diff options
Diffstat (limited to 'ssh_config.5')
-rw-r--r-- | ssh_config.5 | 48 |
1 files changed, 26 insertions, 22 deletions
diff --git a/ssh_config.5 b/ssh_config.5 index 710c068c5..44208b431 100644 --- a/ssh_config.5 +++ b/ssh_config.5 | |||
@@ -34,7 +34,7 @@ | |||
34 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 34 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
35 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 35 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
36 | .\" | 36 | .\" |
37 | .\" $OpenBSD: ssh_config.5,v 1.6 2003/02/06 09:27:29 markus Exp $ | 37 | .\" $OpenBSD: ssh_config.5,v 1.7 2003/03/28 10:11:43 jmc Exp $ |
38 | .Dd September 25, 1999 | 38 | .Dd September 25, 1999 |
39 | .Dt SSH_CONFIG 5 | 39 | .Dt SSH_CONFIG 5 |
40 | .Os | 40 | .Os |
@@ -176,8 +176,8 @@ is only supported in the | |||
176 | client for interoperability with legacy protocol 1 implementations | 176 | client for interoperability with legacy protocol 1 implementations |
177 | that do not support the | 177 | that do not support the |
178 | .Ar 3des | 178 | .Ar 3des |
179 | cipher. Its use is strongly discouraged due to cryptographic | 179 | cipher. |
180 | weaknesses. | 180 | Its use is strongly discouraged due to cryptographic weaknesses. |
181 | The default is | 181 | The default is |
182 | .Dq 3des . | 182 | .Dq 3des . |
183 | .It Cm Ciphers | 183 | .It Cm Ciphers |
@@ -193,7 +193,8 @@ The default is | |||
193 | .It Cm ClearAllForwardings | 193 | .It Cm ClearAllForwardings |
194 | Specifies that all local, remote and dynamic port forwardings | 194 | Specifies that all local, remote and dynamic port forwardings |
195 | specified in the configuration files or on the command line be | 195 | specified in the configuration files or on the command line be |
196 | cleared. This option is primarily useful when used from the | 196 | cleared. |
197 | This option is primarily useful when used from the | ||
197 | .Nm ssh | 198 | .Nm ssh |
198 | command line to clear port forwardings set in | 199 | command line to clear port forwardings set in |
199 | configuration files, and is automatically set by | 200 | configuration files, and is automatically set by |
@@ -230,13 +231,14 @@ The default is 1. | |||
230 | Specifies that a TCP/IP port on the local machine be forwarded | 231 | Specifies that a TCP/IP port on the local machine be forwarded |
231 | over the secure channel, and the application | 232 | over the secure channel, and the application |
232 | protocol is then used to determine where to connect to from the | 233 | protocol is then used to determine where to connect to from the |
233 | remote machine. The argument must be a port number. | 234 | remote machine. |
235 | The argument must be a port number. | ||
234 | Currently the SOCKS4 protocol is supported, and | 236 | Currently the SOCKS4 protocol is supported, and |
235 | .Nm ssh | 237 | .Nm ssh |
236 | will act as a SOCKS4 server. | 238 | will act as a SOCKS4 server. |
237 | Multiple forwardings may be specified, and | 239 | Multiple forwardings may be specified, and |
238 | additional forwardings can be given on the command line. Only | 240 | additional forwardings can be given on the command line. |
239 | the superuser can forward privileged ports. | 241 | Only the superuser can forward privileged ports. |
240 | .It Cm EscapeChar | 242 | .It Cm EscapeChar |
241 | Sets the escape character (default: | 243 | Sets the escape character (default: |
242 | .Ql ~ ) . | 244 | .Ql ~ ) . |
@@ -259,10 +261,11 @@ or | |||
259 | The default is | 261 | The default is |
260 | .Dq no . | 262 | .Dq no . |
261 | .Pp | 263 | .Pp |
262 | Agent forwarding should be enabled with caution. Users with the | 264 | Agent forwarding should be enabled with caution. |
263 | ability to bypass file permissions on the remote host (for the agent's | 265 | Users with the ability to bypass file permissions on the remote host |
264 | Unix-domain socket) can access the local agent through the forwarded | 266 | (for the agent's Unix-domain socket) |
265 | connection. An attacker cannot obtain key material from the agent, | 267 | can access the local agent through the forwarded connection. |
268 | An attacker cannot obtain key material from the agent, | ||
266 | however they can perform operations on the keys that enable them to | 269 | however they can perform operations on the keys that enable them to |
267 | authenticate using the identities loaded into the agent. | 270 | authenticate using the identities loaded into the agent. |
268 | .It Cm ForwardX11 | 271 | .It Cm ForwardX11 |
@@ -277,18 +280,18 @@ or | |||
277 | The default is | 280 | The default is |
278 | .Dq no . | 281 | .Dq no . |
279 | .Pp | 282 | .Pp |
280 | X11 forwarding should be enabled with caution. Users with the ability | 283 | X11 forwarding should be enabled with caution. |
281 | to bypass file permissions on the remote host (for the user's X | 284 | Users with the ability to bypass file permissions on the remote host |
282 | authorization database) can access the local X11 display through the | 285 | (for the user's X authorization database) |
283 | forwarded connection. An attacker may then be able to perform | 286 | can access the local X11 display through the forwarded connection. |
284 | activities such as keystroke monitoring. | 287 | An attacker may then be able to perform activities such as keystroke monitoring. |
285 | .It Cm GatewayPorts | 288 | .It Cm GatewayPorts |
286 | Specifies whether remote hosts are allowed to connect to local | 289 | Specifies whether remote hosts are allowed to connect to local |
287 | forwarded ports. | 290 | forwarded ports. |
288 | By default, | 291 | By default, |
289 | .Nm ssh | 292 | .Nm ssh |
290 | binds local port forwardings to the loopback address. This | 293 | binds local port forwardings to the loopback address. |
291 | prevents other remote hosts from connecting to forwarded ports. | 294 | This prevents other remote hosts from connecting to forwarded ports. |
292 | .Cm GatewayPorts | 295 | .Cm GatewayPorts |
293 | can be used to specify that | 296 | can be used to specify that |
294 | .Nm ssh | 297 | .Nm ssh |
@@ -395,8 +398,9 @@ Gives the verbosity level that is used when logging messages from | |||
395 | .Nm ssh . | 398 | .Nm ssh . |
396 | The possible values are: | 399 | The possible values are: |
397 | QUIET, FATAL, ERROR, INFO, VERBOSE, DEBUG, DEBUG1, DEBUG2 and DEBUG3. | 400 | QUIET, FATAL, ERROR, INFO, VERBOSE, DEBUG, DEBUG1, DEBUG2 and DEBUG3. |
398 | The default is INFO. DEBUG and DEBUG1 are equivalent. DEBUG2 | 401 | The default is INFO. |
399 | and DEBUG3 each specify higher levels of verbose output. | 402 | DEBUG and DEBUG1 are equivalent. |
403 | DEBUG2 and DEBUG3 each specify higher levels of verbose output. | ||
400 | .It Cm MACs | 404 | .It Cm MACs |
401 | Specifies the MAC (message authentication code) algorithms | 405 | Specifies the MAC (message authentication code) algorithms |
402 | in order of preference. | 406 | in order of preference. |
@@ -474,8 +478,8 @@ somewhere. | |||
474 | Host key management will be done using the | 478 | Host key management will be done using the |
475 | HostName of the host being connected (defaulting to the name typed by | 479 | HostName of the host being connected (defaulting to the name typed by |
476 | the user). | 480 | the user). |
477 | Setting the command to | 481 | Setting the command to |
478 | .Dq none | 482 | .Dq none |
479 | disables this option entirely. | 483 | disables this option entirely. |
480 | Note that | 484 | Note that |
481 | .Cm CheckHostIP | 485 | .Cm CheckHostIP |