|
Hopefully, this page is exactly what you are looking for, but if not, you can always find further assistance on Unix/Linux Forum!
File Formats ssh_config(4)
NAME
ssh_config - ssh configuration file
SYNOPSIS
/etc/ssh/ssh_config
$HOME/.ssh/config
DESCRIPTION
The first ssh_config path, above, provides the system-wide
defaults for ssh(1). The second version is user-specific
defaults for ssh.
ssh obtains configuration data from the following sources
(in this order): command line options, user's configuration
file ($HOME/.ssh/config), and system-wide configuration file
(/etc/ssh/ssh_config). For each parameter, the first
obtained value will be used. The configuration files contain
sections bracketed by Host specifications, and that section
is applied only for hosts that match one of the patterns
given in the specification. The matched host name is the one
given on the command line.
Since the first obtained value for each parameter is used,
host-specific declarations should be given near the begin-
ning of the file, and general defaults at the end.
For each parameter, the first obtained value will be used.
The configuration files contain sections bracketed by "Host"
specifications. A given section is applied only for hosts
that match one of the patterns given in the specification.
The matched host name is the one given on the command line.
Because the first obtained value for each parameter is used,
more host-specific declarations should be given near the
beginning of the file and general defaults at the end.
The configuration file has the following format and syntax:
o Empty lines and lines starting with # are comments.
o Non-commented lines are of the form:
keyword arguments
o Configuration options can be separated by whitespace or
optional whitespace and exactly one equal sign. The
latter format allows you to avoid the need to quote
whitespace when specifying configuration options using
the -o option to ssh, scp, and sftp.
SunOS 5.10 Last change: 21 Aug 2006 1
File Formats ssh_config(4)
The possible keywords and their meanings are listed below.
Note that keywords are case-insensitive and arguments are
case-sensitive.
BatchMode
The argument must be yes or no. If set to yes,
passphrase/password querying will be disabled. This
option is useful in scripts and other batch jobs where
you have no user to supply the password.
BindAddress
Specify the interface to transmit from on machines with
multiple interfaces or aliased addresses. Note that this
option does not work if UsePrivilegedPort is set to yes.
CheckHostIP
If this flag is set to yes, ssh will additionally check
the host IP address in the known_hosts file. This allows
ssh to detect if a host key changed due to DNS spoofing.
If the option is set to no, the check will not be exe-
cuted.
Cipher
Specifies the cipher to use for encrypting the session
in protocol version 1; blowfish and 3des are the only
valid values.
Ciphers
Specifies the ciphers allowed for protocol version 2 in
order of preference. Multiple ciphers must be comma-
separated. The default is:
aes128-ctr,aes128-cbc,arcfour,3des-cbc,blowfish-cbc
ClearAllForwardings
SunOS 5.10 Last change: 21 Aug 2006 2
File Formats ssh_config(4)
Specifies that all local, remote, and dynamic port for-
wardings specified in the configuration files or on the
command line be cleared. This option is primarily useful
when used from the ssh command line to clear port for-
wardings set in configuration files and is automatically
set by scp(1) and sftp(1). The argument must be yes or
no. The default is no.
Compression
Specifies whether to use compression. The argument must
be yes or no. Defaults to no.
CompressionLevel
Specifies the compression level to use if compression is
enabled. The argument must be an integer from 1 (fast)
to 9 (slow, best). The default level is 6, which is good
for most applications. kNote that this option applies to
protocol version 1 only.
ConnectionAttempts
Specifies the number of tries (one per second) to make
before falling back to rsh or exiting. The argument must
be an integer. This can be useful in scripts if the con-
nection sometimes fails. The default is 1.
DynamicForward
Specifies that a TCP/IP port on the local machine be
forwarded over the secure channel. The application pro-
tocol is then used to determine where to connect to from
the remote machine. The argument must be a port number.
Currently the SOCKS4 protocol is supported, and ssh will
act as a SOCKS4 server. Multiple forwardings can be
specified and additional forwardings can be specified on
the command line. Only the superuser can forward
privileged ports.
EscapeChar
SunOS 5.10 Last change: 21 Aug 2006 3
File Formats ssh_config(4)
Sets the escape character. The default is tilde (~). The
escape character can also be set on the command line.
The argument should be a single character, ^, followed
by a letter, or none to disable the escape character
entirely (making the connection transparent for binary
data).
FallBackToRsh
Specifies that if connecting with ssh fails due to a
connection refused error (there is no sshd(8) listening
on the remote host), rsh(1) should automatically be used
instead (after a suitable warning about the session
being unencrypted). The argument must be yes or no.
ForwardAgent
Specifies whether the connection to the authentication
agent (if any) will be forwarded to the remote machine.
The argument must be yes or no. The default is no.
Agent forwarding should be enabled with caution. Users
with the ability to bypass file permissions on the
remote host (for the agent's Unix-domain socket) can
access the local agent through the forwarded connection.
An attacker cannot obtain key material from the agent,
however he can perform operations on the keys that
enable him to authenticate using the identities loaded
into the agent.
ForwardX11
Specifies whether X11 connections will be automatically
redirected over the secure channel and DISPLAY set. The
argument must be yes or no. The default is no.
X11 forwarding should be enabled with caution. Users
with the ability to bypass file permissions on the
remote host (for the user's X authorization database)
can access the local X11 display through the forwarded
connection. An attacker might then be able to perform
activities such as keystroke monitoring.
SunOS 5.10 Last change: 21 Aug 2006 4
File Formats ssh_config(4)
GatewayPorts
Specifies whether remote hosts are allowed to connect to
local forwarded ports. By default, ssh binds local port
forwardings to the loopback address. This prevents other
remote hosts from connecting to forwarded ports.
GatewayPorts can be used to specify that ssh should bind
local port forwardings to the wildcard address, thus
allowing remote hosts to connect to forwarded ports. The
argument must be yes or no. The default is no.
GlobalKnownHostsFile
Specifies a file to use instead of
/etc/ssh/ssh_known_hosts.
GSSAPIAuthentication
Enables/disables GSS-API user authentication. The
default is yes.
GSSAPIDelegateCredentials
Enables/disables GSS-API credential forwarding. The
default is no.
GSSAPIKeyExchange
Enables/disables GSS-API-authenticated key exchanges.
The default is yes.
This option is intended primarily to allow users to dis-
able the use of GSS-API key exchange for SSHv2 when it
would otherwise be selected and then fail (due to server
misconfiguration, for example). SSHv2 key exchange
failure always results in disconnection.
This option also enables the use of the GSS-API to
authenticate the user to the server after the key
exchange. Note that GSS-API key exchange can succeed but
the subsequent authentication using the GSS-API fail if
the server does not authorize the user's GSS principal
name to the target user account.
SunOS 5.10 Last change: 21 Aug 2006 5
File Formats ssh_config(4)
GSSAPIStoreDelegatedCredentials
Controls whether sshd(1M) stores any GSS-API credentials
delegated by clients.
Host
Restricts the following declarations (up to the next
Host keyword) to be only for those hosts that match one
of the patterns given after the keyword. An asterisk (*)
and a question mark (?) can be used as wildcards in the
patterns. A single asterisk as a pattern can be used to
provide global defaults for all hosts. The host is the
host name argument given on the command line (that is,
the name is not converted to a canonicalized host name
before matching).
HostbasedAuthentication
Specifies whether to try rhosts-based authentication
with public key authentication. The argument must be yes
or no. The default is no. This option applies to proto-
col version 2 only and is similar to RhostsRSAAuthenti-
cation.
HostKeyAlgorithms
Specifies the protocol version 2 host key algorithms
that the client wants to use in order of preference. The
default for this option is: ssh-rsa,ssh-dss.
HostKeyAlias
Specifies an alias that should be used instead of the
real host name when looking up or saving the host key in
the host key database files. This option is useful for
tunneling ssh connections or for multiple servers run-
ning on a single host.
HostName
Specifies the real host name to log into. This can be
SunOS 5.10 Last change: 21 Aug 2006 6
File Formats ssh_config(4)
used to specify nicknames or abbreviations for hosts.
Default is the name given on the command line. Numeric
IP addresses are also permitted (both on the command
line and in HostName specifications).
IdentityFile
Specifies a file from which the user's RSA or DSA
authentication identity is read. The default is
$HOME/.ssh/identity for protocol version 1 and
$HOME/.ssh/id_rsa and $HOME/.ssh/id_dsa for protocol
version 2. Additionally, any identities represented by
the authentication agent will be used for authentica-
tion. The file name can use the tilde syntax to refer to
a user's home directory. It is possible to have multiple
identity files specified in configuration files; all
these identities will be tried in sequence.
KeepAlive
Specifies whether the system should send TCP keepalive
messages to the other side. If they are sent, death of
the connection or crash of one of the machines will be
properly noticed. However, this means that connections
die if the route is down temporarily, which can be a
source of annoyance.
The default is yes (to send keepalives), which means the
client notices if the network goes down or the remote
host dies. This is important in scripts, and many users
want it too. To disable keepalives, the value should be
set to no in both the server and the client configura-
tion files.
LocalForward
Specifies that a TCP/IP port on the local machine be
forwarded over the secure channel to a given host:port
from the remote machine. The first argument must be a
port number, and the second must be host:port. IPv6
addresses can be specified with an alternative syntax:
host/port. Multiple forwardings can be specified and
additional forwardings can be given on the command line.
Only the superuser can forward privileged ports.
SunOS 5.10 Last change: 21 Aug 2006 7
File Formats ssh_config(4)
LogLevel
Gives the verbosity level that is used when logging mes-
sages from ssh. The possible values are: FATAL, ERROR,
QUIET, INFO, VERBOSE, DEBUG, DEBUG1, DEBUG2, and DEBUG3.
The default is INFO. DEBUG and DEBUG1 are equivalent.
DEBUG2 and DEBUG3 each specify higher levels of verbose
output.
MACs
Specifies the MAC (message authentication code) algo-
rithms in order of preference. The MAC algorithm is used
in protocol version 2 for data integrity protection.
Multiple algorithms must be comma-separated. The default
is hmac-md5,hmac-sha1,hmac-sha1-96,hmac-md5-96.
NoHostAuthenticationForLocalhost
This option can be used if the home directory is shared
across machines. In this case localhost will refer to a
different machine on each of the machines and the user
will get many warnings about changed host keys. However,
this option disables host authentication for localhost.
The argument to this keyword must be yes or no. The
default is to check the host key for localhost.
NumberOfPasswordPrompts
Specifies the number of password prompts before giving
up. The argument to this keyword must be an integer. The
default is 3.
PasswordAuthentication
Specifies whether to use password authentication. The
argument to this keyword must be yes or no. Note that
this option applies to both protocol versions 1 and 2.
The default is yes.
Port
SunOS 5.10 Last change: 21 Aug 2006 8
File Formats ssh_config(4)
Specifies the port number to connect on the remote host.
The default is 22.
PreferredAuthentications
Specifies the order in which the client should try pro-
tocol 2 authentication methods. This allows a client to
prefer one method (for example, keyboard-interactive)
over another method (for example, password). The default
for this option is: hostbased,publickey,keyboard-
interactive,password.
Protocol
Specifies the protocol versions ssh should support in
order of preference. The possible values are 1 and 2.
Multiple versions must be comma-separated. The default
is 2,1. This means that ssh tries version 2 and falls
back to version 1 if version 2 is not available.
ProxyCommand
Specifies the command to use to connect to the server.
The command string extends to the end of the line, and
is executed with /bin/sh. In the command string, %h is
substituted by the host name to connect and %p by the
port. The string can be any valid command, and should
read from its standard input and write to its standard
output. It should eventually connect an sshd(1M) server
running on some machine, or execute sshd -i somewhere.
Host key management will be done using the HostName of
the host being connected (defaulting to the name typed
by the user). Note that CheckHostIP is not available for
connects with a proxy command.
PubkeyAuthentication
Specifies whether to try public key authentication. The
argument to this keyword must be yes or no. The default
is yes. This option applies to protocol version 2 only.
SunOS 5.10 Last change: 21 Aug 2006 9
File Formats ssh_config(4)
RemoteForward
Specifies that a TCP/IP port on the remote machine be
forwarded over the secure channel to a given host:port
from the local machine. The first argument must be a
port number, and the second must be host:port. IPv6
addresses can be specified with an alternative syntax:
host/port. You can specify multiple forwardings and give
additional forwardings on the command line. Only the
superuser can forward privileged ports.
RhostsAuthentication
Specifies whether to try rhosts-based authentication.
Note that this declaration affects only the client side
and has no effect whatsoever on security. Disabling
rhosts authentication can reduce authentication time on
slow connections when rhosts authentication is not used.
Most servers do not permit RhostsAuthentication because
it is not secure (see RhostsRSAAuthentication). The
argument to this keyword must be yes or no. This option
applies only to the protocol version 1 and requires that
ssh be setuid root and that UsePrivilegedPort be set to
yes.
RhostsRSAAuthentication
Specifies whether to try rhosts-based authentication
with RSA host authentication. This is the primary
authentication method for most sites. The argument must
be yes or no. This option applies only to the protocol
version 1 and requires that ssh be setuid root and that
UsePrivilegedPort be set to yes.
StrictHostKeyChecking
If this flag is set to yes, ssh will never automatically
add host keys to the $HOME/.ssh/known_hosts file, and
will refuse to connect hosts whose host key has changed.
This provides maximum protection against trojan horse
attacks. However, it can be a source of inconvenience if
you do not have good /etc/ssh/ssh_known_hosts files
installed and frequently connect new hosts. This option
forces the user to manually add any new hosts. Normally
this option is disabled, and new hosts will automati-
cally be added to the known host files. The host keys of
SunOS 5.10 Last change: 21 Aug 2006 10
File Formats ssh_config(4)
known hosts will be verified automatically in either
case. The argument must be yes or no or ask. The default
is ask.
UsePrivilegedPort
Specifies whether to use a privileged port for outgoing
connections. The argument must be yes or no. The default
is yes. Note that setting this option to no turns off
RhostsAuthentication and RhostsRSAAuthentication. If set
to yes ssh must be setuid root. Defaults to no.
User
Specifies the user to log in as. This can be useful if
you have different user names on different machines.
This saves you the trouble of having to remember to
enter the user name on the command line.
UserKnownHostsFile
Specifies a file to use instead of
$HOME/.ssh/known_hosts.
UseRsh
Specifies that rlogin or rsh should be used for this
host. It is possible that the host does not support the
ssh protocol. This causes ssh to immediately execute
rsh(1). All other options (except HostName) are ignored
if this has been specified. The argument must be yes or
no.
XAuthLocation
Specifies the location of the xauth(1) program. The
default is /usr/openwin/bin/xauth.
SEE ALSO
SunOS 5.10 Last change: 21 Aug 2006 11
File Formats ssh_config(4)
ssh(1), ssh-http-proxy-connect(1), ssh-socks5-proxy-
connect(1), sshd(1M), sshd_config(4), kerberos(5)
SunOS 5.10 Last change: 21 Aug 2006 12
Man(1) output converted with
man2html and wrapped by fishsponge
This page was generated on Wed Sep 12 11:27:32 GMT 2007
|
Your favourite pages:
No pages logged yet.
Trying to save cookie... Top 10 most popular pages:
CPAN man page (4333 hits)
(Suse Linux 10.1)
ssh man page (4186 hits)
(Suse Linux 10.1)
adv_cap_autoneg man page (4148 hits)
(Solaris 10 11_06)
sqlite3 man page (4071 hits)
(openSUSE 10.2)
svn man page (3249 hits)
(FreeBSD 6.2)
startproc man page (1908 hits)
(Suse Linux 10.1)
pprosetup man page (1667 hits)
(Solaris 10 11_06)
netcat man page (1613 hits)
(Suse Linux 10.1)
signal man page (1592 hits)
(Suse Linux 10.1)
ssh-socks5-proxy-connect man page (1558 hits)
(Solaris 10 11_06)
|
Man Pages 
