diff options
Diffstat (limited to 'ssh_config.0')
-rw-r--r-- | ssh_config.0 | 67 |
1 files changed, 47 insertions, 20 deletions
diff --git a/ssh_config.0 b/ssh_config.0 index 316b2e1ef..ae98748d2 100644 --- a/ssh_config.0 +++ b/ssh_config.0 | |||
@@ -98,8 +98,12 @@ DESCRIPTION | |||
98 | details). If this option is set to confirm, each use of the key | 98 | details). If this option is set to confirm, each use of the key |
99 | must be confirmed, as if the -c option was specified to | 99 | must be confirmed, as if the -c option was specified to |
100 | ssh-add(1). If this option is set to no, no keys are added to | 100 | ssh-add(1). If this option is set to no, no keys are added to |
101 | the agent. The argument must be yes, confirm, ask, or no (the | 101 | the agent. Alternately, this option may be specified as a time |
102 | default). | 102 | interval using the format described in the TIME FORMATS section |
103 | of sshd_config(5) to specify the key's lifetime in ssh-agent(1), | ||
104 | after which it will automatically be removed. The argument must | ||
105 | be no (the default), yes, confirm (optionally followed by a time | ||
106 | interval), ask or a time interval. | ||
103 | 107 | ||
104 | AddressFamily | 108 | AddressFamily |
105 | Specifies which address family to use when connecting. Valid | 109 | Specifies which address family to use when connecting. Valid |
@@ -186,8 +190,9 @@ DESCRIPTION | |||
186 | SecurityKeyProvider. | 190 | SecurityKeyProvider. |
187 | 191 | ||
188 | Arguments to CertificateFile may use the tilde syntax to refer to | 192 | Arguments to CertificateFile may use the tilde syntax to refer to |
189 | a user's home directory or the tokens described in the TOKENS | 193 | a user's home directory, the tokens described in the TOKENS |
190 | section. | 194 | section and environment variables as described in the ENVIRONMENT |
195 | VARIABLES section. | ||
191 | 196 | ||
192 | It is possible to have multiple certificate files specified in | 197 | It is possible to have multiple certificate files specified in |
193 | configuration files; these certificates will be tried in | 198 | configuration files; these certificates will be tried in |
@@ -294,10 +299,11 @@ DESCRIPTION | |||
294 | sharing as described in the ControlMaster section above or the | 299 | sharing as described in the ControlMaster section above or the |
295 | string none to disable connection sharing. Arguments to | 300 | string none to disable connection sharing. Arguments to |
296 | ControlPath may use the tilde syntax to refer to a user's home | 301 | ControlPath may use the tilde syntax to refer to a user's home |
297 | directory or the tokens described in the TOKENS section. It is | 302 | directory, the tokens described in the TOKENS section and |
298 | recommended that any ControlPath used for opportunistic | 303 | environment variables as described in the ENVIRONMENT VARIABLES |
299 | connection sharing include at least %h, %p, and %r (or | 304 | section. It is recommended that any ControlPath used for |
300 | alternatively %C) and be placed in a directory that is not | 305 | opportunistic connection sharing include at least %h, %p, and %r |
306 | (or alternatively %C) and be placed in a directory that is not | ||
301 | writable by other users. This ensures that shared connections | 307 | writable by other users. This ensures that shared connections |
302 | are uniquely identified. | 308 | are uniquely identified. |
303 | 309 | ||
@@ -547,8 +553,9 @@ DESCRIPTION | |||
547 | location of the socket. | 553 | location of the socket. |
548 | 554 | ||
549 | Arguments to IdentityAgent may use the tilde syntax to refer to a | 555 | Arguments to IdentityAgent may use the tilde syntax to refer to a |
550 | user's home directory or the tokens described in the TOKENS | 556 | user's home directory, the tokens described in the TOKENS section |
551 | section. | 557 | and environment variables as described in the ENVIRONMENT |
558 | VARIABLES section. | ||
552 | 559 | ||
553 | IdentityFile | 560 | IdentityFile |
554 | Specifies a file from which the user's DSA, ECDSA, authenticator- | 561 | Specifies a file from which the user's DSA, ECDSA, authenticator- |
@@ -591,8 +598,9 @@ DESCRIPTION | |||
591 | Include the specified configuration file(s). Multiple pathnames | 598 | Include the specified configuration file(s). Multiple pathnames |
592 | may be specified and each pathname may contain glob(7) wildcards | 599 | may be specified and each pathname may contain glob(7) wildcards |
593 | and, for user configurations, shell-like M-bM-^@M-^X~M-bM-^@M-^Y references to user | 600 | and, for user configurations, shell-like M-bM-^@M-^X~M-bM-^@M-^Y references to user |
594 | home directories. Files without absolute paths are assumed to be | 601 | home directories. Wildcards will be expanded and processed in |
595 | in ~/.ssh if included in a user configuration file or /etc/ssh if | 602 | lexical order. Files without absolute paths are assumed to be in |
603 | ~/.ssh if included in a user configuration file or /etc/ssh if | ||
596 | included from the system configuration file. Include directive | 604 | included from the system configuration file. Include directive |
597 | may appear inside a Match or Host block to perform conditional | 605 | may appear inside a Match or Host block to perform conditional |
598 | inclusion. | 606 | inclusion. |
@@ -673,8 +681,9 @@ DESCRIPTION | |||
673 | specific address. The bind_address of localhost indicates that | 681 | specific address. The bind_address of localhost indicates that |
674 | the listening port be bound for local use only, while an empty | 682 | the listening port be bound for local use only, while an empty |
675 | address or M-bM-^@M-^X*M-bM-^@M-^Y indicates that the port should be available from | 683 | address or M-bM-^@M-^X*M-bM-^@M-^Y indicates that the port should be available from |
676 | all interfaces. Unix domain socket paths accept the tokens | 684 | all interfaces. Unix domain socket paths may use the tokens |
677 | described in the TOKENS section. | 685 | described in the TOKENS section and environment variables as |
686 | described in the ENVIRONMENT VARIABLES section. | ||
678 | 687 | ||
679 | LogLevel | 688 | LogLevel |
680 | Gives the verbosity level that is used when logging messages from | 689 | Gives the verbosity level that is used when logging messages from |
@@ -861,8 +870,9 @@ DESCRIPTION | |||
861 | brackets. Multiple forwardings may be specified, and additional | 870 | brackets. Multiple forwardings may be specified, and additional |
862 | forwardings can be given on the command line. Privileged ports | 871 | forwardings can be given on the command line. Privileged ports |
863 | can be forwarded only when logging in as root on the remote | 872 | can be forwarded only when logging in as root on the remote |
864 | machine. Unix domain socket paths accept the tokens described in | 873 | machine. Unix domain socket paths may use the tokens described |
865 | the TOKENS section. | 874 | in the TOKENS section and environment variables as described in |
875 | the ENVIRONMENT VARIABLES section. | ||
866 | 876 | ||
867 | If the port argument is 0, the listen port will be dynamically | 877 | If the port argument is 0, the listen port will be dynamically |
868 | allocated on the server and reported to the client at run time. | 878 | allocated on the server and reported to the client at run time. |
@@ -1053,7 +1063,10 @@ DESCRIPTION | |||
1053 | 1063 | ||
1054 | UserKnownHostsFile | 1064 | UserKnownHostsFile |
1055 | Specifies one or more files to use for the user host key | 1065 | Specifies one or more files to use for the user host key |
1056 | database, separated by whitespace. The default is | 1066 | database, separated by whitespace. Each filename may use tilde |
1067 | notation to refer to the user's home directory, the tokens | ||
1068 | described in the TOKENS section and environment variables as | ||
1069 | described in the ENVIRONMENT VARIABLES section. The default is | ||
1057 | ~/.ssh/known_hosts, ~/.ssh/known_hosts2. | 1070 | ~/.ssh/known_hosts, ~/.ssh/known_hosts2. |
1058 | 1071 | ||
1059 | VerifyHostKeyDNS | 1072 | VerifyHostKeyDNS |
@@ -1122,6 +1135,8 @@ TOKENS | |||
1122 | %d Local user's home directory. | 1135 | %d Local user's home directory. |
1123 | %h The remote hostname. | 1136 | %h The remote hostname. |
1124 | %i The local user ID. | 1137 | %i The local user ID. |
1138 | %k The host key alias if specified, otherwise the orignal remote | ||
1139 | hostname given on the command line. | ||
1125 | %L The local hostname. | 1140 | %L The local hostname. |
1126 | %l The local hostname, including the domain name. | 1141 | %l The local hostname, including the domain name. |
1127 | %n The original remote hostname, as given on the command line. | 1142 | %n The original remote hostname, as given on the command line. |
@@ -1132,8 +1147,8 @@ TOKENS | |||
1132 | %u The local username. | 1147 | %u The local username. |
1133 | 1148 | ||
1134 | CertificateFile, ControlPath, IdentityAgent, IdentityFile, LocalForward, | 1149 | CertificateFile, ControlPath, IdentityAgent, IdentityFile, LocalForward, |
1135 | Match exec, RemoteCommand, and RemoteForward accept the tokens %%, %C, | 1150 | Match exec, RemoteCommand, RemoteForward, and UserKnownHostsFile accept |
1136 | %d, %h, %i, %L, %l, %n, %p, %r, and %u. | 1151 | the tokens %%, %C, %d, %h, %i, %L, %l, %n, %p, %r, and %u. |
1137 | 1152 | ||
1138 | Hostname accepts the tokens %% and %h. | 1153 | Hostname accepts the tokens %% and %h. |
1139 | 1154 | ||
@@ -1141,6 +1156,18 @@ TOKENS | |||
1141 | 1156 | ||
1142 | ProxyCommand accepts the tokens %%, %h, %n, %p, and %r. | 1157 | ProxyCommand accepts the tokens %%, %h, %n, %p, and %r. |
1143 | 1158 | ||
1159 | ENVIRONMENT VARIABLES | ||
1160 | Arguments to some keywords can be expanded at runtime from environment | ||
1161 | variables on the client by enclosing them in ${}, for example | ||
1162 | ${HOME}/.ssh would refer to the user's .ssh directory. If a specified | ||
1163 | environment variable does not exist then an error will be returned and | ||
1164 | the setting for that keyword will be ignored. | ||
1165 | |||
1166 | The keywords CertificateFile, ControlPath, IdentityAgent, IdentityFile | ||
1167 | and UserKnownHostsFile support environment variables. The keywords | ||
1168 | LocalForward and RemoteForward support environment variables only for | ||
1169 | Unix domain socket paths. | ||
1170 | |||
1144 | FILES | 1171 | FILES |
1145 | ~/.ssh/config | 1172 | ~/.ssh/config |
1146 | This is the per-user configuration file. The format of this file | 1173 | This is the per-user configuration file. The format of this file |
@@ -1164,4 +1191,4 @@ AUTHORS | |||
1164 | created OpenSSH. Markus Friedl contributed the support for SSH protocol | 1191 | created OpenSSH. Markus Friedl contributed the support for SSH protocol |
1165 | versions 1.5 and 2.0. | 1192 | versions 1.5 and 2.0. |
1166 | 1193 | ||
1167 | OpenBSD 6.7 April 11, 2020 OpenBSD 6.7 | 1194 | OpenBSD 6.8 August 11, 2020 OpenBSD 6.8 |