1SSH_CONFIG(5) File Formats Manual SSH_CONFIG(5) 2 3NAME 4 ssh_config M-bM-^@M-^S OpenSSH SSH client configuration files 5 6SYNOPSIS 7 ~/.ssh/config 8 /etc/ssh/ssh_config 9 10DESCRIPTION 11 ssh(1) obtains configuration data from the following sources in the 12 following order: 13 14 1. command-line options 15 2. user's configuration file (~/.ssh/config) 16 3. system-wide configuration file (/etc/ssh/ssh_config) 17 18 For each parameter, the first obtained value will be used. The 19 configuration files contain sections separated by Host specifications, 20 and that section is only applied for hosts that match one of the patterns 21 given in the specification. The matched host name is usually the one 22 given on the command line (see the CanonicalizeHostname option for 23 exceptions). 24 25 Since the first obtained value for each parameter is used, more host- 26 specific declarations should be given near the beginning of the file, and 27 general defaults at the end. 28 29 The file contains keyword-argument pairs, one per line. Lines starting 30 with M-bM-^@M-^X#M-bM-^@M-^Y and empty lines are interpreted as comments. Arguments may 31 optionally be enclosed in double quotes (") in order to represent 32 arguments containing spaces. Configuration options may be separated by 33 whitespace or optional whitespace and exactly one M-bM-^@M-^X=M-bM-^@M-^Y; the latter format 34 is useful to avoid the need to quote whitespace when specifying 35 configuration options using the ssh, scp, and sftp -o option. 36 37 The possible keywords and their meanings are as follows (note that 38 keywords are case-insensitive and arguments are case-sensitive): 39 40 Host Restricts the following declarations (up to the next Host or 41 Match keyword) to be only for those hosts that match one of the 42 patterns given after the keyword. If more than one pattern is 43 provided, they should be separated by whitespace. A single M-bM-^@M-^X*M-bM-^@M-^Y 44 as a pattern can be used to provide global defaults for all 45 hosts. The host is usually the hostname argument given on the 46 command line (see the CanonicalizeHostname keyword for 47 exceptions). 48 49 A pattern entry may be negated by prefixing it with an 50 exclamation mark (M-bM-^@M-^X!M-bM-^@M-^Y). If a negated entry is matched, then the 51 Host entry is ignored, regardless of whether any other patterns 52 on the line match. Negated matches are therefore useful to 53 provide exceptions for wildcard matches. 54 55 See PATTERNS for more information on patterns. 56 57 Match Restricts the following declarations (up to the next Host or 58 Match keyword) to be used only when the conditions following the 59 Match keyword are satisfied. Match conditions are specified 60 using one or more criteria or the single token all which always 61 matches. The available criteria keywords are: canonical, exec, 62 host, originalhost, user, and localuser. The all criteria must 63 appear alone or immediately after canonical. Other criteria may 64 be combined arbitrarily. All criteria but all and canonical 65 require an argument. Criteria may be negated by prepending an 66 exclamation mark (M-bM-^@M-^X!M-bM-^@M-^Y). 67 68 The canonical keyword matches only when the configuration file is 69 being re-parsed after hostname canonicalization (see the 70 CanonicalizeHostname option.) This may be useful to specify 71 conditions that work with canonical host names only. The exec 72 keyword executes the specified command under the user's shell. 73 If the command returns a zero exit status then the condition is 74 considered true. Commands containing whitespace characters must 75 be quoted. Arguments to exec accept the tokens described in the 76 TOKENS section. 77 78 The other keywords' criteria must be single entries or comma- 79 separated lists and may use the wildcard and negation operators 80 described in the PATTERNS section. The criteria for the host 81 keyword are matched against the target hostname, after any 82 substitution by the Hostname or CanonicalizeHostname options. 83 The originalhost keyword matches against the hostname as it was 84 specified on the command-line. The user keyword matches against 85 the target username on the remote host. The localuser keyword 86 matches against the name of the local user running ssh(1) (this 87 keyword may be useful in system-wide ssh_config files). 88 89 AddKeysToAgent 90 Specifies whether keys should be automatically added to a running 91 ssh-agent(1). If this option is set to yes and a key is loaded 92 from a file, the key and its passphrase are added to the agent 93 with the default lifetime, as if by ssh-add(1). If this option 94 is set to ask, ssh(1) will require confirmation using the 95 SSH_ASKPASS program before adding a key (see ssh-add(1) for 96 details). If this option is set to confirm, each use of the key 97 must be confirmed, as if the -c option was specified to 98 ssh-add(1). If this option is set to no, no keys are added to 99 the agent. The argument must be yes, confirm, ask, or no (the 100 default). 101 102 AddressFamily 103 Specifies which address family to use when connecting. Valid 104 arguments are any (the default), inet (use IPv4 only), or inet6 105 (use IPv6 only). 106 107 BatchMode 108 If set to yes, passphrase/password querying will be disabled. 109 This option is useful in scripts and other batch jobs where no 110 user is present to supply the password. The argument must be yes 111 or no (the default). 112 113 BindAddress 114 Use the specified address on the local machine as the source 115 address of the connection. Only useful on systems with more than 116 one address. Note that this option does not work if 117 UsePrivilegedPort is set to yes. 118 119 CanonicalDomains 120 When CanonicalizeHostname is enabled, this option specifies the 121 list of domain suffixes in which to search for the specified 122 destination host. 123 124 CanonicalizeFallbackLocal 125 Specifies whether to fail with an error when hostname 126 canonicalization fails. The default, yes, will attempt to look 127 up the unqualified hostname using the system resolver's search 128 rules. A value of no will cause ssh(1) to fail instantly if 129 CanonicalizeHostname is enabled and the target hostname cannot be 130 found in any of the domains specified by CanonicalDomains. 131 132 CanonicalizeHostname 133 Controls whether explicit hostname canonicalization is performed. 134 The default, no, is not to perform any name rewriting and let the 135 system resolver handle all hostname lookups. If set to yes then, 136 for connections that do not use a ProxyCommand, ssh(1) will 137 attempt to canonicalize the hostname specified on the command 138 line using the CanonicalDomains suffixes and 139 CanonicalizePermittedCNAMEs rules. If CanonicalizeHostname is 140 set to always, then canonicalization is applied to proxied 141 connections too. 142 143 If this option is enabled, then the configuration files are 144 processed again using the new target name to pick up any new 145 configuration in matching Host and Match stanzas. 146 147 CanonicalizeMaxDots 148 Specifies the maximum number of dot characters in a hostname 149 before canonicalization is disabled. The default, 1, allows a 150 single dot (i.e. hostname.subdomain). 151 152 CanonicalizePermittedCNAMEs 153 Specifies rules to determine whether CNAMEs should be followed 154 when canonicalizing hostnames. The rules consist of one or more 155 arguments of source_domain_list:target_domain_list, where 156 source_domain_list is a pattern-list of domains that may follow 157 CNAMEs in canonicalization, and target_domain_list is a pattern- 158 list of domains that they may resolve to. 159 160 For example, "*.a.example.com:*.b.example.com,*.c.example.com" 161 will allow hostnames matching "*.a.example.com" to be 162 canonicalized to names in the "*.b.example.com" or 163 "*.c.example.com" domains. 164 165 CertificateFile 166 Specifies a file from which the user's certificate is read. A 167 corresponding private key must be provided separately in order to 168 use this certificate either from an IdentityFile directive or -i 169 flag to ssh(1), via ssh-agent(1), or via a PKCS11Provider. 170 171 Arguments to CertificateFile may use the tilde syntax to refer to 172 a user's home directory or the tokens described in the TOKENS 173 section. 174 175 It is possible to have multiple certificate files specified in 176 configuration files; these certificates will be tried in 177 sequence. Multiple CertificateFile directives will add to the 178 list of certificates used for authentication. 179 180 ChallengeResponseAuthentication 181 Specifies whether to use challenge-response authentication. The 182 argument to this keyword must be yes (the default) or no. 183 184 CheckHostIP 185 If set to yes (the default), ssh(1) will additionally check the 186 host IP address in the known_hosts file. This allows it to 187 detect if a host key changed due to DNS spoofing and will add 188 addresses of destination hosts to ~/.ssh/known_hosts in the 189 process, regardless of the setting of StrictHostKeyChecking. If 190 the option is set to no, the check will not be executed. 191 192 Cipher Specifies the cipher to use for encrypting the session in 193 protocol version 1. Currently, blowfish, 3des (the default), and 194 des are supported, though des is only supported in the ssh(1) 195 client for interoperability with legacy protocol 1 196 implementations; its use is strongly discouraged due to 197 cryptographic weaknesses. 198 199 Ciphers 200 Specifies the ciphers allowed for protocol version 2 in order of 201 preference. Multiple ciphers must be comma-separated. If the 202 specified value begins with a M-bM-^@M-^X+M-bM-^@M-^Y character, then the specified 203 ciphers will be appended to the default set instead of replacing 204 them. If the specified value begins with a M-bM-^@M-^X-M-bM-^@M-^Y character, then 205 the specified ciphers (including wildcards) will be removed from 206 the default set instead of replacing them. 207 208 The supported ciphers are: 209 210 3des-cbc 211 aes128-cbc 212 aes192-cbc 213 aes256-cbc 214 aes128-ctr 215 aes192-ctr 216 aes256-ctr 217 aes128-gcm@openssh.com 218 aes256-gcm@openssh.com 219 arcfour 220 arcfour128 221 arcfour256 222 blowfish-cbc 223 cast128-cbc 224 chacha20-poly1305@openssh.com 225 226 The default is: 227 228 chacha20-poly1305@openssh.com, 229 aes128-ctr,aes192-ctr,aes256-ctr, 230 aes128-gcm@openssh.com,aes256-gcm@openssh.com, 231 aes128-cbc,aes192-cbc,aes256-cbc 232 233 The list of available ciphers may also be obtained using "ssh -Q 234 cipher". 235 236 ClearAllForwardings 237 Specifies that all local, remote, and dynamic port forwardings 238 specified in the configuration files or on the command line be 239 cleared. This option is primarily useful when used from the 240 ssh(1) command line to clear port forwardings set in 241 configuration files, and is automatically set by scp(1) and 242 sftp(1). The argument must be yes or no (the default). 243 244 Compression 245 Specifies whether to use compression. The argument must be yes 246 or no (the default). 247 248 CompressionLevel 249 Specifies the compression level to use if compression is enabled. 250 The argument must be an integer from 1 (fast) to 9 (slow, best). 251 The default level is 6, which is good for most applications. The 252 meaning of the values is the same as in gzip(1). Note that this 253 option applies to protocol version 1 only. 254 255 ConnectionAttempts 256 Specifies the number of tries (one per second) to make before 257 exiting. The argument must be an integer. This may be useful in 258 scripts if the connection sometimes fails. The default is 1. 259 260 ConnectTimeout 261 Specifies the timeout (in seconds) used when connecting to the 262 SSH server, instead of using the default system TCP timeout. 263 This value is used only when the target is down or really 264 unreachable, not when it refuses the connection. 265 266 ControlMaster 267 Enables the sharing of multiple sessions over a single network 268 connection. When set to yes, ssh(1) will listen for connections 269 on a control socket specified using the ControlPath argument. 270 Additional sessions can connect to this socket using the same 271 ControlPath with ControlMaster set to no (the default). These 272 sessions will try to reuse the master instance's network 273 connection rather than initiating new ones, but will fall back to 274 connecting normally if the control socket does not exist, or is 275 not listening. 276 277 Setting this to ask will cause ssh(1) to listen for control 278 connections, but require confirmation using ssh-askpass(1). If 279 the ControlPath cannot be opened, ssh(1) will continue without 280 connecting to a master instance. 281 282 X11 and ssh-agent(1) forwarding is supported over these 283 multiplexed connections, however the display and agent forwarded 284 will be the one belonging to the master connection i.e. it is not 285 possible to forward multiple displays or agents. 286 287 Two additional options allow for opportunistic multiplexing: try 288 to use a master connection but fall back to creating a new one if 289 one does not already exist. These options are: auto and autoask. 290 The latter requires confirmation like the ask option. 291 292 ControlPath 293 Specify the path to the control socket used for connection 294 sharing as described in the ControlMaster section above or the 295 string none to disable connection sharing. Arguments to 296 ControlPath may use the tilde syntax to refer to a user's home 297 directory or the tokens described in the TOKENS section. It is 298 recommended that any ControlPath used for opportunistic 299 connection sharing include at least %h, %p, and %r (or 300 alternatively %C) and be placed in a directory that is not 301 writable by other users. This ensures that shared connections 302 are uniquely identified. 303 304 ControlPersist 305 When used in conjunction with ControlMaster, specifies that the 306 master connection should remain open in the background (waiting 307 for future client connections) after the initial client 308 connection has been closed. If set to no, then the master 309 connection will not be placed into the background, and will close 310 as soon as the initial client connection is closed. If set to 311 yes or 0, then the master connection will remain in the 312 background indefinitely (until killed or closed via a mechanism 313 such as the "ssh -O exit"). If set to a time in seconds, or a 314 time in any of the formats documented in sshd_config(5), then the 315 backgrounded master connection will automatically terminate after 316 it has remained idle (with no client connections) for the 317 specified time. 318 319 DynamicForward 320 Specifies that a TCP port on the local machine be forwarded over 321 the secure channel, and the application protocol is then used to 322 determine where to connect to from the remote machine. 323 324 The argument must be [bind_address:]port. IPv6 addresses can be 325 specified by enclosing addresses in square brackets. By default, 326 the local port is bound in accordance with the GatewayPorts 327 setting. However, an explicit bind_address may be used to bind 328 the connection to a specific address. The bind_address of 329 localhost indicates that the listening port be bound for local 330 use only, while an empty address or M-bM-^@M-^X*M-bM-^@M-^Y indicates that the port 331 should be available from all interfaces. 332 333 Currently the SOCKS4 and SOCKS5 protocols are supported, and 334 ssh(1) will act as a SOCKS server. Multiple forwardings may be 335 specified, and additional forwardings can be given on the command 336 line. Only the superuser can forward privileged ports. 337 338 EnableSSHKeysign 339 Setting this option to yes in the global client configuration 340 file /etc/ssh/ssh_config enables the use of the helper program 341 ssh-keysign(8) during HostbasedAuthentication. The argument must 342 be yes or no (the default). This option should be placed in the 343 non-hostspecific section. See ssh-keysign(8) for more 344 information. 345 346 EscapeChar 347 Sets the escape character (default: M-bM-^@M-^X~M-bM-^@M-^Y). The escape character 348 can also be set on the command line. The argument should be a 349 single character, M-bM-^@M-^X^M-bM-^@M-^Y followed by a letter, or none to disable 350 the escape character entirely (making the connection transparent 351 for binary data). 352 353 ExitOnForwardFailure 354 Specifies whether ssh(1) should terminate the connection if it 355 cannot set up all requested dynamic, tunnel, local, and remote 356 port forwardings, (e.g. if either end is unable to bind and 357 listen on a specified port). Note that ExitOnForwardFailure does 358 not apply to connections made over port forwardings and will not, 359 for example, cause ssh(1) to exit if TCP connections to the 360 ultimate forwarding destination fail. The argument must be yes 361 or no (the default). 362 363 FingerprintHash 364 Specifies the hash algorithm used when displaying key 365 fingerprints. Valid options are: md5 and sha256 (the default). 366 367 ForwardAgent 368 Specifies whether the connection to the authentication agent (if 369 any) will be forwarded to the remote machine. The argument must 370 be yes or no (the default). 371 372 Agent forwarding should be enabled with caution. Users with the 373 ability to bypass file permissions on the remote host (for the 374 agent's Unix-domain socket) can access the local agent through 375 the forwarded connection. An attacker cannot obtain key material 376 from the agent, however they can perform operations on the keys 377 that enable them to authenticate using the identities loaded into 378 the agent. 379 380 ForwardX11 381 Specifies whether X11 connections will be automatically 382 redirected over the secure channel and DISPLAY set. The argument 383 must be yes or no (the default). 384 385 X11 forwarding should be enabled with caution. Users with the 386 ability to bypass file permissions on the remote host (for the 387 user's X11 authorization database) can access the local X11 388 display through the forwarded connection. An attacker may then 389 be able to perform activities such as keystroke monitoring if the 390 ForwardX11Trusted option is also enabled. 391 392 ForwardX11Timeout 393 Specify a timeout for untrusted X11 forwarding using the format 394 described in the TIME FORMATS section of sshd_config(5). X11 395 connections received by ssh(1) after this time will be refused. 396 The default is to disable untrusted X11 forwarding after twenty 397 minutes has elapsed. 398 399 ForwardX11Trusted 400 If this option is set to yes, remote X11 clients will have full 401 access to the original X11 display. 402 403 If this option is set to no (the default), remote X11 clients 404 will be considered untrusted and prevented from stealing or 405 tampering with data belonging to trusted X11 clients. 406 Furthermore, the xauth(1) token used for the session will be set 407 to expire after 20 minutes. Remote clients will be refused 408 access after this time. 409 410 See the X11 SECURITY extension specification for full details on 411 the restrictions imposed on untrusted clients. 412 413 GatewayPorts 414 Specifies whether remote hosts are allowed to connect to local 415 forwarded ports. By default, ssh(1) binds local port forwardings 416 to the loopback address. This prevents other remote hosts from 417 connecting to forwarded ports. GatewayPorts can be used to 418 specify that ssh should bind local port forwardings to the 419 wildcard address, thus allowing remote hosts to connect to 420 forwarded ports. The argument must be yes or no (the default). 421 422 GlobalKnownHostsFile 423 Specifies one or more files to use for the global host key 424 database, separated by whitespace. The default is 425 /etc/ssh/ssh_known_hosts, /etc/ssh/ssh_known_hosts2. 426 427 GSSAPIAuthentication 428 Specifies whether user authentication based on GSSAPI is allowed. 429 The default is no. 430 431 GSSAPIDelegateCredentials 432 Forward (delegate) credentials to the server. The default is no. 433 434 HashKnownHosts 435 Indicates that ssh(1) should hash host names and addresses when 436 they are added to ~/.ssh/known_hosts. These hashed names may be 437 used normally by ssh(1) and sshd(8), but they do not reveal 438 identifying information should the file's contents be disclosed. 439 The default is no. Note that existing names and addresses in 440 known hosts files will not be converted automatically, but may be 441 manually hashed using ssh-keygen(1). 442 443 HostbasedAuthentication 444 Specifies whether to try rhosts based authentication with public 445 key authentication. The argument must be yes or no (the 446 default). 447 448 HostbasedKeyTypes 449 Specifies the key types that will be used for hostbased 450 authentication as a comma-separated pattern list. Alternately if 451 the specified value begins with a M-bM-^@M-^X+M-bM-^@M-^Y character, then the 452 specified key types will be appended to the default set instead 453 of replacing them. If the specified value begins with a M-bM-^@M-^X-M-bM-^@M-^Y 454 character, then the specified key types (including wildcards) 455 will be removed from the default set instead of replacing them. 456 The default for this option is: 457 458 ecdsa-sha2-nistp256-cert-v01@openssh.com, 459 ecdsa-sha2-nistp384-cert-v01@openssh.com, 460 ecdsa-sha2-nistp521-cert-v01@openssh.com, 461 ssh-ed25519-cert-v01@openssh.com, 462 ssh-rsa-cert-v01@openssh.com, 463 ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, 464 ssh-ed25519,ssh-rsa 465 466 The -Q option of ssh(1) may be used to list supported key types. 467 468 HostKeyAlgorithms 469 Specifies the host key algorithms that the client wants to use in 470 order of preference. Alternately if the specified value begins 471 with a M-bM-^@M-^X+M-bM-^@M-^Y character, then the specified key types will be 472 appended to the default set instead of replacing them. If the 473 specified value begins with a M-bM-^@M-^X-M-bM-^@M-^Y character, then the specified 474 key types (including wildcards) will be removed from the default 475 set instead of replacing them. The default for this option is: 476 477 ecdsa-sha2-nistp256-cert-v01@openssh.com, 478 ecdsa-sha2-nistp384-cert-v01@openssh.com, 479 ecdsa-sha2-nistp521-cert-v01@openssh.com, 480 ssh-ed25519-cert-v01@openssh.com, 481 ssh-rsa-cert-v01@openssh.com, 482 ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, 483 ssh-ed25519,ssh-rsa 484 485 If hostkeys are known for the destination host then this default 486 is modified to prefer their algorithms. 487 488 The list of available key types may also be obtained using "ssh 489 -Q key". 490 491 HostKeyAlias 492 Specifies an alias that should be used instead of the real host 493 name when looking up or saving the host key in the host key 494 database files. This option is useful for tunneling SSH 495 connections or for multiple servers running on a single host. 496 497 HostName 498 Specifies the real host name to log into. This can be used to 499 specify nicknames or abbreviations for hosts. Arguments to 500 HostName accept the tokens described in the TOKENS section. 501 Numeric IP addresses are also permitted (both on the command line 502 and in HostName specifications). The default is the name given 503 on the command line. 504 505 IdentitiesOnly 506 Specifies that ssh(1) should only use the authentication identity 507 and certificate files explicitly configured in the ssh_config 508 files or passed on the ssh(1) command-line, even if ssh-agent(1) 509 or a PKCS11Provider offers more identities. The argument to this 510 keyword must be yes or no (the default). This option is intended 511 for situations where ssh-agent offers many different identities. 512 513 IdentityAgent 514 Specifies the UNIX-domain socket used to communicate with the 515 authentication agent. 516 517 This option overrides the SSH_AUTH_SOCK environment variable and 518 can be used to select a specific agent. Setting the socket name 519 to none disables the use of an authentication agent. If the 520 string "SSH_AUTH_SOCK" is specified, the location of the socket 521 will be read from the SSH_AUTH_SOCK environment variable. 522 523 Arguments to IdentityAgent may use the tilde syntax to refer to a 524 user's home directory or the tokens described in the TOKENS 525 section. 526 527 IdentityFile 528 Specifies a file from which the user's DSA, ECDSA, Ed25519 or RSA 529 authentication identity is read. The default is ~/.ssh/identity 530 for protocol version 1, and ~/.ssh/id_dsa, ~/.ssh/id_ecdsa, 531 ~/.ssh/id_ed25519 and ~/.ssh/id_rsa for protocol version 2. 532 Additionally, any identities represented by the authentication 533 agent will be used for authentication unless IdentitiesOnly is 534 set. If no certificates have been explicitly specified by 535 CertificateFile, ssh(1) will try to load certificate information 536 from the filename obtained by appending -cert.pub to the path of 537 a specified IdentityFile. 538 539 Arguments to IdentityFile may use the tilde syntax to refer to a 540 user's home directory or the tokens described in the TOKENS 541 section. 542 543 It is possible to have multiple identity files specified in 544 configuration files; all these identities will be tried in 545 sequence. Multiple IdentityFile directives will add to the list 546 of identities tried (this behaviour differs from that of other 547 configuration directives). 548 549 IdentityFile may be used in conjunction with IdentitiesOnly to 550 select which identities in an agent are offered during 551 authentication. IdentityFile may also be used in conjunction 552 with CertificateFile in order to provide any certificate also 553 needed for authentication with the identity. 554 555 IgnoreUnknown 556 Specifies a pattern-list of unknown options to be ignored if they 557 are encountered in configuration parsing. This may be used to 558 suppress errors if ssh_config contains options that are 559 unrecognised by ssh(1). It is recommended that IgnoreUnknown be 560 listed early in the configuration file as it will not be applied 561 to unknown options that appear before it. 562 563 Include 564 Include the specified configuration file(s). Multiple pathnames 565 may be specified and each pathname may contain glob(3) wildcards 566 and, for user configurations, shell-like M-bM-^@M-^X~M-bM-^@M-^Y references to user 567 home directories. Files without absolute paths are assumed to be 568 in ~/.ssh if included in a user configuration file or /etc/ssh if 569 included from the system configuration file. Include directive 570 may appear inside a Match or Host block to perform conditional 571 inclusion. 572 573 IPQoS Specifies the IPv4 type-of-service or DSCP class for connections. 574 Accepted values are af11, af12, af13, af21, af22, af23, af31, 575 af32, af33, af41, af42, af43, cs0, cs1, cs2, cs3, cs4, cs5, cs6, 576 cs7, ef, lowdelay, throughput, reliability, or a numeric value. 577 This option may take one or two arguments, separated by 578 whitespace. If one argument is specified, it is used as the 579 packet class unconditionally. If two values are specified, the 580 first is automatically selected for interactive sessions and the 581 second for non-interactive sessions. The default is lowdelay for 582 interactive sessions and throughput for non-interactive sessions. 583 584 KbdInteractiveAuthentication 585 Specifies whether to use keyboard-interactive authentication. 586 The argument to this keyword must be yes (the default) or no. 587 588 KbdInteractiveDevices 589 Specifies the list of methods to use in keyboard-interactive 590 authentication. Multiple method names must be comma-separated. 591 The default is to use the server specified list. The methods 592 available vary depending on what the server supports. For an 593 OpenSSH server, it may be zero or more of: bsdauth, pam, and 594 skey. 595 596 KexAlgorithms 597 Specifies the available KEX (Key Exchange) algorithms. Multiple 598 algorithms must be comma-separated. Alternately if the specified 599 value begins with a M-bM-^@M-^X+M-bM-^@M-^Y character, then the specified methods 600 will be appended to the default set instead of replacing them. 601 If the specified value begins with a M-bM-^@M-^X-M-bM-^@M-^Y character, then the 602 specified methods (including wildcards) will be removed from the 603 default set instead of replacing them. The default is: 604 605 curve25519-sha256,curve25519-sha256@libssh.org, 606 ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521, 607 diffie-hellman-group-exchange-sha256, 608 diffie-hellman-group-exchange-sha1, 609 diffie-hellman-group14-sha1 610 611 The list of available key exchange algorithms may also be 612 obtained using "ssh -Q kex". 613 614 LocalCommand 615 Specifies a command to execute on the local machine after 616 successfully connecting to the server. The command string 617 extends to the end of the line, and is executed with the user's 618 shell. Arguments to LocalCommand accept the tokens described in 619 the TOKENS section. 620 621 The command is run synchronously and does not have access to the 622 session of the ssh(1) that spawned it. It should not be used for 623 interactive commands. 624 625 This directive is ignored unless PermitLocalCommand has been 626 enabled. 627 628 LocalForward 629 Specifies that a TCP port on the local machine be forwarded over 630 the secure channel to the specified host and port from the remote 631 machine. The first argument must be [bind_address:]port and the 632 second argument must be host:hostport. IPv6 addresses can be 633 specified by enclosing addresses in square brackets. Multiple 634 forwardings may be specified, and additional forwardings can be 635 given on the command line. Only the superuser can forward 636 privileged ports. By default, the local port is bound in 637 accordance with the GatewayPorts setting. However, an explicit 638 bind_address may be used to bind the connection to a specific 639 address. The bind_address of localhost indicates that the 640 listening port be bound for local use only, while an empty 641 address or M-bM-^@M-^X*M-bM-^@M-^Y indicates that the port should be available from 642 all interfaces. 643 644 LogLevel 645 Gives the verbosity level that is used when logging messages from 646 ssh(1). The possible values are: QUIET, FATAL, ERROR, INFO, 647 VERBOSE, DEBUG, DEBUG1, DEBUG2, and DEBUG3. The default is INFO. 648 DEBUG and DEBUG1 are equivalent. DEBUG2 and DEBUG3 each specify 649 higher levels of verbose output. 650 651 MACs Specifies the MAC (message authentication code) algorithms in 652 order of preference. The MAC algorithm is used for data 653 integrity protection. Multiple algorithms must be comma- 654 separated. If the specified value begins with a M-bM-^@M-^X+M-bM-^@M-^Y character, 655 then the specified algorithms will be appended to the default set 656 instead of replacing them. If the specified value begins with a 657 M-bM-^@M-^X-M-bM-^@M-^Y character, then the specified algorithms (including 658 wildcards) will be removed from the default set instead of 659 replacing them. 660 661 The algorithms that contain "-etm" calculate the MAC after 662 encryption (encrypt-then-mac). These are considered safer and 663 their use recommended. 664 665 The default is: 666 667 umac-64-etm@openssh.com,umac-128-etm@openssh.com, 668 hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com, 669 hmac-sha1-etm@openssh.com, 670 umac-64@openssh.com,umac-128@openssh.com, 671 hmac-sha2-256,hmac-sha2-512,hmac-sha1 672 673 The list of available MAC algorithms may also be obtained using 674 "ssh -Q mac". 675 676 NoHostAuthenticationForLocalhost 677 This option can be used if the home directory is shared across 678 machines. In this case localhost will refer to a different 679 machine on each of the machines and the user will get many 680 warnings about changed host keys. However, this option disables 681 host authentication for localhost. The argument to this keyword 682 must be yes or no (the default). 683 684 NumberOfPasswordPrompts 685 Specifies the number of password prompts before giving up. The 686 argument to this keyword must be an integer. The default is 3. 687 688 PasswordAuthentication 689 Specifies whether to use password authentication. The argument 690 to this keyword must be yes (the default) or no. 691 692 PermitLocalCommand 693 Allow local command execution via the LocalCommand option or 694 using the !command escape sequence in ssh(1). The argument must 695 be yes or no (the default). 696 697 PKCS11Provider 698 Specifies which PKCS#11 provider to use. The argument to this 699 keyword is the PKCS#11 shared library ssh(1) should use to 700 communicate with a PKCS#11 token providing the user's private RSA 701 key. 702 703 Port Specifies the port number to connect on the remote host. The 704 default is 22. 705 706 PreferredAuthentications 707 Specifies the order in which the client should try authentication 708 methods. This allows a client to prefer one method (e.g. 709 keyboard-interactive) over another method (e.g. password). The 710 default is: 711 712 gssapi-with-mic,hostbased,publickey, 713 keyboard-interactive,password 714 715 Protocol 716 Specifies the protocol versions ssh(1) should support in order of 717 preference. The possible values are 1 and 2. Multiple versions 718 must be comma-separated. When this option is set to 2,1 ssh will 719 try version 2 and fall back to version 1 if version 2 is not 720 available. The default is version 2. Protocol 1 suffers from a 721 number of cryptographic weaknesses and should not be used. It is 722 only offered to support legacy devices. 723 724 ProxyCommand 725 Specifies the command to use to connect to the server. The 726 command string extends to the end of the line, and is executed 727 using the user's shell M-bM-^@M-^XexecM-bM-^@M-^Y directive to avoid a lingering 728 shell process. 729 730 Arguments to ProxyCommand accept the tokens described in the 731 TOKENS section. The command can be basically anything, and 732 should read from its standard input and write to its standard 733 output. It should eventually connect an sshd(8) server running 734 on some machine, or execute sshd -i somewhere. Host key 735 management will be done using the HostName of the host being 736 connected (defaulting to the name typed by the user). Setting 737 the command to none disables this option entirely. Note that 738 CheckHostIP is not available for connects with a proxy command. 739 740 This directive is useful in conjunction with nc(1) and its proxy 741 support. For example, the following directive would connect via 742 an HTTP proxy at 192.0.2.0: 743 744 ProxyCommand /usr/bin/nc -X connect -x 192.0.2.0:8080 %h %p 745 746 ProxyJump 747 Specifies one or more jump proxies as [user@]host[:port]. 748 Multiple proxies may be separated by comma characters and will be 749 visited sequentially. Setting this option will cause ssh(1) to 750 connect to the target host by first making a ssh(1) connection to 751 the specified ProxyJump host and then establishing a TCP 752 forwarding to the ultimate target from there. 753 754 Note that this option will compete with the ProxyCommand option - 755 whichever is specified first will prevent later instances of the 756 other from taking effect. 757 758 ProxyUseFdpass 759 Specifies that ProxyCommand will pass a connected file descriptor 760 back to ssh(1) instead of continuing to execute and pass data. 761 The default is no. 762 763 PubkeyAcceptedKeyTypes 764 Specifies the key types that will be used for public key 765 authentication as a comma-separated pattern list. Alternately if 766 the specified value begins with a M-bM-^@M-^X+M-bM-^@M-^Y character, then the key 767 types after it will be appended to the default instead of 768 replacing it. If the specified value begins with a M-bM-^@M-^X-M-bM-^@M-^Y 769 character, then the specified key types (including wildcards) 770 will be removed from the default set instead of replacing them. 771 The default for this option is: 772 773 ecdsa-sha2-nistp256-cert-v01@openssh.com, 774 ecdsa-sha2-nistp384-cert-v01@openssh.com, 775 ecdsa-sha2-nistp521-cert-v01@openssh.com, 776 ssh-ed25519-cert-v01@openssh.com, 777 ssh-rsa-cert-v01@openssh.com, 778 ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, 779 ssh-ed25519,ssh-rsa 780 781 The list of available key types may also be obtained using "ssh 782 -Q key". 783 784 PubkeyAuthentication 785 Specifies whether to try public key authentication. The argument 786 to this keyword must be yes (the default) or no. 787 788 RekeyLimit 789 Specifies the maximum amount of data that may be transmitted 790 before the session key is renegotiated, optionally followed a 791 maximum amount of time that may pass before the session key is 792 renegotiated. The first argument is specified in bytes and may 793 have a suffix of M-bM-^@M-^XKM-bM-^@M-^Y, M-bM-^@M-^XMM-bM-^@M-^Y, or M-bM-^@M-^XGM-bM-^@M-^Y to indicate Kilobytes, 794 Megabytes, or Gigabytes, respectively. The default is between 795 M-bM-^@M-^X1GM-bM-^@M-^Y and M-bM-^@M-^X4GM-bM-^@M-^Y, depending on the cipher. The optional second 796 value is specified in seconds and may use any of the units 797 documented in the TIME FORMATS section of sshd_config(5). The 798 default value for RekeyLimit is default none, which means that 799 rekeying is performed after the cipher's default amount of data 800 has been sent or received and no time based rekeying is done. 801 802 RemoteForward 803 Specifies that a TCP port on the remote machine be forwarded over 804 the secure channel to the specified host and port from the local 805 machine. The first argument must be [bind_address:]port and the 806 second argument must be host:hostport. IPv6 addresses can be 807 specified by enclosing addresses in square brackets. Multiple 808 forwardings may be specified, and additional forwardings can be 809 given on the command line. Privileged ports can be forwarded 810 only when logging in as root on the remote machine. 811 812 If the port argument is 0, the listen port will be dynamically 813 allocated on the server and reported to the client at run time. 814 815 If the bind_address is not specified, the default is to only bind 816 to loopback addresses. If the bind_address is M-bM-^@M-^X*M-bM-^@M-^Y or an empty 817 string, then the forwarding is requested to listen on all 818 interfaces. Specifying a remote bind_address will only succeed 819 if the server's GatewayPorts option is enabled (see 820 sshd_config(5)). 821 822 RequestTTY 823 Specifies whether to request a pseudo-tty for the session. The 824 argument may be one of: no (never request a TTY), yes (always 825 request a TTY when standard input is a TTY), force (always 826 request a TTY) or auto (request a TTY when opening a login 827 session). This option mirrors the -t and -T flags for ssh(1). 828 829 RevokedHostKeys 830 Specifies revoked host public keys. Keys listed in this file 831 will be refused for host authentication. Note that if this file 832 does not exist or is not readable, then host authentication will 833 be refused for all hosts. Keys may be specified as a text file, 834 listing one public key per line, or as an OpenSSH Key Revocation 835 List (KRL) as generated by ssh-keygen(1). For more information 836 on KRLs, see the KEY REVOCATION LISTS section in ssh-keygen(1). 837 838 RhostsRSAAuthentication 839 Specifies whether to try rhosts based authentication with RSA 840 host authentication. The argument must be yes or no (the 841 default). This option applies to protocol version 1 only and 842 requires ssh(1) to be setuid root. 843 844 RSAAuthentication 845 Specifies whether to try RSA authentication. The argument to 846 this keyword must be yes (the default) or no. RSA authentication 847 will only be attempted if the identity file exists, or an 848 authentication agent is running. Note that this option applies 849 to protocol version 1 only. 850 851 SendEnv 852 Specifies what variables from the local environ(7) should be sent 853 to the server. The server must also support it, and the server 854 must be configured to accept these environment variables. Note 855 that the TERM environment variable is always sent whenever a 856 pseudo-terminal is requested as it is required by the protocol. 857 Refer to AcceptEnv in sshd_config(5) for how to configure the 858 server. Variables are specified by name, which may contain 859 wildcard characters. Multiple environment variables may be 860 separated by whitespace or spread across multiple SendEnv 861 directives. The default is not to send any environment 862 variables. 863 864 See PATTERNS for more information on patterns. 865 866 ServerAliveCountMax 867 Sets the number of server alive messages (see below) which may be 868 sent without ssh(1) receiving any messages back from the server. 869 If this threshold is reached while server alive messages are 870 being sent, ssh will disconnect from the server, terminating the 871 session. It is important to note that the use of server alive 872 messages is very different from TCPKeepAlive (below). The server 873 alive messages are sent through the encrypted channel and 874 therefore will not be spoofable. The TCP keepalive option 875 enabled by TCPKeepAlive is spoofable. The server alive mechanism 876 is valuable when the client or server depend on knowing when a 877 connection has become inactive. 878 879 The default value is 3. If, for example, ServerAliveInterval 880 (see below) is set to 15 and ServerAliveCountMax is left at the 881 default, if the server becomes unresponsive, ssh will disconnect 882 after approximately 45 seconds. 883 884 ServerAliveInterval 885 Sets a timeout interval in seconds after which if no data has 886 been received from the server, ssh(1) will send a message through 887 the encrypted channel to request a response from the server. The 888 default is 0, indicating that these messages will not be sent to 889 the server. 890 891 StreamLocalBindMask 892 Sets the octal file creation mode mask (umask) used when creating 893 a Unix-domain socket file for local or remote port forwarding. 894 This option is only used for port forwarding to a Unix-domain 895 socket file. 896 897 The default value is 0177, which creates a Unix-domain socket 898 file that is readable and writable only by the owner. Note that 899 not all operating systems honor the file mode on Unix-domain 900 socket files. 901 902 StreamLocalBindUnlink 903 Specifies whether to remove an existing Unix-domain socket file 904 for local or remote port forwarding before creating a new one. 905 If the socket file already exists and StreamLocalBindUnlink is 906 not enabled, ssh will be unable to forward the port to the Unix- 907 domain socket file. This option is only used for port forwarding 908 to a Unix-domain socket file. 909 910 The argument must be yes or no (the default). 911 912 StrictHostKeyChecking 913 If this flag is set to yes, ssh(1) will never automatically add 914 host keys to the ~/.ssh/known_hosts file, and refuses to connect 915 to hosts whose host key has changed. This provides maximum 916 protection against trojan horse attacks, though it can be 917 annoying when the /etc/ssh/ssh_known_hosts file is poorly 918 maintained or when connections to new hosts are frequently made. 919 This option forces the user to manually add all new hosts. If 920 this flag is set to no, ssh will automatically add new host keys 921 to the user known hosts files. If this flag is set to ask (the 922 default), new host keys will be added to the user known host 923 files only after the user has confirmed that is what they really 924 want to do, and ssh will refuse to connect to hosts whose host 925 key has changed. The host keys of known hosts will be verified 926 automatically in all cases. 927 928 TCPKeepAlive 929 Specifies whether the system should send TCP keepalive messages 930 to the other side. If they are sent, death of the connection or 931 crash of one of the machines will be properly noticed. However, 932 this means that connections will die if the route is down 933 temporarily, and some people find it annoying. 934 935 The default is yes (to send TCP keepalive messages), and the 936 client will notice if the network goes down or the remote host 937 dies. This is important in scripts, and many users want it too. 938 939 To disable TCP keepalive messages, the value should be set to no. 940 941 Tunnel Request tun(4) device forwarding between the client and the 942 server. The argument must be yes, point-to-point (layer 3), 943 ethernet (layer 2), or no (the default). Specifying yes requests 944 the default tunnel mode, which is point-to-point. 945 946 TunnelDevice 947 Specifies the tun(4) devices to open on the client (local_tun) 948 and the server (remote_tun). 949 950 The argument must be local_tun[:remote_tun]. The devices may be 951 specified by numerical ID or the keyword any, which uses the next 952 available tunnel device. If remote_tun is not specified, it 953 defaults to any. The default is any:any. 954 955 UpdateHostKeys 956 Specifies whether ssh(1) should accept notifications of 957 additional hostkeys from the server sent after authentication has 958 completed and add them to UserKnownHostsFile. The argument must 959 be yes, no (the default) or ask. Enabling this option allows 960 learning alternate hostkeys for a server and supports graceful 961 key rotation by allowing a server to send replacement public keys 962 before old ones are removed. Additional hostkeys are only 963 accepted if the key used to authenticate the host was already 964 trusted or explicitly accepted by the user. If UpdateHostKeys is 965 set to ask, then the user is asked to confirm the modifications 966 to the known_hosts file. Confirmation is currently incompatible 967 with ControlPersist, and will be disabled if it is enabled. 968 969 Presently, only sshd(8) from OpenSSH 6.8 and greater support the 970 "hostkeys@openssh.com" protocol extension used to inform the 971 client of all the server's hostkeys. 972 973 UsePrivilegedPort 974 Specifies whether to use a privileged port for outgoing 975 connections. The argument must be yes or no (the default). If 976 set to yes, ssh(1) must be setuid root. Note that this option 977 must be set to yes for RhostsRSAAuthentication with older 978 servers. 979 980 User Specifies the user to log in as. This can be useful when a 981 different user name is used on different machines. This saves 982 the trouble of having to remember to give the user name on the 983 command line. 984 985 UserKnownHostsFile 986 Specifies one or more files to use for the user host key 987 database, separated by whitespace. The default is 988 ~/.ssh/known_hosts, ~/.ssh/known_hosts2. 989 990 VerifyHostKeyDNS 991 Specifies whether to verify the remote key using DNS and SSHFP 992 resource records. If this option is set to yes, the client will 993 implicitly trust keys that match a secure fingerprint from DNS. 994 Insecure fingerprints will be handled as if this option was set 995 to ask. If this option is set to ask, information on fingerprint 996 match will be displayed, but the user will still need to confirm 997 new host keys according to the StrictHostKeyChecking option. The 998 default is no. 999 1000 See also VERIFYING HOST KEYS in ssh(1). 1001 1002 VisualHostKey 1003 If this flag is set to yes, an ASCII art representation of the 1004 remote host key fingerprint is printed in addition to the 1005 fingerprint string at login and for unknown host keys. If this 1006 flag is set to no (the default), no fingerprint strings are 1007 printed at login and only the fingerprint string will be printed 1008 for unknown host keys. 1009 1010 XAuthLocation 1011 Specifies the full pathname of the xauth(1) program. The default 1012 is /usr/X11R6/bin/xauth. 1013 1014PATTERNS 1015 A pattern consists of zero or more non-whitespace characters, M-bM-^@M-^X*M-bM-^@M-^Y (a 1016 wildcard that matches zero or more characters), or M-bM-^@M-^X?M-bM-^@M-^Y (a wildcard that 1017 matches exactly one character). For example, to specify a set of 1018 declarations for any host in the ".co.uk" set of domains, the following 1019 pattern could be used: 1020 1021 Host *.co.uk 1022 1023 The following pattern would match any host in the 192.168.0.[0-9] network 1024 range: 1025 1026 Host 192.168.0.? 1027 1028 A pattern-list is a comma-separated list of patterns. Patterns within 1029 pattern-lists may be negated by preceding them with an exclamation mark 1030 (M-bM-^@M-^X!M-bM-^@M-^Y). For example, to allow a key to be used from anywhere within an 1031 organization except from the "dialup" pool, the following entry (in 1032 authorized_keys) could be used: 1033 1034 from="!*.dialup.example.com,*.example.com" 1035 1036TOKENS 1037 Arguments to some keywords can make use of tokens, which are expanded at 1038 runtime: 1039 1040 %% A literal M-bM-^@M-^X%M-bM-^@M-^Y. 1041 %C Shorthand for %l%h%p%r. 1042 %d Local user's home directory. 1043 %h The remote hostname. 1044 %i The local user ID. 1045 %L The local hostname. 1046 %l The local hostname, including the domain name. 1047 %n The original remote hostname, as given on the command line. 1048 %p The remote port. 1049 %r The remote username. 1050 %u The local username. 1051 1052 Match exec accepts the tokens %%, %h, %L, %l, %n, %p, %r, and %u. 1053 1054 CertificateFile accepts the tokens %%, %d, %h, %l, %r, and %u. 1055 1056 ControlPath accepts the tokens %%, %C, %h, %i, %L, %l, %n, %p, %r, and 1057 %u. 1058 1059 HostName accepts the tokens %% and %h. 1060 1061 IdentityAgent and IdentityFile accept the tokens %%, %d, %h, %l, %r, and 1062 %u. 1063 1064 LocalCommand accepts the tokens %%, %C, %d, %h, %l, %n, %p, %r, and %u. 1065 1066 ProxyCommand accepts the tokens %%, %h, %p, and %r. 1067 1068FILES 1069 ~/.ssh/config 1070 This is the per-user configuration file. The format of this file 1071 is described above. This file is used by the SSH client. 1072 Because of the potential for abuse, this file must have strict 1073 permissions: read/write for the user, and not accessible by 1074 others. 1075 1076 /etc/ssh/ssh_config 1077 Systemwide configuration file. This file provides defaults for 1078 those values that are not specified in the user's configuration 1079 file, and for those users who do not have a configuration file. 1080 This file must be world-readable. 1081 1082SEE ALSO 1083 ssh(1) 1084 1085AUTHORS 1086 OpenSSH is a derivative of the original and free ssh 1.2.12 release by 1087 Tatu Ylonen. Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, Theo 1088 de Raadt and Dug Song removed many bugs, re-added newer features and 1089 created OpenSSH. Markus Friedl contributed the support for SSH protocol 1090 versions 1.5 and 2.0. 1091 1092OpenBSD 6.0 February 27, 2017 OpenBSD 6.0 1093