Lines Matching +full:umac +full:- +full:reset

48 .Bl -enum -offset indent -compact
50 command-line options
55 system-wide configuration file
71 host-specific declarations should be given near the beginning of the
74 The file contains keyword-argument pairs, one per line.
95 keywords are case-insensitive and arguments are case-sensitive):
96 .Bl -tag -width Ds
171 keyword matches only when the configuration file is being re-parsed
180 keyword requests that the configuration be re-parsed (regardless of whether
210 and so caution should be applied if using it to control security-sensitive
213 The other keywords' criteria must be single entries or comma-separated
228 keyword matches against the hostname as it was specified on the command-line.
236 command-line using the
262 (this keyword may be useful in system-wide
278 for transport-only sessions, such as when
285 .Xr ssh-agent 1 .
290 .Xr ssh-add 1 .
297 .Xr ssh-add 1
304 .Xr ssh-add 1 .
314 .Xr ssh-agent 1 ,
421 is a pattern-list of domains that may follow CNAMEs in canonicalization,
424 is a pattern-list of domains that they may resolve to.
444 .Bd -literal -offset indent
445 ssh-ed25519,ecdsa-sha2-nistp256,
446 ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
447 sk-ssh-ed25519@openssh.com,
448 sk-ecdsa-sha2-nistp256@openssh.com,
449 rsa-sha2-512,rsa-sha2-256
457 .Sq -
475 .Xr ssh-agent 1 ,
523 Traffic on any active channel will reset the timeout, but when the timeout
529 .Bl -tag -width Ds
530 .It Cm agent-connection
532 .Xr ssh-agent 1 .
533 .It Cm direct-tcpip , Cm direct-streamlocal@openssh.com
541 .It Cm forwarded-tcpip , Cm forwarded-streamlocal@openssh.com
554 .It Cm tun-connection
558 .It Cm x11-connection
591 Multiple ciphers must be comma-separated.
597 .Sq -
606 .Bd -literal -offset indent
607 3des-cbc
608 aes128-cbc
609 aes192-cbc
610 aes256-cbc
611 aes128-ctr
612 aes192-ctr
613 aes256-ctr
614 aes128-gcm@openssh.com
615 aes256-gcm@openssh.com
616 chacha20-poly1305@openssh.com
620 .Bd -literal -offset indent
621 chacha20-poly1305@openssh.com,
622 aes128-gcm@openssh.com,aes256-gcm@openssh.com,
623 aes128-ctr,aes192-ctr,aes256-ctr
627 .Qq ssh -Q cipher .
685 .Xr ssh-askpass 1 .
693 .Xr ssh-agent 1
745 .Qq ssh -O exit ) .
795 .Xr ssh-keysign 8
803 This option should be placed in the non-hostspecific section.
805 .Xr ssh-keysign 8
857 .Ic ssh -f host xterm ,
896 (for the agent's Unix-domain socket)
999 .Xr ssh-keygen 1 .
1002 authentication as a comma-separated list of patterns.
1008 .Sq -
1016 .Bd -literal -offset 3n
1017 ssh-ed25519-cert-v01@openssh.com,
1018 ecdsa-sha2-nistp256-cert-v01@openssh.com,
1019 ecdsa-sha2-nistp384-cert-v01@openssh.com,
1020 ecdsa-sha2-nistp521-cert-v01@openssh.com,
1021 sk-ssh-ed25519-cert-v01@openssh.com,
1022 sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,
1023 rsa-sha2-512-cert-v01@openssh.com,
1024 rsa-sha2-256-cert-v01@openssh.com,
1025 ssh-ed25519,
1026 ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
1027 sk-ssh-ed25519@openssh.com,
1028 sk-ecdsa-sha2-nistp256@openssh.com,
1029 rsa-sha2-512,rsa-sha2-256
1054 .Sq -
1062 .Bd -literal -offset 3n
1063 ssh-ed25519-cert-v01@openssh.com,
1064 ecdsa-sha2-nistp256-cert-v01@openssh.com,
1065 ecdsa-sha2-nistp384-cert-v01@openssh.com,
1066 ecdsa-sha2-nistp521-cert-v01@openssh.com,
1067 sk-ssh-ed25519-cert-v01@openssh.com,
1068 sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,
1069 rsa-sha2-512-cert-v01@openssh.com,
1070 rsa-sha2-256-cert-v01@openssh.com,
1071 ssh-ed25519,
1072 ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
1073 sk-ecdsa-sha2-nistp256@openssh.com,
1074 sk-ssh-ed25519@openssh.com,
1075 rsa-sha2-512,rsa-sha2-256
1082 .Qq ssh -Q HostKeyAlgorithms .
1110 command-line),
1112 .Xr ssh-agent 1
1123 This option is intended for situations where ssh-agent
1127 .Ux Ns -domain
1155 Specifies a file from which the user's ECDSA, authenticator-hosted ECDSA,
1156 Ed25519, authenticator-hosted Ed25519 or RSA authentication identity is read.
1159 .Xr ssh-agent 1
1177 .Pa -cert.pub
1209 Specifies a pattern-list of unknown options to be ignored if they are
1228 section and, for user configurations, shell-like
1245 Specifies the IPv4 type-of-service or DSCP class for connections.
1278 interactive sessions and the second for non-interactive sessions.
1281 (Low-Latency Data)
1285 for non-interactive sessions.
1287 Specifies whether to use keyboard-interactive authentication.
1296 Specifies the list of methods to use in keyboard-interactive authentication.
1297 Multiple method names must be comma-separated.
1310 Multiple algorithms must be comma-separated.
1317 .Sq -
1326 .Bd -literal -offset indent
1327 mlkem768x25519-sha256,
1328 sntrup761x25519-sha512,sntrup761x25519-sha512@openssh.com,
1329 curve25519-sha256,curve25519-sha256@libssh.org,
1330 ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,
1331 diffie-hellman-group-exchange-sha256,
1332 diffie-hellman-group16-sha512,
1333 diffie-hellman-group18-sha512,
1334 diffie-hellman-group14-sha256
1338 .Qq ssh -Q kex .
1362 If the command exits abnormally or returns a non-zero exit status then the
1385 Specifies that a TCP port or Unix-domain socket on the local machine
1387 the secure channel to the specified host and port (or Unix-domain socket)
1401 interpreted as a Unix-domain socket (on the corresponding host) rather
1439 .Bd -literal -offset indent
1455 Multiple algorithms must be comma-separated.
1461 .Sq -
1470 .Qq -etm
1471 calculate the MAC after encryption (encrypt-then-mac).
1475 .Bd -literal -offset indent
1476 umac-64-etm@openssh.com,umac-128-etm@openssh.com,
1477 hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,
1478 hmac-sha1-etm@openssh.com,
1479 umac-64@openssh.com,umac-128@openssh.com,
1480 hmac-sha2-256,hmac-sha2-512,hmac-sha1
1484 .Qq ssh -Q mac .
1499 should try to obscure inter-keystroke timings from passive observers of
1540 .Bl -item -offset indent -compact
1584 .Cm keyboard-interactive )
1588 .Bd -literal -offset indent
1589 gssapi-with-mic,hostbased,publickey,
1590 keyboard-interactive,password
1610 .Ic sshd -i
1627 .Bd -literal -offset 3n
1628 ProxyCommand /usr/bin/nc -X connect -x 192.0.2.0:8080 %h %p
1654 option - whichever is specified first will prevent later instances of the
1658 via the command-line or the configuration file) is not generally applied
1672 authentication as a comma-separated list of patterns.
1678 .Sq -
1686 .Bd -literal -offset 3n
1687 ssh-ed25519-cert-v01@openssh.com,
1688 ecdsa-sha2-nistp256-cert-v01@openssh.com,
1689 ecdsa-sha2-nistp384-cert-v01@openssh.com,
1690 ecdsa-sha2-nistp521-cert-v01@openssh.com,
1691 sk-ssh-ed25519-cert-v01@openssh.com,
1692 sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,
1693 rsa-sha2-512-cert-v01@openssh.com,
1694 rsa-sha2-256-cert-v01@openssh.com,
1695 ssh-ed25519,
1696 ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
1697 sk-ssh-ed25519@openssh.com,
1698 sk-ecdsa-sha2-nistp256@openssh.com,
1699 rsa-sha2-512,rsa-sha2-256
1703 .Qq ssh -Q PubkeyAcceptedAlgorithms .
1712 .Cm host-bound .
1714 disabling or enabling the OpenSSH host-bound authentication protocol
1716 .Xr ssh-agent 1
1753 Specifies that a TCP port or Unix-domain socket on the remote machine
1756 or Unix-domain socket
1776 interpreted as a Unix-domain socket (on the corresponding host) rather
1811 Specifies whether to request a pseudo-tty for the session.
1845 .Xr ssh-keygen 1 .
1847 .Xr ssh-keygen 1 .
1858 FIDO authenticator-hosted keys, overriding the default of using
1859 the built-in USB HID support.
1874 pseudo-terminal is requested as it is required by the protocol.
1893 .Pa - .
1980 used when creating a Unix-domain socket file for local or remote
1982 This option is only used for port forwarding to a Unix-domain socket file.
1984 The default value is 0177, which creates a Unix-domain socket file that is
1986 Note that not all operating systems honor the file mode on Unix-domain
1989 Specifies whether to remove an existing Unix-domain socket file for local
1995 will be unable to forward the port to the Unix-domain socket file.
1996 This option is only used for port forwarding to a Unix-domain socket file.
2010 This provides maximum protection against man-in-the-middle (MITM) attacks,
2019 .Cm accept-new
2065 for protocol-level keepalives.
2076 .Cm point-to-point
2086 .Cm point-to-point .
2182 to ignore any user-specific known hosts files.
2234 consists of zero or more non-whitespace characters,
2248 would match any host in the 192.168.0.[0-9] network range:
2253 .Em pattern-list
2254 is a comma-separated list of patterns.
2255 Patterns within pattern-lists may be negated
2270 against the following pattern-list will fail:
2282 .Bl -tag -width XXXX -offset indent -compact
2342 .Cm ssh-ed25519 .
2412 .Bl -tag -width Ds
2414 This is the per-user configuration file.
2424 This file must be world-readable.
2429 .An -nosplit
2437 removed many bugs, re-added newer features and