| ssh_config.0 (214979) | ssh_config.0 (218767) |
|---|---|
| 1SSH_CONFIG(5) OpenBSD Programmer's Manual SSH_CONFIG(5) 2 3NAME 4 ssh_config - OpenSSH SSH client configuration files 5 6SYNOPSIS 7 ~/.ssh/config 8 /etc/ssh/ssh_config --- 299 unchanged lines hidden (view full) --- 308 Specifies whether to try rhosts based authentication with public 309 key authentication. The argument must be ``yes'' or ``no''. The 310 default is ``no''. This option applies to protocol version 2 311 only and is similar to RhostsRSAAuthentication. 312 313 HostKeyAlgorithms 314 Specifies the protocol version 2 host key algorithms that the 315 client wants to use in order of preference. The default for this | 1SSH_CONFIG(5) OpenBSD Programmer's Manual SSH_CONFIG(5) 2 3NAME 4 ssh_config - OpenSSH SSH client configuration files 5 6SYNOPSIS 7 ~/.ssh/config 8 /etc/ssh/ssh_config --- 299 unchanged lines hidden (view full) --- 308 Specifies whether to try rhosts based authentication with public 309 key authentication. The argument must be ``yes'' or ``no''. The 310 default is ``no''. This option applies to protocol version 2 311 only and is similar to RhostsRSAAuthentication. 312 313 HostKeyAlgorithms 314 Specifies the protocol version 2 host key algorithms that the 315 client wants to use in order of preference. The default for this |
| 316 option is: ``ssh-rsa,ssh-dss''. | 316 option is: |
| 317 | 317 |
| 318 ecdsa-sha2-nistp256-cert-v01@openssh.com, 319 ecdsa-sha2-nistp384-cert-v01@openssh.com, 320 ecdsa-sha2-nistp521-cert-v01@openssh.com, 321 ssh-rsa-cert-v01@openssh.com,ssh-dss-cert-v01@openssh.com, 322 ssh-rsa-cert-v00@openssh.com,ssh-dss-cert-v00@openssh.com, 323 ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, 324 ssh-rsa,ssh-dss 325 326 If hostkeys are known for the destination host then this default 327 is modified to prefer their algorithms. 328 |
|
| 318 HostKeyAlias 319 Specifies an alias that should be used instead of the real host 320 name when looking up or saving the host key in the host key 321 database files. This option is useful for tunneling SSH 322 connections or for multiple servers running on a single host. 323 324 HostName 325 Specifies the real host name to log into. This can be used to --- 9 unchanged lines hidden (view full) --- 335 Specifies that ssh(1) should only use the authentication identity 336 files configured in the ssh_config files, even if ssh-agent(1) 337 offers more identities. The argument to this keyword must be 338 ``yes'' or ``no''. This option is intended for situations where 339 ssh-agent offers many different identities. The default is 340 ``no''. 341 342 IdentityFile | 329 HostKeyAlias 330 Specifies an alias that should be used instead of the real host 331 name when looking up or saving the host key in the host key 332 database files. This option is useful for tunneling SSH 333 connections or for multiple servers running on a single host. 334 335 HostName 336 Specifies the real host name to log into. This can be used to --- 9 unchanged lines hidden (view full) --- 346 Specifies that ssh(1) should only use the authentication identity 347 files configured in the ssh_config files, even if ssh-agent(1) 348 offers more identities. The argument to this keyword must be 349 ``yes'' or ``no''. This option is intended for situations where 350 ssh-agent offers many different identities. The default is 351 ``no''. 352 353 IdentityFile |
| 343 Specifies a file from which the user's RSA or DSA authentication 344 identity is read. The default is ~/.ssh/identity for protocol 345 version 1, and ~/.ssh/id_rsa and ~/.ssh/id_dsa for protocol 346 version 2. Additionally, any identities represented by the 347 authentication agent will be used for authentication. ssh(1) 348 will try to load certificate information from the filename 349 obtained by appending -cert.pub to the path of a specified 350 IdentityFile. | 354 Specifies a file from which the user's DSA, ECDSA or DSA 355 authentication identity is read. The default is ~/.ssh/identity 356 for protocol version 1, and ~/.ssh/id_dsa, ~/.ssh/id_ecdsa and 357 ~/.ssh/id_rsa for protocol version 2. Additionally, any 358 identities represented by the authentication agent will be used 359 for authentication. ssh(1) will try to load certificate 360 information from the filename obtained by appending -cert.pub to 361 the path of a specified IdentityFile. |
| 351 352 The file name may use the tilde syntax to refer to a user's home 353 directory or one of the following escape characters: `%d' (local 354 user's home directory), `%u' (local user name), `%l' (local host 355 name), `%h' (remote host name) or `%r' (remote user name). 356 357 It is possible to have multiple identity files specified in 358 configuration files; all these identities will be tried in 359 sequence. 360 | 362 363 The file name may use the tilde syntax to refer to a user's home 364 directory or one of the following escape characters: `%d' (local 365 user's home directory), `%u' (local user name), `%l' (local host 366 name), `%h' (remote host name) or `%r' (remote user name). 367 368 It is possible to have multiple identity files specified in 369 configuration files; all these identities will be tried in 370 sequence. 371 |
| 372 IPQoS Specifies the IPv4 type-of-service or DSCP class for connections. 373 Accepted values are ``af11'', ``af12'', ``af13'', ``af14'', 374 ``af22'', ``af23'', ``af31'', ``af32'', ``af33'', ``af41'', 375 ``af42'', ``af43'', ``cs0'', ``cs1'', ``cs2'', ``cs3'', ``cs4'', 376 ``cs5'', ``cs6'', ``cs7'', ``ef'', ``lowdelay'', ``throughput'', 377 ``reliability'', or a numeric value. This option may take one or 378 two arguments, separated by whitespace. If one argument is 379 specified, it is used as the packet class unconditionally. If 380 two values are specified, the first is automatically selected for 381 interactive sessions and the second for non-interactive sessions. 382 The default is ``lowdelay'' for interactive sessions and 383 ``throughput'' for non-interactive sessions. 384 |
|
| 361 KbdInteractiveAuthentication 362 Specifies whether to use keyboard-interactive authentication. 363 The argument to this keyword must be ``yes'' or ``no''. The 364 default is ``yes''. 365 366 KbdInteractiveDevices 367 Specifies the list of methods to use in keyboard-interactive 368 authentication. Multiple method names must be comma-separated. 369 The default is to use the server specified list. The methods 370 available vary depending on what the server supports. For an 371 OpenSSH server, it may be zero or more of: ``bsdauth'', ``pam'', 372 and ``skey''. 373 | 385 KbdInteractiveAuthentication 386 Specifies whether to use keyboard-interactive authentication. 387 The argument to this keyword must be ``yes'' or ``no''. The 388 default is ``yes''. 389 390 KbdInteractiveDevices 391 Specifies the list of methods to use in keyboard-interactive 392 authentication. Multiple method names must be comma-separated. 393 The default is to use the server specified list. The methods 394 available vary depending on what the server supports. For an 395 OpenSSH server, it may be zero or more of: ``bsdauth'', ``pam'', 396 and ``skey''. 397 |
| 398 KexAlgorithms 399 Specifies the available KEX (Key Exchange) algorithms. Multiple 400 algorithms must be comma-separated. The default is: 401 402 ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521, 403 diffie-hellman-group-exchange-sha256, 404 diffie-hellman-group-exchange-sha1, 405 diffie-hellman-group14-sha1, 406 diffie-hellman-group1-sha1 407 |
|
| 374 LocalCommand 375 Specifies a command to execute on the local machine after 376 successfully connecting to the server. The command string 377 extends to the end of the line, and is executed with the user's 378 shell. The following escape character substitutions will be 379 performed: `%d' (local user's home directory), `%h' (remote host 380 name), `%l' (local host name), `%n' (host name as provided on the 381 command line), `%p' (remote port), `%r' (remote user name) or --- 57 unchanged lines hidden (view full) --- 439 440 PermitLocalCommand 441 Allow local command execution via the LocalCommand option or 442 using the !command escape sequence in ssh(1). The argument must 443 be ``yes'' or ``no''. The default is ``no''. 444 445 PKCS11Provider 446 Specifies which PKCS#11 provider to use. The argument to this | 408 LocalCommand 409 Specifies a command to execute on the local machine after 410 successfully connecting to the server. The command string 411 extends to the end of the line, and is executed with the user's 412 shell. The following escape character substitutions will be 413 performed: `%d' (local user's home directory), `%h' (remote host 414 name), `%l' (local host name), `%n' (host name as provided on the 415 command line), `%p' (remote port), `%r' (remote user name) or --- 57 unchanged lines hidden (view full) --- 473 474 PermitLocalCommand 475 Allow local command execution via the LocalCommand option or 476 using the !command escape sequence in ssh(1). The argument must 477 be ``yes'' or ``no''. The default is ``no''. 478 479 PKCS11Provider 480 Specifies which PKCS#11 provider to use. The argument to this |
| 447 keyword is the PKCS#11 shared libary ssh(1) should use to | 481 keyword is the PKCS#11 shared library ssh(1) should use to |
| 448 communicate with a PKCS#11 token providing the user's private RSA 449 key. 450 451 Port Specifies the port number to connect on the remote host. The 452 default is 22. 453 454 PreferredAuthentications 455 Specifies the order in which the client should try protocol 2 --- 153 unchanged lines hidden (view full) --- 609 3), ``ethernet'' (layer 2), or ``no''. Specifying ``yes'' 610 requests the default tunnel mode, which is ``point-to-point''. 611 The default is ``no''. 612 613 TunnelDevice 614 Specifies the tun(4) devices to open on the client (local_tun) 615 and the server (remote_tun). 616 | 482 communicate with a PKCS#11 token providing the user's private RSA 483 key. 484 485 Port Specifies the port number to connect on the remote host. The 486 default is 22. 487 488 PreferredAuthentications 489 Specifies the order in which the client should try protocol 2 --- 153 unchanged lines hidden (view full) --- 643 3), ``ethernet'' (layer 2), or ``no''. Specifying ``yes'' 644 requests the default tunnel mode, which is ``point-to-point''. 645 The default is ``no''. 646 647 TunnelDevice 648 Specifies the tun(4) devices to open on the client (local_tun) 649 and the server (remote_tun). 650 |
| 617 The argument must be local_tun [:remote_tun]. The devices may be | 651 The argument must be local_tun[:remote_tun]. The devices may be |
| 618 specified by numerical ID or the keyword ``any'', which uses the 619 next available tunnel device. If remote_tun is not specified, it 620 defaults to ``any''. The default is ``any:any''. 621 622 UsePrivilegedPort 623 Specifies whether to use a privileged port for outgoing 624 connections. The argument must be ``yes'' or ``no''. The 625 default is ``no''. If set to ``yes'', ssh(1) must be setuid --- 76 unchanged lines hidden (view full) --- 702 703AUTHORS 704 OpenSSH is a derivative of the original and free ssh 1.2.12 release by 705 Tatu Ylonen. Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, Theo 706 de Raadt and Dug Song removed many bugs, re-added newer features and 707 created OpenSSH. Markus Friedl contributed the support for SSH protocol 708 versions 1.5 and 2.0. 709 | 652 specified by numerical ID or the keyword ``any'', which uses the 653 next available tunnel device. If remote_tun is not specified, it 654 defaults to ``any''. The default is ``any:any''. 655 656 UsePrivilegedPort 657 Specifies whether to use a privileged port for outgoing 658 connections. The argument must be ``yes'' or ``no''. The 659 default is ``no''. If set to ``yes'', ssh(1) must be setuid --- 76 unchanged lines hidden (view full) --- 736 737AUTHORS 738 OpenSSH is a derivative of the original and free ssh 1.2.12 release by 739 Tatu Ylonen. Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, Theo 740 de Raadt and Dug Song removed many bugs, re-added newer features and 741 created OpenSSH. Markus Friedl contributed the support for SSH protocol 742 versions 1.5 and 2.0. 743 |
| 710OpenBSD 4.8 August 4, 2010 OpenBSD 4.8 | 744OpenBSD 4.8 December 8, 2010 OpenBSD 4.8 |