple
495 servers running on a single host. 502 servers running on a single host.
496 503
497 HostName 504 Hostname
498 Specifies the real host name to log into. This can be used to 505 Specifies the real host name to log into. This can be used to
499 specify nicknames or abbreviations for hosts. Arguments to 506 specify nicknames or abbreviations for hosts. Arguments to
500 HostName accept the tokens described in the TOKENS section. 507 Hostname accept the tokens described in the TOKENS section.
501 Numeric IP addresses are also permitted (both on the command line 508 Numeric IP addresses are also permitted (both on the command line
502 and in HostName specifications). The default is the name given 509 and in Hostname specifications). The default is the name given
503 on the command line. 510 on the command line.
504 511
505 IdentitiesOnly 512 IdentitiesOnly
506 Specifies that ssh(1) should only use the authentication identity 513 Specifies that ssh(1) should only use the configured
507 and certificate files explicitly configured in the ssh_config 514 authentication identity and certificate files (either the default
508 files or passed on the ssh(1) command-line, even if ssh-agent(1) 515 files, or those explicitly configured in the ssh_config files or
509 or a PKCS11Provider offers more identities. The argument to this 516 passed on the ssh(1) command-line), even if ssh-agent(1) or a
517 PKCS11Provider offers more identities. The argument to this
510 keyword must be yes or no (the default). This option is intended 518 keyword must be yes or no (the default). This option is intended
511 for situations where ssh-agent offers many different identities. 519 for situations where ssh-agent offers many different identities.
512 520
@@ -597,12 +605,14 @@ DESCRIPTION
597 605
598 KexAlgorithms 606 KexAlgorithms
599 Specifies the available KEX (Key Exchange) algorithms. Multiple 607 Specifies the available KEX (Key Exchange) algorithms. Multiple
600 algorithms must be comma-separated. Alternately if the specified 608 algorithms must be comma-separated. If the specified list begins
601 value begins with a M-bM-^@M-^X+M-bM-^@M-^Y character, then the specified methods 609 with a M-bM-^@M-^X+M-bM-^@M-^Y character, then the specified methods will be appended
602 will be appended to the default set instead of replacing them. 610 to the default set instead of replacing them. If the specified
603 If the specified value begins with a M-bM-^@M-^X-M-bM-^@M-^Y character, then the 611 list begins with a M-bM-^@M-^X-M-bM-^@M-^Y character, then the specified methods
604 specified methods (including wildcards) will be removed from the 612 (including wildcards) will be removed from the default set
605 default set instead of replacing them. The default is: 613 instead of replacing them. If the specified list begins with a
614 M-bM-^@M-^X^M-bM-^@M-^Y character, then the specified methods will be placed at the
615 head of the default set. The default is:
606 616
607 curve25519-sha256,curve25519-sha256@libssh.org, 617 curve25519-sha256,curve25519-sha256@libssh.org,
608 ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521, 618 ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,
@@ -655,12 +665,14 @@ DESCRIPTION
655 MACs Specifies the MAC (message authentication code) algorithms in 665 MACs Specifies the MAC (message authentication code) algorithms in
656 order of preference. The MAC algorithm is used for data 666 order of preference. The MAC algorithm is used for data
657 integrity protection. Multiple algorithms must be comma- 667 integrity protection. Multiple algorithms must be comma-
658 separated. If the specified value begins with a M-bM-^@M-^X+M-bM-^@M-^Y character, 668 separated. If the specified list begins with a M-bM-^@M-^X+M-bM-^@M-^Y character,
659 then the specified algorithms will be appended to the default set 669 then the specified algorithms will be appended to the default set
660 instead of replacing them. If the specified value begins with a 670 instead of replacing them. If the specified list begins with a
661 M-bM-^@M-^X-M-bM-^@M-^Y character, then the specified algorithms (including 671 M-bM-^@M-^X-M-bM-^@M-^Y character, then the specified algorithms (including
662 wildcards) will be removed from the default set instead of 672 wildcards) will be removed from the default set instead of
663 replacing them. 673 replacing them. If the specified list begins with a M-bM-^@M-^X^M-bM-^@M-^Y
674 character, then the specified algorithms will be placed at the
675 head of the default set.
664 676
665 The algorithms that contain "-etm" calculate the MAC after 677 The algorithms that contain "-etm" calculate the MAC after
666 encryption (encrypt-then-mac). These are considered safer and 678 encryption (encrypt-then-mac). These are considered safer and
@@ -724,7 +736,7 @@ DESCRIPTION
724 should read from its standard input and write to its standard 736 should read from its standard input and write to its standard
725 output. It should eventually connect an sshd(8) server running 737 output. It should eventually connect an sshd(8) server running
726 on some machine, or execute sshd -i somewhere. Host key 738 on some machine, or execute sshd -i somewhere. Host key
727 management will be done using the HostName of the host being 739 management will be done using the Hostname of the host being
728 connected (defaulting to the name typed by the user). Setting 740 connected (defaulting to the name typed by the user). Setting
729 the command to none disables this option entirely. Note that 741 the command to none disables this option entirely. Note that
730 CheckHostIP is not available for connects with a proxy command. 742 CheckHostIP is not available for connects with a proxy command.
@@ -759,13 +771,15 @@ DESCRIPTION
759 771
760 PubkeyAcceptedKeyTypes 772 PubkeyAcceptedKeyTypes
761 Specifies the key types that will be used for public key 773 Specifies the key types that will be used for public key
762 authentication as a comma-separated list of patterns. 774 authentication as a comma-separated list of patterns. If the
763 Alternately if the specified value begins with a M-bM-^@M-^X+M-bM-^@M-^Y character, 775 specified list begins with a M-bM-^@M-^X+M-bM-^@M-^Y character, then the key types
764 then the key types after it will be appended to the default 776 after it will be appended to the default instead of replacing it.
765 instead of replacing it. If the specified value begins with a 777 If the specified list begins with a M-bM-^@M-^X-M-bM-^@M-^Y character, then the
766 M-bM-^@M-^X-M-bM-^@M-^Y character, then the specified key types (including wildcards) 778 specified key types (including wildcards) will be removed from
767 will be removed from the default set instead of replacing them. 779 the default set instead of replacing them. If the specified list
768 The default for this option is: 780 begins with a M-bM-^@M-^X^M-bM-^@M-^Y character, then the specified key types will be
781 placed at the head of the default set. The default for this
782 option is:
769 783
770 ecdsa-sha2-nistp256-cert-v01@openssh.com, 784 ecdsa-sha2-nistp256-cert-v01@openssh.com,
771 ecdsa-sha2-nistp384-cert-v01@openssh.com, 785 ecdsa-sha2-nistp384-cert-v01@openssh.com,
@@ -876,7 +890,7 @@ DESCRIPTION
876 therefore will not be spoofable. The TCP keepalive option 890 therefore will not be spoofable. The TCP keepalive option
877 enabled by TCPKeepAlive is spoofable. The server alive mechanism 891 enabled by TCPKeepAlive is spoofable. The server alive mechanism
878 is valuable when the client or server depend on knowing when a 892 is valuable when the client or server depend on knowing when a
879 connection has become inactive. 893 connection has become unresponsive.
880 894
881 The default value is 3. If, for example, ServerAliveInterval 895 The default value is 3. If, for example, ServerAliveInterval
882 (see below) is set to 15 and ServerAliveCountMax is left at the 896 (see below) is set to 15 and ServerAliveCountMax is left at the
@@ -1080,7 +1094,7 @@ TOKENS
1080 ControlPath accepts the tokens %%, %C, %h, %i, %L, %l, %n, %p, %r, and 1094 ControlPath accepts the tokens %%, %C, %h, %i, %L, %l, %n, %p, %r, and
1081 %u. 1095 %u.
1082 1096
1083 HostName accepts the tokens %% and %h. 1097 Hostname accepts the tokens %% and %h.
1084 1098
1085 IdentityAgent and IdentityFile accept the tokens %%, %d, %h, %i, %l, %r, 1099 IdentityAgent and IdentityFile accept the tokens %%, %d, %h, %i, %l, %r,
1086 and %u. 1100 and %u.
@@ -1088,7 +1102,7 @@ TOKENS
1088 LocalCommand accepts the tokens %%, %C, %d, %h, %i, %l, %n, %p, %r, %T, 1102 LocalCommand accepts the tokens %%, %C, %d, %h, %i, %l, %n, %p, %r, %T,
1089 and %u. 1103 and %u.
1090 1104
1091 ProxyCommand accepts the tokens %%, %h, %p, and %r. 1105 ProxyCommand accepts the tokens %%, %h, %n, %p, and %r.
1092 1106
1093 RemoteCommand accepts the tokens %%, %C, %d, %h, %i, %l, %n, %p, %r, and 1107 RemoteCommand accepts the tokens %%, %C, %d, %h, %i, %l, %n, %p, %r, and
1094 %u. 1108 %u.
@@ -1116,4 +1130,4 @@ AUTHORS
1116 created OpenSSH. Markus Friedl contributed the support for SSH protocol 1130 created OpenSSH. Markus Friedl contributed the support for SSH protocol
1117 versions 1.5 and 2.0. 1131 versions 1.5 and 2.0.
1118 1132
1119OpenBSD 6.5 March 1, 2019 OpenBSD 6.5 1133OpenBSD 6.6 September 13, 2019 OpenBSD 6.6
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-11 11:32:14 +0000