Lines Matching +full:com +full:- +full:offset

50 The file contains keyword-argument pairs, one per line.
61 keywords are case-insensitive and arguments are case-sensitive):
62 .Bl -tag -width Ds
77 requests a pseudo-terminal as it is required by the protocol.
102 .Xr ssh-agent 1
127 Specifies whether StreamLocal (Unix-domain socket) forwarding is permitted.
189 This option must be followed by one or more lists of comma-separated
198 .Qq publickey,password publickey,keyboard-interactive
203 keyboard-interactive authentication before public key.
213 .Qq keyboard-interactive:bsdauth
230 .Qq gssapi-with-mic ,
232 .Qq keyboard-interactive ,
234 (used for access to password-less accounts when
385 .Bd -literal -offset indent
386 ssh-ed25519,ecdsa-sha2-nistp256,
387 ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
388 sk-ssh-ed25519@openssh.com,
389 sk-ecdsa-sha2-nistp256@openssh.com,
390 rsa-sha2-512,rsa-sha2-256
398 .Sq -
403 public key or host-based authentication.
437 .Bl -tag -width Ds
438 .It Cm agent-connection
440 .Xr ssh-agent 1 .
441 .It Cm direct-tcpip , Cm direct-streamlocal@openssh.com
449 .It Cm forwarded-tcpip , Cm forwarded-streamlocal@openssh.com
462 .It Cm tun-connection
466 .It Cm x11-connection
487 checks that all components of the pathname are root-owned directories
516 no additional configuration of the environment is necessary if the in-process
517 sftp-server is used,
521 .Xr sftp-server 8
537 Multiple ciphers must be comma-separated.
543 .Sq -
553 .Bl -item -compact -offset indent
555 3des-cbc
557 aes128-cbc
559 aes192-cbc
561 aes256-cbc
563 aes128-ctr
565 aes192-ctr
567 aes256-ctr
569 aes128-gcm@openssh.com
571 aes256-gcm@openssh.com
573 chacha20-poly1305@openssh.com
577 .Bd -literal -offset indent
578 chacha20-poly1305@openssh.com,
579 aes128-ctr,aes192-ctr,aes256-ctr,
580 aes128-gcm@openssh.com,aes256-gcm@openssh.com
584 .Qq ssh -Q cipher .
672 .Xr ssh-agent 1 ,
674 This option overrides all other forwarding-related options and may
698 The command is invoked by using the user's login shell with the -c option.
707 .Cm internal-sftp
708 will force the use of an in-process SFTP server that requires no support
722 should allow remote port forwardings to bind to non-loopback addresses, thus
758 authentication as a list of comma-separated patterns.
764 .Sq -
772 .Bd -literal -offset 3n
773 ssh-ed25519-cert-v01@openssh.com,
774 ecdsa-sha2-nistp256-cert-v01@openssh.com,
775 ecdsa-sha2-nistp384-cert-v01@openssh.com,
776 ecdsa-sha2-nistp521-cert-v01@openssh.com,
777 sk-ssh-ed25519-cert-v01@openssh.com,
778 sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,
779 rsa-sha2-512-cert-v01@openssh.com,
780 rsa-sha2-256-cert-v01@openssh.com,
781 ssh-ed25519,
782 ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
783 sk-ssh-ed25519@openssh.com,
784 sk-ecdsa-sha2-nistp256@openssh.com,
785 rsa-sha2-512,rsa-sha2-256
789 .Qq ssh -Q HostbasedAcceptedAlgorithms .
794 (host-based authentication).
833 will refuse to use a file if it is group/world-accessible
843 .Xr ssh-agent 1 .
845 Identifies the UNIX-domain socket used to communicate
856 .Bd -literal -offset 3n
857 ssh-ed25519-cert-v01@openssh.com,
858 ecdsa-sha2-nistp256-cert-v01@openssh.com,
859 ecdsa-sha2-nistp384-cert-v01@openssh.com,
860 ecdsa-sha2-nistp521-cert-v01@openssh.com,
861 sk-ssh-ed25519-cert-v01@openssh.com,
862 sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,
863 rsa-sha2-512-cert-v01@openssh.com,
864 rsa-sha2-256-cert-v01@openssh.com,
865 ssh-ed25519,
866 ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
867 sk-ssh-ed25519@openssh.com,
868 sk-ecdsa-sha2-nistp256@openssh.com,
869 rsa-sha2-512,rsa-sha2-256
873 .Qq ssh -Q HostKeyAlgorithms .
875 Specifies whether to ignore per-user
881 The system-wide
889 (the default) to ignore all per-user files,
890 .Cm shosts-only
908 and use only the system-wide known hosts file
926 Specifies the IPv4 type-of-service or DSCP class for the connection.
959 interactive sessions and the second for non-interactive sessions.
962 (Low-Latency Data)
966 for non-interactive sessions.
968 Specifies whether to allow keyboard-interactive authentication.
1010 Multiple algorithms must be comma-separated.
1017 .Sq -
1027 .Bl -item -compact -offset indent
1029 curve25519-sha256
1031 curve25519-sha256@libssh.org
1033 diffie-hellman-group1-sha1
1035 diffie-hellman-group14-sha1
1037 diffie-hellman-group14-sha256
1039 diffie-hellman-group16-sha512
1041 diffie-hellman-group18-sha512
1043 diffie-hellman-group-exchange-sha1
1045 diffie-hellman-group-exchange-sha256
1047 ecdh-sha2-nistp256
1049 ecdh-sha2-nistp384
1051 ecdh-sha2-nistp521
1053 mlkem768x25519-sha256
1055 sntrup761x25519-sha512
1057 sntrup761x25519-sha512@openssh.com
1061 .Bd -literal -offset indent
1062 sntrup761x25519-sha512,sntrup761x25519-sha512@openssh.com,
1063 mlkem768x25519-sha256,
1064 curve25519-sha256,curve25519-sha256@libssh.org,
1065 ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,
1066 diffie-hellman-group-exchange-sha256,
1067 diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,
1068 diffie-hellman-group14-sha256
1072 .Qq ssh -Q KexAlgorithms .
1079 .Bl -item -offset indent -compact
1144 .Bd -literal -offset indent
1159 Multiple algorithms must be comma-separated.
1165 .Sq -
1174 .Qq -etm
1175 calculate the MAC after encryption (encrypt-then-mac).
1179 .Bl -item -compact -offset indent
1181 hmac-md5
1183 hmac-md5-96
1185 hmac-sha1
1187 hmac-sha1-96
1189 hmac-sha2-256
1191 hmac-sha2-512
1193 umac-64@openssh.com
1195 umac-128@openssh.com
1197 hmac-md5-etm@openssh.com
1199 hmac-md5-96-etm@openssh.com
1201 hmac-sha1-etm@openssh.com
1203 hmac-sha1-96-etm@openssh.com
1205 hmac-sha2-256-etm@openssh.com
1207 hmac-sha2-512-etm@openssh.com
1209 umac-64-etm@openssh.com
1211 umac-128-etm@openssh.com
1215 .Bd -literal -offset indent
1216 umac-64-etm@openssh.com,umac-128-etm@openssh.com,
1217 hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,
1218 hmac-sha1-etm@openssh.com,
1219 umac-64@openssh.com,umac-128@openssh.com,
1220 hmac-sha2-256,hmac-sha2-512,hmac-sha1
1224 .Qq ssh -Q mac .
1240 are one or more criteria-pattern pairs or one of the single token criteria:
1243 .Cm Invalid-User ,
1244 which matches when the requested user-name does not match any known account.
1260 The match patterns may consist of single entries or comma-separated
1271 Note that the mask length provided must be consistent with the address -
1378 file that contains the Diffie-Hellman groups used for the
1379 .Dq diffie-hellman-group-exchange-sha1
1381 .Dq diffie-hellman-group-exchange-sha256
1409 .Bl -item -offset indent -compact
1451 .Bl -item -offset indent -compact
1487 .Cm prohibit-password ,
1488 .Cm forced-commands-only ,
1502 .Cm prohibit-password
1504 .Cm without-password ) ,
1505 password and keyboard-interactive authentication are disabled for root.
1508 .Cm forced-commands-only ,
1532 .Cm point-to-point
1540 .Cm point-to-point
1561 or a pattern-list specifying which environment variable names to accept
1614 .Bl -tag -width Ds
1631 .Xr ssh-keyscan 1 .
1632 .It Cm grace-exceeded:duration
1643 .It Cm max-sources4:number , max-sources6:number
1648 .Cm max-sources4
1650 .Cm max-sources6
1653 .Cm deny-all ,
1670 Specifies a comma-separated list of addresses to exempt from penalties.
1672 Note that the mask length provided must be consistent with the address -
1712 authentication as a list of comma-separated patterns.
1718 .Sq -
1726 .Bd -literal -offset 3n
1727 ssh-ed25519-cert-v01@openssh.com,
1728 ecdsa-sha2-nistp256-cert-v01@openssh.com,
1729 ecdsa-sha2-nistp384-cert-v01@openssh.com,
1730 ecdsa-sha2-nistp521-cert-v01@openssh.com,
1731 sk-ssh-ed25519-cert-v01@openssh.com,
1732 sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,
1733 rsa-sha2-512-cert-v01@openssh.com,
1734 rsa-sha2-256-cert-v01@openssh.com,
1735 ssh-ed25519,
1736 ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
1737 sk-ssh-ed25519@openssh.com,
1738 sk-ecdsa-sha2-nistp256@openssh.com,
1739 rsa-sha2-512,rsa-sha2-256
1743 .Qq ssh -Q PubkeyAcceptedAlgorithms .
1749 .Cm touch-required
1751 .Cm verify-required .
1754 .Cm touch-required
1757 .Cm ecdsa-sk
1759 .Cm ed25519-sk )
1766 .Cm touch-required
1770 .Cm verify-required
1775 .Cm touch-required
1777 .Cm verify-required
1778 options have any effect for other, non-FIDO, public key types.
1824 User and host-based authentication keys smaller than this limit will be
1839 .Xr ssh-keygen 1 .
1841 .Xr ssh-keygen 1 .
1853 FIDO authenticator-hosted keys, overriding the default of using
1854 the built-in USB HID support.
1872 .Cm sshd-session
1875 .Pa /usr/libexec/sshd-session .
1880 used when creating a Unix-domain socket file for local or remote
1882 This option is only used for port forwarding to a Unix-domain socket file.
1884 The default value is 0177, which creates a Unix-domain socket file that is
1886 Note that not all operating systems honor the file mode on Unix-domain
1889 Specifies whether to remove an existing Unix-domain socket file for local
1895 will be unable to forward the port to the Unix-domain socket file.
1896 This option is only used for port forwarding to a Unix-domain socket file.
1910 directory or files world-writable.
1922 .Cm sftp-server
1926 .Cm internal-sftp
1927 implements an in-process SFTP server.
1932 .Cm sftp-server
1933 and even though it is in-process, settings such as
1983 .Xr ssh-keygen 1 .
2055 Because PAM keyboard-interactive authentication usually serves an equivalent
2065 as a non-root user.
2072 .Qq FreeBSD-20250219 .
2149 command-line arguments and configuration file options that specify time
2160 .Bl -tag -width Ds -compact -offset indent
2180 .Bl -tag -width Ds -compact -offset indent
2192 .Bl -tag -width XXXX -offset indent -compact
2198 four space-separated values: client address, client port number,
2211 The base64-encoded CA key.
2213 The base64-encoded key or certificate for authentication.
2244 .Bl -tag -width Ds
2249 (though not necessary) that it be world-readable.
2252 .Xr sftp-server 8 ,
2255 .An -nosplit
2263 removed many bugs, re-added newer features and