diff options
Diffstat (limited to 'ssh_config.0')
| -rw-r--r-- | ssh_config.0 | 63 |
1 files changed, 48 insertions, 15 deletions
diff --git a/ssh_config.0 b/ssh_config.0 index d1a6ab364..9577abc48 100644 --- a/ssh_config.0 +++ b/ssh_config.0 | |||
| @@ -15,7 +15,7 @@ DESCRIPTION | |||
| 15 | 3. system-wide configuration file (/etc/ssh/ssh_config) | 15 | 3. system-wide configuration file (/etc/ssh/ssh_config) |
| 16 | 16 | ||
| 17 | For each parameter, the first obtained value will be used. The configu- | 17 | For each parameter, the first obtained value will be used. The configu- |
| 18 | ration files contain sections bracketed by ``Host'' specifications, and | 18 | ration files contain sections separated by ``Host'' specifications, and |
| 19 | that section is only applied for hosts that match one of the patterns | 19 | that section is only applied for hosts that match one of the patterns |
| 20 | given in the specification. The matched host name is the one given on | 20 | given in the specification. The matched host name is the one given on |
| 21 | the command line. | 21 | the command line. |
| @@ -47,8 +47,8 @@ DESCRIPTION | |||
| 47 | 47 | ||
| 48 | AddressFamily | 48 | AddressFamily |
| 49 | Specifies which address family to use when connecting. Valid ar- | 49 | Specifies which address family to use when connecting. Valid ar- |
| 50 | guments are ``any'', ``inet'' (Use IPv4 only) or ``inet6'' (Use | 50 | guments are ``any'', ``inet'' (use IPv4 only) or ``inet6'' (use |
| 51 | IPv6 only.) | 51 | IPv6 only). |
| 52 | 52 | ||
| 53 | BatchMode | 53 | BatchMode |
| 54 | If set to ``yes'', passphrase/password querying will be disabled. | 54 | If set to ``yes'', passphrase/password querying will be disabled. |
| @@ -189,10 +189,14 @@ DESCRIPTION | |||
| 189 | 189 | ||
| 190 | ForwardX11Trusted | 190 | ForwardX11Trusted |
| 191 | If this option is set to ``yes'' then remote X11 clients will | 191 | If this option is set to ``yes'' then remote X11 clients will |
| 192 | have full access to the original X11 display. If this option is | 192 | have full access to the original X11 display. |
| 193 | set to ``no'' then remote X11 clients will be considered untrust- | 193 | |
| 194 | ed and prevented from stealing or tampering with data belonging | 194 | If this option is set to ``no'' then remote X11 clients will be |
| 195 | to trusted X11 clients. | 195 | considered untrusted and prevented from stealing or tampering |
| 196 | with data belonging to trusted X11 clients. Furthermore, the | ||
| 197 | xauth(1) token used for the session will be set to expire after | ||
| 198 | 20 minutes. Remote clients will be refused access after this | ||
| 199 | time. | ||
| 196 | 200 | ||
| 197 | The default is ``no''. | 201 | The default is ``no''. |
| 198 | 202 | ||
| @@ -222,6 +226,15 @@ DESCRIPTION | |||
| 222 | ``no''. Note that this option applies to protocol version 2 on- | 226 | ``no''. Note that this option applies to protocol version 2 on- |
| 223 | ly. | 227 | ly. |
| 224 | 228 | ||
| 229 | HashKnownHosts | ||
| 230 | Indicates that ssh should hash host names and addresses when they | ||
| 231 | are added to $HOME/.ssh/known_hosts. These hashed names may be | ||
| 232 | used normally by ssh and sshd, but they do not reveal identifying | ||
| 233 | information should the file's contents be disclosed. The default | ||
| 234 | is ``no''. Note that hashing of names and addresses will not be | ||
| 235 | retrospectively applied to existing known hosts files, but these | ||
| 236 | may be manually hashed using ssh-keygen(1). | ||
| 237 | |||
| 225 | HostbasedAuthentication | 238 | HostbasedAuthentication |
| 226 | Specifies whether to try rhosts based authentication with public | 239 | Specifies whether to try rhosts based authentication with public |
| 227 | key authentication. The argument must be ``yes'' or ``no''. The | 240 | key authentication. The argument must be ``yes'' or ``no''. The |
| @@ -265,14 +278,26 @@ DESCRIPTION | |||
| 265 | ssh-agent offers many different identities. The default is | 278 | ssh-agent offers many different identities. The default is |
| 266 | ``no''. | 279 | ``no''. |
| 267 | 280 | ||
| 281 | KbdInteractiveDevices | ||
| 282 | Specifies the list of methods to use in keyboard-interactive au- | ||
| 283 | thentication. Multiple method names must be comma-separated. | ||
| 284 | The default is to use the server specified list. | ||
| 285 | |||
| 268 | LocalForward | 286 | LocalForward |
| 269 | Specifies that a TCP/IP port on the local machine be forwarded | 287 | Specifies that a TCP/IP port on the local machine be forwarded |
| 270 | over the secure channel to the specified host and port from the | 288 | over the secure channel to the specified host and port from the |
| 271 | remote machine. The first argument must be a port number, and | 289 | remote machine. The first argument must be a port number, and |
| 272 | the second must be host:port. IPv6 addresses can be specified | 290 | the second must be [bind_address:]host:port. IPv6 addresses can |
| 273 | with an alternative syntax: host/port. Multiple forwardings may | 291 | be specified by enclosing addresses in square brackets or by us- |
| 274 | be specified, and additional forwardings can be given on the com- | 292 | ing an alternative syntax: [bind_address/]host/port. Multiple |
| 275 | mand line. Only the superuser can forward privileged ports. | 293 | forwardings may be specified, and additional forwardings can be |
| 294 | given on the command line. Only the superuser can forward privi- | ||
| 295 | leged ports. By default, the local port is bound in accordance | ||
| 296 | with the GatewayPorts setting. However, an explicit bind_address | ||
| 297 | may be used to bind the connection to a specific address. The | ||
| 298 | bind_address of ``localhost'' indicates that the listening port | ||
| 299 | be bound for local use only, while an empty address or `*' indi- | ||
| 300 | cates that the port should be available from all interfaces. | ||
| 276 | 301 | ||
| 277 | LogLevel | 302 | LogLevel |
| 278 | Gives the verbosity level that is used when logging messages from | 303 | Gives the verbosity level that is used when logging messages from |
| @@ -345,10 +370,18 @@ DESCRIPTION | |||
| 345 | Specifies that a TCP/IP port on the remote machine be forwarded | 370 | Specifies that a TCP/IP port on the remote machine be forwarded |
| 346 | over the secure channel to the specified host and port from the | 371 | over the secure channel to the specified host and port from the |
| 347 | local machine. The first argument must be a port number, and the | 372 | local machine. The first argument must be a port number, and the |
| 348 | second must be host:port. IPv6 addresses can be specified with | 373 | second must be [bind_address:]host:port. IPv6 addresses can be |
| 349 | an alternative syntax: host/port. Multiple forwardings may be | 374 | specified by enclosing any addresses in square brackets or by us- |
| 350 | specified, and additional forwardings can be given on the command | 375 | ing the alternative syntax: [bind_address/]host/port. Multiple |
| 351 | line. Only the superuser can forward privileged ports. | 376 | forwardings may be specified, and additional forwardings can be |
| 377 | given on the command line. Only the superuser can forward privi- | ||
| 378 | leged ports. | ||
| 379 | |||
| 380 | If the bind_address is not specified, the default is to only bind | ||
| 381 | to loopback addresses. If the bind_address is `*' or an empty | ||
| 382 | string, then the forwarding is requested to listen on all inter- | ||
| 383 | faces. Specifying a remote bind_address will only succeed if the | ||
| 384 | server's GatewayPorts option is enabled (see sshd_config(5)). | ||
| 352 | 385 | ||
| 353 | RhostsRSAAuthentication | 386 | RhostsRSAAuthentication |
| 354 | Specifies whether to try rhosts based authentication with RSA | 387 | Specifies whether to try rhosts based authentication with RSA |