diff options
Diffstat (limited to 'ssh_config.0')
| -rw-r--r-- | ssh_config.0 | 35 |
1 files changed, 26 insertions, 9 deletions
diff --git a/ssh_config.0 b/ssh_config.0 index 9822ce8d2..a5a44da14 100644 --- a/ssh_config.0 +++ b/ssh_config.0 | |||
| @@ -9,9 +9,10 @@ SYNOPSIS | |||
| 9 | 9 | ||
| 10 | DESCRIPTION | 10 | DESCRIPTION |
| 11 | ssh obtains configuration data from the following sources in the followM-- | 11 | ssh obtains configuration data from the following sources in the followM-- |
| 12 | ing order: command line options, user's configuration file | 12 | ing order: |
| 13 | ($HOME/.ssh/config), and system-wide configuration file | 13 | 1. command-line options |
| 14 | (/etc/ssh/ssh_config). | 14 | 2. user's configuration file ($HOME/.ssh/config) |
| 15 | 3. system-wide configuration file (/etc/ssh/ssh_config) | ||
| 15 | 16 | ||
| 16 | For each parameter, the first obtained value will be used. The configuM-- | 17 | For each parameter, the first obtained value will be used. The configuM-- |
| 17 | ration files contain sections bracketed by ``Host'' specifications, and | 18 | ration files contain sections bracketed by ``Host'' specifications, and |
| @@ -133,11 +134,25 @@ DESCRIPTION | |||
| 133 | any) will be forwarded to the remote machine. The argument must | 134 | any) will be forwarded to the remote machine. The argument must |
| 134 | be ``yes'' or ``no''. The default is ``no''. | 135 | be ``yes'' or ``no''. The default is ``no''. |
| 135 | 136 | ||
| 137 | Agent forwarding should be enabled with caution. Users with the | ||
| 138 | ability to bypass file permissions on the remote host (for the | ||
| 139 | agent's Unix-domain socket) can access the local agent through | ||
| 140 | the forwarded connection. An attacker cannot obtain key material | ||
| 141 | from the agent, however they can perform operations on the keys | ||
| 142 | that enable them to authenticate using the identities loaded into | ||
| 143 | the agent. | ||
| 144 | |||
| 136 | ForwardX11 | 145 | ForwardX11 |
| 137 | Specifies whether X11 connections will be automatically rediM-- | 146 | Specifies whether X11 connections will be automatically rediM-- |
| 138 | rected over the secure channel and DISPLAY set. The argument | 147 | rected over the secure channel and DISPLAY set. The argument |
| 139 | must be ``yes'' or ``no''. The default is ``no''. | 148 | must be ``yes'' or ``no''. The default is ``no''. |
| 140 | 149 | ||
| 150 | X11 forwarding should be enabled with caution. Users with the | ||
| 151 | ability to bypass file permissions on the remote host (for the | ||
| 152 | user's X authorization database) can access the local X11 display | ||
| 153 | through the forwarded connection. An attacker may then be able | ||
| 154 | to perform activities such as keystroke monitoring. | ||
| 155 | |||
| 141 | GatewayPorts | 156 | GatewayPorts |
| 142 | Specifies whether remote hosts are allowed to connect to local | 157 | Specifies whether remote hosts are allowed to connect to local |
| 143 | forwarded ports. By default, ssh binds local port forwardings to | 158 | forwarded ports. By default, ssh binds local port forwardings to |
| @@ -301,7 +316,8 @@ DESCRIPTION | |||
| 301 | tication because it is not secure (see RhostsRSAAuthentication). | 316 | tication because it is not secure (see RhostsRSAAuthentication). |
| 302 | The argument to this keyword must be ``yes'' or ``no''. The | 317 | The argument to this keyword must be ``yes'' or ``no''. The |
| 303 | default is ``no''. This option applies to protocol version 1 | 318 | default is ``no''. This option applies to protocol version 1 |
| 304 | only. | 319 | only and requires ssh to be setuid root and UsePrivilegedPort to |
| 320 | be set to ``yes''. | ||
| 305 | 321 | ||
| 306 | RhostsRSAAuthentication | 322 | RhostsRSAAuthentication |
| 307 | Specifies whether to try rhosts based authentication with RSA | 323 | Specifies whether to try rhosts based authentication with RSA |
| @@ -342,9 +358,10 @@ DESCRIPTION | |||
| 342 | UsePrivilegedPort | 358 | UsePrivilegedPort |
| 343 | Specifies whether to use a privileged port for outgoing connecM-- | 359 | Specifies whether to use a privileged port for outgoing connecM-- |
| 344 | tions. The argument must be ``yes'' or ``no''. The default is | 360 | tions. The argument must be ``yes'' or ``no''. The default is |
| 345 | ``no''. Note that this option must be set to ``yes'' if | 361 | ``no''. If set to ``yes'' ssh must be setuid root. Note that |
| 346 | RhostsAuthentication and RhostsRSAAuthentication authentications | 362 | this option must be set to ``yes'' if RhostsAuthentication and |
| 347 | are needed with older servers. | 363 | RhostsRSAAuthentication authentications are needed with older |
| 364 | servers. | ||
| 348 | 365 | ||
| 349 | User Specifies the user to log in as. This can be useful when a difM-- | 366 | User Specifies the user to log in as. This can be useful when a difM-- |
| 350 | ferent user name is used on different machines. This saves the | 367 | ferent user name is used on different machines. This saves the |
| @@ -356,8 +373,8 @@ DESCRIPTION | |||
| 356 | $HOME/.ssh/known_hosts. | 373 | $HOME/.ssh/known_hosts. |
| 357 | 374 | ||
| 358 | XAuthLocation | 375 | XAuthLocation |
| 359 | Specifies the location of the xauth(1) program. The default is | 376 | Specifies the full pathname of the xauth(1) program. The default |
| 360 | /usr/X11R6/bin/xauth. | 377 | is /usr/X11R6/bin/xauth. |
| 361 | 378 | ||
| 362 | FILES | 379 | FILES |
| 363 | $HOME/.ssh/config | 380 | $HOME/.ssh/config |