diff options
Diffstat (limited to 'ssh_config.0')
-rw-r--r-- | ssh_config.0 | 110 |
1 files changed, 59 insertions, 51 deletions
diff --git a/ssh_config.0 b/ssh_config.0 index 74e516594..a8687ffc2 100644 --- a/ssh_config.0 +++ b/ssh_config.0 | |||
@@ -39,16 +39,16 @@ DESCRIPTION | |||
39 | 39 | ||
40 | Host Restricts the following declarations (up to the next Host key- | 40 | Host Restricts the following declarations (up to the next Host key- |
41 | word) to be only for those hosts that match one of the patterns | 41 | word) to be only for those hosts that match one of the patterns |
42 | given after the keyword. M-bM-^@M-^X*M-bM-^@M-^Y and M-bM-^@M-^XM-bM-^@M-^Y? can be used as wildcards | 42 | given after the keyword. M-bM-^@M-^X*M-bM-^@M-^Y and M-bM-^@M-^X?M-bM-^@M-^Y can be used as wildcards in |
43 | in the patterns. A single M-bM-^@M-^X*M-bM-^@M-^Y as a pattern can be used to pro- | 43 | the patterns. A single M-bM-^@M-^X*M-bM-^@M-^Y as a pattern can be used to provide |
44 | vide global defaults for all hosts. The host is the hostname | 44 | global defaults for all hosts. The host is the hostname argument |
45 | argument given on the command line (i.e., the name is not con- | 45 | given on the command line (i.e., the name is not converted to a |
46 | verted to a canonicalized host name before matching). | 46 | canonicalized host name before matching). |
47 | 47 | ||
48 | AFSTokenPassing | 48 | AddressFamily |
49 | Specifies whether to pass AFS tokens to remote host. The argu- | 49 | Specifies which address family to use when connecting. Valid |
50 | ment to this keyword must be M-bM-^@M-^\yesM-bM-^@M-^] or M-bM-^@M-^\noM-bM-^@M-^]. This option applies | 50 | arguments are M-bM-^@M-^\anyM-bM-^@M-^], M-bM-^@M-^\inetM-bM-^@M-^] (Use IPv4 only) or M-bM-^@M-^\inet6M-bM-^@M-^] (Use IPv6 |
51 | to protocol version 1 only. | 51 | only.) |
52 | 52 | ||
53 | BatchMode | 53 | BatchMode |
54 | If set to M-bM-^@M-^\yesM-bM-^@M-^], passphrase/password querying will be disabled. | 54 | If set to M-bM-^@M-^\yesM-bM-^@M-^], passphrase/password querying will be disabled. |
@@ -112,15 +112,28 @@ DESCRIPTION | |||
112 | exiting. The argument must be an integer. This may be useful in | 112 | exiting. The argument must be an integer. This may be useful in |
113 | scripts if the connection sometimes fails. The default is 1. | 113 | scripts if the connection sometimes fails. The default is 1. |
114 | 114 | ||
115 | ConnectTimeout | ||
116 | Specifies the timeout (in seconds) used when connecting to the | ||
117 | ssh server, instead of using the default system TCP timeout. | ||
118 | This value is used only when the target is down or really | ||
119 | unreachable, not when it refuses the connection. | ||
120 | |||
115 | DynamicForward | 121 | DynamicForward |
116 | Specifies that a TCP/IP port on the local machine be forwarded | 122 | Specifies that a TCP/IP port on the local machine be forwarded |
117 | over the secure channel, and the application protocol is then | 123 | over the secure channel, and the application protocol is then |
118 | used to determine where to connect to from the remote machine. | 124 | used to determine where to connect to from the remote machine. |
119 | The argument must be a port number. Currently the SOCKS4 proto- | 125 | The argument must be a port number. Currently the SOCKS4 and |
120 | col is supported, and ssh will act as a SOCKS4 server. Multiple | 126 | SOCKS5 protocols are supported, and ssh will act as a SOCKS |
121 | forwardings may be specified, and additional forwardings can be | 127 | server. Multiple forwardings may be specified, and additional |
122 | given on the command line. Only the superuser can forward privi- | 128 | forwardings can be given on the command line. Only the superuser |
123 | leged ports. | 129 | can forward privileged ports. |
130 | |||
131 | EnableSSHKeysign | ||
132 | Setting this option to M-bM-^@M-^\yesM-bM-^@M-^] in the global client configuration | ||
133 | file /etc/ssh/ssh_config enables the use of the helper program | ||
134 | ssh-keysign(8) during HostbasedAuthentication. The argument must | ||
135 | be M-bM-^@M-^\yesM-bM-^@M-^] or M-bM-^@M-^\noM-bM-^@M-^]. The default is M-bM-^@M-^\noM-bM-^@M-^]. See ssh-keysign(8) for | ||
136 | more information. | ||
124 | 137 | ||
125 | EscapeChar | 138 | EscapeChar |
126 | Sets the escape character (default: M-bM-^@M-^X~M-bM-^@M-^Y). The escape character | 139 | Sets the escape character (default: M-bM-^@M-^X~M-bM-^@M-^Y). The escape character |
@@ -166,6 +179,16 @@ DESCRIPTION | |||
166 | Specifies a file to use for the global host key database instead | 179 | Specifies a file to use for the global host key database instead |
167 | of /etc/ssh/ssh_known_hosts. | 180 | of /etc/ssh/ssh_known_hosts. |
168 | 181 | ||
182 | GSSAPIAuthentication | ||
183 | Specifies whether authentication based on GSSAPI may be used, | ||
184 | either using the result of a successful key exchange, or using | ||
185 | GSSAPI user authentication. The default is M-bM-^@M-^\yesM-bM-^@M-^]. Note that | ||
186 | this option applies to protocol version 2 only. | ||
187 | |||
188 | GSSAPIDelegateCredentials | ||
189 | Forward (delegate) credentials to the server. The default is | ||
190 | M-bM-^@M-^\noM-bM-^@M-^]. Note that this option applies to protocol version 2 only. | ||
191 | |||
169 | HostbasedAuthentication | 192 | HostbasedAuthentication |
170 | Specifies whether to try rhosts based authentication with public | 193 | Specifies whether to try rhosts based authentication with public |
171 | key authentication. The argument must be M-bM-^@M-^\yesM-bM-^@M-^] or M-bM-^@M-^\noM-bM-^@M-^]. The | 194 | key authentication. The argument must be M-bM-^@M-^\yesM-bM-^@M-^] or M-bM-^@M-^\noM-bM-^@M-^]. The |
@@ -192,14 +215,14 @@ DESCRIPTION | |||
192 | 215 | ||
193 | IdentityFile | 216 | IdentityFile |
194 | Specifies a file from which the userM-bM-^@M-^Ys RSA or DSA authentication | 217 | Specifies a file from which the userM-bM-^@M-^Ys RSA or DSA authentication |
195 | identity is read. The default is $HOME/.ssh/identity for protocol | 218 | identity is read. The default is $HOME/.ssh/identity for proto- |
196 | version 1, and $HOME/.ssh/id_rsa and $HOME/.ssh/id_dsa for proto- | 219 | col version 1, and $HOME/.ssh/id_rsa and $HOME/.ssh/id_dsa for |
197 | col version 2. Additionally, any identities represented by the | 220 | protocol version 2. Additionally, any identities represented by |
198 | authentication agent will be used for authentication. The file | 221 | the authentication agent will be used for authentication. The |
199 | name may use the tilde syntax to refer to a userM-bM-^@M-^Ys home direc- | 222 | file name may use the tilde syntax to refer to a userM-bM-^@M-^Ys home |
200 | tory. It is possible to have multiple identity files specified | 223 | directory. It is possible to have multiple identity files speci- |
201 | in configuration files; all these identities will be tried in | 224 | fied in configuration files; all these identities will be tried |
202 | sequence. | 225 | in sequence. |
203 | 226 | ||
204 | KeepAlive | 227 | KeepAlive |
205 | Specifies whether the system should send TCP keepalive messages | 228 | Specifies whether the system should send TCP keepalive messages |
@@ -214,15 +237,6 @@ DESCRIPTION | |||
214 | 237 | ||
215 | To disable keepalives, the value should be set to M-bM-^@M-^\noM-bM-^@M-^]. | 238 | To disable keepalives, the value should be set to M-bM-^@M-^\noM-bM-^@M-^]. |
216 | 239 | ||
217 | KerberosAuthentication | ||
218 | Specifies whether Kerberos authentication will be used. The | ||
219 | argument to this keyword must be M-bM-^@M-^\yesM-bM-^@M-^] or M-bM-^@M-^\noM-bM-^@M-^]. | ||
220 | |||
221 | KerberosTgtPassing | ||
222 | Specifies whether a Kerberos TGT will be forwarded to the server. | ||
223 | This will only work if the Kerberos server is actually an AFS | ||
224 | kaserver. The argument to this keyword must be M-bM-^@M-^\yesM-bM-^@M-^] or M-bM-^@M-^\noM-bM-^@M-^]. | ||
225 | |||
226 | LocalForward | 240 | LocalForward |
227 | Specifies that a TCP/IP port on the local machine be forwarded | 241 | Specifies that a TCP/IP port on the local machine be forwarded |
228 | over the secure channel to the specified host and port from the | 242 | over the secure channel to the specified host and port from the |
@@ -267,9 +281,9 @@ DESCRIPTION | |||
267 | 281 | ||
268 | PreferredAuthentications | 282 | PreferredAuthentications |
269 | Specifies the order in which the client should try protocol 2 | 283 | Specifies the order in which the client should try protocol 2 |
270 | authentication methods. This allows a client to prefer one method | 284 | authentication methods. This allows a client to prefer one |
271 | (e.g. keyboard-interactive) over another method (e.g. password) | 285 | method (e.g. keyboard-interactive) over another method (e.g. |
272 | The default for this option is: | 286 | password) The default for this option is: |
273 | M-bM-^@M-^\hostbased,publickey,keyboard-interactive,passwordM-bM-^@M-^]. | 287 | M-bM-^@M-^\hostbased,publickey,keyboard-interactive,passwordM-bM-^@M-^]. |
274 | 288 | ||
275 | Protocol | 289 | Protocol |
@@ -307,16 +321,6 @@ DESCRIPTION | |||
307 | specified, and additional forwardings can be given on the command | 321 | specified, and additional forwardings can be given on the command |
308 | line. Only the superuser can forward privileged ports. | 322 | line. Only the superuser can forward privileged ports. |
309 | 323 | ||
310 | RhostsAuthentication | ||
311 | Specifies whether to try rhosts based authentication. Note that | ||
312 | this declaration only affects the client side and has no effect | ||
313 | whatsoever on security. Most servers do not permit RhostsAuthen- | ||
314 | tication because it is not secure (see RhostsRSAAuthentication). | ||
315 | The argument to this keyword must be M-bM-^@M-^\yesM-bM-^@M-^] or M-bM-^@M-^\noM-bM-^@M-^]. The default | ||
316 | is M-bM-^@M-^\noM-bM-^@M-^]. This option applies to protocol version 1 only and | ||
317 | requires ssh to be setuid root and UsePrivilegedPort to be set to | ||
318 | M-bM-^@M-^\yesM-bM-^@M-^]. | ||
319 | |||
320 | RhostsRSAAuthentication | 324 | RhostsRSAAuthentication |
321 | Specifies whether to try rhosts based authentication with RSA | 325 | Specifies whether to try rhosts based authentication with RSA |
322 | host authentication. The argument must be M-bM-^@M-^\yesM-bM-^@M-^] or M-bM-^@M-^\noM-bM-^@M-^]. The | 326 | host authentication. The argument must be M-bM-^@M-^\yesM-bM-^@M-^] or M-bM-^@M-^\noM-bM-^@M-^]. The |
@@ -331,9 +335,9 @@ DESCRIPTION | |||
331 | applies to protocol version 1 only. | 335 | applies to protocol version 1 only. |
332 | 336 | ||
333 | SmartcardDevice | 337 | SmartcardDevice |
334 | Specifies which smartcard device to use. The argument to this | 338 | Specifies which smartcard device to use. The argument to this |
335 | keyword is the device ssh should use to communicate with a smart- | 339 | keyword is the device ssh should use to communicate with a smart- |
336 | card used for storing the userM-bM-^@M-^Ys private RSA key. By default, no | 340 | card used for storing the userM-bM-^@M-^Ys private RSA key. By default, no |
337 | device is specified and smartcard support is not activated. | 341 | device is specified and smartcard support is not activated. |
338 | 342 | ||
339 | StrictHostKeyChecking | 343 | StrictHostKeyChecking |
@@ -356,8 +360,7 @@ DESCRIPTION | |||
356 | Specifies whether to use a privileged port for outgoing connec- | 360 | Specifies whether to use a privileged port for outgoing connec- |
357 | tions. The argument must be M-bM-^@M-^\yesM-bM-^@M-^] or M-bM-^@M-^\noM-bM-^@M-^]. The default is M-bM-^@M-^\noM-bM-^@M-^]. | 361 | tions. The argument must be M-bM-^@M-^\yesM-bM-^@M-^] or M-bM-^@M-^\noM-bM-^@M-^]. The default is M-bM-^@M-^\noM-bM-^@M-^]. |
358 | If set to M-bM-^@M-^\yesM-bM-^@M-^] ssh must be setuid root. Note that this option | 362 | If set to M-bM-^@M-^\yesM-bM-^@M-^] ssh must be setuid root. Note that this option |
359 | must be set to M-bM-^@M-^\yesM-bM-^@M-^] if RhostsAuthentication and | 363 | must be set to M-bM-^@M-^\yesM-bM-^@M-^] for RhostsRSAAuthentication with older |
360 | RhostsRSAAuthentication authentications are needed with older | ||
361 | servers. | 364 | servers. |
362 | 365 | ||
363 | User Specifies the user to log in as. This can be useful when a dif- | 366 | User Specifies the user to log in as. This can be useful when a dif- |
@@ -369,6 +372,11 @@ DESCRIPTION | |||
369 | Specifies a file to use for the user host key database instead of | 372 | Specifies a file to use for the user host key database instead of |
370 | $HOME/.ssh/known_hosts. | 373 | $HOME/.ssh/known_hosts. |
371 | 374 | ||
375 | VerifyHostKeyDNS | ||
376 | Specifies whether to verify the remote key using DNS and SSHFP | ||
377 | resource records. The default is M-bM-^@M-^\noM-bM-^@M-^]. Note that this option | ||
378 | applies to protocol version 2 only. | ||
379 | |||
372 | XAuthLocation | 380 | XAuthLocation |
373 | Specifies the full pathname of the xauth(1) program. The default | 381 | Specifies the full pathname of the xauth(1) program. The default |
374 | is /usr/X11R6/bin/xauth. | 382 | is /usr/X11R6/bin/xauth. |
@@ -387,6 +395,9 @@ FILES | |||
387 | file, and for those users who do not have a configuration file. | 395 | file, and for those users who do not have a configuration file. |
388 | This file must be world-readable. | 396 | This file must be world-readable. |
389 | 397 | ||
398 | SEE ALSO | ||
399 | ssh(1) | ||
400 | |||
390 | AUTHORS | 401 | AUTHORS |
391 | OpenSSH is a derivative of the original and free ssh 1.2.12 release by | 402 | OpenSSH is a derivative of the original and free ssh 1.2.12 release by |
392 | Tatu Ylonen. Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, Theo | 403 | Tatu Ylonen. Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, Theo |
@@ -394,7 +405,4 @@ AUTHORS | |||
394 | ated OpenSSH. Markus Friedl contributed the support for SSH protocol | 405 | ated OpenSSH. Markus Friedl contributed the support for SSH protocol |
395 | versions 1.5 and 2.0. | 406 | versions 1.5 and 2.0. |
396 | 407 | ||
397 | SEE ALSO | ||
398 | ssh(1) | ||
399 | |||
400 | BSD September 25, 1999 BSD | 408 | BSD September 25, 1999 BSD |