blob: 140d0ba9815df31920d055e521c6d1d294332fda [file] [log] [blame]
Ben Lindstrom9f049032002-06-21 00:59:05 +00001.\"
2.\" Author: Tatu Ylonen <ylo@cs.hut.fi>
3.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
4.\" All rights reserved
5.\"
6.\" As far as I am concerned, the code I have written for this software
7.\" can be used freely for any purpose. Any derived versions of this
8.\" software must be clearly marked as such, and if the derived work is
9.\" incompatible with the protocol description in the RFC file, it must be
10.\" called by a name other than "ssh" or "Secure Shell".
11.\"
12.\" Copyright (c) 1999,2000 Markus Friedl. All rights reserved.
13.\" Copyright (c) 1999 Aaron Campbell. All rights reserved.
14.\" Copyright (c) 1999 Theo de Raadt. All rights reserved.
15.\"
16.\" Redistribution and use in source and binary forms, with or without
17.\" modification, are permitted provided that the following conditions
18.\" are met:
19.\" 1. Redistributions of source code must retain the above copyright
20.\" notice, this list of conditions and the following disclaimer.
21.\" 2. Redistributions in binary form must reproduce the above copyright
22.\" notice, this list of conditions and the following disclaimer in the
23.\" documentation and/or other materials provided with the distribution.
24.\"
25.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
26.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
27.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
28.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
29.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
30.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
31.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
32.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
33.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
34.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
35.\"
djm@openbsd.org44732de2015-02-20 22:17:21 +000036.\" $OpenBSD: ssh_config.5,v 1.205 2015/02/20 22:17:21 djm Exp $
37.Dd $Mdocdate: February 20 2015 $
Ben Lindstrom9f049032002-06-21 00:59:05 +000038.Dt SSH_CONFIG 5
39.Os
40.Sh NAME
41.Nm ssh_config
42.Nd OpenSSH SSH client configuration files
43.Sh SYNOPSIS
Darren Tuckerbf6b3282007-02-19 22:08:17 +110044.Nm ~/.ssh/config
45.Nm /etc/ssh/ssh_config
Ben Lindstrom9f049032002-06-21 00:59:05 +000046.Sh DESCRIPTION
Damien Miller45ee2b92006-03-15 11:56:18 +110047.Xr ssh 1
Ben Lindstrom9f049032002-06-21 00:59:05 +000048obtains configuration data from the following sources in
49the following order:
Damien Miller5c853b52006-03-15 11:37:02 +110050.Pp
Ben Lindstrom479b4762002-08-20 19:04:51 +000051.Bl -enum -offset indent -compact
52.It
53command-line options
54.It
55user's configuration file
Damien Miller167ea5d2005-05-26 12:04:02 +100056.Pq Pa ~/.ssh/config
Ben Lindstrom479b4762002-08-20 19:04:51 +000057.It
58system-wide configuration file
59.Pq Pa /etc/ssh/ssh_config
60.El
Ben Lindstrom9f049032002-06-21 00:59:05 +000061.Pp
62For each parameter, the first obtained value
63will be used.
Darren Tucker43d8e282005-02-09 09:51:08 +110064The configuration files contain sections separated by
Ben Lindstrom9f049032002-06-21 00:59:05 +000065.Dq Host
66specifications, and that section is only applied for hosts that
67match one of the patterns given in the specification.
djm@openbsd.org957fbce2014-10-08 22:20:25 +000068The matched host name is usually the one given on the command line
69(see the
70.Cm CanonicalizeHostname
71option for exceptions.)
Ben Lindstrom9f049032002-06-21 00:59:05 +000072.Pp
73Since the first obtained value for each parameter is used, more
74host-specific declarations should be given near the beginning of the
75file, and general defaults at the end.
76.Pp
77The configuration file has the following format:
78.Pp
79Empty lines and lines starting with
80.Ql #
81are comments.
Ben Lindstrom9f049032002-06-21 00:59:05 +000082Otherwise a line is of the format
83.Dq keyword arguments .
84Configuration options may be separated by whitespace or
85optional whitespace and exactly one
86.Ql = ;
87the latter format is useful to avoid the need to quote whitespace
88when specifying configuration options using the
89.Nm ssh ,
Damien Miller4aea9742006-03-15 11:59:39 +110090.Nm scp ,
Ben Lindstrom9f049032002-06-21 00:59:05 +000091and
92.Nm sftp
93.Fl o
94option.
Damien Miller306d1182006-03-15 12:05:59 +110095Arguments may optionally be enclosed in double quotes
96.Pq \&"
97in order to represent arguments containing spaces.
Ben Lindstrom9f049032002-06-21 00:59:05 +000098.Pp
99The possible
100keywords and their meanings are as follows (note that
101keywords are case-insensitive and arguments are case-sensitive):
102.Bl -tag -width Ds
103.It Cm Host
104Restricts the following declarations (up to the next
105.Cm Host
Damien Miller194fd902013-10-15 12:13:05 +1100106or
107.Cm Match
Ben Lindstrom9f049032002-06-21 00:59:05 +0000108keyword) to be only for those hosts that match one of the patterns
109given after the keyword.
Damien Millerfa51b162008-11-03 19:17:33 +1100110If more than one pattern is provided, they should be separated by whitespace.
Ben Lindstrom9f049032002-06-21 00:59:05 +0000111A single
Damien Miller208f1ed2006-03-15 11:56:03 +1100112.Ql *
Ben Lindstrom9f049032002-06-21 00:59:05 +0000113as a pattern can be used to provide global
114defaults for all hosts.
djm@openbsd.org957fbce2014-10-08 22:20:25 +0000115The host is usually the
Ben Lindstrom9f049032002-06-21 00:59:05 +0000116.Ar hostname
djm@openbsd.org957fbce2014-10-08 22:20:25 +0000117argument given on the command line
118(see the
119.Cm CanonicalizeHostname
120option for exceptions.)
Damien Millerf54a4b92006-03-15 11:54:36 +1100121.Pp
Damien Millerfe924212011-05-15 08:44:45 +1000122A pattern entry may be negated by prefixing it with an exclamation mark
123.Pq Sq !\& .
124If a negated entry is matched, then the
125.Cm Host
126entry is ignored, regardless of whether any other patterns on the line
127match.
128Negated matches are therefore useful to provide exceptions for wildcard
129matches.
130.Pp
Damien Millerf54a4b92006-03-15 11:54:36 +1100131See
132.Sx PATTERNS
133for more information on patterns.
Damien Millerd77b81f2013-10-17 11:39:00 +1100134.It Cm Match
Damien Miller194fd902013-10-15 12:13:05 +1100135Restricts the following declarations (up to the next
136.Cm Host
137or
138.Cm Match
139keyword) to be used only when the conditions following the
140.Cm Match
141keyword are satisfied.
djm@openbsd.org957fbce2014-10-08 22:20:25 +0000142Match conditions are specified using one or more critera
Damien Millercf31f382013-10-24 21:02:56 +1100143or the single token
144.Cm all
djm@openbsd.org957fbce2014-10-08 22:20:25 +0000145which always matches.
146The available criteria keywords are:
147.Cm canonical ,
Damien Miller8a04be72013-10-23 16:29:40 +1100148.Cm exec ,
Damien Miller194fd902013-10-15 12:13:05 +1100149.Cm host ,
150.Cm originalhost ,
151.Cm user ,
152and
153.Cm localuser .
djm@openbsd.org957fbce2014-10-08 22:20:25 +0000154The
155.Cm all
156criteria must appear alone or immediately after
jmc@openbsd.orgb1ba15f2014-10-09 06:21:31 +0000157.Cm canonical .
djm@openbsd.org957fbce2014-10-08 22:20:25 +0000158Other criteria may be combined arbitrarily.
159All criteria but
160.Cm all
161and
162.Cm canonical
163require an argument.
164Criteria may be negated by prepending an exclamation mark
165.Pq Sq !\& .
Damien Miller194fd902013-10-15 12:13:05 +1100166.Pp
Damien Miller8e5a67f2013-10-23 16:30:25 +1100167The
djm@openbsd.org957fbce2014-10-08 22:20:25 +0000168.Cm canonical
169keywork matches only when the configuration file is being re-parsed
170after hostname canonicalization (see the
171.Cm CanonicalizeHostname
172option.)
173This may be useful to specify conditions that work with canonical host
174names only.
175The
Damien Miller8a04be72013-10-23 16:29:40 +1100176.Cm exec
Damien Miller8e5a67f2013-10-23 16:30:25 +1100177keyword executes the specified command under the user's shell.
Damien Miller194fd902013-10-15 12:13:05 +1100178If the command returns a zero exit status then the condition is considered true.
179Commands containing whitespace characters must be quoted.
Damien Miller5c86ebd2013-10-23 16:29:12 +1100180The following character sequences in the command will be expanded prior to
181execution:
182.Ql %L
183will be substituted by the first component of the local host name,
184.Ql %l
185will be substituted by the local host name (including any domain name),
186.Ql %h
187will be substituted by the target host name,
188.Ql %n
189will be substituted by the original target host name
Damien Miller8a04be72013-10-23 16:29:40 +1100190specified on the command-line,
Damien Miller5c86ebd2013-10-23 16:29:12 +1100191.Ql %p
192the destination port,
193.Ql %r
194by the remote login username, and
195.Ql %u
196by the username of the user running
197.Xr ssh 1 .
Damien Miller194fd902013-10-15 12:13:05 +1100198.Pp
199The other keywords' criteria must be single entries or comma-separated
200lists and may use the wildcard and negation operators described in the
201.Sx PATTERNS
202section.
203The criteria for the
204.Cm host
205keyword are matched against the target hostname, after any substitution
206by the
207.Cm Hostname
djm@openbsd.org957fbce2014-10-08 22:20:25 +0000208or
209.Cm CanonicalizeHostname
210options.
Damien Miller194fd902013-10-15 12:13:05 +1100211The
212.Cm originalhost
213keyword matches against the hostname as it was specified on the command-line.
214The
215.Cm user
216keyword matches against the target username on the remote host.
217The
218.Cm localuser
219keyword matches against the name of the local user running
220.Xr ssh 1
221(this keyword may be useful in system-wide
222.Nm
223files).
Damien Miller20a8f972003-05-18 20:50:30 +1000224.It Cm AddressFamily
Damien Millerfbf486b2003-05-23 18:44:23 +1000225Specifies which address family to use when connecting.
226Valid arguments are
Damien Miller20a8f972003-05-18 20:50:30 +1000227.Dq any ,
228.Dq inet
Damien Miller45ee2b92006-03-15 11:56:18 +1100229(use IPv4 only), or
Damien Miller20a8f972003-05-18 20:50:30 +1000230.Dq inet6
Darren Tucker79a7acf2005-02-09 09:48:57 +1100231(use IPv6 only).
Ben Lindstrom9f049032002-06-21 00:59:05 +0000232.It Cm BatchMode
233If set to
234.Dq yes ,
235passphrase/password querying will be disabled.
236This option is useful in scripts and other batch jobs where no user
237is present to supply the password.
238The argument must be
239.Dq yes
240or
241.Dq no .
242The default is
243.Dq no .
244.It Cm BindAddress
Darren Tucker89f4d472005-07-14 17:06:21 +1000245Use the specified address on the local machine as the source address of
Darren Tucker6c71d202005-07-14 17:06:50 +1000246the connection.
247Only useful on systems with more than one address.
Ben Lindstrom9f049032002-06-21 00:59:05 +0000248Note that this option does not work if
249.Cm UsePrivilegedPort
250is set to
251.Dq yes .
Damien Miller0faf7472013-10-17 11:47:23 +1100252.It Cm CanonicalDomains
Damien Miller607af342013-10-17 11:47:51 +1100253When
Damien Miller38505592013-10-17 11:48:13 +1100254.Cm CanonicalizeHostname
Damien Miller0faf7472013-10-17 11:47:23 +1100255is enabled, this option specifies the list of domain suffixes in which to
256search for the specified destination host.
Damien Miller38505592013-10-17 11:48:13 +1100257.It Cm CanonicalizeFallbackLocal
Damien Miller51682fa2013-10-17 11:48:31 +1100258Specifies whether to fail with an error when hostname canonicalization fails.
Damien Miller607af342013-10-17 11:47:51 +1100259The default,
Darren Tuckerb7e01c02014-01-19 22:36:13 +1100260.Dq yes ,
Damien Miller607af342013-10-17 11:47:51 +1100261will attempt to look up the unqualified hostname using the system resolver's
Damien Miller0faf7472013-10-17 11:47:23 +1100262search rules.
263A value of
Darren Tuckerb7e01c02014-01-19 22:36:13 +1100264.Dq no
Damien Miller0faf7472013-10-17 11:47:23 +1100265will cause
266.Xr ssh 1
267to fail instantly if
Damien Miller38505592013-10-17 11:48:13 +1100268.Cm CanonicalizeHostname
Damien Miller0faf7472013-10-17 11:47:23 +1100269is enabled and the target hostname cannot be found in any of the domains
270specified by
271.Cm CanonicalDomains .
Damien Miller38505592013-10-17 11:48:13 +1100272.It Cm CanonicalizeHostname
Damien Miller51682fa2013-10-17 11:48:31 +1100273Controls whether explicit hostname canonicalization is performed.
Damien Miller607af342013-10-17 11:47:51 +1100274The default,
275.Dq no ,
Damien Miller0faf7472013-10-17 11:47:23 +1100276is not to perform any name rewriting and let the system resolver handle all
277hostname lookups.
278If set to
279.Dq yes
280then, for connections that do not use a
281.Cm ProxyCommand ,
282.Xr ssh 1
Damien Miller38505592013-10-17 11:48:13 +1100283will attempt to canonicalize the hostname specified on the command line
Damien Miller0faf7472013-10-17 11:47:23 +1100284using the
285.Cm CanonicalDomains
286suffixes and
Damien Miller38505592013-10-17 11:48:13 +1100287.Cm CanonicalizePermittedCNAMEs
Damien Miller0faf7472013-10-17 11:47:23 +1100288rules.
289If
Damien Miller38505592013-10-17 11:48:13 +1100290.Cm CanonicalizeHostname
Damien Miller0faf7472013-10-17 11:47:23 +1100291is set to
292.Dq always ,
Damien Miller51682fa2013-10-17 11:48:31 +1100293then canonicalization is applied to proxied connections too.
Damien Miller13f97b22014-02-24 15:57:55 +1100294.Pp
djm@openbsd.org957fbce2014-10-08 22:20:25 +0000295If this option is enabled, then the configuration files are processed
296again using the new target name to pick up any new configuration in matching
Damien Miller13f97b22014-02-24 15:57:55 +1100297.Cm Host
djm@openbsd.org957fbce2014-10-08 22:20:25 +0000298and
299.Cm Match
Damien Miller13f97b22014-02-24 15:57:55 +1100300stanzas.
Damien Miller38505592013-10-17 11:48:13 +1100301.It Cm CanonicalizeMaxDots
Damien Miller607af342013-10-17 11:47:51 +1100302Specifies the maximum number of dot characters in a hostname before
Damien Miller51682fa2013-10-17 11:48:31 +1100303canonicalization is disabled.
Damien Miller607af342013-10-17 11:47:51 +1100304The default,
305.Dq 1 ,
306allows a single dot (i.e. hostname.subdomain).
Damien Miller38505592013-10-17 11:48:13 +1100307.It Cm CanonicalizePermittedCNAMEs
Damien Miller607af342013-10-17 11:47:51 +1100308Specifies rules to determine whether CNAMEs should be followed when
Damien Miller38505592013-10-17 11:48:13 +1100309canonicalizing hostnames.
Damien Miller0faf7472013-10-17 11:47:23 +1100310The rules consist of one or more arguments of
Damien Miller607af342013-10-17 11:47:51 +1100311.Ar source_domain_list : Ns Ar target_domain_list ,
Damien Miller0faf7472013-10-17 11:47:23 +1100312where
313.Ar source_domain_list
Damien Miller51682fa2013-10-17 11:48:31 +1100314is a pattern-list of domains that may follow CNAMEs in canonicalization,
Damien Miller0faf7472013-10-17 11:47:23 +1100315and
316.Ar target_domain_list
Damien Miller607af342013-10-17 11:47:51 +1100317is a pattern-list of domains that they may resolve to.
Damien Miller0faf7472013-10-17 11:47:23 +1100318.Pp
319For example,
320.Dq *.a.example.com:*.b.example.com,*.c.example.com
321will allow hostnames matching
322.Dq *.a.example.com
Damien Miller38505592013-10-17 11:48:13 +1100323to be canonicalized to names in the
Damien Miller0faf7472013-10-17 11:47:23 +1100324.Dq *.b.example.com
325or
326.Dq *.c.example.com
327domains.
Ben Lindstrom9f049032002-06-21 00:59:05 +0000328.It Cm ChallengeResponseAuthentication
Damien Miller1faa7132006-03-15 11:55:31 +1100329Specifies whether to use challenge-response authentication.
Ben Lindstrom9f049032002-06-21 00:59:05 +0000330The argument to this keyword must be
331.Dq yes
332or
333.Dq no .
334The default is
335.Dq yes .
336.It Cm CheckHostIP
337If this flag is set to
338.Dq yes ,
Damien Miller45ee2b92006-03-15 11:56:18 +1100339.Xr ssh 1
340will additionally check the host IP address in the
Ben Lindstrom9f049032002-06-21 00:59:05 +0000341.Pa known_hosts
342file.
343This allows ssh to detect if a host key changed due to DNS spoofing.
344If the option is set to
345.Dq no ,
346the check will not be executed.
347The default is
348.Dq yes .
349.It Cm Cipher
350Specifies the cipher to use for encrypting the session
351in protocol version 1.
352Currently,
353.Dq blowfish ,
354.Dq 3des ,
355and
356.Dq des
357are supported.
358.Ar des
359is only supported in the
Damien Miller45ee2b92006-03-15 11:56:18 +1100360.Xr ssh 1
Ben Lindstrom9f049032002-06-21 00:59:05 +0000361client for interoperability with legacy protocol 1 implementations
362that do not support the
363.Ar 3des
Damien Miller495dca32003-04-01 21:42:14 +1000364cipher.
365Its use is strongly discouraged due to cryptographic weaknesses.
Ben Lindstrom9f049032002-06-21 00:59:05 +0000366The default is
367.Dq 3des .
368.It Cm Ciphers
369Specifies the ciphers allowed for protocol version 2
370in order of preference.
371Multiple ciphers must be comma-separated.
Damien Miller0fde8ac2013-11-21 14:12:23 +1100372The supported ciphers are:
373.Pp
Damien Millerc1621c82014-04-20 13:22:46 +1000374.Bl -item -compact -offset indent
375.It
3763des-cbc
377.It
378aes128-cbc
379.It
380aes192-cbc
381.It
382aes256-cbc
383.It
384aes128-ctr
385.It
386aes192-ctr
387.It
388aes256-ctr
389.It
390aes128-gcm@openssh.com
391.It
392aes256-gcm@openssh.com
393.It
394arcfour
395.It
396arcfour128
397.It
398arcfour256
399.It
400blowfish-cbc
401.It
402cast128-cbc
403.It
404chacha20-poly1305@openssh.com
405.El
Damien Miller0fde8ac2013-11-21 14:12:23 +1100406.Pp
Damien Miller45ee2b92006-03-15 11:56:18 +1100407The default is:
Damien Millerc1621c82014-04-20 13:22:46 +1000408.Bd -literal -offset indent
409aes128-ctr,aes192-ctr,aes256-ctr,
Damien Miller1d75abf2013-01-09 16:12:19 +1100410aes128-gcm@openssh.com,aes256-gcm@openssh.com,
Damien Miller0fde8ac2013-11-21 14:12:23 +1100411chacha20-poly1305@openssh.com,
Damien Millerc1621c82014-04-20 13:22:46 +1000412arcfour256,arcfour128,
413aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,
414aes192-cbc,aes256-cbc,arcfour
Ben Lindstrom9f049032002-06-21 00:59:05 +0000415.Ed
Damien Miller0fde8ac2013-11-21 14:12:23 +1100416.Pp
417The list of available ciphers may also be obtained using the
418.Fl Q
419option of
djm@openbsd.org8f6784f2014-12-22 09:05:17 +0000420.Xr ssh 1
421with an argument of
422.Dq cipher .
Ben Lindstrom9f049032002-06-21 00:59:05 +0000423.It Cm ClearAllForwardings
Damien Miller45ee2b92006-03-15 11:56:18 +1100424Specifies that all local, remote, and dynamic port forwardings
Ben Lindstrom9f049032002-06-21 00:59:05 +0000425specified in the configuration files or on the command line be
Damien Miller495dca32003-04-01 21:42:14 +1000426cleared.
427This option is primarily useful when used from the
Damien Miller45ee2b92006-03-15 11:56:18 +1100428.Xr ssh 1
Ben Lindstrom9f049032002-06-21 00:59:05 +0000429command line to clear port forwardings set in
430configuration files, and is automatically set by
431.Xr scp 1
432and
433.Xr sftp 1 .
434The argument must be
435.Dq yes
436or
437.Dq no .
438The default is
439.Dq no .
440.It Cm Compression
441Specifies whether to use compression.
442The argument must be
443.Dq yes
444or
445.Dq no .
446The default is
447.Dq no .
448.It Cm CompressionLevel
449Specifies the compression level to use if compression is enabled.
450The argument must be an integer from 1 (fast) to 9 (slow, best).
451The default level is 6, which is good for most applications.
452The meaning of the values is the same as in
453.Xr gzip 1 .
454Note that this option applies to protocol version 1 only.
455.It Cm ConnectionAttempts
456Specifies the number of tries (one per second) to make before exiting.
457The argument must be an integer.
458This may be useful in scripts if the connection sometimes fails.
459The default is 1.
Damien Millerb78d5eb2003-05-16 11:39:04 +1000460.It Cm ConnectTimeout
Damien Miller45ee2b92006-03-15 11:56:18 +1100461Specifies the timeout (in seconds) used when connecting to the
462SSH server, instead of using the default system TCP timeout.
Damien Millerfbf486b2003-05-23 18:44:23 +1000463This value is used only when the target is down or really unreachable,
464not when it refuses the connection.
Damien Miller0e220db2004-06-15 10:34:08 +1000465.It Cm ControlMaster
466Enables the sharing of multiple sessions over a single network connection.
467When set to
Damien Miller45ee2b92006-03-15 11:56:18 +1100468.Dq yes ,
469.Xr ssh 1
Damien Miller0e220db2004-06-15 10:34:08 +1000470will listen for connections on a control socket specified using the
471.Cm ControlPath
472argument.
473Additional sessions can connect to this socket using the same
474.Cm ControlPath
475with
476.Cm ControlMaster
477set to
478.Dq no
Damien Miller2234bac2004-06-30 22:38:52 +1000479(the default).
Damien Miller713de762005-11-05 15:13:49 +1100480These sessions will try to reuse the master instance's network connection
Damien Millerb3bfbb72005-11-05 15:11:48 +1100481rather than initiating new ones, but will fall back to connecting normally
482if the control socket does not exist, or is not listening.
483.Pp
Damien Miller23f07702004-06-18 01:19:03 +1000484Setting this to
485.Dq ask
Damien Miller45ee2b92006-03-15 11:56:18 +1100486will cause ssh
Damien Miller23f07702004-06-18 01:19:03 +1000487to listen for control connections, but require confirmation using the
488.Ev SSH_ASKPASS
489program before they are accepted (see
490.Xr ssh-add 1
Damien Miller2234bac2004-06-30 22:38:52 +1000491for details).
Damien Millerdadfd4d2005-05-26 12:07:13 +1000492If the
493.Cm ControlPath
Damien Miller45ee2b92006-03-15 11:56:18 +1100494cannot be opened,
495ssh will continue without connecting to a master instance.
Damien Millerd14b1e72005-06-16 13:19:41 +1000496.Pp
Damien Miller13390022005-07-06 09:44:19 +1000497X11 and
Damien Millerfd94fba2005-07-06 09:44:59 +1000498.Xr ssh-agent 1
Damien Miller13390022005-07-06 09:44:19 +1000499forwarding is supported over these multiplexed connections, however the
Darren Tucker63551872005-12-20 16:14:15 +1100500display and agent forwarded will be the one belonging to the master
Damien Millerfd94fba2005-07-06 09:44:59 +1000501connection i.e. it is not possible to forward multiple displays or agents.
Damien Miller13390022005-07-06 09:44:19 +1000502.Pp
Damien Millerd14b1e72005-06-16 13:19:41 +1000503Two additional options allow for opportunistic multiplexing: try to use a
504master connection but fall back to creating a new one if one does not already
505exist.
506These options are:
507.Dq auto
508and
509.Dq autoask .
510The latter requires confirmation like the
511.Dq ask
512option.
Damien Miller0e220db2004-06-15 10:34:08 +1000513.It Cm ControlPath
Damien Miller6476cad2005-06-16 13:18:34 +1000514Specify the path to the control socket used for connection sharing as described
515in the
Damien Miller0e220db2004-06-15 10:34:08 +1000516.Cm ControlMaster
Damien Miller8f74c8f2005-06-26 08:56:03 +1000517section above or the string
518.Dq none
519to disable connection sharing.
Damien Miller6476cad2005-06-16 13:18:34 +1000520In the path,
Damien Millerdfc85fa2011-05-15 08:44:02 +1000521.Ql %L
522will be substituted by the first component of the local host name,
Damien Miller3ec54c72006-03-15 11:30:13 +1100523.Ql %l
Damien Millerdfc85fa2011-05-15 08:44:02 +1000524will be substituted by the local host name (including any domain name),
Damien Miller6476cad2005-06-16 13:18:34 +1000525.Ql %h
526will be substituted by the target host name,
Damien Miller486dd2e2011-05-15 08:47:18 +1000527.Ql %n
528will be substituted by the original target host name
529specified on the command line,
Damien Miller6476cad2005-06-16 13:18:34 +1000530.Ql %p
Damien Miller5c86ebd2013-10-23 16:29:12 +1100531the destination port,
Damien Miller6476cad2005-06-16 13:18:34 +1000532.Ql %r
Damien Miller9c386432014-07-03 21:27:46 +1000533by the remote login username,
Damien Millerdfc85fa2011-05-15 08:44:02 +1000534.Ql %u
535by the username of the user running
Damien Miller9c386432014-07-03 21:27:46 +1000536.Xr ssh 1 , and
Damien Miller0f123412014-07-03 21:28:09 +1000537.Ql \&%C
Damien Miller9c386432014-07-03 21:27:46 +1000538by a hash of the concatenation: %l%h%p%r.
Damien Millerd14b1e72005-06-16 13:19:41 +1000539It is recommended that any
540.Cm ControlPath
541used for opportunistic connection sharing include
djm@openbsd.orgfc302562014-11-10 22:25:49 +0000542at least %h, %p, and %r (or alternatively %C) and be placed in a directory
543that is not writable by other users.
Damien Millerd14b1e72005-06-16 13:19:41 +1000544This ensures that shared connections are uniquely identified.
Damien Millere11e1ea2010-08-03 16:04:46 +1000545.It Cm ControlPersist
546When used in conjunction with
547.Cm ControlMaster ,
548specifies that the master connection should remain open
549in the background (waiting for future client connections)
550after the initial client connection has been closed.
551If set to
552.Dq no ,
553then the master connection will not be placed into the background,
554and will close as soon as the initial client connection is closed.
555If set to
djm@openbsd.orgfc302562014-11-10 22:25:49 +0000556.Dq yes
557or
558.Dq 0 ,
Damien Millere11e1ea2010-08-03 16:04:46 +1000559then the master connection will remain in the background indefinitely
560(until killed or closed via a mechanism such as the
561.Xr ssh 1
562.Dq Fl O No exit
563option).
564If set to a time in seconds, or a time in any of the formats documented in
565.Xr sshd_config 5 ,
566then the backgrounded master connection will automatically terminate
567after it has remained idle (with no client connections) for the
568specified time.
Damien Miller2234bac2004-06-30 22:38:52 +1000569.It Cm DynamicForward
Damien Millere9d001e2006-01-14 10:10:17 +1100570Specifies that a TCP port on the local machine be forwarded
Damien Miller2234bac2004-06-30 22:38:52 +1000571over the secure channel, and the application
572protocol is then used to determine where to connect to from the
573remote machine.
Darren Tuckerc8d64212005-10-03 18:13:42 +1000574.Pp
575The argument must be
576.Sm off
577.Oo Ar bind_address : Oc Ar port .
578.Sm on
Damien Miller7fa96602010-08-05 13:03:13 +1000579IPv6 addresses can be specified by enclosing addresses in square brackets.
Darren Tuckerc8d64212005-10-03 18:13:42 +1000580By default, the local port is bound in accordance with the
581.Cm GatewayPorts
582setting.
583However, an explicit
584.Ar bind_address
585may be used to bind the connection to a specific address.
586The
587.Ar bind_address
588of
589.Dq localhost
590indicates that the listening port be bound for local use only, while an
591empty address or
592.Sq *
593indicates that the port should be available from all interfaces.
594.Pp
Damien Miller2234bac2004-06-30 22:38:52 +1000595Currently the SOCKS4 and SOCKS5 protocols are supported, and
Damien Miller45ee2b92006-03-15 11:56:18 +1100596.Xr ssh 1
Damien Miller2234bac2004-06-30 22:38:52 +1000597will act as a SOCKS server.
598Multiple forwardings may be specified, and
599additional forwardings can be given on the command line.
600Only the superuser can forward privileged ports.
Darren Tucker674f71d2003-06-28 12:33:12 +1000601.It Cm EnableSSHKeysign
602Setting this option to
603.Dq yes
604in the global client configuration file
605.Pa /etc/ssh/ssh_config
606enables the use of the helper program
607.Xr ssh-keysign 8
608during
609.Cm HostbasedAuthentication .
610The argument must be
611.Dq yes
612or
613.Dq no .
614The default is
615.Dq no .
Darren Tuckerf132c672003-10-15 15:58:18 +1000616This option should be placed in the non-hostspecific section.
Darren Tucker674f71d2003-06-28 12:33:12 +1000617See
618.Xr ssh-keysign 8
619for more information.
Ben Lindstrom9f049032002-06-21 00:59:05 +0000620.It Cm EscapeChar
621Sets the escape character (default:
622.Ql ~ ) .
623The escape character can also
624be set on the command line.
625The argument should be a single character,
626.Ql ^
627followed by a letter, or
628.Dq none
629to disable the escape
630character entirely (making the connection transparent for binary
631data).
Darren Tuckere7d4b192006-07-12 22:17:10 +1000632.It Cm ExitOnForwardFailure
633Specifies whether
634.Xr ssh 1
635should terminate the connection if it cannot set up all requested
Darren Tuckerfc5d1882007-08-15 22:20:22 +1000636dynamic, tunnel, local, and remote port forwardings.
Darren Tuckere7d4b192006-07-12 22:17:10 +1000637The argument must be
638.Dq yes
639or
640.Dq no .
641The default is
642.Dq no .
djm@openbsd.orgb79efde2014-12-21 23:12:42 +0000643.It Cm FingerprintHash
644Specifies the hash algorithm used when displaying key fingerprints.
645Valid options are:
646.Dq md5
647and
648.Dq sha256 .
djm@openbsd.orgb79efde2014-12-21 23:12:42 +0000649The default is
650.Dq sha256 .
Ben Lindstrom9f049032002-06-21 00:59:05 +0000651.It Cm ForwardAgent
652Specifies whether the connection to the authentication agent (if any)
653will be forwarded to the remote machine.
654The argument must be
655.Dq yes
656or
657.Dq no .
658The default is
659.Dq no .
Damien Milleraf653042002-09-04 16:40:37 +1000660.Pp
Damien Miller495dca32003-04-01 21:42:14 +1000661Agent forwarding should be enabled with caution.
662Users with the ability to bypass file permissions on the remote host
663(for the agent's Unix-domain socket)
664can access the local agent through the forwarded connection.
665An attacker cannot obtain key material from the agent,
Damien Milleraf653042002-09-04 16:40:37 +1000666however they can perform operations on the keys that enable them to
667authenticate using the identities loaded into the agent.
Ben Lindstrom9f049032002-06-21 00:59:05 +0000668.It Cm ForwardX11
669Specifies whether X11 connections will be automatically redirected
670over the secure channel and
671.Ev DISPLAY
672set.
673The argument must be
674.Dq yes
675or
676.Dq no .
677The default is
678.Dq no .
Damien Milleraf653042002-09-04 16:40:37 +1000679.Pp
Damien Miller495dca32003-04-01 21:42:14 +1000680X11 forwarding should be enabled with caution.
681Users with the ability to bypass file permissions on the remote host
Darren Tucker0a118da2003-10-15 15:54:32 +1000682(for the user's X11 authorization database)
Damien Miller495dca32003-04-01 21:42:14 +1000683can access the local X11 display through the forwarded connection.
Darren Tucker0a118da2003-10-15 15:54:32 +1000684An attacker may then be able to perform activities such as keystroke monitoring
685if the
686.Cm ForwardX11Trusted
687option is also enabled.
Damien Miller1ab6a512010-06-26 10:02:24 +1000688.It Cm ForwardX11Timeout
Damien Millercede1db2010-07-02 13:33:48 +1000689Specify a timeout for untrusted X11 forwarding
690using the format described in the
Damien Millerfecfd112013-07-18 16:11:50 +1000691TIME FORMATS section of
Damien Miller1ab6a512010-06-26 10:02:24 +1000692.Xr sshd_config 5 .
693X11 connections received by
694.Xr ssh 1
695after this time will be refused.
696The default is to disable untrusted X11 forwarding after twenty minutes has
697elapsed.
Darren Tucker0a118da2003-10-15 15:54:32 +1000698.It Cm ForwardX11Trusted
Darren Tuckerdcf6ec42004-05-13 13:03:56 +1000699If this option is set to
Damien Miller45ee2b92006-03-15 11:56:18 +1100700.Dq yes ,
701remote X11 clients will have full access to the original X11 display.
Damien Miller1717fd42005-03-01 21:17:31 +1100702.Pp
Darren Tucker0a118da2003-10-15 15:54:32 +1000703If this option is set to
Damien Miller45ee2b92006-03-15 11:56:18 +1100704.Dq no ,
705remote X11 clients will be considered untrusted and prevented
Darren Tucker0a118da2003-10-15 15:54:32 +1000706from stealing or tampering with data belonging to trusted X11
707clients.
Damien Miller1717fd42005-03-01 21:17:31 +1100708Furthermore, the
709.Xr xauth 1
710token used for the session will be set to expire after 20 minutes.
711Remote clients will be refused access after this time.
Darren Tucker0a118da2003-10-15 15:54:32 +1000712.Pp
713The default is
714.Dq no .
715.Pp
716See the X11 SECURITY extension specification for full details on
717the restrictions imposed on untrusted clients.
Ben Lindstrom9f049032002-06-21 00:59:05 +0000718.It Cm GatewayPorts
719Specifies whether remote hosts are allowed to connect to local
720forwarded ports.
721By default,
Damien Miller45ee2b92006-03-15 11:56:18 +1100722.Xr ssh 1
Damien Miller495dca32003-04-01 21:42:14 +1000723binds local port forwardings to the loopback address.
724This prevents other remote hosts from connecting to forwarded ports.
Ben Lindstrom9f049032002-06-21 00:59:05 +0000725.Cm GatewayPorts
Damien Miller45ee2b92006-03-15 11:56:18 +1100726can be used to specify that ssh
Ben Lindstrom9f049032002-06-21 00:59:05 +0000727should bind local port forwardings to the wildcard address,
728thus allowing remote hosts to connect to forwarded ports.
729The argument must be
730.Dq yes
731or
732.Dq no .
733The default is
734.Dq no .
735.It Cm GlobalKnownHostsFile
Damien Miller295ee632011-05-29 21:42:31 +1000736Specifies one or more files to use for the global
737host key database, separated by whitespace.
738The default is
739.Pa /etc/ssh/ssh_known_hosts ,
740.Pa /etc/ssh/ssh_known_hosts2 .
Darren Tucker0efd1552003-08-26 11:49:55 +1000741.It Cm GSSAPIAuthentication
Damien Millerbaafb982003-12-17 16:32:23 +1100742Specifies whether user authentication based on GSSAPI is allowed.
Damien Millerc2b98272003-09-03 12:13:30 +1000743The default is
Darren Tuckera044f472003-10-15 15:52:03 +1000744.Dq no .
Darren Tucker0efd1552003-08-26 11:49:55 +1000745Note that this option applies to protocol version 2 only.
746.It Cm GSSAPIDelegateCredentials
747Forward (delegate) credentials to the server.
748The default is
749.Dq no .
750Note that this option applies to protocol version 2 only.
Damien Millere1776152005-03-01 21:47:37 +1100751.It Cm HashKnownHosts
752Indicates that
Damien Miller45ee2b92006-03-15 11:56:18 +1100753.Xr ssh 1
Damien Millere1776152005-03-01 21:47:37 +1100754should hash host names and addresses when they are added to
Damien Miller167ea5d2005-05-26 12:04:02 +1000755.Pa ~/.ssh/known_hosts .
Damien Millere1776152005-03-01 21:47:37 +1100756These hashed names may be used normally by
Damien Miller45ee2b92006-03-15 11:56:18 +1100757.Xr ssh 1
Damien Millere1776152005-03-01 21:47:37 +1100758and
Damien Miller45ee2b92006-03-15 11:56:18 +1100759.Xr sshd 8 ,
Damien Millere1776152005-03-01 21:47:37 +1100760but they do not reveal identifying information should the file's contents
761be disclosed.
762The default is
763.Dq no .
Damien Miller858bb7d2006-08-05 11:34:51 +1000764Note that existing names and addresses in known hosts files
765will not be converted automatically,
766but may be manually hashed using
Damien Miller4b42d7f2005-03-01 21:48:35 +1100767.Xr ssh-keygen 1 .
Ben Lindstrom9f049032002-06-21 00:59:05 +0000768.It Cm HostbasedAuthentication
769Specifies whether to try rhosts based authentication with public key
770authentication.
771The argument must be
772.Dq yes
773or
774.Dq no .
775The default is
776.Dq no .
777This option applies to protocol version 2 only and
778is similar to
779.Cm RhostsRSAAuthentication .
djm@openbsd.org46347ed2015-01-30 11:43:14 +0000780.It Cm HostbasedKeyTypes
781Specifies the key types that will be used for hostbased authentication
782as a comma-separated pattern list.
783The default
784.Dq *
785will allow all key types.
786The
787.Fl Q
788option of
789.Xr ssh 1
790may be used to list supported key types.
Ben Lindstrom9f049032002-06-21 00:59:05 +0000791.It Cm HostKeyAlgorithms
792Specifies the protocol version 2 host key algorithms
793that the client wants to use in order of preference.
794The default for this option is:
Damien Millereb8b60e2010-08-31 22:41:14 +1000795.Bd -literal -offset 3n
796ecdsa-sha2-nistp256-cert-v01@openssh.com,
797ecdsa-sha2-nistp384-cert-v01@openssh.com,
798ecdsa-sha2-nistp521-cert-v01@openssh.com,
Damien Miller8ba0ead2013-12-18 17:46:27 +1100799ssh-ed25519-cert-v01@openssh.com,
Damien Millereb8b60e2010-08-31 22:41:14 +1000800ssh-rsa-cert-v01@openssh.com,ssh-dss-cert-v01@openssh.com,
801ssh-rsa-cert-v00@openssh.com,ssh-dss-cert-v00@openssh.com,
802ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
Damien Miller5be9d9e2013-12-07 11:24:01 +1100803ssh-ed25519,ssh-rsa,ssh-dss
Damien Millereb8b60e2010-08-31 22:41:14 +1000804.Ed
Damien Millerd925dcd2010-12-01 12:21:51 +1100805.Pp
806If hostkeys are known for the destination host then this default is modified
807to prefer their algorithms.
djm@openbsd.org8f6784f2014-12-22 09:05:17 +0000808.Pp
809The list of available key types may also be obtained using the
810.Fl Q
811option of
812.Xr ssh 1
813with an argument of
814.Dq key .
Ben Lindstrom9f049032002-06-21 00:59:05 +0000815.It Cm HostKeyAlias
816Specifies an alias that should be used instead of the
817real host name when looking up or saving the host key
818in the host key database files.
Damien Miller45ee2b92006-03-15 11:56:18 +1100819This option is useful for tunneling SSH connections
Ben Lindstrom9f049032002-06-21 00:59:05 +0000820or for multiple servers running on a single host.
821.It Cm HostName
822Specifies the real host name to log into.
823This can be used to specify nicknames or abbreviations for hosts.
Damien Millerd0244d42010-07-16 13:56:43 +1000824If the hostname contains the character sequence
825.Ql %h ,
Damien Miller486dd2e2011-05-15 08:47:18 +1000826then this will be replaced with the host name specified on the command line
Damien Millerd0244d42010-07-16 13:56:43 +1000827(this is useful for manipulating unqualified names).
Damien Milleref9f13b2014-07-03 21:26:21 +1000828The character sequence
829.Ql %%
830will be replaced by a single
831.Ql %
832character, which may be used when specifying IPv6 link-local addresses.
833.Pp
Damien Miller45ee2b92006-03-15 11:56:18 +1100834The default is the name given on the command line.
Ben Lindstrom9f049032002-06-21 00:59:05 +0000835Numeric IP addresses are also permitted (both on the command line and in
836.Cm HostName
837specifications).
Damien Millerbd394c32004-03-08 23:12:36 +1100838.It Cm IdentitiesOnly
839Specifies that
Damien Miller45ee2b92006-03-15 11:56:18 +1100840.Xr ssh 1
Damien Millerbd394c32004-03-08 23:12:36 +1100841should only use the authentication identity files configured in the
Damien Miller1a812582004-04-20 20:13:32 +1000842.Nm
Damien Millerbd394c32004-03-08 23:12:36 +1100843files,
Damien Miller45ee2b92006-03-15 11:56:18 +1100844even if
845.Xr ssh-agent 1
Damien Millercb6b68b2012-12-03 09:49:52 +1100846or a
847.Cm PKCS11Provider
Damien Millerbd394c32004-03-08 23:12:36 +1100848offers more identities.
849The argument to this keyword must be
850.Dq yes
851or
852.Dq no .
Damien Miller45ee2b92006-03-15 11:56:18 +1100853This option is intended for situations where ssh-agent
Damien Millerbd394c32004-03-08 23:12:36 +1100854offers many different identities.
855The default is
856.Dq no .
Damien Miller957d4e42005-12-13 19:30:45 +1100857.It Cm IdentityFile
sobrado@openbsd.orgf70b22b2014-08-30 15:33:50 +0000858Specifies a file from which the user's DSA, ECDSA, Ed25519 or RSA authentication
Damien Millereb8b60e2010-08-31 22:41:14 +1000859identity is read.
Damien Miller957d4e42005-12-13 19:30:45 +1100860The default is
861.Pa ~/.ssh/identity
862for protocol version 1, and
Damien Millereb8b60e2010-08-31 22:41:14 +1000863.Pa ~/.ssh/id_dsa ,
Damien Miller8ba0ead2013-12-18 17:46:27 +1100864.Pa ~/.ssh/id_ecdsa ,
865.Pa ~/.ssh/id_ed25519
Damien Miller957d4e42005-12-13 19:30:45 +1100866and
Damien Millereb8b60e2010-08-31 22:41:14 +1000867.Pa ~/.ssh/id_rsa
Damien Miller957d4e42005-12-13 19:30:45 +1100868for protocol version 2.
869Additionally, any identities represented by the authentication agent
Damien Miller7f2b4382013-07-18 16:10:29 +1000870will be used for authentication unless
871.Cm IdentitiesOnly
872is set.
Damien Miller5059d8d2010-03-05 21:31:11 +1100873.Xr ssh 1
874will try to load certificate information from the filename obtained by
875appending
876.Pa -cert.pub
877to the path of a specified
878.Cm IdentityFile .
Damien Miller6b1d53c2006-03-31 23:13:21 +1100879.Pp
Damien Miller957d4e42005-12-13 19:30:45 +1100880The file name may use the tilde
Damien Millerc6437cf2006-03-31 23:14:41 +1100881syntax to refer to a user's home directory or one of the following
Damien Miller6b1d53c2006-03-31 23:13:21 +1100882escape characters:
883.Ql %d
884(local user's home directory),
885.Ql %u
886(local user name),
887.Ql %l
888(local host name),
889.Ql %h
890(remote host name) or
Damien Millerdfc61832006-03-31 23:14:57 +1100891.Ql %r
Damien Miller6b1d53c2006-03-31 23:13:21 +1100892(remote user name).
893.Pp
Damien Miller957d4e42005-12-13 19:30:45 +1100894It is possible to have
895multiple identity files specified in configuration files; all these
896identities will be tried in sequence.
Damien Miller6029e072011-06-20 14:22:49 +1000897Multiple
898.Cm IdentityFile
899directives will add to the list of identities tried (this behaviour
900differs from that of other configuration directives).
Damien Miller7f2b4382013-07-18 16:10:29 +1000901.Pp
902.Cm IdentityFile
903may be used in conjunction with
904.Cm IdentitiesOnly
905to select which identities in an agent are offered during authentication.
Darren Tucker63e0df22013-05-16 20:30:31 +1000906.It Cm IgnoreUnknown
907Specifies a pattern-list of unknown options to be ignored if they are
908encountered in configuration parsing.
909This may be used to suppress errors if
910.Nm
911contains options that are unrecognised by
912.Xr ssh 1 .
913It is recommended that
914.Cm IgnoreUnknown
915be listed early in the configuration file as it will not be applied
916to unknown options that appear before it.
Damien Miller0dac6fb2010-11-20 15:19:38 +1100917.It Cm IPQoS
918Specifies the IPv4 type-of-service or DSCP class for connections.
919Accepted values are
920.Dq af11 ,
921.Dq af12 ,
922.Dq af13 ,
Damien Millerf6e758c2011-09-22 21:37:13 +1000923.Dq af21 ,
Damien Miller0dac6fb2010-11-20 15:19:38 +1100924.Dq af22 ,
925.Dq af23 ,
926.Dq af31 ,
927.Dq af32 ,
928.Dq af33 ,
929.Dq af41 ,
930.Dq af42 ,
931.Dq af43 ,
932.Dq cs0 ,
933.Dq cs1 ,
934.Dq cs2 ,
935.Dq cs3 ,
936.Dq cs4 ,
937.Dq cs5 ,
938.Dq cs6 ,
939.Dq cs7 ,
940.Dq ef ,
941.Dq lowdelay ,
942.Dq throughput ,
943.Dq reliability ,
944or a numeric value.
Damien Miller928362d2010-12-26 14:26:45 +1100945This option may take one or two arguments, separated by whitespace.
Damien Miller0dac6fb2010-11-20 15:19:38 +1100946If one argument is specified, it is used as the packet class unconditionally.
947If two values are specified, the first is automatically selected for
948interactive sessions and the second for non-interactive sessions.
949The default is
950.Dq lowdelay
951for interactive sessions and
952.Dq throughput
953for non-interactive sessions.
Damien Millercfb606c2007-10-26 14:24:48 +1000954.It Cm KbdInteractiveAuthentication
955Specifies whether to use keyboard-interactive authentication.
956The argument to this keyword must be
957.Dq yes
958or
959.Dq no .
960The default is
961.Dq yes .
Darren Tucker636ca902004-11-05 20:22:00 +1100962.It Cm KbdInteractiveDevices
963Specifies the list of methods to use in keyboard-interactive authentication.
964Multiple method names must be comma-separated.
965The default is to use the server specified list.
Damien Miller9cfbaec2006-03-15 11:57:55 +1100966The methods available vary depending on what the server supports.
967For an OpenSSH server,
968it may be zero or more of:
969.Dq bsdauth ,
970.Dq pam ,
971and
972.Dq skey .
Damien Millerd5f62bf2010-09-24 22:11:14 +1000973.It Cm KexAlgorithms
974Specifies the available KEX (Key Exchange) algorithms.
975Multiple algorithms must be comma-separated.
Damien Miller7fe2b1f2010-09-24 22:11:53 +1000976The default is:
977.Bd -literal -offset indent
Damien Miller0bd8f152013-11-04 08:55:43 +1100978curve25519-sha256@libssh.org,
Damien Miller7fe2b1f2010-09-24 22:11:53 +1000979ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,
980diffie-hellman-group-exchange-sha256,
Damien Miller7fe2b1f2010-09-24 22:11:53 +1000981diffie-hellman-group14-sha1,
Damien Millerc1621c82014-04-20 13:22:46 +1000982diffie-hellman-group-exchange-sha1,
Damien Miller7fe2b1f2010-09-24 22:11:53 +1000983diffie-hellman-group1-sha1
984.Ed
djm@openbsd.org8f6784f2014-12-22 09:05:17 +0000985.Pp
986The list of available key exchange algorithms may also be obtained using the
987.Fl Q
988option of
989.Xr ssh 1
990with an argument of
991.Dq kex .
Damien Millerd27b9472005-12-13 19:29:02 +1100992.It Cm LocalCommand
993Specifies a command to execute on the local machine after successfully
994connecting to the server.
995The command string extends to the end of the line, and is executed with
Darren Tucker63b31cb2007-12-02 23:09:30 +1100996the user's shell.
Darren Tuckerf6b01b72008-06-13 04:56:37 +1000997The following escape character substitutions will be performed:
998.Ql %d
999(local user's home directory),
1000.Ql %h
1001(remote host name),
1002.Ql %l
1003(local host name),
1004.Ql %n
1005(host name as provided on the command line),
1006.Ql %p
1007(remote port),
1008.Ql %r
1009(remote user name) or
1010.Ql %u
Damien Miller9c386432014-07-03 21:27:46 +10001011(local user name) or
Damien Miller0f123412014-07-03 21:28:09 +10001012.Ql \&%C
Damien Miller9c386432014-07-03 21:27:46 +10001013by a hash of the concatenation: %l%h%p%r.
Darren Tucker78be8c52010-01-08 17:05:59 +11001014.Pp
1015The command is run synchronously and does not have access to the
1016session of the
1017.Xr ssh 1
1018that spawned it.
1019It should not be used for interactive commands.
1020.Pp
Damien Millerd27b9472005-12-13 19:29:02 +11001021This directive is ignored unless
1022.Cm PermitLocalCommand
1023has been enabled.
Ben Lindstrom9f049032002-06-21 00:59:05 +00001024.It Cm LocalForward
Damien Millere9d001e2006-01-14 10:10:17 +11001025Specifies that a TCP port on the local machine be forwarded over
Ben Lindstrom9f049032002-06-21 00:59:05 +00001026the secure channel to the specified host and port from the remote machine.
Darren Tucker5ede2ad2005-03-31 21:31:10 +10001027The first argument must be
Damien Millerf91ee4c2005-03-01 21:24:33 +11001028.Sm off
Darren Tucker5ede2ad2005-03-31 21:31:10 +10001029.Oo Ar bind_address : Oc Ar port
Damien Millerf91ee4c2005-03-01 21:24:33 +11001030.Sm on
Darren Tucker5ede2ad2005-03-31 21:31:10 +10001031and the second argument must be
1032.Ar host : Ns Ar hostport .
Damien Miller7fa96602010-08-05 13:03:13 +10001033IPv6 addresses can be specified by enclosing addresses in square brackets.
Damien Millerf8c55462005-03-02 12:03:05 +11001034Multiple forwardings may be specified, and additional forwardings can be
Damien Millerf91ee4c2005-03-01 21:24:33 +11001035given on the command line.
Ben Lindstrom9f049032002-06-21 00:59:05 +00001036Only the superuser can forward privileged ports.
Damien Millerf91ee4c2005-03-01 21:24:33 +11001037By default, the local port is bound in accordance with the
1038.Cm GatewayPorts
1039setting.
1040However, an explicit
1041.Ar bind_address
1042may be used to bind the connection to a specific address.
1043The
1044.Ar bind_address
1045of
1046.Dq localhost
Damien Millerf8c55462005-03-02 12:03:05 +11001047indicates that the listening port be bound for local use only, while an
1048empty address or
1049.Sq *
Damien Millerf91ee4c2005-03-01 21:24:33 +11001050indicates that the port should be available from all interfaces.
Ben Lindstrom9f049032002-06-21 00:59:05 +00001051.It Cm LogLevel
1052Gives the verbosity level that is used when logging messages from
Damien Miller45ee2b92006-03-15 11:56:18 +11001053.Xr ssh 1 .
Ben Lindstrom9f049032002-06-21 00:59:05 +00001054The possible values are:
Damien Miller45ee2b92006-03-15 11:56:18 +11001055QUIET, FATAL, ERROR, INFO, VERBOSE, DEBUG, DEBUG1, DEBUG2, and DEBUG3.
Damien Miller495dca32003-04-01 21:42:14 +10001056The default is INFO.
1057DEBUG and DEBUG1 are equivalent.
1058DEBUG2 and DEBUG3 each specify higher levels of verbose output.
Ben Lindstrom9f049032002-06-21 00:59:05 +00001059.It Cm MACs
1060Specifies the MAC (message authentication code) algorithms
1061in order of preference.
1062The MAC algorithm is used in protocol version 2
1063for data integrity protection.
1064Multiple algorithms must be comma-separated.
Damien Milleraf43a7a2012-12-12 10:46:31 +11001065The algorithms that contain
1066.Dq -etm
1067calculate the MAC after encryption (encrypt-then-mac).
1068These are considered safer and their use recommended.
Damien Miller45ee2b92006-03-15 11:56:18 +11001069The default is:
Damien Miller5e7c30b2007-06-11 14:06:32 +10001070.Bd -literal -offset indent
Damien Milleraf43a7a2012-12-12 10:46:31 +11001071umac-64-etm@openssh.com,umac-128-etm@openssh.com,
1072hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,
Damien Millerc1621c82014-04-20 13:22:46 +10001073umac-64@openssh.com,umac-128@openssh.com,
1074hmac-sha2-256,hmac-sha2-512,
1075hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com,
1076hmac-ripemd160-etm@openssh.com,
1077hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,
1078hmac-md5,hmac-sha1,hmac-ripemd160,
Darren Tuckerecbf14a2012-07-02 18:53:37 +10001079hmac-sha1-96,hmac-md5-96
Damien Miller5e7c30b2007-06-11 14:06:32 +10001080.Ed
djm@openbsd.org8f6784f2014-12-22 09:05:17 +00001081.Pp
1082The list of available MAC algorithms may also be obtained using the
1083.Fl Q
1084option of
1085.Xr ssh 1
1086with an argument of
1087.Dq mac .
Ben Lindstrom9f049032002-06-21 00:59:05 +00001088.It Cm NoHostAuthenticationForLocalhost
1089This option can be used if the home directory is shared across machines.
1090In this case localhost will refer to a different machine on each of
1091the machines and the user will get many warnings about changed host keys.
1092However, this option disables host authentication for localhost.
1093The argument to this keyword must be
1094.Dq yes
1095or
1096.Dq no .
1097The default is to check the host key for localhost.
1098.It Cm NumberOfPasswordPrompts
1099Specifies the number of password prompts before giving up.
1100The argument to this keyword must be an integer.
Damien Miller45ee2b92006-03-15 11:56:18 +11001101The default is 3.
Ben Lindstrom9f049032002-06-21 00:59:05 +00001102.It Cm PasswordAuthentication
1103Specifies whether to use password authentication.
1104The argument to this keyword must be
1105.Dq yes
1106or
1107.Dq no .
1108The default is
1109.Dq yes .
Damien Millerd27b9472005-12-13 19:29:02 +11001110.It Cm PermitLocalCommand
1111Allow local command execution via the
1112.Ic LocalCommand
1113option or using the
Damien Miller4b2319f2005-12-13 19:30:27 +11001114.Ic !\& Ns Ar command
Damien Millerd27b9472005-12-13 19:29:02 +11001115escape sequence in
1116.Xr ssh 1 .
1117The argument must be
1118.Dq yes
1119or
1120.Dq no .
1121The default is
1122.Dq no .
Damien Miller7ea845e2010-02-12 09:21:02 +11001123.It Cm PKCS11Provider
1124Specifies which PKCS#11 provider to use.
Damien Miller8e1ea4e2010-11-20 15:20:10 +11001125The argument to this keyword is the PKCS#11 shared library
Damien Miller7ea845e2010-02-12 09:21:02 +11001126.Xr ssh 1
Damien Millera7618442010-02-12 09:26:02 +11001127should use to communicate with a PKCS#11 token providing the user's
Damien Miller7ea845e2010-02-12 09:21:02 +11001128private RSA key.
Damien Miller957d4e42005-12-13 19:30:45 +11001129.It Cm Port
1130Specifies the port number to connect on the remote host.
Damien Miller45ee2b92006-03-15 11:56:18 +11001131The default is 22.
Ben Lindstrom9f049032002-06-21 00:59:05 +00001132.It Cm PreferredAuthentications
1133Specifies the order in which the client should try protocol 2
Damien Millerfbf486b2003-05-23 18:44:23 +10001134authentication methods.
Darren Tucker1adc2bd2005-03-14 23:14:20 +11001135This allows a client to prefer one method (e.g.\&
Ben Lindstrom9f049032002-06-21 00:59:05 +00001136.Cm keyboard-interactive )
Darren Tucker1adc2bd2005-03-14 23:14:20 +11001137over another method (e.g.\&
Damien Miller544378d2010-04-16 15:52:24 +10001138.Cm password ) .
1139The default is:
1140.Bd -literal -offset indent
1141gssapi-with-mic,hostbased,publickey,
1142keyboard-interactive,password
1143.Ed
Ben Lindstrom9f049032002-06-21 00:59:05 +00001144.It Cm Protocol
1145Specifies the protocol versions
Damien Miller45ee2b92006-03-15 11:56:18 +11001146.Xr ssh 1
Ben Lindstrom9f049032002-06-21 00:59:05 +00001147should support in order of preference.
1148The possible values are
Damien Miller45ee2b92006-03-15 11:56:18 +11001149.Sq 1
Ben Lindstrom9f049032002-06-21 00:59:05 +00001150and
Damien Miller45ee2b92006-03-15 11:56:18 +11001151.Sq 2 .
Ben Lindstrom9f049032002-06-21 00:59:05 +00001152Multiple versions must be comma-separated.
Darren Tuckerbad50762009-10-11 21:51:08 +11001153When this option is set to
Darren Tucker7a4a7652009-10-11 21:51:40 +11001154.Dq 2,1
Darren Tuckerbad50762009-10-11 21:51:08 +11001155.Nm ssh
1156will try version 2 and fall back to version 1
Ben Lindstrom9f049032002-06-21 00:59:05 +00001157if version 2 is not available.
Darren Tuckerbad50762009-10-11 21:51:08 +11001158The default is
Darren Tucker7a4a7652009-10-11 21:51:40 +11001159.Sq 2 .
Ben Lindstrom9f049032002-06-21 00:59:05 +00001160.It Cm ProxyCommand
1161Specifies the command to use to connect to the server.
1162The command
Damien Miller079bac22014-07-09 13:06:25 +10001163string extends to the end of the line, and is executed
1164using the user's shell
1165.Ql exec
1166directive to avoid a lingering shell process.
1167.Pp
Damien Millerc4eddee2010-04-18 08:07:43 +10001168In the command string, any occurrence of
Ben Lindstrom9f049032002-06-21 00:59:05 +00001169.Ql %h
1170will be substituted by the host name to
Damien Millerb1b17042010-04-16 15:54:19 +10001171connect,
Ben Lindstrom9f049032002-06-21 00:59:05 +00001172.Ql %p
Damien Millerc4eddee2010-04-18 08:07:43 +10001173by the port, and
1174.Ql %r
Damien Millerb1b17042010-04-16 15:54:19 +10001175by the remote user name.
Ben Lindstrom9f049032002-06-21 00:59:05 +00001176The command can be basically anything,
1177and should read from its standard input and write to its standard output.
1178It should eventually connect an
1179.Xr sshd 8
1180server running on some machine, or execute
1181.Ic sshd -i
1182somewhere.
1183Host key management will be done using the
1184HostName of the host being connected (defaulting to the name typed by
1185the user).
Damien Miller495dca32003-04-01 21:42:14 +10001186Setting the command to
1187.Dq none
Damien Miller9f1e33a2003-02-24 11:57:32 +11001188disables this option entirely.
Ben Lindstrom9f049032002-06-21 00:59:05 +00001189Note that
1190.Cm CheckHostIP
1191is not available for connects with a proxy command.
1192.Pp
Damien Millerebcfedc2005-05-26 12:13:56 +10001193This directive is useful in conjunction with
1194.Xr nc 1
1195and its proxy support.
Damien Millerdfec2942005-05-26 12:14:32 +10001196For example, the following directive would connect via an HTTP proxy at
Damien Millerebcfedc2005-05-26 12:13:56 +10001197192.0.2.0:
1198.Bd -literal -offset 3n
1199ProxyCommand /usr/bin/nc -X connect -x 192.0.2.0:8080 %h %p
1200.Ed
Damien Miller1262b662013-08-21 02:44:24 +10001201.It Cm ProxyUseFdpass
Damien Millerf2f6c312013-08-21 02:44:58 +10001202Specifies that
Damien Miller1262b662013-08-21 02:44:24 +10001203.Cm ProxyCommand
1204will pass a connected file descriptor back to
Damien Millerf2f6c312013-08-21 02:44:58 +10001205.Xr ssh 1
Damien Miller1262b662013-08-21 02:44:24 +10001206instead of continuing to execute and pass data.
1207The default is
1208.Dq no .
Ben Lindstrom9f049032002-06-21 00:59:05 +00001209.It Cm PubkeyAuthentication
1210Specifies whether to try public key authentication.
1211The argument to this keyword must be
1212.Dq yes
1213or
1214.Dq no .
1215The default is
1216.Dq yes .
1217This option applies to protocol version 2 only.
Darren Tucker62388b22006-01-20 11:31:47 +11001218.It Cm RekeyLimit
1219Specifies the maximum amount of data that may be transmitted before the
Darren Tuckerc53c2af2013-05-16 20:28:16 +10001220session key is renegotiated, optionally followed a maximum amount of
1221time that may pass before the session key is renegotiated.
1222The first argument is specified in bytes and may have a suffix of
Damien Millerddfddf12006-01-31 21:39:03 +11001223.Sq K ,
1224.Sq M ,
Darren Tucker62388b22006-01-20 11:31:47 +11001225or
Damien Millerddfddf12006-01-31 21:39:03 +11001226.Sq G
Darren Tucker62388b22006-01-20 11:31:47 +11001227to indicate Kilobytes, Megabytes, or Gigabytes, respectively.
1228The default is between
Damien Miller45ee2b92006-03-15 11:56:18 +11001229.Sq 1G
Darren Tucker62388b22006-01-20 11:31:47 +11001230and
Damien Miller45ee2b92006-03-15 11:56:18 +11001231.Sq 4G ,
Darren Tucker62388b22006-01-20 11:31:47 +11001232depending on the cipher.
Darren Tuckerc53c2af2013-05-16 20:28:16 +10001233The optional second value is specified in seconds and may use any of the
1234units documented in the
Damien Millerfecfd112013-07-18 16:11:50 +10001235TIME FORMATS section of
Darren Tuckerc53c2af2013-05-16 20:28:16 +10001236.Xr sshd_config 5 .
1237The default value for
1238.Cm RekeyLimit
1239is
1240.Dq default none ,
1241which means that rekeying is performed after the cipher's default amount
1242of data has been sent or received and no time based rekeying is done.
Damien Millerddfddf12006-01-31 21:39:03 +11001243This option applies to protocol version 2 only.
Ben Lindstrom9f049032002-06-21 00:59:05 +00001244.It Cm RemoteForward
Damien Millere9d001e2006-01-14 10:10:17 +11001245Specifies that a TCP port on the remote machine be forwarded over
Ben Lindstrom9f049032002-06-21 00:59:05 +00001246the secure channel to the specified host and port from the local machine.
Darren Tucker5ede2ad2005-03-31 21:31:10 +10001247The first argument must be
Damien Millerf91ee4c2005-03-01 21:24:33 +11001248.Sm off
Darren Tucker5ede2ad2005-03-31 21:31:10 +10001249.Oo Ar bind_address : Oc Ar port
Damien Millerf91ee4c2005-03-01 21:24:33 +11001250.Sm on
Darren Tucker5ede2ad2005-03-31 21:31:10 +10001251and the second argument must be
1252.Ar host : Ns Ar hostport .
Damien Miller7fa96602010-08-05 13:03:13 +10001253IPv6 addresses can be specified by enclosing addresses in square brackets.
Ben Lindstrom9f049032002-06-21 00:59:05 +00001254Multiple forwardings may be specified, and additional
1255forwardings can be given on the command line.
Damien Millerde7532e2008-11-03 19:24:45 +11001256Privileged ports can be forwarded only when
1257logging in as root on the remote machine.
Damien Millere379e102009-02-14 16:34:39 +11001258.Pp
Damien Miller85c6d8a2009-02-14 16:34:21 +11001259If the
1260.Ar port
1261argument is
1262.Ql 0 ,
1263the listen port will be dynamically allocated on the server and reported
1264to the client at run time.
Damien Millerf91ee4c2005-03-01 21:24:33 +11001265.Pp
1266If the
1267.Ar bind_address
1268is not specified, the default is to only bind to loopback addresses.
1269If the
1270.Ar bind_address
1271is
1272.Ql *
1273or an empty string, then the forwarding is requested to listen on all
1274interfaces.
1275Specifying a remote
1276.Ar bind_address
Damien Millerf8c55462005-03-02 12:03:05 +11001277will only succeed if the server's
1278.Cm GatewayPorts
Damien Millerf91ee4c2005-03-01 21:24:33 +11001279option is enabled (see
Damien Millerf8c55462005-03-02 12:03:05 +11001280.Xr sshd_config 5 ) .
Damien Miller21771e22011-05-15 08:45:50 +10001281.It Cm RequestTTY
1282Specifies whether to request a pseudo-tty for the session.
1283The argument may be one of:
1284.Dq no
1285(never request a TTY),
1286.Dq yes
1287(always request a TTY when standard input is a TTY),
1288.Dq force
1289(always request a TTY) or
1290.Dq auto
1291(request a TTY when opening a login session).
1292This option mirrors the
1293.Fl t
1294and
1295.Fl T
1296flags for
1297.Xr ssh 1 .
djm@openbsd.org5e39a492014-12-04 02:24:32 +00001298.It Cm RevokedHostKeys
1299Specifies revoked host public keys.
1300Keys listed in this file will be refused for host authentication.
1301Note that if this file does not exist or is not readable,
1302then host authentication will be refused for all hosts.
1303Keys may be specified as a text file, listing one public key per line, or as
1304an OpenSSH Key Revocation List (KRL) as generated by
1305.Xr ssh-keygen 1 .
1306For more information on KRLs, see the KEY REVOCATION LISTS section in
1307.Xr ssh-keygen 1 .
Ben Lindstrom9f049032002-06-21 00:59:05 +00001308.It Cm RhostsRSAAuthentication
1309Specifies whether to try rhosts based authentication with RSA host
1310authentication.
1311The argument must be
1312.Dq yes
1313or
1314.Dq no .
1315The default is
1316.Dq no .
1317This option applies to protocol version 1 only and requires
Damien Miller45ee2b92006-03-15 11:56:18 +11001318.Xr ssh 1
Ben Lindstrom9f049032002-06-21 00:59:05 +00001319to be setuid root.
1320.It Cm RSAAuthentication
1321Specifies whether to try RSA authentication.
1322The argument to this keyword must be
1323.Dq yes
1324or
1325.Dq no .
1326RSA authentication will only be
1327attempted if the identity file exists, or an authentication agent is
1328running.
1329The default is
1330.Dq yes .
1331Note that this option applies to protocol version 1 only.
Darren Tucker46bc0752004-05-02 22:11:30 +10001332.It Cm SendEnv
1333Specifies what variables from the local
1334.Xr environ 7
1335should be sent to the server.
Damien Miller45ee2b92006-03-15 11:56:18 +11001336Note that environment passing is only supported for protocol 2.
1337The server must also support it, and the server must be configured to
Darren Tucker1e0c9bf2004-05-02 22:12:48 +10001338accept these environment variables.
Darren Tucker46bc0752004-05-02 22:11:30 +10001339Refer to
1340.Cm AcceptEnv
1341in
1342.Xr sshd_config 5
1343for how to configure the server.
Damien Miller6def5512006-03-15 11:54:05 +11001344Variables are specified by name, which may contain wildcard characters.
Darren Tucker1e0c9bf2004-05-02 22:12:48 +10001345Multiple environment variables may be separated by whitespace or spread
Darren Tucker46bc0752004-05-02 22:11:30 +10001346across multiple
1347.Cm SendEnv
1348directives.
1349The default is not to send any environment variables.
Damien Millerf54a4b92006-03-15 11:54:36 +11001350.Pp
1351See
1352.Sx PATTERNS
1353for more information on patterns.
Damien Miller509b0102003-12-17 16:33:10 +11001354.It Cm ServerAliveCountMax
Damien Millerb7977702006-01-03 18:47:31 +11001355Sets the number of server alive messages (see below) which may be
Damien Miller509b0102003-12-17 16:33:10 +11001356sent without
Damien Miller45ee2b92006-03-15 11:56:18 +11001357.Xr ssh 1
Damien Miller509b0102003-12-17 16:33:10 +11001358receiving any messages back from the server.
1359If this threshold is reached while server alive messages are being sent,
Damien Miller45ee2b92006-03-15 11:56:18 +11001360ssh will disconnect from the server, terminating the session.
Damien Miller509b0102003-12-17 16:33:10 +11001361It is important to note that the use of server alive messages is very
1362different from
1363.Cm TCPKeepAlive
1364(below).
1365The server alive messages are sent through the encrypted channel
1366and therefore will not be spoofable.
1367The TCP keepalive option enabled by
1368.Cm TCPKeepAlive
1369is spoofable.
1370The server alive mechanism is valuable when the client or
1371server depend on knowing when a connection has become inactive.
1372.Pp
1373The default value is 3.
1374If, for example,
1375.Cm ServerAliveInterval
Damien Miller45ee2b92006-03-15 11:56:18 +11001376(see below) is set to 15 and
Damien Miller509b0102003-12-17 16:33:10 +11001377.Cm ServerAliveCountMax
Damien Miller45ee2b92006-03-15 11:56:18 +11001378is left at the default, if the server becomes unresponsive,
1379ssh will disconnect after approximately 45 seconds.
Damien Millercc3e8ba2006-03-15 12:06:55 +11001380This option applies to protocol version 2 only.
Damien Miller957d4e42005-12-13 19:30:45 +11001381.It Cm ServerAliveInterval
1382Sets a timeout interval in seconds after which if no data has been received
1383from the server,
Damien Miller45ee2b92006-03-15 11:56:18 +11001384.Xr ssh 1
Damien Miller957d4e42005-12-13 19:30:45 +11001385will send a message through the encrypted
1386channel to request a response from the server.
1387The default
1388is 0, indicating that these messages will not be sent to the server.
1389This option applies to protocol version 2 only.
Damien Miller7acefbb2014-07-18 14:11:24 +10001390.It Cm StreamLocalBindMask
1391Sets the octal file creation mode mask
1392.Pq umask
1393used when creating a Unix-domain socket file for local or remote
1394port forwarding.
1395This option is only used for port forwarding to a Unix-domain socket file.
1396.Pp
1397The default value is 0177, which creates a Unix-domain socket file that is
1398readable and writable only by the owner.
1399Note that not all operating systems honor the file mode on Unix-domain
1400socket files.
1401.It Cm StreamLocalBindUnlink
1402Specifies whether to remove an existing Unix-domain socket file for local
1403or remote port forwarding before creating a new one.
1404If the socket file already exists and
1405.Cm StreamLocalBindUnlink
1406is not enabled,
1407.Nm ssh
1408will be unable to forward the port to the Unix-domain socket file.
1409This option is only used for port forwarding to a Unix-domain socket file.
1410.Pp
1411The argument must be
1412.Dq yes
1413or
1414.Dq no .
1415The default is
1416.Dq no .
Ben Lindstrom9f049032002-06-21 00:59:05 +00001417.It Cm StrictHostKeyChecking
1418If this flag is set to
1419.Dq yes ,
Damien Miller45ee2b92006-03-15 11:56:18 +11001420.Xr ssh 1
Ben Lindstrom9f049032002-06-21 00:59:05 +00001421will never automatically add host keys to the
Damien Miller167ea5d2005-05-26 12:04:02 +10001422.Pa ~/.ssh/known_hosts
Ben Lindstrom9f049032002-06-21 00:59:05 +00001423file, and refuses to connect to hosts whose host key has changed.
1424This provides maximum protection against trojan horse attacks,
Damien Miller45ee2b92006-03-15 11:56:18 +11001425though it can be annoying when the
Ben Lindstrom9f049032002-06-21 00:59:05 +00001426.Pa /etc/ssh/ssh_known_hosts
Damien Miller45ee2b92006-03-15 11:56:18 +11001427file is poorly maintained or when connections to new hosts are
Ben Lindstrom9f049032002-06-21 00:59:05 +00001428frequently made.
1429This option forces the user to manually
1430add all new hosts.
1431If this flag is set to
1432.Dq no ,
Damien Miller45ee2b92006-03-15 11:56:18 +11001433ssh will automatically add new host keys to the
Ben Lindstrom9f049032002-06-21 00:59:05 +00001434user known hosts files.
1435If this flag is set to
1436.Dq ask ,
1437new host keys
1438will be added to the user known host files only after the user
1439has confirmed that is what they really want to do, and
Damien Miller45ee2b92006-03-15 11:56:18 +11001440ssh will refuse to connect to hosts whose host key has changed.
Ben Lindstrom9f049032002-06-21 00:59:05 +00001441The host keys of
1442known hosts will be verified automatically in all cases.
1443The argument must be
1444.Dq yes ,
Damien Miller45ee2b92006-03-15 11:56:18 +11001445.Dq no ,
Ben Lindstrom9f049032002-06-21 00:59:05 +00001446or
1447.Dq ask .
1448The default is
1449.Dq ask .
Damien Miller12c150e2003-12-17 16:31:10 +11001450.It Cm TCPKeepAlive
1451Specifies whether the system should send TCP keepalive messages to the
1452other side.
1453If they are sent, death of the connection or crash of one
1454of the machines will be properly noticed.
1455However, this means that
1456connections will die if the route is down temporarily, and some people
1457find it annoying.
1458.Pp
1459The default is
1460.Dq yes
1461(to send TCP keepalive messages), and the client will notice
1462if the network goes down or the remote host dies.
1463This is important in scripts, and many users want it too.
1464.Pp
1465To disable TCP keepalive messages, the value should be set to
1466.Dq no .
Damien Millerd27b9472005-12-13 19:29:02 +11001467.It Cm Tunnel
Damien Miller991dba42006-07-10 20:16:27 +10001468Request
Damien Millerd27b9472005-12-13 19:29:02 +11001469.Xr tun 4
Damien Miller7746c392005-12-13 19:33:37 +11001470device forwarding between the client and the server.
Damien Millerd27b9472005-12-13 19:29:02 +11001471The argument must be
Damien Miller7b58e802005-12-13 19:33:19 +11001472.Dq yes ,
Damien Miller991dba42006-07-10 20:16:27 +10001473.Dq point-to-point
1474(layer 3),
1475.Dq ethernet
1476(layer 2),
Damien Millerd27b9472005-12-13 19:29:02 +11001477or
1478.Dq no .
Damien Miller991dba42006-07-10 20:16:27 +10001479Specifying
1480.Dq yes
1481requests the default tunnel mode, which is
1482.Dq point-to-point .
Damien Millerd27b9472005-12-13 19:29:02 +11001483The default is
1484.Dq no .
1485.It Cm TunnelDevice
Damien Miller991dba42006-07-10 20:16:27 +10001486Specifies the
Damien Millerd27b9472005-12-13 19:29:02 +11001487.Xr tun 4
Damien Miller991dba42006-07-10 20:16:27 +10001488devices to open on the client
1489.Pq Ar local_tun
1490and the server
1491.Pq Ar remote_tun .
1492.Pp
1493The argument must be
1494.Sm off
1495.Ar local_tun Op : Ar remote_tun .
1496.Sm on
1497The devices may be specified by numerical ID or the keyword
1498.Dq any ,
1499which uses the next available tunnel device.
1500If
1501.Ar remote_tun
1502is not specified, it defaults to
1503.Dq any .
1504The default is
1505.Dq any:any .
djm@openbsd.org1d1092b2015-01-26 12:16:36 +00001506.It Cm UpdateHostKeys
djm@openbsd.org8d4f8722015-01-26 03:04:45 +00001507Specifies whether
1508.Xr ssh 1
1509should accept notifications of additional hostkeys from the server sent
1510after authentication has completed and add them to
1511.Cm UserKnownHostsFile .
1512The argument must be
djm@openbsd.org523463a2015-02-16 22:13:32 +00001513.Dq yes ,
djm@openbsd.org15ad7502015-02-02 07:41:40 +00001514.Dq no
djm@openbsd.org523463a2015-02-16 22:13:32 +00001515(the default) or
1516.Dq ask .
djm@openbsd.org8d4f8722015-01-26 03:04:45 +00001517Enabling this option allows learning alternate hostkeys for a server
djm@openbsd.org1d1092b2015-01-26 12:16:36 +00001518and supports graceful key rotation by allowing a server to send replacement
1519public keys before old ones are removed.
djm@openbsd.org8d4f8722015-01-26 03:04:45 +00001520Additional hostkeys are only accepted if the key used to authenticate the
1521host was already trusted or explicity accepted by the user.
djm@openbsd.org523463a2015-02-16 22:13:32 +00001522If
1523.Cm UpdateHostKeys
1524is set to
1525.Dq ask ,
1526then the user is asked to confirm the modifications to the known_hosts file.
djm@openbsd.org44732de2015-02-20 22:17:21 +00001527Confirmation is currently incompatible with
1528.Cm ControlPersist ,
1529and will be disabled if it is enabled.
djm@openbsd.org8d4f8722015-01-26 03:04:45 +00001530.Pp
1531Presently, only
1532.Xr sshd 8
1533from OpenSSH 6.8 and greater support the
1534.Dq hostkeys@openssh.com
1535protocol extension used to inform the client of all the server's hostkeys.
Damien Millere8cd7412005-12-24 14:55:47 +11001536.It Cm UsePrivilegedPort
1537Specifies whether to use a privileged port for outgoing connections.
1538The argument must be
1539.Dq yes
1540or
1541.Dq no .
1542The default is
1543.Dq no .
1544If set to
Damien Miller45ee2b92006-03-15 11:56:18 +11001545.Dq yes ,
1546.Xr ssh 1
Damien Millere8cd7412005-12-24 14:55:47 +11001547must be setuid root.
1548Note that this option must be set to
1549.Dq yes
1550for
1551.Cm RhostsRSAAuthentication
1552with older servers.
Ben Lindstrom9f049032002-06-21 00:59:05 +00001553.It Cm User
1554Specifies the user to log in as.
1555This can be useful when a different user name is used on different machines.
1556This saves the trouble of
1557having to remember to give the user name on the command line.
1558.It Cm UserKnownHostsFile
Damien Miller295ee632011-05-29 21:42:31 +10001559Specifies one or more files to use for the user
1560host key database, separated by whitespace.
1561The default is
1562.Pa ~/.ssh/known_hosts ,
1563.Pa ~/.ssh/known_hosts2 .
Damien Miller37876e92003-05-15 10:19:46 +10001564.It Cm VerifyHostKeyDNS
1565Specifies whether to verify the remote key using DNS and SSHFP resource
1566records.
Damien Miller150b5572003-11-17 21:19:29 +11001567If this option is set to
1568.Dq yes ,
Damien Millerfe448472003-11-17 21:19:49 +11001569the client will implicitly trust keys that match a secure fingerprint
Damien Miller150b5572003-11-17 21:19:29 +11001570from DNS.
1571Insecure fingerprints will be handled as if this option was set to
1572.Dq ask .
1573If this option is set to
1574.Dq ask ,
1575information on fingerprint match will be displayed, but the user will still
1576need to confirm new host keys according to the
1577.Cm StrictHostKeyChecking
1578option.
1579The argument must be
1580.Dq yes ,
Damien Miller45ee2b92006-03-15 11:56:18 +11001581.Dq no ,
Damien Millerfe448472003-11-17 21:19:49 +11001582or
1583.Dq ask .
Damien Miller37876e92003-05-15 10:19:46 +10001584The default is
1585.Dq no .
Damien Millereacbb4f2003-06-02 19:10:41 +10001586Note that this option applies to protocol version 2 only.
Damien Miller45ee2b92006-03-15 11:56:18 +11001587.Pp
Damien Millerfecfd112013-07-18 16:11:50 +10001588See also VERIFYING HOST KEYS in
Damien Miller45ee2b92006-03-15 11:56:18 +11001589.Xr ssh 1 .
Damien Miller10288242008-06-30 00:04:03 +10001590.It Cm VisualHostKey
1591If this flag is set to
1592.Dq yes ,
1593an ASCII art representation of the remote host key fingerprint is
djm@openbsd.orgb79efde2014-12-21 23:12:42 +00001594printed in addition to the fingerprint string at login and
Damien Millera414cd32008-11-03 19:25:21 +11001595for unknown host keys.
Damien Miller10288242008-06-30 00:04:03 +10001596If this flag is set to
1597.Dq no ,
Damien Millera414cd32008-11-03 19:25:21 +11001598no fingerprint strings are printed at login and
djm@openbsd.orgb79efde2014-12-21 23:12:42 +00001599only the fingerprint string will be printed for unknown host keys.
Damien Miller10288242008-06-30 00:04:03 +10001600The default is
1601.Dq no .
Ben Lindstrom9f049032002-06-21 00:59:05 +00001602.It Cm XAuthLocation
Damien Miller05913ba2002-09-04 16:51:03 +10001603Specifies the full pathname of the
Ben Lindstrom9f049032002-06-21 00:59:05 +00001604.Xr xauth 1
1605program.
1606The default is
1607.Pa /usr/X11R6/bin/xauth .
1608.El
Damien Millerb5282c22006-03-15 11:59:08 +11001609.Sh PATTERNS
1610A
1611.Em pattern
1612consists of zero or more non-whitespace characters,
1613.Sq *
1614(a wildcard that matches zero or more characters),
1615or
1616.Sq ?\&
1617(a wildcard that matches exactly one character).
1618For example, to specify a set of declarations for any host in the
1619.Dq .co.uk
1620set of domains,
1621the following pattern could be used:
1622.Pp
1623.Dl Host *.co.uk
1624.Pp
1625The following pattern
1626would match any host in the 192.168.0.[0-9] network range:
1627.Pp
1628.Dl Host 192.168.0.?
1629.Pp
1630A
1631.Em pattern-list
1632is a comma-separated list of patterns.
1633Patterns within pattern-lists may be negated
1634by preceding them with an exclamation mark
1635.Pq Sq !\& .
1636For example,
Damien Miller51682fa2013-10-17 11:48:31 +11001637to allow a key to be used from anywhere within an organization
Damien Millerb5282c22006-03-15 11:59:08 +11001638except from the
1639.Dq dialup
1640pool,
1641the following entry (in authorized_keys) could be used:
1642.Pp
1643.Dl from=\&"!*.dialup.example.com,*.example.com\&"
Ben Lindstrom9f049032002-06-21 00:59:05 +00001644.Sh FILES
1645.Bl -tag -width Ds
Damien Miller167ea5d2005-05-26 12:04:02 +10001646.It Pa ~/.ssh/config
Ben Lindstrom9f049032002-06-21 00:59:05 +00001647This is the per-user configuration file.
1648The format of this file is described above.
Damien Miller45ee2b92006-03-15 11:56:18 +11001649This file is used by the SSH client.
Damien Millerc970cb92004-04-20 20:12:53 +10001650Because of the potential for abuse, this file must have strict permissions:
1651read/write for the user, and not accessible by others.
Ben Lindstrom9f049032002-06-21 00:59:05 +00001652.It Pa /etc/ssh/ssh_config
1653Systemwide configuration file.
1654This file provides defaults for those
1655values that are not specified in the user's configuration file, and
1656for those users who do not have a configuration file.
1657This file must be world-readable.
1658.El
Damien Millerf1ce5052003-06-11 22:04:39 +10001659.Sh SEE ALSO
1660.Xr ssh 1
Ben Lindstrom9f049032002-06-21 00:59:05 +00001661.Sh AUTHORS
1662OpenSSH is a derivative of the original and free
1663ssh 1.2.12 release by Tatu Ylonen.
1664Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos,
1665Theo de Raadt and Dug Song
1666removed many bugs, re-added newer features and
1667created OpenSSH.
1668Markus Friedl contributed the support for SSH
1669protocol versions 1.5 and 2.0.