xref: /freebsd/crypto/openssh/ssh_config.5 (revision 3332f1b444d4a73238e9f59cca27bfc95fe936bd)
1.\"
2.\" Author: Tatu Ylonen <ylo@cs.hut.fi>
3.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
4.\"                    All rights reserved
5.\"
6.\" As far as I am concerned, the code I have written for this software
7.\" can be used freely for any purpose.  Any derived versions of this
8.\" software must be clearly marked as such, and if the derived work is
9.\" incompatible with the protocol description in the RFC file, it must be
10.\" called by a name other than "ssh" or "Secure Shell".
11.\"
12.\" Copyright (c) 1999,2000 Markus Friedl.  All rights reserved.
13.\" Copyright (c) 1999 Aaron Campbell.  All rights reserved.
14.\" Copyright (c) 1999 Theo de Raadt.  All rights reserved.
15.\"
16.\" Redistribution and use in source and binary forms, with or without
17.\" modification, are permitted provided that the following conditions
18.\" are met:
19.\" 1. Redistributions of source code must retain the above copyright
20.\"    notice, this list of conditions and the following disclaimer.
21.\" 2. Redistributions in binary form must reproduce the above copyright
22.\"    notice, this list of conditions and the following disclaimer in the
23.\"    documentation and/or other materials provided with the distribution.
24.\"
25.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
26.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
27.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
28.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
29.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
30.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
31.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
32.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
33.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
34.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
35.\"
36.\" $OpenBSD: ssh_config.5,v 1.362 2021/08/12 23:59:25 djm Exp $
37.\" $FreeBSD$
38.Dd $Mdocdate: August 12 2021 $
39.Dt SSH_CONFIG 5
40.Os
41.Sh NAME
42.Nm ssh_config
43.Nd OpenSSH client configuration file
44.Sh DESCRIPTION
45.Xr ssh 1
46obtains configuration data from the following sources in
47the following order:
48.Pp
49.Bl -enum -offset indent -compact
50.It
51command-line options
52.It
53user's configuration file
54.Pq Pa ~/.ssh/config
55.It
56system-wide configuration file
57.Pq Pa /etc/ssh/ssh_config
58.El
59.Pp
60For each parameter, the first obtained value
61will be used.
62The configuration files contain sections separated by
63.Cm Host
64specifications, and that section is only applied for hosts that
65match one of the patterns given in the specification.
66The matched host name is usually the one given on the command line
67(see the
68.Cm CanonicalizeHostname
69option for exceptions).
70.Pp
71Since the first obtained value for each parameter is used, more
72host-specific declarations should be given near the beginning of the
73file, and general defaults at the end.
74.Pp
75The file contains keyword-argument pairs, one per line.
76Lines starting with
77.Ql #
78and empty lines are interpreted as comments.
79Arguments may optionally be enclosed in double quotes
80.Pq \&"
81in order to represent arguments containing spaces.
82Configuration options may be separated by whitespace or
83optional whitespace and exactly one
84.Ql = ;
85the latter format is useful to avoid the need to quote whitespace
86when specifying configuration options using the
87.Nm ssh ,
88.Nm scp ,
89and
90.Nm sftp
91.Fl o
92option.
93.Pp
94The possible
95keywords and their meanings are as follows (note that
96keywords are case-insensitive and arguments are case-sensitive):
97.Bl -tag -width Ds
98.It Cm Host
99Restricts the following declarations (up to the next
100.Cm Host
101or
102.Cm Match
103keyword) to be only for those hosts that match one of the patterns
104given after the keyword.
105If more than one pattern is provided, they should be separated by whitespace.
106A single
107.Ql *
108as a pattern can be used to provide global
109defaults for all hosts.
110The host is usually the
111.Ar hostname
112argument given on the command line
113(see the
114.Cm CanonicalizeHostname
115keyword for exceptions).
116.Pp
117A pattern entry may be negated by prefixing it with an exclamation mark
118.Pq Sq !\& .
119If a negated entry is matched, then the
120.Cm Host
121entry is ignored, regardless of whether any other patterns on the line
122match.
123Negated matches are therefore useful to provide exceptions for wildcard
124matches.
125.Pp
126See
127.Sx PATTERNS
128for more information on patterns.
129.It Cm Match
130Restricts the following declarations (up to the next
131.Cm Host
132or
133.Cm Match
134keyword) to be used only when the conditions following the
135.Cm Match
136keyword are satisfied.
137Match conditions are specified using one or more criteria
138or the single token
139.Cm all
140which always matches.
141The available criteria keywords are:
142.Cm canonical ,
143.Cm final ,
144.Cm exec ,
145.Cm host ,
146.Cm originalhost ,
147.Cm user ,
148and
149.Cm localuser .
150The
151.Cm all
152criteria must appear alone or immediately after
153.Cm canonical
154or
155.Cm final .
156Other criteria may be combined arbitrarily.
157All criteria but
158.Cm all ,
159.Cm canonical ,
160and
161.Cm final
162require an argument.
163Criteria may be negated by prepending an exclamation mark
164.Pq Sq !\& .
165.Pp
166The
167.Cm canonical
168keyword matches only when the configuration file is being re-parsed
169after hostname canonicalization (see the
170.Cm CanonicalizeHostname
171option).
172This may be useful to specify conditions that work with canonical host
173names only.
174.Pp
175The
176.Cm final
177keyword requests that the configuration be re-parsed (regardless of whether
178.Cm CanonicalizeHostname
179is enabled), and matches only during this final pass.
180If
181.Cm CanonicalizeHostname
182is enabled, then
183.Cm canonical
184and
185.Cm final
186match during the same pass.
187.Pp
188The
189.Cm exec
190keyword executes the specified command under the user's shell.
191If the command returns a zero exit status then the condition is considered true.
192Commands containing whitespace characters must be quoted.
193Arguments to
194.Cm exec
195accept the tokens described in the
196.Sx TOKENS
197section.
198.Pp
199The other keywords' criteria must be single entries or comma-separated
200lists and may use the wildcard and negation operators described in the
201.Sx PATTERNS
202section.
203The criteria for the
204.Cm host
205keyword are matched against the target hostname, after any substitution
206by the
207.Cm Hostname
208or
209.Cm CanonicalizeHostname
210options.
211The
212.Cm originalhost
213keyword matches against the hostname as it was specified on the command-line.
214The
215.Cm user
216keyword matches against the target username on the remote host.
217The
218.Cm localuser
219keyword matches against the name of the local user running
220.Xr ssh 1
221(this keyword may be useful in system-wide
222.Nm
223files).
224.It Cm AddKeysToAgent
225Specifies whether keys should be automatically added to a running
226.Xr ssh-agent 1 .
227If this option is set to
228.Cm yes
229and a key is loaded from a file, the key and its passphrase are added to
230the agent with the default lifetime, as if by
231.Xr ssh-add 1 .
232If this option is set to
233.Cm ask ,
234.Xr ssh 1
235will require confirmation using the
236.Ev SSH_ASKPASS
237program before adding a key (see
238.Xr ssh-add 1
239for details).
240If this option is set to
241.Cm confirm ,
242each use of the key must be confirmed, as if the
243.Fl c
244option was specified to
245.Xr ssh-add 1 .
246If this option is set to
247.Cm no ,
248no keys are added to the agent.
249Alternately, this option may be specified as a time interval
250using the format described in the
251.Sx TIME FORMATS
252section of
253.Xr sshd_config 5
254to specify the key's lifetime in
255.Xr ssh-agent 1 ,
256after which it will automatically be removed.
257The argument must be
258.Cm no
259(the default),
260.Cm yes ,
261.Cm confirm
262(optionally followed by a time interval),
263.Cm ask
264or a time interval.
265.It Cm AddressFamily
266Specifies which address family to use when connecting.
267Valid arguments are
268.Cm any
269(the default),
270.Cm inet
271(use IPv4 only), or
272.Cm inet6
273(use IPv6 only).
274.It Cm BatchMode
275If set to
276.Cm yes ,
277user interaction such as password prompts and host key confirmation requests
278will be disabled.
279This option is useful in scripts and other batch jobs where no user
280is present to interact with
281.Xr ssh 1 .
282The argument must be
283.Cm yes
284or
285.Cm no
286(the default).
287.It Cm BindAddress
288Use the specified address on the local machine as the source address of
289the connection.
290Only useful on systems with more than one address.
291.It Cm BindInterface
292Use the address of the specified interface on the local machine as the
293source address of the connection.
294.It Cm CanonicalDomains
295When
296.Cm CanonicalizeHostname
297is enabled, this option specifies the list of domain suffixes in which to
298search for the specified destination host.
299.It Cm CanonicalizeFallbackLocal
300Specifies whether to fail with an error when hostname canonicalization fails.
301The default,
302.Cm yes ,
303will attempt to look up the unqualified hostname using the system resolver's
304search rules.
305A value of
306.Cm no
307will cause
308.Xr ssh 1
309to fail instantly if
310.Cm CanonicalizeHostname
311is enabled and the target hostname cannot be found in any of the domains
312specified by
313.Cm CanonicalDomains .
314.It Cm CanonicalizeHostname
315Controls whether explicit hostname canonicalization is performed.
316The default,
317.Cm no ,
318is not to perform any name rewriting and let the system resolver handle all
319hostname lookups.
320If set to
321.Cm yes
322then, for connections that do not use a
323.Cm ProxyCommand
324or
325.Cm ProxyJump ,
326.Xr ssh 1
327will attempt to canonicalize the hostname specified on the command line
328using the
329.Cm CanonicalDomains
330suffixes and
331.Cm CanonicalizePermittedCNAMEs
332rules.
333If
334.Cm CanonicalizeHostname
335is set to
336.Cm always ,
337then canonicalization is applied to proxied connections too.
338.Pp
339If this option is enabled, then the configuration files are processed
340again using the new target name to pick up any new configuration in matching
341.Cm Host
342and
343.Cm Match
344stanzas.
345A value of
346.Cm none
347disables the use of a
348.Cm ProxyJump
349host.
350.It Cm CanonicalizeMaxDots
351Specifies the maximum number of dot characters in a hostname before
352canonicalization is disabled.
353The default, 1,
354allows a single dot (i.e. hostname.subdomain).
355.It Cm CanonicalizePermittedCNAMEs
356Specifies rules to determine whether CNAMEs should be followed when
357canonicalizing hostnames.
358The rules consist of one or more arguments of
359.Ar source_domain_list : Ns Ar target_domain_list ,
360where
361.Ar source_domain_list
362is a pattern-list of domains that may follow CNAMEs in canonicalization,
363and
364.Ar target_domain_list
365is a pattern-list of domains that they may resolve to.
366.Pp
367For example,
368.Qq *.a.example.com:*.b.example.com,*.c.example.com
369will allow hostnames matching
370.Qq *.a.example.com
371to be canonicalized to names in the
372.Qq *.b.example.com
373or
374.Qq *.c.example.com
375domains.
376.It Cm CASignatureAlgorithms
377Specifies which algorithms are allowed for signing of certificates
378by certificate authorities (CAs).
379The default is:
380.Bd -literal -offset indent
381ssh-ed25519,ecdsa-sha2-nistp256,
382ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
383sk-ssh-ed25519@openssh.com,
384sk-ecdsa-sha2-nistp256@openssh.com,
385rsa-sha2-512,rsa-sha2-256
386.Ed
387.Pp
388If the specified list begins with a
389.Sq +
390character, then the specified algorithms will be appended to the default set
391instead of replacing them.
392If the specified list begins with a
393.Sq -
394character, then the specified algorithms (including wildcards) will be removed
395from the default set instead of replacing them.
396.Pp
397.Xr ssh 1
398will not accept host certificates signed using algorithms other than those
399specified.
400.It Cm CertificateFile
401Specifies a file from which the user's certificate is read.
402A corresponding private key must be provided separately in order
403to use this certificate either
404from an
405.Cm IdentityFile
406directive or
407.Fl i
408flag to
409.Xr ssh 1 ,
410via
411.Xr ssh-agent 1 ,
412or via a
413.Cm PKCS11Provider
414or
415.Cm SecurityKeyProvider .
416.Pp
417Arguments to
418.Cm CertificateFile
419may use the tilde syntax to refer to a user's home directory,
420the tokens described in the
421.Sx TOKENS
422section and environment variables as described in the
423.Sx ENVIRONMENT VARIABLES
424section.
425.Pp
426It is possible to have multiple certificate files specified in
427configuration files; these certificates will be tried in sequence.
428Multiple
429.Cm CertificateFile
430directives will add to the list of certificates used for
431authentication.
432.It Cm CheckHostIP
433If set to
434.Cm yes ,
435.Xr ssh 1
436will additionally check the host IP address in the
437.Pa known_hosts
438file.
439This allows it to detect if a host key changed due to DNS spoofing
440and will add addresses of destination hosts to
441.Pa ~/.ssh/known_hosts
442in the process, regardless of the setting of
443.Cm StrictHostKeyChecking .
444If the option is set to
445.Cm no
446(the default),
447the check will not be executed.
448The default is
449.Cm no .
450.It Cm Ciphers
451Specifies the ciphers allowed and their order of preference.
452Multiple ciphers must be comma-separated.
453If the specified list begins with a
454.Sq +
455character, then the specified ciphers will be appended to the default set
456instead of replacing them.
457If the specified list begins with a
458.Sq -
459character, then the specified ciphers (including wildcards) will be removed
460from the default set instead of replacing them.
461If the specified list begins with a
462.Sq ^
463character, then the specified ciphers will be placed at the head of the
464default set.
465.Pp
466The supported ciphers are:
467.Bd -literal -offset indent
4683des-cbc
469aes128-cbc
470aes192-cbc
471aes256-cbc
472aes128-ctr
473aes192-ctr
474aes256-ctr
475aes128-gcm@openssh.com
476aes256-gcm@openssh.com
477chacha20-poly1305@openssh.com
478.Ed
479.Pp
480The default is:
481.Bd -literal -offset indent
482chacha20-poly1305@openssh.com,
483aes128-ctr,aes192-ctr,aes256-ctr,
484aes128-gcm@openssh.com,aes256-gcm@openssh.com
485.Ed
486.Pp
487The list of available ciphers may also be obtained using
488.Qq ssh -Q cipher .
489.It Cm ClearAllForwardings
490Specifies that all local, remote, and dynamic port forwardings
491specified in the configuration files or on the command line be
492cleared.
493This option is primarily useful when used from the
494.Xr ssh 1
495command line to clear port forwardings set in
496configuration files, and is automatically set by
497.Xr scp 1
498and
499.Xr sftp 1 .
500The argument must be
501.Cm yes
502or
503.Cm no
504(the default).
505.It Cm Compression
506Specifies whether to use compression.
507The argument must be
508.Cm yes
509or
510.Cm no
511(the default).
512.It Cm ConnectionAttempts
513Specifies the number of tries (one per second) to make before exiting.
514The argument must be an integer.
515This may be useful in scripts if the connection sometimes fails.
516The default is 1.
517.It Cm ConnectTimeout
518Specifies the timeout (in seconds) used when connecting to the
519SSH server, instead of using the default system TCP timeout.
520This timeout is applied both to establishing the connection and to performing
521the initial SSH protocol handshake and key exchange.
522.It Cm ControlMaster
523Enables the sharing of multiple sessions over a single network connection.
524When set to
525.Cm yes ,
526.Xr ssh 1
527will listen for connections on a control socket specified using the
528.Cm ControlPath
529argument.
530Additional sessions can connect to this socket using the same
531.Cm ControlPath
532with
533.Cm ControlMaster
534set to
535.Cm no
536(the default).
537These sessions will try to reuse the master instance's network connection
538rather than initiating new ones, but will fall back to connecting normally
539if the control socket does not exist, or is not listening.
540.Pp
541Setting this to
542.Cm ask
543will cause
544.Xr ssh 1
545to listen for control connections, but require confirmation using
546.Xr ssh-askpass 1 .
547If the
548.Cm ControlPath
549cannot be opened,
550.Xr ssh 1
551will continue without connecting to a master instance.
552.Pp
553X11 and
554.Xr ssh-agent 1
555forwarding is supported over these multiplexed connections, however the
556display and agent forwarded will be the one belonging to the master
557connection i.e. it is not possible to forward multiple displays or agents.
558.Pp
559Two additional options allow for opportunistic multiplexing: try to use a
560master connection but fall back to creating a new one if one does not already
561exist.
562These options are:
563.Cm auto
564and
565.Cm autoask .
566The latter requires confirmation like the
567.Cm ask
568option.
569.It Cm ControlPath
570Specify the path to the control socket used for connection sharing as described
571in the
572.Cm ControlMaster
573section above or the string
574.Cm none
575to disable connection sharing.
576Arguments to
577.Cm ControlPath
578may use the tilde syntax to refer to a user's home directory,
579the tokens described in the
580.Sx TOKENS
581section and environment variables as described in the
582.Sx ENVIRONMENT VARIABLES
583section.
584It is recommended that any
585.Cm ControlPath
586used for opportunistic connection sharing include
587at least %h, %p, and %r (or alternatively %C) and be placed in a directory
588that is not writable by other users.
589This ensures that shared connections are uniquely identified.
590.It Cm ControlPersist
591When used in conjunction with
592.Cm ControlMaster ,
593specifies that the master connection should remain open
594in the background (waiting for future client connections)
595after the initial client connection has been closed.
596If set to
597.Cm no
598(the default),
599then the master connection will not be placed into the background,
600and will close as soon as the initial client connection is closed.
601If set to
602.Cm yes
603or 0,
604then the master connection will remain in the background indefinitely
605(until killed or closed via a mechanism such as the
606.Qq ssh -O exit ) .
607If set to a time in seconds, or a time in any of the formats documented in
608.Xr sshd_config 5 ,
609then the backgrounded master connection will automatically terminate
610after it has remained idle (with no client connections) for the
611specified time.
612.It Cm DynamicForward
613Specifies that a TCP port on the local machine be forwarded
614over the secure channel, and the application
615protocol is then used to determine where to connect to from the
616remote machine.
617.Pp
618The argument must be
619.Sm off
620.Oo Ar bind_address : Oc Ar port .
621.Sm on
622IPv6 addresses can be specified by enclosing addresses in square brackets.
623By default, the local port is bound in accordance with the
624.Cm GatewayPorts
625setting.
626However, an explicit
627.Ar bind_address
628may be used to bind the connection to a specific address.
629The
630.Ar bind_address
631of
632.Cm localhost
633indicates that the listening port be bound for local use only, while an
634empty address or
635.Sq *
636indicates that the port should be available from all interfaces.
637.Pp
638Currently the SOCKS4 and SOCKS5 protocols are supported, and
639.Xr ssh 1
640will act as a SOCKS server.
641Multiple forwardings may be specified, and
642additional forwardings can be given on the command line.
643Only the superuser can forward privileged ports.
644.It Cm EnableSSHKeysign
645Setting this option to
646.Cm yes
647in the global client configuration file
648.Pa /etc/ssh/ssh_config
649enables the use of the helper program
650.Xr ssh-keysign 8
651during
652.Cm HostbasedAuthentication .
653The argument must be
654.Cm yes
655or
656.Cm no
657(the default).
658This option should be placed in the non-hostspecific section.
659See
660.Xr ssh-keysign 8
661for more information.
662.It Cm EscapeChar
663Sets the escape character (default:
664.Ql ~ ) .
665The escape character can also
666be set on the command line.
667The argument should be a single character,
668.Ql ^
669followed by a letter, or
670.Cm none
671to disable the escape
672character entirely (making the connection transparent for binary
673data).
674.It Cm ExitOnForwardFailure
675Specifies whether
676.Xr ssh 1
677should terminate the connection if it cannot set up all requested
678dynamic, tunnel, local, and remote port forwardings, (e.g.\&
679if either end is unable to bind and listen on a specified port).
680Note that
681.Cm ExitOnForwardFailure
682does not apply to connections made over port forwardings and will not,
683for example, cause
684.Xr ssh 1
685to exit if TCP connections to the ultimate forwarding destination fail.
686The argument must be
687.Cm yes
688or
689.Cm no
690(the default).
691.It Cm FingerprintHash
692Specifies the hash algorithm used when displaying key fingerprints.
693Valid options are:
694.Cm md5
695and
696.Cm sha256
697(the default).
698.It Cm ForkAfterAuthentication
699Requests
700.Nm ssh
701to go to background just before command execution.
702This is useful if
703.Nm ssh
704is going to ask for passwords or passphrases, but the user
705wants it in the background.
706This implies the
707.Cm StdinNull
708configuration option being set to
709.Dq yes .
710The recommended way to start X11 programs at a remote site is with
711something like
712.Ic ssh -f host xterm ,
713which is the same as
714.Ic ssh host xterm
715if the
716.Cm ForkAfterAuthentication
717configuration option is set to
718.Dq yes .
719.Pp
720If the
721.Cm ExitOnForwardFailure
722configuration option is set to
723.Dq yes ,
724then a client started with the
725.Cm ForkAfterAuthentication
726configuration option being set to
727.Dq yes
728will wait for all remote port forwards to be successfully established
729before placing itself in the background.
730The argument to this keyword must be
731.Cm yes
732(same as the
733.Fl f
734option) or
735.Cm no
736(the default).
737.It Cm ForwardAgent
738Specifies whether the connection to the authentication agent (if any)
739will be forwarded to the remote machine.
740The argument may be
741.Cm yes ,
742.Cm no
743(the default),
744an explicit path to an agent socket or the name of an environment variable
745(beginning with
746.Sq $ )
747in which to find the path.
748.Pp
749Agent forwarding should be enabled with caution.
750Users with the ability to bypass file permissions on the remote host
751(for the agent's Unix-domain socket)
752can access the local agent through the forwarded connection.
753An attacker cannot obtain key material from the agent,
754however they can perform operations on the keys that enable them to
755authenticate using the identities loaded into the agent.
756.It Cm ForwardX11
757Specifies whether X11 connections will be automatically redirected
758over the secure channel and
759.Ev DISPLAY
760set.
761The argument must be
762.Cm yes
763or
764.Cm no
765(the default).
766.Pp
767X11 forwarding should be enabled with caution.
768Users with the ability to bypass file permissions on the remote host
769(for the user's X11 authorization database)
770can access the local X11 display through the forwarded connection.
771An attacker may then be able to perform activities such as keystroke monitoring
772if the
773.Cm ForwardX11Trusted
774option is also enabled.
775.It Cm ForwardX11Timeout
776Specify a timeout for untrusted X11 forwarding
777using the format described in the
778.Sx TIME FORMATS
779section of
780.Xr sshd_config 5 .
781X11 connections received by
782.Xr ssh 1
783after this time will be refused.
784Setting
785.Cm ForwardX11Timeout
786to zero will disable the timeout and permit X11 forwarding for the life
787of the connection.
788The default is to disable untrusted X11 forwarding after twenty minutes has
789elapsed.
790.It Cm ForwardX11Trusted
791If this option is set to
792.Cm yes ,
793remote X11 clients will have full access to the original X11 display.
794.Pp
795If this option is set to
796.Cm no
797(the default),
798remote X11 clients will be considered untrusted and prevented
799from stealing or tampering with data belonging to trusted X11
800clients.
801Furthermore, the
802.Xr xauth 1
803token used for the session will be set to expire after 20 minutes.
804Remote clients will be refused access after this time.
805.Pp
806See the X11 SECURITY extension specification for full details on
807the restrictions imposed on untrusted clients.
808.It Cm GatewayPorts
809Specifies whether remote hosts are allowed to connect to local
810forwarded ports.
811By default,
812.Xr ssh 1
813binds local port forwardings to the loopback address.
814This prevents other remote hosts from connecting to forwarded ports.
815.Cm GatewayPorts
816can be used to specify that ssh
817should bind local port forwardings to the wildcard address,
818thus allowing remote hosts to connect to forwarded ports.
819The argument must be
820.Cm yes
821or
822.Cm no
823(the default).
824.It Cm GlobalKnownHostsFile
825Specifies one or more files to use for the global
826host key database, separated by whitespace.
827The default is
828.Pa /etc/ssh/ssh_known_hosts ,
829.Pa /etc/ssh/ssh_known_hosts2 .
830.It Cm GSSAPIAuthentication
831Specifies whether user authentication based on GSSAPI is allowed.
832The default is
833.Cm no .
834.It Cm GSSAPIDelegateCredentials
835Forward (delegate) credentials to the server.
836The default is
837.Cm no .
838.It Cm HashKnownHosts
839Indicates that
840.Xr ssh 1
841should hash host names and addresses when they are added to
842.Pa ~/.ssh/known_hosts .
843These hashed names may be used normally by
844.Xr ssh 1
845and
846.Xr sshd 8 ,
847but they do not visually reveal identifying information if the
848file's contents are disclosed.
849The default is
850.Cm no .
851Note that existing names and addresses in known hosts files
852will not be converted automatically,
853but may be manually hashed using
854.Xr ssh-keygen 1 .
855.It Cm HostbasedAcceptedAlgorithms
856Specifies the signature algorithms that will be used for hostbased
857authentication as a comma-separated list of patterns.
858Alternately if the specified list begins with a
859.Sq +
860character, then the specified signature algorithms will be appended
861to the default set instead of replacing them.
862If the specified list begins with a
863.Sq -
864character, then the specified signature algorithms (including wildcards)
865will be removed from the default set instead of replacing them.
866If the specified list begins with a
867.Sq ^
868character, then the specified signature algorithms will be placed
869at the head of the default set.
870The default for this option is:
871.Bd -literal -offset 3n
872ssh-ed25519-cert-v01@openssh.com,
873ecdsa-sha2-nistp256-cert-v01@openssh.com,
874ecdsa-sha2-nistp384-cert-v01@openssh.com,
875ecdsa-sha2-nistp521-cert-v01@openssh.com,
876sk-ssh-ed25519-cert-v01@openssh.com,
877sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,
878rsa-sha2-512-cert-v01@openssh.com,
879rsa-sha2-256-cert-v01@openssh.com,
880ssh-rsa-cert-v01@openssh.com,
881ssh-ed25519,
882ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
883sk-ssh-ed25519@openssh.com,
884sk-ecdsa-sha2-nistp256@openssh.com,
885rsa-sha2-512,rsa-sha2-256,ssh-rsa
886.Ed
887.Pp
888The
889.Fl Q
890option of
891.Xr ssh 1
892may be used to list supported signature algorithms.
893This was formerly named HostbasedKeyTypes.
894.It Cm HostbasedAuthentication
895Specifies whether to try rhosts based authentication with public key
896authentication.
897The argument must be
898.Cm yes
899or
900.Cm no
901(the default).
902.It Cm HostKeyAlgorithms
903Specifies the host key signature algorithms
904that the client wants to use in order of preference.
905Alternately if the specified list begins with a
906.Sq +
907character, then the specified signature algorithms will be appended to
908the default set instead of replacing them.
909If the specified list begins with a
910.Sq -
911character, then the specified signature algorithms (including wildcards)
912will be removed from the default set instead of replacing them.
913If the specified list begins with a
914.Sq ^
915character, then the specified signature algorithms will be placed
916at the head of the default set.
917The default for this option is:
918.Bd -literal -offset 3n
919ssh-ed25519-cert-v01@openssh.com,
920ecdsa-sha2-nistp256-cert-v01@openssh.com,
921ecdsa-sha2-nistp384-cert-v01@openssh.com,
922ecdsa-sha2-nistp521-cert-v01@openssh.com,
923sk-ssh-ed25519-cert-v01@openssh.com,
924sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,
925rsa-sha2-512-cert-v01@openssh.com,
926rsa-sha2-256-cert-v01@openssh.com,
927ssh-rsa-cert-v01@openssh.com,
928ssh-ed25519,
929ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
930sk-ecdsa-sha2-nistp256@openssh.com,
931sk-ssh-ed25519@openssh.com,
932rsa-sha2-512,rsa-sha2-256,ssh-rsa
933.Ed
934.Pp
935If hostkeys are known for the destination host then this default is modified
936to prefer their algorithms.
937.Pp
938The list of available signature algorithms may also be obtained using
939.Qq ssh -Q HostKeyAlgorithms .
940.It Cm HostKeyAlias
941Specifies an alias that should be used instead of the
942real host name when looking up or saving the host key
943in the host key database files and when validating host certificates.
944This option is useful for tunneling SSH connections
945or for multiple servers running on a single host.
946.It Cm Hostname
947Specifies the real host name to log into.
948This can be used to specify nicknames or abbreviations for hosts.
949Arguments to
950.Cm Hostname
951accept the tokens described in the
952.Sx TOKENS
953section.
954Numeric IP addresses are also permitted (both on the command line and in
955.Cm Hostname
956specifications).
957The default is the name given on the command line.
958.It Cm IdentitiesOnly
959Specifies that
960.Xr ssh 1
961should only use the configured authentication identity and certificate files
962(either the default files, or those explicitly configured in the
963.Nm
964files
965or passed on the
966.Xr ssh 1
967command-line),
968even if
969.Xr ssh-agent 1
970or a
971.Cm PKCS11Provider
972or
973.Cm SecurityKeyProvider
974offers more identities.
975The argument to this keyword must be
976.Cm yes
977or
978.Cm no
979(the default).
980This option is intended for situations where ssh-agent
981offers many different identities.
982.It Cm IdentityAgent
983Specifies the
984.Ux Ns -domain
985socket used to communicate with the authentication agent.
986.Pp
987This option overrides the
988.Ev SSH_AUTH_SOCK
989environment variable and can be used to select a specific agent.
990Setting the socket name to
991.Cm none
992disables the use of an authentication agent.
993If the string
994.Qq SSH_AUTH_SOCK
995is specified, the location of the socket will be read from the
996.Ev SSH_AUTH_SOCK
997environment variable.
998Otherwise if the specified value begins with a
999.Sq $
1000character, then it will be treated as an environment variable containing
1001the location of the socket.
1002.Pp
1003Arguments to
1004.Cm IdentityAgent
1005may use the tilde syntax to refer to a user's home directory,
1006the tokens described in the
1007.Sx TOKENS
1008section and environment variables as described in the
1009.Sx ENVIRONMENT VARIABLES
1010section.
1011.It Cm IdentityFile
1012Specifies a file from which the user's DSA, ECDSA, authenticator-hosted ECDSA,
1013Ed25519, authenticator-hosted Ed25519 or RSA authentication identity is read.
1014The default is
1015.Pa ~/.ssh/id_dsa ,
1016.Pa ~/.ssh/id_ecdsa ,
1017.Pa ~/.ssh/id_ecdsa_sk ,
1018.Pa ~/.ssh/id_ed25519 ,
1019.Pa ~/.ssh/id_ed25519_sk
1020and
1021.Pa ~/.ssh/id_rsa .
1022Additionally, any identities represented by the authentication agent
1023will be used for authentication unless
1024.Cm IdentitiesOnly
1025is set.
1026If no certificates have been explicitly specified by
1027.Cm CertificateFile ,
1028.Xr ssh 1
1029will try to load certificate information from the filename obtained by
1030appending
1031.Pa -cert.pub
1032to the path of a specified
1033.Cm IdentityFile .
1034.Pp
1035Arguments to
1036.Cm IdentityFile
1037may use the tilde syntax to refer to a user's home directory
1038or the tokens described in the
1039.Sx TOKENS
1040section.
1041.Pp
1042It is possible to have
1043multiple identity files specified in configuration files; all these
1044identities will be tried in sequence.
1045Multiple
1046.Cm IdentityFile
1047directives will add to the list of identities tried (this behaviour
1048differs from that of other configuration directives).
1049.Pp
1050.Cm IdentityFile
1051may be used in conjunction with
1052.Cm IdentitiesOnly
1053to select which identities in an agent are offered during authentication.
1054.Cm IdentityFile
1055may also be used in conjunction with
1056.Cm CertificateFile
1057in order to provide any certificate also needed for authentication with
1058the identity.
1059.It Cm IgnoreUnknown
1060Specifies a pattern-list of unknown options to be ignored if they are
1061encountered in configuration parsing.
1062This may be used to suppress errors if
1063.Nm
1064contains options that are unrecognised by
1065.Xr ssh 1 .
1066It is recommended that
1067.Cm IgnoreUnknown
1068be listed early in the configuration file as it will not be applied
1069to unknown options that appear before it.
1070.It Cm Include
1071Include the specified configuration file(s).
1072Multiple pathnames may be specified and each pathname may contain
1073.Xr glob 7
1074wildcards and, for user configurations, shell-like
1075.Sq ~
1076references to user home directories.
1077Wildcards will be expanded and processed in lexical order.
1078Files without absolute paths are assumed to be in
1079.Pa ~/.ssh
1080if included in a user configuration file or
1081.Pa /etc/ssh
1082if included from the system configuration file.
1083.Cm Include
1084directive may appear inside a
1085.Cm Match
1086or
1087.Cm Host
1088block
1089to perform conditional inclusion.
1090.It Cm IPQoS
1091Specifies the IPv4 type-of-service or DSCP class for connections.
1092Accepted values are
1093.Cm af11 ,
1094.Cm af12 ,
1095.Cm af13 ,
1096.Cm af21 ,
1097.Cm af22 ,
1098.Cm af23 ,
1099.Cm af31 ,
1100.Cm af32 ,
1101.Cm af33 ,
1102.Cm af41 ,
1103.Cm af42 ,
1104.Cm af43 ,
1105.Cm cs0 ,
1106.Cm cs1 ,
1107.Cm cs2 ,
1108.Cm cs3 ,
1109.Cm cs4 ,
1110.Cm cs5 ,
1111.Cm cs6 ,
1112.Cm cs7 ,
1113.Cm ef ,
1114.Cm le ,
1115.Cm lowdelay ,
1116.Cm throughput ,
1117.Cm reliability ,
1118a numeric value, or
1119.Cm none
1120to use the operating system default.
1121This option may take one or two arguments, separated by whitespace.
1122If one argument is specified, it is used as the packet class unconditionally.
1123If two values are specified, the first is automatically selected for
1124interactive sessions and the second for non-interactive sessions.
1125The default is
1126.Cm af21
1127(Low-Latency Data)
1128for interactive sessions and
1129.Cm cs1
1130(Lower Effort)
1131for non-interactive sessions.
1132.It Cm KbdInteractiveAuthentication
1133Specifies whether to use keyboard-interactive authentication.
1134The argument to this keyword must be
1135.Cm yes
1136(the default)
1137or
1138.Cm no .
1139.Cm ChallengeResponseAuthentication
1140is a deprecated alias for this.
1141.It Cm KbdInteractiveDevices
1142Specifies the list of methods to use in keyboard-interactive authentication.
1143Multiple method names must be comma-separated.
1144The default is to use the server specified list.
1145The methods available vary depending on what the server supports.
1146For an OpenSSH server,
1147it may be zero or more of:
1148.Cm bsdauth
1149and
1150.Cm pam .
1151.It Cm KexAlgorithms
1152Specifies the available KEX (Key Exchange) algorithms.
1153Multiple algorithms must be comma-separated.
1154If the specified list begins with a
1155.Sq +
1156character, then the specified methods will be appended to the default set
1157instead of replacing them.
1158If the specified list begins with a
1159.Sq -
1160character, then the specified methods (including wildcards) will be removed
1161from the default set instead of replacing them.
1162If the specified list begins with a
1163.Sq ^
1164character, then the specified methods will be placed at the head of the
1165default set.
1166The default is:
1167.Bd -literal -offset indent
1168curve25519-sha256,curve25519-sha256@libssh.org,
1169ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,
1170diffie-hellman-group-exchange-sha256,
1171diffie-hellman-group16-sha512,
1172diffie-hellman-group18-sha512,
1173diffie-hellman-group14-sha256
1174.Ed
1175.Pp
1176The list of available key exchange algorithms may also be obtained using
1177.Qq ssh -Q kex .
1178.It Cm KnownHostsCommand
1179Specifies a command to use to obtain a list of host keys, in addition to
1180those listed in
1181.Cm UserKnownHostsFile
1182and
1183.Cm GlobalKnownHostsFile .
1184This command is executed after the files have been read.
1185It may write host key lines to standard output in identical format to the
1186usual files (described in the
1187.Sx VERIFYING HOST KEYS
1188section in
1189.Xr ssh 1 ) .
1190Arguments to
1191.Cm KnownHostsCommand
1192accept the tokens described in the
1193.Sx TOKENS
1194section.
1195The command may be invoked multiple times per connection: once when preparing
1196the preference list of host key algorithms to use, again to obtain the
1197host key for the requested host name and, if
1198.Cm CheckHostIP
1199is enabled, one more time to obtain the host key matching the server's
1200address.
1201If the command exits abnormally or returns a non-zero exit status then the
1202connection is terminated.
1203.It Cm LocalCommand
1204Specifies a command to execute on the local machine after successfully
1205connecting to the server.
1206The command string extends to the end of the line, and is executed with
1207the user's shell.
1208Arguments to
1209.Cm LocalCommand
1210accept the tokens described in the
1211.Sx TOKENS
1212section.
1213.Pp
1214The command is run synchronously and does not have access to the
1215session of the
1216.Xr ssh 1
1217that spawned it.
1218It should not be used for interactive commands.
1219.Pp
1220This directive is ignored unless
1221.Cm PermitLocalCommand
1222has been enabled.
1223.It Cm LocalForward
1224Specifies that a TCP port on the local machine be forwarded over
1225the secure channel to the specified host and port from the remote machine.
1226The first argument specifies the listener and may be
1227.Sm off
1228.Oo Ar bind_address : Oc Ar port
1229.Sm on
1230or a Unix domain socket path.
1231The second argument is the destination and may be
1232.Ar host : Ns Ar hostport
1233or a Unix domain socket path if the remote host supports it.
1234.Pp
1235IPv6 addresses can be specified by enclosing addresses in square brackets.
1236Multiple forwardings may be specified, and additional forwardings can be
1237given on the command line.
1238Only the superuser can forward privileged ports.
1239By default, the local port is bound in accordance with the
1240.Cm GatewayPorts
1241setting.
1242However, an explicit
1243.Ar bind_address
1244may be used to bind the connection to a specific address.
1245The
1246.Ar bind_address
1247of
1248.Cm localhost
1249indicates that the listening port be bound for local use only, while an
1250empty address or
1251.Sq *
1252indicates that the port should be available from all interfaces.
1253Unix domain socket paths may use the tokens described in the
1254.Sx TOKENS
1255section and environment variables as described in the
1256.Sx ENVIRONMENT VARIABLES
1257section.
1258.It Cm LogLevel
1259Gives the verbosity level that is used when logging messages from
1260.Xr ssh 1 .
1261The possible values are:
1262QUIET, FATAL, ERROR, INFO, VERBOSE, DEBUG, DEBUG1, DEBUG2, and DEBUG3.
1263The default is INFO.
1264DEBUG and DEBUG1 are equivalent.
1265DEBUG2 and DEBUG3 each specify higher levels of verbose output.
1266.It Cm LogVerbose
1267Specify one or more overrides to LogLevel.
1268An override consists of a pattern lists that matches the source file, function
1269and line number to force detailed logging for.
1270For example, an override pattern of:
1271.Bd -literal -offset indent
1272kex.c:*:1000,*:kex_exchange_identification():*,packet.c:*
1273.Ed
1274.Pp
1275would enable detailed logging for line 1000 of
1276.Pa kex.c ,
1277everything in the
1278.Fn kex_exchange_identification
1279function, and all code in the
1280.Pa packet.c
1281file.
1282This option is intended for debugging and no overrides are enabled by default.
1283.It Cm MACs
1284Specifies the MAC (message authentication code) algorithms
1285in order of preference.
1286The MAC algorithm is used for data integrity protection.
1287Multiple algorithms must be comma-separated.
1288If the specified list begins with a
1289.Sq +
1290character, then the specified algorithms will be appended to the default set
1291instead of replacing them.
1292If the specified list begins with a
1293.Sq -
1294character, then the specified algorithms (including wildcards) will be removed
1295from the default set instead of replacing them.
1296If the specified list begins with a
1297.Sq ^
1298character, then the specified algorithms will be placed at the head of the
1299default set.
1300.Pp
1301The algorithms that contain
1302.Qq -etm
1303calculate the MAC after encryption (encrypt-then-mac).
1304These are considered safer and their use recommended.
1305.Pp
1306The default is:
1307.Bd -literal -offset indent
1308umac-64-etm@openssh.com,umac-128-etm@openssh.com,
1309hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,
1310hmac-sha1-etm@openssh.com,
1311umac-64@openssh.com,umac-128@openssh.com,
1312hmac-sha2-256,hmac-sha2-512,hmac-sha1
1313.Ed
1314.Pp
1315The list of available MAC algorithms may also be obtained using
1316.Qq ssh -Q mac .
1317.It Cm NoHostAuthenticationForLocalhost
1318Disable host authentication for localhost (loopback addresses).
1319The argument to this keyword must be
1320.Cm yes
1321or
1322.Cm no
1323(the default).
1324.It Cm NumberOfPasswordPrompts
1325Specifies the number of password prompts before giving up.
1326The argument to this keyword must be an integer.
1327The default is 3.
1328.It Cm PasswordAuthentication
1329Specifies whether to use password authentication.
1330The argument to this keyword must be
1331.Cm yes
1332(the default)
1333or
1334.Cm no .
1335.It Cm PermitLocalCommand
1336Allow local command execution via the
1337.Ic LocalCommand
1338option or using the
1339.Ic !\& Ns Ar command
1340escape sequence in
1341.Xr ssh 1 .
1342The argument must be
1343.Cm yes
1344or
1345.Cm no
1346(the default).
1347.It Cm PermitRemoteOpen
1348Specifies the destinations to which remote TCP port forwarding is permitted when
1349.Cm RemoteForward
1350is used as a SOCKS proxy.
1351The forwarding specification must be one of the following forms:
1352.Pp
1353.Bl -item -offset indent -compact
1354.It
1355.Cm PermitRemoteOpen
1356.Sm off
1357.Ar host : port
1358.Sm on
1359.It
1360.Cm PermitRemoteOpen
1361.Sm off
1362.Ar IPv4_addr : port
1363.Sm on
1364.It
1365.Cm PermitRemoteOpen
1366.Sm off
1367.Ar \&[ IPv6_addr \&] : port
1368.Sm on
1369.El
1370.Pp
1371Multiple forwards may be specified by separating them with whitespace.
1372An argument of
1373.Cm any
1374can be used to remove all restrictions and permit any forwarding requests.
1375An argument of
1376.Cm none
1377can be used to prohibit all forwarding requests.
1378The wildcard
1379.Sq *
1380can be used for host or port to allow all hosts or ports respectively.
1381Otherwise, no pattern matching or address lookups are performed on supplied
1382names.
1383.It Cm PKCS11Provider
1384Specifies which PKCS#11 provider to use or
1385.Cm none
1386to indicate that no provider should be used (the default).
1387The argument to this keyword is a path to the PKCS#11 shared library
1388.Xr ssh 1
1389should use to communicate with a PKCS#11 token providing keys for user
1390authentication.
1391.It Cm Port
1392Specifies the port number to connect on the remote host.
1393The default is 22.
1394.It Cm PreferredAuthentications
1395Specifies the order in which the client should try authentication methods.
1396This allows a client to prefer one method (e.g.\&
1397.Cm keyboard-interactive )
1398over another method (e.g.\&
1399.Cm password ) .
1400The default is:
1401.Bd -literal -offset indent
1402gssapi-with-mic,hostbased,publickey,
1403keyboard-interactive,password
1404.Ed
1405.It Cm ProxyCommand
1406Specifies the command to use to connect to the server.
1407The command
1408string extends to the end of the line, and is executed
1409using the user's shell
1410.Ql exec
1411directive to avoid a lingering shell process.
1412.Pp
1413Arguments to
1414.Cm ProxyCommand
1415accept the tokens described in the
1416.Sx TOKENS
1417section.
1418The command can be basically anything,
1419and should read from its standard input and write to its standard output.
1420It should eventually connect an
1421.Xr sshd 8
1422server running on some machine, or execute
1423.Ic sshd -i
1424somewhere.
1425Host key management will be done using the
1426.Cm Hostname
1427of the host being connected (defaulting to the name typed by the user).
1428Setting the command to
1429.Cm none
1430disables this option entirely.
1431Note that
1432.Cm CheckHostIP
1433is not available for connects with a proxy command.
1434.Pp
1435This directive is useful in conjunction with
1436.Xr nc 1
1437and its proxy support.
1438For example, the following directive would connect via an HTTP proxy at
1439192.0.2.0:
1440.Bd -literal -offset 3n
1441ProxyCommand /usr/bin/nc -X connect -x 192.0.2.0:8080 %h %p
1442.Ed
1443.It Cm ProxyJump
1444Specifies one or more jump proxies as either
1445.Xo
1446.Sm off
1447.Op Ar user No @
1448.Ar host
1449.Op : Ns Ar port
1450.Sm on
1451or an ssh URI
1452.Xc .
1453Multiple proxies may be separated by comma characters and will be visited
1454sequentially.
1455Setting this option will cause
1456.Xr ssh 1
1457to connect to the target host by first making a
1458.Xr ssh 1
1459connection to the specified
1460.Cm ProxyJump
1461host and then establishing a
1462TCP forwarding to the ultimate target from there.
1463Setting the host to
1464.Cm none
1465disables this option entirely.
1466.Pp
1467Note that this option will compete with the
1468.Cm ProxyCommand
1469option - whichever is specified first will prevent later instances of the
1470other from taking effect.
1471.Pp
1472Note also that the configuration for the destination host (either supplied
1473via the command-line or the configuration file) is not generally applied
1474to jump hosts.
1475.Pa ~/.ssh/config
1476should be used if specific configuration is required for jump hosts.
1477.It Cm ProxyUseFdpass
1478Specifies that
1479.Cm ProxyCommand
1480will pass a connected file descriptor back to
1481.Xr ssh 1
1482instead of continuing to execute and pass data.
1483The default is
1484.Cm no .
1485.It Cm PubkeyAcceptedAlgorithms
1486Specifies the signature algorithms that will be used for public key
1487authentication as a comma-separated list of patterns.
1488If the specified list begins with a
1489.Sq +
1490character, then the algorithms after it will be appended to the default
1491instead of replacing it.
1492If the specified list begins with a
1493.Sq -
1494character, then the specified algorithms (including wildcards) will be removed
1495from the default set instead of replacing them.
1496If the specified list begins with a
1497.Sq ^
1498character, then the specified algorithms will be placed at the head of the
1499default set.
1500The default for this option is:
1501.Bd -literal -offset 3n
1502ssh-ed25519-cert-v01@openssh.com,
1503ecdsa-sha2-nistp256-cert-v01@openssh.com,
1504ecdsa-sha2-nistp384-cert-v01@openssh.com,
1505ecdsa-sha2-nistp521-cert-v01@openssh.com,
1506sk-ssh-ed25519-cert-v01@openssh.com,
1507sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,
1508rsa-sha2-512-cert-v01@openssh.com,
1509rsa-sha2-256-cert-v01@openssh.com,
1510ssh-rsa-cert-v01@openssh.com,
1511ssh-ed25519,
1512ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
1513sk-ssh-ed25519@openssh.com,
1514sk-ecdsa-sha2-nistp256@openssh.com,
1515rsa-sha2-512,rsa-sha2-256,ssh-rsa
1516.Ed
1517.Pp
1518The list of available signature algorithms may also be obtained using
1519.Qq ssh -Q PubkeyAcceptedAlgorithms .
1520.It Cm PubkeyAuthentication
1521Specifies whether to try public key authentication.
1522The argument to this keyword must be
1523.Cm yes
1524(the default)
1525or
1526.Cm no .
1527.It Cm RekeyLimit
1528Specifies the maximum amount of data that may be transmitted before the
1529session key is renegotiated, optionally followed by a maximum amount of
1530time that may pass before the session key is renegotiated.
1531The first argument is specified in bytes and may have a suffix of
1532.Sq K ,
1533.Sq M ,
1534or
1535.Sq G
1536to indicate Kilobytes, Megabytes, or Gigabytes, respectively.
1537The default is between
1538.Sq 1G
1539and
1540.Sq 4G ,
1541depending on the cipher.
1542The optional second value is specified in seconds and may use any of the
1543units documented in the TIME FORMATS section of
1544.Xr sshd_config 5 .
1545The default value for
1546.Cm RekeyLimit
1547is
1548.Cm default none ,
1549which means that rekeying is performed after the cipher's default amount
1550of data has been sent or received and no time based rekeying is done.
1551.It Cm RemoteCommand
1552Specifies a command to execute on the remote machine after successfully
1553connecting to the server.
1554The command string extends to the end of the line, and is executed with
1555the user's shell.
1556Arguments to
1557.Cm RemoteCommand
1558accept the tokens described in the
1559.Sx TOKENS
1560section.
1561.It Cm RemoteForward
1562Specifies that a TCP port on the remote machine be forwarded over
1563the secure channel.
1564The remote port may either be forwarded to a specified host and port
1565from the local machine, or may act as a SOCKS 4/5 proxy that allows a remote
1566client to connect to arbitrary destinations from the local machine.
1567The first argument is the listening specification and may be
1568.Sm off
1569.Oo Ar bind_address : Oc Ar port
1570.Sm on
1571or, if the remote host supports it, a Unix domain socket path.
1572If forwarding to a specific destination then the second argument must be
1573.Ar host : Ns Ar hostport
1574or a Unix domain socket path,
1575otherwise if no destination argument is specified then the remote forwarding
1576will be established as a SOCKS proxy.
1577When acting as a SOCKS proxy the destination of the connection can be
1578restricted by
1579.Cm PermitRemoteOpen .
1580.Pp
1581IPv6 addresses can be specified by enclosing addresses in square brackets.
1582Multiple forwardings may be specified, and additional
1583forwardings can be given on the command line.
1584Privileged ports can be forwarded only when
1585logging in as root on the remote machine.
1586Unix domain socket paths may use the tokens described in the
1587.Sx TOKENS
1588section and environment variables as described in the
1589.Sx ENVIRONMENT VARIABLES
1590section.
1591.Pp
1592If the
1593.Ar port
1594argument is 0,
1595the listen port will be dynamically allocated on the server and reported
1596to the client at run time.
1597.Pp
1598If the
1599.Ar bind_address
1600is not specified, the default is to only bind to loopback addresses.
1601If the
1602.Ar bind_address
1603is
1604.Ql *
1605or an empty string, then the forwarding is requested to listen on all
1606interfaces.
1607Specifying a remote
1608.Ar bind_address
1609will only succeed if the server's
1610.Cm GatewayPorts
1611option is enabled (see
1612.Xr sshd_config 5 ) .
1613.It Cm RequestTTY
1614Specifies whether to request a pseudo-tty for the session.
1615The argument may be one of:
1616.Cm no
1617(never request a TTY),
1618.Cm yes
1619(always request a TTY when standard input is a TTY),
1620.Cm force
1621(always request a TTY) or
1622.Cm auto
1623(request a TTY when opening a login session).
1624This option mirrors the
1625.Fl t
1626and
1627.Fl T
1628flags for
1629.Xr ssh 1 .
1630.It Cm RevokedHostKeys
1631Specifies revoked host public keys.
1632Keys listed in this file will be refused for host authentication.
1633Note that if this file does not exist or is not readable,
1634then host authentication will be refused for all hosts.
1635Keys may be specified as a text file, listing one public key per line, or as
1636an OpenSSH Key Revocation List (KRL) as generated by
1637.Xr ssh-keygen 1 .
1638For more information on KRLs, see the KEY REVOCATION LISTS section in
1639.Xr ssh-keygen 1 .
1640.It Cm SecurityKeyProvider
1641Specifies a path to a library that will be used when loading any
1642FIDO authenticator-hosted keys, overriding the default of using
1643the built-in USB HID support.
1644.Pp
1645If the specified value begins with a
1646.Sq $
1647character, then it will be treated as an environment variable containing
1648the path to the library.
1649.It Cm SendEnv
1650Specifies what variables from the local
1651.Xr environ 7
1652should be sent to the server.
1653The server must also support it, and the server must be configured to
1654accept these environment variables.
1655Note that the
1656.Ev TERM
1657environment variable is always sent whenever a
1658pseudo-terminal is requested as it is required by the protocol.
1659Refer to
1660.Cm AcceptEnv
1661in
1662.Xr sshd_config 5
1663for how to configure the server.
1664Variables are specified by name, which may contain wildcard characters.
1665Multiple environment variables may be separated by whitespace or spread
1666across multiple
1667.Cm SendEnv
1668directives.
1669.Pp
1670See
1671.Sx PATTERNS
1672for more information on patterns.
1673.Pp
1674It is possible to clear previously set
1675.Cm SendEnv
1676variable names by prefixing patterns with
1677.Pa - .
1678The default is not to send any environment variables.
1679.It Cm ServerAliveCountMax
1680Sets the number of server alive messages (see below) which may be
1681sent without
1682.Xr ssh 1
1683receiving any messages back from the server.
1684If this threshold is reached while server alive messages are being sent,
1685ssh will disconnect from the server, terminating the session.
1686It is important to note that the use of server alive messages is very
1687different from
1688.Cm TCPKeepAlive
1689(below).
1690The server alive messages are sent through the encrypted channel
1691and therefore will not be spoofable.
1692The TCP keepalive option enabled by
1693.Cm TCPKeepAlive
1694is spoofable.
1695The server alive mechanism is valuable when the client or
1696server depend on knowing when a connection has become unresponsive.
1697.Pp
1698The default value is 3.
1699If, for example,
1700.Cm ServerAliveInterval
1701(see below) is set to 15 and
1702.Cm ServerAliveCountMax
1703is left at the default, if the server becomes unresponsive,
1704ssh will disconnect after approximately 45 seconds.
1705.It Cm ServerAliveInterval
1706Sets a timeout interval in seconds after which if no data has been received
1707from the server,
1708.Xr ssh 1
1709will send a message through the encrypted
1710channel to request a response from the server.
1711The default
1712is 0, indicating that these messages will not be sent to the server.
1713.It Cm SessionType
1714May be used to either request invocation of a subsystem on the remote system,
1715or to prevent the execution of a remote command at all.
1716The latter is useful for just forwarding ports.
1717The argument to this keyword must be
1718.Cm none
1719(same as the
1720.Fl N
1721option),
1722.Cm subsystem
1723(same as the
1724.Fl s
1725option) or
1726.Cm default
1727(shell or command execution).
1728.It Cm SetEnv
1729Directly specify one or more environment variables and their contents to
1730be sent to the server.
1731Similarly to
1732.Cm SendEnv ,
1733with the exception of the
1734.Ev TERM
1735variable, the server must be prepared to accept the environment variable.
1736.It Cm StdinNull
1737Redirects stdin from
1738.Pa /dev/null
1739(actually, prevents reading from stdin).
1740Either this or the equivalent
1741.Fl n
1742option must be used when
1743.Nm ssh
1744is run in the background.
1745The argument to this keyword must be
1746.Cm yes
1747(same as the
1748.Fl n
1749option) or
1750.Cm no
1751(the default).
1752.It Cm StreamLocalBindMask
1753Sets the octal file creation mode mask
1754.Pq umask
1755used when creating a Unix-domain socket file for local or remote
1756port forwarding.
1757This option is only used for port forwarding to a Unix-domain socket file.
1758.Pp
1759The default value is 0177, which creates a Unix-domain socket file that is
1760readable and writable only by the owner.
1761Note that not all operating systems honor the file mode on Unix-domain
1762socket files.
1763.It Cm StreamLocalBindUnlink
1764Specifies whether to remove an existing Unix-domain socket file for local
1765or remote port forwarding before creating a new one.
1766If the socket file already exists and
1767.Cm StreamLocalBindUnlink
1768is not enabled,
1769.Nm ssh
1770will be unable to forward the port to the Unix-domain socket file.
1771This option is only used for port forwarding to a Unix-domain socket file.
1772.Pp
1773The argument must be
1774.Cm yes
1775or
1776.Cm no
1777(the default).
1778.It Cm StrictHostKeyChecking
1779If this flag is set to
1780.Cm yes ,
1781.Xr ssh 1
1782will never automatically add host keys to the
1783.Pa ~/.ssh/known_hosts
1784file, and refuses to connect to hosts whose host key has changed.
1785This provides maximum protection against man-in-the-middle (MITM) attacks,
1786though it can be annoying when the
1787.Pa /etc/ssh/ssh_known_hosts
1788file is poorly maintained or when connections to new hosts are
1789frequently made.
1790This option forces the user to manually
1791add all new hosts.
1792.Pp
1793If this flag is set to
1794.Dq accept-new
1795then ssh will automatically add new host keys to the user's
1796.Pa known_hosts
1797file, but will not permit connections to hosts with
1798changed host keys.
1799If this flag is set to
1800.Dq no
1801or
1802.Dq off ,
1803ssh will automatically add new host keys to the user known hosts files
1804and allow connections to hosts with changed hostkeys to proceed,
1805subject to some restrictions.
1806If this flag is set to
1807.Cm ask
1808(the default),
1809new host keys
1810will be added to the user known host files only after the user
1811has confirmed that is what they really want to do, and
1812ssh will refuse to connect to hosts whose host key has changed.
1813The host keys of
1814known hosts will be verified automatically in all cases.
1815.It Cm SyslogFacility
1816Gives the facility code that is used when logging messages from
1817.Xr ssh 1 .
1818The possible values are: DAEMON, USER, AUTH, LOCAL0, LOCAL1, LOCAL2,
1819LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7.
1820The default is USER.
1821.It Cm TCPKeepAlive
1822Specifies whether the system should send TCP keepalive messages to the
1823other side.
1824If they are sent, death of the connection or crash of one
1825of the machines will be properly noticed.
1826However, this means that
1827connections will die if the route is down temporarily, and some people
1828find it annoying.
1829.Pp
1830The default is
1831.Cm yes
1832(to send TCP keepalive messages), and the client will notice
1833if the network goes down or the remote host dies.
1834This is important in scripts, and many users want it too.
1835.Pp
1836To disable TCP keepalive messages, the value should be set to
1837.Cm no .
1838See also
1839.Cm ServerAliveInterval
1840for protocol-level keepalives.
1841.It Cm Tunnel
1842Request
1843.Xr tun 4
1844device forwarding between the client and the server.
1845The argument must be
1846.Cm yes ,
1847.Cm point-to-point
1848(layer 3),
1849.Cm ethernet
1850(layer 2),
1851or
1852.Cm no
1853(the default).
1854Specifying
1855.Cm yes
1856requests the default tunnel mode, which is
1857.Cm point-to-point .
1858.It Cm TunnelDevice
1859Specifies the
1860.Xr tun 4
1861devices to open on the client
1862.Pq Ar local_tun
1863and the server
1864.Pq Ar remote_tun .
1865.Pp
1866The argument must be
1867.Sm off
1868.Ar local_tun Op : Ar remote_tun .
1869.Sm on
1870The devices may be specified by numerical ID or the keyword
1871.Cm any ,
1872which uses the next available tunnel device.
1873If
1874.Ar remote_tun
1875is not specified, it defaults to
1876.Cm any .
1877The default is
1878.Cm any:any .
1879.It Cm UpdateHostKeys
1880Specifies whether
1881.Xr ssh 1
1882should accept notifications of additional hostkeys from the server sent
1883after authentication has completed and add them to
1884.Cm UserKnownHostsFile .
1885The argument must be
1886.Cm yes ,
1887.Cm no
1888or
1889.Cm ask .
1890This option allows learning alternate hostkeys for a server
1891and supports graceful key rotation by allowing a server to send replacement
1892public keys before old ones are removed.
1893.Pp
1894Additional hostkeys are only accepted if the key used to authenticate the
1895host was already trusted or explicitly accepted by the user, the host was
1896authenticated via
1897.Cm UserKnownHostsFile
1898(i.e. not
1899.Cm GlobalKnownHostsFile )
1900and the host was authenticated using a plain key and not a certificate.
1901.Pp
1902.Cm UpdateHostKeys
1903is enabled by default if the user has not overridden the default
1904.Cm UserKnownHostsFile
1905setting and has not enabled
1906.Cm VerifyHostKeyDNS ,
1907otherwise
1908.Cm UpdateHostKeys
1909will be set to
1910.Cm no .
1911.Pp
1912If
1913.Cm UpdateHostKeys
1914is set to
1915.Cm ask ,
1916then the user is asked to confirm the modifications to the known_hosts file.
1917Confirmation is currently incompatible with
1918.Cm ControlPersist ,
1919and will be disabled if it is enabled.
1920.Pp
1921Presently, only
1922.Xr sshd 8
1923from OpenSSH 6.8 and greater support the
1924.Qq hostkeys@openssh.com
1925protocol extension used to inform the client of all the server's hostkeys.
1926.It Cm User
1927Specifies the user to log in as.
1928This can be useful when a different user name is used on different machines.
1929This saves the trouble of
1930having to remember to give the user name on the command line.
1931.It Cm UserKnownHostsFile
1932Specifies one or more files to use for the user
1933host key database, separated by whitespace.
1934Each filename may use tilde notation to refer to the user's home directory,
1935the tokens described in the
1936.Sx TOKENS
1937section and environment variables as described in the
1938.Sx ENVIRONMENT VARIABLES
1939section.
1940The default is
1941.Pa ~/.ssh/known_hosts ,
1942.Pa ~/.ssh/known_hosts2 .
1943.It Cm VerifyHostKeyDNS
1944Specifies whether to verify the remote key using DNS and SSHFP resource
1945records.
1946If this option is set to
1947.Cm yes ,
1948the client will implicitly trust keys that match a secure fingerprint
1949from DNS.
1950Insecure fingerprints will be handled as if this option was set to
1951.Cm ask .
1952If this option is set to
1953.Cm ask ,
1954information on fingerprint match will be displayed, but the user will still
1955need to confirm new host keys according to the
1956.Cm StrictHostKeyChecking
1957option.
1958The default is
1959.Cm yes
1960if compiled with LDNS and
1961.Cm no
1962otherwise.
1963.Pp
1964See also
1965.Sx VERIFYING HOST KEYS
1966in
1967.Xr ssh 1 .
1968.It Cm VersionAddendum
1969Specifies a string to append to the regular version string to identify
1970OS- or site-specific modifications.
1971The default is
1972.Dq FreeBSD-20210907 .
1973The value
1974.Cm none
1975may be used to disable this.
1976.It Cm VisualHostKey
1977If this flag is set to
1978.Cm yes ,
1979an ASCII art representation of the remote host key fingerprint is
1980printed in addition to the fingerprint string at login and
1981for unknown host keys.
1982If this flag is set to
1983.Cm no
1984(the default),
1985no fingerprint strings are printed at login and
1986only the fingerprint string will be printed for unknown host keys.
1987.It Cm XAuthLocation
1988Specifies the full pathname of the
1989.Xr xauth 1
1990program.
1991The default is
1992.Pa /usr/local/bin/xauth .
1993.El
1994.Sh PATTERNS
1995A
1996.Em pattern
1997consists of zero or more non-whitespace characters,
1998.Sq *
1999(a wildcard that matches zero or more characters),
2000or
2001.Sq ?\&
2002(a wildcard that matches exactly one character).
2003For example, to specify a set of declarations for any host in the
2004.Qq .co.uk
2005set of domains,
2006the following pattern could be used:
2007.Pp
2008.Dl Host *.co.uk
2009.Pp
2010The following pattern
2011would match any host in the 192.168.0.[0-9] network range:
2012.Pp
2013.Dl Host 192.168.0.?
2014.Pp
2015A
2016.Em pattern-list
2017is a comma-separated list of patterns.
2018Patterns within pattern-lists may be negated
2019by preceding them with an exclamation mark
2020.Pq Sq !\& .
2021For example,
2022to allow a key to be used from anywhere within an organization
2023except from the
2024.Qq dialup
2025pool,
2026the following entry (in authorized_keys) could be used:
2027.Pp
2028.Dl from=\&"!*.dialup.example.com,*.example.com\&"
2029.Pp
2030Note that a negated match will never produce a positive result by itself.
2031For example, attempting to match
2032.Qq host3
2033against the following pattern-list will fail:
2034.Pp
2035.Dl from=\&"!host1,!host2\&"
2036.Pp
2037The solution here is to include a term that will yield a positive match,
2038such as a wildcard:
2039.Pp
2040.Dl from=\&"!host1,!host2,*\&"
2041.Sh TOKENS
2042Arguments to some keywords can make use of tokens,
2043which are expanded at runtime:
2044.Pp
2045.Bl -tag -width XXXX -offset indent -compact
2046.It %%
2047A literal
2048.Sq % .
2049.It \&%C
2050Hash of %l%h%p%r.
2051.It %d
2052Local user's home directory.
2053.It %f
2054The fingerprint of the server's host key.
2055.It %H
2056The
2057.Pa known_hosts
2058hostname or address that is being searched for.
2059.It %h
2060The remote hostname.
2061.It \%%I
2062A string describing the reason for a
2063.Cm KnownHostsCommand
2064execution: either
2065.Cm ADDRESS
2066when looking up a host by address (only when
2067.Cm CheckHostIP
2068is enabled),
2069.Cm HOSTNAME
2070when searching by hostname, or
2071.Cm ORDER
2072when preparing the host key algorithm preference list to use for the
2073destination host.
2074.It %i
2075The local user ID.
2076.It %K
2077The base64 encoded host key.
2078.It %k
2079The host key alias if specified, otherwise the original remote hostname given
2080on the command line.
2081.It %L
2082The local hostname.
2083.It %l
2084The local hostname, including the domain name.
2085.It %n
2086The original remote hostname, as given on the command line.
2087.It %p
2088The remote port.
2089.It %r
2090The remote username.
2091.It \&%T
2092The local
2093.Xr tun 4
2094or
2095.Xr tap 4
2096network interface assigned if
2097tunnel forwarding was requested, or
2098.Qq NONE
2099otherwise.
2100.It %t
2101The type of the server host key, e.g.
2102.Cm ssh-ed25519 .
2103.It %u
2104The local username.
2105.El
2106.Pp
2107.Cm CertificateFile ,
2108.Cm ControlPath ,
2109.Cm IdentityAgent ,
2110.Cm IdentityFile ,
2111.Cm KnownHostsCommand ,
2112.Cm LocalForward ,
2113.Cm Match exec ,
2114.Cm RemoteCommand ,
2115.Cm RemoteForward ,
2116and
2117.Cm UserKnownHostsFile
2118accept the tokens %%, %C, %d, %h, %i, %k, %L, %l, %n, %p, %r, and %u.
2119.Pp
2120.Cm KnownHostsCommand
2121additionally accepts the tokens %f, %H, %I, %K and %t.
2122.Pp
2123.Cm Hostname
2124accepts the tokens %% and %h.
2125.Pp
2126.Cm LocalCommand
2127accepts all tokens.
2128.Pp
2129.Cm ProxyCommand
2130accepts the tokens %%, %h, %n, %p, and %r.
2131.Sh ENVIRONMENT VARIABLES
2132Arguments to some keywords can be expanded at runtime from environment
2133variables on the client by enclosing them in
2134.Ic ${} ,
2135for example
2136.Ic ${HOME}/.ssh
2137would refer to the user's .ssh directory.
2138If a specified environment variable does not exist then an error will be
2139returned and the setting for that keyword will be ignored.
2140.Pp
2141The keywords
2142.Cm CertificateFile ,
2143.Cm ControlPath ,
2144.Cm IdentityAgent ,
2145.Cm IdentityFile ,
2146.Cm KnownHostsCommand ,
2147and
2148.Cm UserKnownHostsFile
2149support environment variables.
2150The keywords
2151.Cm LocalForward
2152and
2153.Cm RemoteForward
2154support environment variables only for Unix domain socket paths.
2155.Sh FILES
2156.Bl -tag -width Ds
2157.It Pa ~/.ssh/config
2158This is the per-user configuration file.
2159The format of this file is described above.
2160This file is used by the SSH client.
2161Because of the potential for abuse, this file must have strict permissions:
2162read/write for the user, and not writable by others.
2163.It Pa /etc/ssh/ssh_config
2164Systemwide configuration file.
2165This file provides defaults for those
2166values that are not specified in the user's configuration file, and
2167for those users who do not have a configuration file.
2168This file must be world-readable.
2169.El
2170.Sh SEE ALSO
2171.Xr ssh 1
2172.Sh AUTHORS
2173.An -nosplit
2174OpenSSH is a derivative of the original and free
2175ssh 1.2.12 release by
2176.An Tatu Ylonen .
2177.An Aaron Campbell , Bob Beck , Markus Friedl ,
2178.An Niels Provos , Theo de Raadt
2179and
2180.An Dug Song
2181removed many bugs, re-added newer features and
2182created OpenSSH.
2183.An Markus Friedl
2184contributed the support for SSH protocol versions 1.5 and 2.0.
2185