1.\" 2.\" Author: Tatu Ylonen <ylo@cs.hut.fi> 3.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4.\" All rights reserved 5.\" 6.\" As far as I am concerned, the code I have written for this software 7.\" can be used freely for any purpose. Any derived versions of this 8.\" software must be clearly marked as such, and if the derived work is 9.\" incompatible with the protocol description in the RFC file, it must be 10.\" called by a name other than "ssh" or "Secure Shell". 11.\" 12.\" Copyright (c) 1999,2000 Markus Friedl. All rights reserved. 13.\" Copyright (c) 1999 Aaron Campbell. All rights reserved. 14.\" Copyright (c) 1999 Theo de Raadt. All rights reserved. 15.\" 16.\" Redistribution and use in source and binary forms, with or without 17.\" modification, are permitted provided that the following conditions 18.\" are met: 19.\" 1. Redistributions of source code must retain the above copyright 20.\" notice, this list of conditions and the following disclaimer. 21.\" 2. Redistributions in binary form must reproduce the above copyright 22.\" notice, this list of conditions and the following disclaimer in the 23.\" documentation and/or other materials provided with the distribution. 24.\" 25.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 26.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 27.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 28.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 29.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 30.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 31.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 32.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 33.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 34.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 35.\" 36.\" $OpenBSD: ssh_config.5,v 1.153 2011/08/02 01:22:11 djm Exp $ 37.Dd $Mdocdate: August 2 2011 $ 38.Dt SSH_CONFIG 5 39.Os 40.Sh NAME 41.Nm ssh_config 42.Nd OpenSSH SSH client configuration files 43.Sh SYNOPSIS 44.Nm ~/.ssh/config 45.Nm /etc/ssh/ssh_config 46.Sh DESCRIPTION 47.Xr ssh 1 48obtains configuration data from the following sources in 49the following order: 50.Pp 51.Bl -enum -offset indent -compact 52.It 53command-line options 54.It 55user's configuration file 56.Pq Pa ~/.ssh/config 57.It 58system-wide configuration file 59.Pq Pa /etc/ssh/ssh_config 60.El 61.Pp 62For each parameter, the first obtained value 63will be used. 64The configuration files contain sections separated by 65.Dq Host 66specifications, and that section is only applied for hosts that 67match one of the patterns given in the specification. 68The matched host name is the one given on the command line. 69.Pp 70Since the first obtained value for each parameter is used, more 71host-specific declarations should be given near the beginning of the 72file, and general defaults at the end. 73.Pp 74The configuration file has the following format: 75.Pp 76Empty lines and lines starting with 77.Ql # 78are comments. 79Otherwise a line is of the format 80.Dq keyword arguments . 81Configuration options may be separated by whitespace or 82optional whitespace and exactly one 83.Ql = ; 84the latter format is useful to avoid the need to quote whitespace 85when specifying configuration options using the 86.Nm ssh , 87.Nm scp , 88and 89.Nm sftp 90.Fl o 91option. 92Arguments may optionally be enclosed in double quotes 93.Pq \&" 94in order to represent arguments containing spaces. 95.Pp 96The possible 97keywords and their meanings are as follows (note that 98keywords are case-insensitive and arguments are case-sensitive): 99.Bl -tag -width Ds 100.It Cm Host 101Restricts the following declarations (up to the next 102.Cm Host 103keyword) to be only for those hosts that match one of the patterns 104given after the keyword. 105If more than one pattern is provided, they should be separated by whitespace. 106A single 107.Ql * 108as a pattern can be used to provide global 109defaults for all hosts. 110The host is the 111.Ar hostname 112argument given on the command line (i.e. the name is not converted to 113a canonicalized host name before matching). 114.Pp 115A pattern entry may be negated by prefixing it with an exclamation mark 116.Pq Sq !\& . 117If a negated entry is matched, then the 118.Cm Host 119entry is ignored, regardless of whether any other patterns on the line 120match. 121Negated matches are therefore useful to provide exceptions for wildcard 122matches. 123.Pp 124See 125.Sx PATTERNS 126for more information on patterns. 127.It Cm AddressFamily 128Specifies which address family to use when connecting. 129Valid arguments are 130.Dq any , 131.Dq inet 132(use IPv4 only), or 133.Dq inet6 134(use IPv6 only). 135.It Cm BatchMode 136If set to 137.Dq yes , 138passphrase/password querying will be disabled. 139This option is useful in scripts and other batch jobs where no user 140is present to supply the password. 141The argument must be 142.Dq yes 143or 144.Dq no . 145The default is 146.Dq no . 147.It Cm BindAddress 148Use the specified address on the local machine as the source address of 149the connection. 150Only useful on systems with more than one address. 151Note that this option does not work if 152.Cm UsePrivilegedPort 153is set to 154.Dq yes . 155.It Cm ChallengeResponseAuthentication 156Specifies whether to use challenge-response authentication. 157The argument to this keyword must be 158.Dq yes 159or 160.Dq no . 161The default is 162.Dq yes . 163.It Cm CheckHostIP 164If this flag is set to 165.Dq yes , 166.Xr ssh 1 167will additionally check the host IP address in the 168.Pa known_hosts 169file. 170This allows ssh to detect if a host key changed due to DNS spoofing. 171If the option is set to 172.Dq no , 173the check will not be executed. 174The default is 175.Dq yes . 176.It Cm Cipher 177Specifies the cipher to use for encrypting the session 178in protocol version 1. 179Currently, 180.Dq blowfish , 181.Dq 3des , 182and 183.Dq des 184are supported. 185.Ar des 186is only supported in the 187.Xr ssh 1 188client for interoperability with legacy protocol 1 implementations 189that do not support the 190.Ar 3des 191cipher. 192Its use is strongly discouraged due to cryptographic weaknesses. 193The default is 194.Dq 3des . 195.It Cm Ciphers 196Specifies the ciphers allowed for protocol version 2 197in order of preference. 198Multiple ciphers must be comma-separated. 199The supported ciphers are 200.Dq 3des-cbc , 201.Dq aes128-cbc , 202.Dq aes192-cbc , 203.Dq aes256-cbc , 204.Dq aes128-ctr , 205.Dq aes192-ctr , 206.Dq aes256-ctr , 207.Dq arcfour128 , 208.Dq arcfour256 , 209.Dq arcfour , 210.Dq blowfish-cbc , 211and 212.Dq cast128-cbc . 213The default is: 214.Bd -literal -offset 3n 215aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128, 216aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc, 217aes256-cbc,arcfour 218.Ed 219.It Cm ClearAllForwardings 220Specifies that all local, remote, and dynamic port forwardings 221specified in the configuration files or on the command line be 222cleared. 223This option is primarily useful when used from the 224.Xr ssh 1 225command line to clear port forwardings set in 226configuration files, and is automatically set by 227.Xr scp 1 228and 229.Xr sftp 1 . 230The argument must be 231.Dq yes 232or 233.Dq no . 234The default is 235.Dq no . 236.It Cm Compression 237Specifies whether to use compression. 238The argument must be 239.Dq yes 240or 241.Dq no . 242The default is 243.Dq no . 244.It Cm CompressionLevel 245Specifies the compression level to use if compression is enabled. 246The argument must be an integer from 1 (fast) to 9 (slow, best). 247The default level is 6, which is good for most applications. 248The meaning of the values is the same as in 249.Xr gzip 1 . 250Note that this option applies to protocol version 1 only. 251.It Cm ConnectionAttempts 252Specifies the number of tries (one per second) to make before exiting. 253The argument must be an integer. 254This may be useful in scripts if the connection sometimes fails. 255The default is 1. 256.It Cm ConnectTimeout 257Specifies the timeout (in seconds) used when connecting to the 258SSH server, instead of using the default system TCP timeout. 259This value is used only when the target is down or really unreachable, 260not when it refuses the connection. 261.It Cm ControlMaster 262Enables the sharing of multiple sessions over a single network connection. 263When set to 264.Dq yes , 265.Xr ssh 1 266will listen for connections on a control socket specified using the 267.Cm ControlPath 268argument. 269Additional sessions can connect to this socket using the same 270.Cm ControlPath 271with 272.Cm ControlMaster 273set to 274.Dq no 275(the default). 276These sessions will try to reuse the master instance's network connection 277rather than initiating new ones, but will fall back to connecting normally 278if the control socket does not exist, or is not listening. 279.Pp 280Setting this to 281.Dq ask 282will cause ssh 283to listen for control connections, but require confirmation using the 284.Ev SSH_ASKPASS 285program before they are accepted (see 286.Xr ssh-add 1 287for details). 288If the 289.Cm ControlPath 290cannot be opened, 291ssh will continue without connecting to a master instance. 292.Pp 293X11 and 294.Xr ssh-agent 1 295forwarding is supported over these multiplexed connections, however the 296display and agent forwarded will be the one belonging to the master 297connection i.e. it is not possible to forward multiple displays or agents. 298.Pp 299Two additional options allow for opportunistic multiplexing: try to use a 300master connection but fall back to creating a new one if one does not already 301exist. 302These options are: 303.Dq auto 304and 305.Dq autoask . 306The latter requires confirmation like the 307.Dq ask 308option. 309.It Cm ControlPath 310Specify the path to the control socket used for connection sharing as described 311in the 312.Cm ControlMaster 313section above or the string 314.Dq none 315to disable connection sharing. 316In the path, 317.Ql %L 318will be substituted by the first component of the local host name, 319.Ql %l 320will be substituted by the local host name (including any domain name), 321.Ql %h 322will be substituted by the target host name, 323.Ql %n 324will be substituted by the original target host name 325specified on the command line, 326.Ql %p 327the port, 328.Ql %r 329by the remote login username, and 330.Ql %u 331by the username of the user running 332.Xr ssh 1 . 333It is recommended that any 334.Cm ControlPath 335used for opportunistic connection sharing include 336at least %h, %p, and %r. 337This ensures that shared connections are uniquely identified. 338.It Cm ControlPersist 339When used in conjunction with 340.Cm ControlMaster , 341specifies that the master connection should remain open 342in the background (waiting for future client connections) 343after the initial client connection has been closed. 344If set to 345.Dq no , 346then the master connection will not be placed into the background, 347and will close as soon as the initial client connection is closed. 348If set to 349.Dq yes , 350then the master connection will remain in the background indefinitely 351(until killed or closed via a mechanism such as the 352.Xr ssh 1 353.Dq Fl O No exit 354option). 355If set to a time in seconds, or a time in any of the formats documented in 356.Xr sshd_config 5 , 357then the backgrounded master connection will automatically terminate 358after it has remained idle (with no client connections) for the 359specified time. 360.It Cm DynamicForward 361Specifies that a TCP port on the local machine be forwarded 362over the secure channel, and the application 363protocol is then used to determine where to connect to from the 364remote machine. 365.Pp 366The argument must be 367.Sm off 368.Oo Ar bind_address : Oc Ar port . 369.Sm on 370IPv6 addresses can be specified by enclosing addresses in square brackets. 371By default, the local port is bound in accordance with the 372.Cm GatewayPorts 373setting. 374However, an explicit 375.Ar bind_address 376may be used to bind the connection to a specific address. 377The 378.Ar bind_address 379of 380.Dq localhost 381indicates that the listening port be bound for local use only, while an 382empty address or 383.Sq * 384indicates that the port should be available from all interfaces. 385.Pp 386Currently the SOCKS4 and SOCKS5 protocols are supported, and 387.Xr ssh 1 388will act as a SOCKS server. 389Multiple forwardings may be specified, and 390additional forwardings can be given on the command line. 391Only the superuser can forward privileged ports. 392.It Cm EnableSSHKeysign 393Setting this option to 394.Dq yes 395in the global client configuration file 396.Pa /etc/ssh/ssh_config 397enables the use of the helper program 398.Xr ssh-keysign 8 399during 400.Cm HostbasedAuthentication . 401The argument must be 402.Dq yes 403or 404.Dq no . 405The default is 406.Dq no . 407This option should be placed in the non-hostspecific section. 408See 409.Xr ssh-keysign 8 410for more information. 411.It Cm EscapeChar 412Sets the escape character (default: 413.Ql ~ ) . 414The escape character can also 415be set on the command line. 416The argument should be a single character, 417.Ql ^ 418followed by a letter, or 419.Dq none 420to disable the escape 421character entirely (making the connection transparent for binary 422data). 423.It Cm ExitOnForwardFailure 424Specifies whether 425.Xr ssh 1 426should terminate the connection if it cannot set up all requested 427dynamic, tunnel, local, and remote port forwardings. 428The argument must be 429.Dq yes 430or 431.Dq no . 432The default is 433.Dq no . 434.It Cm ForwardAgent 435Specifies whether the connection to the authentication agent (if any) 436will be forwarded to the remote machine. 437The argument must be 438.Dq yes 439or 440.Dq no . 441The default is 442.Dq no . 443.Pp 444Agent forwarding should be enabled with caution. 445Users with the ability to bypass file permissions on the remote host 446(for the agent's Unix-domain socket) 447can access the local agent through the forwarded connection. 448An attacker cannot obtain key material from the agent, 449however they can perform operations on the keys that enable them to 450authenticate using the identities loaded into the agent. 451.It Cm ForwardX11 452Specifies whether X11 connections will be automatically redirected 453over the secure channel and 454.Ev DISPLAY 455set. 456The argument must be 457.Dq yes 458or 459.Dq no . 460The default is 461.Dq no . 462.Pp 463X11 forwarding should be enabled with caution. 464Users with the ability to bypass file permissions on the remote host 465(for the user's X11 authorization database) 466can access the local X11 display through the forwarded connection. 467An attacker may then be able to perform activities such as keystroke monitoring 468if the 469.Cm ForwardX11Trusted 470option is also enabled. 471.It Cm ForwardX11Timeout 472Specify a timeout for untrusted X11 forwarding 473using the format described in the 474.Sx TIME FORMATS 475section of 476.Xr sshd_config 5 . 477X11 connections received by 478.Xr ssh 1 479after this time will be refused. 480The default is to disable untrusted X11 forwarding after twenty minutes has 481elapsed. 482.It Cm ForwardX11Trusted 483If this option is set to 484.Dq yes , 485remote X11 clients will have full access to the original X11 display. 486.Pp 487If this option is set to 488.Dq no , 489remote X11 clients will be considered untrusted and prevented 490from stealing or tampering with data belonging to trusted X11 491clients. 492Furthermore, the 493.Xr xauth 1 494token used for the session will be set to expire after 20 minutes. 495Remote clients will be refused access after this time. 496.Pp 497The default is 498.Dq no . 499.Pp 500See the X11 SECURITY extension specification for full details on 501the restrictions imposed on untrusted clients. 502.It Cm GatewayPorts 503Specifies whether remote hosts are allowed to connect to local 504forwarded ports. 505By default, 506.Xr ssh 1 507binds local port forwardings to the loopback address. 508This prevents other remote hosts from connecting to forwarded ports. 509.Cm GatewayPorts 510can be used to specify that ssh 511should bind local port forwardings to the wildcard address, 512thus allowing remote hosts to connect to forwarded ports. 513The argument must be 514.Dq yes 515or 516.Dq no . 517The default is 518.Dq no . 519.It Cm GlobalKnownHostsFile 520Specifies one or more files to use for the global 521host key database, separated by whitespace. 522The default is 523.Pa /etc/ssh/ssh_known_hosts , 524.Pa /etc/ssh/ssh_known_hosts2 . 525.It Cm GSSAPIAuthentication 526Specifies whether user authentication based on GSSAPI is allowed. 527The default is 528.Dq no . 529Note that this option applies to protocol version 2 only. 530.It Cm GSSAPIDelegateCredentials 531Forward (delegate) credentials to the server. 532The default is 533.Dq no . 534Note that this option applies to protocol version 2 only. 535.It Cm HashKnownHosts 536Indicates that 537.Xr ssh 1 538should hash host names and addresses when they are added to 539.Pa ~/.ssh/known_hosts . 540These hashed names may be used normally by 541.Xr ssh 1 542and 543.Xr sshd 8 , 544but they do not reveal identifying information should the file's contents 545be disclosed. 546The default is 547.Dq no . 548Note that existing names and addresses in known hosts files 549will not be converted automatically, 550but may be manually hashed using 551.Xr ssh-keygen 1 . 552.It Cm HostbasedAuthentication 553Specifies whether to try rhosts based authentication with public key 554authentication. 555The argument must be 556.Dq yes 557or 558.Dq no . 559The default is 560.Dq no . 561This option applies to protocol version 2 only and 562is similar to 563.Cm RhostsRSAAuthentication . 564.It Cm HostKeyAlgorithms 565Specifies the protocol version 2 host key algorithms 566that the client wants to use in order of preference. 567The default for this option is: 568.Bd -literal -offset 3n 569ecdsa-sha2-nistp256-cert-v01@openssh.com, 570ecdsa-sha2-nistp384-cert-v01@openssh.com, 571ecdsa-sha2-nistp521-cert-v01@openssh.com, 572ssh-rsa-cert-v01@openssh.com,ssh-dss-cert-v01@openssh.com, 573ssh-rsa-cert-v00@openssh.com,ssh-dss-cert-v00@openssh.com, 574ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, 575ssh-rsa,ssh-dss 576.Ed 577.Pp 578If hostkeys are known for the destination host then this default is modified 579to prefer their algorithms. 580.It Cm HostKeyAlias 581Specifies an alias that should be used instead of the 582real host name when looking up or saving the host key 583in the host key database files. 584This option is useful for tunneling SSH connections 585or for multiple servers running on a single host. 586.It Cm HostName 587Specifies the real host name to log into. 588This can be used to specify nicknames or abbreviations for hosts. 589If the hostname contains the character sequence 590.Ql %h , 591then this will be replaced with the host name specified on the command line 592(this is useful for manipulating unqualified names). 593The default is the name given on the command line. 594Numeric IP addresses are also permitted (both on the command line and in 595.Cm HostName 596specifications). 597.It Cm IdentitiesOnly 598Specifies that 599.Xr ssh 1 600should only use the authentication identity files configured in the 601.Nm 602files, 603even if 604.Xr ssh-agent 1 605offers more identities. 606The argument to this keyword must be 607.Dq yes 608or 609.Dq no . 610This option is intended for situations where ssh-agent 611offers many different identities. 612The default is 613.Dq no . 614.It Cm IdentityFile 615Specifies a file from which the user's DSA, ECDSA or DSA authentication 616identity is read. 617The default is 618.Pa ~/.ssh/identity 619for protocol version 1, and 620.Pa ~/.ssh/id_dsa , 621.Pa ~/.ssh/id_ecdsa 622and 623.Pa ~/.ssh/id_rsa 624for protocol version 2. 625Additionally, any identities represented by the authentication agent 626will be used for authentication. 627.Xr ssh 1 628will try to load certificate information from the filename obtained by 629appending 630.Pa -cert.pub 631to the path of a specified 632.Cm IdentityFile . 633.Pp 634The file name may use the tilde 635syntax to refer to a user's home directory or one of the following 636escape characters: 637.Ql %d 638(local user's home directory), 639.Ql %u 640(local user name), 641.Ql %l 642(local host name), 643.Ql %h 644(remote host name) or 645.Ql %r 646(remote user name). 647.Pp 648It is possible to have 649multiple identity files specified in configuration files; all these 650identities will be tried in sequence. 651Multiple 652.Cm IdentityFile 653directives will add to the list of identities tried (this behaviour 654differs from that of other configuration directives). 655.It Cm IPQoS 656Specifies the IPv4 type-of-service or DSCP class for connections. 657Accepted values are 658.Dq af11 , 659.Dq af12 , 660.Dq af13 , 661.Dq af14 , 662.Dq af22 , 663.Dq af23 , 664.Dq af31 , 665.Dq af32 , 666.Dq af33 , 667.Dq af41 , 668.Dq af42 , 669.Dq af43 , 670.Dq cs0 , 671.Dq cs1 , 672.Dq cs2 , 673.Dq cs3 , 674.Dq cs4 , 675.Dq cs5 , 676.Dq cs6 , 677.Dq cs7 , 678.Dq ef , 679.Dq lowdelay , 680.Dq throughput , 681.Dq reliability , 682or a numeric value. 683This option may take one or two arguments, separated by whitespace. 684If one argument is specified, it is used as the packet class unconditionally. 685If two values are specified, the first is automatically selected for 686interactive sessions and the second for non-interactive sessions. 687The default is 688.Dq lowdelay 689for interactive sessions and 690.Dq throughput 691for non-interactive sessions. 692.It Cm KbdInteractiveAuthentication 693Specifies whether to use keyboard-interactive authentication. 694The argument to this keyword must be 695.Dq yes 696or 697.Dq no . 698The default is 699.Dq yes . 700.It Cm KbdInteractiveDevices 701Specifies the list of methods to use in keyboard-interactive authentication. 702Multiple method names must be comma-separated. 703The default is to use the server specified list. 704The methods available vary depending on what the server supports. 705For an OpenSSH server, 706it may be zero or more of: 707.Dq bsdauth , 708.Dq pam , 709and 710.Dq skey . 711.It Cm KexAlgorithms 712Specifies the available KEX (Key Exchange) algorithms. 713Multiple algorithms must be comma-separated. 714The default is: 715.Bd -literal -offset indent 716ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521, 717diffie-hellman-group-exchange-sha256, 718diffie-hellman-group-exchange-sha1, 719diffie-hellman-group14-sha1, 720diffie-hellman-group1-sha1 721.Ed 722.It Cm LocalCommand 723Specifies a command to execute on the local machine after successfully 724connecting to the server. 725The command string extends to the end of the line, and is executed with 726the user's shell. 727The following escape character substitutions will be performed: 728.Ql %d 729(local user's home directory), 730.Ql %h 731(remote host name), 732.Ql %l 733(local host name), 734.Ql %n 735(host name as provided on the command line), 736.Ql %p 737(remote port), 738.Ql %r 739(remote user name) or 740.Ql %u 741(local user name). 742.Pp 743The command is run synchronously and does not have access to the 744session of the 745.Xr ssh 1 746that spawned it. 747It should not be used for interactive commands. 748.Pp 749This directive is ignored unless 750.Cm PermitLocalCommand 751has been enabled. 752.It Cm LocalForward 753Specifies that a TCP port on the local machine be forwarded over 754the secure channel to the specified host and port from the remote machine. 755The first argument must be 756.Sm off 757.Oo Ar bind_address : Oc Ar port 758.Sm on 759and the second argument must be 760.Ar host : Ns Ar hostport . 761IPv6 addresses can be specified by enclosing addresses in square brackets. 762Multiple forwardings may be specified, and additional forwardings can be 763given on the command line. 764Only the superuser can forward privileged ports. 765By default, the local port is bound in accordance with the 766.Cm GatewayPorts 767setting. 768However, an explicit 769.Ar bind_address 770may be used to bind the connection to a specific address. 771The 772.Ar bind_address 773of 774.Dq localhost 775indicates that the listening port be bound for local use only, while an 776empty address or 777.Sq * 778indicates that the port should be available from all interfaces. 779.It Cm LogLevel 780Gives the verbosity level that is used when logging messages from 781.Xr ssh 1 . 782The possible values are: 783QUIET, FATAL, ERROR, INFO, VERBOSE, DEBUG, DEBUG1, DEBUG2, and DEBUG3. 784The default is INFO. 785DEBUG and DEBUG1 are equivalent. 786DEBUG2 and DEBUG3 each specify higher levels of verbose output. 787.It Cm MACs 788Specifies the MAC (message authentication code) algorithms 789in order of preference. 790The MAC algorithm is used in protocol version 2 791for data integrity protection. 792Multiple algorithms must be comma-separated. 793The default is: 794.Bd -literal -offset indent 795hmac-md5,hmac-sha1,umac-64@openssh.com, 796hmac-ripemd160,hmac-sha1-96,hmac-md5-96, 797hmac-sha2-256,hmac-sha2-256-96,hmac-sha2-512, 798hmac-sha2-512-96 799.Ed 800.It Cm NoHostAuthenticationForLocalhost 801This option can be used if the home directory is shared across machines. 802In this case localhost will refer to a different machine on each of 803the machines and the user will get many warnings about changed host keys. 804However, this option disables host authentication for localhost. 805The argument to this keyword must be 806.Dq yes 807or 808.Dq no . 809The default is to check the host key for localhost. 810.It Cm NumberOfPasswordPrompts 811Specifies the number of password prompts before giving up. 812The argument to this keyword must be an integer. 813The default is 3. 814.It Cm PasswordAuthentication 815Specifies whether to use password authentication. 816The argument to this keyword must be 817.Dq yes 818or 819.Dq no . 820The default is 821.Dq yes . 822.It Cm PermitLocalCommand 823Allow local command execution via the 824.Ic LocalCommand 825option or using the 826.Ic !\& Ns Ar command 827escape sequence in 828.Xr ssh 1 . 829The argument must be 830.Dq yes 831or 832.Dq no . 833The default is 834.Dq no . 835.It Cm PKCS11Provider 836Specifies which PKCS#11 provider to use. 837The argument to this keyword is the PKCS#11 shared library 838.Xr ssh 1 839should use to communicate with a PKCS#11 token providing the user's 840private RSA key. 841.It Cm Port 842Specifies the port number to connect on the remote host. 843The default is 22. 844.It Cm PreferredAuthentications 845Specifies the order in which the client should try protocol 2 846authentication methods. 847This allows a client to prefer one method (e.g.\& 848.Cm keyboard-interactive ) 849over another method (e.g.\& 850.Cm password ) . 851The default is: 852.Bd -literal -offset indent 853gssapi-with-mic,hostbased,publickey, 854keyboard-interactive,password 855.Ed 856.It Cm Protocol 857Specifies the protocol versions 858.Xr ssh 1 859should support in order of preference. 860The possible values are 861.Sq 1 862and 863.Sq 2 . 864Multiple versions must be comma-separated. 865When this option is set to 866.Dq 2,1 867.Nm ssh 868will try version 2 and fall back to version 1 869if version 2 is not available. 870The default is 871.Sq 2 . 872.It Cm ProxyCommand 873Specifies the command to use to connect to the server. 874The command 875string extends to the end of the line, and is executed with 876the user's shell. 877In the command string, any occurrence of 878.Ql %h 879will be substituted by the host name to 880connect, 881.Ql %p 882by the port, and 883.Ql %r 884by the remote user name. 885The command can be basically anything, 886and should read from its standard input and write to its standard output. 887It should eventually connect an 888.Xr sshd 8 889server running on some machine, or execute 890.Ic sshd -i 891somewhere. 892Host key management will be done using the 893HostName of the host being connected (defaulting to the name typed by 894the user). 895Setting the command to 896.Dq none 897disables this option entirely. 898Note that 899.Cm CheckHostIP 900is not available for connects with a proxy command. 901.Pp 902This directive is useful in conjunction with 903.Xr nc 1 904and its proxy support. 905For example, the following directive would connect via an HTTP proxy at 906192.0.2.0: 907.Bd -literal -offset 3n 908ProxyCommand /usr/bin/nc -X connect -x 192.0.2.0:8080 %h %p 909.Ed 910.It Cm PubkeyAuthentication 911Specifies whether to try public key authentication. 912The argument to this keyword must be 913.Dq yes 914or 915.Dq no . 916The default is 917.Dq yes . 918This option applies to protocol version 2 only. 919.It Cm RekeyLimit 920Specifies the maximum amount of data that may be transmitted before the 921session key is renegotiated. 922The argument is the number of bytes, with an optional suffix of 923.Sq K , 924.Sq M , 925or 926.Sq G 927to indicate Kilobytes, Megabytes, or Gigabytes, respectively. 928The default is between 929.Sq 1G 930and 931.Sq 4G , 932depending on the cipher. 933This option applies to protocol version 2 only. 934.It Cm RemoteForward 935Specifies that a TCP port on the remote machine be forwarded over 936the secure channel to the specified host and port from the local machine. 937The first argument must be 938.Sm off 939.Oo Ar bind_address : Oc Ar port 940.Sm on 941and the second argument must be 942.Ar host : Ns Ar hostport . 943IPv6 addresses can be specified by enclosing addresses in square brackets. 944Multiple forwardings may be specified, and additional 945forwardings can be given on the command line. 946Privileged ports can be forwarded only when 947logging in as root on the remote machine. 948.Pp 949If the 950.Ar port 951argument is 952.Ql 0 , 953the listen port will be dynamically allocated on the server and reported 954to the client at run time. 955.Pp 956If the 957.Ar bind_address 958is not specified, the default is to only bind to loopback addresses. 959If the 960.Ar bind_address 961is 962.Ql * 963or an empty string, then the forwarding is requested to listen on all 964interfaces. 965Specifying a remote 966.Ar bind_address 967will only succeed if the server's 968.Cm GatewayPorts 969option is enabled (see 970.Xr sshd_config 5 ) . 971.It Cm RequestTTY 972Specifies whether to request a pseudo-tty for the session. 973The argument may be one of: 974.Dq no 975(never request a TTY), 976.Dq yes 977(always request a TTY when standard input is a TTY), 978.Dq force 979(always request a TTY) or 980.Dq auto 981(request a TTY when opening a login session). 982This option mirrors the 983.Fl t 984and 985.Fl T 986flags for 987.Xr ssh 1 . 988.It Cm RhostsRSAAuthentication 989Specifies whether to try rhosts based authentication with RSA host 990authentication. 991The argument must be 992.Dq yes 993or 994.Dq no . 995The default is 996.Dq no . 997This option applies to protocol version 1 only and requires 998.Xr ssh 1 999to be setuid root. 1000.It Cm RSAAuthentication 1001Specifies whether to try RSA authentication. 1002The argument to this keyword must be 1003.Dq yes 1004or 1005.Dq no . 1006RSA authentication will only be 1007attempted if the identity file exists, or an authentication agent is 1008running. 1009The default is 1010.Dq yes . 1011Note that this option applies to protocol version 1 only. 1012.It Cm SendEnv 1013Specifies what variables from the local 1014.Xr environ 7 1015should be sent to the server. 1016Note that environment passing is only supported for protocol 2. 1017The server must also support it, and the server must be configured to 1018accept these environment variables. 1019Refer to 1020.Cm AcceptEnv 1021in 1022.Xr sshd_config 5 1023for how to configure the server. 1024Variables are specified by name, which may contain wildcard characters. 1025Multiple environment variables may be separated by whitespace or spread 1026across multiple 1027.Cm SendEnv 1028directives. 1029The default is not to send any environment variables. 1030.Pp 1031See 1032.Sx PATTERNS 1033for more information on patterns. 1034.It Cm ServerAliveCountMax 1035Sets the number of server alive messages (see below) which may be 1036sent without 1037.Xr ssh 1 1038receiving any messages back from the server. 1039If this threshold is reached while server alive messages are being sent, 1040ssh will disconnect from the server, terminating the session. 1041It is important to note that the use of server alive messages is very 1042different from 1043.Cm TCPKeepAlive 1044(below). 1045The server alive messages are sent through the encrypted channel 1046and therefore will not be spoofable. 1047The TCP keepalive option enabled by 1048.Cm TCPKeepAlive 1049is spoofable. 1050The server alive mechanism is valuable when the client or 1051server depend on knowing when a connection has become inactive. 1052.Pp 1053The default value is 3. 1054If, for example, 1055.Cm ServerAliveInterval 1056(see below) is set to 15 and 1057.Cm ServerAliveCountMax 1058is left at the default, if the server becomes unresponsive, 1059ssh will disconnect after approximately 45 seconds. 1060This option applies to protocol version 2 only. 1061.It Cm ServerAliveInterval 1062Sets a timeout interval in seconds after which if no data has been received 1063from the server, 1064.Xr ssh 1 1065will send a message through the encrypted 1066channel to request a response from the server. 1067The default 1068is 0, indicating that these messages will not be sent to the server. 1069This option applies to protocol version 2 only. 1070.It Cm StrictHostKeyChecking 1071If this flag is set to 1072.Dq yes , 1073.Xr ssh 1 1074will never automatically add host keys to the 1075.Pa ~/.ssh/known_hosts 1076file, and refuses to connect to hosts whose host key has changed. 1077This provides maximum protection against trojan horse attacks, 1078though it can be annoying when the 1079.Pa /etc/ssh/ssh_known_hosts 1080file is poorly maintained or when connections to new hosts are 1081frequently made. 1082This option forces the user to manually 1083add all new hosts. 1084If this flag is set to 1085.Dq no , 1086ssh will automatically add new host keys to the 1087user known hosts files. 1088If this flag is set to 1089.Dq ask , 1090new host keys 1091will be added to the user known host files only after the user 1092has confirmed that is what they really want to do, and 1093ssh will refuse to connect to hosts whose host key has changed. 1094The host keys of 1095known hosts will be verified automatically in all cases. 1096The argument must be 1097.Dq yes , 1098.Dq no , 1099or 1100.Dq ask . 1101The default is 1102.Dq ask . 1103.It Cm TCPKeepAlive 1104Specifies whether the system should send TCP keepalive messages to the 1105other side. 1106If they are sent, death of the connection or crash of one 1107of the machines will be properly noticed. 1108However, this means that 1109connections will die if the route is down temporarily, and some people 1110find it annoying. 1111.Pp 1112The default is 1113.Dq yes 1114(to send TCP keepalive messages), and the client will notice 1115if the network goes down or the remote host dies. 1116This is important in scripts, and many users want it too. 1117.Pp 1118To disable TCP keepalive messages, the value should be set to 1119.Dq no . 1120.It Cm Tunnel 1121Request 1122.Xr tun 4 1123device forwarding between the client and the server. 1124The argument must be 1125.Dq yes , 1126.Dq point-to-point 1127(layer 3), 1128.Dq ethernet 1129(layer 2), 1130or 1131.Dq no . 1132Specifying 1133.Dq yes 1134requests the default tunnel mode, which is 1135.Dq point-to-point . 1136The default is 1137.Dq no . 1138.It Cm TunnelDevice 1139Specifies the 1140.Xr tun 4 1141devices to open on the client 1142.Pq Ar local_tun 1143and the server 1144.Pq Ar remote_tun . 1145.Pp 1146The argument must be 1147.Sm off 1148.Ar local_tun Op : Ar remote_tun . 1149.Sm on 1150The devices may be specified by numerical ID or the keyword 1151.Dq any , 1152which uses the next available tunnel device. 1153If 1154.Ar remote_tun 1155is not specified, it defaults to 1156.Dq any . 1157The default is 1158.Dq any:any . 1159.It Cm UsePrivilegedPort 1160Specifies whether to use a privileged port for outgoing connections. 1161The argument must be 1162.Dq yes 1163or 1164.Dq no . 1165The default is 1166.Dq no . 1167If set to 1168.Dq yes , 1169.Xr ssh 1 1170must be setuid root. 1171Note that this option must be set to 1172.Dq yes 1173for 1174.Cm RhostsRSAAuthentication 1175with older servers. 1176.It Cm User 1177Specifies the user to log in as. 1178This can be useful when a different user name is used on different machines. 1179This saves the trouble of 1180having to remember to give the user name on the command line. 1181.It Cm UserKnownHostsFile 1182Specifies one or more files to use for the user 1183host key database, separated by whitespace. 1184The default is 1185.Pa ~/.ssh/known_hosts , 1186.Pa ~/.ssh/known_hosts2 . 1187.It Cm VerifyHostKeyDNS 1188Specifies whether to verify the remote key using DNS and SSHFP resource 1189records. 1190If this option is set to 1191.Dq yes , 1192the client will implicitly trust keys that match a secure fingerprint 1193from DNS. 1194Insecure fingerprints will be handled as if this option was set to 1195.Dq ask . 1196If this option is set to 1197.Dq ask , 1198information on fingerprint match will be displayed, but the user will still 1199need to confirm new host keys according to the 1200.Cm StrictHostKeyChecking 1201option. 1202The argument must be 1203.Dq yes , 1204.Dq no , 1205or 1206.Dq ask . 1207The default is 1208.Dq no . 1209Note that this option applies to protocol version 2 only. 1210.Pp 1211See also 1212.Sx VERIFYING HOST KEYS 1213in 1214.Xr ssh 1 . 1215.It Cm VisualHostKey 1216If this flag is set to 1217.Dq yes , 1218an ASCII art representation of the remote host key fingerprint is 1219printed in addition to the hex fingerprint string at login and 1220for unknown host keys. 1221If this flag is set to 1222.Dq no , 1223no fingerprint strings are printed at login and 1224only the hex fingerprint string will be printed for unknown host keys. 1225The default is 1226.Dq no . 1227.It Cm XAuthLocation 1228Specifies the full pathname of the 1229.Xr xauth 1 1230program. 1231The default is 1232.Pa /usr/X11R6/bin/xauth . 1233.El 1234.Sh PATTERNS 1235A 1236.Em pattern 1237consists of zero or more non-whitespace characters, 1238.Sq * 1239(a wildcard that matches zero or more characters), 1240or 1241.Sq ?\& 1242(a wildcard that matches exactly one character). 1243For example, to specify a set of declarations for any host in the 1244.Dq .co.uk 1245set of domains, 1246the following pattern could be used: 1247.Pp 1248.Dl Host *.co.uk 1249.Pp 1250The following pattern 1251would match any host in the 192.168.0.[0-9] network range: 1252.Pp 1253.Dl Host 192.168.0.? 1254.Pp 1255A 1256.Em pattern-list 1257is a comma-separated list of patterns. 1258Patterns within pattern-lists may be negated 1259by preceding them with an exclamation mark 1260.Pq Sq !\& . 1261For example, 1262to allow a key to be used from anywhere within an organisation 1263except from the 1264.Dq dialup 1265pool, 1266the following entry (in authorized_keys) could be used: 1267.Pp 1268.Dl from=\&"!*.dialup.example.com,*.example.com\&" 1269.Sh FILES 1270.Bl -tag -width Ds 1271.It Pa ~/.ssh/config 1272This is the per-user configuration file. 1273The format of this file is described above. 1274This file is used by the SSH client. 1275Because of the potential for abuse, this file must have strict permissions: 1276read/write for the user, and not accessible by others. 1277.It Pa /etc/ssh/ssh_config 1278Systemwide configuration file. 1279This file provides defaults for those 1280values that are not specified in the user's configuration file, and 1281for those users who do not have a configuration file. 1282This file must be world-readable. 1283.El 1284.Sh SEE ALSO 1285.Xr ssh 1 1286.Sh AUTHORS 1287OpenSSH is a derivative of the original and free 1288ssh 1.2.12 release by Tatu Ylonen. 1289Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, 1290Theo de Raadt and Dug Song 1291removed many bugs, re-added newer features and 1292created OpenSSH. 1293Markus Friedl contributed the support for SSH 1294protocol versions 1.5 and 2.0. 1295