Lines Matching +full:ipv6 +full:- +full:single +full:- +full:target

48 .Bl -enum -offset indent -compact
50 command-line options
55 system-wide configuration file
71 host-specific declarations should be given near the beginning of the
74 The file contains keyword-argument pairs, one per line.
95 keywords are case-insensitive and arguments are case-sensitive):
96 .Bl -tag -width Ds
105 A single
137 or the single token
167 keyword matches only when the configuration file is being re-parsed
176 keyword requests that the configuration be re-parsed (regardless of whether
198 The other keywords' criteria must be single entries or comma-separated
204 keyword are matched against the target hostname, after any substitution
212 keyword matches against the hostname as it was specified on the command-line.
215 keyword matches against the target username on the remote host.
220 (this keyword may be useful in system-wide
225 .Xr ssh-agent 1 .
230 .Xr ssh-add 1 .
237 .Xr ssh-add 1
244 .Xr ssh-add 1 .
263 (use IPv6 only).
301 is enabled and the target hostname cannot be found in any of the domains
330 again using the new target name to pick up any new configuration in matching
339 allows a single dot (i.e. hostname.subdomain).
347 is a pattern-list of domains that may follow CNAMEs in canonicalization,
350 is a pattern-list of domains that they may resolve to.
365 .Bd -literal -offset indent
366 ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
367 ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa
384 .Xr ssh-agent 1 ,
404 Specifies whether to use challenge-response authentication.
428 Multiple ciphers must be comma-separated.
434 .Sq -
443 .Bd -literal -offset indent
444 3des-cbc
445 aes128-cbc
446 aes192-cbc
447 aes256-cbc
448 aes128-ctr
449 aes192-ctr
450 aes256-ctr
451 aes128-gcm@openssh.com
452 aes256-gcm@openssh.com
453 chacha20-poly1305@openssh.com
457 .Bd -literal -offset indent
458 chacha20-poly1305@openssh.com,
459 aes128-ctr,aes192-ctr,aes256-ctr,
460 aes128-gcm@openssh.com,aes256-gcm@openssh.com
464 .Qq ssh -Q cipher .
499 Enables the sharing of multiple sessions over a single network connection.
522 .Xr ssh-askpass 1 .
530 .Xr ssh-agent 1
580 .Qq ssh -O exit ) .
596 IPv6 addresses can be specified by enclosing addresses in square brackets.
624 .Xr ssh-keysign 8
632 This option should be placed in the non-hostspecific section.
634 .Xr ssh-keysign 8
641 The argument should be a single character,
686 (for the agent's Unix-domain socket)
789 .Xr ssh-keygen 1 .
800 as a comma-separated list of patterns.
806 .Sq -
814 .Bd -literal -offset 3n
815 ecdsa-sha2-nistp256-cert-v01@openssh.com,
816 ecdsa-sha2-nistp384-cert-v01@openssh.com,
817 ecdsa-sha2-nistp521-cert-v01@openssh.com,
818 sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,
819 ssh-ed25519-cert-v01@openssh.com,
820 sk-ssh-ed25519-cert-v01@openssh.com,
821 rsa-sha2-512-cert-v01@openssh.com,
822 rsa-sha2-256-cert-v01@openssh.com,
823 ssh-rsa-cert-v01@openssh.com,
824 ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
825 sk-ecdsa-sha2-nistp256@openssh.com,
826 ssh-ed25519,sk-ssh-ed25519@openssh.com,
827 rsa-sha2-512,rsa-sha2-256,ssh-rsa
843 .Sq -
851 .Bd -literal -offset 3n
852 ecdsa-sha2-nistp256-cert-v01@openssh.com,
853 ecdsa-sha2-nistp384-cert-v01@openssh.com,
854 ecdsa-sha2-nistp521-cert-v01@openssh.com,
855 sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,
856 ssh-ed25519-cert-v01@openssh.com,
857 sk-ssh-ed25519-cert-v01@openssh.com,
858 rsa-sha2-512-cert-v01@openssh.com,
859 rsa-sha2-256-cert-v01@openssh.com,
860 ssh-rsa-cert-v01@openssh.com,
861 ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
862 sk-ecdsa-sha2-nistp256@openssh.com,
863 ssh-ed25519,sk-ssh-ed25519@openssh.com,
864 rsa-sha2-512,rsa-sha2-256,ssh-rsa
871 .Qq ssh -Q HostKeyAlgorithms .
877 or for multiple servers running on a single host.
899 command-line),
901 .Xr ssh-agent 1
912 This option is intended for situations where ssh-agent
916 .Ux Ns -domain
942 Specifies a file from which the user's DSA, ECDSA, authenticator-hosted ECDSA,
943 Ed25519, authenticator-hosted Ed25519 or RSA authentication identity is read.
961 .Pa -cert.pub
990 Specifies a pattern-list of unknown options to be ignored if they are
1004 wildcards and, for user configurations, shell-like
1020 Specifies the IPv4 type-of-service or DSCP class for connections.
1053 interactive sessions and the second for non-interactive sessions.
1056 (Low-Latency Data)
1060 for non-interactive sessions.
1062 Specifies whether to use keyboard-interactive authentication.
1069 Specifies the list of methods to use in keyboard-interactive authentication.
1070 Multiple method names must be comma-separated.
1080 Multiple algorithms must be comma-separated.
1086 .Sq -
1094 .Bd -literal -offset indent
1095 curve25519-sha256,curve25519-sha256@libssh.org,
1096 ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,
1097 diffie-hellman-group-exchange-sha256,
1098 diffie-hellman-group16-sha512,
1099 diffie-hellman-group18-sha512,
1100 diffie-hellman-group14-sha256
1104 .Qq ssh -Q kex .
1137 IPv6 addresses can be specified by enclosing addresses in square brackets.
1170 Multiple algorithms must be comma-separated.
1176 .Sq -
1185 .Qq -etm
1186 calculate the MAC after encryption (encrypt-then-mac).
1190 .Bd -literal -offset indent
1191 umac-64-etm@openssh.com,umac-128-etm@openssh.com,
1192 hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,
1193 hmac-sha1-etm@openssh.com,
1194 umac-64@openssh.com,umac-128@openssh.com,
1195 hmac-sha2-256,hmac-sha2-512,hmac-sha1
1199 .Qq ssh -Q mac .
1244 .Cm keyboard-interactive )
1248 .Bd -literal -offset indent
1249 gssapi-with-mic,hostbased,publickey,
1250 keyboard-interactive,password
1270 .Ic sshd -i
1287 .Bd -literal -offset 3n
1288 ProxyCommand /usr/bin/nc -X connect -x 192.0.2.0:8080 %h %p
1304 to connect to the target host by first making a
1309 TCP forwarding to the ultimate target from there.
1313 option - whichever is specified first will prevent later instances of the
1317 via the command-line or the configuration file) is not generally applied
1331 as a comma-separated list of patterns.
1337 .Sq -
1345 .Bd -literal -offset 3n
1346 ecdsa-sha2-nistp256-cert-v01@openssh.com,
1347 ecdsa-sha2-nistp384-cert-v01@openssh.com,
1348 ecdsa-sha2-nistp521-cert-v01@openssh.com,
1349 sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,
1350 ssh-ed25519-cert-v01@openssh.com,
1351 sk-ssh-ed25519-cert-v01@openssh.com,
1352 rsa-sha2-512-cert-v01@openssh.com,
1353 rsa-sha2-256-cert-v01@openssh.com,
1354 ssh-rsa-cert-v01@openssh.com,
1355 ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
1356 sk-ecdsa-sha2-nistp256@openssh.com,
1357 ssh-ed25519,sk-ssh-ed25519@openssh.com,
1358 rsa-sha2-512,rsa-sha2-256,ssh-rsa
1362 .Qq ssh -Q PubkeyAcceptedKeyTypes .
1421 IPv6 addresses can be specified by enclosing addresses in square brackets.
1452 Specifies whether to request a pseudo-tty for the session.
1475 .Xr ssh-keygen 1 .
1477 .Xr ssh-keygen 1 .
1480 FIDO authenticator-hosted keys, overriding the default of using
1481 the built-in USB HID support.
1496 pseudo-terminal is requested as it is required by the protocol.
1515 .Pa - .
1560 used when creating a Unix-domain socket file for local or remote
1562 This option is only used for port forwarding to a Unix-domain socket file.
1564 The default value is 0177, which creates a Unix-domain socket file that is
1566 Note that not all operating systems honor the file mode on Unix-domain
1569 Specifies whether to remove an existing Unix-domain socket file for local
1575 will be unable to forward the port to the Unix-domain socket file.
1576 This option is only used for port forwarding to a Unix-domain socket file.
1590 This provides maximum protection against man-in-the-middle (MITM) attacks,
1599 .Dq accept-new
1644 for protocol-level keepalives.
1651 .Cm point-to-point
1661 .Cm point-to-point .
1776 consists of zero or more non-whitespace characters,
1790 would match any host in the 192.168.0.[0-9] network range:
1795 .Em pattern-list
1796 is a comma-separated list of patterns.
1797 Patterns within pattern-lists may be negated
1812 against the following pattern-list will fail:
1824 .Bl -tag -width XXXX -offset indent -compact
1879 .Bl -tag -width Ds
1881 This is the per-user configuration file.
1891 This file must be world-readable.
1896 .An -nosplit
1904 removed many bugs, re-added newer features and