1.\" 2.\" Author: Tatu Ylonen <ylo@cs.hut.fi> 3.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4.\" All rights reserved 5.\" 6.\" As far as I am concerned, the code I have written for this software 7.\" can be used freely for any purpose. Any derived versions of this 8.\" software must be clearly marked as such, and if the derived work is 9.\" incompatible with the protocol description in the RFC file, it must be 10.\" called by a name other than "ssh" or "Secure Shell". 11.\" 12.\" Copyright (c) 1999,2000 Markus Friedl. All rights reserved. 13.\" Copyright (c) 1999 Aaron Campbell. All rights reserved. 14.\" Copyright (c) 1999 Theo de Raadt. All rights reserved. 15.\" 16.\" Redistribution and use in source and binary forms, with or without 17.\" modification, are permitted provided that the following conditions 18.\" are met: 19.\" 1. Redistributions of source code must retain the above copyright 20.\" notice, this list of conditions and the following disclaimer. 21.\" 2. Redistributions in binary form must reproduce the above copyright 22.\" notice, this list of conditions and the following disclaimer in the 23.\" documentation and/or other materials provided with the distribution. 24.\" 25.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 26.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 27.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 28.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 29.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 30.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 31.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 32.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 33.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 34.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 35.\" 36.\" $OpenBSD: ssh_config.5,v 1.214 2015/07/30 00:01:34 djm Exp $ 37.\" $FreeBSD$ 38.Dd $Mdocdate: July 30 2015 $ 39.Dt SSH_CONFIG 5 40.Os 41.Sh NAME 42.Nm ssh_config 43.Nd OpenSSH SSH client configuration files 44.Sh SYNOPSIS 45.Nm ~/.ssh/config 46.Nm /etc/ssh/ssh_config 47.Sh DESCRIPTION 48.Xr ssh 1 49obtains configuration data from the following sources in 50the following order: 51.Pp 52.Bl -enum -offset indent -compact 53.It 54command-line options 55.It 56user's configuration file 57.Pq Pa ~/.ssh/config 58.It 59system-wide configuration file 60.Pq Pa /etc/ssh/ssh_config 61.El 62.Pp 63For each parameter, the first obtained value 64will be used. 65The configuration files contain sections separated by 66.Dq Host 67specifications, and that section is only applied for hosts that 68match one of the patterns given in the specification. 69The matched host name is usually the one given on the command line 70(see the 71.Cm CanonicalizeHostname 72option for exceptions.) 73.Pp 74Since the first obtained value for each parameter is used, more 75host-specific declarations should be given near the beginning of the 76file, and general defaults at the end. 77.Pp 78The configuration file has the following format: 79.Pp 80Empty lines and lines starting with 81.Ql # 82are comments. 83Otherwise a line is of the format 84.Dq keyword arguments . 85Configuration options may be separated by whitespace or 86optional whitespace and exactly one 87.Ql = ; 88the latter format is useful to avoid the need to quote whitespace 89when specifying configuration options using the 90.Nm ssh , 91.Nm scp , 92and 93.Nm sftp 94.Fl o 95option. 96Arguments may optionally be enclosed in double quotes 97.Pq \&" 98in order to represent arguments containing spaces. 99.Pp 100The possible 101keywords and their meanings are as follows (note that 102keywords are case-insensitive and arguments are case-sensitive): 103.Bl -tag -width Ds 104.It Cm Host 105Restricts the following declarations (up to the next 106.Cm Host 107or 108.Cm Match 109keyword) to be only for those hosts that match one of the patterns 110given after the keyword. 111If more than one pattern is provided, they should be separated by whitespace. 112A single 113.Ql * 114as a pattern can be used to provide global 115defaults for all hosts. 116The host is usually the 117.Ar hostname 118argument given on the command line 119(see the 120.Cm CanonicalizeHostname 121option for exceptions.) 122.Pp 123A pattern entry may be negated by prefixing it with an exclamation mark 124.Pq Sq !\& . 125If a negated entry is matched, then the 126.Cm Host 127entry is ignored, regardless of whether any other patterns on the line 128match. 129Negated matches are therefore useful to provide exceptions for wildcard 130matches. 131.Pp 132See 133.Sx PATTERNS 134for more information on patterns. 135.It Cm Match 136Restricts the following declarations (up to the next 137.Cm Host 138or 139.Cm Match 140keyword) to be used only when the conditions following the 141.Cm Match 142keyword are satisfied. 143Match conditions are specified using one or more critera 144or the single token 145.Cm all 146which always matches. 147The available criteria keywords are: 148.Cm canonical , 149.Cm exec , 150.Cm host , 151.Cm originalhost , 152.Cm user , 153and 154.Cm localuser . 155The 156.Cm all 157criteria must appear alone or immediately after 158.Cm canonical . 159Other criteria may be combined arbitrarily. 160All criteria but 161.Cm all 162and 163.Cm canonical 164require an argument. 165Criteria may be negated by prepending an exclamation mark 166.Pq Sq !\& . 167.Pp 168The 169.Cm canonical 170keyword matches only when the configuration file is being re-parsed 171after hostname canonicalization (see the 172.Cm CanonicalizeHostname 173option.) 174This may be useful to specify conditions that work with canonical host 175names only. 176The 177.Cm exec 178keyword executes the specified command under the user's shell. 179If the command returns a zero exit status then the condition is considered true. 180Commands containing whitespace characters must be quoted. 181The following character sequences in the command will be expanded prior to 182execution: 183.Ql %L 184will be substituted by the first component of the local host name, 185.Ql %l 186will be substituted by the local host name (including any domain name), 187.Ql %h 188will be substituted by the target host name, 189.Ql %n 190will be substituted by the original target host name 191specified on the command-line, 192.Ql %p 193the destination port, 194.Ql %r 195by the remote login username, and 196.Ql %u 197by the username of the user running 198.Xr ssh 1 . 199.Pp 200The other keywords' criteria must be single entries or comma-separated 201lists and may use the wildcard and negation operators described in the 202.Sx PATTERNS 203section. 204The criteria for the 205.Cm host 206keyword are matched against the target hostname, after any substitution 207by the 208.Cm Hostname 209or 210.Cm CanonicalizeHostname 211options. 212The 213.Cm originalhost 214keyword matches against the hostname as it was specified on the command-line. 215The 216.Cm user 217keyword matches against the target username on the remote host. 218The 219.Cm localuser 220keyword matches against the name of the local user running 221.Xr ssh 1 222(this keyword may be useful in system-wide 223.Nm 224files). 225.It Cm AddressFamily 226Specifies which address family to use when connecting. 227Valid arguments are 228.Dq any , 229.Dq inet 230(use IPv4 only), or 231.Dq inet6 232(use IPv6 only). 233.It Cm BatchMode 234If set to 235.Dq yes , 236passphrase/password querying will be disabled. 237This option is useful in scripts and other batch jobs where no user 238is present to supply the password. 239The argument must be 240.Dq yes 241or 242.Dq no . 243The default is 244.Dq no . 245.It Cm BindAddress 246Use the specified address on the local machine as the source address of 247the connection. 248Only useful on systems with more than one address. 249Note that this option does not work if 250.Cm UsePrivilegedPort 251is set to 252.Dq yes . 253.It Cm CanonicalDomains 254When 255.Cm CanonicalizeHostname 256is enabled, this option specifies the list of domain suffixes in which to 257search for the specified destination host. 258.It Cm CanonicalizeFallbackLocal 259Specifies whether to fail with an error when hostname canonicalization fails. 260The default, 261.Dq yes , 262will attempt to look up the unqualified hostname using the system resolver's 263search rules. 264A value of 265.Dq no 266will cause 267.Xr ssh 1 268to fail instantly if 269.Cm CanonicalizeHostname 270is enabled and the target hostname cannot be found in any of the domains 271specified by 272.Cm CanonicalDomains . 273.It Cm CanonicalizeHostname 274Controls whether explicit hostname canonicalization is performed. 275The default, 276.Dq no , 277is not to perform any name rewriting and let the system resolver handle all 278hostname lookups. 279If set to 280.Dq yes 281then, for connections that do not use a 282.Cm ProxyCommand , 283.Xr ssh 1 284will attempt to canonicalize the hostname specified on the command line 285using the 286.Cm CanonicalDomains 287suffixes and 288.Cm CanonicalizePermittedCNAMEs 289rules. 290If 291.Cm CanonicalizeHostname 292is set to 293.Dq always , 294then canonicalization is applied to proxied connections too. 295.Pp 296If this option is enabled, then the configuration files are processed 297again using the new target name to pick up any new configuration in matching 298.Cm Host 299and 300.Cm Match 301stanzas. 302.It Cm CanonicalizeMaxDots 303Specifies the maximum number of dot characters in a hostname before 304canonicalization is disabled. 305The default, 306.Dq 1 , 307allows a single dot (i.e. hostname.subdomain). 308.It Cm CanonicalizePermittedCNAMEs 309Specifies rules to determine whether CNAMEs should be followed when 310canonicalizing hostnames. 311The rules consist of one or more arguments of 312.Ar source_domain_list : Ns Ar target_domain_list , 313where 314.Ar source_domain_list 315is a pattern-list of domains that may follow CNAMEs in canonicalization, 316and 317.Ar target_domain_list 318is a pattern-list of domains that they may resolve to. 319.Pp 320For example, 321.Dq *.a.example.com:*.b.example.com,*.c.example.com 322will allow hostnames matching 323.Dq *.a.example.com 324to be canonicalized to names in the 325.Dq *.b.example.com 326or 327.Dq *.c.example.com 328domains. 329.It Cm ChallengeResponseAuthentication 330Specifies whether to use challenge-response authentication. 331The argument to this keyword must be 332.Dq yes 333or 334.Dq no . 335The default is 336.Dq yes . 337.It Cm CheckHostIP 338If this flag is set to 339.Dq yes , 340.Xr ssh 1 341will additionally check the host IP address in the 342.Pa known_hosts 343file. 344This allows ssh to detect if a host key changed due to DNS spoofing 345and will add addresses of destination hosts to 346.Pa ~/.ssh/known_hosts 347in the process, regardless of the setting of 348.Cm StrictHostKeyChecking . 349If the option is set to 350.Dq no , 351the check will not be executed. 352The default is 353.Dq no . 354.It Cm Cipher 355Specifies the cipher to use for encrypting the session 356in protocol version 1. 357Currently, 358.Dq blowfish , 359.Dq 3des , 360and 361.Dq des 362are supported. 363.Ar des 364is only supported in the 365.Xr ssh 1 366client for interoperability with legacy protocol 1 implementations 367that do not support the 368.Ar 3des 369cipher. 370Its use is strongly discouraged due to cryptographic weaknesses. 371The default is 372.Dq 3des . 373.It Cm Ciphers 374Specifies the ciphers allowed for protocol version 2 375in order of preference. 376Multiple ciphers must be comma-separated. 377If the specified value begins with a 378.Sq + 379character, then the specified ciphers will be appended to the default set 380instead of replacing them. 381.Pp 382The supported ciphers are: 383.Pp 384.Bl -item -compact -offset indent 385.It 3863des-cbc 387.It 388aes128-cbc 389.It 390aes192-cbc 391.It 392aes256-cbc 393.It 394aes128-ctr 395.It 396aes192-ctr 397.It 398aes256-ctr 399.It 400aes128-gcm@openssh.com 401.It 402aes256-gcm@openssh.com 403.It 404arcfour 405.It 406arcfour128 407.It 408arcfour256 409.It 410blowfish-cbc 411.It 412cast128-cbc 413.It 414chacha20-poly1305@openssh.com 415.El 416.Pp 417The default is: 418.Bd -literal -offset indent 419aes128-ctr,aes192-ctr,aes256-ctr, 420aes128-gcm@openssh.com,aes256-gcm@openssh.com, 421chacha20-poly1305@openssh.com, 422arcfour256,arcfour128, 423aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc, 424aes192-cbc,aes256-cbc,arcfour 425.Ed 426.Pp 427The list of available ciphers may also be obtained using the 428.Fl Q 429option of 430.Xr ssh 1 431with an argument of 432.Dq cipher . 433.It Cm ClearAllForwardings 434Specifies that all local, remote, and dynamic port forwardings 435specified in the configuration files or on the command line be 436cleared. 437This option is primarily useful when used from the 438.Xr ssh 1 439command line to clear port forwardings set in 440configuration files, and is automatically set by 441.Xr scp 1 442and 443.Xr sftp 1 . 444The argument must be 445.Dq yes 446or 447.Dq no . 448The default is 449.Dq no . 450.It Cm Compression 451Specifies whether to use compression. 452The argument must be 453.Dq yes 454or 455.Dq no . 456The default is 457.Dq no . 458.It Cm CompressionLevel 459Specifies the compression level to use if compression is enabled. 460The argument must be an integer from 1 (fast) to 9 (slow, best). 461The default level is 6, which is good for most applications. 462The meaning of the values is the same as in 463.Xr gzip 1 . 464Note that this option applies to protocol version 1 only. 465.It Cm ConnectionAttempts 466Specifies the number of tries (one per second) to make before exiting. 467The argument must be an integer. 468This may be useful in scripts if the connection sometimes fails. 469The default is 1. 470.It Cm ConnectTimeout 471Specifies the timeout (in seconds) used when connecting to the 472SSH server, instead of using the default system TCP timeout. 473This value is used only when the target is down or really unreachable, 474not when it refuses the connection. 475.It Cm ControlMaster 476Enables the sharing of multiple sessions over a single network connection. 477When set to 478.Dq yes , 479.Xr ssh 1 480will listen for connections on a control socket specified using the 481.Cm ControlPath 482argument. 483Additional sessions can connect to this socket using the same 484.Cm ControlPath 485with 486.Cm ControlMaster 487set to 488.Dq no 489(the default). 490These sessions will try to reuse the master instance's network connection 491rather than initiating new ones, but will fall back to connecting normally 492if the control socket does not exist, or is not listening. 493.Pp 494Setting this to 495.Dq ask 496will cause ssh 497to listen for control connections, but require confirmation using 498.Xr ssh-askpass 1 . 499If the 500.Cm ControlPath 501cannot be opened, 502ssh will continue without connecting to a master instance. 503.Pp 504X11 and 505.Xr ssh-agent 1 506forwarding is supported over these multiplexed connections, however the 507display and agent forwarded will be the one belonging to the master 508connection i.e. it is not possible to forward multiple displays or agents. 509.Pp 510Two additional options allow for opportunistic multiplexing: try to use a 511master connection but fall back to creating a new one if one does not already 512exist. 513These options are: 514.Dq auto 515and 516.Dq autoask . 517The latter requires confirmation like the 518.Dq ask 519option. 520.It Cm ControlPath 521Specify the path to the control socket used for connection sharing as described 522in the 523.Cm ControlMaster 524section above or the string 525.Dq none 526to disable connection sharing. 527In the path, 528.Ql %L 529will be substituted by the first component of the local host name, 530.Ql %l 531will be substituted by the local host name (including any domain name), 532.Ql %h 533will be substituted by the target host name, 534.Ql %n 535will be substituted by the original target host name 536specified on the command line, 537.Ql %p 538the destination port, 539.Ql %r 540by the remote login username, 541.Ql %u 542by the username of the user running 543.Xr ssh 1 , and 544.Ql \&%C 545by a hash of the concatenation: %l%h%p%r. 546It is recommended that any 547.Cm ControlPath 548used for opportunistic connection sharing include 549at least %h, %p, and %r (or alternatively %C) and be placed in a directory 550that is not writable by other users. 551This ensures that shared connections are uniquely identified. 552.It Cm ControlPersist 553When used in conjunction with 554.Cm ControlMaster , 555specifies that the master connection should remain open 556in the background (waiting for future client connections) 557after the initial client connection has been closed. 558If set to 559.Dq no , 560then the master connection will not be placed into the background, 561and will close as soon as the initial client connection is closed. 562If set to 563.Dq yes 564or 565.Dq 0 , 566then the master connection will remain in the background indefinitely 567(until killed or closed via a mechanism such as the 568.Xr ssh 1 569.Dq Fl O No exit 570option). 571If set to a time in seconds, or a time in any of the formats documented in 572.Xr sshd_config 5 , 573then the backgrounded master connection will automatically terminate 574after it has remained idle (with no client connections) for the 575specified time. 576.It Cm DynamicForward 577Specifies that a TCP port on the local machine be forwarded 578over the secure channel, and the application 579protocol is then used to determine where to connect to from the 580remote machine. 581.Pp 582The argument must be 583.Sm off 584.Oo Ar bind_address : Oc Ar port . 585.Sm on 586IPv6 addresses can be specified by enclosing addresses in square brackets. 587By default, the local port is bound in accordance with the 588.Cm GatewayPorts 589setting. 590However, an explicit 591.Ar bind_address 592may be used to bind the connection to a specific address. 593The 594.Ar bind_address 595of 596.Dq localhost 597indicates that the listening port be bound for local use only, while an 598empty address or 599.Sq * 600indicates that the port should be available from all interfaces. 601.Pp 602Currently the SOCKS4 and SOCKS5 protocols are supported, and 603.Xr ssh 1 604will act as a SOCKS server. 605Multiple forwardings may be specified, and 606additional forwardings can be given on the command line. 607Only the superuser can forward privileged ports. 608.It Cm EnableSSHKeysign 609Setting this option to 610.Dq yes 611in the global client configuration file 612.Pa /etc/ssh/ssh_config 613enables the use of the helper program 614.Xr ssh-keysign 8 615during 616.Cm HostbasedAuthentication . 617The argument must be 618.Dq yes 619or 620.Dq no . 621The default is 622.Dq no . 623This option should be placed in the non-hostspecific section. 624See 625.Xr ssh-keysign 8 626for more information. 627.It Cm EscapeChar 628Sets the escape character (default: 629.Ql ~ ) . 630The escape character can also 631be set on the command line. 632The argument should be a single character, 633.Ql ^ 634followed by a letter, or 635.Dq none 636to disable the escape 637character entirely (making the connection transparent for binary 638data). 639.It Cm ExitOnForwardFailure 640Specifies whether 641.Xr ssh 1 642should terminate the connection if it cannot set up all requested 643dynamic, tunnel, local, and remote port forwardings. 644The argument must be 645.Dq yes 646or 647.Dq no . 648The default is 649.Dq no . 650.It Cm FingerprintHash 651Specifies the hash algorithm used when displaying key fingerprints. 652Valid options are: 653.Dq md5 654and 655.Dq sha256 . 656The default is 657.Dq sha256 . 658.It Cm ForwardAgent 659Specifies whether the connection to the authentication agent (if any) 660will be forwarded to the remote machine. 661The argument must be 662.Dq yes 663or 664.Dq no . 665The default is 666.Dq no . 667.Pp 668Agent forwarding should be enabled with caution. 669Users with the ability to bypass file permissions on the remote host 670(for the agent's Unix-domain socket) 671can access the local agent through the forwarded connection. 672An attacker cannot obtain key material from the agent, 673however they can perform operations on the keys that enable them to 674authenticate using the identities loaded into the agent. 675.It Cm ForwardX11 676Specifies whether X11 connections will be automatically redirected 677over the secure channel and 678.Ev DISPLAY 679set. 680The argument must be 681.Dq yes 682or 683.Dq no . 684The default is 685.Dq no . 686.Pp 687X11 forwarding should be enabled with caution. 688Users with the ability to bypass file permissions on the remote host 689(for the user's X11 authorization database) 690can access the local X11 display through the forwarded connection. 691An attacker may then be able to perform activities such as keystroke monitoring 692if the 693.Cm ForwardX11Trusted 694option is also enabled. 695.It Cm ForwardX11Timeout 696Specify a timeout for untrusted X11 forwarding 697using the format described in the 698TIME FORMATS section of 699.Xr sshd_config 5 . 700X11 connections received by 701.Xr ssh 1 702after this time will be refused. 703The default is to disable untrusted X11 forwarding after twenty minutes has 704elapsed. 705.It Cm ForwardX11Trusted 706If this option is set to 707.Dq yes , 708remote X11 clients will have full access to the original X11 display. 709.Pp 710If this option is set to 711.Dq no , 712remote X11 clients will be considered untrusted and prevented 713from stealing or tampering with data belonging to trusted X11 714clients. 715Furthermore, the 716.Xr xauth 1 717token used for the session will be set to expire after 20 minutes. 718Remote clients will be refused access after this time. 719.Pp 720The default is 721.Dq no . 722.Pp 723See the X11 SECURITY extension specification for full details on 724the restrictions imposed on untrusted clients. 725.It Cm GatewayPorts 726Specifies whether remote hosts are allowed to connect to local 727forwarded ports. 728By default, 729.Xr ssh 1 730binds local port forwardings to the loopback address. 731This prevents other remote hosts from connecting to forwarded ports. 732.Cm GatewayPorts 733can be used to specify that ssh 734should bind local port forwardings to the wildcard address, 735thus allowing remote hosts to connect to forwarded ports. 736The argument must be 737.Dq yes 738or 739.Dq no . 740The default is 741.Dq no . 742.It Cm GlobalKnownHostsFile 743Specifies one or more files to use for the global 744host key database, separated by whitespace. 745The default is 746.Pa /etc/ssh/ssh_known_hosts , 747.Pa /etc/ssh/ssh_known_hosts2 . 748.It Cm GSSAPIAuthentication 749Specifies whether user authentication based on GSSAPI is allowed. 750The default is 751.Dq no . 752Note that this option applies to protocol version 2 only. 753.It Cm GSSAPIDelegateCredentials 754Forward (delegate) credentials to the server. 755The default is 756.Dq no . 757Note that this option applies to protocol version 2 only. 758.It Cm HashKnownHosts 759Indicates that 760.Xr ssh 1 761should hash host names and addresses when they are added to 762.Pa ~/.ssh/known_hosts . 763These hashed names may be used normally by 764.Xr ssh 1 765and 766.Xr sshd 8 , 767but they do not reveal identifying information should the file's contents 768be disclosed. 769The default is 770.Dq no . 771Note that existing names and addresses in known hosts files 772will not be converted automatically, 773but may be manually hashed using 774.Xr ssh-keygen 1 . 775.It Cm HostbasedAuthentication 776Specifies whether to try rhosts based authentication with public key 777authentication. 778The argument must be 779.Dq yes 780or 781.Dq no . 782The default is 783.Dq no . 784This option applies to protocol version 2 only and 785is similar to 786.Cm RhostsRSAAuthentication . 787.It Cm HostbasedKeyTypes 788Specifies the key types that will be used for hostbased authentication 789as a comma-separated pattern list. 790Alternately if the specified value begins with a 791.Sq + 792character, then the specified key types will be appended to the default set 793instead of replacing them. 794The default for this option is: 795.Bd -literal -offset 3n 796ecdsa-sha2-nistp256-cert-v01@openssh.com, 797ecdsa-sha2-nistp384-cert-v01@openssh.com, 798ecdsa-sha2-nistp521-cert-v01@openssh.com, 799ssh-ed25519-cert-v01@openssh.com, 800ssh-rsa-cert-v01@openssh.com, 801ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, 802ssh-ed25519,ssh-rsa 803.Ed 804.Pp 805The 806.Fl Q 807option of 808.Xr ssh 1 809may be used to list supported key types. 810.It Cm HostKeyAlgorithms 811Specifies the protocol version 2 host key algorithms 812that the client wants to use in order of preference. 813Alternately if the specified value begins with a 814.Sq + 815character, then the specified key types will be appended to the default set 816instead of replacing them. 817The default for this option is: 818.Bd -literal -offset 3n 819ecdsa-sha2-nistp256-cert-v01@openssh.com, 820ecdsa-sha2-nistp384-cert-v01@openssh.com, 821ecdsa-sha2-nistp521-cert-v01@openssh.com, 822ssh-ed25519-cert-v01@openssh.com, 823ssh-rsa-cert-v01@openssh.com, 824ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, 825ssh-ed25519,ssh-rsa 826.Ed 827.Pp 828If hostkeys are known for the destination host then this default is modified 829to prefer their algorithms. 830.Pp 831The list of available key types may also be obtained using the 832.Fl Q 833option of 834.Xr ssh 1 835with an argument of 836.Dq key . 837.It Cm HostKeyAlias 838Specifies an alias that should be used instead of the 839real host name when looking up or saving the host key 840in the host key database files. 841This option is useful for tunneling SSH connections 842or for multiple servers running on a single host. 843.It Cm HostName 844Specifies the real host name to log into. 845This can be used to specify nicknames or abbreviations for hosts. 846If the hostname contains the character sequence 847.Ql %h , 848then this will be replaced with the host name specified on the command line 849(this is useful for manipulating unqualified names). 850The character sequence 851.Ql %% 852will be replaced by a single 853.Ql % 854character, which may be used when specifying IPv6 link-local addresses. 855.Pp 856The default is the name given on the command line. 857Numeric IP addresses are also permitted (both on the command line and in 858.Cm HostName 859specifications). 860.It Cm IdentitiesOnly 861Specifies that 862.Xr ssh 1 863should only use the authentication identity files configured in the 864.Nm 865files, 866even if 867.Xr ssh-agent 1 868or a 869.Cm PKCS11Provider 870offers more identities. 871The argument to this keyword must be 872.Dq yes 873or 874.Dq no . 875This option is intended for situations where ssh-agent 876offers many different identities. 877The default is 878.Dq no . 879.It Cm IdentityFile 880Specifies a file from which the user's DSA, ECDSA, Ed25519 or RSA authentication 881identity is read. 882The default is 883.Pa ~/.ssh/identity 884for protocol version 1, and 885.Pa ~/.ssh/id_dsa , 886.Pa ~/.ssh/id_ecdsa , 887.Pa ~/.ssh/id_ed25519 888and 889.Pa ~/.ssh/id_rsa 890for protocol version 2. 891Additionally, any identities represented by the authentication agent 892will be used for authentication unless 893.Cm IdentitiesOnly 894is set. 895.Xr ssh 1 896will try to load certificate information from the filename obtained by 897appending 898.Pa -cert.pub 899to the path of a specified 900.Cm IdentityFile . 901.Pp 902The file name may use the tilde 903syntax to refer to a user's home directory or one of the following 904escape characters: 905.Ql %d 906(local user's home directory), 907.Ql %u 908(local user name), 909.Ql %l 910(local host name), 911.Ql %h 912(remote host name) or 913.Ql %r 914(remote user name). 915.Pp 916It is possible to have 917multiple identity files specified in configuration files; all these 918identities will be tried in sequence. 919Multiple 920.Cm IdentityFile 921directives will add to the list of identities tried (this behaviour 922differs from that of other configuration directives). 923.Pp 924.Cm IdentityFile 925may be used in conjunction with 926.Cm IdentitiesOnly 927to select which identities in an agent are offered during authentication. 928.It Cm IgnoreUnknown 929Specifies a pattern-list of unknown options to be ignored if they are 930encountered in configuration parsing. 931This may be used to suppress errors if 932.Nm 933contains options that are unrecognised by 934.Xr ssh 1 . 935It is recommended that 936.Cm IgnoreUnknown 937be listed early in the configuration file as it will not be applied 938to unknown options that appear before it. 939.It Cm IPQoS 940Specifies the IPv4 type-of-service or DSCP class for connections. 941Accepted values are 942.Dq af11 , 943.Dq af12 , 944.Dq af13 , 945.Dq af21 , 946.Dq af22 , 947.Dq af23 , 948.Dq af31 , 949.Dq af32 , 950.Dq af33 , 951.Dq af41 , 952.Dq af42 , 953.Dq af43 , 954.Dq cs0 , 955.Dq cs1 , 956.Dq cs2 , 957.Dq cs3 , 958.Dq cs4 , 959.Dq cs5 , 960.Dq cs6 , 961.Dq cs7 , 962.Dq ef , 963.Dq lowdelay , 964.Dq throughput , 965.Dq reliability , 966or a numeric value. 967This option may take one or two arguments, separated by whitespace. 968If one argument is specified, it is used as the packet class unconditionally. 969If two values are specified, the first is automatically selected for 970interactive sessions and the second for non-interactive sessions. 971The default is 972.Dq lowdelay 973for interactive sessions and 974.Dq throughput 975for non-interactive sessions. 976.It Cm KbdInteractiveAuthentication 977Specifies whether to use keyboard-interactive authentication. 978The argument to this keyword must be 979.Dq yes 980or 981.Dq no . 982The default is 983.Dq yes . 984.It Cm KbdInteractiveDevices 985Specifies the list of methods to use in keyboard-interactive authentication. 986Multiple method names must be comma-separated. 987The default is to use the server specified list. 988The methods available vary depending on what the server supports. 989For an OpenSSH server, 990it may be zero or more of: 991.Dq bsdauth , 992.Dq pam , 993and 994.Dq skey . 995.It Cm KexAlgorithms 996Specifies the available KEX (Key Exchange) algorithms. 997Multiple algorithms must be comma-separated. 998Alternately if the specified value begins with a 999.Sq + 1000character, then the specified methods will be appended to the default set 1001instead of replacing them. 1002The default is: 1003.Bd -literal -offset indent 1004curve25519-sha256@libssh.org, 1005ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521, 1006diffie-hellman-group-exchange-sha256, 1007diffie-hellman-group-exchange-sha1, 1008diffie-hellman-group14-sha1 1009.Ed 1010.Pp 1011The list of available key exchange algorithms may also be obtained using the 1012.Fl Q 1013option of 1014.Xr ssh 1 1015with an argument of 1016.Dq kex . 1017.It Cm LocalCommand 1018Specifies a command to execute on the local machine after successfully 1019connecting to the server. 1020The command string extends to the end of the line, and is executed with 1021the user's shell. 1022The following escape character substitutions will be performed: 1023.Ql %d 1024(local user's home directory), 1025.Ql %h 1026(remote host name), 1027.Ql %l 1028(local host name), 1029.Ql %n 1030(host name as provided on the command line), 1031.Ql %p 1032(remote port), 1033.Ql %r 1034(remote user name) or 1035.Ql %u 1036(local user name) or 1037.Ql \&%C 1038by a hash of the concatenation: %l%h%p%r. 1039.Pp 1040The command is run synchronously and does not have access to the 1041session of the 1042.Xr ssh 1 1043that spawned it. 1044It should not be used for interactive commands. 1045.Pp 1046This directive is ignored unless 1047.Cm PermitLocalCommand 1048has been enabled. 1049.It Cm LocalForward 1050Specifies that a TCP port on the local machine be forwarded over 1051the secure channel to the specified host and port from the remote machine. 1052The first argument must be 1053.Sm off 1054.Oo Ar bind_address : Oc Ar port 1055.Sm on 1056and the second argument must be 1057.Ar host : Ns Ar hostport . 1058IPv6 addresses can be specified by enclosing addresses in square brackets. 1059Multiple forwardings may be specified, and additional forwardings can be 1060given on the command line. 1061Only the superuser can forward privileged ports. 1062By default, the local port is bound in accordance with the 1063.Cm GatewayPorts 1064setting. 1065However, an explicit 1066.Ar bind_address 1067may be used to bind the connection to a specific address. 1068The 1069.Ar bind_address 1070of 1071.Dq localhost 1072indicates that the listening port be bound for local use only, while an 1073empty address or 1074.Sq * 1075indicates that the port should be available from all interfaces. 1076.It Cm LogLevel 1077Gives the verbosity level that is used when logging messages from 1078.Xr ssh 1 . 1079The possible values are: 1080QUIET, FATAL, ERROR, INFO, VERBOSE, DEBUG, DEBUG1, DEBUG2, and DEBUG3. 1081The default is INFO. 1082DEBUG and DEBUG1 are equivalent. 1083DEBUG2 and DEBUG3 each specify higher levels of verbose output. 1084.It Cm MACs 1085Specifies the MAC (message authentication code) algorithms 1086in order of preference. 1087The MAC algorithm is used in protocol version 2 1088for data integrity protection. 1089Multiple algorithms must be comma-separated. 1090If the specified value begins with a 1091.Sq + 1092character, then the specified algorithms will be appended to the default set 1093instead of replacing them. 1094.Pp 1095The algorithms that contain 1096.Dq -etm 1097calculate the MAC after encryption (encrypt-then-mac). 1098These are considered safer and their use recommended. 1099.Pp 1100The default is: 1101.Bd -literal -offset indent 1102umac-64-etm@openssh.com,umac-128-etm@openssh.com, 1103hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com, 1104umac-64@openssh.com,umac-128@openssh.com, 1105hmac-sha2-256,hmac-sha2-512, 1106hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com, 1107hmac-ripemd160-etm@openssh.com, 1108hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com, 1109hmac-md5,hmac-sha1,hmac-ripemd160, 1110hmac-sha1-96,hmac-md5-96 1111.Ed 1112.Pp 1113The list of available MAC algorithms may also be obtained using the 1114.Fl Q 1115option of 1116.Xr ssh 1 1117with an argument of 1118.Dq mac . 1119.It Cm NoHostAuthenticationForLocalhost 1120This option can be used if the home directory is shared across machines. 1121In this case localhost will refer to a different machine on each of 1122the machines and the user will get many warnings about changed host keys. 1123However, this option disables host authentication for localhost. 1124The argument to this keyword must be 1125.Dq yes 1126or 1127.Dq no . 1128The default is to check the host key for localhost. 1129.It Cm NumberOfPasswordPrompts 1130Specifies the number of password prompts before giving up. 1131The argument to this keyword must be an integer. 1132The default is 3. 1133.It Cm PasswordAuthentication 1134Specifies whether to use password authentication. 1135The argument to this keyword must be 1136.Dq yes 1137or 1138.Dq no . 1139The default is 1140.Dq yes . 1141.It Cm PermitLocalCommand 1142Allow local command execution via the 1143.Ic LocalCommand 1144option or using the 1145.Ic !\& Ns Ar command 1146escape sequence in 1147.Xr ssh 1 . 1148The argument must be 1149.Dq yes 1150or 1151.Dq no . 1152The default is 1153.Dq no . 1154.It Cm PKCS11Provider 1155Specifies which PKCS#11 provider to use. 1156The argument to this keyword is the PKCS#11 shared library 1157.Xr ssh 1 1158should use to communicate with a PKCS#11 token providing the user's 1159private RSA key. 1160.It Cm Port 1161Specifies the port number to connect on the remote host. 1162The default is 22. 1163.It Cm PreferredAuthentications 1164Specifies the order in which the client should try protocol 2 1165authentication methods. 1166This allows a client to prefer one method (e.g.\& 1167.Cm keyboard-interactive ) 1168over another method (e.g.\& 1169.Cm password ) . 1170The default is: 1171.Bd -literal -offset indent 1172gssapi-with-mic,hostbased,publickey, 1173keyboard-interactive,password 1174.Ed 1175.It Cm Protocol 1176Specifies the protocol versions 1177.Xr ssh 1 1178should support in order of preference. 1179The possible values are 1180.Sq 1 1181and 1182.Sq 2 . 1183Multiple versions must be comma-separated. 1184When this option is set to 1185.Dq 2,1 1186.Nm ssh 1187will try version 2 and fall back to version 1 1188if version 2 is not available. 1189The default is 1190.Sq 2 . 1191.It Cm ProxyCommand 1192Specifies the command to use to connect to the server. 1193The command 1194string extends to the end of the line, and is executed 1195using the user's shell 1196.Ql exec 1197directive to avoid a lingering shell process. 1198.Pp 1199In the command string, any occurrence of 1200.Ql %h 1201will be substituted by the host name to 1202connect, 1203.Ql %p 1204by the port, and 1205.Ql %r 1206by the remote user name. 1207The command can be basically anything, 1208and should read from its standard input and write to its standard output. 1209It should eventually connect an 1210.Xr sshd 8 1211server running on some machine, or execute 1212.Ic sshd -i 1213somewhere. 1214Host key management will be done using the 1215HostName of the host being connected (defaulting to the name typed by 1216the user). 1217Setting the command to 1218.Dq none 1219disables this option entirely. 1220Note that 1221.Cm CheckHostIP 1222is not available for connects with a proxy command. 1223.Pp 1224This directive is useful in conjunction with 1225.Xr nc 1 1226and its proxy support. 1227For example, the following directive would connect via an HTTP proxy at 1228192.0.2.0: 1229.Bd -literal -offset 3n 1230ProxyCommand /usr/bin/nc -X connect -x 192.0.2.0:8080 %h %p 1231.Ed 1232.It Cm ProxyUseFdpass 1233Specifies that 1234.Cm ProxyCommand 1235will pass a connected file descriptor back to 1236.Xr ssh 1 1237instead of continuing to execute and pass data. 1238The default is 1239.Dq no . 1240.It Cm PubkeyAcceptedKeyTypes 1241Specifies the key types that will be used for public key authentication 1242as a comma-separated pattern list. 1243Alternately if the specified value begins with a 1244.Sq + 1245character, then the key types after it will be appended to the default 1246instead of replacing it. 1247The default for this option is: 1248.Bd -literal -offset 3n 1249ecdsa-sha2-nistp256-cert-v01@openssh.com, 1250ecdsa-sha2-nistp384-cert-v01@openssh.com, 1251ecdsa-sha2-nistp521-cert-v01@openssh.com, 1252ssh-ed25519-cert-v01@openssh.com, 1253ssh-rsa-cert-v01@openssh.com, 1254ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, 1255ssh-ed25519,ssh-rsa 1256.Ed 1257.Pp 1258The 1259.Fl Q 1260option of 1261.Xr ssh 1 1262may be used to list supported key types. 1263.It Cm PubkeyAuthentication 1264Specifies whether to try public key authentication. 1265The argument to this keyword must be 1266.Dq yes 1267or 1268.Dq no . 1269The default is 1270.Dq yes . 1271This option applies to protocol version 2 only. 1272.It Cm RekeyLimit 1273Specifies the maximum amount of data that may be transmitted before the 1274session key is renegotiated, optionally followed a maximum amount of 1275time that may pass before the session key is renegotiated. 1276The first argument is specified in bytes and may have a suffix of 1277.Sq K , 1278.Sq M , 1279or 1280.Sq G 1281to indicate Kilobytes, Megabytes, or Gigabytes, respectively. 1282The default is between 1283.Sq 1G 1284and 1285.Sq 4G , 1286depending on the cipher. 1287The optional second value is specified in seconds and may use any of the 1288units documented in the 1289TIME FORMATS section of 1290.Xr sshd_config 5 . 1291The default value for 1292.Cm RekeyLimit 1293is 1294.Dq default none , 1295which means that rekeying is performed after the cipher's default amount 1296of data has been sent or received and no time based rekeying is done. 1297This option applies to protocol version 2 only. 1298.It Cm RemoteForward 1299Specifies that a TCP port on the remote machine be forwarded over 1300the secure channel to the specified host and port from the local machine. 1301The first argument must be 1302.Sm off 1303.Oo Ar bind_address : Oc Ar port 1304.Sm on 1305and the second argument must be 1306.Ar host : Ns Ar hostport . 1307IPv6 addresses can be specified by enclosing addresses in square brackets. 1308Multiple forwardings may be specified, and additional 1309forwardings can be given on the command line. 1310Privileged ports can be forwarded only when 1311logging in as root on the remote machine. 1312.Pp 1313If the 1314.Ar port 1315argument is 1316.Ql 0 , 1317the listen port will be dynamically allocated on the server and reported 1318to the client at run time. 1319.Pp 1320If the 1321.Ar bind_address 1322is not specified, the default is to only bind to loopback addresses. 1323If the 1324.Ar bind_address 1325is 1326.Ql * 1327or an empty string, then the forwarding is requested to listen on all 1328interfaces. 1329Specifying a remote 1330.Ar bind_address 1331will only succeed if the server's 1332.Cm GatewayPorts 1333option is enabled (see 1334.Xr sshd_config 5 ) . 1335.It Cm RequestTTY 1336Specifies whether to request a pseudo-tty for the session. 1337The argument may be one of: 1338.Dq no 1339(never request a TTY), 1340.Dq yes 1341(always request a TTY when standard input is a TTY), 1342.Dq force 1343(always request a TTY) or 1344.Dq auto 1345(request a TTY when opening a login session). 1346This option mirrors the 1347.Fl t 1348and 1349.Fl T 1350flags for 1351.Xr ssh 1 . 1352.It Cm RevokedHostKeys 1353Specifies revoked host public keys. 1354Keys listed in this file will be refused for host authentication. 1355Note that if this file does not exist or is not readable, 1356then host authentication will be refused for all hosts. 1357Keys may be specified as a text file, listing one public key per line, or as 1358an OpenSSH Key Revocation List (KRL) as generated by 1359.Xr ssh-keygen 1 . 1360For more information on KRLs, see the KEY REVOCATION LISTS section in 1361.Xr ssh-keygen 1 . 1362.It Cm RhostsRSAAuthentication 1363Specifies whether to try rhosts based authentication with RSA host 1364authentication. 1365The argument must be 1366.Dq yes 1367or 1368.Dq no . 1369The default is 1370.Dq no . 1371This option applies to protocol version 1 only and requires 1372.Xr ssh 1 1373to be setuid root. 1374.It Cm RSAAuthentication 1375Specifies whether to try RSA authentication. 1376The argument to this keyword must be 1377.Dq yes 1378or 1379.Dq no . 1380RSA authentication will only be 1381attempted if the identity file exists, or an authentication agent is 1382running. 1383The default is 1384.Dq yes . 1385Note that this option applies to protocol version 1 only. 1386.It Cm SendEnv 1387Specifies what variables from the local 1388.Xr environ 7 1389should be sent to the server. 1390Note that environment passing is only supported for protocol 2. 1391The server must also support it, and the server must be configured to 1392accept these environment variables. 1393Note that the 1394.Ev TERM 1395environment variable is always sent whenever a 1396pseudo-terminal is requested as it is required by the protocol. 1397Refer to 1398.Cm AcceptEnv 1399in 1400.Xr sshd_config 5 1401for how to configure the server. 1402Variables are specified by name, which may contain wildcard characters. 1403Multiple environment variables may be separated by whitespace or spread 1404across multiple 1405.Cm SendEnv 1406directives. 1407The default is not to send any environment variables. 1408.Pp 1409See 1410.Sx PATTERNS 1411for more information on patterns. 1412.It Cm ServerAliveCountMax 1413Sets the number of server alive messages (see below) which may be 1414sent without 1415.Xr ssh 1 1416receiving any messages back from the server. 1417If this threshold is reached while server alive messages are being sent, 1418ssh will disconnect from the server, terminating the session. 1419It is important to note that the use of server alive messages is very 1420different from 1421.Cm TCPKeepAlive 1422(below). 1423The server alive messages are sent through the encrypted channel 1424and therefore will not be spoofable. 1425The TCP keepalive option enabled by 1426.Cm TCPKeepAlive 1427is spoofable. 1428The server alive mechanism is valuable when the client or 1429server depend on knowing when a connection has become inactive. 1430.Pp 1431The default value is 3. 1432If, for example, 1433.Cm ServerAliveInterval 1434(see below) is set to 15 and 1435.Cm ServerAliveCountMax 1436is left at the default, if the server becomes unresponsive, 1437ssh will disconnect after approximately 45 seconds. 1438This option applies to protocol version 2 only. 1439.It Cm ServerAliveInterval 1440Sets a timeout interval in seconds after which if no data has been received 1441from the server, 1442.Xr ssh 1 1443will send a message through the encrypted 1444channel to request a response from the server. 1445The default 1446is 0, indicating that these messages will not be sent to the server. 1447This option applies to protocol version 2 only. 1448.It Cm StreamLocalBindMask 1449Sets the octal file creation mode mask 1450.Pq umask 1451used when creating a Unix-domain socket file for local or remote 1452port forwarding. 1453This option is only used for port forwarding to a Unix-domain socket file. 1454.Pp 1455The default value is 0177, which creates a Unix-domain socket file that is 1456readable and writable only by the owner. 1457Note that not all operating systems honor the file mode on Unix-domain 1458socket files. 1459.It Cm StreamLocalBindUnlink 1460Specifies whether to remove an existing Unix-domain socket file for local 1461or remote port forwarding before creating a new one. 1462If the socket file already exists and 1463.Cm StreamLocalBindUnlink 1464is not enabled, 1465.Nm ssh 1466will be unable to forward the port to the Unix-domain socket file. 1467This option is only used for port forwarding to a Unix-domain socket file. 1468.Pp 1469The argument must be 1470.Dq yes 1471or 1472.Dq no . 1473The default is 1474.Dq no . 1475.It Cm StrictHostKeyChecking 1476If this flag is set to 1477.Dq yes , 1478.Xr ssh 1 1479will never automatically add host keys to the 1480.Pa ~/.ssh/known_hosts 1481file, and refuses to connect to hosts whose host key has changed. 1482This provides maximum protection against trojan horse attacks, 1483though it can be annoying when the 1484.Pa /etc/ssh/ssh_known_hosts 1485file is poorly maintained or when connections to new hosts are 1486frequently made. 1487This option forces the user to manually 1488add all new hosts. 1489If this flag is set to 1490.Dq no , 1491ssh will automatically add new host keys to the 1492user known hosts files. 1493If this flag is set to 1494.Dq ask , 1495new host keys 1496will be added to the user known host files only after the user 1497has confirmed that is what they really want to do, and 1498ssh will refuse to connect to hosts whose host key has changed. 1499The host keys of 1500known hosts will be verified automatically in all cases. 1501The argument must be 1502.Dq yes , 1503.Dq no , 1504or 1505.Dq ask . 1506The default is 1507.Dq ask . 1508.It Cm TCPKeepAlive 1509Specifies whether the system should send TCP keepalive messages to the 1510other side. 1511If they are sent, death of the connection or crash of one 1512of the machines will be properly noticed. 1513However, this means that 1514connections will die if the route is down temporarily, and some people 1515find it annoying. 1516.Pp 1517The default is 1518.Dq yes 1519(to send TCP keepalive messages), and the client will notice 1520if the network goes down or the remote host dies. 1521This is important in scripts, and many users want it too. 1522.Pp 1523To disable TCP keepalive messages, the value should be set to 1524.Dq no . 1525.It Cm Tunnel 1526Request 1527.Xr tun 4 1528device forwarding between the client and the server. 1529The argument must be 1530.Dq yes , 1531.Dq point-to-point 1532(layer 3), 1533.Dq ethernet 1534(layer 2), 1535or 1536.Dq no . 1537Specifying 1538.Dq yes 1539requests the default tunnel mode, which is 1540.Dq point-to-point . 1541The default is 1542.Dq no . 1543.It Cm TunnelDevice 1544Specifies the 1545.Xr tun 4 1546devices to open on the client 1547.Pq Ar local_tun 1548and the server 1549.Pq Ar remote_tun . 1550.Pp 1551The argument must be 1552.Sm off 1553.Ar local_tun Op : Ar remote_tun . 1554.Sm on 1555The devices may be specified by numerical ID or the keyword 1556.Dq any , 1557which uses the next available tunnel device. 1558If 1559.Ar remote_tun 1560is not specified, it defaults to 1561.Dq any . 1562The default is 1563.Dq any:any . 1564.It Cm UpdateHostKeys 1565Specifies whether 1566.Xr ssh 1 1567should accept notifications of additional hostkeys from the server sent 1568after authentication has completed and add them to 1569.Cm UserKnownHostsFile . 1570The argument must be 1571.Dq yes , 1572.Dq no 1573(the default) or 1574.Dq ask . 1575Enabling this option allows learning alternate hostkeys for a server 1576and supports graceful key rotation by allowing a server to send replacement 1577public keys before old ones are removed. 1578Additional hostkeys are only accepted if the key used to authenticate the 1579host was already trusted or explicity accepted by the user. 1580If 1581.Cm UpdateHostKeys 1582is set to 1583.Dq ask , 1584then the user is asked to confirm the modifications to the known_hosts file. 1585Confirmation is currently incompatible with 1586.Cm ControlPersist , 1587and will be disabled if it is enabled. 1588.Pp 1589Presently, only 1590.Xr sshd 8 1591from OpenSSH 6.8 and greater support the 1592.Dq hostkeys@openssh.com 1593protocol extension used to inform the client of all the server's hostkeys. 1594.It Cm UsePrivilegedPort 1595Specifies whether to use a privileged port for outgoing connections. 1596The argument must be 1597.Dq yes 1598or 1599.Dq no . 1600The default is 1601.Dq no . 1602If set to 1603.Dq yes , 1604.Xr ssh 1 1605must be setuid root. 1606Note that this option must be set to 1607.Dq yes 1608for 1609.Cm RhostsRSAAuthentication 1610with older servers. 1611.It Cm User 1612Specifies the user to log in as. 1613This can be useful when a different user name is used on different machines. 1614This saves the trouble of 1615having to remember to give the user name on the command line. 1616.It Cm UserKnownHostsFile 1617Specifies one or more files to use for the user 1618host key database, separated by whitespace. 1619The default is 1620.Pa ~/.ssh/known_hosts , 1621.Pa ~/.ssh/known_hosts2 . 1622.It Cm VerifyHostKeyDNS 1623Specifies whether to verify the remote key using DNS and SSHFP resource 1624records. 1625If this option is set to 1626.Dq yes , 1627the client will implicitly trust keys that match a secure fingerprint 1628from DNS. 1629Insecure fingerprints will be handled as if this option was set to 1630.Dq ask . 1631If this option is set to 1632.Dq ask , 1633information on fingerprint match will be displayed, but the user will still 1634need to confirm new host keys according to the 1635.Cm StrictHostKeyChecking 1636option. 1637The argument must be 1638.Dq yes , 1639.Dq no , 1640or 1641.Dq ask . 1642The default is 1643.Dq yes 1644if compiled with LDNS and 1645.Dq no 1646otherwise. 1647Note that this option applies to protocol version 2 only. 1648.Pp 1649See also VERIFYING HOST KEYS in 1650.Xr ssh 1 . 1651.It Cm VersionAddendum 1652Specifies a string to append to the regular version string to identify 1653OS- or site-specific modifications. 1654The default is 1655.Dq FreeBSD-20160119 . 1656The value 1657.Dq none 1658may be used to disable this. 1659.It Cm VisualHostKey 1660If this flag is set to 1661.Dq yes , 1662an ASCII art representation of the remote host key fingerprint is 1663printed in addition to the fingerprint string at login and 1664for unknown host keys. 1665If this flag is set to 1666.Dq no , 1667no fingerprint strings are printed at login and 1668only the fingerprint string will be printed for unknown host keys. 1669The default is 1670.Dq no . 1671.It Cm XAuthLocation 1672Specifies the full pathname of the 1673.Xr xauth 1 1674program. 1675The default is 1676.Pa /usr/local/bin/xauth . 1677.El 1678.Sh PATTERNS 1679A 1680.Em pattern 1681consists of zero or more non-whitespace characters, 1682.Sq * 1683(a wildcard that matches zero or more characters), 1684or 1685.Sq ?\& 1686(a wildcard that matches exactly one character). 1687For example, to specify a set of declarations for any host in the 1688.Dq .co.uk 1689set of domains, 1690the following pattern could be used: 1691.Pp 1692.Dl Host *.co.uk 1693.Pp 1694The following pattern 1695would match any host in the 192.168.0.[0-9] network range: 1696.Pp 1697.Dl Host 192.168.0.? 1698.Pp 1699A 1700.Em pattern-list 1701is a comma-separated list of patterns. 1702Patterns within pattern-lists may be negated 1703by preceding them with an exclamation mark 1704.Pq Sq !\& . 1705For example, 1706to allow a key to be used from anywhere within an organization 1707except from the 1708.Dq dialup 1709pool, 1710the following entry (in authorized_keys) could be used: 1711.Pp 1712.Dl from=\&"!*.dialup.example.com,*.example.com\&" 1713.Sh FILES 1714.Bl -tag -width Ds 1715.It Pa ~/.ssh/config 1716This is the per-user configuration file. 1717The format of this file is described above. 1718This file is used by the SSH client. 1719Because of the potential for abuse, this file must have strict permissions: 1720read/write for the user, and not accessible by others. 1721.It Pa /etc/ssh/ssh_config 1722Systemwide configuration file. 1723This file provides defaults for those 1724values that are not specified in the user's configuration file, and 1725for those users who do not have a configuration file. 1726This file must be world-readable. 1727.El 1728.Sh SEE ALSO 1729.Xr ssh 1 1730.Sh AUTHORS 1731OpenSSH is a derivative of the original and free 1732ssh 1.2.12 release by Tatu Ylonen. 1733Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, 1734Theo de Raadt and Dug Song 1735removed many bugs, re-added newer features and 1736created OpenSSH. 1737Markus Friedl contributed the support for SSH 1738protocol versions 1.5 and 2.0. 1739