summaryrefslogtreecommitdiff
path: root/ssh_config.5
diff options
context:
space:
mode:
Diffstat (limited to 'ssh_config.5')
-rw-r--r--ssh_config.582
1 files changed, 73 insertions, 9 deletions
diff --git a/ssh_config.5 b/ssh_config.5
index 2f0cd8c83..fc994d482 100644
--- a/ssh_config.5
+++ b/ssh_config.5
@@ -1,4 +1,3 @@
1.\" -*- nroff -*-
2.\" 1.\"
3.\" Author: Tatu Ylonen <ylo@cs.hut.fi> 2.\" Author: Tatu Ylonen <ylo@cs.hut.fi>
4.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 3.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -34,8 +33,8 @@
34.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 33.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
35.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 34.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
36.\" 35.\"
37.\" $OpenBSD: ssh_config.5,v 1.138 2010/08/04 05:37:01 djm Exp $ 36.\" $OpenBSD: ssh_config.5,v 1.146 2010/12/08 04:02:47 djm Exp $
38.Dd $Mdocdate: August 4 2010 $ 37.Dd $Mdocdate: December 8 2010 $
39.Dt SSH_CONFIG 5 38.Dt SSH_CONFIG 5
40.Os 39.Os
41.Sh NAME 40.Sh NAME
@@ -540,6 +539,11 @@ Note that this option applies to protocol version 2 only.
540If set, specifies the GSSAPI client identity that ssh should use when 539If set, specifies the GSSAPI client identity that ssh should use when
541connecting to the server. The default is unset, which means that the default 540connecting to the server. The default is unset, which means that the default
542identity will be used. 541identity will be used.
542.It Cm GSSAPIServerIdentity
543If set, specifies the GSSAPI server identity that ssh should expect when
544connecting to the server. The default is unset, which means that the
545expected GSSAPI server identity will be determined from the target
546hostname.
543.It Cm GSSAPIDelegateCredentials 547.It Cm GSSAPIDelegateCredentials
544Forward (delegate) credentials to the server. 548Forward (delegate) credentials to the server.
545The default is 549The default is
@@ -598,7 +602,18 @@ is similar to
598Specifies the protocol version 2 host key algorithms 602Specifies the protocol version 2 host key algorithms
599that the client wants to use in order of preference. 603that the client wants to use in order of preference.
600The default for this option is: 604The default for this option is:
601.Dq ssh-rsa,ssh-dss . 605.Bd -literal -offset 3n
606ecdsa-sha2-nistp256-cert-v01@openssh.com,
607ecdsa-sha2-nistp384-cert-v01@openssh.com,
608ecdsa-sha2-nistp521-cert-v01@openssh.com,
609ssh-rsa-cert-v01@openssh.com,ssh-dss-cert-v01@openssh.com,
610ssh-rsa-cert-v00@openssh.com,ssh-dss-cert-v00@openssh.com,
611ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
612ssh-rsa,ssh-dss
613.Ed
614.Pp
615If hostkeys are known for the destination host then this default is modified
616to prefer their algorithms.
602.It Cm HostKeyAlias 617.It Cm HostKeyAlias
603Specifies an alias that should be used instead of the 618Specifies an alias that should be used instead of the
604real host name when looking up or saving the host key 619real host name when looking up or saving the host key
@@ -634,14 +649,15 @@ offers many different identities.
634The default is 649The default is
635.Dq no . 650.Dq no .
636.It Cm IdentityFile 651.It Cm IdentityFile
637Specifies a file from which the user's RSA or DSA authentication identity 652Specifies a file from which the user's DSA, ECDSA or DSA authentication
638is read. 653identity is read.
639The default is 654The default is
640.Pa ~/.ssh/identity 655.Pa ~/.ssh/identity
641for protocol version 1, and 656for protocol version 1, and
642.Pa ~/.ssh/id_rsa 657.Pa ~/.ssh/id_dsa ,
658.Pa ~/.ssh/id_ecdsa
643and 659and
644.Pa ~/.ssh/id_dsa 660.Pa ~/.ssh/id_rsa
645for protocol version 2. 661for protocol version 2.
646Additionally, any identities represented by the authentication agent 662Additionally, any identities represented by the authentication agent
647will be used for authentication. 663will be used for authentication.
@@ -669,6 +685,43 @@ escape characters:
669It is possible to have 685It is possible to have
670multiple identity files specified in configuration files; all these 686multiple identity files specified in configuration files; all these
671identities will be tried in sequence. 687identities will be tried in sequence.
688.It Cm IPQoS
689Specifies the IPv4 type-of-service or DSCP class for connections.
690Accepted values are
691.Dq af11 ,
692.Dq af12 ,
693.Dq af13 ,
694.Dq af14 ,
695.Dq af22 ,
696.Dq af23 ,
697.Dq af31 ,
698.Dq af32 ,
699.Dq af33 ,
700.Dq af41 ,
701.Dq af42 ,
702.Dq af43 ,
703.Dq cs0 ,
704.Dq cs1 ,
705.Dq cs2 ,
706.Dq cs3 ,
707.Dq cs4 ,
708.Dq cs5 ,
709.Dq cs6 ,
710.Dq cs7 ,
711.Dq ef ,
712.Dq lowdelay ,
713.Dq throughput ,
714.Dq reliability ,
715or a numeric value.
716This option may take one or two arguments, separated by whitespace.
717If one argument is specified, it is used as the packet class unconditionally.
718If two values are specified, the first is automatically selected for
719interactive sessions and the second for non-interactive sessions.
720The default is
721.Dq lowdelay
722for interactive sessions and
723.Dq throughput
724for non-interactive sessions.
672.It Cm KbdInteractiveAuthentication 725.It Cm KbdInteractiveAuthentication
673Specifies whether to use keyboard-interactive authentication. 726Specifies whether to use keyboard-interactive authentication.
674The argument to this keyword must be 727The argument to this keyword must be
@@ -688,6 +741,17 @@ it may be zero or more of:
688.Dq pam , 741.Dq pam ,
689and 742and
690.Dq skey . 743.Dq skey .
744.It Cm KexAlgorithms
745Specifies the available KEX (Key Exchange) algorithms.
746Multiple algorithms must be comma-separated.
747The default is:
748.Bd -literal -offset indent
749ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,
750diffie-hellman-group-exchange-sha256,
751diffie-hellman-group-exchange-sha1,
752diffie-hellman-group14-sha1,
753diffie-hellman-group1-sha1
754.Ed
691.It Cm LocalCommand 755.It Cm LocalCommand
692Specifies a command to execute on the local machine after successfully 756Specifies a command to execute on the local machine after successfully
693connecting to the server. 757connecting to the server.
@@ -801,7 +865,7 @@ The default is
801.Dq no . 865.Dq no .
802.It Cm PKCS11Provider 866.It Cm PKCS11Provider
803Specifies which PKCS#11 provider to use. 867Specifies which PKCS#11 provider to use.
804The argument to this keyword is the PKCS#11 shared libary 868The argument to this keyword is the PKCS#11 shared library
805.Xr ssh 1 869.Xr ssh 1
806should use to communicate with a PKCS#11 token providing the user's 870should use to communicate with a PKCS#11 token providing the user's
807private RSA key. 871private RSA key.