Lines Matching +full:timeout +full:- +full:minutes

50 The file contains keyword-argument pairs, one per line.
61 keywords are case-insensitive and arguments are case-sensitive):
62 .Bl -tag -width Ds
77 requests a pseudo-terminal as it is required by the protocol.
102 .Xr ssh-agent 1
127 Specifies whether StreamLocal (Unix-domain socket) forwarding is permitted.
189 This option must be followed by one or more lists of comma-separated
198 .Qq publickey,password publickey,keyboard-interactive
203 keyboard-interactive authentication before public key.
213 .Qq keyboard-interactive:bsdauth
230 .Qq gssapi-with-mic ,
232 .Qq keyboard-interactive ,
234 (used for access to password-less accounts when
385 .Bd -literal -offset indent
386 ssh-ed25519,ecdsa-sha2-nistp256,
387 ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
388 sk-ssh-ed25519@openssh.com,
389 sk-ecdsa-sha2-nistp256@openssh.com,
390 rsa-sha2-512,rsa-sha2-256
398 .Sq -
403 public key or host-based authentication.
417 The timeout value
424 would cause interactive sessions to terminate after five minutes of
426 Specifying a zero value disables the inactivity timeout.
428 The special timeout
431 Traffic on any active channel will reset the timeout, but when the timeout
433 Note that this global timeout is not matched by wildcards and must be
437 .Bl -tag -width Ds
438 .It Cm agent-connection
440 .Xr ssh-agent 1 .
441 .It Cm direct-tcpip , Cm direct-streamlocal@openssh.com
449 .It Cm forwarded-tcpip , Cm forwarded-streamlocal@openssh.com
462 .It Cm tun-connection
466 .It Cm x11-connection
487 checks that all components of the pathname are root-owned directories
516 no additional configuration of the environment is necessary if the in-process
517 sftp-server is used,
521 .Xr sftp-server 8
537 Multiple ciphers must be comma-separated.
543 .Sq -
553 .Bl -item -compact -offset indent
555 3des-cbc
557 aes128-cbc
559 aes192-cbc
561 aes256-cbc
563 aes128-ctr
565 aes192-ctr
567 aes256-ctr
569 aes128-gcm@openssh.com
571 aes256-gcm@openssh.com
573 chacha20-poly1305@openssh.com
577 .Bd -literal -offset indent
578 chacha20-poly1305@openssh.com,
579 aes128-ctr,aes192-ctr,aes256-ctr,
580 aes128-gcm@openssh.com,aes256-gcm@openssh.com
584 .Qq ssh -Q cipher .
613 Sets a timeout interval in seconds after which if no data has been received
672 .Xr ssh-agent 1 ,
674 This option overrides all other forwarding-related options and may
698 The command is invoked by using the user's login shell with the -c option.
707 .Cm internal-sftp
708 will force the use of an in-process SFTP server that requires no support
722 should allow remote port forwardings to bind to non-loopback addresses, thus
758 authentication as a list of comma-separated patterns.
764 .Sq -
772 .Bd -literal -offset 3n
773 ssh-ed25519-cert-v01@openssh.com,
774 ecdsa-sha2-nistp256-cert-v01@openssh.com,
775 ecdsa-sha2-nistp384-cert-v01@openssh.com,
776 ecdsa-sha2-nistp521-cert-v01@openssh.com,
777 sk-ssh-ed25519-cert-v01@openssh.com,
778 sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,
779 rsa-sha2-512-cert-v01@openssh.com,
780 rsa-sha2-256-cert-v01@openssh.com,
781 ssh-ed25519,
782 ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
783 sk-ssh-ed25519@openssh.com,
784 sk-ecdsa-sha2-nistp256@openssh.com,
785 rsa-sha2-512,rsa-sha2-256
789 .Qq ssh -Q HostbasedAcceptedAlgorithms .
794 (host-based authentication).
833 will refuse to use a file if it is group/world-accessible
843 .Xr ssh-agent 1 .
845 Identifies the UNIX-domain socket used to communicate
856 .Bd -literal -offset 3n
857 ssh-ed25519-cert-v01@openssh.com,
858 ecdsa-sha2-nistp256-cert-v01@openssh.com,
859 ecdsa-sha2-nistp384-cert-v01@openssh.com,
860 ecdsa-sha2-nistp521-cert-v01@openssh.com,
861 sk-ssh-ed25519-cert-v01@openssh.com,
862 sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,
863 rsa-sha2-512-cert-v01@openssh.com,
864 rsa-sha2-256-cert-v01@openssh.com,
865 ssh-ed25519,
866 ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
867 sk-ssh-ed25519@openssh.com,
868 sk-ecdsa-sha2-nistp256@openssh.com,
869 rsa-sha2-512,rsa-sha2-256
873 .Qq ssh -Q HostKeyAlgorithms .
875 Specifies whether to ignore per-user
881 The system-wide
889 (the default) to ignore all per-user files,
890 .Cm shosts-only
908 and use only the system-wide known hosts file
926 Specifies the IPv4 type-of-service or DSCP class for the connection.
959 interactive sessions and the second for non-interactive sessions.
962 (Low-Latency Data)
966 for non-interactive sessions.
968 Specifies whether to allow keyboard-interactive authentication.
1007 Multiple algorithms must be comma-separated.
1013 .Sq -
1022 .Bl -item -compact -offset indent
1024 curve25519-sha256
1026 curve25519-sha256@libssh.org
1028 diffie-hellman-group1-sha1
1030 diffie-hellman-group14-sha1
1032 diffie-hellman-group14-sha256
1034 diffie-hellman-group16-sha512
1036 diffie-hellman-group18-sha512
1038 diffie-hellman-group-exchange-sha1
1040 diffie-hellman-group-exchange-sha256
1042 ecdh-sha2-nistp256
1044 ecdh-sha2-nistp384
1046 ecdh-sha2-nistp521
1048 sntrup761x25519-sha512@openssh.com
1052 .Bd -literal -offset indent
1053 sntrup761x25519-sha512@openssh.com,
1054 curve25519-sha256,curve25519-sha256@libssh.org,
1055 ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,
1056 diffie-hellman-group-exchange-sha256,
1057 diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,
1058 diffie-hellman-group14-sha256
1062 .Qq ssh -Q KexAlgorithms .
1069 .Bl -item -offset indent -compact
1134 .Bd -literal -offset indent
1149 Multiple algorithms must be comma-separated.
1155 .Sq -
1164 .Qq -etm
1165 calculate the MAC after encryption (encrypt-then-mac).
1169 .Bl -item -compact -offset indent
1171 hmac-md5
1173 hmac-md5-96
1175 hmac-sha1
1177 hmac-sha1-96
1179 hmac-sha2-256
1181 hmac-sha2-512
1183 umac-64@openssh.com
1185 umac-128@openssh.com
1187 hmac-md5-etm@openssh.com
1189 hmac-md5-96-etm@openssh.com
1191 hmac-sha1-etm@openssh.com
1193 hmac-sha1-96-etm@openssh.com
1195 hmac-sha2-256-etm@openssh.com
1197 hmac-sha2-512-etm@openssh.com
1199 umac-64-etm@openssh.com
1201 umac-128-etm@openssh.com
1205 .Bd -literal -offset indent
1206 umac-64-etm@openssh.com,umac-128-etm@openssh.com,
1207 hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,
1208 hmac-sha1-etm@openssh.com,
1209 umac-64@openssh.com,umac-128@openssh.com,
1210 hmac-sha2-256,hmac-sha2-512,hmac-sha1
1214 .Qq ssh -Q mac .
1230 are one or more criteria-pattern pairs or the single token
1248 The match patterns may consist of single entries or comma-separated
1259 Note that the mask length provided must be consistent with the address -
1364 file that contains the Diffie-Hellman groups used for the
1365 .Dq diffie-hellman-group-exchange-sha1
1367 .Dq diffie-hellman-group-exchange-sha256
1388 .Bl -item -offset indent -compact
1430 .Bl -item -offset indent -compact
1466 .Cm prohibit-password ,
1467 .Cm forced-commands-only ,
1481 .Cm prohibit-password
1483 .Cm without-password ) ,
1484 password and keyboard-interactive authentication are disabled for root.
1487 .Cm forced-commands-only ,
1511 .Cm point-to-point
1519 .Cm point-to-point
1540 or a pattern-list specifying which environment variable names to accept
1606 authentication as a list of comma-separated patterns.
1612 .Sq -
1620 .Bd -literal -offset 3n
1621 ssh-ed25519-cert-v01@openssh.com,
1622 ecdsa-sha2-nistp256-cert-v01@openssh.com,
1623 ecdsa-sha2-nistp384-cert-v01@openssh.com,
1624 ecdsa-sha2-nistp521-cert-v01@openssh.com,
1625 sk-ssh-ed25519-cert-v01@openssh.com,
1626 sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,
1627 rsa-sha2-512-cert-v01@openssh.com,
1628 rsa-sha2-256-cert-v01@openssh.com,
1629 ssh-ed25519,
1630 ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
1631 sk-ssh-ed25519@openssh.com,
1632 sk-ecdsa-sha2-nistp256@openssh.com,
1633 rsa-sha2-512,rsa-sha2-256
1637 .Qq ssh -Q PubkeyAcceptedAlgorithms .
1643 .Cm touch-required
1645 .Cm verify-required .
1648 .Cm touch-required
1651 .Cm ecdsa-sk
1653 .Cm ed25519-sk )
1660 .Cm touch-required
1664 .Cm verify-required
1669 .Cm touch-required
1671 .Cm verify-required
1672 options have any effect for other, non-FIDO, public key types.
1706 User and host-based authentication keys smaller than this limit will be
1721 .Xr ssh-keygen 1 .
1723 .Xr ssh-keygen 1 .
1735 FIDO authenticator-hosted keys, overriding the default of using
1736 the built-in USB HID support.
1755 used when creating a Unix-domain socket file for local or remote
1757 This option is only used for port forwarding to a Unix-domain socket file.
1759 The default value is 0177, which creates a Unix-domain socket file that is
1761 Note that not all operating systems honor the file mode on Unix-domain
1764 Specifies whether to remove an existing Unix-domain socket file for local
1770 will be unable to forward the port to the Unix-domain socket file.
1771 This option is only used for port forwarding to a Unix-domain socket file.
1785 directory or files world-writable.
1797 .Cm sftp-server
1801 .Cm internal-sftp
1802 implements an in-process SFTP server.
1807 .Cm sftp-server
1808 and even though it is in-process, settings such as
1858 .Xr ssh-keygen 1 .
1868 flag, are not considered as open channels and do not prevent the timeout.
1869 The timeout value
1874 Note that this timeout starts when the client connection completes
1877 Caution should be used when using short timeout values, as they may not
1930 Because PAM keyboard-interactive authentication usually serves an equivalent
1940 as a non-root user.
1947 .Qq FreeBSD-20240806 .
2024 command-line arguments and configuration file options that specify time
2035 .Bl -tag -width Ds -compact -offset indent
2041 minutes
2055 .Bl -tag -width Ds -compact -offset indent
2057 600 seconds (10 minutes)
2059 10 minutes
2061 1 hour 30 minutes (90 minutes)
2067 .Bl -tag -width XXXX -offset indent -compact
2073 four space-separated values: client address, client port number,
2086 The base64-encoded CA key.
2088 The base64-encoded key or certificate for authentication.
2119 .Bl -tag -width Ds
2124 (though not necessary) that it be world-readable.
2127 .Xr sftp-server 8 ,
2130 .An -nosplit
2138 removed many bugs, re-added newer features and