1.\" 2.\" Author: Tatu Ylonen <ylo@cs.hut.fi> 3.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4.\" All rights reserved 5.\" 6.\" As far as I am concerned, the code I have written for this software 7.\" can be used freely for any purpose. Any derived versions of this 8.\" software must be clearly marked as such, and if the derived work is 9.\" incompatible with the protocol description in the RFC file, it must be 10.\" called by a name other than "ssh" or "Secure Shell". 11.\" 12.\" Copyright (c) 1999,2000 Markus Friedl. All rights reserved. 13.\" Copyright (c) 1999 Aaron Campbell. All rights reserved. 14.\" Copyright (c) 1999 Theo de Raadt. All rights reserved. 15.\" 16.\" Redistribution and use in source and binary forms, with or without 17.\" modification, are permitted provided that the following conditions 18.\" are met: 19.\" 1. Redistributions of source code must retain the above copyright 20.\" notice, this list of conditions and the following disclaimer. 21.\" 2. Redistributions in binary form must reproduce the above copyright 22.\" notice, this list of conditions and the following disclaimer in the 23.\" documentation and/or other materials provided with the distribution. 24.\" 25.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 26.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 27.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 28.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 29.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 30.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 31.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 32.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 33.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 34.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 35.\" 36.\" $OpenBSD: ssh_config.5,v 1.292 2019/03/01 02:16:47 djm Exp $ 37.Dd $Mdocdate: March 1 2019 $ 38.Dt SSH_CONFIG 5 39.Os 40.Sh NAME 41.Nm ssh_config 42.Nd OpenSSH SSH client configuration files 43.Sh DESCRIPTION 44.Xr ssh 1 45obtains configuration data from the following sources in 46the following order: 47.Pp 48.Bl -enum -offset indent -compact 49.It 50command-line options 51.It 52user's configuration file 53.Pq Pa ~/.ssh/config 54.It 55system-wide configuration file 56.Pq Pa /etc/ssh/ssh_config 57.El 58.Pp 59For each parameter, the first obtained value 60will be used. 61The configuration files contain sections separated by 62.Cm Host 63specifications, and that section is only applied for hosts that 64match one of the patterns given in the specification. 65The matched host name is usually the one given on the command line 66(see the 67.Cm CanonicalizeHostname 68option for exceptions). 69.Pp 70Since the first obtained value for each parameter is used, more 71host-specific declarations should be given near the beginning of the 72file, and general defaults at the end. 73.Pp 74The file contains keyword-argument pairs, one per line. 75Lines starting with 76.Ql # 77and empty lines are interpreted as comments. 78Arguments may optionally be enclosed in double quotes 79.Pq \&" 80in order to represent arguments containing spaces. 81Configuration options may be separated by whitespace or 82optional whitespace and exactly one 83.Ql = ; 84the latter format is useful to avoid the need to quote whitespace 85when specifying configuration options using the 86.Nm ssh , 87.Nm scp , 88and 89.Nm sftp 90.Fl o 91option. 92.Pp 93The possible 94keywords and their meanings are as follows (note that 95keywords are case-insensitive and arguments are case-sensitive): 96.Bl -tag -width Ds 97.It Cm Host 98Restricts the following declarations (up to the next 99.Cm Host 100or 101.Cm Match 102keyword) to be only for those hosts that match one of the patterns 103given after the keyword. 104If more than one pattern is provided, they should be separated by whitespace. 105A single 106.Ql * 107as a pattern can be used to provide global 108defaults for all hosts. 109The host is usually the 110.Ar hostname 111argument given on the command line 112(see the 113.Cm CanonicalizeHostname 114keyword for exceptions). 115.Pp 116A pattern entry may be negated by prefixing it with an exclamation mark 117.Pq Sq !\& . 118If a negated entry is matched, then the 119.Cm Host 120entry is ignored, regardless of whether any other patterns on the line 121match. 122Negated matches are therefore useful to provide exceptions for wildcard 123matches. 124.Pp 125See 126.Sx PATTERNS 127for more information on patterns. 128.It Cm Match 129Restricts the following declarations (up to the next 130.Cm Host 131or 132.Cm Match 133keyword) to be used only when the conditions following the 134.Cm Match 135keyword are satisfied. 136Match conditions are specified using one or more criteria 137or the single token 138.Cm all 139which always matches. 140The available criteria keywords are: 141.Cm canonical , 142.Cm final , 143.Cm exec , 144.Cm host , 145.Cm originalhost , 146.Cm user , 147and 148.Cm localuser . 149The 150.Cm all 151criteria must appear alone or immediately after 152.Cm canonical 153or 154.Cm final . 155Other criteria may be combined arbitrarily. 156All criteria but 157.Cm all , 158.Cm canonical , 159and 160.Cm final 161require an argument. 162Criteria may be negated by prepending an exclamation mark 163.Pq Sq !\& . 164.Pp 165The 166.Cm canonical 167keyword matches only when the configuration file is being re-parsed 168after hostname canonicalization (see the 169.Cm CanonicalizeHostname 170option). 171This may be useful to specify conditions that work with canonical host 172names only. 173.Pp 174The 175.Cm final 176keyword requests that the configuration be re-parsed (regardless of whether 177.Cm CanonicalizeHostname 178is enabled), and matches only during this final pass. 179If 180.Cm CanonicalizeHostname 181is enabled, then 182.Cm canonical 183and 184.Cm final 185match during the same pass. 186.Pp 187The 188.Cm exec 189keyword executes the specified command under the user's shell. 190If the command returns a zero exit status then the condition is considered true. 191Commands containing whitespace characters must be quoted. 192Arguments to 193.Cm exec 194accept the tokens described in the 195.Sx TOKENS 196section. 197.Pp 198The other keywords' criteria must be single entries or comma-separated 199lists and may use the wildcard and negation operators described in the 200.Sx PATTERNS 201section. 202The criteria for the 203.Cm host 204keyword are matched against the target hostname, after any substitution 205by the 206.Cm Hostname 207or 208.Cm CanonicalizeHostname 209options. 210The 211.Cm originalhost 212keyword matches against the hostname as it was specified on the command-line. 213The 214.Cm user 215keyword matches against the target username on the remote host. 216The 217.Cm localuser 218keyword matches against the name of the local user running 219.Xr ssh 1 220(this keyword may be useful in system-wide 221.Nm 222files). 223.It Cm AddKeysToAgent 224Specifies whether keys should be automatically added to a running 225.Xr ssh-agent 1 . 226If this option is set to 227.Cm yes 228and a key is loaded from a file, the key and its passphrase are added to 229the agent with the default lifetime, as if by 230.Xr ssh-add 1 . 231If this option is set to 232.Cm ask , 233.Xr ssh 1 234will require confirmation using the 235.Ev SSH_ASKPASS 236program before adding a key (see 237.Xr ssh-add 1 238for details). 239If this option is set to 240.Cm confirm , 241each use of the key must be confirmed, as if the 242.Fl c 243option was specified to 244.Xr ssh-add 1 . 245If this option is set to 246.Cm no , 247no keys are added to the agent. 248The argument must be 249.Cm yes , 250.Cm confirm , 251.Cm ask , 252or 253.Cm no 254(the default). 255.It Cm AddressFamily 256Specifies which address family to use when connecting. 257Valid arguments are 258.Cm any 259(the default), 260.Cm inet 261(use IPv4 only), or 262.Cm inet6 263(use IPv6 only). 264.It Cm BatchMode 265If set to 266.Cm yes , 267passphrase/password querying will be disabled. 268This option is useful in scripts and other batch jobs where no user 269is present to supply the password. 270The argument must be 271.Cm yes 272or 273.Cm no 274(the default). 275.It Cm BindAddress 276Use the specified address on the local machine as the source address of 277the connection. 278Only useful on systems with more than one address. 279.It Cm BindInterface 280Use the address of the specified interface on the local machine as the 281source address of the connection. 282.It Cm CanonicalDomains 283When 284.Cm CanonicalizeHostname 285is enabled, this option specifies the list of domain suffixes in which to 286search for the specified destination host. 287.It Cm CanonicalizeFallbackLocal 288Specifies whether to fail with an error when hostname canonicalization fails. 289The default, 290.Cm yes , 291will attempt to look up the unqualified hostname using the system resolver's 292search rules. 293A value of 294.Cm no 295will cause 296.Xr ssh 1 297to fail instantly if 298.Cm CanonicalizeHostname 299is enabled and the target hostname cannot be found in any of the domains 300specified by 301.Cm CanonicalDomains . 302.It Cm CanonicalizeHostname 303Controls whether explicit hostname canonicalization is performed. 304The default, 305.Cm no , 306is not to perform any name rewriting and let the system resolver handle all 307hostname lookups. 308If set to 309.Cm yes 310then, for connections that do not use a 311.Cm ProxyCommand 312or 313.Cm ProxyJump , 314.Xr ssh 1 315will attempt to canonicalize the hostname specified on the command line 316using the 317.Cm CanonicalDomains 318suffixes and 319.Cm CanonicalizePermittedCNAMEs 320rules. 321If 322.Cm CanonicalizeHostname 323is set to 324.Cm always , 325then canonicalization is applied to proxied connections too. 326.Pp 327If this option is enabled, then the configuration files are processed 328again using the new target name to pick up any new configuration in matching 329.Cm Host 330and 331.Cm Match 332stanzas. 333.It Cm CanonicalizeMaxDots 334Specifies the maximum number of dot characters in a hostname before 335canonicalization is disabled. 336The default, 1, 337allows a single dot (i.e. hostname.subdomain). 338.It Cm CanonicalizePermittedCNAMEs 339Specifies rules to determine whether CNAMEs should be followed when 340canonicalizing hostnames. 341The rules consist of one or more arguments of 342.Ar source_domain_list : Ns Ar target_domain_list , 343where 344.Ar source_domain_list 345is a pattern-list of domains that may follow CNAMEs in canonicalization, 346and 347.Ar target_domain_list 348is a pattern-list of domains that they may resolve to. 349.Pp 350For example, 351.Qq *.a.example.com:*.b.example.com,*.c.example.com 352will allow hostnames matching 353.Qq *.a.example.com 354to be canonicalized to names in the 355.Qq *.b.example.com 356or 357.Qq *.c.example.com 358domains. 359.It Cm CASignatureAlgorithms 360Specifies which algorithms are allowed for signing of certificates 361by certificate authorities (CAs). 362The default is: 363.Bd -literal -offset indent 364ecdsa-sha2-nistp256.ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, 365ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa 366.Ed 367.Pp 368.Xr ssh 1 369will not accept host certificates signed using algorithms other than those 370specified. 371.It Cm CertificateFile 372Specifies a file from which the user's certificate is read. 373A corresponding private key must be provided separately in order 374to use this certificate either 375from an 376.Cm IdentityFile 377directive or 378.Fl i 379flag to 380.Xr ssh 1 , 381via 382.Xr ssh-agent 1 , 383or via a 384.Cm PKCS11Provider . 385.Pp 386Arguments to 387.Cm CertificateFile 388may use the tilde syntax to refer to a user's home directory 389or the tokens described in the 390.Sx TOKENS 391section. 392.Pp 393It is possible to have multiple certificate files specified in 394configuration files; these certificates will be tried in sequence. 395Multiple 396.Cm CertificateFile 397directives will add to the list of certificates used for 398authentication. 399.It Cm ChallengeResponseAuthentication 400Specifies whether to use challenge-response authentication. 401The argument to this keyword must be 402.Cm yes 403(the default) 404or 405.Cm no . 406.It Cm CheckHostIP 407If set to 408.Cm yes 409(the default), 410.Xr ssh 1 411will additionally check the host IP address in the 412.Pa known_hosts 413file. 414This allows it to detect if a host key changed due to DNS spoofing 415and will add addresses of destination hosts to 416.Pa ~/.ssh/known_hosts 417in the process, regardless of the setting of 418.Cm StrictHostKeyChecking . 419If the option is set to 420.Cm no , 421the check will not be executed. 422.It Cm Ciphers 423Specifies the ciphers allowed and their order of preference. 424Multiple ciphers must be comma-separated. 425If the specified value begins with a 426.Sq + 427character, then the specified ciphers will be appended to the default set 428instead of replacing them. 429If the specified value begins with a 430.Sq - 431character, then the specified ciphers (including wildcards) will be removed 432from the default set instead of replacing them. 433.Pp 434The supported ciphers are: 435.Bd -literal -offset indent 4363des-cbc 437aes128-cbc 438aes192-cbc 439aes256-cbc 440aes128-ctr 441aes192-ctr 442aes256-ctr 443aes128-gcm@openssh.com 444aes256-gcm@openssh.com 445chacha20-poly1305@openssh.com 446.Ed 447.Pp 448The default is: 449.Bd -literal -offset indent 450chacha20-poly1305@openssh.com, 451aes128-ctr,aes192-ctr,aes256-ctr, 452aes128-gcm@openssh.com,aes256-gcm@openssh.com 453.Ed 454.Pp 455The list of available ciphers may also be obtained using 456.Qq ssh -Q cipher . 457.It Cm ClearAllForwardings 458Specifies that all local, remote, and dynamic port forwardings 459specified in the configuration files or on the command line be 460cleared. 461This option is primarily useful when used from the 462.Xr ssh 1 463command line to clear port forwardings set in 464configuration files, and is automatically set by 465.Xr scp 1 466and 467.Xr sftp 1 . 468The argument must be 469.Cm yes 470or 471.Cm no 472(the default). 473.It Cm Compression 474Specifies whether to use compression. 475The argument must be 476.Cm yes 477or 478.Cm no 479(the default). 480.It Cm ConnectionAttempts 481Specifies the number of tries (one per second) to make before exiting. 482The argument must be an integer. 483This may be useful in scripts if the connection sometimes fails. 484The default is 1. 485.It Cm ConnectTimeout 486Specifies the timeout (in seconds) used when connecting to the 487SSH server, instead of using the default system TCP timeout. 488This value is used only when the target is down or really unreachable, 489not when it refuses the connection. 490.It Cm ControlMaster 491Enables the sharing of multiple sessions over a single network connection. 492When set to 493.Cm yes , 494.Xr ssh 1 495will listen for connections on a control socket specified using the 496.Cm ControlPath 497argument. 498Additional sessions can connect to this socket using the same 499.Cm ControlPath 500with 501.Cm ControlMaster 502set to 503.Cm no 504(the default). 505These sessions will try to reuse the master instance's network connection 506rather than initiating new ones, but will fall back to connecting normally 507if the control socket does not exist, or is not listening. 508.Pp 509Setting this to 510.Cm ask 511will cause 512.Xr ssh 1 513to listen for control connections, but require confirmation using 514.Xr ssh-askpass 1 . 515If the 516.Cm ControlPath 517cannot be opened, 518.Xr ssh 1 519will continue without connecting to a master instance. 520.Pp 521X11 and 522.Xr ssh-agent 1 523forwarding is supported over these multiplexed connections, however the 524display and agent forwarded will be the one belonging to the master 525connection i.e. it is not possible to forward multiple displays or agents. 526.Pp 527Two additional options allow for opportunistic multiplexing: try to use a 528master connection but fall back to creating a new one if one does not already 529exist. 530These options are: 531.Cm auto 532and 533.Cm autoask . 534The latter requires confirmation like the 535.Cm ask 536option. 537.It Cm ControlPath 538Specify the path to the control socket used for connection sharing as described 539in the 540.Cm ControlMaster 541section above or the string 542.Cm none 543to disable connection sharing. 544Arguments to 545.Cm ControlPath 546may use the tilde syntax to refer to a user's home directory 547or the tokens described in the 548.Sx TOKENS 549section. 550It is recommended that any 551.Cm ControlPath 552used for opportunistic connection sharing include 553at least %h, %p, and %r (or alternatively %C) and be placed in a directory 554that is not writable by other users. 555This ensures that shared connections are uniquely identified. 556.It Cm ControlPersist 557When used in conjunction with 558.Cm ControlMaster , 559specifies that the master connection should remain open 560in the background (waiting for future client connections) 561after the initial client connection has been closed. 562If set to 563.Cm no , 564then the master connection will not be placed into the background, 565and will close as soon as the initial client connection is closed. 566If set to 567.Cm yes 568or 0, 569then the master connection will remain in the background indefinitely 570(until killed or closed via a mechanism such as the 571.Qq ssh -O exit ) . 572If set to a time in seconds, or a time in any of the formats documented in 573.Xr sshd_config 5 , 574then the backgrounded master connection will automatically terminate 575after it has remained idle (with no client connections) for the 576specified time. 577.It Cm DynamicForward 578Specifies that a TCP port on the local machine be forwarded 579over the secure channel, and the application 580protocol is then used to determine where to connect to from the 581remote machine. 582.Pp 583The argument must be 584.Sm off 585.Oo Ar bind_address : Oc Ar port . 586.Sm on 587IPv6 addresses can be specified by enclosing addresses in square brackets. 588By default, the local port is bound in accordance with the 589.Cm GatewayPorts 590setting. 591However, an explicit 592.Ar bind_address 593may be used to bind the connection to a specific address. 594The 595.Ar bind_address 596of 597.Cm localhost 598indicates that the listening port be bound for local use only, while an 599empty address or 600.Sq * 601indicates that the port should be available from all interfaces. 602.Pp 603Currently the SOCKS4 and SOCKS5 protocols are supported, and 604.Xr ssh 1 605will act as a SOCKS server. 606Multiple forwardings may be specified, and 607additional forwardings can be given on the command line. 608Only the superuser can forward privileged ports. 609.It Cm EnableSSHKeysign 610Setting this option to 611.Cm yes 612in the global client configuration file 613.Pa /etc/ssh/ssh_config 614enables the use of the helper program 615.Xr ssh-keysign 8 616during 617.Cm HostbasedAuthentication . 618The argument must be 619.Cm yes 620or 621.Cm no 622(the default). 623This option should be placed in the non-hostspecific section. 624See 625.Xr ssh-keysign 8 626for more information. 627.It Cm EscapeChar 628Sets the escape character (default: 629.Ql ~ ) . 630The escape character can also 631be set on the command line. 632The argument should be a single character, 633.Ql ^ 634followed by a letter, or 635.Cm none 636to disable the escape 637character entirely (making the connection transparent for binary 638data). 639.It Cm ExitOnForwardFailure 640Specifies whether 641.Xr ssh 1 642should terminate the connection if it cannot set up all requested 643dynamic, tunnel, local, and remote port forwardings, (e.g.\& 644if either end is unable to bind and listen on a specified port). 645Note that 646.Cm ExitOnForwardFailure 647does not apply to connections made over port forwardings and will not, 648for example, cause 649.Xr ssh 1 650to exit if TCP connections to the ultimate forwarding destination fail. 651The argument must be 652.Cm yes 653or 654.Cm no 655(the default). 656.It Cm FingerprintHash 657Specifies the hash algorithm used when displaying key fingerprints. 658Valid options are: 659.Cm md5 660and 661.Cm sha256 662(the default). 663.It Cm ForwardAgent 664Specifies whether the connection to the authentication agent (if any) 665will be forwarded to the remote machine. 666The argument must be 667.Cm yes 668or 669.Cm no 670(the default). 671.Pp 672Agent forwarding should be enabled with caution. 673Users with the ability to bypass file permissions on the remote host 674(for the agent's Unix-domain socket) 675can access the local agent through the forwarded connection. 676An attacker cannot obtain key material from the agent, 677however they can perform operations on the keys that enable them to 678authenticate using the identities loaded into the agent. 679.It Cm ForwardX11 680Specifies whether X11 connections will be automatically redirected 681over the secure channel and 682.Ev DISPLAY 683set. 684The argument must be 685.Cm yes 686or 687.Cm no 688(the default). 689.Pp 690X11 forwarding should be enabled with caution. 691Users with the ability to bypass file permissions on the remote host 692(for the user's X11 authorization database) 693can access the local X11 display through the forwarded connection. 694An attacker may then be able to perform activities such as keystroke monitoring 695if the 696.Cm ForwardX11Trusted 697option is also enabled. 698.It Cm ForwardX11Timeout 699Specify a timeout for untrusted X11 forwarding 700using the format described in the 701.Sx TIME FORMATS 702section of 703.Xr sshd_config 5 . 704X11 connections received by 705.Xr ssh 1 706after this time will be refused. 707Setting 708.Cm ForwardX11Timeout 709to zero will disable the timeout and permit X11 forwarding for the life 710of the connection. 711The default is to disable untrusted X11 forwarding after twenty minutes has 712elapsed. 713.It Cm ForwardX11Trusted 714If this option is set to 715.Cm yes , 716remote X11 clients will have full access to the original X11 display. 717.Pp 718If this option is set to 719.Cm no 720(the default), 721remote X11 clients will be considered untrusted and prevented 722from stealing or tampering with data belonging to trusted X11 723clients. 724Furthermore, the 725.Xr xauth 1 726token used for the session will be set to expire after 20 minutes. 727Remote clients will be refused access after this time. 728.Pp 729See the X11 SECURITY extension specification for full details on 730the restrictions imposed on untrusted clients. 731.It Cm GatewayPorts 732Specifies whether remote hosts are allowed to connect to local 733forwarded ports. 734By default, 735.Xr ssh 1 736binds local port forwardings to the loopback address. 737This prevents other remote hosts from connecting to forwarded ports. 738.Cm GatewayPorts 739can be used to specify that ssh 740should bind local port forwardings to the wildcard address, 741thus allowing remote hosts to connect to forwarded ports. 742The argument must be 743.Cm yes 744or 745.Cm no 746(the default). 747.It Cm GlobalKnownHostsFile 748Specifies one or more files to use for the global 749host key database, separated by whitespace. 750The default is 751.Pa /etc/ssh/ssh_known_hosts , 752.Pa /etc/ssh/ssh_known_hosts2 . 753.It Cm GSSAPIAuthentication 754Specifies whether user authentication based on GSSAPI is allowed. 755The default is 756.Cm no . 757.It Cm GSSAPIDelegateCredentials 758Forward (delegate) credentials to the server. 759The default is 760.Cm no . 761.It Cm HashKnownHosts 762Indicates that 763.Xr ssh 1 764should hash host names and addresses when they are added to 765.Pa ~/.ssh/known_hosts . 766These hashed names may be used normally by 767.Xr ssh 1 768and 769.Xr sshd 8 , 770but they do not reveal identifying information should the file's contents 771be disclosed. 772The default is 773.Cm no . 774Note that existing names and addresses in known hosts files 775will not be converted automatically, 776but may be manually hashed using 777.Xr ssh-keygen 1 . 778.It Cm HostbasedAuthentication 779Specifies whether to try rhosts based authentication with public key 780authentication. 781The argument must be 782.Cm yes 783or 784.Cm no 785(the default). 786.It Cm HostbasedKeyTypes 787Specifies the key types that will be used for hostbased authentication 788as a comma-separated list of patterns. 789Alternately if the specified value begins with a 790.Sq + 791character, then the specified key types will be appended to the default set 792instead of replacing them. 793If the specified value begins with a 794.Sq - 795character, then the specified key types (including wildcards) will be removed 796from the default set instead of replacing them. 797The default for this option is: 798.Bd -literal -offset 3n 799ecdsa-sha2-nistp256-cert-v01@openssh.com, 800ecdsa-sha2-nistp384-cert-v01@openssh.com, 801ecdsa-sha2-nistp521-cert-v01@openssh.com, 802ssh-ed25519-cert-v01@openssh.com, 803rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com, 804ssh-rsa-cert-v01@openssh.com, 805ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, 806ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa 807.Ed 808.Pp 809The 810.Fl Q 811option of 812.Xr ssh 1 813may be used to list supported key types. 814.It Cm HostKeyAlgorithms 815Specifies the host key algorithms 816that the client wants to use in order of preference. 817Alternately if the specified value begins with a 818.Sq + 819character, then the specified key types will be appended to the default set 820instead of replacing them. 821If the specified value begins with a 822.Sq - 823character, then the specified key types (including wildcards) will be removed 824from the default set instead of replacing them. 825The default for this option is: 826.Bd -literal -offset 3n 827ecdsa-sha2-nistp256-cert-v01@openssh.com, 828ecdsa-sha2-nistp384-cert-v01@openssh.com, 829ecdsa-sha2-nistp521-cert-v01@openssh.com, 830ssh-ed25519-cert-v01@openssh.com, 831rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com, 832ssh-rsa-cert-v01@openssh.com, 833ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, 834ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa 835.Ed 836.Pp 837If hostkeys are known for the destination host then this default is modified 838to prefer their algorithms. 839.Pp 840The list of available key types may also be obtained using 841.Qq ssh -Q key . 842.It Cm HostKeyAlias 843Specifies an alias that should be used instead of the 844real host name when looking up or saving the host key 845in the host key database files and when validating host certificates. 846This option is useful for tunneling SSH connections 847or for multiple servers running on a single host. 848.It Cm HostName 849Specifies the real host name to log into. 850This can be used to specify nicknames or abbreviations for hosts. 851Arguments to 852.Cm HostName 853accept the tokens described in the 854.Sx TOKENS 855section. 856Numeric IP addresses are also permitted (both on the command line and in 857.Cm HostName 858specifications). 859The default is the name given on the command line. 860.It Cm IdentitiesOnly 861Specifies that 862.Xr ssh 1 863should only use the authentication identity and certificate files explicitly 864configured in the 865.Nm 866files 867or passed on the 868.Xr ssh 1 869command-line, 870even if 871.Xr ssh-agent 1 872or a 873.Cm PKCS11Provider 874offers more identities. 875The argument to this keyword must be 876.Cm yes 877or 878.Cm no 879(the default). 880This option is intended for situations where ssh-agent 881offers many different identities. 882.It Cm IdentityAgent 883Specifies the 884.Ux Ns -domain 885socket used to communicate with the authentication agent. 886.Pp 887This option overrides the 888.Ev SSH_AUTH_SOCK 889environment variable and can be used to select a specific agent. 890Setting the socket name to 891.Cm none 892disables the use of an authentication agent. 893If the string 894.Qq SSH_AUTH_SOCK 895is specified, the location of the socket will be read from the 896.Ev SSH_AUTH_SOCK 897environment variable. 898Otherwise if the specified value begins with a 899.Sq $ 900character, then it will be treated as an environment variable containing 901the location of the socket. 902.Pp 903Arguments to 904.Cm IdentityAgent 905may use the tilde syntax to refer to a user's home directory 906or the tokens described in the 907.Sx TOKENS 908section. 909.It Cm IdentityFile 910Specifies a file from which the user's DSA, ECDSA, Ed25519 or RSA authentication 911identity is read. 912The default is 913.Pa ~/.ssh/id_dsa , 914.Pa ~/.ssh/id_ecdsa , 915.Pa ~/.ssh/id_ed25519 916and 917.Pa ~/.ssh/id_rsa . 918Additionally, any identities represented by the authentication agent 919will be used for authentication unless 920.Cm IdentitiesOnly 921is set. 922If no certificates have been explicitly specified by 923.Cm CertificateFile , 924.Xr ssh 1 925will try to load certificate information from the filename obtained by 926appending 927.Pa -cert.pub 928to the path of a specified 929.Cm IdentityFile . 930.Pp 931Arguments to 932.Cm IdentityFile 933may use the tilde syntax to refer to a user's home directory 934or the tokens described in the 935.Sx TOKENS 936section. 937.Pp 938It is possible to have 939multiple identity files specified in configuration files; all these 940identities will be tried in sequence. 941Multiple 942.Cm IdentityFile 943directives will add to the list of identities tried (this behaviour 944differs from that of other configuration directives). 945.Pp 946.Cm IdentityFile 947may be used in conjunction with 948.Cm IdentitiesOnly 949to select which identities in an agent are offered during authentication. 950.Cm IdentityFile 951may also be used in conjunction with 952.Cm CertificateFile 953in order to provide any certificate also needed for authentication with 954the identity. 955.It Cm IgnoreUnknown 956Specifies a pattern-list of unknown options to be ignored if they are 957encountered in configuration parsing. 958This may be used to suppress errors if 959.Nm 960contains options that are unrecognised by 961.Xr ssh 1 . 962It is recommended that 963.Cm IgnoreUnknown 964be listed early in the configuration file as it will not be applied 965to unknown options that appear before it. 966.It Cm Include 967Include the specified configuration file(s). 968Multiple pathnames may be specified and each pathname may contain 969.Xr glob 7 970wildcards and, for user configurations, shell-like 971.Sq ~ 972references to user home directories. 973Files without absolute paths are assumed to be in 974.Pa ~/.ssh 975if included in a user configuration file or 976.Pa /etc/ssh 977if included from the system configuration file. 978.Cm Include 979directive may appear inside a 980.Cm Match 981or 982.Cm Host 983block 984to perform conditional inclusion. 985.It Cm IPQoS 986Specifies the IPv4 type-of-service or DSCP class for connections. 987Accepted values are 988.Cm af11 , 989.Cm af12 , 990.Cm af13 , 991.Cm af21 , 992.Cm af22 , 993.Cm af23 , 994.Cm af31 , 995.Cm af32 , 996.Cm af33 , 997.Cm af41 , 998.Cm af42 , 999.Cm af43 , 1000.Cm cs0 , 1001.Cm cs1 , 1002.Cm cs2 , 1003.Cm cs3 , 1004.Cm cs4 , 1005.Cm cs5 , 1006.Cm cs6 , 1007.Cm cs7 , 1008.Cm ef , 1009.Cm lowdelay , 1010.Cm throughput , 1011.Cm reliability , 1012a numeric value, or 1013.Cm none 1014to use the operating system default. 1015This option may take one or two arguments, separated by whitespace. 1016If one argument is specified, it is used as the packet class unconditionally. 1017If two values are specified, the first is automatically selected for 1018interactive sessions and the second for non-interactive sessions. 1019The default is 1020.Cm af21 1021(Low-Latency Data) 1022for interactive sessions and 1023.Cm cs1 1024(Lower Effort) 1025for non-interactive sessions. 1026.It Cm KbdInteractiveAuthentication 1027Specifies whether to use keyboard-interactive authentication. 1028The argument to this keyword must be 1029.Cm yes 1030(the default) 1031or 1032.Cm no . 1033.It Cm KbdInteractiveDevices 1034Specifies the list of methods to use in keyboard-interactive authentication. 1035Multiple method names must be comma-separated. 1036The default is to use the server specified list. 1037The methods available vary depending on what the server supports. 1038For an OpenSSH server, 1039it may be zero or more of: 1040.Cm bsdauth 1041and 1042.Cm pam . 1043.It Cm KexAlgorithms 1044Specifies the available KEX (Key Exchange) algorithms. 1045Multiple algorithms must be comma-separated. 1046Alternately if the specified value begins with a 1047.Sq + 1048character, then the specified methods will be appended to the default set 1049instead of replacing them. 1050If the specified value begins with a 1051.Sq - 1052character, then the specified methods (including wildcards) will be removed 1053from the default set instead of replacing them. 1054The default is: 1055.Bd -literal -offset indent 1056curve25519-sha256,curve25519-sha256@libssh.org, 1057ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521, 1058diffie-hellman-group-exchange-sha256, 1059diffie-hellman-group16-sha512, 1060diffie-hellman-group18-sha512, 1061diffie-hellman-group14-sha256, 1062diffie-hellman-group14-sha1 1063.Ed 1064.Pp 1065The list of available key exchange algorithms may also be obtained using 1066.Qq ssh -Q kex . 1067.It Cm LocalCommand 1068Specifies a command to execute on the local machine after successfully 1069connecting to the server. 1070The command string extends to the end of the line, and is executed with 1071the user's shell. 1072Arguments to 1073.Cm LocalCommand 1074accept the tokens described in the 1075.Sx TOKENS 1076section. 1077.Pp 1078The command is run synchronously and does not have access to the 1079session of the 1080.Xr ssh 1 1081that spawned it. 1082It should not be used for interactive commands. 1083.Pp 1084This directive is ignored unless 1085.Cm PermitLocalCommand 1086has been enabled. 1087.It Cm LocalForward 1088Specifies that a TCP port on the local machine be forwarded over 1089the secure channel to the specified host and port from the remote machine. 1090The first argument must be 1091.Sm off 1092.Oo Ar bind_address : Oc Ar port 1093.Sm on 1094and the second argument must be 1095.Ar host : Ns Ar hostport . 1096IPv6 addresses can be specified by enclosing addresses in square brackets. 1097Multiple forwardings may be specified, and additional forwardings can be 1098given on the command line. 1099Only the superuser can forward privileged ports. 1100By default, the local port is bound in accordance with the 1101.Cm GatewayPorts 1102setting. 1103However, an explicit 1104.Ar bind_address 1105may be used to bind the connection to a specific address. 1106The 1107.Ar bind_address 1108of 1109.Cm localhost 1110indicates that the listening port be bound for local use only, while an 1111empty address or 1112.Sq * 1113indicates that the port should be available from all interfaces. 1114.It Cm LogLevel 1115Gives the verbosity level that is used when logging messages from 1116.Xr ssh 1 . 1117The possible values are: 1118QUIET, FATAL, ERROR, INFO, VERBOSE, DEBUG, DEBUG1, DEBUG2, and DEBUG3. 1119The default is INFO. 1120DEBUG and DEBUG1 are equivalent. 1121DEBUG2 and DEBUG3 each specify higher levels of verbose output. 1122.It Cm MACs 1123Specifies the MAC (message authentication code) algorithms 1124in order of preference. 1125The MAC algorithm is used for data integrity protection. 1126Multiple algorithms must be comma-separated. 1127If the specified value begins with a 1128.Sq + 1129character, then the specified algorithms will be appended to the default set 1130instead of replacing them. 1131If the specified value begins with a 1132.Sq - 1133character, then the specified algorithms (including wildcards) will be removed 1134from the default set instead of replacing them. 1135.Pp 1136The algorithms that contain 1137.Qq -etm 1138calculate the MAC after encryption (encrypt-then-mac). 1139These are considered safer and their use recommended. 1140.Pp 1141The default is: 1142.Bd -literal -offset indent 1143umac-64-etm@openssh.com,umac-128-etm@openssh.com, 1144hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com, 1145hmac-sha1-etm@openssh.com, 1146umac-64@openssh.com,umac-128@openssh.com, 1147hmac-sha2-256,hmac-sha2-512,hmac-sha1 1148.Ed 1149.Pp 1150The list of available MAC algorithms may also be obtained using 1151.Qq ssh -Q mac . 1152.It Cm NoHostAuthenticationForLocalhost 1153Disable host authentication for localhost (loopback addresses). 1154The argument to this keyword must be 1155.Cm yes 1156or 1157.Cm no 1158(the default). 1159.It Cm NumberOfPasswordPrompts 1160Specifies the number of password prompts before giving up. 1161The argument to this keyword must be an integer. 1162The default is 3. 1163.It Cm PasswordAuthentication 1164Specifies whether to use password authentication. 1165The argument to this keyword must be 1166.Cm yes 1167(the default) 1168or 1169.Cm no . 1170.It Cm PermitLocalCommand 1171Allow local command execution via the 1172.Ic LocalCommand 1173option or using the 1174.Ic !\& Ns Ar command 1175escape sequence in 1176.Xr ssh 1 . 1177The argument must be 1178.Cm yes 1179or 1180.Cm no 1181(the default). 1182.It Cm PKCS11Provider 1183Specifies which PKCS#11 provider to use or 1184.Cm none 1185to indicate that no provider should be used (the default). 1186The argument to this keyword is a path to the PKCS#11 shared library 1187.Xr ssh 1 1188should use to communicate with a PKCS#11 token providing keys for user 1189authentication. 1190.It Cm Port 1191Specifies the port number to connect on the remote host. 1192The default is 22. 1193.It Cm PreferredAuthentications 1194Specifies the order in which the client should try authentication methods. 1195This allows a client to prefer one method (e.g.\& 1196.Cm keyboard-interactive ) 1197over another method (e.g.\& 1198.Cm password ) . 1199The default is: 1200.Bd -literal -offset indent 1201gssapi-with-mic,hostbased,publickey, 1202keyboard-interactive,password 1203.Ed 1204.It Cm ProxyCommand 1205Specifies the command to use to connect to the server. 1206The command 1207string extends to the end of the line, and is executed 1208using the user's shell 1209.Ql exec 1210directive to avoid a lingering shell process. 1211.Pp 1212Arguments to 1213.Cm ProxyCommand 1214accept the tokens described in the 1215.Sx TOKENS 1216section. 1217The command can be basically anything, 1218and should read from its standard input and write to its standard output. 1219It should eventually connect an 1220.Xr sshd 8 1221server running on some machine, or execute 1222.Ic sshd -i 1223somewhere. 1224Host key management will be done using the 1225HostName of the host being connected (defaulting to the name typed by 1226the user). 1227Setting the command to 1228.Cm none 1229disables this option entirely. 1230Note that 1231.Cm CheckHostIP 1232is not available for connects with a proxy command. 1233.Pp 1234This directive is useful in conjunction with 1235.Xr nc 1 1236and its proxy support. 1237For example, the following directive would connect via an HTTP proxy at 1238192.0.2.0: 1239.Bd -literal -offset 3n 1240ProxyCommand /usr/bin/nc -X connect -x 192.0.2.0:8080 %h %p 1241.Ed 1242.It Cm ProxyJump 1243Specifies one or more jump proxies as either 1244.Xo 1245.Sm off 1246.Op Ar user No @ 1247.Ar host 1248.Op : Ns Ar port 1249.Sm on 1250or an ssh URI 1251.Xc . 1252Multiple proxies may be separated by comma characters and will be visited 1253sequentially. 1254Setting this option will cause 1255.Xr ssh 1 1256to connect to the target host by first making a 1257.Xr ssh 1 1258connection to the specified 1259.Cm ProxyJump 1260host and then establishing a 1261TCP forwarding to the ultimate target from there. 1262.Pp 1263Note that this option will compete with the 1264.Cm ProxyCommand 1265option - whichever is specified first will prevent later instances of the 1266other from taking effect. 1267.Pp 1268Note also that the configuration for the destination host (either supplied 1269via the command-line or the configuration file) is not generally applied 1270to jump hosts. 1271.Pa ~/.ssh/config 1272should be used if specific configuration is required for jump hosts. 1273.It Cm ProxyUseFdpass 1274Specifies that 1275.Cm ProxyCommand 1276will pass a connected file descriptor back to 1277.Xr ssh 1 1278instead of continuing to execute and pass data. 1279The default is 1280.Cm no . 1281.It Cm PubkeyAcceptedKeyTypes 1282Specifies the key types that will be used for public key authentication 1283as a comma-separated list of patterns. 1284Alternately if the specified value begins with a 1285.Sq + 1286character, then the key types after it will be appended to the default 1287instead of replacing it. 1288If the specified value begins with a 1289.Sq - 1290character, then the specified key types (including wildcards) will be removed 1291from the default set instead of replacing them. 1292The default for this option is: 1293.Bd -literal -offset 3n 1294ecdsa-sha2-nistp256-cert-v01@openssh.com, 1295ecdsa-sha2-nistp384-cert-v01@openssh.com, 1296ecdsa-sha2-nistp521-cert-v01@openssh.com, 1297ssh-ed25519-cert-v01@openssh.com, 1298rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com, 1299ssh-rsa-cert-v01@openssh.com, 1300ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, 1301ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa 1302.Ed 1303.Pp 1304The list of available key types may also be obtained using 1305.Qq ssh -Q key . 1306.It Cm PubkeyAuthentication 1307Specifies whether to try public key authentication. 1308The argument to this keyword must be 1309.Cm yes 1310(the default) 1311or 1312.Cm no . 1313.It Cm RekeyLimit 1314Specifies the maximum amount of data that may be transmitted before the 1315session key is renegotiated, optionally followed a maximum amount of 1316time that may pass before the session key is renegotiated. 1317The first argument is specified in bytes and may have a suffix of 1318.Sq K , 1319.Sq M , 1320or 1321.Sq G 1322to indicate Kilobytes, Megabytes, or Gigabytes, respectively. 1323The default is between 1324.Sq 1G 1325and 1326.Sq 4G , 1327depending on the cipher. 1328The optional second value is specified in seconds and may use any of the 1329units documented in the 1330.Sx TIME FORMATS 1331section of 1332.Xr sshd_config 5 . 1333The default value for 1334.Cm RekeyLimit 1335is 1336.Cm default none , 1337which means that rekeying is performed after the cipher's default amount 1338of data has been sent or received and no time based rekeying is done. 1339.It Cm RemoteCommand 1340Specifies a command to execute on the remote machine after successfully 1341connecting to the server. 1342The command string extends to the end of the line, and is executed with 1343the user's shell. 1344Arguments to 1345.Cm RemoteCommand 1346accept the tokens described in the 1347.Sx TOKENS 1348section. 1349.It Cm RemoteForward 1350Specifies that a TCP port on the remote machine be forwarded over 1351the secure channel. 1352The remote port may either be forwarded to a specified host and port 1353from the local machine, or may act as a SOCKS 4/5 proxy that allows a remote 1354client to connect to arbitrary destinations from the local machine. 1355The first argument must be 1356.Sm off 1357.Oo Ar bind_address : Oc Ar port 1358.Sm on 1359If forwarding to a specific destination then the second argument must be 1360.Ar host : Ns Ar hostport , 1361otherwise if no destination argument is specified then the remote forwarding 1362will be established as a SOCKS proxy. 1363.Pp 1364IPv6 addresses can be specified by enclosing addresses in square brackets. 1365Multiple forwardings may be specified, and additional 1366forwardings can be given on the command line. 1367Privileged ports can be forwarded only when 1368logging in as root on the remote machine. 1369.Pp 1370If the 1371.Ar port 1372argument is 0, 1373the listen port will be dynamically allocated on the server and reported 1374to the client at run time. 1375.Pp 1376If the 1377.Ar bind_address 1378is not specified, the default is to only bind to loopback addresses. 1379If the 1380.Ar bind_address 1381is 1382.Ql * 1383or an empty string, then the forwarding is requested to listen on all 1384interfaces. 1385Specifying a remote 1386.Ar bind_address 1387will only succeed if the server's 1388.Cm GatewayPorts 1389option is enabled (see 1390.Xr sshd_config 5 ) . 1391.It Cm RequestTTY 1392Specifies whether to request a pseudo-tty for the session. 1393The argument may be one of: 1394.Cm no 1395(never request a TTY), 1396.Cm yes 1397(always request a TTY when standard input is a TTY), 1398.Cm force 1399(always request a TTY) or 1400.Cm auto 1401(request a TTY when opening a login session). 1402This option mirrors the 1403.Fl t 1404and 1405.Fl T 1406flags for 1407.Xr ssh 1 . 1408.It Cm RevokedHostKeys 1409Specifies revoked host public keys. 1410Keys listed in this file will be refused for host authentication. 1411Note that if this file does not exist or is not readable, 1412then host authentication will be refused for all hosts. 1413Keys may be specified as a text file, listing one public key per line, or as 1414an OpenSSH Key Revocation List (KRL) as generated by 1415.Xr ssh-keygen 1 . 1416For more information on KRLs, see the KEY REVOCATION LISTS section in 1417.Xr ssh-keygen 1 . 1418.It Cm SendEnv 1419Specifies what variables from the local 1420.Xr environ 7 1421should be sent to the server. 1422The server must also support it, and the server must be configured to 1423accept these environment variables. 1424Note that the 1425.Ev TERM 1426environment variable is always sent whenever a 1427pseudo-terminal is requested as it is required by the protocol. 1428Refer to 1429.Cm AcceptEnv 1430in 1431.Xr sshd_config 5 1432for how to configure the server. 1433Variables are specified by name, which may contain wildcard characters. 1434Multiple environment variables may be separated by whitespace or spread 1435across multiple 1436.Cm SendEnv 1437directives. 1438.Pp 1439See 1440.Sx PATTERNS 1441for more information on patterns. 1442.Pp 1443It is possible to clear previously set 1444.Cm SendEnv 1445variable names by prefixing patterns with 1446.Pa - . 1447The default is not to send any environment variables. 1448.It Cm ServerAliveCountMax 1449Sets the number of server alive messages (see below) which may be 1450sent without 1451.Xr ssh 1 1452receiving any messages back from the server. 1453If this threshold is reached while server alive messages are being sent, 1454ssh will disconnect from the server, terminating the session. 1455It is important to note that the use of server alive messages is very 1456different from 1457.Cm TCPKeepAlive 1458(below). 1459The server alive messages are sent through the encrypted channel 1460and therefore will not be spoofable. 1461The TCP keepalive option enabled by 1462.Cm TCPKeepAlive 1463is spoofable. 1464The server alive mechanism is valuable when the client or 1465server depend on knowing when a connection has become inactive. 1466.Pp 1467The default value is 3. 1468If, for example, 1469.Cm ServerAliveInterval 1470(see below) is set to 15 and 1471.Cm ServerAliveCountMax 1472is left at the default, if the server becomes unresponsive, 1473ssh will disconnect after approximately 45 seconds. 1474.It Cm ServerAliveInterval 1475Sets a timeout interval in seconds after which if no data has been received 1476from the server, 1477.Xr ssh 1 1478will send a message through the encrypted 1479channel to request a response from the server. 1480The default 1481is 0, indicating that these messages will not be sent to the server. 1482.It Cm SetEnv 1483Directly specify one or more environment variables and their contents to 1484be sent to the server. 1485Similarly to 1486.Cm SendEnv , 1487the server must be prepared to accept the environment variable. 1488.It Cm StreamLocalBindMask 1489Sets the octal file creation mode mask 1490.Pq umask 1491used when creating a Unix-domain socket file for local or remote 1492port forwarding. 1493This option is only used for port forwarding to a Unix-domain socket file. 1494.Pp 1495The default value is 0177, which creates a Unix-domain socket file that is 1496readable and writable only by the owner. 1497Note that not all operating systems honor the file mode on Unix-domain 1498socket files. 1499.It Cm StreamLocalBindUnlink 1500Specifies whether to remove an existing Unix-domain socket file for local 1501or remote port forwarding before creating a new one. 1502If the socket file already exists and 1503.Cm StreamLocalBindUnlink 1504is not enabled, 1505.Nm ssh 1506will be unable to forward the port to the Unix-domain socket file. 1507This option is only used for port forwarding to a Unix-domain socket file. 1508.Pp 1509The argument must be 1510.Cm yes 1511or 1512.Cm no 1513(the default). 1514.It Cm StrictHostKeyChecking 1515If this flag is set to 1516.Cm yes , 1517.Xr ssh 1 1518will never automatically add host keys to the 1519.Pa ~/.ssh/known_hosts 1520file, and refuses to connect to hosts whose host key has changed. 1521This provides maximum protection against man-in-the-middle (MITM) attacks, 1522though it can be annoying when the 1523.Pa /etc/ssh/ssh_known_hosts 1524file is poorly maintained or when connections to new hosts are 1525frequently made. 1526This option forces the user to manually 1527add all new hosts. 1528.Pp 1529If this flag is set to 1530.Dq accept-new 1531then ssh will automatically add new host keys to the user 1532known hosts files, but will not permit connections to hosts with 1533changed host keys. 1534If this flag is set to 1535.Dq no 1536or 1537.Dq off , 1538ssh will automatically add new host keys to the user known hosts files 1539and allow connections to hosts with changed hostkeys to proceed, 1540subject to some restrictions. 1541If this flag is set to 1542.Cm ask 1543(the default), 1544new host keys 1545will be added to the user known host files only after the user 1546has confirmed that is what they really want to do, and 1547ssh will refuse to connect to hosts whose host key has changed. 1548The host keys of 1549known hosts will be verified automatically in all cases. 1550.It Cm SyslogFacility 1551Gives the facility code that is used when logging messages from 1552.Xr ssh 1 . 1553The possible values are: DAEMON, USER, AUTH, LOCAL0, LOCAL1, LOCAL2, 1554LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7. 1555The default is USER. 1556.It Cm TCPKeepAlive 1557Specifies whether the system should send TCP keepalive messages to the 1558other side. 1559If they are sent, death of the connection or crash of one 1560of the machines will be properly noticed. 1561However, this means that 1562connections will die if the route is down temporarily, and some people 1563find it annoying. 1564.Pp 1565The default is 1566.Cm yes 1567(to send TCP keepalive messages), and the client will notice 1568if the network goes down or the remote host dies. 1569This is important in scripts, and many users want it too. 1570.Pp 1571To disable TCP keepalive messages, the value should be set to 1572.Cm no . 1573See also 1574.Cm ServerAliveInterval 1575for protocol-level keepalives. 1576.It Cm Tunnel 1577Request 1578.Xr tun 4 1579device forwarding between the client and the server. 1580The argument must be 1581.Cm yes , 1582.Cm point-to-point 1583(layer 3), 1584.Cm ethernet 1585(layer 2), 1586or 1587.Cm no 1588(the default). 1589Specifying 1590.Cm yes 1591requests the default tunnel mode, which is 1592.Cm point-to-point . 1593.It Cm TunnelDevice 1594Specifies the 1595.Xr tun 4 1596devices to open on the client 1597.Pq Ar local_tun 1598and the server 1599.Pq Ar remote_tun . 1600.Pp 1601The argument must be 1602.Sm off 1603.Ar local_tun Op : Ar remote_tun . 1604.Sm on 1605The devices may be specified by numerical ID or the keyword 1606.Cm any , 1607which uses the next available tunnel device. 1608If 1609.Ar remote_tun 1610is not specified, it defaults to 1611.Cm any . 1612The default is 1613.Cm any:any . 1614.It Cm UpdateHostKeys 1615Specifies whether 1616.Xr ssh 1 1617should accept notifications of additional hostkeys from the server sent 1618after authentication has completed and add them to 1619.Cm UserKnownHostsFile . 1620The argument must be 1621.Cm yes , 1622.Cm no 1623(the default) or 1624.Cm ask . 1625Enabling this option allows learning alternate hostkeys for a server 1626and supports graceful key rotation by allowing a server to send replacement 1627public keys before old ones are removed. 1628Additional hostkeys are only accepted if the key used to authenticate the 1629host was already trusted or explicitly accepted by the user. 1630If 1631.Cm UpdateHostKeys 1632is set to 1633.Cm ask , 1634then the user is asked to confirm the modifications to the known_hosts file. 1635Confirmation is currently incompatible with 1636.Cm ControlPersist , 1637and will be disabled if it is enabled. 1638.Pp 1639Presently, only 1640.Xr sshd 8 1641from OpenSSH 6.8 and greater support the 1642.Qq hostkeys@openssh.com 1643protocol extension used to inform the client of all the server's hostkeys. 1644.It Cm User 1645Specifies the user to log in as. 1646This can be useful when a different user name is used on different machines. 1647This saves the trouble of 1648having to remember to give the user name on the command line. 1649.It Cm UserKnownHostsFile 1650Specifies one or more files to use for the user 1651host key database, separated by whitespace. 1652The default is 1653.Pa ~/.ssh/known_hosts , 1654.Pa ~/.ssh/known_hosts2 . 1655.It Cm VerifyHostKeyDNS 1656Specifies whether to verify the remote key using DNS and SSHFP resource 1657records. 1658If this option is set to 1659.Cm yes , 1660the client will implicitly trust keys that match a secure fingerprint 1661from DNS. 1662Insecure fingerprints will be handled as if this option was set to 1663.Cm ask . 1664If this option is set to 1665.Cm ask , 1666information on fingerprint match will be displayed, but the user will still 1667need to confirm new host keys according to the 1668.Cm StrictHostKeyChecking 1669option. 1670The default is 1671.Cm no . 1672.Pp 1673See also 1674.Sx VERIFYING HOST KEYS 1675in 1676.Xr ssh 1 . 1677.It Cm VisualHostKey 1678If this flag is set to 1679.Cm yes , 1680an ASCII art representation of the remote host key fingerprint is 1681printed in addition to the fingerprint string at login and 1682for unknown host keys. 1683If this flag is set to 1684.Cm no 1685(the default), 1686no fingerprint strings are printed at login and 1687only the fingerprint string will be printed for unknown host keys. 1688.It Cm XAuthLocation 1689Specifies the full pathname of the 1690.Xr xauth 1 1691program. 1692The default is 1693.Pa /usr/X11R6/bin/xauth . 1694.El 1695.Sh PATTERNS 1696A 1697.Em pattern 1698consists of zero or more non-whitespace characters, 1699.Sq * 1700(a wildcard that matches zero or more characters), 1701or 1702.Sq ?\& 1703(a wildcard that matches exactly one character). 1704For example, to specify a set of declarations for any host in the 1705.Qq .co.uk 1706set of domains, 1707the following pattern could be used: 1708.Pp 1709.Dl Host *.co.uk 1710.Pp 1711The following pattern 1712would match any host in the 192.168.0.[0-9] network range: 1713.Pp 1714.Dl Host 192.168.0.? 1715.Pp 1716A 1717.Em pattern-list 1718is a comma-separated list of patterns. 1719Patterns within pattern-lists may be negated 1720by preceding them with an exclamation mark 1721.Pq Sq !\& . 1722For example, 1723to allow a key to be used from anywhere within an organization 1724except from the 1725.Qq dialup 1726pool, 1727the following entry (in authorized_keys) could be used: 1728.Pp 1729.Dl from=\&"!*.dialup.example.com,*.example.com\&" 1730.Pp 1731Note that a negated match will never produce a positive result by itself. 1732For example, attempting to match 1733.Qq host3 1734against the following pattern-list will fail: 1735.Pp 1736.Dl from=\&"!host1,!host2\&" 1737.Pp 1738The solution here is to include a term that will yield a positive match, 1739such as a wildcard: 1740.Pp 1741.Dl from=\&"!host1,!host2,*\&" 1742.Sh TOKENS 1743Arguments to some keywords can make use of tokens, 1744which are expanded at runtime: 1745.Pp 1746.Bl -tag -width XXXX -offset indent -compact 1747.It %% 1748A literal 1749.Sq % . 1750.It \&%C 1751Hash of %l%h%p%r. 1752.It %d 1753Local user's home directory. 1754.It %h 1755The remote hostname. 1756.It %i 1757The local user ID. 1758.It %L 1759The local hostname. 1760.It %l 1761The local hostname, including the domain name. 1762.It %n 1763The original remote hostname, as given on the command line. 1764.It %p 1765The remote port. 1766.It %r 1767The remote username. 1768.It \&%T 1769The local 1770.Xr tun 4 1771or 1772.Xr tap 4 1773network interface assigned if 1774tunnel forwarding was requested, or 1775.Qq NONE 1776otherwise. 1777.It %u 1778The local username. 1779.El 1780.Pp 1781.Cm Match exec 1782accepts the tokens %%, %h, %i, %L, %l, %n, %p, %r, and %u. 1783.Pp 1784.Cm CertificateFile 1785accepts the tokens %%, %d, %h, %i, %l, %r, and %u. 1786.Pp 1787.Cm ControlPath 1788accepts the tokens %%, %C, %h, %i, %L, %l, %n, %p, %r, and %u. 1789.Pp 1790.Cm HostName 1791accepts the tokens %% and %h. 1792.Pp 1793.Cm IdentityAgent 1794and 1795.Cm IdentityFile 1796accept the tokens %%, %d, %h, %i, %l, %r, and %u. 1797.Pp 1798.Cm LocalCommand 1799accepts the tokens %%, %C, %d, %h, %i, %l, %n, %p, %r, %T, and %u. 1800.Pp 1801.Cm ProxyCommand 1802accepts the tokens %%, %h, %p, and %r. 1803.Pp 1804.Cm RemoteCommand 1805accepts the tokens %%, %C, %d, %h, %i, %l, %n, %p, %r, and %u. 1806.Sh FILES 1807.Bl -tag -width Ds 1808.It Pa ~/.ssh/config 1809This is the per-user configuration file. 1810The format of this file is described above. 1811This file is used by the SSH client. 1812Because of the potential for abuse, this file must have strict permissions: 1813read/write for the user, and not writable by others. 1814.It Pa /etc/ssh/ssh_config 1815Systemwide configuration file. 1816This file provides defaults for those 1817values that are not specified in the user's configuration file, and 1818for those users who do not have a configuration file. 1819This file must be world-readable. 1820.El 1821.Sh SEE ALSO 1822.Xr ssh 1 1823.Sh AUTHORS 1824.An -nosplit 1825OpenSSH is a derivative of the original and free 1826ssh 1.2.12 release by 1827.An Tatu Ylonen . 1828.An Aaron Campbell , Bob Beck , Markus Friedl , 1829.An Niels Provos , Theo de Raadt 1830and 1831.An Dug Song 1832removed many bugs, re-added newer features and 1833created OpenSSH. 1834.An Markus Friedl 1835contributed the support for SSH protocol versions 1.5 and 2.0. 1836