diff options
Diffstat (limited to 'ssh_config.0')
-rw-r--r-- | ssh_config.0 | 63 |
1 files changed, 48 insertions, 15 deletions
diff --git a/ssh_config.0 b/ssh_config.0 index d1a6ab364..9577abc48 100644 --- a/ssh_config.0 +++ b/ssh_config.0 | |||
@@ -15,7 +15,7 @@ DESCRIPTION | |||
15 | 3. system-wide configuration file (/etc/ssh/ssh_config) | 15 | 3. system-wide configuration file (/etc/ssh/ssh_config) |
16 | 16 | ||
17 | For each parameter, the first obtained value will be used. The configu- | 17 | For each parameter, the first obtained value will be used. The configu- |
18 | ration files contain sections bracketed by ``Host'' specifications, and | 18 | ration files contain sections separated by ``Host'' specifications, and |
19 | that section is only applied for hosts that match one of the patterns | 19 | that section is only applied for hosts that match one of the patterns |
20 | given in the specification. The matched host name is the one given on | 20 | given in the specification. The matched host name is the one given on |
21 | the command line. | 21 | the command line. |
@@ -47,8 +47,8 @@ DESCRIPTION | |||
47 | 47 | ||
48 | AddressFamily | 48 | AddressFamily |
49 | Specifies which address family to use when connecting. Valid ar- | 49 | Specifies which address family to use when connecting. Valid ar- |
50 | guments are ``any'', ``inet'' (Use IPv4 only) or ``inet6'' (Use | 50 | guments are ``any'', ``inet'' (use IPv4 only) or ``inet6'' (use |
51 | IPv6 only.) | 51 | IPv6 only). |
52 | 52 | ||
53 | BatchMode | 53 | BatchMode |
54 | If set to ``yes'', passphrase/password querying will be disabled. | 54 | If set to ``yes'', passphrase/password querying will be disabled. |
@@ -189,10 +189,14 @@ DESCRIPTION | |||
189 | 189 | ||
190 | ForwardX11Trusted | 190 | ForwardX11Trusted |
191 | If this option is set to ``yes'' then remote X11 clients will | 191 | If this option is set to ``yes'' then remote X11 clients will |
192 | have full access to the original X11 display. If this option is | 192 | have full access to the original X11 display. |
193 | set to ``no'' then remote X11 clients will be considered untrust- | 193 | |
194 | ed and prevented from stealing or tampering with data belonging | 194 | If this option is set to ``no'' then remote X11 clients will be |
195 | to trusted X11 clients. | 195 | considered untrusted and prevented from stealing or tampering |
196 | with data belonging to trusted X11 clients. Furthermore, the | ||
197 | xauth(1) token used for the session will be set to expire after | ||
198 | 20 minutes. Remote clients will be refused access after this | ||
199 | time. | ||
196 | 200 | ||
197 | The default is ``no''. | 201 | The default is ``no''. |
198 | 202 | ||
@@ -222,6 +226,15 @@ DESCRIPTION | |||
222 | ``no''. Note that this option applies to protocol version 2 on- | 226 | ``no''. Note that this option applies to protocol version 2 on- |
223 | ly. | 227 | ly. |
224 | 228 | ||
229 | HashKnownHosts | ||
230 | Indicates that ssh should hash host names and addresses when they | ||
231 | are added to $HOME/.ssh/known_hosts. These hashed names may be | ||
232 | used normally by ssh and sshd, but they do not reveal identifying | ||
233 | information should the file's contents be disclosed. The default | ||
234 | is ``no''. Note that hashing of names and addresses will not be | ||
235 | retrospectively applied to existing known hosts files, but these | ||
236 | may be manually hashed using ssh-keygen(1). | ||
237 | |||
225 | HostbasedAuthentication | 238 | HostbasedAuthentication |
226 | Specifies whether to try rhosts based authentication with public | 239 | Specifies whether to try rhosts based authentication with public |
227 | key authentication. The argument must be ``yes'' or ``no''. The | 240 | key authentication. The argument must be ``yes'' or ``no''. The |
@@ -265,14 +278,26 @@ DESCRIPTION | |||
265 | ssh-agent offers many different identities. The default is | 278 | ssh-agent offers many different identities. The default is |
266 | ``no''. | 279 | ``no''. |
267 | 280 | ||
281 | KbdInteractiveDevices | ||
282 | Specifies the list of methods to use in keyboard-interactive au- | ||
283 | thentication. Multiple method names must be comma-separated. | ||
284 | The default is to use the server specified list. | ||
285 | |||
268 | LocalForward | 286 | LocalForward |
269 | Specifies that a TCP/IP port on the local machine be forwarded | 287 | Specifies that a TCP/IP port on the local machine be forwarded |
270 | over the secure channel to the specified host and port from the | 288 | over the secure channel to the specified host and port from the |
271 | remote machine. The first argument must be a port number, and | 289 | remote machine. The first argument must be a port number, and |
272 | the second must be host:port. IPv6 addresses can be specified | 290 | the second must be [bind_address:]host:port. IPv6 addresses can |
273 | with an alternative syntax: host/port. Multiple forwardings may | 291 | be specified by enclosing addresses in square brackets or by us- |
274 | be specified, and additional forwardings can be given on the com- | 292 | ing an alternative syntax: [bind_address/]host/port. Multiple |
275 | mand line. Only the superuser can forward privileged ports. | 293 | forwardings may be specified, and additional forwardings can be |
294 | given on the command line. Only the superuser can forward privi- | ||
295 | leged ports. By default, the local port is bound in accordance | ||
296 | with the GatewayPorts setting. However, an explicit bind_address | ||
297 | may be used to bind the connection to a specific address. The | ||
298 | bind_address of ``localhost'' indicates that the listening port | ||
299 | be bound for local use only, while an empty address or `*' indi- | ||
300 | cates that the port should be available from all interfaces. | ||
276 | 301 | ||
277 | LogLevel | 302 | LogLevel |
278 | Gives the verbosity level that is used when logging messages from | 303 | Gives the verbosity level that is used when logging messages from |
@@ -345,10 +370,18 @@ DESCRIPTION | |||
345 | Specifies that a TCP/IP port on the remote machine be forwarded | 370 | Specifies that a TCP/IP port on the remote machine be forwarded |
346 | over the secure channel to the specified host and port from the | 371 | over the secure channel to the specified host and port from the |
347 | local machine. The first argument must be a port number, and the | 372 | local machine. The first argument must be a port number, and the |
348 | second must be host:port. IPv6 addresses can be specified with | 373 | second must be [bind_address:]host:port. IPv6 addresses can be |
349 | an alternative syntax: host/port. Multiple forwardings may be | 374 | specified by enclosing any addresses in square brackets or by us- |
350 | specified, and additional forwardings can be given on the command | 375 | ing the alternative syntax: [bind_address/]host/port. Multiple |
351 | line. Only the superuser can forward privileged ports. | 376 | forwardings may be specified, and additional forwardings can be |
377 | given on the command line. Only the superuser can forward privi- | ||
378 | leged ports. | ||
379 | |||
380 | If the bind_address is not specified, the default is to only bind | ||
381 | to loopback addresses. If the bind_address is `*' or an empty | ||
382 | string, then the forwarding is requested to listen on all inter- | ||
383 | faces. Specifying a remote bind_address will only succeed if the | ||
384 | server's GatewayPorts option is enabled (see sshd_config(5)). | ||
352 | 385 | ||
353 | RhostsRSAAuthentication | 386 | RhostsRSAAuthentication |
354 | Specifies whether to try rhosts based authentication with RSA | 387 | Specifies whether to try rhosts based authentication with RSA |