Lines Matching +full:ipv6 +full:- +full:single +full:- +full:target
4 ssh_config M-bM-^@M-^S OpenSSH SSH client configuration files
14 1. command-line options
16 3. system-wide configuration file (/etc/ssh/ssh_config)
25 Since the first obtained value for each parameter is used, more host-
29 The file contains keyword-argument pairs, one per line. Lines starting
30 with M-bM-^@M-^X#M-bM-^@M-^Y and empty lines are interpreted as comments. Arguments may
33 whitespace or optional whitespace and exactly one M-bM-^@M-^X=M-bM-^@M-^Y; the latter format
35 configuration options using the ssh, scp, and sftp -o option.
38 keywords are case-insensitive and arguments are case-sensitive):
43 provided, they should be separated by whitespace. A single M-bM-^@M-^X*M-bM-^@M-^Y
50 exclamation mark (M-bM-^@M-^X!M-bM-^@M-^Y). If a negated entry is matched, then the
60 using one or more criteria or the single token all which always
66 exclamation mark (M-bM-^@M-^X!M-bM-^@M-^Y).
69 being re-parsed after hostname canonicalization (see the
78 The other keywords' criteria must be single entries or comma-
81 keyword are matched against the target hostname, after any
84 specified on the command-line. The user keyword matches against
85 the target username on the remote host. The localuser keyword
87 keyword may be useful in system-wide ssh_config files).
91 ssh-agent(1). If this option is set to yes and a key is loaded
93 with the default lifetime, as if by ssh-add(1). If this option
95 SSH_ASKPASS program before adding a key (see ssh-add(1) for
97 must be confirmed, as if the -c option was specified to
98 ssh-add(1). If this option is set to no, no keys are added to
105 (use IPv6 only).
129 CanonicalizeHostname is enabled and the target hostname cannot be
144 processed again using the new target name to pick up any new
150 single dot (i.e. hostname.subdomain).
156 source_domain_list is a pattern-list of domains that may follow
157 CNAMEs in canonicalization, and target_domain_list is a pattern-
168 use this certificate either from an IdentityFile directive or -i
169 flag to ssh(1), via ssh-agent(1), or via a PKCS11Provider.
181 Specifies whether to use challenge-response authentication. The
201 preference. Multiple ciphers must be comma-separated. If the
202 specified value begins with a M-bM-^@M-^X+M-bM-^@M-^Y character, then the specified
204 them. If the specified value begins with a M-bM-^@M-^X-M-bM-^@M-^Y character, then
210 3des-cbc
211 aes128-cbc
212 aes192-cbc
213 aes256-cbc
214 aes128-ctr
215 aes192-ctr
216 aes256-ctr
217 aes128-gcm@openssh.com
218 aes256-gcm@openssh.com
222 blowfish-cbc
223 cast128-cbc
224 chacha20-poly1305@openssh.com
228 chacha20-poly1305@openssh.com,
229 aes128-ctr,aes192-ctr,aes256-ctr,
230 aes128-gcm@openssh.com,aes256-gcm@openssh.com,
231 aes128-cbc,aes192-cbc,aes256-cbc
233 The list of available ciphers may also be obtained using "ssh -Q
263 This value is used only when the target is down or really
267 Enables the sharing of multiple sessions over a single network
278 connections, but require confirmation using ssh-askpass(1). If
282 X11 and ssh-agent(1) forwarding is supported over these
313 such as the "ssh -O exit"). If set to a time in seconds, or a
324 The argument must be [bind_address:]port. IPv6 addresses can be
330 use only, while an empty address or M-bM-^@M-^X*M-bM-^@M-^Y indicates that the port
341 ssh-keysign(8) during HostbasedAuthentication. The argument must
343 non-hostspecific section. See ssh-keysign(8) for more
347 Sets the escape character (default: M-bM-^@M-^X~M-bM-^@M-^Y). The escape character
349 single character, M-bM-^@M-^X^M-bM-^@M-^Y followed by a letter, or none to disable
374 agent's Unix-domain socket) can access the local agent through
441 manually hashed using ssh-keygen(1).
450 authentication as a comma-separated pattern list. Alternately if
451 the specified value begins with a M-bM-^@M-^X+M-bM-^@M-^Y character, then the
453 of replacing them. If the specified value begins with a M-bM-^@M-^X-M-bM-^@M-^Y
458 ecdsa-sha2-nistp256-cert-v01@openssh.com,
459 ecdsa-sha2-nistp384-cert-v01@openssh.com,
460 ecdsa-sha2-nistp521-cert-v01@openssh.com,
461 ssh-ed25519-cert-v01@openssh.com,
462 ssh-rsa-cert-v01@openssh.com,
463 ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
464 ssh-ed25519,ssh-rsa
466 The -Q option of ssh(1) may be used to list supported key types.
471 with a M-bM-^@M-^X+M-bM-^@M-^Y character, then the specified key types will be
473 specified value begins with a M-bM-^@M-^X-M-bM-^@M-^Y character, then the specified
477 ecdsa-sha2-nistp256-cert-v01@openssh.com,
478 ecdsa-sha2-nistp384-cert-v01@openssh.com,
479 ecdsa-sha2-nistp521-cert-v01@openssh.com,
480 ssh-ed25519-cert-v01@openssh.com,
481 ssh-rsa-cert-v01@openssh.com,
482 ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
483 ssh-ed25519,ssh-rsa
489 -Q key".
495 connections or for multiple servers running on a single host.
508 files or passed on the ssh(1) command-line, even if ssh-agent(1)
511 for situations where ssh-agent offers many different identities.
514 Specifies the UNIX-domain socket used to communicate with the
536 from the filename obtained by appending -cert.pub to the path of
556 Specifies a pattern-list of unknown options to be ignored if they
566 and, for user configurations, shell-like M-bM-^@M-^X~M-bM-^@M-^Y references to user
573 IPQoS Specifies the IPv4 type-of-service or DSCP class for connections.
581 second for non-interactive sessions. The default is lowdelay for
582 interactive sessions and throughput for non-interactive sessions.
585 Specifies whether to use keyboard-interactive authentication.
589 Specifies the list of methods to use in keyboard-interactive
590 authentication. Multiple method names must be comma-separated.
598 algorithms must be comma-separated. Alternately if the specified
599 value begins with a M-bM-^@M-^X+M-bM-^@M-^Y character, then the specified methods
601 If the specified value begins with a M-bM-^@M-^X-M-bM-^@M-^Y character, then the
605 curve25519-sha256,curve25519-sha256@libssh.org,
606 ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,
607 diffie-hellman-group-exchange-sha256,
608 diffie-hellman-group-exchange-sha1,
609 diffie-hellman-group14-sha1
612 obtained using "ssh -Q kex".
632 second argument must be host:hostport. IPv6 addresses can be
641 address or M-bM-^@M-^X*M-bM-^@M-^Y indicates that the port should be available from
653 integrity protection. Multiple algorithms must be comma-
654 separated. If the specified value begins with a M-bM-^@M-^X+M-bM-^@M-^Y character,
657 M-bM-^@M-^X-M-bM-^@M-^Y character, then the specified algorithms (including
661 The algorithms that contain "-etm" calculate the MAC after
662 encryption (encrypt-then-mac). These are considered safer and
667 umac-64-etm@openssh.com,umac-128-etm@openssh.com,
668 hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,
669 hmac-sha1-etm@openssh.com,
670 umac-64@openssh.com,umac-128@openssh.com,
671 hmac-sha2-256,hmac-sha2-512,hmac-sha1
674 "ssh -Q mac".
709 keyboard-interactive) over another method (e.g. password). The
712 gssapi-with-mic,hostbased,publickey,
713 keyboard-interactive,password
718 must be comma-separated. When this option is set to 2,1 ssh will
727 using the user's shell M-bM-^@M-^XexecM-bM-^@M-^Y directive to avoid a lingering
734 on some machine, or execute sshd -i somewhere. Host key
744 ProxyCommand /usr/bin/nc -X connect -x 192.0.2.0:8080 %h %p
750 connect to the target host by first making a ssh(1) connection to
752 forwarding to the ultimate target from there.
754 Note that this option will compete with the ProxyCommand option -
765 authentication as a comma-separated pattern list. Alternately if
766 the specified value begins with a M-bM-^@M-^X+M-bM-^@M-^Y character, then the key
768 replacing it. If the specified value begins with a M-bM-^@M-^X-M-bM-^@M-^Y
773 ecdsa-sha2-nistp256-cert-v01@openssh.com,
774 ecdsa-sha2-nistp384-cert-v01@openssh.com,
775 ecdsa-sha2-nistp521-cert-v01@openssh.com,
776 ssh-ed25519-cert-v01@openssh.com,
777 ssh-rsa-cert-v01@openssh.com,
778 ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
779 ssh-ed25519,ssh-rsa
782 -Q key".
793 …have a suffix of M-bM-^@M-^XKM-bM-^@M-^Y, M-bM-^@M-^XMM-bM-^@M-^Y, or M-bM-^@M-^XGM-bM-^@M-^Y to i…
795 …M-bM-^@M-^X1GM-bM-^@M-^Y and M-bM-^@M-^X4GM-bM-^@M-^Y, depending on the cipher. The optional seco…
806 second argument must be host:hostport. IPv6 addresses can be
816 to loopback addresses. If the bind_address is M-bM-^@M-^X*M-bM-^@M-^Y or an empty
823 Specifies whether to request a pseudo-tty for the session. The
827 session). This option mirrors the -t and -T flags for ssh(1).
835 List (KRL) as generated by ssh-keygen(1). For more information
836 on KRLs, see the KEY REVOCATION LISTS section in ssh-keygen(1).
856 pseudo-terminal is requested as it is required by the protocol.
893 a Unix-domain socket file for local or remote port forwarding.
894 This option is only used for port forwarding to a Unix-domain
897 The default value is 0177, which creates a Unix-domain socket
899 not all operating systems honor the file mode on Unix-domain
903 Specifies whether to remove an existing Unix-domain socket file
906 not enabled, ssh will be unable to forward the port to the Unix-
908 to a Unix-domain socket file.
942 server. The argument must be yes, point-to-point (layer 3),
944 the default tunnel mode, which is point-to-point.
1015 A pattern consists of zero or more non-whitespace characters, M-bM-^@M-^X*M-bM-^@M-^Y (a
1016 wildcard that matches zero or more characters), or M-bM-^@M-^X?M-bM-^@M-^Y (a wildcard that
1023 The following pattern would match any host in the 192.168.0.[0-9] network
1028 A pattern-list is a comma-separated list of patterns. Patterns within
1029 pattern-lists may be negated by preceding them with an exclamation mark
1030 (M-bM-^@M-^X!M-bM-^@M-^Y). For example, to allow a key to be used from anywhere within an
1040 %% A literal M-bM-^@M-^X%M-bM-^@M-^Y.
1070 This is the per-user configuration file. The format of this file
1080 This file must be world-readable.
1088 de Raadt and Dug Song removed many bugs, re-added newer features and