Lines Matching +full:host +full:- +full:port

48 .Bl -enum -offset indent -compact
50 command-line options
55 system-wide configuration file
62 .Cm Host
65 The matched host name is usually the one given on the command line
71 host-specific declarations should be given near the beginning of the
74 The file contains keyword-argument pairs, one per line.
95 keywords are case-insensitive and arguments are case-sensitive):
96 .Bl -tag -width Ds
97 .It Cm Host
99 .Cm Host
109 The host is usually the
119 .Cm Host
130 .Cm Host
145 .Cm host ,
169 keyword matches only when the configuration file is being re-parsed
173 This may be useful to specify conditions that work with canonical host
178 keyword requests that the configuration be re-parsed (regardless of whether
208 and so caution should be applied if using it to control security-sensitive
211 The other keywords' criteria must be single entries or comma-separated
216 .Cm host
225 keyword matches against the hostname as it was specified on the command-line.
232 command-line using the
237 keyword matches against the target username on the remote host.
242 (this keyword may be useful in system-wide
247 .Xr ssh-agent 1 .
252 .Xr ssh-add 1 .
259 .Xr ssh-add 1
266 .Xr ssh-add 1 .
276 .Xr ssh-agent 1 ,
298 user interaction such as password prompts and host key confirmation requests
319 search for the specified destination host.
362 .Cm Host
370 host.
383 is a pattern-list of domains that may follow CNAMEs in canonicalization,
386 is a pattern-list of domains that they may resolve to.
406 .Bd -literal -offset indent
407 ssh-ed25519,ecdsa-sha2-nistp256,
408 ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
409 sk-ssh-ed25519@openssh.com,
410 sk-ecdsa-sha2-nistp256@openssh.com,
411 rsa-sha2-512,rsa-sha2-256
419 .Sq -
424 will not accept host certificates signed using algorithms other than those
437 .Xr ssh-agent 1 ,
491 .Bl -tag -width Ds
492 .It Cm agent-connection
494 .Xr ssh-agent 1 .
495 .It Cm direct-tcpip , Cm direct-streamlocal@openssh.com
503 .It Cm forwarded-tcpip , Cm forwarded-streamlocal@openssh.com
516 .It Cm tun-connection
520 .It Cm x11-connection
539 will additionally check the host IP address in the
542 This allows it to detect if a host key changed due to DNS spoofing
553 Multiple ciphers must be comma-separated.
559 .Sq -
568 .Bd -literal -offset indent
569 3des-cbc
570 aes128-cbc
571 aes192-cbc
572 aes256-cbc
573 aes128-ctr
574 aes192-ctr
575 aes256-ctr
576 aes128-gcm@openssh.com
577 aes256-gcm@openssh.com
578 chacha20-poly1305@openssh.com
582 .Bd -literal -offset indent
583 chacha20-poly1305@openssh.com,
584 aes128-ctr,aes192-ctr,aes256-ctr,
585 aes128-gcm@openssh.com,aes256-gcm@openssh.com
589 .Qq ssh -Q cipher .
591 Specifies that all local, remote, and dynamic port forwardings
596 command line to clear port forwardings set in
647 .Xr ssh-askpass 1 .
655 .Xr ssh-agent 1
707 .Qq ssh -O exit ) .
714 Specifies that a TCP port on the local machine be forwarded
721 .Oo Ar bind_address : Oc Ar port .
724 By default, the local port is bound in accordance with the
734 indicates that the listening port be bound for local use only, while an
737 indicates that the port should be available from all interfaces.
757 .Xr ssh-keysign 8
765 This option should be placed in the non-hostspecific section.
767 .Xr ssh-keysign 8
785 dynamic, tunnel, local, and remote port forwardings, (e.g.\&
786 if either end is unable to bind and listen on a specified port).
789 does not apply to connections made over port forwardings and will not,
819 .Ic ssh -f host xterm ,
821 .Ic ssh host xterm
835 will wait for all remote port forwards to be successfully established
857 Users with the ability to bypass file permissions on the remote host
858 (for the agent's Unix-domain socket)
875 Users with the ability to bypass file permissions on the remote host
920 binds local port forwardings to the loopback address.
924 should bind local port forwardings to the wildcard address,
933 host key database, separated by whitespace.
948 should hash host names and addresses when they are added to
961 .Xr ssh-keygen 1 .
964 authentication as a comma-separated list of patterns.
970 .Sq -
978 .Bd -literal -offset 3n
979 ssh-ed25519-cert-v01@openssh.com,
980 ecdsa-sha2-nistp256-cert-v01@openssh.com,
981 ecdsa-sha2-nistp384-cert-v01@openssh.com,
982 ecdsa-sha2-nistp521-cert-v01@openssh.com,
983 sk-ssh-ed25519-cert-v01@openssh.com,
984 sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,
985 rsa-sha2-512-cert-v01@openssh.com,
986 rsa-sha2-256-cert-v01@openssh.com,
987 ssh-ed25519,
988 ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
989 sk-ssh-ed25519@openssh.com,
990 sk-ecdsa-sha2-nistp256@openssh.com,
991 rsa-sha2-512,rsa-sha2-256
1009 Specifies the host key signature algorithms
1016 .Sq -
1024 .Bd -literal -offset 3n
1025 ssh-ed25519-cert-v01@openssh.com,
1026 ecdsa-sha2-nistp256-cert-v01@openssh.com,
1027 ecdsa-sha2-nistp384-cert-v01@openssh.com,
1028 ecdsa-sha2-nistp521-cert-v01@openssh.com,
1029 sk-ssh-ed25519-cert-v01@openssh.com,
1030 sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,
1031 rsa-sha2-512-cert-v01@openssh.com,
1032 rsa-sha2-256-cert-v01@openssh.com,
1033 ssh-ed25519,
1034 ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
1035 sk-ecdsa-sha2-nistp256@openssh.com,
1036 sk-ssh-ed25519@openssh.com,
1037 rsa-sha2-512,rsa-sha2-256
1040 If hostkeys are known for the destination host then this default is modified
1044 .Qq ssh -Q HostKeyAlgorithms .
1047 real host name when looking up or saving the host key
1048 in the host key database files and when validating host certificates.
1050 or for multiple servers running on a single host.
1052 Specifies the real host name to log into.
1072 command-line),
1074 .Xr ssh-agent 1
1085 This option is intended for situations where ssh-agent
1089 .Ux Ns -domain
1117 Specifies a file from which the user's ECDSA, authenticator-hosted ECDSA,
1118 Ed25519, authenticator-hosted Ed25519 or RSA authentication identity is read.
1121 .Xr ssh-agent 1
1139 .Pa -cert.pub
1171 Specifies a pattern-list of unknown options to be ignored if they are
1190 section and, for user configurations, shell-like
1203 .Cm Host
1207 Specifies the IPv4 type-of-service or DSCP class for connections.
1240 interactive sessions and the second for non-interactive sessions.
1243 (Low-Latency Data)
1247 for non-interactive sessions.
1249 Specifies whether to use keyboard-interactive authentication.
1258 Specifies the list of methods to use in keyboard-interactive authentication.
1259 Multiple method names must be comma-separated.
1272 Multiple algorithms must be comma-separated.
1279 .Sq -
1288 .Bd -literal -offset indent
1289 sntrup761x25519-sha512,sntrup761x25519-sha512@openssh.com,
1290 mlkem768x25519-sha256,
1291 curve25519-sha256,curve25519-sha256@libssh.org,
1292 ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,
1293 diffie-hellman-group-exchange-sha256,
1294 diffie-hellman-group16-sha512,
1295 diffie-hellman-group18-sha512,
1296 diffie-hellman-group14-sha256
1300 .Qq ssh -Q kex .
1302 Specifies a command to use to obtain a list of host keys, in addition to
1308 It may write host key lines to standard output in identical format to the
1310 .Sx VERIFYING HOST KEYS
1319 the preference list of host key algorithms to use, again to obtain the
1320 host key for the requested host name and, if
1322 is enabled, one more time to obtain the host key matching the server's
1324 If the command exits abnormally or returns a non-zero exit status then the
1347 Specifies that a TCP port on the local machine be forwarded over
1348 the secure channel to the specified host and port from the remote machine.
1351 .Oo Ar bind_address : Oc Ar port
1355 .Ar host : Ns Ar hostport
1356 or a Unix domain socket path if the remote host supports it.
1362 By default, the local port is bound in accordance with the
1372 indicates that the listening port be bound for local use only, while an
1375 indicates that the port should be available from all interfaces.
1394 .Bd -literal -offset indent
1410 Multiple algorithms must be comma-separated.
1416 .Sq -
1425 .Qq -etm
1426 calculate the MAC after encryption (encrypt-then-mac).
1430 .Bd -literal -offset indent
1431 umac-64-etm@openssh.com,umac-128-etm@openssh.com,
1432 hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,
1433 hmac-sha1-etm@openssh.com,
1434 umac-64@openssh.com,umac-128@openssh.com,
1435 hmac-sha2-256,hmac-sha2-512,hmac-sha1
1439 .Qq ssh -Q mac .
1441 Disable host authentication for localhost (loopback addresses).
1454 should try to obscure inter-keystroke timings from passive observers of
1490 Specifies the destinations to which remote TCP port forwarding is permitted when
1495 .Bl -item -offset indent -compact
1499 .Ar host : port
1504 .Ar IPv4_addr : port
1509 .Ar \&[ IPv6_addr \&] : port
1522 can be used for host or port to allow all hosts or ports respectively.
1533 .It Cm Port
1534 Specifies the port number to connect on the remote host.
1539 .Cm keyboard-interactive )
1543 .Bd -literal -offset indent
1544 gssapi-with-mic,hostbased,publickey,
1545 keyboard-interactive,password
1565 .Ic sshd -i
1567 Host key management will be done using the
1569 of the host being connected (defaulting to the name typed by the user).
1582 .Bd -literal -offset 3n
1583 ProxyCommand /usr/bin/nc -X connect -x 192.0.2.0:8080 %h %p
1590 .Ar host
1591 .Op : Ns Ar port
1599 to connect to the target host by first making a
1603 host and then establishing a
1605 Setting the host to
1611 option - whichever is specified first will prevent later instances of the
1614 Note also that the configuration for the destination host (either supplied
1615 via the command-line or the configuration file) is not generally applied
1629 authentication as a comma-separated list of patterns.
1635 .Sq -
1643 .Bd -literal -offset 3n
1644 ssh-ed25519-cert-v01@openssh.com,
1645 ecdsa-sha2-nistp256-cert-v01@openssh.com,
1646 ecdsa-sha2-nistp384-cert-v01@openssh.com,
1647 ecdsa-sha2-nistp521-cert-v01@openssh.com,
1648 sk-ssh-ed25519-cert-v01@openssh.com,
1649 sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,
1650 rsa-sha2-512-cert-v01@openssh.com,
1651 rsa-sha2-256-cert-v01@openssh.com,
1652 ssh-ed25519,
1653 ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
1654 sk-ssh-ed25519@openssh.com,
1655 sk-ecdsa-sha2-nistp256@openssh.com,
1656 rsa-sha2-512,rsa-sha2-256
1660 .Qq ssh -Q PubkeyAcceptedAlgorithms .
1669 .Cm host-bound .
1671 disabling or enabling the OpenSSH host-bound authentication protocol
1673 .Xr ssh-agent 1
1710 Specifies that a TCP port on the remote machine be forwarded over
1712 The remote port may either be forwarded to a specified host and port
1717 .Oo Ar bind_address : Oc Ar port
1719 or, if the remote host supports it, a Unix domain socket path.
1721 .Ar host : Ns Ar hostport
1741 .Ar port
1743 the listen port will be dynamically allocated on the server and reported
1762 Specifies whether to request a pseudo-tty for the session.
1783 Servers that present host keys smaller than this limit will cause the
1790 Specifies revoked host public keys.
1791 Keys listed in this file will be refused for host authentication.
1793 then host authentication will be refused for all hosts.
1796 .Xr ssh-keygen 1 .
1798 .Xr ssh-keygen 1 .
1809 FIDO authenticator-hosted keys, overriding the default of using
1810 the built-in USB HID support.
1825 pseudo-terminal is requested as it is required by the protocol.
1844 .Pa - .
1922 used when creating a Unix-domain socket file for local or remote
1923 port forwarding.
1924 This option is only used for port forwarding to a Unix-domain socket file.
1926 The default value is 0177, which creates a Unix-domain socket file that is
1928 Note that not all operating systems honor the file mode on Unix-domain
1931 Specifies whether to remove an existing Unix-domain socket file for local
1932 or remote port forwarding before creating a new one.
1937 will be unable to forward the port to the Unix-domain socket file.
1938 This option is only used for port forwarding to a Unix-domain socket file.
1949 will never automatically add host keys to the
1951 file, and refuses to connect to hosts whose host key has changed.
1952 This provides maximum protection against man-in-the-middle (MITM) attacks,
1961 .Cm accept-new
1962 then ssh will automatically add new host keys to the user's
1965 changed host keys.
1970 ssh will automatically add new host keys to the user known hosts files
1976 new host keys
1977 will be added to the user known host files only after the user
1979 ssh will refuse to connect to hosts whose host key has changed.
1980 The host keys of
2000 if the network goes down or the remote host dies.
2007 for protocol-level keepalives.
2018 .Cm point-to-point
2028 .Cm point-to-point .
2066 host was already trusted or explicitly accepted by the user, the host was
2071 and the host was authenticated using a plain key and not a certificate.
2104 host key database, separated by whitespace.
2115 to ignore any user-specific known hosts files.
2131 need to confirm new host keys according to the
2138 .Sx VERIFYING HOST KEYS
2144 an ASCII art representation of the remote host key fingerprint is
2146 for unknown host keys.
2151 only the fingerprint string will be printed for unknown host keys.
2162 consists of zero or more non-whitespace characters,
2168 For example, to specify a set of declarations for any host in the
2173 .Dl Host *.co.uk
2176 would match any host in the 192.168.0.[0-9] network range:
2178 .Dl Host 192.168.0.?
2181 .Em pattern-list
2182 is a comma-separated list of patterns.
2183 Patterns within pattern-lists may be negated
2198 against the following pattern-list will fail:
2210 .Bl -tag -width XXXX -offset indent -compact
2219 The fingerprint of the server's host key.
2231 when looking up a host by address (only when
2237 when preparing the host key algorithm preference list to use for the
2238 destination host.
2245 The base64 encoded host key.
2247 The host key alias if specified, otherwise the original remote hostname given
2256 The remote port.
2269 The type of the server host key, e.g.
2270 .Cm ssh-ed25519 .
2339 .Bl -tag -width Ds
2341 This is the per-user configuration file.
2351 This file must be world-readable.
2356 .An -nosplit
2364 removed many bugs, re-added newer features and