diff options
Diffstat (limited to 'ssh_config.0')
-rw-r--r-- | ssh_config.0 | 82 |
1 files changed, 54 insertions, 28 deletions
diff --git a/ssh_config.0 b/ssh_config.0 index 92be76b6d..a2706b69c 100644 --- a/ssh_config.0 +++ b/ssh_config.0 | |||
@@ -4,14 +4,14 @@ NAME | |||
4 | ssh_config - OpenSSH SSH client configuration files | 4 | ssh_config - OpenSSH SSH client configuration files |
5 | 5 | ||
6 | SYNOPSIS | 6 | SYNOPSIS |
7 | $HOME/.ssh/config | 7 | ~/.ssh/config |
8 | /etc/ssh/ssh_config | 8 | /etc/ssh/ssh_config |
9 | 9 | ||
10 | DESCRIPTION | 10 | DESCRIPTION |
11 | ssh obtains configuration data from the following sources in the follow- | 11 | ssh obtains configuration data from the following sources in the follow- |
12 | ing order: | 12 | ing order: |
13 | 1. command-line options | 13 | 1. command-line options |
14 | 2. user's configuration file ($HOME/.ssh/config) | 14 | 2. user's configuration file (~/.ssh/config) |
15 | 3. system-wide configuration file (/etc/ssh/ssh_config) | 15 | 3. system-wide configuration file (/etc/ssh/ssh_config) |
16 | 16 | ||
17 | For each parameter, the first obtained value will be used. The configu- | 17 | For each parameter, the first obtained value will be used. The configu- |
@@ -57,9 +57,10 @@ DESCRIPTION | |||
57 | ``yes'' or ``no''. The default is ``no''. | 57 | ``yes'' or ``no''. The default is ``no''. |
58 | 58 | ||
59 | BindAddress | 59 | BindAddress |
60 | Specify the interface to transmit from on machines with multiple | 60 | Use the specified address on the local machine as the source ad- |
61 | interfaces or aliased addresses. Note that this option does not | 61 | dress of the connection. Only useful on systems with more than |
62 | work if UsePrivilegedPort is set to ``yes''. | 62 | one address. Note that this option does not work if |
63 | UsePrivilegedPort is set to ``yes''. | ||
63 | 64 | ||
64 | ChallengeResponseAuthentication | 65 | ChallengeResponseAuthentication |
65 | Specifies whether to use challenge response authentication. The | 66 | Specifies whether to use challenge response authentication. The |
@@ -85,11 +86,12 @@ DESCRIPTION | |||
85 | preference. Multiple ciphers must be comma-separated. The sup- | 86 | preference. Multiple ciphers must be comma-separated. The sup- |
86 | ported ciphers are ``3des-cbc'', ``aes128-cbc'', ``aes192-cbc'', | 87 | ported ciphers are ``3des-cbc'', ``aes128-cbc'', ``aes192-cbc'', |
87 | ``aes256-cbc'', ``aes128-ctr'', ``aes192-ctr'', ``aes256-ctr'', | 88 | ``aes256-cbc'', ``aes128-ctr'', ``aes192-ctr'', ``aes256-ctr'', |
88 | ``arcfour'', ``blowfish-cbc'', and ``cast128-cbc''. The default | 89 | ``arcfour128'', ``arcfour256'', ``arcfour'', ``blowfish-cbc'', |
89 | is | 90 | and ``cast128-cbc''. The default is |
90 | 91 | ||
91 | ``aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour, | 92 | ``aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128, |
92 | aes192-cbc,aes256-cbc'' | 93 | arcfour256,arcfour,aes192-cbc,aes256-cbc,aes128-ctr, |
94 | aes192-ctr,aes256-ctr'' | ||
93 | 95 | ||
94 | ClearAllForwardings | 96 | ClearAllForwardings |
95 | Specifies that all local, remote and dynamic port forwardings | 97 | Specifies that all local, remote and dynamic port forwardings |
@@ -131,11 +133,30 @@ DESCRIPTION | |||
131 | tion rather than initiating new ones. Setting this to ``ask'' | 133 | tion rather than initiating new ones. Setting this to ``ask'' |
132 | will cause ssh to listen for control connections, but require | 134 | will cause ssh to listen for control connections, but require |
133 | confirmation using the SSH_ASKPASS program before they are ac- | 135 | confirmation using the SSH_ASKPASS program before they are ac- |
134 | cepted (see ssh-add(1) for details). | 136 | cepted (see ssh-add(1) for details). If the ControlPath can not |
137 | be opened, ssh will continue without connecting to a master in- | ||
138 | stance. | ||
139 | |||
140 | X11 and ssh-agent(1) forwarding is supported over these multi- | ||
141 | plexed connections, however the display and agent fowarded will | ||
142 | be the one belonging to the master connection i.e. it is not pos- | ||
143 | sible to forward multiple displays or agents. | ||
144 | |||
145 | Two additional options allow for opportunistic multiplexing: try | ||
146 | to use a master connection but fall back to creating a new one if | ||
147 | one does not already exist. These options are: ``auto'' and | ||
148 | ``autoask''. The latter requires confirmation like the ``ask'' | ||
149 | option. | ||
135 | 150 | ||
136 | ControlPath | 151 | ControlPath |
137 | Specify the path to the control socket used for connection shar- | 152 | Specify the path to the control socket used for connection shar- |
138 | ing. See ControlMaster above. | 153 | ing as described in the ControlMaster section above or the string |
154 | ``none'' to disable connection sharing. In the path, `%h' will | ||
155 | be substituted by the target host name, `%p' the port and `%r' by | ||
156 | the remote login username. It is recommended that any | ||
157 | ControlPath used for opportunistic connection sharing include all | ||
158 | three of these escape sequences. This ensures that shared con- | ||
159 | nections are uniquely identified. | ||
139 | 160 | ||
140 | DynamicForward | 161 | DynamicForward |
141 | Specifies that a TCP/IP port on the local machine be forwarded | 162 | Specifies that a TCP/IP port on the local machine be forwarded |
@@ -228,9 +249,9 @@ DESCRIPTION | |||
228 | 249 | ||
229 | HashKnownHosts | 250 | HashKnownHosts |
230 | Indicates that ssh should hash host names and addresses when they | 251 | Indicates that ssh should hash host names and addresses when they |
231 | are added to $HOME/.ssh/known_hosts. These hashed names may be | 252 | are added to ~/.ssh/known_hosts. These hashed names may be used |
232 | used normally by ssh and sshd, but they do not reveal identifying | 253 | normally by ssh and sshd, but they do not reveal identifying in- |
233 | information should the file's contents be disclosed. The default | 254 | formation should the file's contents be disclosed. The default |
234 | is ``no''. Note that hashing of names and addresses will not be | 255 | is ``no''. Note that hashing of names and addresses will not be |
235 | retrospectively applied to existing known hosts files, but these | 256 | retrospectively applied to existing known hosts files, but these |
236 | may be manually hashed using ssh-keygen(1). | 257 | may be manually hashed using ssh-keygen(1). |
@@ -261,14 +282,13 @@ DESCRIPTION | |||
261 | 282 | ||
262 | IdentityFile | 283 | IdentityFile |
263 | Specifies a file from which the user's RSA or DSA authentication | 284 | Specifies a file from which the user's RSA or DSA authentication |
264 | identity is read. The default is $HOME/.ssh/identity for proto- | 285 | identity is read. The default is ~/.ssh/identity for protocol |
265 | col version 1, and $HOME/.ssh/id_rsa and $HOME/.ssh/id_dsa for | 286 | version 1, and ~/.ssh/id_rsa and ~/.ssh/id_dsa for protocol ver- |
266 | protocol version 2. Additionally, any identities represented by | 287 | sion 2. Additionally, any identities represented by the authen- |
267 | the authentication agent will be used for authentication. The | 288 | tication agent will be used for authentication. The file name |
268 | file name may use the tilde syntax to refer to a user's home di- | 289 | may use the tilde syntax to refer to a user's home directory. It |
269 | rectory. It is possible to have multiple identity files speci- | 290 | is possible to have multiple identity files specified in configu- |
270 | fied in configuration files; all these identities will be tried | 291 | ration files; all these identities will be tried in sequence. |
271 | in sequence. | ||
272 | 292 | ||
273 | IdentitiesOnly | 293 | IdentitiesOnly |
274 | Specifies that ssh should only use the authentication identity | 294 | Specifies that ssh should only use the authentication identity |
@@ -362,6 +382,12 @@ DESCRIPTION | |||
362 | tirely. Note that CheckHostIP is not available for connects with | 382 | tirely. Note that CheckHostIP is not available for connects with |
363 | a proxy command. | 383 | a proxy command. |
364 | 384 | ||
385 | This directive is useful in conjunction with nc(1) and its proxy | ||
386 | support. For example, the following directive would connect via | ||
387 | an HTTP proxy at 192.0.2.0: | ||
388 | |||
389 | ProxyCommand /usr/bin/nc -X connect -x 192.0.2.0:8080 %h %p | ||
390 | |||
365 | PubkeyAuthentication | 391 | PubkeyAuthentication |
366 | Specifies whether to try public key authentication. The argument | 392 | Specifies whether to try public key authentication. The argument |
367 | to this keyword must be ``yes'' or ``no''. The default is | 393 | to this keyword must be ``yes'' or ``no''. The default is |
@@ -441,9 +467,9 @@ DESCRIPTION | |||
441 | 467 | ||
442 | StrictHostKeyChecking | 468 | StrictHostKeyChecking |
443 | If this flag is set to ``yes'', ssh will never automatically add | 469 | If this flag is set to ``yes'', ssh will never automatically add |
444 | host keys to the $HOME/.ssh/known_hosts file, and refuses to con- | 470 | host keys to the ~/.ssh/known_hosts file, and refuses to connect |
445 | nect to hosts whose host key has changed. This provides maximum | 471 | to hosts whose host key has changed. This provides maximum pro- |
446 | protection against trojan horse attacks, however, can be annoying | 472 | tection against trojan horse attacks, however, can be annoying |
447 | when the /etc/ssh/ssh_known_hosts file is poorly maintained, or | 473 | when the /etc/ssh/ssh_known_hosts file is poorly maintained, or |
448 | connections to new hosts are frequently made. This option forces | 474 | connections to new hosts are frequently made. This option forces |
449 | the user to manually add all new hosts. If this flag is set to | 475 | the user to manually add all new hosts. If this flag is set to |
@@ -484,7 +510,7 @@ DESCRIPTION | |||
484 | 510 | ||
485 | UserKnownHostsFile | 511 | UserKnownHostsFile |
486 | Specifies a file to use for the user host key database instead of | 512 | Specifies a file to use for the user host key database instead of |
487 | $HOME/.ssh/known_hosts. | 513 | ~/.ssh/known_hosts. |
488 | 514 | ||
489 | VerifyHostKeyDNS | 515 | VerifyHostKeyDNS |
490 | Specifies whether to verify the remote key using DNS and SSHFP | 516 | Specifies whether to verify the remote key using DNS and SSHFP |
@@ -503,7 +529,7 @@ DESCRIPTION | |||
503 | is /usr/X11R6/bin/xauth. | 529 | is /usr/X11R6/bin/xauth. |
504 | 530 | ||
505 | FILES | 531 | FILES |
506 | $HOME/.ssh/config | 532 | ~/.ssh/config |
507 | This is the per-user configuration file. The format of this file | 533 | This is the per-user configuration file. The format of this file |
508 | is described above. This file is used by the ssh client. Be- | 534 | is described above. This file is used by the ssh client. Be- |
509 | cause of the potential for abuse, this file must have strict per- | 535 | cause of the potential for abuse, this file must have strict per- |
@@ -525,4 +551,4 @@ AUTHORS | |||
525 | ated OpenSSH. Markus Friedl contributed the support for SSH protocol | 551 | ated OpenSSH. Markus Friedl contributed the support for SSH protocol |
526 | versions 1.5 and 2.0. | 552 | versions 1.5 and 2.0. |
527 | 553 | ||
528 | OpenBSD 3.7 September 25, 1999 8 | 554 | OpenBSD 3.8 September 25, 1999 9 |