xref: /dragonfly/crypto/openssh/ssh_config.5 (revision ce74baca) 
1.\"
2.\" Author: Tatu Ylonen <ylo@cs.hut.fi>
3.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
4.\"                    All rights reserved
5.\"
6.\" As far as I am concerned, the code I have written for this software
7.\" can be used freely for any purpose.  Any derived versions of this
8.\" software must be clearly marked as such, and if the derived work is
9.\" incompatible with the protocol description in the RFC file, it must be
10.\" called by a name other than "ssh" or "Secure Shell".
11.\"
12.\" Copyright (c) 1999,2000 Markus Friedl.  All rights reserved.
13.\" Copyright (c) 1999 Aaron Campbell.  All rights reserved.
14.\" Copyright (c) 1999 Theo de Raadt.  All rights reserved.
15.\"
16.\" Redistribution and use in source and binary forms, with or without
17.\" modification, are permitted provided that the following conditions
18.\" are met:
19.\" 1. Redistributions of source code must retain the above copyright
20.\"    notice, this list of conditions and the following disclaimer.
21.\" 2. Redistributions in binary form must reproduce the above copyright
22.\"    notice, this list of conditions and the following disclaimer in the
23.\"    documentation and/or other materials provided with the distribution.
24.\"
25.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
26.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
27.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
28.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
29.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
30.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
31.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
32.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
33.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
34.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
35.\"
36.\" $OpenBSD: ssh_config.5,v 1.256 2017/09/21 19:16:53 markus Exp $
37.Dd $Mdocdate: September 21 2017 $
38.Dt SSH_CONFIG 5
39.Os
40.Sh NAME
41.Nm ssh_config
42.Nd OpenSSH SSH client configuration files
43.Sh DESCRIPTION
44.Xr ssh 1
45obtains configuration data from the following sources in
46the following order:
47.Pp
48.Bl -enum -offset indent -compact
49.It
50command-line options
51.It
52user's configuration file
53.Pq Pa ~/.ssh/config
54.It
55system-wide configuration file
56.Pq Pa /etc/ssh/ssh_config
57.El
58.Pp
59For each parameter, the first obtained value
60will be used.
61The configuration files contain sections separated by
62.Cm Host
63specifications, and that section is only applied for hosts that
64match one of the patterns given in the specification.
65The matched host name is usually the one given on the command line
66(see the
67.Cm CanonicalizeHostname
68option for exceptions).
69.Pp
70Since the first obtained value for each parameter is used, more
71host-specific declarations should be given near the beginning of the
72file, and general defaults at the end.
73.Pp
74The file contains keyword-argument pairs, one per line.
75Lines starting with
76.Ql #
77and empty lines are interpreted as comments.
78Arguments may optionally be enclosed in double quotes
79.Pq \&"
80in order to represent arguments containing spaces.
81Configuration options may be separated by whitespace or
82optional whitespace and exactly one
83.Ql = ;
84the latter format is useful to avoid the need to quote whitespace
85when specifying configuration options using the
86.Nm ssh ,
87.Nm scp ,
88and
89.Nm sftp
90.Fl o
91option.
92.Pp
93The possible
94keywords and their meanings are as follows (note that
95keywords are case-insensitive and arguments are case-sensitive):
96.Bl -tag -width Ds
97.It Cm Host
98Restricts the following declarations (up to the next
99.Cm Host
100or
101.Cm Match
102keyword) to be only for those hosts that match one of the patterns
103given after the keyword.
104If more than one pattern is provided, they should be separated by whitespace.
105A single
106.Ql *
107as a pattern can be used to provide global
108defaults for all hosts.
109The host is usually the
110.Ar hostname
111argument given on the command line
112(see the
113.Cm CanonicalizeHostname
114keyword for exceptions).
115.Pp
116A pattern entry may be negated by prefixing it with an exclamation mark
117.Pq Sq !\& .
118If a negated entry is matched, then the
119.Cm Host
120entry is ignored, regardless of whether any other patterns on the line
121match.
122Negated matches are therefore useful to provide exceptions for wildcard
123matches.
124.Pp
125See
126.Sx PATTERNS
127for more information on patterns.
128.It Cm Match
129Restricts the following declarations (up to the next
130.Cm Host
131or
132.Cm Match
133keyword) to be used only when the conditions following the
134.Cm Match
135keyword are satisfied.
136Match conditions are specified using one or more criteria
137or the single token
138.Cm all
139which always matches.
140The available criteria keywords are:
141.Cm canonical ,
142.Cm exec ,
143.Cm host ,
144.Cm originalhost ,
145.Cm user ,
146and
147.Cm localuser .
148The
149.Cm all
150criteria must appear alone or immediately after
151.Cm canonical .
152Other criteria may be combined arbitrarily.
153All criteria but
154.Cm all
155and
156.Cm canonical
157require an argument.
158Criteria may be negated by prepending an exclamation mark
159.Pq Sq !\& .
160.Pp
161The
162.Cm canonical
163keyword matches only when the configuration file is being re-parsed
164after hostname canonicalization (see the
165.Cm CanonicalizeHostname
166option.)
167This may be useful to specify conditions that work with canonical host
168names only.
169The
170.Cm exec
171keyword executes the specified command under the user's shell.
172If the command returns a zero exit status then the condition is considered true.
173Commands containing whitespace characters must be quoted.
174Arguments to
175.Cm exec
176accept the tokens described in the
177.Sx TOKENS
178section.
179.Pp
180The other keywords' criteria must be single entries or comma-separated
181lists and may use the wildcard and negation operators described in the
182.Sx PATTERNS
183section.
184The criteria for the
185.Cm host
186keyword are matched against the target hostname, after any substitution
187by the
188.Cm Hostname
189or
190.Cm CanonicalizeHostname
191options.
192The
193.Cm originalhost
194keyword matches against the hostname as it was specified on the command-line.
195The
196.Cm user
197keyword matches against the target username on the remote host.
198The
199.Cm localuser
200keyword matches against the name of the local user running
201.Xr ssh 1
202(this keyword may be useful in system-wide
203.Nm
204files).
205.It Cm AddKeysToAgent
206Specifies whether keys should be automatically added to a running
207.Xr ssh-agent 1 .
208If this option is set to
209.Cm yes
210and a key is loaded from a file, the key and its passphrase are added to
211the agent with the default lifetime, as if by
212.Xr ssh-add 1 .
213If this option is set to
214.Cm ask ,
215.Xr ssh 1
216will require confirmation using the
217.Ev SSH_ASKPASS
218program before adding a key (see
219.Xr ssh-add 1
220for details).
221If this option is set to
222.Cm confirm ,
223each use of the key must be confirmed, as if the
224.Fl c
225option was specified to
226.Xr ssh-add 1 .
227If this option is set to
228.Cm no ,
229no keys are added to the agent.
230The argument must be
231.Cm yes ,
232.Cm confirm ,
233.Cm ask ,
234or
235.Cm no
236(the default).
237.It Cm AddressFamily
238Specifies which address family to use when connecting.
239Valid arguments are
240.Cm any
241(the default),
242.Cm inet
243(use IPv4 only), or
244.Cm inet6
245(use IPv6 only).
246.It Cm BatchMode
247If set to
248.Cm yes ,
249passphrase/password querying will be disabled.
250This option is useful in scripts and other batch jobs where no user
251is present to supply the password.
252The argument must be
253.Cm yes
254or
255.Cm no
256(the default).
257.It Cm BindAddress
258Use the specified address on the local machine as the source address of
259the connection.
260Only useful on systems with more than one address.
261Note that this option does not work if
262.Cm UsePrivilegedPort
263is set to
264.Cm yes .
265.It Cm CanonicalDomains
266When
267.Cm CanonicalizeHostname
268is enabled, this option specifies the list of domain suffixes in which to
269search for the specified destination host.
270.It Cm CanonicalizeFallbackLocal
271Specifies whether to fail with an error when hostname canonicalization fails.
272The default,
273.Cm yes ,
274will attempt to look up the unqualified hostname using the system resolver's
275search rules.
276A value of
277.Cm no
278will cause
279.Xr ssh 1
280to fail instantly if
281.Cm CanonicalizeHostname
282is enabled and the target hostname cannot be found in any of the domains
283specified by
284.Cm CanonicalDomains .
285.It Cm CanonicalizeHostname
286Controls whether explicit hostname canonicalization is performed.
287The default,
288.Cm no ,
289is not to perform any name rewriting and let the system resolver handle all
290hostname lookups.
291If set to
292.Cm yes
293then, for connections that do not use a
294.Cm ProxyCommand ,
295.Xr ssh 1
296will attempt to canonicalize the hostname specified on the command line
297using the
298.Cm CanonicalDomains
299suffixes and
300.Cm CanonicalizePermittedCNAMEs
301rules.
302If
303.Cm CanonicalizeHostname
304is set to
305.Cm always ,
306then canonicalization is applied to proxied connections too.
307.Pp
308If this option is enabled, then the configuration files are processed
309again using the new target name to pick up any new configuration in matching
310.Cm Host
311and
312.Cm Match
313stanzas.
314.It Cm CanonicalizeMaxDots
315Specifies the maximum number of dot characters in a hostname before
316canonicalization is disabled.
317The default, 1,
318allows a single dot (i.e. hostname.subdomain).
319.It Cm CanonicalizePermittedCNAMEs
320Specifies rules to determine whether CNAMEs should be followed when
321canonicalizing hostnames.
322The rules consist of one or more arguments of
323.Ar source_domain_list : Ns Ar target_domain_list ,
324where
325.Ar source_domain_list
326is a pattern-list of domains that may follow CNAMEs in canonicalization,
327and
328.Ar target_domain_list
329is a pattern-list of domains that they may resolve to.
330.Pp
331For example,
332.Qq *.a.example.com:*.b.example.com,*.c.example.com
333will allow hostnames matching
334.Qq *.a.example.com
335to be canonicalized to names in the
336.Qq *.b.example.com
337or
338.Qq *.c.example.com
339domains.
340.It Cm CertificateFile
341Specifies a file from which the user's certificate is read.
342A corresponding private key must be provided separately in order
343to use this certificate either
344from an
345.Cm IdentityFile
346directive or
347.Fl i
348flag to
349.Xr ssh 1 ,
350via
351.Xr ssh-agent 1 ,
352or via a
353.Cm PKCS11Provider .
354.Pp
355Arguments to
356.Cm CertificateFile
357may use the tilde syntax to refer to a user's home directory
358or the tokens described in the
359.Sx TOKENS
360section.
361.Pp
362It is possible to have multiple certificate files specified in
363configuration files; these certificates will be tried in sequence.
364Multiple
365.Cm CertificateFile
366directives will add to the list of certificates used for
367authentication.
368.It Cm ChallengeResponseAuthentication
369Specifies whether to use challenge-response authentication.
370The argument to this keyword must be
371.Cm yes
372(the default)
373or
374.Cm no .
375.It Cm CheckHostIP
376If set to
377.Cm yes
378(the default),
379.Xr ssh 1
380will additionally check the host IP address in the
381.Pa known_hosts
382file.
383This allows it to detect if a host key changed due to DNS spoofing
384and will add addresses of destination hosts to
385.Pa ~/.ssh/known_hosts
386in the process, regardless of the setting of
387.Cm StrictHostKeyChecking .
388If the option is set to
389.Cm no ,
390the check will not be executed.
391.It Cm Ciphers
392Specifies the ciphers allowed and their order of preference.
393Multiple ciphers must be comma-separated.
394If the specified value begins with a
395.Sq +
396character, then the specified ciphers will be appended to the default set
397instead of replacing them.
398If the specified value begins with a
399.Sq -
400character, then the specified ciphers (including wildcards) will be removed
401from the default set instead of replacing them.
402.Pp
403The supported ciphers are:
404.Bd -literal -offset indent
4053des-cbc
406aes128-cbc
407aes192-cbc
408aes256-cbc
409aes128-ctr
410aes192-ctr
411aes256-ctr
412aes128-gcm@openssh.com
413aes256-gcm@openssh.com
414chacha20-poly1305@openssh.com
415.Ed
416.Pp
417The default is:
418.Bd -literal -offset indent
419chacha20-poly1305@openssh.com,
420aes128-ctr,aes192-ctr,aes256-ctr,
421aes128-gcm@openssh.com,aes256-gcm@openssh.com,
422aes128-cbc,aes192-cbc,aes256-cbc
423.Ed
424.Pp
425The list of available ciphers may also be obtained using
426.Qq ssh -Q cipher .
427.It Cm ClearAllForwardings
428Specifies that all local, remote, and dynamic port forwardings
429specified in the configuration files or on the command line be
430cleared.
431This option is primarily useful when used from the
432.Xr ssh 1
433command line to clear port forwardings set in
434configuration files, and is automatically set by
435.Xr scp 1
436and
437.Xr sftp 1 .
438The argument must be
439.Cm yes
440or
441.Cm no
442(the default).
443.It Cm Compression
444Specifies whether to use compression.
445The argument must be
446.Cm yes
447or
448.Cm no
449(the default).
450.It Cm ConnectionAttempts
451Specifies the number of tries (one per second) to make before exiting.
452The argument must be an integer.
453This may be useful in scripts if the connection sometimes fails.
454The default is 1.
455.It Cm ConnectTimeout
456Specifies the timeout (in seconds) used when connecting to the
457SSH server, instead of using the default system TCP timeout.
458This value is used only when the target is down or really unreachable,
459not when it refuses the connection.
460.It Cm ControlMaster
461Enables the sharing of multiple sessions over a single network connection.
462When set to
463.Cm yes ,
464.Xr ssh 1
465will listen for connections on a control socket specified using the
466.Cm ControlPath
467argument.
468Additional sessions can connect to this socket using the same
469.Cm ControlPath
470with
471.Cm ControlMaster
472set to
473.Cm no
474(the default).
475These sessions will try to reuse the master instance's network connection
476rather than initiating new ones, but will fall back to connecting normally
477if the control socket does not exist, or is not listening.
478.Pp
479Setting this to
480.Cm ask
481will cause
482.Xr ssh 1
483to listen for control connections, but require confirmation using
484.Xr ssh-askpass 1 .
485If the
486.Cm ControlPath
487cannot be opened,
488.Xr ssh 1
489will continue without connecting to a master instance.
490.Pp
491X11 and
492.Xr ssh-agent 1
493forwarding is supported over these multiplexed connections, however the
494display and agent forwarded will be the one belonging to the master
495connection i.e. it is not possible to forward multiple displays or agents.
496.Pp
497Two additional options allow for opportunistic multiplexing: try to use a
498master connection but fall back to creating a new one if one does not already
499exist.
500These options are:
501.Cm auto
502and
503.Cm autoask .
504The latter requires confirmation like the
505.Cm ask
506option.
507.It Cm ControlPath
508Specify the path to the control socket used for connection sharing as described
509in the
510.Cm ControlMaster
511section above or the string
512.Cm none
513to disable connection sharing.
514Arguments to
515.Cm ControlPath
516may use the tilde syntax to refer to a user's home directory
517or the tokens described in the
518.Sx TOKENS
519section.
520It is recommended that any
521.Cm ControlPath
522used for opportunistic connection sharing include
523at least %h, %p, and %r (or alternatively %C) and be placed in a directory
524that is not writable by other users.
525This ensures that shared connections are uniquely identified.
526.It Cm ControlPersist
527When used in conjunction with
528.Cm ControlMaster ,
529specifies that the master connection should remain open
530in the background (waiting for future client connections)
531after the initial client connection has been closed.
532If set to
533.Cm no ,
534then the master connection will not be placed into the background,
535and will close as soon as the initial client connection is closed.
536If set to
537.Cm yes
538or 0,
539then the master connection will remain in the background indefinitely
540(until killed or closed via a mechanism such as the
541.Qq ssh -O exit ) .
542If set to a time in seconds, or a time in any of the formats documented in
543.Xr sshd_config 5 ,
544then the backgrounded master connection will automatically terminate
545after it has remained idle (with no client connections) for the
546specified time.
547.It Cm DynamicForward
548Specifies that a TCP port on the local machine be forwarded
549over the secure channel, and the application
550protocol is then used to determine where to connect to from the
551remote machine.
552.Pp
553The argument must be
554.Sm off
555.Oo Ar bind_address : Oc Ar port .
556.Sm on
557IPv6 addresses can be specified by enclosing addresses in square brackets.
558By default, the local port is bound in accordance with the
559.Cm GatewayPorts
560setting.
561However, an explicit
562.Ar bind_address
563may be used to bind the connection to a specific address.
564The
565.Ar bind_address
566of
567.Cm localhost
568indicates that the listening port be bound for local use only, while an
569empty address or
570.Sq *
571indicates that the port should be available from all interfaces.
572.Pp
573Currently the SOCKS4 and SOCKS5 protocols are supported, and
574.Xr ssh 1
575will act as a SOCKS server.
576Multiple forwardings may be specified, and
577additional forwardings can be given on the command line.
578Only the superuser can forward privileged ports.
579.It Cm EnableSSHKeysign
580Setting this option to
581.Cm yes
582in the global client configuration file
583.Pa /etc/ssh/ssh_config
584enables the use of the helper program
585.Xr ssh-keysign 8
586during
587.Cm HostbasedAuthentication .
588The argument must be
589.Cm yes
590or
591.Cm no
592(the default).
593This option should be placed in the non-hostspecific section.
594See
595.Xr ssh-keysign 8
596for more information.
597.It Cm EscapeChar
598Sets the escape character (default:
599.Ql ~ ) .
600The escape character can also
601be set on the command line.
602The argument should be a single character,
603.Ql ^
604followed by a letter, or
605.Cm none
606to disable the escape
607character entirely (making the connection transparent for binary
608data).
609.It Cm ExitOnForwardFailure
610Specifies whether
611.Xr ssh 1
612should terminate the connection if it cannot set up all requested
613dynamic, tunnel, local, and remote port forwardings, (e.g.\&
614if either end is unable to bind and listen on a specified port).
615Note that
616.Cm ExitOnForwardFailure
617does not apply to connections made over port forwardings and will not,
618for example, cause
619.Xr ssh 1
620to exit if TCP connections to the ultimate forwarding destination fail.
621The argument must be
622.Cm yes
623or
624.Cm no
625(the default).
626.It Cm FingerprintHash
627Specifies the hash algorithm used when displaying key fingerprints.
628Valid options are:
629.Cm md5
630and
631.Cm sha256
632(the default).
633.It Cm ForwardAgent
634Specifies whether the connection to the authentication agent (if any)
635will be forwarded to the remote machine.
636The argument must be
637.Cm yes
638or
639.Cm no
640(the default).
641.Pp
642Agent forwarding should be enabled with caution.
643Users with the ability to bypass file permissions on the remote host
644(for the agent's Unix-domain socket)
645can access the local agent through the forwarded connection.
646An attacker cannot obtain key material from the agent,
647however they can perform operations on the keys that enable them to
648authenticate using the identities loaded into the agent.
649.It Cm ForwardX11
650Specifies whether X11 connections will be automatically redirected
651over the secure channel and
652.Ev DISPLAY
653set.
654The argument must be
655.Cm yes
656or
657.Cm no
658(the default).
659.Pp
660X11 forwarding should be enabled with caution.
661Users with the ability to bypass file permissions on the remote host
662(for the user's X11 authorization database)
663can access the local X11 display through the forwarded connection.
664An attacker may then be able to perform activities such as keystroke monitoring
665if the
666.Cm ForwardX11Trusted
667option is also enabled.
668.It Cm ForwardX11Timeout
669Specify a timeout for untrusted X11 forwarding
670using the format described in the
671.Sx TIME FORMATS
672section of
673.Xr sshd_config 5 .
674X11 connections received by
675.Xr ssh 1
676after this time will be refused.
677The default is to disable untrusted X11 forwarding after twenty minutes has
678elapsed.
679.It Cm ForwardX11Trusted
680If this option is set to
681.Cm yes ,
682remote X11 clients will have full access to the original X11 display.
683.Pp
684If this option is set to
685.Cm no
686(the default),
687remote X11 clients will be considered untrusted and prevented
688from stealing or tampering with data belonging to trusted X11
689clients.
690Furthermore, the
691.Xr xauth 1
692token used for the session will be set to expire after 20 minutes.
693Remote clients will be refused access after this time.
694.Pp
695See the X11 SECURITY extension specification for full details on
696the restrictions imposed on untrusted clients.
697.It Cm GatewayPorts
698Specifies whether remote hosts are allowed to connect to local
699forwarded ports.
700By default,
701.Xr ssh 1
702binds local port forwardings to the loopback address.
703This prevents other remote hosts from connecting to forwarded ports.
704.Cm GatewayPorts
705can be used to specify that ssh
706should bind local port forwardings to the wildcard address,
707thus allowing remote hosts to connect to forwarded ports.
708The argument must be
709.Cm yes
710or
711.Cm no
712(the default).
713.It Cm GlobalKnownHostsFile
714Specifies one or more files to use for the global
715host key database, separated by whitespace.
716The default is
717.Pa /etc/ssh/ssh_known_hosts ,
718.Pa /etc/ssh/ssh_known_hosts2 .
719.It Cm GSSAPIAuthentication
720Specifies whether user authentication based on GSSAPI is allowed.
721The default is
722.Cm no .
723.It Cm GSSAPIDelegateCredentials
724Forward (delegate) credentials to the server.
725The default is
726.Cm no .
727.It Cm HashKnownHosts
728Indicates that
729.Xr ssh 1
730should hash host names and addresses when they are added to
731.Pa ~/.ssh/known_hosts .
732These hashed names may be used normally by
733.Xr ssh 1
734and
735.Xr sshd 8 ,
736but they do not reveal identifying information should the file's contents
737be disclosed.
738The default is
739.Cm no .
740Note that existing names and addresses in known hosts files
741will not be converted automatically,
742but may be manually hashed using
743.Xr ssh-keygen 1 .
744.It Cm HostbasedAuthentication
745Specifies whether to try rhosts based authentication with public key
746authentication.
747The argument must be
748.Cm yes
749or
750.Cm no
751(the default).
752.It Cm HostbasedKeyTypes
753Specifies the key types that will be used for hostbased authentication
754as a comma-separated pattern list.
755Alternately if the specified value begins with a
756.Sq +
757character, then the specified key types will be appended to the default set
758instead of replacing them.
759If the specified value begins with a
760.Sq -
761character, then the specified key types (including wildcards) will be removed
762from the default set instead of replacing them.
763The default for this option is:
764.Bd -literal -offset 3n
765ecdsa-sha2-nistp256-cert-v01@openssh.com,
766ecdsa-sha2-nistp384-cert-v01@openssh.com,
767ecdsa-sha2-nistp521-cert-v01@openssh.com,
768ssh-ed25519-cert-v01@openssh.com,
769ssh-rsa-cert-v01@openssh.com,
770ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
771ssh-ed25519,ssh-rsa
772.Ed
773.Pp
774The
775.Fl Q
776option of
777.Xr ssh 1
778may be used to list supported key types.
779.It Cm HostKeyAlgorithms
780Specifies the host key algorithms
781that the client wants to use in order of preference.
782Alternately if the specified value begins with a
783.Sq +
784character, then the specified key types will be appended to the default set
785instead of replacing them.
786If the specified value begins with a
787.Sq -
788character, then the specified key types (including wildcards) will be removed
789from the default set instead of replacing them.
790The default for this option is:
791.Bd -literal -offset 3n
792ecdsa-sha2-nistp256-cert-v01@openssh.com,
793ecdsa-sha2-nistp384-cert-v01@openssh.com,
794ecdsa-sha2-nistp521-cert-v01@openssh.com,
795ssh-ed25519-cert-v01@openssh.com,
796ssh-rsa-cert-v01@openssh.com,
797ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
798ssh-ed25519,ssh-rsa
799.Ed
800.Pp
801If hostkeys are known for the destination host then this default is modified
802to prefer their algorithms.
803.Pp
804The list of available key types may also be obtained using
805.Qq ssh -Q key .
806.It Cm HostKeyAlias
807Specifies an alias that should be used instead of the
808real host name when looking up or saving the host key
809in the host key database files and when validating host certificates.
810This option is useful for tunneling SSH connections
811or for multiple servers running on a single host.
812.It Cm HostName
813Specifies the real host name to log into.
814This can be used to specify nicknames or abbreviations for hosts.
815Arguments to
816.Cm HostName
817accept the tokens described in the
818.Sx TOKENS
819section.
820Numeric IP addresses are also permitted (both on the command line and in
821.Cm HostName
822specifications).
823The default is the name given on the command line.
824.It Cm IdentitiesOnly
825Specifies that
826.Xr ssh 1
827should only use the authentication identity and certificate files explicitly
828configured in the
829.Nm
830files
831or passed on the
832.Xr ssh 1
833command-line,
834even if
835.Xr ssh-agent 1
836or a
837.Cm PKCS11Provider
838offers more identities.
839The argument to this keyword must be
840.Cm yes
841or
842.Cm no
843(the default).
844This option is intended for situations where ssh-agent
845offers many different identities.
846.It Cm IdentityAgent
847Specifies the
848.Ux Ns -domain
849socket used to communicate with the authentication agent.
850.Pp
851This option overrides the
852.Ev SSH_AUTH_SOCK
853environment variable and can be used to select a specific agent.
854Setting the socket name to
855.Cm none
856disables the use of an authentication agent.
857If the string
858.Qq SSH_AUTH_SOCK
859is specified, the location of the socket will be read from the
860.Ev SSH_AUTH_SOCK
861environment variable.
862.Pp
863Arguments to
864.Cm IdentityAgent
865may use the tilde syntax to refer to a user's home directory
866or the tokens described in the
867.Sx TOKENS
868section.
869.It Cm IdentityFile
870Specifies a file from which the user's DSA, ECDSA, Ed25519 or RSA authentication
871identity is read.
872The default is
873.Pa ~/.ssh/id_dsa ,
874.Pa ~/.ssh/id_ecdsa ,
875.Pa ~/.ssh/id_ed25519
876and
877.Pa ~/.ssh/id_rsa .
878Additionally, any identities represented by the authentication agent
879will be used for authentication unless
880.Cm IdentitiesOnly
881is set.
882If no certificates have been explicitly specified by
883.Cm CertificateFile ,
884.Xr ssh 1
885will try to load certificate information from the filename obtained by
886appending
887.Pa -cert.pub
888to the path of a specified
889.Cm IdentityFile .
890.Pp
891Arguments to
892.Cm IdentityFile
893may use the tilde syntax to refer to a user's home directory
894or the tokens described in the
895.Sx TOKENS
896section.
897.Pp
898It is possible to have
899multiple identity files specified in configuration files; all these
900identities will be tried in sequence.
901Multiple
902.Cm IdentityFile
903directives will add to the list of identities tried (this behaviour
904differs from that of other configuration directives).
905.Pp
906.Cm IdentityFile
907may be used in conjunction with
908.Cm IdentitiesOnly
909to select which identities in an agent are offered during authentication.
910.Cm IdentityFile
911may also be used in conjunction with
912.Cm CertificateFile
913in order to provide any certificate also needed for authentication with
914the identity.
915.It Cm IgnoreUnknown
916Specifies a pattern-list of unknown options to be ignored if they are
917encountered in configuration parsing.
918This may be used to suppress errors if
919.Nm
920contains options that are unrecognised by
921.Xr ssh 1 .
922It is recommended that
923.Cm IgnoreUnknown
924be listed early in the configuration file as it will not be applied
925to unknown options that appear before it.
926.It Cm Include
927Include the specified configuration file(s).
928Multiple pathnames may be specified and each pathname may contain
929.Xr glob 3
930wildcards and, for user configurations, shell-like
931.Sq ~
932references to user home directories.
933Files without absolute paths are assumed to be in
934.Pa ~/.ssh
935if included in a user configuration file or
936.Pa /etc/ssh
937if included from the system configuration file.
938.Cm Include
939directive may appear inside a
940.Cm Match
941or
942.Cm Host
943block
944to perform conditional inclusion.
945.It Cm IPQoS
946Specifies the IPv4 type-of-service or DSCP class for connections.
947Accepted values are
948.Cm af11 ,
949.Cm af12 ,
950.Cm af13 ,
951.Cm af21 ,
952.Cm af22 ,
953.Cm af23 ,
954.Cm af31 ,
955.Cm af32 ,
956.Cm af33 ,
957.Cm af41 ,
958.Cm af42 ,
959.Cm af43 ,
960.Cm cs0 ,
961.Cm cs1 ,
962.Cm cs2 ,
963.Cm cs3 ,
964.Cm cs4 ,
965.Cm cs5 ,
966.Cm cs6 ,
967.Cm cs7 ,
968.Cm ef ,
969.Cm lowdelay ,
970.Cm throughput ,
971.Cm reliability ,
972a numeric value, or
973.Cm none
974to use the operating system default.
975This option may take one or two arguments, separated by whitespace.
976If one argument is specified, it is used as the packet class unconditionally.
977If two values are specified, the first is automatically selected for
978interactive sessions and the second for non-interactive sessions.
979The default is
980.Cm lowdelay
981for interactive sessions and
982.Cm throughput
983for non-interactive sessions.
984.It Cm KbdInteractiveAuthentication
985Specifies whether to use keyboard-interactive authentication.
986The argument to this keyword must be
987.Cm yes
988(the default)
989or
990.Cm no .
991.It Cm KbdInteractiveDevices
992Specifies the list of methods to use in keyboard-interactive authentication.
993Multiple method names must be comma-separated.
994The default is to use the server specified list.
995The methods available vary depending on what the server supports.
996For an OpenSSH server,
997it may be zero or more of:
998.Cm bsdauth ,
999.Cm pam ,
1000and
1001.Cm skey .
1002.It Cm KexAlgorithms
1003Specifies the available KEX (Key Exchange) algorithms.
1004Multiple algorithms must be comma-separated.
1005Alternately if the specified value begins with a
1006.Sq +
1007character, then the specified methods will be appended to the default set
1008instead of replacing them.
1009If the specified value begins with a
1010.Sq -
1011character, then the specified methods (including wildcards) will be removed
1012from the default set instead of replacing them.
1013The default is:
1014.Bd -literal -offset indent
1015curve25519-sha256,curve25519-sha256@libssh.org,
1016ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,
1017diffie-hellman-group-exchange-sha256,
1018diffie-hellman-group-exchange-sha1,
1019diffie-hellman-group14-sha1
1020.Ed
1021.Pp
1022The list of available key exchange algorithms may also be obtained using
1023.Qq ssh -Q kex .
1024.It Cm LocalCommand
1025Specifies a command to execute on the local machine after successfully
1026connecting to the server.
1027The command string extends to the end of the line, and is executed with
1028the user's shell.
1029Arguments to
1030.Cm LocalCommand
1031accept the tokens described in the
1032.Sx TOKENS
1033section.
1034.Pp
1035The command is run synchronously and does not have access to the
1036session of the
1037.Xr ssh 1
1038that spawned it.
1039It should not be used for interactive commands.
1040.Pp
1041This directive is ignored unless
1042.Cm PermitLocalCommand
1043has been enabled.
1044.It Cm LocalForward
1045Specifies that a TCP port on the local machine be forwarded over
1046the secure channel to the specified host and port from the remote machine.
1047The first argument must be
1048.Sm off
1049.Oo Ar bind_address : Oc Ar port
1050.Sm on
1051and the second argument must be
1052.Ar host : Ns Ar hostport .
1053IPv6 addresses can be specified by enclosing addresses in square brackets.
1054Multiple forwardings may be specified, and additional forwardings can be
1055given on the command line.
1056Only the superuser can forward privileged ports.
1057By default, the local port is bound in accordance with the
1058.Cm GatewayPorts
1059setting.
1060However, an explicit
1061.Ar bind_address
1062may be used to bind the connection to a specific address.
1063The
1064.Ar bind_address
1065of
1066.Cm localhost
1067indicates that the listening port be bound for local use only, while an
1068empty address or
1069.Sq *
1070indicates that the port should be available from all interfaces.
1071.It Cm LogLevel
1072Gives the verbosity level that is used when logging messages from
1073.Xr ssh 1 .
1074The possible values are:
1075QUIET, FATAL, ERROR, INFO, VERBOSE, DEBUG, DEBUG1, DEBUG2, and DEBUG3.
1076The default is INFO.
1077DEBUG and DEBUG1 are equivalent.
1078DEBUG2 and DEBUG3 each specify higher levels of verbose output.
1079.It Cm MACs
1080Specifies the MAC (message authentication code) algorithms
1081in order of preference.
1082The MAC algorithm is used for data integrity protection.
1083Multiple algorithms must be comma-separated.
1084If the specified value begins with a
1085.Sq +
1086character, then the specified algorithms will be appended to the default set
1087instead of replacing them.
1088If the specified value begins with a
1089.Sq -
1090character, then the specified algorithms (including wildcards) will be removed
1091from the default set instead of replacing them.
1092.Pp
1093The algorithms that contain
1094.Qq -etm
1095calculate the MAC after encryption (encrypt-then-mac).
1096These are considered safer and their use recommended.
1097.Pp
1098The default is:
1099.Bd -literal -offset indent
1100umac-64-etm@openssh.com,umac-128-etm@openssh.com,
1101hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,
1102hmac-sha1-etm@openssh.com,
1103umac-64@openssh.com,umac-128@openssh.com,
1104hmac-sha2-256,hmac-sha2-512,hmac-sha1
1105.Ed
1106.Pp
1107The list of available MAC algorithms may also be obtained using
1108.Qq ssh -Q mac .
1109.It Cm NoHostAuthenticationForLocalhost
1110This option can be used if the home directory is shared across machines.
1111In this case localhost will refer to a different machine on each of
1112the machines and the user will get many warnings about changed host keys.
1113However, this option disables host authentication for localhost.
1114The argument to this keyword must be
1115.Cm yes
1116or
1117.Cm no
1118(the default).
1119.It Cm NumberOfPasswordPrompts
1120Specifies the number of password prompts before giving up.
1121The argument to this keyword must be an integer.
1122The default is 3.
1123.It Cm PasswordAuthentication
1124Specifies whether to use password authentication.
1125The argument to this keyword must be
1126.Cm yes
1127(the default)
1128or
1129.Cm no .
1130.It Cm PermitLocalCommand
1131Allow local command execution via the
1132.Ic LocalCommand
1133option or using the
1134.Ic !\& Ns Ar command
1135escape sequence in
1136.Xr ssh 1 .
1137The argument must be
1138.Cm yes
1139or
1140.Cm no
1141(the default).
1142.It Cm PKCS11Provider
1143Specifies which PKCS#11 provider to use.
1144The argument to this keyword is the PKCS#11 shared library
1145.Xr ssh 1
1146should use to communicate with a PKCS#11 token providing the user's
1147private RSA key.
1148.It Cm Port
1149Specifies the port number to connect on the remote host.
1150The default is 22.
1151.It Cm PreferredAuthentications
1152Specifies the order in which the client should try authentication methods.
1153This allows a client to prefer one method (e.g.\&
1154.Cm keyboard-interactive )
1155over another method (e.g.\&
1156.Cm password ) .
1157The default is:
1158.Bd -literal -offset indent
1159gssapi-with-mic,hostbased,publickey,
1160keyboard-interactive,password
1161.Ed
1162.It Cm ProxyCommand
1163Specifies the command to use to connect to the server.
1164The command
1165string extends to the end of the line, and is executed
1166using the user's shell
1167.Ql exec
1168directive to avoid a lingering shell process.
1169.Pp
1170Arguments to
1171.Cm ProxyCommand
1172accept the tokens described in the
1173.Sx TOKENS
1174section.
1175The command can be basically anything,
1176and should read from its standard input and write to its standard output.
1177It should eventually connect an
1178.Xr sshd 8
1179server running on some machine, or execute
1180.Ic sshd -i
1181somewhere.
1182Host key management will be done using the
1183HostName of the host being connected (defaulting to the name typed by
1184the user).
1185Setting the command to
1186.Cm none
1187disables this option entirely.
1188Note that
1189.Cm CheckHostIP
1190is not available for connects with a proxy command.
1191.Pp
1192This directive is useful in conjunction with
1193.Xr nc 1
1194and its proxy support.
1195For example, the following directive would connect via an HTTP proxy at
1196192.0.2.0:
1197.Bd -literal -offset 3n
1198ProxyCommand /usr/bin/nc -X connect -x 192.0.2.0:8080 %h %p
1199.Ed
1200.It Cm ProxyJump
1201Specifies one or more jump proxies as
1202.Xo
1203.Sm off
1204.Op Ar user No @
1205.Ar host
1206.Op : Ns Ar port
1207.Sm on
1208.Xc .
1209Multiple proxies may be separated by comma characters and will be visited
1210sequentially.
1211Setting this option will cause
1212.Xr ssh 1
1213to connect to the target host by first making a
1214.Xr ssh 1
1215connection to the specified
1216.Cm ProxyJump
1217host and then establishing a
1218TCP forwarding to the ultimate target from there.
1219.Pp
1220Note that this option will compete with the
1221.Cm ProxyCommand
1222option - whichever is specified first will prevent later instances of the
1223other from taking effect.
1224.It Cm ProxyUseFdpass
1225Specifies that
1226.Cm ProxyCommand
1227will pass a connected file descriptor back to
1228.Xr ssh 1
1229instead of continuing to execute and pass data.
1230The default is
1231.Cm no .
1232.It Cm PubkeyAcceptedKeyTypes
1233Specifies the key types that will be used for public key authentication
1234as a comma-separated pattern list.
1235Alternately if the specified value begins with a
1236.Sq +
1237character, then the key types after it will be appended to the default
1238instead of replacing it.
1239If the specified value begins with a
1240.Sq -
1241character, then the specified key types (including wildcards) will be removed
1242from the default set instead of replacing them.
1243The default for this option is:
1244.Bd -literal -offset 3n
1245ecdsa-sha2-nistp256-cert-v01@openssh.com,
1246ecdsa-sha2-nistp384-cert-v01@openssh.com,
1247ecdsa-sha2-nistp521-cert-v01@openssh.com,
1248ssh-ed25519-cert-v01@openssh.com,
1249ssh-rsa-cert-v01@openssh.com,
1250ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
1251ssh-ed25519,ssh-rsa
1252.Ed
1253.Pp
1254The list of available key types may also be obtained using
1255.Qq ssh -Q key .
1256.It Cm PubkeyAuthentication
1257Specifies whether to try public key authentication.
1258The argument to this keyword must be
1259.Cm yes
1260(the default)
1261or
1262.Cm no .
1263.It Cm RekeyLimit
1264Specifies the maximum amount of data that may be transmitted before the
1265session key is renegotiated, optionally followed a maximum amount of
1266time that may pass before the session key is renegotiated.
1267The first argument is specified in bytes and may have a suffix of
1268.Sq K ,
1269.Sq M ,
1270or
1271.Sq G
1272to indicate Kilobytes, Megabytes, or Gigabytes, respectively.
1273The default is between
1274.Sq 1G
1275and
1276.Sq 4G ,
1277depending on the cipher.
1278The optional second value is specified in seconds and may use any of the
1279units documented in the
1280.Sx TIME FORMATS
1281section of
1282.Xr sshd_config 5 .
1283The default value for
1284.Cm RekeyLimit
1285is
1286.Cm default none ,
1287which means that rekeying is performed after the cipher's default amount
1288of data has been sent or received and no time based rekeying is done.
1289.It Cm RemoteCommand
1290Specifies a command to execute on the remote machine after successfully
1291connecting to the server.
1292The command string extends to the end of the line, and is executed with
1293the user's shell.
1294Arguments to
1295.Cm RemoteCommand
1296accept the tokens described in the
1297.Sx TOKENS
1298section.
1299.It Cm RemoteForward
1300Specifies that a TCP port on the remote machine be forwarded over
1301the secure channel.
1302The remote port may either be fowarded to a specified host and port
1303from the local machine, or may act as a SOCKS 4/5 proxy that allows a remote
1304client to connect to arbitrary destinations from the local machine.
1305The first argument must be
1306.Sm off
1307.Oo Ar bind_address : Oc Ar port
1308.Sm on
1309If forwarding to a specific destination then the second argument must be
1310.Ar host : Ns Ar hostport ,
1311otherwise if no destination argument is specified then the remote forwarding
1312will be established as a SOCKS proxy.
1313.Pp
1314IPv6 addresses can be specified by enclosing addresses in square brackets.
1315Multiple forwardings may be specified, and additional
1316forwardings can be given on the command line.
1317Privileged ports can be forwarded only when
1318logging in as root on the remote machine.
1319.Pp
1320If the
1321.Ar port
1322argument is 0,
1323the listen port will be dynamically allocated on the server and reported
1324to the client at run time.
1325.Pp
1326If the
1327.Ar bind_address
1328is not specified, the default is to only bind to loopback addresses.
1329If the
1330.Ar bind_address
1331is
1332.Ql *
1333or an empty string, then the forwarding is requested to listen on all
1334interfaces.
1335Specifying a remote
1336.Ar bind_address
1337will only succeed if the server's
1338.Cm GatewayPorts
1339option is enabled (see
1340.Xr sshd_config 5 ) .
1341.It Cm RequestTTY
1342Specifies whether to request a pseudo-tty for the session.
1343The argument may be one of:
1344.Cm no
1345(never request a TTY),
1346.Cm yes
1347(always request a TTY when standard input is a TTY),
1348.Cm force
1349(always request a TTY) or
1350.Cm auto
1351(request a TTY when opening a login session).
1352This option mirrors the
1353.Fl t
1354and
1355.Fl T
1356flags for
1357.Xr ssh 1 .
1358.It Cm RevokedHostKeys
1359Specifies revoked host public keys.
1360Keys listed in this file will be refused for host authentication.
1361Note that if this file does not exist or is not readable,
1362then host authentication will be refused for all hosts.
1363Keys may be specified as a text file, listing one public key per line, or as
1364an OpenSSH Key Revocation List (KRL) as generated by
1365.Xr ssh-keygen 1 .
1366For more information on KRLs, see the KEY REVOCATION LISTS section in
1367.Xr ssh-keygen 1 .
1368.It Cm SendEnv
1369Specifies what variables from the local
1370.Xr environ 7
1371should be sent to the server.
1372The server must also support it, and the server must be configured to
1373accept these environment variables.
1374Note that the
1375.Ev TERM
1376environment variable is always sent whenever a
1377pseudo-terminal is requested as it is required by the protocol.
1378Refer to
1379.Cm AcceptEnv
1380in
1381.Xr sshd_config 5
1382for how to configure the server.
1383Variables are specified by name, which may contain wildcard characters.
1384Multiple environment variables may be separated by whitespace or spread
1385across multiple
1386.Cm SendEnv
1387directives.
1388The default is not to send any environment variables.
1389.Pp
1390See
1391.Sx PATTERNS
1392for more information on patterns.
1393.It Cm ServerAliveCountMax
1394Sets the number of server alive messages (see below) which may be
1395sent without
1396.Xr ssh 1
1397receiving any messages back from the server.
1398If this threshold is reached while server alive messages are being sent,
1399ssh will disconnect from the server, terminating the session.
1400It is important to note that the use of server alive messages is very
1401different from
1402.Cm TCPKeepAlive
1403(below).
1404The server alive messages are sent through the encrypted channel
1405and therefore will not be spoofable.
1406The TCP keepalive option enabled by
1407.Cm TCPKeepAlive
1408is spoofable.
1409The server alive mechanism is valuable when the client or
1410server depend on knowing when a connection has become inactive.
1411.Pp
1412The default value is 3.
1413If, for example,
1414.Cm ServerAliveInterval
1415(see below) is set to 15 and
1416.Cm ServerAliveCountMax
1417is left at the default, if the server becomes unresponsive,
1418ssh will disconnect after approximately 45 seconds.
1419.It Cm ServerAliveInterval
1420Sets a timeout interval in seconds after which if no data has been received
1421from the server,
1422.Xr ssh 1
1423will send a message through the encrypted
1424channel to request a response from the server.
1425The default
1426is 0, indicating that these messages will not be sent to the server.
1427.It Cm StreamLocalBindMask
1428Sets the octal file creation mode mask
1429.Pq umask
1430used when creating a Unix-domain socket file for local or remote
1431port forwarding.
1432This option is only used for port forwarding to a Unix-domain socket file.
1433.Pp
1434The default value is 0177, which creates a Unix-domain socket file that is
1435readable and writable only by the owner.
1436Note that not all operating systems honor the file mode on Unix-domain
1437socket files.
1438.It Cm StreamLocalBindUnlink
1439Specifies whether to remove an existing Unix-domain socket file for local
1440or remote port forwarding before creating a new one.
1441If the socket file already exists and
1442.Cm StreamLocalBindUnlink
1443is not enabled,
1444.Nm ssh
1445will be unable to forward the port to the Unix-domain socket file.
1446This option is only used for port forwarding to a Unix-domain socket file.
1447.Pp
1448The argument must be
1449.Cm yes
1450or
1451.Cm no
1452(the default).
1453.It Cm StrictHostKeyChecking
1454If this flag is set to
1455.Cm yes ,
1456.Xr ssh 1
1457will never automatically add host keys to the
1458.Pa ~/.ssh/known_hosts
1459file, and refuses to connect to hosts whose host key has changed.
1460This provides maximum protection against trojan horse attacks,
1461though it can be annoying when the
1462.Pa /etc/ssh/ssh_known_hosts
1463file is poorly maintained or when connections to new hosts are
1464frequently made.
1465This option forces the user to manually
1466add all new hosts.
1467.Pp
1468If this flag is set to
1469.Dq accept-new
1470then ssh will automatically add new host keys to the user
1471known hosts files, but will not permit connections to hosts with
1472changed host keys.
1473If this flag is set to
1474.Dq no
1475or
1476.Dq off ,
1477ssh will automatically add new host keys to the user known hosts files
1478and allow connections to hosts with changed hostkeys to proceed,
1479subject to some restrictions.
1480If this flag is set to
1481.Cm ask
1482(the default),
1483new host keys
1484will be added to the user known host files only after the user
1485has confirmed that is what they really want to do, and
1486ssh will refuse to connect to hosts whose host key has changed.
1487The host keys of
1488known hosts will be verified automatically in all cases.
1489.It Cm SyslogFacility
1490Gives the facility code that is used when logging messages from
1491.Xr ssh 1 .
1492The possible values are: DAEMON, USER, AUTH, LOCAL0, LOCAL1, LOCAL2,
1493LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7.
1494The default is USER.
1495.It Cm TCPKeepAlive
1496Specifies whether the system should send TCP keepalive messages to the
1497other side.
1498If they are sent, death of the connection or crash of one
1499of the machines will be properly noticed.
1500However, this means that
1501connections will die if the route is down temporarily, and some people
1502find it annoying.
1503.Pp
1504The default is
1505.Cm yes
1506(to send TCP keepalive messages), and the client will notice
1507if the network goes down or the remote host dies.
1508This is important in scripts, and many users want it too.
1509.Pp
1510To disable TCP keepalive messages, the value should be set to
1511.Cm no .
1512.It Cm Tunnel
1513Request
1514.Xr tun 4
1515device forwarding between the client and the server.
1516The argument must be
1517.Cm yes ,
1518.Cm point-to-point
1519(layer 3),
1520.Cm ethernet
1521(layer 2),
1522or
1523.Cm no
1524(the default).
1525Specifying
1526.Cm yes
1527requests the default tunnel mode, which is
1528.Cm point-to-point .
1529.It Cm TunnelDevice
1530Specifies the
1531.Xr tun 4
1532devices to open on the client
1533.Pq Ar local_tun
1534and the server
1535.Pq Ar remote_tun .
1536.Pp
1537The argument must be
1538.Sm off
1539.Ar local_tun Op : Ar remote_tun .
1540.Sm on
1541The devices may be specified by numerical ID or the keyword
1542.Cm any ,
1543which uses the next available tunnel device.
1544If
1545.Ar remote_tun
1546is not specified, it defaults to
1547.Cm any .
1548The default is
1549.Cm any:any .
1550.It Cm UpdateHostKeys
1551Specifies whether
1552.Xr ssh 1
1553should accept notifications of additional hostkeys from the server sent
1554after authentication has completed and add them to
1555.Cm UserKnownHostsFile .
1556The argument must be
1557.Cm yes ,
1558.Cm no
1559(the default) or
1560.Cm ask .
1561Enabling this option allows learning alternate hostkeys for a server
1562and supports graceful key rotation by allowing a server to send replacement
1563public keys before old ones are removed.
1564Additional hostkeys are only accepted if the key used to authenticate the
1565host was already trusted or explicitly accepted by the user.
1566If
1567.Cm UpdateHostKeys
1568is set to
1569.Cm ask ,
1570then the user is asked to confirm the modifications to the known_hosts file.
1571Confirmation is currently incompatible with
1572.Cm ControlPersist ,
1573and will be disabled if it is enabled.
1574.Pp
1575Presently, only
1576.Xr sshd 8
1577from OpenSSH 6.8 and greater support the
1578.Qq hostkeys@openssh.com
1579protocol extension used to inform the client of all the server's hostkeys.
1580.It Cm UsePrivilegedPort
1581Specifies whether to use a privileged port for outgoing connections.
1582The argument must be
1583.Cm yes
1584or
1585.Cm no
1586(the default).
1587If set to
1588.Cm yes ,
1589.Xr ssh 1
1590must be setuid root.
1591.It Cm User
1592Specifies the user to log in as.
1593This can be useful when a different user name is used on different machines.
1594This saves the trouble of
1595having to remember to give the user name on the command line.
1596.It Cm UserKnownHostsFile
1597Specifies one or more files to use for the user
1598host key database, separated by whitespace.
1599The default is
1600.Pa ~/.ssh/known_hosts ,
1601.Pa ~/.ssh/known_hosts2 .
1602.It Cm VerifyHostKeyDNS
1603Specifies whether to verify the remote key using DNS and SSHFP resource
1604records.
1605If this option is set to
1606.Cm yes ,
1607the client will implicitly trust keys that match a secure fingerprint
1608from DNS.
1609Insecure fingerprints will be handled as if this option was set to
1610.Cm ask .
1611If this option is set to
1612.Cm ask ,
1613information on fingerprint match will be displayed, but the user will still
1614need to confirm new host keys according to the
1615.Cm StrictHostKeyChecking
1616option.
1617The default is
1618.Cm no .
1619.Pp
1620See also
1621.Sx VERIFYING HOST KEYS
1622in
1623.Xr ssh 1 .
1624.It Cm VisualHostKey
1625If this flag is set to
1626.Cm yes ,
1627an ASCII art representation of the remote host key fingerprint is
1628printed in addition to the fingerprint string at login and
1629for unknown host keys.
1630If this flag is set to
1631.Cm no
1632(the default),
1633no fingerprint strings are printed at login and
1634only the fingerprint string will be printed for unknown host keys.
1635.It Cm XAuthLocation
1636Specifies the full pathname of the
1637.Xr xauth 1
1638program.
1639The default is
1640.Pa /usr/X11R6/bin/xauth .
1641.El
1642.Sh PATTERNS
1643A
1644.Em pattern
1645consists of zero or more non-whitespace characters,
1646.Sq *
1647(a wildcard that matches zero or more characters),
1648or
1649.Sq ?\&
1650(a wildcard that matches exactly one character).
1651For example, to specify a set of declarations for any host in the
1652.Qq .co.uk
1653set of domains,
1654the following pattern could be used:
1655.Pp
1656.Dl Host *.co.uk
1657.Pp
1658The following pattern
1659would match any host in the 192.168.0.[0-9] network range:
1660.Pp
1661.Dl Host 192.168.0.?
1662.Pp
1663A
1664.Em pattern-list
1665is a comma-separated list of patterns.
1666Patterns within pattern-lists may be negated
1667by preceding them with an exclamation mark
1668.Pq Sq !\& .
1669For example,
1670to allow a key to be used from anywhere within an organization
1671except from the
1672.Qq dialup
1673pool,
1674the following entry (in authorized_keys) could be used:
1675.Pp
1676.Dl from=\&"!*.dialup.example.com,*.example.com\&"
1677.Sh TOKENS
1678Arguments to some keywords can make use of tokens,
1679which are expanded at runtime:
1680.Pp
1681.Bl -tag -width XXXX -offset indent -compact
1682.It %%
1683A literal
1684.Sq % .
1685.It \&%C
1686Shorthand for %l%h%p%r.
1687.It %d
1688Local user's home directory.
1689.It %h
1690The remote hostname.
1691.It %i
1692The local user ID.
1693.It %L
1694The local hostname.
1695.It %l
1696The local hostname, including the domain name.
1697.It %n
1698The original remote hostname, as given on the command line.
1699.It %p
1700The remote port.
1701.It %r
1702The remote username.
1703.It %u
1704The local username.
1705.El
1706.Pp
1707.Cm Match exec
1708accepts the tokens %%, %h, %L, %l, %n, %p, %r, and %u.
1709.Pp
1710.Cm CertificateFile
1711accepts the tokens %%, %d, %h, %l, %r, and %u.
1712.Pp
1713.Cm ControlPath
1714accepts the tokens %%, %C, %h, %i, %L, %l, %n, %p, %r, and %u.
1715.Pp
1716.Cm HostName
1717accepts the tokens %% and %h.
1718.Pp
1719.Cm IdentityAgent
1720and
1721.Cm IdentityFile
1722accept the tokens %%, %d, %h, %l, %r, and %u.
1723.Pp
1724.Cm LocalCommand
1725accepts the tokens %%, %C, %d, %h, %l, %n, %p, %r, and %u.
1726.Pp
1727.Cm ProxyCommand
1728accepts the tokens %%, %h, %p, and %r.
1729.Pp
1730.Cm RemoteCommand
1731accepts the tokens %%, %C, %d, %h, %l, %n, %p, %r, and %u.
1732.Sh FILES
1733.Bl -tag -width Ds
1734.It Pa ~/.ssh/config
1735This is the per-user configuration file.
1736The format of this file is described above.
1737This file is used by the SSH client.
1738Because of the potential for abuse, this file must have strict permissions:
1739read/write for the user, and not accessible by others.
1740.It Pa /etc/ssh/ssh_config
1741Systemwide configuration file.
1742This file provides defaults for those
1743values that are not specified in the user's configuration file, and
1744for those users who do not have a configuration file.
1745This file must be world-readable.
1746.El
1747.Sh SEE ALSO
1748.Xr ssh 1
1749.Sh AUTHORS
1750.An -nosplit
1751OpenSSH is a derivative of the original and free
1752ssh 1.2.12 release by
1753.An Tatu Ylonen .
1754.An Aaron Campbell , Bob Beck , Markus Friedl ,
1755.An Niels Provos , Theo de Raadt
1756and
1757.An Dug Song
1758removed many bugs, re-added newer features and
1759created OpenSSH.
1760.An Markus Friedl
1761contributed the support for SSH protocol versions 1.5 and 2.0.
1762