summaryrefslogtreecommitdiff
path: root/ssh_config.5
diff options
context:
space:
mode:
Diffstat (limited to 'ssh_config.5')
-rw-r--r--ssh_config.548
1 files changed, 26 insertions, 22 deletions
diff --git a/ssh_config.5 b/ssh_config.5
index 20bba1502..15b36f273 100644
--- a/ssh_config.5
+++ b/ssh_config.5
@@ -34,7 +34,7 @@
34.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 34.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
35.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 35.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
36.\" 36.\"
37.\" $OpenBSD: ssh_config.5,v 1.6 2003/02/06 09:27:29 markus Exp $ 37.\" $OpenBSD: ssh_config.5,v 1.7 2003/03/28 10:11:43 jmc Exp $
38.Dd September 25, 1999 38.Dd September 25, 1999
39.Dt SSH_CONFIG 5 39.Dt SSH_CONFIG 5
40.Os 40.Os
@@ -183,8 +183,8 @@ is only supported in the
183client for interoperability with legacy protocol 1 implementations 183client for interoperability with legacy protocol 1 implementations
184that do not support the 184that do not support the
185.Ar 3des 185.Ar 3des
186cipher. Its use is strongly discouraged due to cryptographic 186cipher.
187weaknesses. 187Its use is strongly discouraged due to cryptographic weaknesses.
188The default is 188The default is
189.Dq 3des . 189.Dq 3des .
190.It Cm Ciphers 190.It Cm Ciphers
@@ -200,7 +200,8 @@ The default is
200.It Cm ClearAllForwardings 200.It Cm ClearAllForwardings
201Specifies that all local, remote and dynamic port forwardings 201Specifies that all local, remote and dynamic port forwardings
202specified in the configuration files or on the command line be 202specified in the configuration files or on the command line be
203cleared. This option is primarily useful when used from the 203cleared.
204This option is primarily useful when used from the
204.Nm ssh 205.Nm ssh
205command line to clear port forwardings set in 206command line to clear port forwardings set in
206configuration files, and is automatically set by 207configuration files, and is automatically set by
@@ -237,13 +238,14 @@ The default is 1.
237Specifies that a TCP/IP port on the local machine be forwarded 238Specifies that a TCP/IP port on the local machine be forwarded
238over the secure channel, and the application 239over the secure channel, and the application
239protocol is then used to determine where to connect to from the 240protocol is then used to determine where to connect to from the
240remote machine. The argument must be a port number. 241remote machine.
242The argument must be a port number.
241Currently the SOCKS4 protocol is supported, and 243Currently the SOCKS4 protocol is supported, and
242.Nm ssh 244.Nm ssh
243will act as a SOCKS4 server. 245will act as a SOCKS4 server.
244Multiple forwardings may be specified, and 246Multiple forwardings may be specified, and
245additional forwardings can be given on the command line. Only 247additional forwardings can be given on the command line.
246the superuser can forward privileged ports. 248Only the superuser can forward privileged ports.
247.It Cm EscapeChar 249.It Cm EscapeChar
248Sets the escape character (default: 250Sets the escape character (default:
249.Ql ~ ) . 251.Ql ~ ) .
@@ -266,10 +268,11 @@ or
266The default is 268The default is
267.Dq no . 269.Dq no .
268.Pp 270.Pp
269Agent forwarding should be enabled with caution. Users with the 271Agent forwarding should be enabled with caution.
270ability to bypass file permissions on the remote host (for the agent's 272Users with the ability to bypass file permissions on the remote host
271Unix-domain socket) can access the local agent through the forwarded 273(for the agent's Unix-domain socket)
272connection. An attacker cannot obtain key material from the agent, 274can access the local agent through the forwarded connection.
275An attacker cannot obtain key material from the agent,
273however they can perform operations on the keys that enable them to 276however they can perform operations on the keys that enable them to
274authenticate using the identities loaded into the agent. 277authenticate using the identities loaded into the agent.
275.It Cm ForwardX11 278.It Cm ForwardX11
@@ -284,18 +287,18 @@ or
284The default is 287The default is
285.Dq no . 288.Dq no .
286.Pp 289.Pp
287X11 forwarding should be enabled with caution. Users with the ability 290X11 forwarding should be enabled with caution.
288to bypass file permissions on the remote host (for the user's X 291Users with the ability to bypass file permissions on the remote host
289authorization database) can access the local X11 display through the 292(for the user's X authorization database)
290forwarded connection. An attacker may then be able to perform 293can access the local X11 display through the forwarded connection.
291activities such as keystroke monitoring. 294An attacker may then be able to perform activities such as keystroke monitoring.
292.It Cm GatewayPorts 295.It Cm GatewayPorts
293Specifies whether remote hosts are allowed to connect to local 296Specifies whether remote hosts are allowed to connect to local
294forwarded ports. 297forwarded ports.
295By default, 298By default,
296.Nm ssh 299.Nm ssh
297binds local port forwardings to the loopback address. This 300binds local port forwardings to the loopback address.
298prevents other remote hosts from connecting to forwarded ports. 301This prevents other remote hosts from connecting to forwarded ports.
299.Cm GatewayPorts 302.Cm GatewayPorts
300can be used to specify that 303can be used to specify that
301.Nm ssh 304.Nm ssh
@@ -407,8 +410,9 @@ Gives the verbosity level that is used when logging messages from
407.Nm ssh . 410.Nm ssh .
408The possible values are: 411The possible values are:
409QUIET, FATAL, ERROR, INFO, VERBOSE, DEBUG, DEBUG1, DEBUG2 and DEBUG3. 412QUIET, FATAL, ERROR, INFO, VERBOSE, DEBUG, DEBUG1, DEBUG2 and DEBUG3.
410The default is INFO. DEBUG and DEBUG1 are equivalent. DEBUG2 413The default is INFO.
411and DEBUG3 each specify higher levels of verbose output. 414DEBUG and DEBUG1 are equivalent.
415DEBUG2 and DEBUG3 each specify higher levels of verbose output.
412.It Cm MACs 416.It Cm MACs
413Specifies the MAC (message authentication code) algorithms 417Specifies the MAC (message authentication code) algorithms
414in order of preference. 418in order of preference.
@@ -493,8 +497,8 @@ somewhere.
493Host key management will be done using the 497Host key management will be done using the
494HostName of the host being connected (defaulting to the name typed by 498HostName of the host being connected (defaulting to the name typed by
495the user). 499the user).
496Setting the command to 500Setting the command to
497.Dq none 501.Dq none
498disables this option entirely. 502disables this option entirely.
499Note that 503Note that
500.Cm CheckHostIP 504.Cm CheckHostIP