Lines Matching +full:touch +full:- +full:key +full:- +full:connected

50 The file contains keyword-argument pairs, one per line.
61 keywords are case-insensitive and arguments are case-sensitive):
62 .Bl -tag -width Ds
77 requests a pseudo-terminal as it is required by the protocol.
102 .Xr ssh-agent 1
127 Specifies whether StreamLocal (Unix-domain socket) forwarding is permitted.
189 This option must be followed by one or more lists of comma-separated
198 .Qq publickey,password publickey,keyboard-interactive
199 would require the user to complete public key authentication, followed by
203 keyboard-interactive authentication before public key.
213 .Qq keyboard-interactive:bsdauth
230 .Qq gssapi-with-mic ,
232 .Qq keyboard-interactive ,
234 (used for access to password-less accounts when
259 files and will not be executed if a matching key is found there.
337 When using certificates signed by a key listed in
341 Names are listed one per line preceded by key options (as described in
385 .Bd -literal -offset indent
386 ssh-ed25519,ecdsa-sha2-nistp256,
387 ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
388 sk-ssh-ed25519@openssh.com,
389 sk-ecdsa-sha2-nistp256@openssh.com,
390 rsa-sha2-512,rsa-sha2-256
398 .Sq -
403 public key or host-based authentication.
437 .Bl -tag -width Ds
438 .It Cm agent-connection
440 .Xr ssh-agent 1 .
441 .It Cm direct-tcpip , Cm direct-streamlocal@openssh.com
449 .It Cm forwarded-tcpip , Cm forwarded-streamlocal@openssh.com
462 .It Cm tun-connection
466 .It Cm x11-connection
487 checks that all components of the pathname are root-owned directories
516 no additional configuration of the environment is necessary if the in-process
517 sftp-server is used,
521 .Xr sftp-server 8
537 Multiple ciphers must be comma-separated.
543 .Sq -
553 .Bl -item -compact -offset indent
555 3des-cbc
557 aes128-cbc
559 aes192-cbc
561 aes256-cbc
563 aes128-ctr
565 aes192-ctr
567 aes256-ctr
569 aes128-gcm@openssh.com
571 aes256-gcm@openssh.com
573 chacha20-poly1305@openssh.com
577 .Bd -literal -offset indent
578 chacha20-poly1305@openssh.com,
579 aes128-gcm@openssh.com,aes256-gcm@openssh.com,
580 aes128-ctr,aes192-ctr,aes256-ctr
584 .Qq ssh -Q cipher .
672 .Xr ssh-agent 1 ,
674 This option overrides all other forwarding-related options and may
685 Specifies the hash algorithm used when logging key fingerprints.
698 The command is invoked by using the user's login shell with the -c option.
707 .Cm internal-sftp
708 will force the use of an in-process SFTP server that requires no support
722 should allow remote port forwardings to bind to non-loopback addresses, thus
751 then the client may authenticate against any service key stored in the
758 authentication as a list of comma-separated patterns.
764 .Sq -
772 .Bd -literal -offset 3n
773 ssh-ed25519-cert-v01@openssh.com,
774 ecdsa-sha2-nistp256-cert-v01@openssh.com,
775 ecdsa-sha2-nistp384-cert-v01@openssh.com,
776 ecdsa-sha2-nistp521-cert-v01@openssh.com,
777 sk-ssh-ed25519-cert-v01@openssh.com,
778 sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,
779 rsa-sha2-512-cert-v01@openssh.com,
780 rsa-sha2-256-cert-v01@openssh.com,
781 ssh-ed25519,
782 ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
783 sk-ssh-ed25519@openssh.com,
784 sk-ecdsa-sha2-nistp256@openssh.com,
785 rsa-sha2-512,rsa-sha2-256
789 .Qq ssh -Q HostbasedAcceptedAlgorithms .
793 with successful public key client host authentication is allowed
794 (host-based authentication).
816 The certificate's public key must match a private host key already specified
823 Specifies a file containing a private host key
833 will refuse to use a file if it is group/world-accessible
839 It is possible to have multiple host key files.
840 It is also possible to specify public host key files instead.
841 In this case operations on the private key will be delegated
843 .Xr ssh-agent 1 .
845 Identifies the UNIX-domain socket used to communicate
853 Specifies the host key signature algorithms
856 .Bd -literal -offset 3n
857 ssh-ed25519-cert-v01@openssh.com,
858 ecdsa-sha2-nistp256-cert-v01@openssh.com,
859 ecdsa-sha2-nistp384-cert-v01@openssh.com,
860 ecdsa-sha2-nistp521-cert-v01@openssh.com,
861 sk-ssh-ed25519-cert-v01@openssh.com,
862 sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,
863 rsa-sha2-512-cert-v01@openssh.com,
864 rsa-sha2-256-cert-v01@openssh.com,
865 ssh-ed25519,
866 ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
867 sk-ssh-ed25519@openssh.com,
868 sk-ecdsa-sha2-nistp256@openssh.com,
869 rsa-sha2-512,rsa-sha2-256
873 .Qq ssh -Q HostKeyAlgorithms .
875 Specifies whether to ignore per-user
881 The system-wide
889 (the default) to ignore all per-user files,
890 .Cm shosts-only
908 and use only the system-wide known hosts file
926 Specifies the IPv4 type-of-service or DSCP class for the connection.
959 interactive sessions and the second for non-interactive sessions.
962 (Low-Latency Data)
966 for non-interactive sessions.
968 Specifies whether to allow keyboard-interactive authentication.
1006 Specifies the permitted KEX (Key Exchange) algorithms that the server will
1010 Multiple algorithms must be comma-separated.
1017 .Sq -
1027 .Bl -item -compact -offset indent
1029 curve25519-sha256
1031 curve25519-sha256@libssh.org
1033 diffie-hellman-group1-sha1
1035 diffie-hellman-group14-sha1
1037 diffie-hellman-group14-sha256
1039 diffie-hellman-group16-sha512
1041 diffie-hellman-group18-sha512
1043 diffie-hellman-group-exchange-sha1
1045 diffie-hellman-group-exchange-sha256
1047 ecdh-sha2-nistp256
1049 ecdh-sha2-nistp384
1051 ecdh-sha2-nistp521
1053 mlkem768x25519-sha256
1055 sntrup761x25519-sha512
1057 sntrup761x25519-sha512@openssh.com
1061 .Bd -literal -offset indent
1062 mlkem768x25519-sha256,
1063 sntrup761x25519-sha512,sntrup761x25519-sha512@openssh.com,
1064 curve25519-sha256,curve25519-sha256@libssh.org,
1065 ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521
1068 The list of supported key exchange algorithms may also be obtained using
1069 .Qq ssh -Q KexAlgorithms .
1076 .Bl -item -offset indent -compact
1141 .Bd -literal -offset indent
1156 Multiple algorithms must be comma-separated.
1162 .Sq -
1171 .Qq -etm
1172 calculate the MAC after encryption (encrypt-then-mac).
1176 .Bl -item -compact -offset indent
1178 hmac-md5
1180 hmac-md5-96
1182 hmac-sha1
1184 hmac-sha1-96
1186 hmac-sha2-256
1188 hmac-sha2-512
1190 umac-64@openssh.com
1192 umac-128@openssh.com
1194 hmac-md5-etm@openssh.com
1196 hmac-md5-96-etm@openssh.com
1198 hmac-sha1-etm@openssh.com
1200 hmac-sha1-96-etm@openssh.com
1202 hmac-sha2-256-etm@openssh.com
1204 hmac-sha2-512-etm@openssh.com
1206 umac-64-etm@openssh.com
1208 umac-128-etm@openssh.com
1212 .Bd -literal -offset indent
1213 umac-64-etm@openssh.com,umac-128-etm@openssh.com,
1214 hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,
1215 hmac-sha1-etm@openssh.com,
1216 umac-64@openssh.com,umac-128@openssh.com,
1217 hmac-sha2-256,hmac-sha2-512,hmac-sha1
1221 .Qq ssh -Q mac .
1237 are one or more criteria-pattern pairs or one of the single token criteria:
1240 .Cm Invalid-User ,
1241 which matches when the requested user-name does not match any known account.
1258 The match patterns may consist of single entries or comma-separated
1269 Note that the mask length provided must be consistent with the address -
1383 file that contains the Diffie-Hellman groups used for the
1384 .Dq diffie-hellman-group-exchange-sha1
1386 .Dq diffie-hellman-group-exchange-sha256
1414 .Bl -item -offset indent -compact
1456 .Bl -item -offset indent -compact
1492 .Cm prohibit-password ,
1493 .Cm forced-commands-only ,
1507 .Cm prohibit-password
1509 .Cm without-password ) ,
1510 password and keyboard-interactive authentication are disabled for root.
1513 .Cm forced-commands-only ,
1514 root login with public key authentication will be allowed,
1537 .Cm point-to-point
1545 .Cm point-to-point
1566 or a pattern-list specifying which environment variable names to accept
1619 .Bl -tag -width Ds
1636 .Xr ssh-keyscan 1 .
1637 .It Cm grace-exceeded:duration
1648 .It Cm max-sources4:number , max-sources6:number
1653 .Cm max-sources4
1655 .Cm max-sources6
1658 .Cm deny-all ,
1675 Specifies a comma-separated list of addresses to exempt from penalties.
1677 Note that the mask length provided must be consistent with the address -
1716 Specifies the signature algorithms that will be accepted for public key
1717 authentication as a list of comma-separated patterns.
1723 .Sq -
1731 .Bd -literal -offset 3n
1732 ssh-ed25519-cert-v01@openssh.com,
1733 ecdsa-sha2-nistp256-cert-v01@openssh.com,
1734 ecdsa-sha2-nistp384-cert-v01@openssh.com,
1735 ecdsa-sha2-nistp521-cert-v01@openssh.com,
1736 sk-ssh-ed25519-cert-v01@openssh.com,
1737 sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,
1738 rsa-sha2-512-cert-v01@openssh.com,
1739 rsa-sha2-256-cert-v01@openssh.com,
1740 ssh-ed25519,
1741 ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
1742 sk-ssh-ed25519@openssh.com,
1743 sk-ecdsa-sha2-nistp256@openssh.com,
1744 rsa-sha2-512,rsa-sha2-256
1748 .Qq ssh -Q PubkeyAcceptedAlgorithms .
1750 Sets one or more public key authentication options.
1754 .Cm touch-required
1756 .Cm verify-required .
1759 .Cm touch-required
1760 option causes public key authentication using a FIDO authenticator algorithm
1762 .Cm ecdsa-sk
1764 .Cm ed25519-sk )
1771 .Cm touch-required
1775 .Cm verify-required
1776 option requires a FIDO key signature attest that the user was verified,
1780 .Cm touch-required
1782 .Cm verify-required
1783 options have any effect for other, non-FIDO, public key types.
1785 Specifies whether public key authentication is allowed.
1802 before the session key is renegotiated, optionally followed by a maximum
1803 amount of time that may pass before the session key is renegotiated.
1826 Specifies the minimum RSA key size (in bits) that
1829 User and host-based authentication keys smaller than this limit will be
1839 Keys listed in this file will be refused for public key authentication.
1840 Note that if this file is not readable, then public key authentication will
1842 Keys may be specified as a text file, listing one public key per line, or as
1843 an OpenSSH Key Revocation List (KRL) as generated by
1844 .Xr ssh-keygen 1 .
1845 For more information on KRLs, see the KEY REVOCATION LISTS section in
1846 .Xr ssh-keygen 1 .
1858 FIDO authenticator-hosted keys, overriding the default of using
1859 the built-in USB HID support.
1877 .Cm sshd-auth
1880 .Pa /usr/libexec/sshd-auth .
1884 .Cm sshd-session
1887 .Pa /usr/libexec/sshd-session .
1892 used when creating a Unix-domain socket file for local or remote
1894 This option is only used for port forwarding to a Unix-domain socket file.
1896 The default value is 0177, which creates a Unix-domain socket file that is
1898 Note that not all operating systems honor the file mode on Unix-domain
1901 Specifies whether to remove an existing Unix-domain socket file for local
1907 will be unable to forward the port to the Unix-domain socket file.
1908 This option is only used for port forwarding to a Unix-domain socket file.
1922 directory or files world-writable.
1934 .Cm sftp-server
1938 .Cm internal-sftp
1939 implements an in-process SFTP server.
1944 .Cm sftp-server
1945 and even though it is in-process, settings such as
1988 If a certificate is presented for authentication and has its signing CA key
1995 .Xr ssh-keygen 1 .
2001 sessions, connected network, socket, agent or X11 forwardings.
2067 Because PAM keyboard-interactive authentication usually serves an equivalent
2077 as a non-root user.
2084 .Qq FreeBSD-20250801 .
2161 command-line arguments and configuration file options that specify time
2172 .Bl -tag -width Ds -compact -offset indent
2192 .Bl -tag -width Ds -compact -offset indent
2204 .Bl -tag -width XXXX -offset indent -compact
2210 four space-separated values: client address, client port number,
2215 The fingerprint of the CA key.
2217 The fingerprint of the key or certificate.
2221 The key ID in the certificate.
2223 The base64-encoded CA key.
2225 The base64-encoded key or certificate for authentication.
2229 The type of the CA key.
2231 The key or certificate type.
2256 .Bl -tag -width Ds
2261 (though not necessary) that it be world-readable.
2264 .Xr sftp-server 8 ,
2267 .An -nosplit
2275 removed many bugs, re-added newer features and