1.\" 2.\" Author: Tatu Ylonen <ylo@cs.hut.fi> 3.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4.\" All rights reserved 5.\" 6.\" As far as I am concerned, the code I have written for this software 7.\" can be used freely for any purpose. Any derived versions of this 8.\" software must be clearly marked as such, and if the derived work is 9.\" incompatible with the protocol description in the RFC file, it must be 10.\" called by a name other than "ssh" or "Secure Shell". 11.\" 12.\" Copyright (c) 1999,2000 Markus Friedl. All rights reserved. 13.\" Copyright (c) 1999 Aaron Campbell. All rights reserved. 14.\" Copyright (c) 1999 Theo de Raadt. All rights reserved. 15.\" 16.\" Redistribution and use in source and binary forms, with or without 17.\" modification, are permitted provided that the following conditions 18.\" are met: 19.\" 1. Redistributions of source code must retain the above copyright 20.\" notice, this list of conditions and the following disclaimer. 21.\" 2. Redistributions in binary form must reproduce the above copyright 22.\" notice, this list of conditions and the following disclaimer in the 23.\" documentation and/or other materials provided with the distribution. 24.\" 25.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 26.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 27.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 28.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 29.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 30.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 31.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 32.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 33.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 34.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 35.\" 36.\" $OpenBSD: ssh_config.5,v 1.256 2017/09/21 19:16:53 markus Exp $ 37.Dd $Mdocdate: September 21 2017 $ 38.Dt SSH_CONFIG 5 39.Os 40.Sh NAME 41.Nm ssh_config 42.Nd OpenSSH SSH client configuration files 43.Sh DESCRIPTION 44.Xr ssh 1 45obtains configuration data from the following sources in 46the following order: 47.Pp 48.Bl -enum -offset indent -compact 49.It 50command-line options 51.It 52user's configuration file 53.Pq Pa ~/.ssh/config 54.It 55system-wide configuration file 56.Pq Pa /etc/ssh/ssh_config 57.El 58.Pp 59For each parameter, the first obtained value 60will be used. 61The configuration files contain sections separated by 62.Cm Host 63specifications, and that section is only applied for hosts that 64match one of the patterns given in the specification. 65The matched host name is usually the one given on the command line 66(see the 67.Cm CanonicalizeHostname 68option for exceptions). 69.Pp 70Since the first obtained value for each parameter is used, more 71host-specific declarations should be given near the beginning of the 72file, and general defaults at the end. 73.Pp 74The file contains keyword-argument pairs, one per line. 75Lines starting with 76.Ql # 77and empty lines are interpreted as comments. 78Arguments may optionally be enclosed in double quotes 79.Pq \&" 80in order to represent arguments containing spaces. 81Configuration options may be separated by whitespace or 82optional whitespace and exactly one 83.Ql = ; 84the latter format is useful to avoid the need to quote whitespace 85when specifying configuration options using the 86.Nm ssh , 87.Nm scp , 88and 89.Nm sftp 90.Fl o 91option. 92.Pp 93The possible 94keywords and their meanings are as follows (note that 95keywords are case-insensitive and arguments are case-sensitive): 96.Bl -tag -width Ds 97.It Cm Host 98Restricts the following declarations (up to the next 99.Cm Host 100or 101.Cm Match 102keyword) to be only for those hosts that match one of the patterns 103given after the keyword. 104If more than one pattern is provided, they should be separated by whitespace. 105A single 106.Ql * 107as a pattern can be used to provide global 108defaults for all hosts. 109The host is usually the 110.Ar hostname 111argument given on the command line 112(see the 113.Cm CanonicalizeHostname 114keyword for exceptions). 115.Pp 116A pattern entry may be negated by prefixing it with an exclamation mark 117.Pq Sq !\& . 118If a negated entry is matched, then the 119.Cm Host 120entry is ignored, regardless of whether any other patterns on the line 121match. 122Negated matches are therefore useful to provide exceptions for wildcard 123matches. 124.Pp 125See 126.Sx PATTERNS 127for more information on patterns. 128.It Cm Match 129Restricts the following declarations (up to the next 130.Cm Host 131or 132.Cm Match 133keyword) to be used only when the conditions following the 134.Cm Match 135keyword are satisfied. 136Match conditions are specified using one or more criteria 137or the single token 138.Cm all 139which always matches. 140The available criteria keywords are: 141.Cm canonical , 142.Cm exec , 143.Cm host , 144.Cm originalhost , 145.Cm user , 146and 147.Cm localuser . 148The 149.Cm all 150criteria must appear alone or immediately after 151.Cm canonical . 152Other criteria may be combined arbitrarily. 153All criteria but 154.Cm all 155and 156.Cm canonical 157require an argument. 158Criteria may be negated by prepending an exclamation mark 159.Pq Sq !\& . 160.Pp 161The 162.Cm canonical 163keyword matches only when the configuration file is being re-parsed 164after hostname canonicalization (see the 165.Cm CanonicalizeHostname 166option.) 167This may be useful to specify conditions that work with canonical host 168names only. 169The 170.Cm exec 171keyword executes the specified command under the user's shell. 172If the command returns a zero exit status then the condition is considered true. 173Commands containing whitespace characters must be quoted. 174Arguments to 175.Cm exec 176accept the tokens described in the 177.Sx TOKENS 178section. 179.Pp 180The other keywords' criteria must be single entries or comma-separated 181lists and may use the wildcard and negation operators described in the 182.Sx PATTERNS 183section. 184The criteria for the 185.Cm host 186keyword are matched against the target hostname, after any substitution 187by the 188.Cm Hostname 189or 190.Cm CanonicalizeHostname 191options. 192The 193.Cm originalhost 194keyword matches against the hostname as it was specified on the command-line. 195The 196.Cm user 197keyword matches against the target username on the remote host. 198The 199.Cm localuser 200keyword matches against the name of the local user running 201.Xr ssh 1 202(this keyword may be useful in system-wide 203.Nm 204files). 205.It Cm AddKeysToAgent 206Specifies whether keys should be automatically added to a running 207.Xr ssh-agent 1 . 208If this option is set to 209.Cm yes 210and a key is loaded from a file, the key and its passphrase are added to 211the agent with the default lifetime, as if by 212.Xr ssh-add 1 . 213If this option is set to 214.Cm ask , 215.Xr ssh 1 216will require confirmation using the 217.Ev SSH_ASKPASS 218program before adding a key (see 219.Xr ssh-add 1 220for details). 221If this option is set to 222.Cm confirm , 223each use of the key must be confirmed, as if the 224.Fl c 225option was specified to 226.Xr ssh-add 1 . 227If this option is set to 228.Cm no , 229no keys are added to the agent. 230The argument must be 231.Cm yes , 232.Cm confirm , 233.Cm ask , 234or 235.Cm no 236(the default). 237.It Cm AddressFamily 238Specifies which address family to use when connecting. 239Valid arguments are 240.Cm any 241(the default), 242.Cm inet 243(use IPv4 only), or 244.Cm inet6 245(use IPv6 only). 246.It Cm BatchMode 247If set to 248.Cm yes , 249passphrase/password querying will be disabled. 250This option is useful in scripts and other batch jobs where no user 251is present to supply the password. 252The argument must be 253.Cm yes 254or 255.Cm no 256(the default). 257.It Cm BindAddress 258Use the specified address on the local machine as the source address of 259the connection. 260Only useful on systems with more than one address. 261Note that this option does not work if 262.Cm UsePrivilegedPort 263is set to 264.Cm yes . 265.It Cm CanonicalDomains 266When 267.Cm CanonicalizeHostname 268is enabled, this option specifies the list of domain suffixes in which to 269search for the specified destination host. 270.It Cm CanonicalizeFallbackLocal 271Specifies whether to fail with an error when hostname canonicalization fails. 272The default, 273.Cm yes , 274will attempt to look up the unqualified hostname using the system resolver's 275search rules. 276A value of 277.Cm no 278will cause 279.Xr ssh 1 280to fail instantly if 281.Cm CanonicalizeHostname 282is enabled and the target hostname cannot be found in any of the domains 283specified by 284.Cm CanonicalDomains . 285.It Cm CanonicalizeHostname 286Controls whether explicit hostname canonicalization is performed. 287The default, 288.Cm no , 289is not to perform any name rewriting and let the system resolver handle all 290hostname lookups. 291If set to 292.Cm yes 293then, for connections that do not use a 294.Cm ProxyCommand , 295.Xr ssh 1 296will attempt to canonicalize the hostname specified on the command line 297using the 298.Cm CanonicalDomains 299suffixes and 300.Cm CanonicalizePermittedCNAMEs 301rules. 302If 303.Cm CanonicalizeHostname 304is set to 305.Cm always , 306then canonicalization is applied to proxied connections too. 307.Pp 308If this option is enabled, then the configuration files are processed 309again using the new target name to pick up any new configuration in matching 310.Cm Host 311and 312.Cm Match 313stanzas. 314.It Cm CanonicalizeMaxDots 315Specifies the maximum number of dot characters in a hostname before 316canonicalization is disabled. 317The default, 1, 318allows a single dot (i.e. hostname.subdomain). 319.It Cm CanonicalizePermittedCNAMEs 320Specifies rules to determine whether CNAMEs should be followed when 321canonicalizing hostnames. 322The rules consist of one or more arguments of 323.Ar source_domain_list : Ns Ar target_domain_list , 324where 325.Ar source_domain_list 326is a pattern-list of domains that may follow CNAMEs in canonicalization, 327and 328.Ar target_domain_list 329is a pattern-list of domains that they may resolve to. 330.Pp 331For example, 332.Qq *.a.example.com:*.b.example.com,*.c.example.com 333will allow hostnames matching 334.Qq *.a.example.com 335to be canonicalized to names in the 336.Qq *.b.example.com 337or 338.Qq *.c.example.com 339domains. 340.It Cm CertificateFile 341Specifies a file from which the user's certificate is read. 342A corresponding private key must be provided separately in order 343to use this certificate either 344from an 345.Cm IdentityFile 346directive or 347.Fl i 348flag to 349.Xr ssh 1 , 350via 351.Xr ssh-agent 1 , 352or via a 353.Cm PKCS11Provider . 354.Pp 355Arguments to 356.Cm CertificateFile 357may use the tilde syntax to refer to a user's home directory 358or the tokens described in the 359.Sx TOKENS 360section. 361.Pp 362It is possible to have multiple certificate files specified in 363configuration files; these certificates will be tried in sequence. 364Multiple 365.Cm CertificateFile 366directives will add to the list of certificates used for 367authentication. 368.It Cm ChallengeResponseAuthentication 369Specifies whether to use challenge-response authentication. 370The argument to this keyword must be 371.Cm yes 372(the default) 373or 374.Cm no . 375.It Cm CheckHostIP 376If set to 377.Cm yes 378(the default), 379.Xr ssh 1 380will additionally check the host IP address in the 381.Pa known_hosts 382file. 383This allows it to detect if a host key changed due to DNS spoofing 384and will add addresses of destination hosts to 385.Pa ~/.ssh/known_hosts 386in the process, regardless of the setting of 387.Cm StrictHostKeyChecking . 388If the option is set to 389.Cm no , 390the check will not be executed. 391.It Cm Ciphers 392Specifies the ciphers allowed and their order of preference. 393Multiple ciphers must be comma-separated. 394If the specified value begins with a 395.Sq + 396character, then the specified ciphers will be appended to the default set 397instead of replacing them. 398If the specified value begins with a 399.Sq - 400character, then the specified ciphers (including wildcards) will be removed 401from the default set instead of replacing them. 402.Pp 403The supported ciphers are: 404.Bd -literal -offset indent 4053des-cbc 406aes128-cbc 407aes192-cbc 408aes256-cbc 409aes128-ctr 410aes192-ctr 411aes256-ctr 412aes128-gcm@openssh.com 413aes256-gcm@openssh.com 414chacha20-poly1305@openssh.com 415.Ed 416.Pp 417The default is: 418.Bd -literal -offset indent 419chacha20-poly1305@openssh.com, 420aes128-ctr,aes192-ctr,aes256-ctr, 421aes128-gcm@openssh.com,aes256-gcm@openssh.com, 422aes128-cbc,aes192-cbc,aes256-cbc 423.Ed 424.Pp 425The list of available ciphers may also be obtained using 426.Qq ssh -Q cipher . 427.It Cm ClearAllForwardings 428Specifies that all local, remote, and dynamic port forwardings 429specified in the configuration files or on the command line be 430cleared. 431This option is primarily useful when used from the 432.Xr ssh 1 433command line to clear port forwardings set in 434configuration files, and is automatically set by 435.Xr scp 1 436and 437.Xr sftp 1 . 438The argument must be 439.Cm yes 440or 441.Cm no 442(the default). 443.It Cm Compression 444Specifies whether to use compression. 445The argument must be 446.Cm yes 447or 448.Cm no 449(the default). 450.It Cm ConnectionAttempts 451Specifies the number of tries (one per second) to make before exiting. 452The argument must be an integer. 453This may be useful in scripts if the connection sometimes fails. 454The default is 1. 455.It Cm ConnectTimeout 456Specifies the timeout (in seconds) used when connecting to the 457SSH server, instead of using the default system TCP timeout. 458This value is used only when the target is down or really unreachable, 459not when it refuses the connection. 460.It Cm ControlMaster 461Enables the sharing of multiple sessions over a single network connection. 462When set to 463.Cm yes , 464.Xr ssh 1 465will listen for connections on a control socket specified using the 466.Cm ControlPath 467argument. 468Additional sessions can connect to this socket using the same 469.Cm ControlPath 470with 471.Cm ControlMaster 472set to 473.Cm no 474(the default). 475These sessions will try to reuse the master instance's network connection 476rather than initiating new ones, but will fall back to connecting normally 477if the control socket does not exist, or is not listening. 478.Pp 479Setting this to 480.Cm ask 481will cause 482.Xr ssh 1 483to listen for control connections, but require confirmation using 484.Xr ssh-askpass 1 . 485If the 486.Cm ControlPath 487cannot be opened, 488.Xr ssh 1 489will continue without connecting to a master instance. 490.Pp 491X11 and 492.Xr ssh-agent 1 493forwarding is supported over these multiplexed connections, however the 494display and agent forwarded will be the one belonging to the master 495connection i.e. it is not possible to forward multiple displays or agents. 496.Pp 497Two additional options allow for opportunistic multiplexing: try to use a 498master connection but fall back to creating a new one if one does not already 499exist. 500These options are: 501.Cm auto 502and 503.Cm autoask . 504The latter requires confirmation like the 505.Cm ask 506option. 507.It Cm ControlPath 508Specify the path to the control socket used for connection sharing as described 509in the 510.Cm ControlMaster 511section above or the string 512.Cm none 513to disable connection sharing. 514Arguments to 515.Cm ControlPath 516may use the tilde syntax to refer to a user's home directory 517or the tokens described in the 518.Sx TOKENS 519section. 520It is recommended that any 521.Cm ControlPath 522used for opportunistic connection sharing include 523at least %h, %p, and %r (or alternatively %C) and be placed in a directory 524that is not writable by other users. 525This ensures that shared connections are uniquely identified. 526.It Cm ControlPersist 527When used in conjunction with 528.Cm ControlMaster , 529specifies that the master connection should remain open 530in the background (waiting for future client connections) 531after the initial client connection has been closed. 532If set to 533.Cm no , 534then the master connection will not be placed into the background, 535and will close as soon as the initial client connection is closed. 536If set to 537.Cm yes 538or 0, 539then the master connection will remain in the background indefinitely 540(until killed or closed via a mechanism such as the 541.Qq ssh -O exit ) . 542If set to a time in seconds, or a time in any of the formats documented in 543.Xr sshd_config 5 , 544then the backgrounded master connection will automatically terminate 545after it has remained idle (with no client connections) for the 546specified time. 547.It Cm DynamicForward 548Specifies that a TCP port on the local machine be forwarded 549over the secure channel, and the application 550protocol is then used to determine where to connect to from the 551remote machine. 552.Pp 553The argument must be 554.Sm off 555.Oo Ar bind_address : Oc Ar port . 556.Sm on 557IPv6 addresses can be specified by enclosing addresses in square brackets. 558By default, the local port is bound in accordance with the 559.Cm GatewayPorts 560setting. 561However, an explicit 562.Ar bind_address 563may be used to bind the connection to a specific address. 564The 565.Ar bind_address 566of 567.Cm localhost 568indicates that the listening port be bound for local use only, while an 569empty address or 570.Sq * 571indicates that the port should be available from all interfaces. 572.Pp 573Currently the SOCKS4 and SOCKS5 protocols are supported, and 574.Xr ssh 1 575will act as a SOCKS server. 576Multiple forwardings may be specified, and 577additional forwardings can be given on the command line. 578Only the superuser can forward privileged ports. 579.It Cm EnableSSHKeysign 580Setting this option to 581.Cm yes 582in the global client configuration file 583.Pa /etc/ssh/ssh_config 584enables the use of the helper program 585.Xr ssh-keysign 8 586during 587.Cm HostbasedAuthentication . 588The argument must be 589.Cm yes 590or 591.Cm no 592(the default). 593This option should be placed in the non-hostspecific section. 594See 595.Xr ssh-keysign 8 596for more information. 597.It Cm EscapeChar 598Sets the escape character (default: 599.Ql ~ ) . 600The escape character can also 601be set on the command line. 602The argument should be a single character, 603.Ql ^ 604followed by a letter, or 605.Cm none 606to disable the escape 607character entirely (making the connection transparent for binary 608data). 609.It Cm ExitOnForwardFailure 610Specifies whether 611.Xr ssh 1 612should terminate the connection if it cannot set up all requested 613dynamic, tunnel, local, and remote port forwardings, (e.g.\& 614if either end is unable to bind and listen on a specified port). 615Note that 616.Cm ExitOnForwardFailure 617does not apply to connections made over port forwardings and will not, 618for example, cause 619.Xr ssh 1 620to exit if TCP connections to the ultimate forwarding destination fail. 621The argument must be 622.Cm yes 623or 624.Cm no 625(the default). 626.It Cm FingerprintHash 627Specifies the hash algorithm used when displaying key fingerprints. 628Valid options are: 629.Cm md5 630and 631.Cm sha256 632(the default). 633.It Cm ForwardAgent 634Specifies whether the connection to the authentication agent (if any) 635will be forwarded to the remote machine. 636The argument must be 637.Cm yes 638or 639.Cm no 640(the default). 641.Pp 642Agent forwarding should be enabled with caution. 643Users with the ability to bypass file permissions on the remote host 644(for the agent's Unix-domain socket) 645can access the local agent through the forwarded connection. 646An attacker cannot obtain key material from the agent, 647however they can perform operations on the keys that enable them to 648authenticate using the identities loaded into the agent. 649.It Cm ForwardX11 650Specifies whether X11 connections will be automatically redirected 651over the secure channel and 652.Ev DISPLAY 653set. 654The argument must be 655.Cm yes 656or 657.Cm no 658(the default). 659.Pp 660X11 forwarding should be enabled with caution. 661Users with the ability to bypass file permissions on the remote host 662(for the user's X11 authorization database) 663can access the local X11 display through the forwarded connection. 664An attacker may then be able to perform activities such as keystroke monitoring 665if the 666.Cm ForwardX11Trusted 667option is also enabled. 668.It Cm ForwardX11Timeout 669Specify a timeout for untrusted X11 forwarding 670using the format described in the 671.Sx TIME FORMATS 672section of 673.Xr sshd_config 5 . 674X11 connections received by 675.Xr ssh 1 676after this time will be refused. 677The default is to disable untrusted X11 forwarding after twenty minutes has 678elapsed. 679.It Cm ForwardX11Trusted 680If this option is set to 681.Cm yes , 682remote X11 clients will have full access to the original X11 display. 683.Pp 684If this option is set to 685.Cm no 686(the default), 687remote X11 clients will be considered untrusted and prevented 688from stealing or tampering with data belonging to trusted X11 689clients. 690Furthermore, the 691.Xr xauth 1 692token used for the session will be set to expire after 20 minutes. 693Remote clients will be refused access after this time. 694.Pp 695See the X11 SECURITY extension specification for full details on 696the restrictions imposed on untrusted clients. 697.It Cm GatewayPorts 698Specifies whether remote hosts are allowed to connect to local 699forwarded ports. 700By default, 701.Xr ssh 1 702binds local port forwardings to the loopback address. 703This prevents other remote hosts from connecting to forwarded ports. 704.Cm GatewayPorts 705can be used to specify that ssh 706should bind local port forwardings to the wildcard address, 707thus allowing remote hosts to connect to forwarded ports. 708The argument must be 709.Cm yes 710or 711.Cm no 712(the default). 713.It Cm GlobalKnownHostsFile 714Specifies one or more files to use for the global 715host key database, separated by whitespace. 716The default is 717.Pa /etc/ssh/ssh_known_hosts , 718.Pa /etc/ssh/ssh_known_hosts2 . 719.It Cm GSSAPIAuthentication 720Specifies whether user authentication based on GSSAPI is allowed. 721The default is 722.Cm no . 723.It Cm GSSAPIDelegateCredentials 724Forward (delegate) credentials to the server. 725The default is 726.Cm no . 727.It Cm HashKnownHosts 728Indicates that 729.Xr ssh 1 730should hash host names and addresses when they are added to 731.Pa ~/.ssh/known_hosts . 732These hashed names may be used normally by 733.Xr ssh 1 734and 735.Xr sshd 8 , 736but they do not reveal identifying information should the file's contents 737be disclosed. 738The default is 739.Cm no . 740Note that existing names and addresses in known hosts files 741will not be converted automatically, 742but may be manually hashed using 743.Xr ssh-keygen 1 . 744.It Cm HostbasedAuthentication 745Specifies whether to try rhosts based authentication with public key 746authentication. 747The argument must be 748.Cm yes 749or 750.Cm no 751(the default). 752.It Cm HostbasedKeyTypes 753Specifies the key types that will be used for hostbased authentication 754as a comma-separated pattern list. 755Alternately if the specified value begins with a 756.Sq + 757character, then the specified key types will be appended to the default set 758instead of replacing them. 759If the specified value begins with a 760.Sq - 761character, then the specified key types (including wildcards) will be removed 762from the default set instead of replacing them. 763The default for this option is: 764.Bd -literal -offset 3n 765ecdsa-sha2-nistp256-cert-v01@openssh.com, 766ecdsa-sha2-nistp384-cert-v01@openssh.com, 767ecdsa-sha2-nistp521-cert-v01@openssh.com, 768ssh-ed25519-cert-v01@openssh.com, 769ssh-rsa-cert-v01@openssh.com, 770ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, 771ssh-ed25519,ssh-rsa 772.Ed 773.Pp 774The 775.Fl Q 776option of 777.Xr ssh 1 778may be used to list supported key types. 779.It Cm HostKeyAlgorithms 780Specifies the host key algorithms 781that the client wants to use in order of preference. 782Alternately if the specified value begins with a 783.Sq + 784character, then the specified key types will be appended to the default set 785instead of replacing them. 786If the specified value begins with a 787.Sq - 788character, then the specified key types (including wildcards) will be removed 789from the default set instead of replacing them. 790The default for this option is: 791.Bd -literal -offset 3n 792ecdsa-sha2-nistp256-cert-v01@openssh.com, 793ecdsa-sha2-nistp384-cert-v01@openssh.com, 794ecdsa-sha2-nistp521-cert-v01@openssh.com, 795ssh-ed25519-cert-v01@openssh.com, 796ssh-rsa-cert-v01@openssh.com, 797ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, 798ssh-ed25519,ssh-rsa 799.Ed 800.Pp 801If hostkeys are known for the destination host then this default is modified 802to prefer their algorithms. 803.Pp 804The list of available key types may also be obtained using 805.Qq ssh -Q key . 806.It Cm HostKeyAlias 807Specifies an alias that should be used instead of the 808real host name when looking up or saving the host key 809in the host key database files and when validating host certificates. 810This option is useful for tunneling SSH connections 811or for multiple servers running on a single host. 812.It Cm HostName 813Specifies the real host name to log into. 814This can be used to specify nicknames or abbreviations for hosts. 815Arguments to 816.Cm HostName 817accept the tokens described in the 818.Sx TOKENS 819section. 820Numeric IP addresses are also permitted (both on the command line and in 821.Cm HostName 822specifications). 823The default is the name given on the command line. 824.It Cm IdentitiesOnly 825Specifies that 826.Xr ssh 1 827should only use the authentication identity and certificate files explicitly 828configured in the 829.Nm 830files 831or passed on the 832.Xr ssh 1 833command-line, 834even if 835.Xr ssh-agent 1 836or a 837.Cm PKCS11Provider 838offers more identities. 839The argument to this keyword must be 840.Cm yes 841or 842.Cm no 843(the default). 844This option is intended for situations where ssh-agent 845offers many different identities. 846.It Cm IdentityAgent 847Specifies the 848.Ux Ns -domain 849socket used to communicate with the authentication agent. 850.Pp 851This option overrides the 852.Ev SSH_AUTH_SOCK 853environment variable and can be used to select a specific agent. 854Setting the socket name to 855.Cm none 856disables the use of an authentication agent. 857If the string 858.Qq SSH_AUTH_SOCK 859is specified, the location of the socket will be read from the 860.Ev SSH_AUTH_SOCK 861environment variable. 862.Pp 863Arguments to 864.Cm IdentityAgent 865may use the tilde syntax to refer to a user's home directory 866or the tokens described in the 867.Sx TOKENS 868section. 869.It Cm IdentityFile 870Specifies a file from which the user's DSA, ECDSA, Ed25519 or RSA authentication 871identity is read. 872The default is 873.Pa ~/.ssh/id_dsa , 874.Pa ~/.ssh/id_ecdsa , 875.Pa ~/.ssh/id_ed25519 876and 877.Pa ~/.ssh/id_rsa . 878Additionally, any identities represented by the authentication agent 879will be used for authentication unless 880.Cm IdentitiesOnly 881is set. 882If no certificates have been explicitly specified by 883.Cm CertificateFile , 884.Xr ssh 1 885will try to load certificate information from the filename obtained by 886appending 887.Pa -cert.pub 888to the path of a specified 889.Cm IdentityFile . 890.Pp 891Arguments to 892.Cm IdentityFile 893may use the tilde syntax to refer to a user's home directory 894or the tokens described in the 895.Sx TOKENS 896section. 897.Pp 898It is possible to have 899multiple identity files specified in configuration files; all these 900identities will be tried in sequence. 901Multiple 902.Cm IdentityFile 903directives will add to the list of identities tried (this behaviour 904differs from that of other configuration directives). 905.Pp 906.Cm IdentityFile 907may be used in conjunction with 908.Cm IdentitiesOnly 909to select which identities in an agent are offered during authentication. 910.Cm IdentityFile 911may also be used in conjunction with 912.Cm CertificateFile 913in order to provide any certificate also needed for authentication with 914the identity. 915.It Cm IgnoreUnknown 916Specifies a pattern-list of unknown options to be ignored if they are 917encountered in configuration parsing. 918This may be used to suppress errors if 919.Nm 920contains options that are unrecognised by 921.Xr ssh 1 . 922It is recommended that 923.Cm IgnoreUnknown 924be listed early in the configuration file as it will not be applied 925to unknown options that appear before it. 926.It Cm Include 927Include the specified configuration file(s). 928Multiple pathnames may be specified and each pathname may contain 929.Xr glob 3 930wildcards and, for user configurations, shell-like 931.Sq ~ 932references to user home directories. 933Files without absolute paths are assumed to be in 934.Pa ~/.ssh 935if included in a user configuration file or 936.Pa /etc/ssh 937if included from the system configuration file. 938.Cm Include 939directive may appear inside a 940.Cm Match 941or 942.Cm Host 943block 944to perform conditional inclusion. 945.It Cm IPQoS 946Specifies the IPv4 type-of-service or DSCP class for connections. 947Accepted values are 948.Cm af11 , 949.Cm af12 , 950.Cm af13 , 951.Cm af21 , 952.Cm af22 , 953.Cm af23 , 954.Cm af31 , 955.Cm af32 , 956.Cm af33 , 957.Cm af41 , 958.Cm af42 , 959.Cm af43 , 960.Cm cs0 , 961.Cm cs1 , 962.Cm cs2 , 963.Cm cs3 , 964.Cm cs4 , 965.Cm cs5 , 966.Cm cs6 , 967.Cm cs7 , 968.Cm ef , 969.Cm lowdelay , 970.Cm throughput , 971.Cm reliability , 972a numeric value, or 973.Cm none 974to use the operating system default. 975This option may take one or two arguments, separated by whitespace. 976If one argument is specified, it is used as the packet class unconditionally. 977If two values are specified, the first is automatically selected for 978interactive sessions and the second for non-interactive sessions. 979The default is 980.Cm lowdelay 981for interactive sessions and 982.Cm throughput 983for non-interactive sessions. 984.It Cm KbdInteractiveAuthentication 985Specifies whether to use keyboard-interactive authentication. 986The argument to this keyword must be 987.Cm yes 988(the default) 989or 990.Cm no . 991.It Cm KbdInteractiveDevices 992Specifies the list of methods to use in keyboard-interactive authentication. 993Multiple method names must be comma-separated. 994The default is to use the server specified list. 995The methods available vary depending on what the server supports. 996For an OpenSSH server, 997it may be zero or more of: 998.Cm bsdauth , 999.Cm pam , 1000and 1001.Cm skey . 1002.It Cm KexAlgorithms 1003Specifies the available KEX (Key Exchange) algorithms. 1004Multiple algorithms must be comma-separated. 1005Alternately if the specified value begins with a 1006.Sq + 1007character, then the specified methods will be appended to the default set 1008instead of replacing them. 1009If the specified value begins with a 1010.Sq - 1011character, then the specified methods (including wildcards) will be removed 1012from the default set instead of replacing them. 1013The default is: 1014.Bd -literal -offset indent 1015curve25519-sha256,curve25519-sha256@libssh.org, 1016ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521, 1017diffie-hellman-group-exchange-sha256, 1018diffie-hellman-group-exchange-sha1, 1019diffie-hellman-group14-sha1 1020.Ed 1021.Pp 1022The list of available key exchange algorithms may also be obtained using 1023.Qq ssh -Q kex . 1024.It Cm LocalCommand 1025Specifies a command to execute on the local machine after successfully 1026connecting to the server. 1027The command string extends to the end of the line, and is executed with 1028the user's shell. 1029Arguments to 1030.Cm LocalCommand 1031accept the tokens described in the 1032.Sx TOKENS 1033section. 1034.Pp 1035The command is run synchronously and does not have access to the 1036session of the 1037.Xr ssh 1 1038that spawned it. 1039It should not be used for interactive commands. 1040.Pp 1041This directive is ignored unless 1042.Cm PermitLocalCommand 1043has been enabled. 1044.It Cm LocalForward 1045Specifies that a TCP port on the local machine be forwarded over 1046the secure channel to the specified host and port from the remote machine. 1047The first argument must be 1048.Sm off 1049.Oo Ar bind_address : Oc Ar port 1050.Sm on 1051and the second argument must be 1052.Ar host : Ns Ar hostport . 1053IPv6 addresses can be specified by enclosing addresses in square brackets. 1054Multiple forwardings may be specified, and additional forwardings can be 1055given on the command line. 1056Only the superuser can forward privileged ports. 1057By default, the local port is bound in accordance with the 1058.Cm GatewayPorts 1059setting. 1060However, an explicit 1061.Ar bind_address 1062may be used to bind the connection to a specific address. 1063The 1064.Ar bind_address 1065of 1066.Cm localhost 1067indicates that the listening port be bound for local use only, while an 1068empty address or 1069.Sq * 1070indicates that the port should be available from all interfaces. 1071.It Cm LogLevel 1072Gives the verbosity level that is used when logging messages from 1073.Xr ssh 1 . 1074The possible values are: 1075QUIET, FATAL, ERROR, INFO, VERBOSE, DEBUG, DEBUG1, DEBUG2, and DEBUG3. 1076The default is INFO. 1077DEBUG and DEBUG1 are equivalent. 1078DEBUG2 and DEBUG3 each specify higher levels of verbose output. 1079.It Cm MACs 1080Specifies the MAC (message authentication code) algorithms 1081in order of preference. 1082The MAC algorithm is used for data integrity protection. 1083Multiple algorithms must be comma-separated. 1084If the specified value begins with a 1085.Sq + 1086character, then the specified algorithms will be appended to the default set 1087instead of replacing them. 1088If the specified value begins with a 1089.Sq - 1090character, then the specified algorithms (including wildcards) will be removed 1091from the default set instead of replacing them. 1092.Pp 1093The algorithms that contain 1094.Qq -etm 1095calculate the MAC after encryption (encrypt-then-mac). 1096These are considered safer and their use recommended. 1097.Pp 1098The default is: 1099.Bd -literal -offset indent 1100umac-64-etm@openssh.com,umac-128-etm@openssh.com, 1101hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com, 1102hmac-sha1-etm@openssh.com, 1103umac-64@openssh.com,umac-128@openssh.com, 1104hmac-sha2-256,hmac-sha2-512,hmac-sha1 1105.Ed 1106.Pp 1107The list of available MAC algorithms may also be obtained using 1108.Qq ssh -Q mac . 1109.It Cm NoHostAuthenticationForLocalhost 1110This option can be used if the home directory is shared across machines. 1111In this case localhost will refer to a different machine on each of 1112the machines and the user will get many warnings about changed host keys. 1113However, this option disables host authentication for localhost. 1114The argument to this keyword must be 1115.Cm yes 1116or 1117.Cm no 1118(the default). 1119.It Cm NumberOfPasswordPrompts 1120Specifies the number of password prompts before giving up. 1121The argument to this keyword must be an integer. 1122The default is 3. 1123.It Cm PasswordAuthentication 1124Specifies whether to use password authentication. 1125The argument to this keyword must be 1126.Cm yes 1127(the default) 1128or 1129.Cm no . 1130.It Cm PermitLocalCommand 1131Allow local command execution via the 1132.Ic LocalCommand 1133option or using the 1134.Ic !\& Ns Ar command 1135escape sequence in 1136.Xr ssh 1 . 1137The argument must be 1138.Cm yes 1139or 1140.Cm no 1141(the default). 1142.It Cm PKCS11Provider 1143Specifies which PKCS#11 provider to use. 1144The argument to this keyword is the PKCS#11 shared library 1145.Xr ssh 1 1146should use to communicate with a PKCS#11 token providing the user's 1147private RSA key. 1148.It Cm Port 1149Specifies the port number to connect on the remote host. 1150The default is 22. 1151.It Cm PreferredAuthentications 1152Specifies the order in which the client should try authentication methods. 1153This allows a client to prefer one method (e.g.\& 1154.Cm keyboard-interactive ) 1155over another method (e.g.\& 1156.Cm password ) . 1157The default is: 1158.Bd -literal -offset indent 1159gssapi-with-mic,hostbased,publickey, 1160keyboard-interactive,password 1161.Ed 1162.It Cm ProxyCommand 1163Specifies the command to use to connect to the server. 1164The command 1165string extends to the end of the line, and is executed 1166using the user's shell 1167.Ql exec 1168directive to avoid a lingering shell process. 1169.Pp 1170Arguments to 1171.Cm ProxyCommand 1172accept the tokens described in the 1173.Sx TOKENS 1174section. 1175The command can be basically anything, 1176and should read from its standard input and write to its standard output. 1177It should eventually connect an 1178.Xr sshd 8 1179server running on some machine, or execute 1180.Ic sshd -i 1181somewhere. 1182Host key management will be done using the 1183HostName of the host being connected (defaulting to the name typed by 1184the user). 1185Setting the command to 1186.Cm none 1187disables this option entirely. 1188Note that 1189.Cm CheckHostIP 1190is not available for connects with a proxy command. 1191.Pp 1192This directive is useful in conjunction with 1193.Xr nc 1 1194and its proxy support. 1195For example, the following directive would connect via an HTTP proxy at 1196192.0.2.0: 1197.Bd -literal -offset 3n 1198ProxyCommand /usr/bin/nc -X connect -x 192.0.2.0:8080 %h %p 1199.Ed 1200.It Cm ProxyJump 1201Specifies one or more jump proxies as 1202.Xo 1203.Sm off 1204.Op Ar user No @ 1205.Ar host 1206.Op : Ns Ar port 1207.Sm on 1208.Xc . 1209Multiple proxies may be separated by comma characters and will be visited 1210sequentially. 1211Setting this option will cause 1212.Xr ssh 1 1213to connect to the target host by first making a 1214.Xr ssh 1 1215connection to the specified 1216.Cm ProxyJump 1217host and then establishing a 1218TCP forwarding to the ultimate target from there. 1219.Pp 1220Note that this option will compete with the 1221.Cm ProxyCommand 1222option - whichever is specified first will prevent later instances of the 1223other from taking effect. 1224.It Cm ProxyUseFdpass 1225Specifies that 1226.Cm ProxyCommand 1227will pass a connected file descriptor back to 1228.Xr ssh 1 1229instead of continuing to execute and pass data. 1230The default is 1231.Cm no . 1232.It Cm PubkeyAcceptedKeyTypes 1233Specifies the key types that will be used for public key authentication 1234as a comma-separated pattern list. 1235Alternately if the specified value begins with a 1236.Sq + 1237character, then the key types after it will be appended to the default 1238instead of replacing it. 1239If the specified value begins with a 1240.Sq - 1241character, then the specified key types (including wildcards) will be removed 1242from the default set instead of replacing them. 1243The default for this option is: 1244.Bd -literal -offset 3n 1245ecdsa-sha2-nistp256-cert-v01@openssh.com, 1246ecdsa-sha2-nistp384-cert-v01@openssh.com, 1247ecdsa-sha2-nistp521-cert-v01@openssh.com, 1248ssh-ed25519-cert-v01@openssh.com, 1249ssh-rsa-cert-v01@openssh.com, 1250ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, 1251ssh-ed25519,ssh-rsa 1252.Ed 1253.Pp 1254The list of available key types may also be obtained using 1255.Qq ssh -Q key . 1256.It Cm PubkeyAuthentication 1257Specifies whether to try public key authentication. 1258The argument to this keyword must be 1259.Cm yes 1260(the default) 1261or 1262.Cm no . 1263.It Cm RekeyLimit 1264Specifies the maximum amount of data that may be transmitted before the 1265session key is renegotiated, optionally followed a maximum amount of 1266time that may pass before the session key is renegotiated. 1267The first argument is specified in bytes and may have a suffix of 1268.Sq K , 1269.Sq M , 1270or 1271.Sq G 1272to indicate Kilobytes, Megabytes, or Gigabytes, respectively. 1273The default is between 1274.Sq 1G 1275and 1276.Sq 4G , 1277depending on the cipher. 1278The optional second value is specified in seconds and may use any of the 1279units documented in the 1280.Sx TIME FORMATS 1281section of 1282.Xr sshd_config 5 . 1283The default value for 1284.Cm RekeyLimit 1285is 1286.Cm default none , 1287which means that rekeying is performed after the cipher's default amount 1288of data has been sent or received and no time based rekeying is done. 1289.It Cm RemoteCommand 1290Specifies a command to execute on the remote machine after successfully 1291connecting to the server. 1292The command string extends to the end of the line, and is executed with 1293the user's shell. 1294Arguments to 1295.Cm RemoteCommand 1296accept the tokens described in the 1297.Sx TOKENS 1298section. 1299.It Cm RemoteForward 1300Specifies that a TCP port on the remote machine be forwarded over 1301the secure channel. 1302The remote port may either be fowarded to a specified host and port 1303from the local machine, or may act as a SOCKS 4/5 proxy that allows a remote 1304client to connect to arbitrary destinations from the local machine. 1305The first argument must be 1306.Sm off 1307.Oo Ar bind_address : Oc Ar port 1308.Sm on 1309If forwarding to a specific destination then the second argument must be 1310.Ar host : Ns Ar hostport , 1311otherwise if no destination argument is specified then the remote forwarding 1312will be established as a SOCKS proxy. 1313.Pp 1314IPv6 addresses can be specified by enclosing addresses in square brackets. 1315Multiple forwardings may be specified, and additional 1316forwardings can be given on the command line. 1317Privileged ports can be forwarded only when 1318logging in as root on the remote machine. 1319.Pp 1320If the 1321.Ar port 1322argument is 0, 1323the listen port will be dynamically allocated on the server and reported 1324to the client at run time. 1325.Pp 1326If the 1327.Ar bind_address 1328is not specified, the default is to only bind to loopback addresses. 1329If the 1330.Ar bind_address 1331is 1332.Ql * 1333or an empty string, then the forwarding is requested to listen on all 1334interfaces. 1335Specifying a remote 1336.Ar bind_address 1337will only succeed if the server's 1338.Cm GatewayPorts 1339option is enabled (see 1340.Xr sshd_config 5 ) . 1341.It Cm RequestTTY 1342Specifies whether to request a pseudo-tty for the session. 1343The argument may be one of: 1344.Cm no 1345(never request a TTY), 1346.Cm yes 1347(always request a TTY when standard input is a TTY), 1348.Cm force 1349(always request a TTY) or 1350.Cm auto 1351(request a TTY when opening a login session). 1352This option mirrors the 1353.Fl t 1354and 1355.Fl T 1356flags for 1357.Xr ssh 1 . 1358.It Cm RevokedHostKeys 1359Specifies revoked host public keys. 1360Keys listed in this file will be refused for host authentication. 1361Note that if this file does not exist or is not readable, 1362then host authentication will be refused for all hosts. 1363Keys may be specified as a text file, listing one public key per line, or as 1364an OpenSSH Key Revocation List (KRL) as generated by 1365.Xr ssh-keygen 1 . 1366For more information on KRLs, see the KEY REVOCATION LISTS section in 1367.Xr ssh-keygen 1 . 1368.It Cm SendEnv 1369Specifies what variables from the local 1370.Xr environ 7 1371should be sent to the server. 1372The server must also support it, and the server must be configured to 1373accept these environment variables. 1374Note that the 1375.Ev TERM 1376environment variable is always sent whenever a 1377pseudo-terminal is requested as it is required by the protocol. 1378Refer to 1379.Cm AcceptEnv 1380in 1381.Xr sshd_config 5 1382for how to configure the server. 1383Variables are specified by name, which may contain wildcard characters. 1384Multiple environment variables may be separated by whitespace or spread 1385across multiple 1386.Cm SendEnv 1387directives. 1388The default is not to send any environment variables. 1389.Pp 1390See 1391.Sx PATTERNS 1392for more information on patterns. 1393.It Cm ServerAliveCountMax 1394Sets the number of server alive messages (see below) which may be 1395sent without 1396.Xr ssh 1 1397receiving any messages back from the server. 1398If this threshold is reached while server alive messages are being sent, 1399ssh will disconnect from the server, terminating the session. 1400It is important to note that the use of server alive messages is very 1401different from 1402.Cm TCPKeepAlive 1403(below). 1404The server alive messages are sent through the encrypted channel 1405and therefore will not be spoofable. 1406The TCP keepalive option enabled by 1407.Cm TCPKeepAlive 1408is spoofable. 1409The server alive mechanism is valuable when the client or 1410server depend on knowing when a connection has become inactive. 1411.Pp 1412The default value is 3. 1413If, for example, 1414.Cm ServerAliveInterval 1415(see below) is set to 15 and 1416.Cm ServerAliveCountMax 1417is left at the default, if the server becomes unresponsive, 1418ssh will disconnect after approximately 45 seconds. 1419.It Cm ServerAliveInterval 1420Sets a timeout interval in seconds after which if no data has been received 1421from the server, 1422.Xr ssh 1 1423will send a message through the encrypted 1424channel to request a response from the server. 1425The default 1426is 0, indicating that these messages will not be sent to the server. 1427.It Cm StreamLocalBindMask 1428Sets the octal file creation mode mask 1429.Pq umask 1430used when creating a Unix-domain socket file for local or remote 1431port forwarding. 1432This option is only used for port forwarding to a Unix-domain socket file. 1433.Pp 1434The default value is 0177, which creates a Unix-domain socket file that is 1435readable and writable only by the owner. 1436Note that not all operating systems honor the file mode on Unix-domain 1437socket files. 1438.It Cm StreamLocalBindUnlink 1439Specifies whether to remove an existing Unix-domain socket file for local 1440or remote port forwarding before creating a new one. 1441If the socket file already exists and 1442.Cm StreamLocalBindUnlink 1443is not enabled, 1444.Nm ssh 1445will be unable to forward the port to the Unix-domain socket file. 1446This option is only used for port forwarding to a Unix-domain socket file. 1447.Pp 1448The argument must be 1449.Cm yes 1450or 1451.Cm no 1452(the default). 1453.It Cm StrictHostKeyChecking 1454If this flag is set to 1455.Cm yes , 1456.Xr ssh 1 1457will never automatically add host keys to the 1458.Pa ~/.ssh/known_hosts 1459file, and refuses to connect to hosts whose host key has changed. 1460This provides maximum protection against trojan horse attacks, 1461though it can be annoying when the 1462.Pa /etc/ssh/ssh_known_hosts 1463file is poorly maintained or when connections to new hosts are 1464frequently made. 1465This option forces the user to manually 1466add all new hosts. 1467.Pp 1468If this flag is set to 1469.Dq accept-new 1470then ssh will automatically add new host keys to the user 1471known hosts files, but will not permit connections to hosts with 1472changed host keys. 1473If this flag is set to 1474.Dq no 1475or 1476.Dq off , 1477ssh will automatically add new host keys to the user known hosts files 1478and allow connections to hosts with changed hostkeys to proceed, 1479subject to some restrictions. 1480If this flag is set to 1481.Cm ask 1482(the default), 1483new host keys 1484will be added to the user known host files only after the user 1485has confirmed that is what they really want to do, and 1486ssh will refuse to connect to hosts whose host key has changed. 1487The host keys of 1488known hosts will be verified automatically in all cases. 1489.It Cm SyslogFacility 1490Gives the facility code that is used when logging messages from 1491.Xr ssh 1 . 1492The possible values are: DAEMON, USER, AUTH, LOCAL0, LOCAL1, LOCAL2, 1493LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7. 1494The default is USER. 1495.It Cm TCPKeepAlive 1496Specifies whether the system should send TCP keepalive messages to the 1497other side. 1498If they are sent, death of the connection or crash of one 1499of the machines will be properly noticed. 1500However, this means that 1501connections will die if the route is down temporarily, and some people 1502find it annoying. 1503.Pp 1504The default is 1505.Cm yes 1506(to send TCP keepalive messages), and the client will notice 1507if the network goes down or the remote host dies. 1508This is important in scripts, and many users want it too. 1509.Pp 1510To disable TCP keepalive messages, the value should be set to 1511.Cm no . 1512.It Cm Tunnel 1513Request 1514.Xr tun 4 1515device forwarding between the client and the server. 1516The argument must be 1517.Cm yes , 1518.Cm point-to-point 1519(layer 3), 1520.Cm ethernet 1521(layer 2), 1522or 1523.Cm no 1524(the default). 1525Specifying 1526.Cm yes 1527requests the default tunnel mode, which is 1528.Cm point-to-point . 1529.It Cm TunnelDevice 1530Specifies the 1531.Xr tun 4 1532devices to open on the client 1533.Pq Ar local_tun 1534and the server 1535.Pq Ar remote_tun . 1536.Pp 1537The argument must be 1538.Sm off 1539.Ar local_tun Op : Ar remote_tun . 1540.Sm on 1541The devices may be specified by numerical ID or the keyword 1542.Cm any , 1543which uses the next available tunnel device. 1544If 1545.Ar remote_tun 1546is not specified, it defaults to 1547.Cm any . 1548The default is 1549.Cm any:any . 1550.It Cm UpdateHostKeys 1551Specifies whether 1552.Xr ssh 1 1553should accept notifications of additional hostkeys from the server sent 1554after authentication has completed and add them to 1555.Cm UserKnownHostsFile . 1556The argument must be 1557.Cm yes , 1558.Cm no 1559(the default) or 1560.Cm ask . 1561Enabling this option allows learning alternate hostkeys for a server 1562and supports graceful key rotation by allowing a server to send replacement 1563public keys before old ones are removed. 1564Additional hostkeys are only accepted if the key used to authenticate the 1565host was already trusted or explicitly accepted by the user. 1566If 1567.Cm UpdateHostKeys 1568is set to 1569.Cm ask , 1570then the user is asked to confirm the modifications to the known_hosts file. 1571Confirmation is currently incompatible with 1572.Cm ControlPersist , 1573and will be disabled if it is enabled. 1574.Pp 1575Presently, only 1576.Xr sshd 8 1577from OpenSSH 6.8 and greater support the 1578.Qq hostkeys@openssh.com 1579protocol extension used to inform the client of all the server's hostkeys. 1580.It Cm UsePrivilegedPort 1581Specifies whether to use a privileged port for outgoing connections. 1582The argument must be 1583.Cm yes 1584or 1585.Cm no 1586(the default). 1587If set to 1588.Cm yes , 1589.Xr ssh 1 1590must be setuid root. 1591.It Cm User 1592Specifies the user to log in as. 1593This can be useful when a different user name is used on different machines. 1594This saves the trouble of 1595having to remember to give the user name on the command line. 1596.It Cm UserKnownHostsFile 1597Specifies one or more files to use for the user 1598host key database, separated by whitespace. 1599The default is 1600.Pa ~/.ssh/known_hosts , 1601.Pa ~/.ssh/known_hosts2 . 1602.It Cm VerifyHostKeyDNS 1603Specifies whether to verify the remote key using DNS and SSHFP resource 1604records. 1605If this option is set to 1606.Cm yes , 1607the client will implicitly trust keys that match a secure fingerprint 1608from DNS. 1609Insecure fingerprints will be handled as if this option was set to 1610.Cm ask . 1611If this option is set to 1612.Cm ask , 1613information on fingerprint match will be displayed, but the user will still 1614need to confirm new host keys according to the 1615.Cm StrictHostKeyChecking 1616option. 1617The default is 1618.Cm no . 1619.Pp 1620See also 1621.Sx VERIFYING HOST KEYS 1622in 1623.Xr ssh 1 . 1624.It Cm VisualHostKey 1625If this flag is set to 1626.Cm yes , 1627an ASCII art representation of the remote host key fingerprint is 1628printed in addition to the fingerprint string at login and 1629for unknown host keys. 1630If this flag is set to 1631.Cm no 1632(the default), 1633no fingerprint strings are printed at login and 1634only the fingerprint string will be printed for unknown host keys. 1635.It Cm XAuthLocation 1636Specifies the full pathname of the 1637.Xr xauth 1 1638program. 1639The default is 1640.Pa /usr/X11R6/bin/xauth . 1641.El 1642.Sh PATTERNS 1643A 1644.Em pattern 1645consists of zero or more non-whitespace characters, 1646.Sq * 1647(a wildcard that matches zero or more characters), 1648or 1649.Sq ?\& 1650(a wildcard that matches exactly one character). 1651For example, to specify a set of declarations for any host in the 1652.Qq .co.uk 1653set of domains, 1654the following pattern could be used: 1655.Pp 1656.Dl Host *.co.uk 1657.Pp 1658The following pattern 1659would match any host in the 192.168.0.[0-9] network range: 1660.Pp 1661.Dl Host 192.168.0.? 1662.Pp 1663A 1664.Em pattern-list 1665is a comma-separated list of patterns. 1666Patterns within pattern-lists may be negated 1667by preceding them with an exclamation mark 1668.Pq Sq !\& . 1669For example, 1670to allow a key to be used from anywhere within an organization 1671except from the 1672.Qq dialup 1673pool, 1674the following entry (in authorized_keys) could be used: 1675.Pp 1676.Dl from=\&"!*.dialup.example.com,*.example.com\&" 1677.Sh TOKENS 1678Arguments to some keywords can make use of tokens, 1679which are expanded at runtime: 1680.Pp 1681.Bl -tag -width XXXX -offset indent -compact 1682.It %% 1683A literal 1684.Sq % . 1685.It \&%C 1686Shorthand for %l%h%p%r. 1687.It %d 1688Local user's home directory. 1689.It %h 1690The remote hostname. 1691.It %i 1692The local user ID. 1693.It %L 1694The local hostname. 1695.It %l 1696The local hostname, including the domain name. 1697.It %n 1698The original remote hostname, as given on the command line. 1699.It %p 1700The remote port. 1701.It %r 1702The remote username. 1703.It %u 1704The local username. 1705.El 1706.Pp 1707.Cm Match exec 1708accepts the tokens %%, %h, %L, %l, %n, %p, %r, and %u. 1709.Pp 1710.Cm CertificateFile 1711accepts the tokens %%, %d, %h, %l, %r, and %u. 1712.Pp 1713.Cm ControlPath 1714accepts the tokens %%, %C, %h, %i, %L, %l, %n, %p, %r, and %u. 1715.Pp 1716.Cm HostName 1717accepts the tokens %% and %h. 1718.Pp 1719.Cm IdentityAgent 1720and 1721.Cm IdentityFile 1722accept the tokens %%, %d, %h, %l, %r, and %u. 1723.Pp 1724.Cm LocalCommand 1725accepts the tokens %%, %C, %d, %h, %l, %n, %p, %r, and %u. 1726.Pp 1727.Cm ProxyCommand 1728accepts the tokens %%, %h, %p, and %r. 1729.Pp 1730.Cm RemoteCommand 1731accepts the tokens %%, %C, %d, %h, %l, %n, %p, %r, and %u. 1732.Sh FILES 1733.Bl -tag -width Ds 1734.It Pa ~/.ssh/config 1735This is the per-user configuration file. 1736The format of this file is described above. 1737This file is used by the SSH client. 1738Because of the potential for abuse, this file must have strict permissions: 1739read/write for the user, and not accessible by others. 1740.It Pa /etc/ssh/ssh_config 1741Systemwide configuration file. 1742This file provides defaults for those 1743values that are not specified in the user's configuration file, and 1744for those users who do not have a configuration file. 1745This file must be world-readable. 1746.El 1747.Sh SEE ALSO 1748.Xr ssh 1 1749.Sh AUTHORS 1750.An -nosplit 1751OpenSSH is a derivative of the original and free 1752ssh 1.2.12 release by 1753.An Tatu Ylonen . 1754.An Aaron Campbell , Bob Beck , Markus Friedl , 1755.An Niels Provos , Theo de Raadt 1756and 1757.An Dug Song 1758removed many bugs, re-added newer features and 1759created OpenSSH. 1760.An Markus Friedl 1761contributed the support for SSH protocol versions 1.5 and 2.0. 1762