• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1.\"
2.\" Author: Tatu Ylonen <ylo@cs.hut.fi>
3.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
4.\"                    All rights reserved
5.\"
6.\" As far as I am concerned, the code I have written for this software
7.\" can be used freely for any purpose.  Any derived versions of this
8.\" software must be clearly marked as such, and if the derived work is
9.\" incompatible with the protocol description in the RFC file, it must be
10.\" called by a name other than "ssh" or "Secure Shell".
11.\"
12.\" Copyright (c) 1999,2000 Markus Friedl.  All rights reserved.
13.\" Copyright (c) 1999 Aaron Campbell.  All rights reserved.
14.\" Copyright (c) 1999 Theo de Raadt.  All rights reserved.
15.\"
16.\" Redistribution and use in source and binary forms, with or without
17.\" modification, are permitted provided that the following conditions
18.\" are met:
19.\" 1. Redistributions of source code must retain the above copyright
20.\"    notice, this list of conditions and the following disclaimer.
21.\" 2. Redistributions in binary form must reproduce the above copyright
22.\"    notice, this list of conditions and the following disclaimer in the
23.\"    documentation and/or other materials provided with the distribution.
24.\"
25.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
26.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
27.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
28.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
29.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
30.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
31.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
32.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
33.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
34.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
35.\"
36.\" $OpenBSD: ssh_config.5,v 1.325 2020/04/11 20:20:09 jmc Exp $
37.Dd $Mdocdate: April 11 2020 $
38.Dt SSH_CONFIG 5
39.Os
40.Sh NAME
41.Nm ssh_config
42.Nd OpenSSH client configuration file
43.Sh DESCRIPTION
44.Xr ssh 1
45obtains configuration data from the following sources in
46the following order:
47.Pp
48.Bl -enum -offset indent -compact
49.It
50command-line options
51.It
52user's configuration file
53.Pq Pa ~/.ssh/config
54.It
55system-wide configuration file
56.Pq Pa /etc/ssh/ssh_config
57.El
58.Pp
59For each parameter, the first obtained value
60will be used.
61The configuration files contain sections separated by
62.Cm Host
63specifications, and that section is only applied for hosts that
64match one of the patterns given in the specification.
65The matched host name is usually the one given on the command line
66(see the
67.Cm CanonicalizeHostname
68option for exceptions).
69.Pp
70Since the first obtained value for each parameter is used, more
71host-specific declarations should be given near the beginning of the
72file, and general defaults at the end.
73.Pp
74The file contains keyword-argument pairs, one per line.
75Lines starting with
76.Ql #
77and empty lines are interpreted as comments.
78Arguments may optionally be enclosed in double quotes
79.Pq \&"
80in order to represent arguments containing spaces.
81Configuration options may be separated by whitespace or
82optional whitespace and exactly one
83.Ql = ;
84the latter format is useful to avoid the need to quote whitespace
85when specifying configuration options using the
86.Nm ssh ,
87.Nm scp ,
88and
89.Nm sftp
90.Fl o
91option.
92.Pp
93The possible
94keywords and their meanings are as follows (note that
95keywords are case-insensitive and arguments are case-sensitive):
96.Bl -tag -width Ds
97.It Cm Host
98Restricts the following declarations (up to the next
99.Cm Host
100or
101.Cm Match
102keyword) to be only for those hosts that match one of the patterns
103given after the keyword.
104If more than one pattern is provided, they should be separated by whitespace.
105A single
106.Ql *
107as a pattern can be used to provide global
108defaults for all hosts.
109The host is usually the
110.Ar hostname
111argument given on the command line
112(see the
113.Cm CanonicalizeHostname
114keyword for exceptions).
115.Pp
116A pattern entry may be negated by prefixing it with an exclamation mark
117.Pq Sq !\& .
118If a negated entry is matched, then the
119.Cm Host
120entry is ignored, regardless of whether any other patterns on the line
121match.
122Negated matches are therefore useful to provide exceptions for wildcard
123matches.
124.Pp
125See
126.Sx PATTERNS
127for more information on patterns.
128.It Cm Match
129Restricts the following declarations (up to the next
130.Cm Host
131or
132.Cm Match
133keyword) to be used only when the conditions following the
134.Cm Match
135keyword are satisfied.
136Match conditions are specified using one or more criteria
137or the single token
138.Cm all
139which always matches.
140The available criteria keywords are:
141.Cm canonical ,
142.Cm final ,
143.Cm exec ,
144.Cm host ,
145.Cm originalhost ,
146.Cm user ,
147and
148.Cm localuser .
149The
150.Cm all
151criteria must appear alone or immediately after
152.Cm canonical
153or
154.Cm final .
155Other criteria may be combined arbitrarily.
156All criteria but
157.Cm all ,
158.Cm canonical ,
159and
160.Cm final
161require an argument.
162Criteria may be negated by prepending an exclamation mark
163.Pq Sq !\& .
164.Pp
165The
166.Cm canonical
167keyword matches only when the configuration file is being re-parsed
168after hostname canonicalization (see the
169.Cm CanonicalizeHostname
170option).
171This may be useful to specify conditions that work with canonical host
172names only.
173.Pp
174The
175.Cm final
176keyword requests that the configuration be re-parsed (regardless of whether
177.Cm CanonicalizeHostname
178is enabled), and matches only during this final pass.
179If
180.Cm CanonicalizeHostname
181is enabled, then
182.Cm canonical
183and
184.Cm final
185match during the same pass.
186.Pp
187The
188.Cm exec
189keyword executes the specified command under the user's shell.
190If the command returns a zero exit status then the condition is considered true.
191Commands containing whitespace characters must be quoted.
192Arguments to
193.Cm exec
194accept the tokens described in the
195.Sx TOKENS
196section.
197.Pp
198The other keywords' criteria must be single entries or comma-separated
199lists and may use the wildcard and negation operators described in the
200.Sx PATTERNS
201section.
202The criteria for the
203.Cm host
204keyword are matched against the target hostname, after any substitution
205by the
206.Cm Hostname
207or
208.Cm CanonicalizeHostname
209options.
210The
211.Cm originalhost
212keyword matches against the hostname as it was specified on the command-line.
213The
214.Cm user
215keyword matches against the target username on the remote host.
216The
217.Cm localuser
218keyword matches against the name of the local user running
219.Xr ssh 1
220(this keyword may be useful in system-wide
221.Nm
222files).
223.It Cm AddKeysToAgent
224Specifies whether keys should be automatically added to a running
225.Xr ssh-agent 1 .
226If this option is set to
227.Cm yes
228and a key is loaded from a file, the key and its passphrase are added to
229the agent with the default lifetime, as if by
230.Xr ssh-add 1 .
231If this option is set to
232.Cm ask ,
233.Xr ssh 1
234will require confirmation using the
235.Ev SSH_ASKPASS
236program before adding a key (see
237.Xr ssh-add 1
238for details).
239If this option is set to
240.Cm confirm ,
241each use of the key must be confirmed, as if the
242.Fl c
243option was specified to
244.Xr ssh-add 1 .
245If this option is set to
246.Cm no ,
247no keys are added to the agent.
248The argument must be
249.Cm yes ,
250.Cm confirm ,
251.Cm ask ,
252or
253.Cm no
254(the default).
255.It Cm AddressFamily
256Specifies which address family to use when connecting.
257Valid arguments are
258.Cm any
259(the default),
260.Cm inet
261(use IPv4 only), or
262.Cm inet6
263(use IPv6 only).
264.It Cm BatchMode
265If set to
266.Cm yes ,
267user interaction such as password prompts and host key confirmation requests
268will be disabled.
269This option is useful in scripts and other batch jobs where no user
270is present to interact with
271.Xr ssh 1 .
272The argument must be
273.Cm yes
274or
275.Cm no
276(the default).
277.It Cm BindAddress
278Use the specified address on the local machine as the source address of
279the connection.
280Only useful on systems with more than one address.
281.It Cm BindInterface
282Use the address of the specified interface on the local machine as the
283source address of the connection.
284.It Cm CanonicalDomains
285When
286.Cm CanonicalizeHostname
287is enabled, this option specifies the list of domain suffixes in which to
288search for the specified destination host.
289.It Cm CanonicalizeFallbackLocal
290Specifies whether to fail with an error when hostname canonicalization fails.
291The default,
292.Cm yes ,
293will attempt to look up the unqualified hostname using the system resolver's
294search rules.
295A value of
296.Cm no
297will cause
298.Xr ssh 1
299to fail instantly if
300.Cm CanonicalizeHostname
301is enabled and the target hostname cannot be found in any of the domains
302specified by
303.Cm CanonicalDomains .
304.It Cm CanonicalizeHostname
305Controls whether explicit hostname canonicalization is performed.
306The default,
307.Cm no ,
308is not to perform any name rewriting and let the system resolver handle all
309hostname lookups.
310If set to
311.Cm yes
312then, for connections that do not use a
313.Cm ProxyCommand
314or
315.Cm ProxyJump ,
316.Xr ssh 1
317will attempt to canonicalize the hostname specified on the command line
318using the
319.Cm CanonicalDomains
320suffixes and
321.Cm CanonicalizePermittedCNAMEs
322rules.
323If
324.Cm CanonicalizeHostname
325is set to
326.Cm always ,
327then canonicalization is applied to proxied connections too.
328.Pp
329If this option is enabled, then the configuration files are processed
330again using the new target name to pick up any new configuration in matching
331.Cm Host
332and
333.Cm Match
334stanzas.
335.It Cm CanonicalizeMaxDots
336Specifies the maximum number of dot characters in a hostname before
337canonicalization is disabled.
338The default, 1,
339allows a single dot (i.e. hostname.subdomain).
340.It Cm CanonicalizePermittedCNAMEs
341Specifies rules to determine whether CNAMEs should be followed when
342canonicalizing hostnames.
343The rules consist of one or more arguments of
344.Ar source_domain_list : Ns Ar target_domain_list ,
345where
346.Ar source_domain_list
347is a pattern-list of domains that may follow CNAMEs in canonicalization,
348and
349.Ar target_domain_list
350is a pattern-list of domains that they may resolve to.
351.Pp
352For example,
353.Qq *.a.example.com:*.b.example.com,*.c.example.com
354will allow hostnames matching
355.Qq *.a.example.com
356to be canonicalized to names in the
357.Qq *.b.example.com
358or
359.Qq *.c.example.com
360domains.
361.It Cm CASignatureAlgorithms
362Specifies which algorithms are allowed for signing of certificates
363by certificate authorities (CAs).
364The default is:
365.Bd -literal -offset indent
366ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
367ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa
368.Ed
369.Pp
370.Xr ssh 1
371will not accept host certificates signed using algorithms other than those
372specified.
373.It Cm CertificateFile
374Specifies a file from which the user's certificate is read.
375A corresponding private key must be provided separately in order
376to use this certificate either
377from an
378.Cm IdentityFile
379directive or
380.Fl i
381flag to
382.Xr ssh 1 ,
383via
384.Xr ssh-agent 1 ,
385or via a
386.Cm PKCS11Provider
387or
388.Cm SecurityKeyProvider .
389.Pp
390Arguments to
391.Cm CertificateFile
392may use the tilde syntax to refer to a user's home directory
393or the tokens described in the
394.Sx TOKENS
395section.
396.Pp
397It is possible to have multiple certificate files specified in
398configuration files; these certificates will be tried in sequence.
399Multiple
400.Cm CertificateFile
401directives will add to the list of certificates used for
402authentication.
403.It Cm ChallengeResponseAuthentication
404Specifies whether to use challenge-response authentication.
405The argument to this keyword must be
406.Cm yes
407(the default)
408or
409.Cm no .
410.It Cm CheckHostIP
411If set to
412.Cm yes
413(the default),
414.Xr ssh 1
415will additionally check the host IP address in the
416.Pa known_hosts
417file.
418This allows it to detect if a host key changed due to DNS spoofing
419and will add addresses of destination hosts to
420.Pa ~/.ssh/known_hosts
421in the process, regardless of the setting of
422.Cm StrictHostKeyChecking .
423If the option is set to
424.Cm no ,
425the check will not be executed.
426.It Cm Ciphers
427Specifies the ciphers allowed and their order of preference.
428Multiple ciphers must be comma-separated.
429If the specified list begins with a
430.Sq +
431character, then the specified ciphers will be appended to the default set
432instead of replacing them.
433If the specified list begins with a
434.Sq -
435character, then the specified ciphers (including wildcards) will be removed
436from the default set instead of replacing them.
437If the specified list begins with a
438.Sq ^
439character, then the specified ciphers will be placed at the head of the
440default set.
441.Pp
442The supported ciphers are:
443.Bd -literal -offset indent
4443des-cbc
445aes128-cbc
446aes192-cbc
447aes256-cbc
448aes128-ctr
449aes192-ctr
450aes256-ctr
451aes128-gcm@openssh.com
452aes256-gcm@openssh.com
453chacha20-poly1305@openssh.com
454.Ed
455.Pp
456The default is:
457.Bd -literal -offset indent
458chacha20-poly1305@openssh.com,
459aes128-ctr,aes192-ctr,aes256-ctr,
460aes128-gcm@openssh.com,aes256-gcm@openssh.com
461.Ed
462.Pp
463The list of available ciphers may also be obtained using
464.Qq ssh -Q cipher .
465.It Cm ClearAllForwardings
466Specifies that all local, remote, and dynamic port forwardings
467specified in the configuration files or on the command line be
468cleared.
469This option is primarily useful when used from the
470.Xr ssh 1
471command line to clear port forwardings set in
472configuration files, and is automatically set by
473.Xr scp 1
474and
475.Xr sftp 1 .
476The argument must be
477.Cm yes
478or
479.Cm no
480(the default).
481.It Cm Compression
482Specifies whether to use compression.
483The argument must be
484.Cm yes
485or
486.Cm no
487(the default).
488.It Cm ConnectionAttempts
489Specifies the number of tries (one per second) to make before exiting.
490The argument must be an integer.
491This may be useful in scripts if the connection sometimes fails.
492The default is 1.
493.It Cm ConnectTimeout
494Specifies the timeout (in seconds) used when connecting to the
495SSH server, instead of using the default system TCP timeout.
496This timeout is applied both to establishing the connection and to performing
497the initial SSH protocol handshake and key exchange.
498.It Cm ControlMaster
499Enables the sharing of multiple sessions over a single network connection.
500When set to
501.Cm yes ,
502.Xr ssh 1
503will listen for connections on a control socket specified using the
504.Cm ControlPath
505argument.
506Additional sessions can connect to this socket using the same
507.Cm ControlPath
508with
509.Cm ControlMaster
510set to
511.Cm no
512(the default).
513These sessions will try to reuse the master instance's network connection
514rather than initiating new ones, but will fall back to connecting normally
515if the control socket does not exist, or is not listening.
516.Pp
517Setting this to
518.Cm ask
519will cause
520.Xr ssh 1
521to listen for control connections, but require confirmation using
522.Xr ssh-askpass 1 .
523If the
524.Cm ControlPath
525cannot be opened,
526.Xr ssh 1
527will continue without connecting to a master instance.
528.Pp
529X11 and
530.Xr ssh-agent 1
531forwarding is supported over these multiplexed connections, however the
532display and agent forwarded will be the one belonging to the master
533connection i.e. it is not possible to forward multiple displays or agents.
534.Pp
535Two additional options allow for opportunistic multiplexing: try to use a
536master connection but fall back to creating a new one if one does not already
537exist.
538These options are:
539.Cm auto
540and
541.Cm autoask .
542The latter requires confirmation like the
543.Cm ask
544option.
545.It Cm ControlPath
546Specify the path to the control socket used for connection sharing as described
547in the
548.Cm ControlMaster
549section above or the string
550.Cm none
551to disable connection sharing.
552Arguments to
553.Cm ControlPath
554may use the tilde syntax to refer to a user's home directory
555or the tokens described in the
556.Sx TOKENS
557section.
558It is recommended that any
559.Cm ControlPath
560used for opportunistic connection sharing include
561at least %h, %p, and %r (or alternatively %C) and be placed in a directory
562that is not writable by other users.
563This ensures that shared connections are uniquely identified.
564.It Cm ControlPersist
565When used in conjunction with
566.Cm ControlMaster ,
567specifies that the master connection should remain open
568in the background (waiting for future client connections)
569after the initial client connection has been closed.
570If set to
571.Cm no
572(the default),
573then the master connection will not be placed into the background,
574and will close as soon as the initial client connection is closed.
575If set to
576.Cm yes
577or 0,
578then the master connection will remain in the background indefinitely
579(until killed or closed via a mechanism such as the
580.Qq ssh -O exit ) .
581If set to a time in seconds, or a time in any of the formats documented in
582.Xr sshd_config 5 ,
583then the backgrounded master connection will automatically terminate
584after it has remained idle (with no client connections) for the
585specified time.
586.It Cm DynamicForward
587Specifies that a TCP port on the local machine be forwarded
588over the secure channel, and the application
589protocol is then used to determine where to connect to from the
590remote machine.
591.Pp
592The argument must be
593.Sm off
594.Oo Ar bind_address : Oc Ar port .
595.Sm on
596IPv6 addresses can be specified by enclosing addresses in square brackets.
597By default, the local port is bound in accordance with the
598.Cm GatewayPorts
599setting.
600However, an explicit
601.Ar bind_address
602may be used to bind the connection to a specific address.
603The
604.Ar bind_address
605of
606.Cm localhost
607indicates that the listening port be bound for local use only, while an
608empty address or
609.Sq *
610indicates that the port should be available from all interfaces.
611.Pp
612Currently the SOCKS4 and SOCKS5 protocols are supported, and
613.Xr ssh 1
614will act as a SOCKS server.
615Multiple forwardings may be specified, and
616additional forwardings can be given on the command line.
617Only the superuser can forward privileged ports.
618.It Cm EnableSSHKeysign
619Setting this option to
620.Cm yes
621in the global client configuration file
622.Pa /etc/ssh/ssh_config
623enables the use of the helper program
624.Xr ssh-keysign 8
625during
626.Cm HostbasedAuthentication .
627The argument must be
628.Cm yes
629or
630.Cm no
631(the default).
632This option should be placed in the non-hostspecific section.
633See
634.Xr ssh-keysign 8
635for more information.
636.It Cm EscapeChar
637Sets the escape character (default:
638.Ql ~ ) .
639The escape character can also
640be set on the command line.
641The argument should be a single character,
642.Ql ^
643followed by a letter, or
644.Cm none
645to disable the escape
646character entirely (making the connection transparent for binary
647data).
648.It Cm ExitOnForwardFailure
649Specifies whether
650.Xr ssh 1
651should terminate the connection if it cannot set up all requested
652dynamic, tunnel, local, and remote port forwardings, (e.g.\&
653if either end is unable to bind and listen on a specified port).
654Note that
655.Cm ExitOnForwardFailure
656does not apply to connections made over port forwardings and will not,
657for example, cause
658.Xr ssh 1
659to exit if TCP connections to the ultimate forwarding destination fail.
660The argument must be
661.Cm yes
662or
663.Cm no
664(the default).
665.It Cm FingerprintHash
666Specifies the hash algorithm used when displaying key fingerprints.
667Valid options are:
668.Cm md5
669and
670.Cm sha256
671(the default).
672.It Cm ForwardAgent
673Specifies whether the connection to the authentication agent (if any)
674will be forwarded to the remote machine.
675The argument may be
676.Cm yes ,
677.Cm no
678(the default),
679an explicit path to an agent socket or the name of an environment variable
680(beginning with
681.Sq $ )
682in which to find the path.
683.Pp
684Agent forwarding should be enabled with caution.
685Users with the ability to bypass file permissions on the remote host
686(for the agent's Unix-domain socket)
687can access the local agent through the forwarded connection.
688An attacker cannot obtain key material from the agent,
689however they can perform operations on the keys that enable them to
690authenticate using the identities loaded into the agent.
691.It Cm ForwardX11
692Specifies whether X11 connections will be automatically redirected
693over the secure channel and
694.Ev DISPLAY
695set.
696The argument must be
697.Cm yes
698or
699.Cm no
700(the default).
701.Pp
702X11 forwarding should be enabled with caution.
703Users with the ability to bypass file permissions on the remote host
704(for the user's X11 authorization database)
705can access the local X11 display through the forwarded connection.
706An attacker may then be able to perform activities such as keystroke monitoring
707if the
708.Cm ForwardX11Trusted
709option is also enabled.
710.It Cm ForwardX11Timeout
711Specify a timeout for untrusted X11 forwarding
712using the format described in the
713.Sx TIME FORMATS
714section of
715.Xr sshd_config 5 .
716X11 connections received by
717.Xr ssh 1
718after this time will be refused.
719Setting
720.Cm ForwardX11Timeout
721to zero will disable the timeout and permit X11 forwarding for the life
722of the connection.
723The default is to disable untrusted X11 forwarding after twenty minutes has
724elapsed.
725.It Cm ForwardX11Trusted
726If this option is set to
727.Cm yes ,
728remote X11 clients will have full access to the original X11 display.
729.Pp
730If this option is set to
731.Cm no
732(the default),
733remote X11 clients will be considered untrusted and prevented
734from stealing or tampering with data belonging to trusted X11
735clients.
736Furthermore, the
737.Xr xauth 1
738token used for the session will be set to expire after 20 minutes.
739Remote clients will be refused access after this time.
740.Pp
741See the X11 SECURITY extension specification for full details on
742the restrictions imposed on untrusted clients.
743.It Cm GatewayPorts
744Specifies whether remote hosts are allowed to connect to local
745forwarded ports.
746By default,
747.Xr ssh 1
748binds local port forwardings to the loopback address.
749This prevents other remote hosts from connecting to forwarded ports.
750.Cm GatewayPorts
751can be used to specify that ssh
752should bind local port forwardings to the wildcard address,
753thus allowing remote hosts to connect to forwarded ports.
754The argument must be
755.Cm yes
756or
757.Cm no
758(the default).
759.It Cm GlobalKnownHostsFile
760Specifies one or more files to use for the global
761host key database, separated by whitespace.
762The default is
763.Pa /etc/ssh/ssh_known_hosts ,
764.Pa /etc/ssh/ssh_known_hosts2 .
765.It Cm GSSAPIAuthentication
766Specifies whether user authentication based on GSSAPI is allowed.
767The default is
768.Cm no .
769.It Cm GSSAPIDelegateCredentials
770Forward (delegate) credentials to the server.
771The default is
772.Cm no .
773.It Cm HashKnownHosts
774Indicates that
775.Xr ssh 1
776should hash host names and addresses when they are added to
777.Pa ~/.ssh/known_hosts .
778These hashed names may be used normally by
779.Xr ssh 1
780and
781.Xr sshd 8 ,
782but they do not visually reveal identifying information if the
783file's contents are disclosed.
784The default is
785.Cm no .
786Note that existing names and addresses in known hosts files
787will not be converted automatically,
788but may be manually hashed using
789.Xr ssh-keygen 1 .
790.It Cm HostbasedAuthentication
791Specifies whether to try rhosts based authentication with public key
792authentication.
793The argument must be
794.Cm yes
795or
796.Cm no
797(the default).
798.It Cm HostbasedKeyTypes
799Specifies the key types that will be used for hostbased authentication
800as a comma-separated list of patterns.
801Alternately if the specified list begins with a
802.Sq +
803character, then the specified key types will be appended to the default set
804instead of replacing them.
805If the specified list begins with a
806.Sq -
807character, then the specified key types (including wildcards) will be removed
808from the default set instead of replacing them.
809If the specified list begins with a
810.Sq ^
811character, then the specified key types will be placed at the head of the
812default set.
813The default for this option is:
814.Bd -literal -offset 3n
815ecdsa-sha2-nistp256-cert-v01@openssh.com,
816ecdsa-sha2-nistp384-cert-v01@openssh.com,
817ecdsa-sha2-nistp521-cert-v01@openssh.com,
818sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,
819ssh-ed25519-cert-v01@openssh.com,
820sk-ssh-ed25519-cert-v01@openssh.com,
821rsa-sha2-512-cert-v01@openssh.com,
822rsa-sha2-256-cert-v01@openssh.com,
823ssh-rsa-cert-v01@openssh.com,
824ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
825sk-ecdsa-sha2-nistp256@openssh.com,
826ssh-ed25519,sk-ssh-ed25519@openssh.com,
827rsa-sha2-512,rsa-sha2-256,ssh-rsa
828.Ed
829.Pp
830The
831.Fl Q
832option of
833.Xr ssh 1
834may be used to list supported key types.
835.It Cm HostKeyAlgorithms
836Specifies the host key algorithms
837that the client wants to use in order of preference.
838Alternately if the specified list begins with a
839.Sq +
840character, then the specified key types will be appended to the default set
841instead of replacing them.
842If the specified list begins with a
843.Sq -
844character, then the specified key types (including wildcards) will be removed
845from the default set instead of replacing them.
846If the specified list begins with a
847.Sq ^
848character, then the specified key types will be placed at the head of the
849default set.
850The default for this option is:
851.Bd -literal -offset 3n
852ecdsa-sha2-nistp256-cert-v01@openssh.com,
853ecdsa-sha2-nistp384-cert-v01@openssh.com,
854ecdsa-sha2-nistp521-cert-v01@openssh.com,
855sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,
856ssh-ed25519-cert-v01@openssh.com,
857sk-ssh-ed25519-cert-v01@openssh.com,
858rsa-sha2-512-cert-v01@openssh.com,
859rsa-sha2-256-cert-v01@openssh.com,
860ssh-rsa-cert-v01@openssh.com,
861ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
862sk-ecdsa-sha2-nistp256@openssh.com,
863ssh-ed25519,sk-ssh-ed25519@openssh.com,
864rsa-sha2-512,rsa-sha2-256,ssh-rsa
865.Ed
866.Pp
867If hostkeys are known for the destination host then this default is modified
868to prefer their algorithms.
869.Pp
870The list of available key types may also be obtained using
871.Qq ssh -Q HostKeyAlgorithms .
872.It Cm HostKeyAlias
873Specifies an alias that should be used instead of the
874real host name when looking up or saving the host key
875in the host key database files and when validating host certificates.
876This option is useful for tunneling SSH connections
877or for multiple servers running on a single host.
878.It Cm Hostname
879Specifies the real host name to log into.
880This can be used to specify nicknames or abbreviations for hosts.
881Arguments to
882.Cm Hostname
883accept the tokens described in the
884.Sx TOKENS
885section.
886Numeric IP addresses are also permitted (both on the command line and in
887.Cm Hostname
888specifications).
889The default is the name given on the command line.
890.It Cm IdentitiesOnly
891Specifies that
892.Xr ssh 1
893should only use the configured authentication identity and certificate files
894(either the default files, or those explicitly configured in the
895.Nm
896files
897or passed on the
898.Xr ssh 1
899command-line),
900even if
901.Xr ssh-agent 1
902or a
903.Cm PKCS11Provider
904or
905.Cm SecurityKeyProvider
906offers more identities.
907The argument to this keyword must be
908.Cm yes
909or
910.Cm no
911(the default).
912This option is intended for situations where ssh-agent
913offers many different identities.
914.It Cm IdentityAgent
915Specifies the
916.Ux Ns -domain
917socket used to communicate with the authentication agent.
918.Pp
919This option overrides the
920.Ev SSH_AUTH_SOCK
921environment variable and can be used to select a specific agent.
922Setting the socket name to
923.Cm none
924disables the use of an authentication agent.
925If the string
926.Qq SSH_AUTH_SOCK
927is specified, the location of the socket will be read from the
928.Ev SSH_AUTH_SOCK
929environment variable.
930Otherwise if the specified value begins with a
931.Sq $
932character, then it will be treated as an environment variable containing
933the location of the socket.
934.Pp
935Arguments to
936.Cm IdentityAgent
937may use the tilde syntax to refer to a user's home directory
938or the tokens described in the
939.Sx TOKENS
940section.
941.It Cm IdentityFile
942Specifies a file from which the user's DSA, ECDSA, authenticator-hosted ECDSA,
943Ed25519, authenticator-hosted Ed25519 or RSA authentication identity is read.
944The default is
945.Pa ~/.ssh/id_dsa ,
946.Pa ~/.ssh/id_ecdsa ,
947.Pa ~/.ssh/id_ecdsa_sk ,
948.Pa ~/.ssh/id_ed25519 ,
949.Pa ~/.ssh/id_ed25519_sk
950and
951.Pa ~/.ssh/id_rsa .
952Additionally, any identities represented by the authentication agent
953will be used for authentication unless
954.Cm IdentitiesOnly
955is set.
956If no certificates have been explicitly specified by
957.Cm CertificateFile ,
958.Xr ssh 1
959will try to load certificate information from the filename obtained by
960appending
961.Pa -cert.pub
962to the path of a specified
963.Cm IdentityFile .
964.Pp
965Arguments to
966.Cm IdentityFile
967may use the tilde syntax to refer to a user's home directory
968or the tokens described in the
969.Sx TOKENS
970section.
971.Pp
972It is possible to have
973multiple identity files specified in configuration files; all these
974identities will be tried in sequence.
975Multiple
976.Cm IdentityFile
977directives will add to the list of identities tried (this behaviour
978differs from that of other configuration directives).
979.Pp
980.Cm IdentityFile
981may be used in conjunction with
982.Cm IdentitiesOnly
983to select which identities in an agent are offered during authentication.
984.Cm IdentityFile
985may also be used in conjunction with
986.Cm CertificateFile
987in order to provide any certificate also needed for authentication with
988the identity.
989.It Cm IgnoreUnknown
990Specifies a pattern-list of unknown options to be ignored if they are
991encountered in configuration parsing.
992This may be used to suppress errors if
993.Nm
994contains options that are unrecognised by
995.Xr ssh 1 .
996It is recommended that
997.Cm IgnoreUnknown
998be listed early in the configuration file as it will not be applied
999to unknown options that appear before it.
1000.It Cm Include
1001Include the specified configuration file(s).
1002Multiple pathnames may be specified and each pathname may contain
1003.Xr glob 7
1004wildcards and, for user configurations, shell-like
1005.Sq ~
1006references to user home directories.
1007Files without absolute paths are assumed to be in
1008.Pa ~/.ssh
1009if included in a user configuration file or
1010.Pa /etc/ssh
1011if included from the system configuration file.
1012.Cm Include
1013directive may appear inside a
1014.Cm Match
1015or
1016.Cm Host
1017block
1018to perform conditional inclusion.
1019.It Cm IPQoS
1020Specifies the IPv4 type-of-service or DSCP class for connections.
1021Accepted values are
1022.Cm af11 ,
1023.Cm af12 ,
1024.Cm af13 ,
1025.Cm af21 ,
1026.Cm af22 ,
1027.Cm af23 ,
1028.Cm af31 ,
1029.Cm af32 ,
1030.Cm af33 ,
1031.Cm af41 ,
1032.Cm af42 ,
1033.Cm af43 ,
1034.Cm cs0 ,
1035.Cm cs1 ,
1036.Cm cs2 ,
1037.Cm cs3 ,
1038.Cm cs4 ,
1039.Cm cs5 ,
1040.Cm cs6 ,
1041.Cm cs7 ,
1042.Cm ef ,
1043.Cm le ,
1044.Cm lowdelay ,
1045.Cm throughput ,
1046.Cm reliability ,
1047a numeric value, or
1048.Cm none
1049to use the operating system default.
1050This option may take one or two arguments, separated by whitespace.
1051If one argument is specified, it is used as the packet class unconditionally.
1052If two values are specified, the first is automatically selected for
1053interactive sessions and the second for non-interactive sessions.
1054The default is
1055.Cm af21
1056(Low-Latency Data)
1057for interactive sessions and
1058.Cm cs1
1059(Lower Effort)
1060for non-interactive sessions.
1061.It Cm KbdInteractiveAuthentication
1062Specifies whether to use keyboard-interactive authentication.
1063The argument to this keyword must be
1064.Cm yes
1065(the default)
1066or
1067.Cm no .
1068.It Cm KbdInteractiveDevices
1069Specifies the list of methods to use in keyboard-interactive authentication.
1070Multiple method names must be comma-separated.
1071The default is to use the server specified list.
1072The methods available vary depending on what the server supports.
1073For an OpenSSH server,
1074it may be zero or more of:
1075.Cm bsdauth
1076and
1077.Cm pam .
1078.It Cm KexAlgorithms
1079Specifies the available KEX (Key Exchange) algorithms.
1080Multiple algorithms must be comma-separated.
1081If the specified list begins with a
1082.Sq +
1083character, then the specified methods will be appended to the default set
1084instead of replacing them.
1085If the specified list begins with a
1086.Sq -
1087character, then the specified methods (including wildcards) will be removed
1088from the default set instead of replacing them.
1089If the specified list begins with a
1090.Sq ^
1091character, then the specified methods will be placed at the head of the
1092default set.
1093The default is:
1094.Bd -literal -offset indent
1095curve25519-sha256,curve25519-sha256@libssh.org,
1096ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,
1097diffie-hellman-group-exchange-sha256,
1098diffie-hellman-group16-sha512,
1099diffie-hellman-group18-sha512,
1100diffie-hellman-group14-sha256
1101.Ed
1102.Pp
1103The list of available key exchange algorithms may also be obtained using
1104.Qq ssh -Q kex .
1105.It Cm LocalCommand
1106Specifies a command to execute on the local machine after successfully
1107connecting to the server.
1108The command string extends to the end of the line, and is executed with
1109the user's shell.
1110Arguments to
1111.Cm LocalCommand
1112accept the tokens described in the
1113.Sx TOKENS
1114section.
1115.Pp
1116The command is run synchronously and does not have access to the
1117session of the
1118.Xr ssh 1
1119that spawned it.
1120It should not be used for interactive commands.
1121.Pp
1122This directive is ignored unless
1123.Cm PermitLocalCommand
1124has been enabled.
1125.It Cm LocalForward
1126Specifies that a TCP port on the local machine be forwarded over
1127the secure channel to the specified host and port from the remote machine.
1128The first argument specifies the listener and may be
1129.Sm off
1130.Oo Ar bind_address : Oc Ar port
1131.Sm on
1132or a Unix domain socket path.
1133The second argument is the destination and may be
1134.Ar host : Ns Ar hostport
1135or a Unix domain socket path if the remote host supports it.
1136.Pp
1137IPv6 addresses can be specified by enclosing addresses in square brackets.
1138Multiple forwardings may be specified, and additional forwardings can be
1139given on the command line.
1140Only the superuser can forward privileged ports.
1141By default, the local port is bound in accordance with the
1142.Cm GatewayPorts
1143setting.
1144However, an explicit
1145.Ar bind_address
1146may be used to bind the connection to a specific address.
1147The
1148.Ar bind_address
1149of
1150.Cm localhost
1151indicates that the listening port be bound for local use only, while an
1152empty address or
1153.Sq *
1154indicates that the port should be available from all interfaces.
1155Unix domain socket paths accept the tokens described in the
1156.Sx TOKENS
1157section.
1158.It Cm LogLevel
1159Gives the verbosity level that is used when logging messages from
1160.Xr ssh 1 .
1161The possible values are:
1162QUIET, FATAL, ERROR, INFO, VERBOSE, DEBUG, DEBUG1, DEBUG2, and DEBUG3.
1163The default is INFO.
1164DEBUG and DEBUG1 are equivalent.
1165DEBUG2 and DEBUG3 each specify higher levels of verbose output.
1166.It Cm MACs
1167Specifies the MAC (message authentication code) algorithms
1168in order of preference.
1169The MAC algorithm is used for data integrity protection.
1170Multiple algorithms must be comma-separated.
1171If the specified list begins with a
1172.Sq +
1173character, then the specified algorithms will be appended to the default set
1174instead of replacing them.
1175If the specified list begins with a
1176.Sq -
1177character, then the specified algorithms (including wildcards) will be removed
1178from the default set instead of replacing them.
1179If the specified list begins with a
1180.Sq ^
1181character, then the specified algorithms will be placed at the head of the
1182default set.
1183.Pp
1184The algorithms that contain
1185.Qq -etm
1186calculate the MAC after encryption (encrypt-then-mac).
1187These are considered safer and their use recommended.
1188.Pp
1189The default is:
1190.Bd -literal -offset indent
1191umac-64-etm@openssh.com,umac-128-etm@openssh.com,
1192hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,
1193hmac-sha1-etm@openssh.com,
1194umac-64@openssh.com,umac-128@openssh.com,
1195hmac-sha2-256,hmac-sha2-512,hmac-sha1
1196.Ed
1197.Pp
1198The list of available MAC algorithms may also be obtained using
1199.Qq ssh -Q mac .
1200.It Cm NoHostAuthenticationForLocalhost
1201Disable host authentication for localhost (loopback addresses).
1202The argument to this keyword must be
1203.Cm yes
1204or
1205.Cm no
1206(the default).
1207.It Cm NumberOfPasswordPrompts
1208Specifies the number of password prompts before giving up.
1209The argument to this keyword must be an integer.
1210The default is 3.
1211.It Cm PasswordAuthentication
1212Specifies whether to use password authentication.
1213The argument to this keyword must be
1214.Cm yes
1215(the default)
1216or
1217.Cm no .
1218.It Cm PermitLocalCommand
1219Allow local command execution via the
1220.Ic LocalCommand
1221option or using the
1222.Ic !\& Ns Ar command
1223escape sequence in
1224.Xr ssh 1 .
1225The argument must be
1226.Cm yes
1227or
1228.Cm no
1229(the default).
1230.It Cm PKCS11Provider
1231Specifies which PKCS#11 provider to use or
1232.Cm none
1233to indicate that no provider should be used (the default).
1234The argument to this keyword is a path to the PKCS#11 shared library
1235.Xr ssh 1
1236should use to communicate with a PKCS#11 token providing keys for user
1237authentication.
1238.It Cm Port
1239Specifies the port number to connect on the remote host.
1240The default is 22.
1241.It Cm PreferredAuthentications
1242Specifies the order in which the client should try authentication methods.
1243This allows a client to prefer one method (e.g.\&
1244.Cm keyboard-interactive )
1245over another method (e.g.\&
1246.Cm password ) .
1247The default is:
1248.Bd -literal -offset indent
1249gssapi-with-mic,hostbased,publickey,
1250keyboard-interactive,password
1251.Ed
1252.It Cm ProxyCommand
1253Specifies the command to use to connect to the server.
1254The command
1255string extends to the end of the line, and is executed
1256using the user's shell
1257.Ql exec
1258directive to avoid a lingering shell process.
1259.Pp
1260Arguments to
1261.Cm ProxyCommand
1262accept the tokens described in the
1263.Sx TOKENS
1264section.
1265The command can be basically anything,
1266and should read from its standard input and write to its standard output.
1267It should eventually connect an
1268.Xr sshd 8
1269server running on some machine, or execute
1270.Ic sshd -i
1271somewhere.
1272Host key management will be done using the
1273.Cm Hostname
1274of the host being connected (defaulting to the name typed by the user).
1275Setting the command to
1276.Cm none
1277disables this option entirely.
1278Note that
1279.Cm CheckHostIP
1280is not available for connects with a proxy command.
1281.Pp
1282This directive is useful in conjunction with
1283.Xr nc 1
1284and its proxy support.
1285For example, the following directive would connect via an HTTP proxy at
1286192.0.2.0:
1287.Bd -literal -offset 3n
1288ProxyCommand /usr/bin/nc -X connect -x 192.0.2.0:8080 %h %p
1289.Ed
1290.It Cm ProxyJump
1291Specifies one or more jump proxies as either
1292.Xo
1293.Sm off
1294.Op Ar user No @
1295.Ar host
1296.Op : Ns Ar port
1297.Sm on
1298or an ssh URI
1299.Xc .
1300Multiple proxies may be separated by comma characters and will be visited
1301sequentially.
1302Setting this option will cause
1303.Xr ssh 1
1304to connect to the target host by first making a
1305.Xr ssh 1
1306connection to the specified
1307.Cm ProxyJump
1308host and then establishing a
1309TCP forwarding to the ultimate target from there.
1310.Pp
1311Note that this option will compete with the
1312.Cm ProxyCommand
1313option - whichever is specified first will prevent later instances of the
1314other from taking effect.
1315.Pp
1316Note also that the configuration for the destination host (either supplied
1317via the command-line or the configuration file) is not generally applied
1318to jump hosts.
1319.Pa ~/.ssh/config
1320should be used if specific configuration is required for jump hosts.
1321.It Cm ProxyUseFdpass
1322Specifies that
1323.Cm ProxyCommand
1324will pass a connected file descriptor back to
1325.Xr ssh 1
1326instead of continuing to execute and pass data.
1327The default is
1328.Cm no .
1329.It Cm PubkeyAcceptedKeyTypes
1330Specifies the key types that will be used for public key authentication
1331as a comma-separated list of patterns.
1332If the specified list begins with a
1333.Sq +
1334character, then the key types after it will be appended to the default
1335instead of replacing it.
1336If the specified list begins with a
1337.Sq -
1338character, then the specified key types (including wildcards) will be removed
1339from the default set instead of replacing them.
1340If the specified list begins with a
1341.Sq ^
1342character, then the specified key types will be placed at the head of the
1343default set.
1344The default for this option is:
1345.Bd -literal -offset 3n
1346ecdsa-sha2-nistp256-cert-v01@openssh.com,
1347ecdsa-sha2-nistp384-cert-v01@openssh.com,
1348ecdsa-sha2-nistp521-cert-v01@openssh.com,
1349sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,
1350ssh-ed25519-cert-v01@openssh.com,
1351sk-ssh-ed25519-cert-v01@openssh.com,
1352rsa-sha2-512-cert-v01@openssh.com,
1353rsa-sha2-256-cert-v01@openssh.com,
1354ssh-rsa-cert-v01@openssh.com,
1355ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
1356sk-ecdsa-sha2-nistp256@openssh.com,
1357ssh-ed25519,sk-ssh-ed25519@openssh.com,
1358rsa-sha2-512,rsa-sha2-256,ssh-rsa
1359.Ed
1360.Pp
1361The list of available key types may also be obtained using
1362.Qq ssh -Q PubkeyAcceptedKeyTypes .
1363.It Cm PubkeyAuthentication
1364Specifies whether to try public key authentication.
1365The argument to this keyword must be
1366.Cm yes
1367(the default)
1368or
1369.Cm no .
1370.It Cm RekeyLimit
1371Specifies the maximum amount of data that may be transmitted before the
1372session key is renegotiated, optionally followed a maximum amount of
1373time that may pass before the session key is renegotiated.
1374The first argument is specified in bytes and may have a suffix of
1375.Sq K ,
1376.Sq M ,
1377or
1378.Sq G
1379to indicate Kilobytes, Megabytes, or Gigabytes, respectively.
1380The default is between
1381.Sq 1G
1382and
1383.Sq 4G ,
1384depending on the cipher.
1385The optional second value is specified in seconds and may use any of the
1386units documented in the TIME FORMATS section of
1387.Xr sshd_config 5 .
1388The default value for
1389.Cm RekeyLimit
1390is
1391.Cm default none ,
1392which means that rekeying is performed after the cipher's default amount
1393of data has been sent or received and no time based rekeying is done.
1394.It Cm RemoteCommand
1395Specifies a command to execute on the remote machine after successfully
1396connecting to the server.
1397The command string extends to the end of the line, and is executed with
1398the user's shell.
1399Arguments to
1400.Cm RemoteCommand
1401accept the tokens described in the
1402.Sx TOKENS
1403section.
1404.It Cm RemoteForward
1405Specifies that a TCP port on the remote machine be forwarded over
1406the secure channel.
1407The remote port may either be forwarded to a specified host and port
1408from the local machine, or may act as a SOCKS 4/5 proxy that allows a remote
1409client to connect to arbitrary destinations from the local machine.
1410The first argument is the listening specification and may be
1411.Sm off
1412.Oo Ar bind_address : Oc Ar port
1413.Sm on
1414or, if the remote host supports it, a Unix domain socket path.
1415If forwarding to a specific destination then the second argument must be
1416.Ar host : Ns Ar hostport
1417or a Unix domain socket path,
1418otherwise if no destination argument is specified then the remote forwarding
1419will be established as a SOCKS proxy.
1420.Pp
1421IPv6 addresses can be specified by enclosing addresses in square brackets.
1422Multiple forwardings may be specified, and additional
1423forwardings can be given on the command line.
1424Privileged ports can be forwarded only when
1425logging in as root on the remote machine.
1426Unix domain socket paths accept the tokens described in the
1427.Sx TOKENS
1428section.
1429.Pp
1430If the
1431.Ar port
1432argument is 0,
1433the listen port will be dynamically allocated on the server and reported
1434to the client at run time.
1435.Pp
1436If the
1437.Ar bind_address
1438is not specified, the default is to only bind to loopback addresses.
1439If the
1440.Ar bind_address
1441is
1442.Ql *
1443or an empty string, then the forwarding is requested to listen on all
1444interfaces.
1445Specifying a remote
1446.Ar bind_address
1447will only succeed if the server's
1448.Cm GatewayPorts
1449option is enabled (see
1450.Xr sshd_config 5 ) .
1451.It Cm RequestTTY
1452Specifies whether to request a pseudo-tty for the session.
1453The argument may be one of:
1454.Cm no
1455(never request a TTY),
1456.Cm yes
1457(always request a TTY when standard input is a TTY),
1458.Cm force
1459(always request a TTY) or
1460.Cm auto
1461(request a TTY when opening a login session).
1462This option mirrors the
1463.Fl t
1464and
1465.Fl T
1466flags for
1467.Xr ssh 1 .
1468.It Cm RevokedHostKeys
1469Specifies revoked host public keys.
1470Keys listed in this file will be refused for host authentication.
1471Note that if this file does not exist or is not readable,
1472then host authentication will be refused for all hosts.
1473Keys may be specified as a text file, listing one public key per line, or as
1474an OpenSSH Key Revocation List (KRL) as generated by
1475.Xr ssh-keygen 1 .
1476For more information on KRLs, see the KEY REVOCATION LISTS section in
1477.Xr ssh-keygen 1 .
1478.It Cm SecurityKeyProvider
1479Specifies a path to a library that will be used when loading any
1480FIDO authenticator-hosted keys, overriding the default of using
1481the built-in USB HID support.
1482.Pp
1483If the specified value begins with a
1484.Sq $
1485character, then it will be treated as an environment variable containing
1486the path to the library.
1487.It Cm SendEnv
1488Specifies what variables from the local
1489.Xr environ 7
1490should be sent to the server.
1491The server must also support it, and the server must be configured to
1492accept these environment variables.
1493Note that the
1494.Ev TERM
1495environment variable is always sent whenever a
1496pseudo-terminal is requested as it is required by the protocol.
1497Refer to
1498.Cm AcceptEnv
1499in
1500.Xr sshd_config 5
1501for how to configure the server.
1502Variables are specified by name, which may contain wildcard characters.
1503Multiple environment variables may be separated by whitespace or spread
1504across multiple
1505.Cm SendEnv
1506directives.
1507.Pp
1508See
1509.Sx PATTERNS
1510for more information on patterns.
1511.Pp
1512It is possible to clear previously set
1513.Cm SendEnv
1514variable names by prefixing patterns with
1515.Pa - .
1516The default is not to send any environment variables.
1517.It Cm ServerAliveCountMax
1518Sets the number of server alive messages (see below) which may be
1519sent without
1520.Xr ssh 1
1521receiving any messages back from the server.
1522If this threshold is reached while server alive messages are being sent,
1523ssh will disconnect from the server, terminating the session.
1524It is important to note that the use of server alive messages is very
1525different from
1526.Cm TCPKeepAlive
1527(below).
1528The server alive messages are sent through the encrypted channel
1529and therefore will not be spoofable.
1530The TCP keepalive option enabled by
1531.Cm TCPKeepAlive
1532is spoofable.
1533The server alive mechanism is valuable when the client or
1534server depend on knowing when a connection has become unresponsive.
1535.Pp
1536The default value is 3.
1537If, for example,
1538.Cm ServerAliveInterval
1539(see below) is set to 15 and
1540.Cm ServerAliveCountMax
1541is left at the default, if the server becomes unresponsive,
1542ssh will disconnect after approximately 45 seconds.
1543.It Cm ServerAliveInterval
1544Sets a timeout interval in seconds after which if no data has been received
1545from the server,
1546.Xr ssh 1
1547will send a message through the encrypted
1548channel to request a response from the server.
1549The default
1550is 0, indicating that these messages will not be sent to the server.
1551.It Cm SetEnv
1552Directly specify one or more environment variables and their contents to
1553be sent to the server.
1554Similarly to
1555.Cm SendEnv ,
1556the server must be prepared to accept the environment variable.
1557.It Cm StreamLocalBindMask
1558Sets the octal file creation mode mask
1559.Pq umask
1560used when creating a Unix-domain socket file for local or remote
1561port forwarding.
1562This option is only used for port forwarding to a Unix-domain socket file.
1563.Pp
1564The default value is 0177, which creates a Unix-domain socket file that is
1565readable and writable only by the owner.
1566Note that not all operating systems honor the file mode on Unix-domain
1567socket files.
1568.It Cm StreamLocalBindUnlink
1569Specifies whether to remove an existing Unix-domain socket file for local
1570or remote port forwarding before creating a new one.
1571If the socket file already exists and
1572.Cm StreamLocalBindUnlink
1573is not enabled,
1574.Nm ssh
1575will be unable to forward the port to the Unix-domain socket file.
1576This option is only used for port forwarding to a Unix-domain socket file.
1577.Pp
1578The argument must be
1579.Cm yes
1580or
1581.Cm no
1582(the default).
1583.It Cm StrictHostKeyChecking
1584If this flag is set to
1585.Cm yes ,
1586.Xr ssh 1
1587will never automatically add host keys to the
1588.Pa ~/.ssh/known_hosts
1589file, and refuses to connect to hosts whose host key has changed.
1590This provides maximum protection against man-in-the-middle (MITM) attacks,
1591though it can be annoying when the
1592.Pa /etc/ssh/ssh_known_hosts
1593file is poorly maintained or when connections to new hosts are
1594frequently made.
1595This option forces the user to manually
1596add all new hosts.
1597.Pp
1598If this flag is set to
1599.Dq accept-new
1600then ssh will automatically add new host keys to the user
1601known hosts files, but will not permit connections to hosts with
1602changed host keys.
1603If this flag is set to
1604.Dq no
1605or
1606.Dq off ,
1607ssh will automatically add new host keys to the user known hosts files
1608and allow connections to hosts with changed hostkeys to proceed,
1609subject to some restrictions.
1610If this flag is set to
1611.Cm ask
1612(the default),
1613new host keys
1614will be added to the user known host files only after the user
1615has confirmed that is what they really want to do, and
1616ssh will refuse to connect to hosts whose host key has changed.
1617The host keys of
1618known hosts will be verified automatically in all cases.
1619.It Cm SyslogFacility
1620Gives the facility code that is used when logging messages from
1621.Xr ssh 1 .
1622The possible values are: DAEMON, USER, AUTH, LOCAL0, LOCAL1, LOCAL2,
1623LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7.
1624The default is USER.
1625.It Cm TCPKeepAlive
1626Specifies whether the system should send TCP keepalive messages to the
1627other side.
1628If they are sent, death of the connection or crash of one
1629of the machines will be properly noticed.
1630However, this means that
1631connections will die if the route is down temporarily, and some people
1632find it annoying.
1633.Pp
1634The default is
1635.Cm yes
1636(to send TCP keepalive messages), and the client will notice
1637if the network goes down or the remote host dies.
1638This is important in scripts, and many users want it too.
1639.Pp
1640To disable TCP keepalive messages, the value should be set to
1641.Cm no .
1642See also
1643.Cm ServerAliveInterval
1644for protocol-level keepalives.
1645.It Cm Tunnel
1646Request
1647.Xr tun 4
1648device forwarding between the client and the server.
1649The argument must be
1650.Cm yes ,
1651.Cm point-to-point
1652(layer 3),
1653.Cm ethernet
1654(layer 2),
1655or
1656.Cm no
1657(the default).
1658Specifying
1659.Cm yes
1660requests the default tunnel mode, which is
1661.Cm point-to-point .
1662.It Cm TunnelDevice
1663Specifies the
1664.Xr tun 4
1665devices to open on the client
1666.Pq Ar local_tun
1667and the server
1668.Pq Ar remote_tun .
1669.Pp
1670The argument must be
1671.Sm off
1672.Ar local_tun Op : Ar remote_tun .
1673.Sm on
1674The devices may be specified by numerical ID or the keyword
1675.Cm any ,
1676which uses the next available tunnel device.
1677If
1678.Ar remote_tun
1679is not specified, it defaults to
1680.Cm any .
1681The default is
1682.Cm any:any .
1683.It Cm UpdateHostKeys
1684Specifies whether
1685.Xr ssh 1
1686should accept notifications of additional hostkeys from the server sent
1687after authentication has completed and add them to
1688.Cm UserKnownHostsFile .
1689The argument must be
1690.Cm yes ,
1691.Cm no
1692or
1693.Cm ask .
1694This option allows learning alternate hostkeys for a server
1695and supports graceful key rotation by allowing a server to send replacement
1696public keys before old ones are removed.
1697Additional hostkeys are only accepted if the key used to authenticate the
1698host was already trusted or explicitly accepted by the user.
1699.Pp
1700.Cm UpdateHostKeys
1701is enabled by default if the user has not overridden the default
1702.Cm UserKnownHostsFile
1703setting, otherwise
1704.Cm UpdateHostKeys
1705will be set to
1706.Cm ask .
1707.Pp
1708If
1709.Cm UpdateHostKeys
1710is set to
1711.Cm ask ,
1712then the user is asked to confirm the modifications to the known_hosts file.
1713Confirmation is currently incompatible with
1714.Cm ControlPersist ,
1715and will be disabled if it is enabled.
1716.Pp
1717Presently, only
1718.Xr sshd 8
1719from OpenSSH 6.8 and greater support the
1720.Qq hostkeys@openssh.com
1721protocol extension used to inform the client of all the server's hostkeys.
1722.It Cm User
1723Specifies the user to log in as.
1724This can be useful when a different user name is used on different machines.
1725This saves the trouble of
1726having to remember to give the user name on the command line.
1727.It Cm UserKnownHostsFile
1728Specifies one or more files to use for the user
1729host key database, separated by whitespace.
1730The default is
1731.Pa ~/.ssh/known_hosts ,
1732.Pa ~/.ssh/known_hosts2 .
1733.It Cm VerifyHostKeyDNS
1734Specifies whether to verify the remote key using DNS and SSHFP resource
1735records.
1736If this option is set to
1737.Cm yes ,
1738the client will implicitly trust keys that match a secure fingerprint
1739from DNS.
1740Insecure fingerprints will be handled as if this option was set to
1741.Cm ask .
1742If this option is set to
1743.Cm ask ,
1744information on fingerprint match will be displayed, but the user will still
1745need to confirm new host keys according to the
1746.Cm StrictHostKeyChecking
1747option.
1748The default is
1749.Cm no .
1750.Pp
1751See also
1752.Sx VERIFYING HOST KEYS
1753in
1754.Xr ssh 1 .
1755.It Cm VisualHostKey
1756If this flag is set to
1757.Cm yes ,
1758an ASCII art representation of the remote host key fingerprint is
1759printed in addition to the fingerprint string at login and
1760for unknown host keys.
1761If this flag is set to
1762.Cm no
1763(the default),
1764no fingerprint strings are printed at login and
1765only the fingerprint string will be printed for unknown host keys.
1766.It Cm XAuthLocation
1767Specifies the full pathname of the
1768.Xr xauth 1
1769program.
1770The default is
1771.Pa /usr/X11R6/bin/xauth .
1772.El
1773.Sh PATTERNS
1774A
1775.Em pattern
1776consists of zero or more non-whitespace characters,
1777.Sq *
1778(a wildcard that matches zero or more characters),
1779or
1780.Sq ?\&
1781(a wildcard that matches exactly one character).
1782For example, to specify a set of declarations for any host in the
1783.Qq .co.uk
1784set of domains,
1785the following pattern could be used:
1786.Pp
1787.Dl Host *.co.uk
1788.Pp
1789The following pattern
1790would match any host in the 192.168.0.[0-9] network range:
1791.Pp
1792.Dl Host 192.168.0.?
1793.Pp
1794A
1795.Em pattern-list
1796is a comma-separated list of patterns.
1797Patterns within pattern-lists may be negated
1798by preceding them with an exclamation mark
1799.Pq Sq !\& .
1800For example,
1801to allow a key to be used from anywhere within an organization
1802except from the
1803.Qq dialup
1804pool,
1805the following entry (in authorized_keys) could be used:
1806.Pp
1807.Dl from=\&"!*.dialup.example.com,*.example.com\&"
1808.Pp
1809Note that a negated match will never produce a positive result by itself.
1810For example, attempting to match
1811.Qq host3
1812against the following pattern-list will fail:
1813.Pp
1814.Dl from=\&"!host1,!host2\&"
1815.Pp
1816The solution here is to include a term that will yield a positive match,
1817such as a wildcard:
1818.Pp
1819.Dl from=\&"!host1,!host2,*\&"
1820.Sh TOKENS
1821Arguments to some keywords can make use of tokens,
1822which are expanded at runtime:
1823.Pp
1824.Bl -tag -width XXXX -offset indent -compact
1825.It %%
1826A literal
1827.Sq % .
1828.It \&%C
1829Hash of %l%h%p%r.
1830.It %d
1831Local user's home directory.
1832.It %h
1833The remote hostname.
1834.It %i
1835The local user ID.
1836.It %L
1837The local hostname.
1838.It %l
1839The local hostname, including the domain name.
1840.It %n
1841The original remote hostname, as given on the command line.
1842.It %p
1843The remote port.
1844.It %r
1845The remote username.
1846.It \&%T
1847The local
1848.Xr tun 4
1849or
1850.Xr tap 4
1851network interface assigned if
1852tunnel forwarding was requested, or
1853.Qq NONE
1854otherwise.
1855.It %u
1856The local username.
1857.El
1858.Pp
1859.Cm CertificateFile ,
1860.Cm ControlPath ,
1861.Cm IdentityAgent ,
1862.Cm IdentityFile ,
1863.Cm LocalForward ,
1864.Cm Match exec ,
1865.Cm RemoteCommand ,
1866and
1867.Cm RemoteForward
1868accept the tokens %%, %C, %d, %h, %i, %L, %l, %n, %p, %r, and %u.
1869.Pp
1870.Cm Hostname
1871accepts the tokens %% and %h.
1872.Pp
1873.Cm LocalCommand
1874accepts all tokens.
1875.Pp
1876.Cm ProxyCommand
1877accepts the tokens %%, %h, %n, %p, and %r.
1878.Sh FILES
1879.Bl -tag -width Ds
1880.It Pa ~/.ssh/config
1881This is the per-user configuration file.
1882The format of this file is described above.
1883This file is used by the SSH client.
1884Because of the potential for abuse, this file must have strict permissions:
1885read/write for the user, and not writable by others.
1886.It Pa /etc/ssh/ssh_config
1887Systemwide configuration file.
1888This file provides defaults for those
1889values that are not specified in the user's configuration file, and
1890for those users who do not have a configuration file.
1891This file must be world-readable.
1892.El
1893.Sh SEE ALSO
1894.Xr ssh 1
1895.Sh AUTHORS
1896.An -nosplit
1897OpenSSH is a derivative of the original and free
1898ssh 1.2.12 release by
1899.An Tatu Ylonen .
1900.An Aaron Campbell , Bob Beck , Markus Friedl ,
1901.An Niels Provos , Theo de Raadt
1902and
1903.An Dug Song
1904removed many bugs, re-added newer features and
1905created OpenSSH.
1906.An Markus Friedl
1907contributed the support for SSH protocol versions 1.5 and 2.0.
1908