xref: /freebsd/crypto/openssh/ssh_config.5 (revision 5b56413d04e608379c9a306373554a8e4d321bc0)
1.\"
2.\" Author: Tatu Ylonen <ylo@cs.hut.fi>
3.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
4.\"                    All rights reserved
5.\"
6.\" As far as I am concerned, the code I have written for this software
7.\" can be used freely for any purpose.  Any derived versions of this
8.\" software must be clearly marked as such, and if the derived work is
9.\" incompatible with the protocol description in the RFC file, it must be
10.\" called by a name other than "ssh" or "Secure Shell".
11.\"
12.\" Copyright (c) 1999,2000 Markus Friedl.  All rights reserved.
13.\" Copyright (c) 1999 Aaron Campbell.  All rights reserved.
14.\" Copyright (c) 1999 Theo de Raadt.  All rights reserved.
15.\"
16.\" Redistribution and use in source and binary forms, with or without
17.\" modification, are permitted provided that the following conditions
18.\" are met:
19.\" 1. Redistributions of source code must retain the above copyright
20.\"    notice, this list of conditions and the following disclaimer.
21.\" 2. Redistributions in binary form must reproduce the above copyright
22.\"    notice, this list of conditions and the following disclaimer in the
23.\"    documentation and/or other materials provided with the distribution.
24.\"
25.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
26.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
27.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
28.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
29.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
30.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
31.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
32.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
33.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
34.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
35.\"
36.\" $OpenBSD: ssh_config.5,v 1.394 2024/02/21 06:01:13 djm Exp $
37.Dd $Mdocdate: February 21 2024 $
38.Dt SSH_CONFIG 5
39.Os
40.Sh NAME
41.Nm ssh_config
42.Nd OpenSSH client configuration file
43.Sh DESCRIPTION
44.Xr ssh 1
45obtains configuration data from the following sources in
46the following order:
47.Pp
48.Bl -enum -offset indent -compact
49.It
50command-line options
51.It
52user's configuration file
53.Pq Pa ~/.ssh/config
54.It
55system-wide configuration file
56.Pq Pa /etc/ssh/ssh_config
57.El
58.Pp
59Unless noted otherwise, for each parameter, the first obtained value
60will be used.
61The configuration files contain sections separated by
62.Cm Host
63specifications, and that section is only applied for hosts that
64match one of the patterns given in the specification.
65The matched host name is usually the one given on the command line
66(see the
67.Cm CanonicalizeHostname
68option for exceptions).
69.Pp
70Since the first obtained value for each parameter is used, more
71host-specific declarations should be given near the beginning of the
72file, and general defaults at the end.
73.Pp
74The file contains keyword-argument pairs, one per line.
75Lines starting with
76.Ql #
77and empty lines are interpreted as comments.
78Arguments may optionally be enclosed in double quotes
79.Pq \&"
80in order to represent arguments containing spaces.
81Configuration options may be separated by whitespace or
82optional whitespace and exactly one
83.Ql = ;
84the latter format is useful to avoid the need to quote whitespace
85when specifying configuration options using the
86.Nm ssh ,
87.Nm scp ,
88and
89.Nm sftp
90.Fl o
91option.
92.Pp
93The possible
94keywords and their meanings are as follows (note that
95keywords are case-insensitive and arguments are case-sensitive):
96.Bl -tag -width Ds
97.It Cm Host
98Restricts the following declarations (up to the next
99.Cm Host
100or
101.Cm Match
102keyword) to be only for those hosts that match one of the patterns
103given after the keyword.
104If more than one pattern is provided, they should be separated by whitespace.
105A single
106.Ql *
107as a pattern can be used to provide global
108defaults for all hosts.
109The host is usually the
110.Ar hostname
111argument given on the command line
112(see the
113.Cm CanonicalizeHostname
114keyword for exceptions).
115.Pp
116A pattern entry may be negated by prefixing it with an exclamation mark
117.Pq Sq !\& .
118If a negated entry is matched, then the
119.Cm Host
120entry is ignored, regardless of whether any other patterns on the line
121match.
122Negated matches are therefore useful to provide exceptions for wildcard
123matches.
124.Pp
125See
126.Sx PATTERNS
127for more information on patterns.
128.It Cm Match
129Restricts the following declarations (up to the next
130.Cm Host
131or
132.Cm Match
133keyword) to be used only when the conditions following the
134.Cm Match
135keyword are satisfied.
136Match conditions are specified using one or more criteria
137or the single token
138.Cm all
139which always matches.
140The available criteria keywords are:
141.Cm canonical ,
142.Cm final ,
143.Cm exec ,
144.Cm localnetwork ,
145.Cm host ,
146.Cm originalhost ,
147.Cm tagged ,
148.Cm user ,
149and
150.Cm localuser .
151The
152.Cm all
153criteria must appear alone or immediately after
154.Cm canonical
155or
156.Cm final .
157Other criteria may be combined arbitrarily.
158All criteria but
159.Cm all ,
160.Cm canonical ,
161and
162.Cm final
163require an argument.
164Criteria may be negated by prepending an exclamation mark
165.Pq Sq !\& .
166.Pp
167The
168.Cm canonical
169keyword matches only when the configuration file is being re-parsed
170after hostname canonicalization (see the
171.Cm CanonicalizeHostname
172option).
173This may be useful to specify conditions that work with canonical host
174names only.
175.Pp
176The
177.Cm final
178keyword requests that the configuration be re-parsed (regardless of whether
179.Cm CanonicalizeHostname
180is enabled), and matches only during this final pass.
181If
182.Cm CanonicalizeHostname
183is enabled, then
184.Cm canonical
185and
186.Cm final
187match during the same pass.
188.Pp
189The
190.Cm exec
191keyword executes the specified command under the user's shell.
192If the command returns a zero exit status then the condition is considered true.
193Commands containing whitespace characters must be quoted.
194Arguments to
195.Cm exec
196accept the tokens described in the
197.Sx TOKENS
198section.
199.Pp
200The
201.Cm localnetwork
202keyword matches the addresses of active local network interfaces against the
203supplied list of networks in CIDR format.
204This may be convenient for varying the effective configuration on devices that
205roam between networks.
206Note that network address is not a trustworthy criteria in many
207situations (e.g. when the network is automatically configured using DHCP)
208and so caution should be applied if using it to control security-sensitive
209configuration.
210.Pp
211The other keywords' criteria must be single entries or comma-separated
212lists and may use the wildcard and negation operators described in the
213.Sx PATTERNS
214section.
215The criteria for the
216.Cm host
217keyword are matched against the target hostname, after any substitution
218by the
219.Cm Hostname
220or
221.Cm CanonicalizeHostname
222options.
223The
224.Cm originalhost
225keyword matches against the hostname as it was specified on the command-line.
226The
227.Cm tagged
228keyword matches a tag name specified by a prior
229.Cm Tag
230directive or on the
231.Xr ssh 1
232command-line using the
233.Fl P
234flag.
235The
236.Cm user
237keyword matches against the target username on the remote host.
238The
239.Cm localuser
240keyword matches against the name of the local user running
241.Xr ssh 1
242(this keyword may be useful in system-wide
243.Nm
244files).
245.It Cm AddKeysToAgent
246Specifies whether keys should be automatically added to a running
247.Xr ssh-agent 1 .
248If this option is set to
249.Cm yes
250and a key is loaded from a file, the key and its passphrase are added to
251the agent with the default lifetime, as if by
252.Xr ssh-add 1 .
253If this option is set to
254.Cm ask ,
255.Xr ssh 1
256will require confirmation using the
257.Ev SSH_ASKPASS
258program before adding a key (see
259.Xr ssh-add 1
260for details).
261If this option is set to
262.Cm confirm ,
263each use of the key must be confirmed, as if the
264.Fl c
265option was specified to
266.Xr ssh-add 1 .
267If this option is set to
268.Cm no ,
269no keys are added to the agent.
270Alternately, this option may be specified as a time interval
271using the format described in the
272.Sx TIME FORMATS
273section of
274.Xr sshd_config 5
275to specify the key's lifetime in
276.Xr ssh-agent 1 ,
277after which it will automatically be removed.
278The argument must be
279.Cm no
280(the default),
281.Cm yes ,
282.Cm confirm
283(optionally followed by a time interval),
284.Cm ask
285or a time interval.
286.It Cm AddressFamily
287Specifies which address family to use when connecting.
288Valid arguments are
289.Cm any
290(the default),
291.Cm inet
292(use IPv4 only), or
293.Cm inet6
294(use IPv6 only).
295.It Cm BatchMode
296If set to
297.Cm yes ,
298user interaction such as password prompts and host key confirmation requests
299will be disabled.
300This option is useful in scripts and other batch jobs where no user
301is present to interact with
302.Xr ssh 1 .
303The argument must be
304.Cm yes
305or
306.Cm no
307(the default).
308.It Cm BindAddress
309Use the specified address on the local machine as the source address of
310the connection.
311Only useful on systems with more than one address.
312.It Cm BindInterface
313Use the address of the specified interface on the local machine as the
314source address of the connection.
315.It Cm CanonicalDomains
316When
317.Cm CanonicalizeHostname
318is enabled, this option specifies the list of domain suffixes in which to
319search for the specified destination host.
320.It Cm CanonicalizeFallbackLocal
321Specifies whether to fail with an error when hostname canonicalization fails.
322The default,
323.Cm yes ,
324will attempt to look up the unqualified hostname using the system resolver's
325search rules.
326A value of
327.Cm no
328will cause
329.Xr ssh 1
330to fail instantly if
331.Cm CanonicalizeHostname
332is enabled and the target hostname cannot be found in any of the domains
333specified by
334.Cm CanonicalDomains .
335.It Cm CanonicalizeHostname
336Controls whether explicit hostname canonicalization is performed.
337The default,
338.Cm no ,
339is not to perform any name rewriting and let the system resolver handle all
340hostname lookups.
341If set to
342.Cm yes
343then, for connections that do not use a
344.Cm ProxyCommand
345or
346.Cm ProxyJump ,
347.Xr ssh 1
348will attempt to canonicalize the hostname specified on the command line
349using the
350.Cm CanonicalDomains
351suffixes and
352.Cm CanonicalizePermittedCNAMEs
353rules.
354If
355.Cm CanonicalizeHostname
356is set to
357.Cm always ,
358then canonicalization is applied to proxied connections too.
359.Pp
360If this option is enabled, then the configuration files are processed
361again using the new target name to pick up any new configuration in matching
362.Cm Host
363and
364.Cm Match
365stanzas.
366A value of
367.Cm none
368disables the use of a
369.Cm ProxyJump
370host.
371.It Cm CanonicalizeMaxDots
372Specifies the maximum number of dot characters in a hostname before
373canonicalization is disabled.
374The default, 1,
375allows a single dot (i.e. hostname.subdomain).
376.It Cm CanonicalizePermittedCNAMEs
377Specifies rules to determine whether CNAMEs should be followed when
378canonicalizing hostnames.
379The rules consist of one or more arguments of
380.Ar source_domain_list : Ns Ar target_domain_list ,
381where
382.Ar source_domain_list
383is a pattern-list of domains that may follow CNAMEs in canonicalization,
384and
385.Ar target_domain_list
386is a pattern-list of domains that they may resolve to.
387.Pp
388For example,
389.Qq *.a.example.com:*.b.example.com,*.c.example.com
390will allow hostnames matching
391.Qq *.a.example.com
392to be canonicalized to names in the
393.Qq *.b.example.com
394or
395.Qq *.c.example.com
396domains.
397.Pp
398A single argument of
399.Qq none
400causes no CNAMEs to be considered for canonicalization.
401This is the default behaviour.
402.It Cm CASignatureAlgorithms
403Specifies which algorithms are allowed for signing of certificates
404by certificate authorities (CAs).
405The default is:
406.Bd -literal -offset indent
407ssh-ed25519,ecdsa-sha2-nistp256,
408ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
409sk-ssh-ed25519@openssh.com,
410sk-ecdsa-sha2-nistp256@openssh.com,
411rsa-sha2-512,rsa-sha2-256
412.Ed
413.Pp
414If the specified list begins with a
415.Sq +
416character, then the specified algorithms will be appended to the default set
417instead of replacing them.
418If the specified list begins with a
419.Sq -
420character, then the specified algorithms (including wildcards) will be removed
421from the default set instead of replacing them.
422.Pp
423.Xr ssh 1
424will not accept host certificates signed using algorithms other than those
425specified.
426.It Cm CertificateFile
427Specifies a file from which the user's certificate is read.
428A corresponding private key must be provided separately in order
429to use this certificate either
430from an
431.Cm IdentityFile
432directive or
433.Fl i
434flag to
435.Xr ssh 1 ,
436via
437.Xr ssh-agent 1 ,
438or via a
439.Cm PKCS11Provider
440or
441.Cm SecurityKeyProvider .
442.Pp
443Arguments to
444.Cm CertificateFile
445may use the tilde syntax to refer to a user's home directory,
446the tokens described in the
447.Sx TOKENS
448section and environment variables as described in the
449.Sx ENVIRONMENT VARIABLES
450section.
451.Pp
452It is possible to have multiple certificate files specified in
453configuration files; these certificates will be tried in sequence.
454Multiple
455.Cm CertificateFile
456directives will add to the list of certificates used for
457authentication.
458.It Cm ChannelTimeout
459Specifies whether and how quickly
460.Xr ssh 1
461should close inactive channels.
462Timeouts are specified as one or more
463.Dq type=interval
464pairs separated by whitespace, where the
465.Dq type
466must be the special keyword
467.Dq global
468or a channel type name from the list below, optionally containing
469wildcard characters.
470.Pp
471The timeout value
472.Dq interval
473is specified in seconds or may use any of the units documented in the
474.Sx TIME FORMATS
475section.
476For example,
477.Dq session=5m
478would cause interactive sessions to terminate after five minutes of
479inactivity.
480Specifying a zero value disables the inactivity timeout.
481.Pp
482The special timeout
483.Dq global
484applies to all active channels, taken together.
485Traffic on any active channel will reset the timeout, but when the timeout
486expires then all open channels will be closed.
487Note that this global timeout is not matched by wildcards and must be
488specified explicitly.
489.Pp
490The available channel type names include:
491.Bl -tag -width Ds
492.It Cm agent-connection
493Open connections to
494.Xr ssh-agent 1 .
495.It Cm direct-tcpip , Cm direct-streamlocal@openssh.com
496Open TCP or Unix socket (respectively) connections that have
497been established from a
498.Xr ssh 1
499local forwarding, i.e.\&
500.Cm LocalForward
501or
502.Cm DynamicForward .
503.It Cm forwarded-tcpip , Cm forwarded-streamlocal@openssh.com
504Open TCP or Unix socket (respectively) connections that have been
505established to a
506.Xr sshd 8
507listening on behalf of a
508.Xr ssh 1
509remote forwarding, i.e.\&
510.Cm RemoteForward .
511.It Cm session
512The interactive main session, including shell session, command execution,
513.Xr scp 1 ,
514.Xr sftp 1 ,
515etc.
516.It Cm tun-connection
517Open
518.Cm TunnelForward
519connections.
520.It Cm x11-connection
521Open X11 forwarding sessions.
522.El
523.Pp
524Note that in all the above cases, terminating an inactive session does not
525guarantee to remove all resources associated with the session, e.g. shell
526processes or X11 clients relating to the session may continue to execute.
527.Pp
528Moreover, terminating an inactive channel or session does not necessarily
529close the SSH connection, nor does it prevent a client from
530requesting another channel of the same type.
531In particular, expiring an inactive forwarding session does not prevent
532another identical forwarding from being subsequently created.
533.Pp
534The default is not to expire channels of any type for inactivity.
535.It Cm CheckHostIP
536If set to
537.Cm yes ,
538.Xr ssh 1
539will additionally check the host IP address in the
540.Pa known_hosts
541file.
542This allows it to detect if a host key changed due to DNS spoofing
543and will add addresses of destination hosts to
544.Pa ~/.ssh/known_hosts
545in the process, regardless of the setting of
546.Cm StrictHostKeyChecking .
547If the option is set to
548.Cm no
549(the default),
550the check will not be executed.
551The default is
552.Cm no .
553.It Cm Ciphers
554Specifies the ciphers allowed and their order of preference.
555Multiple ciphers must be comma-separated.
556If the specified list begins with a
557.Sq +
558character, then the specified ciphers will be appended to the default set
559instead of replacing them.
560If the specified list begins with a
561.Sq -
562character, then the specified ciphers (including wildcards) will be removed
563from the default set instead of replacing them.
564If the specified list begins with a
565.Sq ^
566character, then the specified ciphers will be placed at the head of the
567default set.
568.Pp
569The supported ciphers are:
570.Bd -literal -offset indent
5713des-cbc
572aes128-cbc
573aes192-cbc
574aes256-cbc
575aes128-ctr
576aes192-ctr
577aes256-ctr
578aes128-gcm@openssh.com
579aes256-gcm@openssh.com
580chacha20-poly1305@openssh.com
581.Ed
582.Pp
583The default is:
584.Bd -literal -offset indent
585chacha20-poly1305@openssh.com,
586aes128-ctr,aes192-ctr,aes256-ctr,
587aes128-gcm@openssh.com,aes256-gcm@openssh.com
588.Ed
589.Pp
590The list of available ciphers may also be obtained using
591.Qq ssh -Q cipher .
592.It Cm ClearAllForwardings
593Specifies that all local, remote, and dynamic port forwardings
594specified in the configuration files or on the command line be
595cleared.
596This option is primarily useful when used from the
597.Xr ssh 1
598command line to clear port forwardings set in
599configuration files, and is automatically set by
600.Xr scp 1
601and
602.Xr sftp 1 .
603The argument must be
604.Cm yes
605or
606.Cm no
607(the default).
608.It Cm Compression
609Specifies whether to use compression.
610The argument must be
611.Cm yes
612or
613.Cm no
614(the default).
615.It Cm ConnectionAttempts
616Specifies the number of tries (one per second) to make before exiting.
617The argument must be an integer.
618This may be useful in scripts if the connection sometimes fails.
619The default is 1.
620.It Cm ConnectTimeout
621Specifies the timeout (in seconds) used when connecting to the
622SSH server, instead of using the default system TCP timeout.
623This timeout is applied both to establishing the connection and to performing
624the initial SSH protocol handshake and key exchange.
625.It Cm ControlMaster
626Enables the sharing of multiple sessions over a single network connection.
627When set to
628.Cm yes ,
629.Xr ssh 1
630will listen for connections on a control socket specified using the
631.Cm ControlPath
632argument.
633Additional sessions can connect to this socket using the same
634.Cm ControlPath
635with
636.Cm ControlMaster
637set to
638.Cm no
639(the default).
640These sessions will try to reuse the master instance's network connection
641rather than initiating new ones, but will fall back to connecting normally
642if the control socket does not exist, or is not listening.
643.Pp
644Setting this to
645.Cm ask
646will cause
647.Xr ssh 1
648to listen for control connections, but require confirmation using
649.Xr ssh-askpass 1 .
650If the
651.Cm ControlPath
652cannot be opened,
653.Xr ssh 1
654will continue without connecting to a master instance.
655.Pp
656X11 and
657.Xr ssh-agent 1
658forwarding is supported over these multiplexed connections, however the
659display and agent forwarded will be the one belonging to the master
660connection i.e. it is not possible to forward multiple displays or agents.
661.Pp
662Two additional options allow for opportunistic multiplexing: try to use a
663master connection but fall back to creating a new one if one does not already
664exist.
665These options are:
666.Cm auto
667and
668.Cm autoask .
669The latter requires confirmation like the
670.Cm ask
671option.
672.It Cm ControlPath
673Specify the path to the control socket used for connection sharing as described
674in the
675.Cm ControlMaster
676section above or the string
677.Cm none
678to disable connection sharing.
679Arguments to
680.Cm ControlPath
681may use the tilde syntax to refer to a user's home directory,
682the tokens described in the
683.Sx TOKENS
684section and environment variables as described in the
685.Sx ENVIRONMENT VARIABLES
686section.
687It is recommended that any
688.Cm ControlPath
689used for opportunistic connection sharing include
690at least %h, %p, and %r (or alternatively %C) and be placed in a directory
691that is not writable by other users.
692This ensures that shared connections are uniquely identified.
693.It Cm ControlPersist
694When used in conjunction with
695.Cm ControlMaster ,
696specifies that the master connection should remain open
697in the background (waiting for future client connections)
698after the initial client connection has been closed.
699If set to
700.Cm no
701(the default),
702then the master connection will not be placed into the background,
703and will close as soon as the initial client connection is closed.
704If set to
705.Cm yes
706or 0,
707then the master connection will remain in the background indefinitely
708(until killed or closed via a mechanism such as the
709.Qq ssh -O exit ) .
710If set to a time in seconds, or a time in any of the formats documented in
711.Xr sshd_config 5 ,
712then the backgrounded master connection will automatically terminate
713after it has remained idle (with no client connections) for the
714specified time.
715.It Cm DynamicForward
716Specifies that a TCP port on the local machine be forwarded
717over the secure channel, and the application
718protocol is then used to determine where to connect to from the
719remote machine.
720.Pp
721The argument must be
722.Sm off
723.Oo Ar bind_address : Oc Ar port .
724.Sm on
725IPv6 addresses can be specified by enclosing addresses in square brackets.
726By default, the local port is bound in accordance with the
727.Cm GatewayPorts
728setting.
729However, an explicit
730.Ar bind_address
731may be used to bind the connection to a specific address.
732The
733.Ar bind_address
734of
735.Cm localhost
736indicates that the listening port be bound for local use only, while an
737empty address or
738.Sq *
739indicates that the port should be available from all interfaces.
740.Pp
741Currently the SOCKS4 and SOCKS5 protocols are supported, and
742.Xr ssh 1
743will act as a SOCKS server.
744Multiple forwardings may be specified, and
745additional forwardings can be given on the command line.
746Only the superuser can forward privileged ports.
747.It Cm EnableEscapeCommandline
748Enables the command line option in the
749.Cm EscapeChar
750menu for interactive sessions (default
751.Ql ~C ) .
752By default, the command line is disabled.
753.It Cm EnableSSHKeysign
754Setting this option to
755.Cm yes
756in the global client configuration file
757.Pa /etc/ssh/ssh_config
758enables the use of the helper program
759.Xr ssh-keysign 8
760during
761.Cm HostbasedAuthentication .
762The argument must be
763.Cm yes
764or
765.Cm no
766(the default).
767This option should be placed in the non-hostspecific section.
768See
769.Xr ssh-keysign 8
770for more information.
771.It Cm EscapeChar
772Sets the escape character (default:
773.Ql ~ ) .
774The escape character can also
775be set on the command line.
776The argument should be a single character,
777.Ql ^
778followed by a letter, or
779.Cm none
780to disable the escape
781character entirely (making the connection transparent for binary
782data).
783.It Cm ExitOnForwardFailure
784Specifies whether
785.Xr ssh 1
786should terminate the connection if it cannot set up all requested
787dynamic, tunnel, local, and remote port forwardings, (e.g.\&
788if either end is unable to bind and listen on a specified port).
789Note that
790.Cm ExitOnForwardFailure
791does not apply to connections made over port forwardings and will not,
792for example, cause
793.Xr ssh 1
794to exit if TCP connections to the ultimate forwarding destination fail.
795The argument must be
796.Cm yes
797or
798.Cm no
799(the default).
800.It Cm FingerprintHash
801Specifies the hash algorithm used when displaying key fingerprints.
802Valid options are:
803.Cm md5
804and
805.Cm sha256
806(the default).
807.It Cm ForkAfterAuthentication
808Requests
809.Nm ssh
810to go to background just before command execution.
811This is useful if
812.Nm ssh
813is going to ask for passwords or passphrases, but the user
814wants it in the background.
815This implies the
816.Cm StdinNull
817configuration option being set to
818.Dq yes .
819The recommended way to start X11 programs at a remote site is with
820something like
821.Ic ssh -f host xterm ,
822which is the same as
823.Ic ssh host xterm
824if the
825.Cm ForkAfterAuthentication
826configuration option is set to
827.Dq yes .
828.Pp
829If the
830.Cm ExitOnForwardFailure
831configuration option is set to
832.Dq yes ,
833then a client started with the
834.Cm ForkAfterAuthentication
835configuration option being set to
836.Dq yes
837will wait for all remote port forwards to be successfully established
838before placing itself in the background.
839The argument to this keyword must be
840.Cm yes
841(same as the
842.Fl f
843option) or
844.Cm no
845(the default).
846.It Cm ForwardAgent
847Specifies whether the connection to the authentication agent (if any)
848will be forwarded to the remote machine.
849The argument may be
850.Cm yes ,
851.Cm no
852(the default),
853an explicit path to an agent socket or the name of an environment variable
854(beginning with
855.Sq $ )
856in which to find the path.
857.Pp
858Agent forwarding should be enabled with caution.
859Users with the ability to bypass file permissions on the remote host
860(for the agent's Unix-domain socket)
861can access the local agent through the forwarded connection.
862An attacker cannot obtain key material from the agent,
863however they can perform operations on the keys that enable them to
864authenticate using the identities loaded into the agent.
865.It Cm ForwardX11
866Specifies whether X11 connections will be automatically redirected
867over the secure channel and
868.Ev DISPLAY
869set.
870The argument must be
871.Cm yes
872or
873.Cm no
874(the default).
875.Pp
876X11 forwarding should be enabled with caution.
877Users with the ability to bypass file permissions on the remote host
878(for the user's X11 authorization database)
879can access the local X11 display through the forwarded connection.
880An attacker may then be able to perform activities such as keystroke monitoring
881if the
882.Cm ForwardX11Trusted
883option is also enabled.
884.It Cm ForwardX11Timeout
885Specify a timeout for untrusted X11 forwarding
886using the format described in the
887.Sx TIME FORMATS
888section of
889.Xr sshd_config 5 .
890X11 connections received by
891.Xr ssh 1
892after this time will be refused.
893Setting
894.Cm ForwardX11Timeout
895to zero will disable the timeout and permit X11 forwarding for the life
896of the connection.
897The default is to disable untrusted X11 forwarding after twenty minutes has
898elapsed.
899.It Cm ForwardX11Trusted
900If this option is set to
901.Cm yes ,
902remote X11 clients will have full access to the original X11 display.
903.Pp
904If this option is set to
905.Cm no
906(the default),
907remote X11 clients will be considered untrusted and prevented
908from stealing or tampering with data belonging to trusted X11
909clients.
910Furthermore, the
911.Xr xauth 1
912token used for the session will be set to expire after 20 minutes.
913Remote clients will be refused access after this time.
914.Pp
915See the X11 SECURITY extension specification for full details on
916the restrictions imposed on untrusted clients.
917.It Cm GatewayPorts
918Specifies whether remote hosts are allowed to connect to local
919forwarded ports.
920By default,
921.Xr ssh 1
922binds local port forwardings to the loopback address.
923This prevents other remote hosts from connecting to forwarded ports.
924.Cm GatewayPorts
925can be used to specify that ssh
926should bind local port forwardings to the wildcard address,
927thus allowing remote hosts to connect to forwarded ports.
928The argument must be
929.Cm yes
930or
931.Cm no
932(the default).
933.It Cm GlobalKnownHostsFile
934Specifies one or more files to use for the global
935host key database, separated by whitespace.
936The default is
937.Pa /etc/ssh/ssh_known_hosts ,
938.Pa /etc/ssh/ssh_known_hosts2 .
939.It Cm GSSAPIAuthentication
940Specifies whether user authentication based on GSSAPI is allowed.
941The default is
942.Cm no .
943.It Cm GSSAPIDelegateCredentials
944Forward (delegate) credentials to the server.
945The default is
946.Cm no .
947.It Cm HashKnownHosts
948Indicates that
949.Xr ssh 1
950should hash host names and addresses when they are added to
951.Pa ~/.ssh/known_hosts .
952These hashed names may be used normally by
953.Xr ssh 1
954and
955.Xr sshd 8 ,
956but they do not visually reveal identifying information if the
957file's contents are disclosed.
958The default is
959.Cm no .
960Note that existing names and addresses in known hosts files
961will not be converted automatically,
962but may be manually hashed using
963.Xr ssh-keygen 1 .
964.It Cm HostbasedAcceptedAlgorithms
965Specifies the signature algorithms that will be used for hostbased
966authentication as a comma-separated list of patterns.
967Alternately if the specified list begins with a
968.Sq +
969character, then the specified signature algorithms will be appended
970to the default set instead of replacing them.
971If the specified list begins with a
972.Sq -
973character, then the specified signature algorithms (including wildcards)
974will be removed from the default set instead of replacing them.
975If the specified list begins with a
976.Sq ^
977character, then the specified signature algorithms will be placed
978at the head of the default set.
979The default for this option is:
980.Bd -literal -offset 3n
981ssh-ed25519-cert-v01@openssh.com,
982ecdsa-sha2-nistp256-cert-v01@openssh.com,
983ecdsa-sha2-nistp384-cert-v01@openssh.com,
984ecdsa-sha2-nistp521-cert-v01@openssh.com,
985sk-ssh-ed25519-cert-v01@openssh.com,
986sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,
987rsa-sha2-512-cert-v01@openssh.com,
988rsa-sha2-256-cert-v01@openssh.com,
989ssh-ed25519,
990ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
991sk-ssh-ed25519@openssh.com,
992sk-ecdsa-sha2-nistp256@openssh.com,
993rsa-sha2-512,rsa-sha2-256
994.Ed
995.Pp
996The
997.Fl Q
998option of
999.Xr ssh 1
1000may be used to list supported signature algorithms.
1001This was formerly named HostbasedKeyTypes.
1002.It Cm HostbasedAuthentication
1003Specifies whether to try rhosts based authentication with public key
1004authentication.
1005The argument must be
1006.Cm yes
1007or
1008.Cm no
1009(the default).
1010.It Cm HostKeyAlgorithms
1011Specifies the host key signature algorithms
1012that the client wants to use in order of preference.
1013Alternately if the specified list begins with a
1014.Sq +
1015character, then the specified signature algorithms will be appended to
1016the default set instead of replacing them.
1017If the specified list begins with a
1018.Sq -
1019character, then the specified signature algorithms (including wildcards)
1020will be removed from the default set instead of replacing them.
1021If the specified list begins with a
1022.Sq ^
1023character, then the specified signature algorithms will be placed
1024at the head of the default set.
1025The default for this option is:
1026.Bd -literal -offset 3n
1027ssh-ed25519-cert-v01@openssh.com,
1028ecdsa-sha2-nistp256-cert-v01@openssh.com,
1029ecdsa-sha2-nistp384-cert-v01@openssh.com,
1030ecdsa-sha2-nistp521-cert-v01@openssh.com,
1031sk-ssh-ed25519-cert-v01@openssh.com,
1032sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,
1033rsa-sha2-512-cert-v01@openssh.com,
1034rsa-sha2-256-cert-v01@openssh.com,
1035ssh-ed25519,
1036ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
1037sk-ecdsa-sha2-nistp256@openssh.com,
1038sk-ssh-ed25519@openssh.com,
1039rsa-sha2-512,rsa-sha2-256
1040.Ed
1041.Pp
1042If hostkeys are known for the destination host then this default is modified
1043to prefer their algorithms.
1044.Pp
1045The list of available signature algorithms may also be obtained using
1046.Qq ssh -Q HostKeyAlgorithms .
1047.It Cm HostKeyAlias
1048Specifies an alias that should be used instead of the
1049real host name when looking up or saving the host key
1050in the host key database files and when validating host certificates.
1051This option is useful for tunneling SSH connections
1052or for multiple servers running on a single host.
1053.It Cm Hostname
1054Specifies the real host name to log into.
1055This can be used to specify nicknames or abbreviations for hosts.
1056Arguments to
1057.Cm Hostname
1058accept the tokens described in the
1059.Sx TOKENS
1060section.
1061Numeric IP addresses are also permitted (both on the command line and in
1062.Cm Hostname
1063specifications).
1064The default is the name given on the command line.
1065.It Cm IdentitiesOnly
1066Specifies that
1067.Xr ssh 1
1068should only use the configured authentication identity and certificate files
1069(either the default files, or those explicitly configured in the
1070.Nm
1071files
1072or passed on the
1073.Xr ssh 1
1074command-line),
1075even if
1076.Xr ssh-agent 1
1077or a
1078.Cm PKCS11Provider
1079or
1080.Cm SecurityKeyProvider
1081offers more identities.
1082The argument to this keyword must be
1083.Cm yes
1084or
1085.Cm no
1086(the default).
1087This option is intended for situations where ssh-agent
1088offers many different identities.
1089.It Cm IdentityAgent
1090Specifies the
1091.Ux Ns -domain
1092socket used to communicate with the authentication agent.
1093.Pp
1094This option overrides the
1095.Ev SSH_AUTH_SOCK
1096environment variable and can be used to select a specific agent.
1097Setting the socket name to
1098.Cm none
1099disables the use of an authentication agent.
1100If the string
1101.Qq SSH_AUTH_SOCK
1102is specified, the location of the socket will be read from the
1103.Ev SSH_AUTH_SOCK
1104environment variable.
1105Otherwise if the specified value begins with a
1106.Sq $
1107character, then it will be treated as an environment variable containing
1108the location of the socket.
1109.Pp
1110Arguments to
1111.Cm IdentityAgent
1112may use the tilde syntax to refer to a user's home directory,
1113the tokens described in the
1114.Sx TOKENS
1115section and environment variables as described in the
1116.Sx ENVIRONMENT VARIABLES
1117section.
1118.It Cm IdentityFile
1119Specifies a file from which the user's DSA, ECDSA, authenticator-hosted ECDSA,
1120Ed25519, authenticator-hosted Ed25519 or RSA authentication identity is read.
1121You can also specify a public key file to use the corresponding
1122private key that is loaded in
1123.Xr ssh-agent 1
1124when the private key file is not present locally.
1125The default is
1126.Pa ~/.ssh/id_rsa ,
1127.Pa ~/.ssh/id_ecdsa ,
1128.Pa ~/.ssh/id_ecdsa_sk ,
1129.Pa ~/.ssh/id_ed25519 ,
1130.Pa ~/.ssh/id_ed25519_sk
1131and
1132.Pa ~/.ssh/id_dsa .
1133Additionally, any identities represented by the authentication agent
1134will be used for authentication unless
1135.Cm IdentitiesOnly
1136is set.
1137If no certificates have been explicitly specified by
1138.Cm CertificateFile ,
1139.Xr ssh 1
1140will try to load certificate information from the filename obtained by
1141appending
1142.Pa -cert.pub
1143to the path of a specified
1144.Cm IdentityFile .
1145.Pp
1146Arguments to
1147.Cm IdentityFile
1148may use the tilde syntax to refer to a user's home directory
1149or the tokens described in the
1150.Sx TOKENS
1151section.
1152Alternately an argument of
1153.Cm none
1154may be used to indicate no identity files should be loaded.
1155.Pp
1156It is possible to have
1157multiple identity files specified in configuration files; all these
1158identities will be tried in sequence.
1159Multiple
1160.Cm IdentityFile
1161directives will add to the list of identities tried (this behaviour
1162differs from that of other configuration directives).
1163.Pp
1164.Cm IdentityFile
1165may be used in conjunction with
1166.Cm IdentitiesOnly
1167to select which identities in an agent are offered during authentication.
1168.Cm IdentityFile
1169may also be used in conjunction with
1170.Cm CertificateFile
1171in order to provide any certificate also needed for authentication with
1172the identity.
1173.It Cm IgnoreUnknown
1174Specifies a pattern-list of unknown options to be ignored if they are
1175encountered in configuration parsing.
1176This may be used to suppress errors if
1177.Nm
1178contains options that are unrecognised by
1179.Xr ssh 1 .
1180It is recommended that
1181.Cm IgnoreUnknown
1182be listed early in the configuration file as it will not be applied
1183to unknown options that appear before it.
1184.It Cm Include
1185Include the specified configuration file(s).
1186Multiple pathnames may be specified and each pathname may contain
1187.Xr glob 7
1188wildcards and, for user configurations, shell-like
1189.Sq ~
1190references to user home directories.
1191Wildcards will be expanded and processed in lexical order.
1192Files without absolute paths are assumed to be in
1193.Pa ~/.ssh
1194if included in a user configuration file or
1195.Pa /etc/ssh
1196if included from the system configuration file.
1197.Cm Include
1198directive may appear inside a
1199.Cm Match
1200or
1201.Cm Host
1202block
1203to perform conditional inclusion.
1204.It Cm IPQoS
1205Specifies the IPv4 type-of-service or DSCP class for connections.
1206Accepted values are
1207.Cm af11 ,
1208.Cm af12 ,
1209.Cm af13 ,
1210.Cm af21 ,
1211.Cm af22 ,
1212.Cm af23 ,
1213.Cm af31 ,
1214.Cm af32 ,
1215.Cm af33 ,
1216.Cm af41 ,
1217.Cm af42 ,
1218.Cm af43 ,
1219.Cm cs0 ,
1220.Cm cs1 ,
1221.Cm cs2 ,
1222.Cm cs3 ,
1223.Cm cs4 ,
1224.Cm cs5 ,
1225.Cm cs6 ,
1226.Cm cs7 ,
1227.Cm ef ,
1228.Cm le ,
1229.Cm lowdelay ,
1230.Cm throughput ,
1231.Cm reliability ,
1232a numeric value, or
1233.Cm none
1234to use the operating system default.
1235This option may take one or two arguments, separated by whitespace.
1236If one argument is specified, it is used as the packet class unconditionally.
1237If two values are specified, the first is automatically selected for
1238interactive sessions and the second for non-interactive sessions.
1239The default is
1240.Cm af21
1241(Low-Latency Data)
1242for interactive sessions and
1243.Cm cs1
1244(Lower Effort)
1245for non-interactive sessions.
1246.It Cm KbdInteractiveAuthentication
1247Specifies whether to use keyboard-interactive authentication.
1248The argument to this keyword must be
1249.Cm yes
1250(the default)
1251or
1252.Cm no .
1253.Cm ChallengeResponseAuthentication
1254is a deprecated alias for this.
1255.It Cm KbdInteractiveDevices
1256Specifies the list of methods to use in keyboard-interactive authentication.
1257Multiple method names must be comma-separated.
1258The default is to use the server specified list.
1259The methods available vary depending on what the server supports.
1260For an OpenSSH server,
1261it may be zero or more of:
1262.Cm bsdauth
1263and
1264.Cm pam .
1265.It Cm KexAlgorithms
1266Specifies the available KEX (Key Exchange) algorithms.
1267Multiple algorithms must be comma-separated.
1268If the specified list begins with a
1269.Sq +
1270character, then the specified algorithms will be appended to the default set
1271instead of replacing them.
1272If the specified list begins with a
1273.Sq -
1274character, then the specified algorithms (including wildcards) will be removed
1275from the default set instead of replacing them.
1276If the specified list begins with a
1277.Sq ^
1278character, then the specified algorithms will be placed at the head of the
1279default set.
1280The default is:
1281.Bd -literal -offset indent
1282sntrup761x25519-sha512@openssh.com,
1283curve25519-sha256,curve25519-sha256@libssh.org,
1284ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,
1285diffie-hellman-group-exchange-sha256,
1286diffie-hellman-group16-sha512,
1287diffie-hellman-group18-sha512,
1288diffie-hellman-group14-sha256
1289.Ed
1290.Pp
1291The list of available key exchange algorithms may also be obtained using
1292.Qq ssh -Q kex .
1293.It Cm KnownHostsCommand
1294Specifies a command to use to obtain a list of host keys, in addition to
1295those listed in
1296.Cm UserKnownHostsFile
1297and
1298.Cm GlobalKnownHostsFile .
1299This command is executed after the files have been read.
1300It may write host key lines to standard output in identical format to the
1301usual files (described in the
1302.Sx VERIFYING HOST KEYS
1303section in
1304.Xr ssh 1 ) .
1305Arguments to
1306.Cm KnownHostsCommand
1307accept the tokens described in the
1308.Sx TOKENS
1309section.
1310The command may be invoked multiple times per connection: once when preparing
1311the preference list of host key algorithms to use, again to obtain the
1312host key for the requested host name and, if
1313.Cm CheckHostIP
1314is enabled, one more time to obtain the host key matching the server's
1315address.
1316If the command exits abnormally or returns a non-zero exit status then the
1317connection is terminated.
1318.It Cm LocalCommand
1319Specifies a command to execute on the local machine after successfully
1320connecting to the server.
1321The command string extends to the end of the line, and is executed with
1322the user's shell.
1323Arguments to
1324.Cm LocalCommand
1325accept the tokens described in the
1326.Sx TOKENS
1327section.
1328.Pp
1329The command is run synchronously and does not have access to the
1330session of the
1331.Xr ssh 1
1332that spawned it.
1333It should not be used for interactive commands.
1334.Pp
1335This directive is ignored unless
1336.Cm PermitLocalCommand
1337has been enabled.
1338.It Cm LocalForward
1339Specifies that a TCP port on the local machine be forwarded over
1340the secure channel to the specified host and port from the remote machine.
1341The first argument specifies the listener and may be
1342.Sm off
1343.Oo Ar bind_address : Oc Ar port
1344.Sm on
1345or a Unix domain socket path.
1346The second argument is the destination and may be
1347.Ar host : Ns Ar hostport
1348or a Unix domain socket path if the remote host supports it.
1349.Pp
1350IPv6 addresses can be specified by enclosing addresses in square brackets.
1351Multiple forwardings may be specified, and additional forwardings can be
1352given on the command line.
1353Only the superuser can forward privileged ports.
1354By default, the local port is bound in accordance with the
1355.Cm GatewayPorts
1356setting.
1357However, an explicit
1358.Ar bind_address
1359may be used to bind the connection to a specific address.
1360The
1361.Ar bind_address
1362of
1363.Cm localhost
1364indicates that the listening port be bound for local use only, while an
1365empty address or
1366.Sq *
1367indicates that the port should be available from all interfaces.
1368Unix domain socket paths may use the tokens described in the
1369.Sx TOKENS
1370section and environment variables as described in the
1371.Sx ENVIRONMENT VARIABLES
1372section.
1373.It Cm LogLevel
1374Gives the verbosity level that is used when logging messages from
1375.Xr ssh 1 .
1376The possible values are:
1377QUIET, FATAL, ERROR, INFO, VERBOSE, DEBUG, DEBUG1, DEBUG2, and DEBUG3.
1378The default is INFO.
1379DEBUG and DEBUG1 are equivalent.
1380DEBUG2 and DEBUG3 each specify higher levels of verbose output.
1381.It Cm LogVerbose
1382Specify one or more overrides to LogLevel.
1383An override consists of a pattern lists that matches the source file, function
1384and line number to force detailed logging for.
1385For example, an override pattern of:
1386.Bd -literal -offset indent
1387kex.c:*:1000,*:kex_exchange_identification():*,packet.c:*
1388.Ed
1389.Pp
1390would enable detailed logging for line 1000 of
1391.Pa kex.c ,
1392everything in the
1393.Fn kex_exchange_identification
1394function, and all code in the
1395.Pa packet.c
1396file.
1397This option is intended for debugging and no overrides are enabled by default.
1398.It Cm MACs
1399Specifies the MAC (message authentication code) algorithms
1400in order of preference.
1401The MAC algorithm is used for data integrity protection.
1402Multiple algorithms must be comma-separated.
1403If the specified list begins with a
1404.Sq +
1405character, then the specified algorithms will be appended to the default set
1406instead of replacing them.
1407If the specified list begins with a
1408.Sq -
1409character, then the specified algorithms (including wildcards) will be removed
1410from the default set instead of replacing them.
1411If the specified list begins with a
1412.Sq ^
1413character, then the specified algorithms will be placed at the head of the
1414default set.
1415.Pp
1416The algorithms that contain
1417.Qq -etm
1418calculate the MAC after encryption (encrypt-then-mac).
1419These are considered safer and their use recommended.
1420.Pp
1421The default is:
1422.Bd -literal -offset indent
1423umac-64-etm@openssh.com,umac-128-etm@openssh.com,
1424hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,
1425hmac-sha1-etm@openssh.com,
1426umac-64@openssh.com,umac-128@openssh.com,
1427hmac-sha2-256,hmac-sha2-512,hmac-sha1
1428.Ed
1429.Pp
1430The list of available MAC algorithms may also be obtained using
1431.Qq ssh -Q mac .
1432.It Cm NoHostAuthenticationForLocalhost
1433Disable host authentication for localhost (loopback addresses).
1434The argument to this keyword must be
1435.Cm yes
1436or
1437.Cm no
1438(the default).
1439.It Cm NumberOfPasswordPrompts
1440Specifies the number of password prompts before giving up.
1441The argument to this keyword must be an integer.
1442The default is 3.
1443.It Cm ObscureKeystrokeTiming
1444Specifies whether
1445.Xr ssh 1
1446should try to obscure inter-keystroke timings from passive observers of
1447network traffic.
1448If enabled, then for interactive sessions,
1449.Xr ssh 1
1450will send keystrokes at fixed intervals of a few tens of milliseconds
1451and will send fake keystroke packets for some time after typing ceases.
1452The argument to this keyword must be
1453.Cm yes ,
1454.Cm no
1455or an interval specifier of the form
1456.Cm interval:milliseconds
1457(e.g.\&
1458.Cm interval:80
1459for 80 milliseconds).
1460The default is to obscure keystrokes using a 20ms packet interval.
1461Note that smaller intervals will result in higher fake keystroke packet rates.
1462.It Cm PasswordAuthentication
1463Specifies whether to use password authentication.
1464The argument to this keyword must be
1465.Cm yes
1466(the default)
1467or
1468.Cm no .
1469.It Cm PermitLocalCommand
1470Allow local command execution via the
1471.Ic LocalCommand
1472option or using the
1473.Ic !\& Ns Ar command
1474escape sequence in
1475.Xr ssh 1 .
1476The argument must be
1477.Cm yes
1478or
1479.Cm no
1480(the default).
1481.It Cm PermitRemoteOpen
1482Specifies the destinations to which remote TCP port forwarding is permitted when
1483.Cm RemoteForward
1484is used as a SOCKS proxy.
1485The forwarding specification must be one of the following forms:
1486.Pp
1487.Bl -item -offset indent -compact
1488.It
1489.Cm PermitRemoteOpen
1490.Sm off
1491.Ar host : port
1492.Sm on
1493.It
1494.Cm PermitRemoteOpen
1495.Sm off
1496.Ar IPv4_addr : port
1497.Sm on
1498.It
1499.Cm PermitRemoteOpen
1500.Sm off
1501.Ar \&[ IPv6_addr \&] : port
1502.Sm on
1503.El
1504.Pp
1505Multiple forwards may be specified by separating them with whitespace.
1506An argument of
1507.Cm any
1508can be used to remove all restrictions and permit any forwarding requests.
1509An argument of
1510.Cm none
1511can be used to prohibit all forwarding requests.
1512The wildcard
1513.Sq *
1514can be used for host or port to allow all hosts or ports respectively.
1515Otherwise, no pattern matching or address lookups are performed on supplied
1516names.
1517.It Cm PKCS11Provider
1518Specifies which PKCS#11 provider to use or
1519.Cm none
1520to indicate that no provider should be used (the default).
1521The argument to this keyword is a path to the PKCS#11 shared library
1522.Xr ssh 1
1523should use to communicate with a PKCS#11 token providing keys for user
1524authentication.
1525.It Cm Port
1526Specifies the port number to connect on the remote host.
1527The default is 22.
1528.It Cm PreferredAuthentications
1529Specifies the order in which the client should try authentication methods.
1530This allows a client to prefer one method (e.g.\&
1531.Cm keyboard-interactive )
1532over another method (e.g.\&
1533.Cm password ) .
1534The default is:
1535.Bd -literal -offset indent
1536gssapi-with-mic,hostbased,publickey,
1537keyboard-interactive,password
1538.Ed
1539.It Cm ProxyCommand
1540Specifies the command to use to connect to the server.
1541The command
1542string extends to the end of the line, and is executed
1543using the user's shell
1544.Ql exec
1545directive to avoid a lingering shell process.
1546.Pp
1547Arguments to
1548.Cm ProxyCommand
1549accept the tokens described in the
1550.Sx TOKENS
1551section.
1552The command can be basically anything,
1553and should read from its standard input and write to its standard output.
1554It should eventually connect an
1555.Xr sshd 8
1556server running on some machine, or execute
1557.Ic sshd -i
1558somewhere.
1559Host key management will be done using the
1560.Cm Hostname
1561of the host being connected (defaulting to the name typed by the user).
1562Setting the command to
1563.Cm none
1564disables this option entirely.
1565Note that
1566.Cm CheckHostIP
1567is not available for connects with a proxy command.
1568.Pp
1569This directive is useful in conjunction with
1570.Xr nc 1
1571and its proxy support.
1572For example, the following directive would connect via an HTTP proxy at
1573192.0.2.0:
1574.Bd -literal -offset 3n
1575ProxyCommand /usr/bin/nc -X connect -x 192.0.2.0:8080 %h %p
1576.Ed
1577.It Cm ProxyJump
1578Specifies one or more jump proxies as either
1579.Xo
1580.Sm off
1581.Op Ar user No @
1582.Ar host
1583.Op : Ns Ar port
1584.Sm on
1585or an ssh URI
1586.Xc .
1587Multiple proxies may be separated by comma characters and will be visited
1588sequentially.
1589Setting this option will cause
1590.Xr ssh 1
1591to connect to the target host by first making a
1592.Xr ssh 1
1593connection to the specified
1594.Cm ProxyJump
1595host and then establishing a
1596TCP forwarding to the ultimate target from there.
1597Setting the host to
1598.Cm none
1599disables this option entirely.
1600.Pp
1601Note that this option will compete with the
1602.Cm ProxyCommand
1603option - whichever is specified first will prevent later instances of the
1604other from taking effect.
1605.Pp
1606Note also that the configuration for the destination host (either supplied
1607via the command-line or the configuration file) is not generally applied
1608to jump hosts.
1609.Pa ~/.ssh/config
1610should be used if specific configuration is required for jump hosts.
1611.It Cm ProxyUseFdpass
1612Specifies that
1613.Cm ProxyCommand
1614will pass a connected file descriptor back to
1615.Xr ssh 1
1616instead of continuing to execute and pass data.
1617The default is
1618.Cm no .
1619.It Cm PubkeyAcceptedAlgorithms
1620Specifies the signature algorithms that will be used for public key
1621authentication as a comma-separated list of patterns.
1622If the specified list begins with a
1623.Sq +
1624character, then the algorithms after it will be appended to the default
1625instead of replacing it.
1626If the specified list begins with a
1627.Sq -
1628character, then the specified algorithms (including wildcards) will be removed
1629from the default set instead of replacing them.
1630If the specified list begins with a
1631.Sq ^
1632character, then the specified algorithms will be placed at the head of the
1633default set.
1634The default for this option is:
1635.Bd -literal -offset 3n
1636ssh-ed25519-cert-v01@openssh.com,
1637ecdsa-sha2-nistp256-cert-v01@openssh.com,
1638ecdsa-sha2-nistp384-cert-v01@openssh.com,
1639ecdsa-sha2-nistp521-cert-v01@openssh.com,
1640sk-ssh-ed25519-cert-v01@openssh.com,
1641sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,
1642rsa-sha2-512-cert-v01@openssh.com,
1643rsa-sha2-256-cert-v01@openssh.com,
1644ssh-ed25519,
1645ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
1646sk-ssh-ed25519@openssh.com,
1647sk-ecdsa-sha2-nistp256@openssh.com,
1648rsa-sha2-512,rsa-sha2-256
1649.Ed
1650.Pp
1651The list of available signature algorithms may also be obtained using
1652.Qq ssh -Q PubkeyAcceptedAlgorithms .
1653.It Cm PubkeyAuthentication
1654Specifies whether to try public key authentication.
1655The argument to this keyword must be
1656.Cm yes
1657(the default),
1658.Cm no ,
1659.Cm unbound
1660or
1661.Cm host-bound .
1662The final two options enable public key authentication while respectively
1663disabling or enabling the OpenSSH host-bound authentication protocol
1664extension required for restricted
1665.Xr ssh-agent 1
1666forwarding.
1667.It Cm RekeyLimit
1668Specifies the maximum amount of data that may be transmitted or received
1669before the session key is renegotiated, optionally followed by a maximum
1670amount of time that may pass before the session key is renegotiated.
1671The first argument is specified in bytes and may have a suffix of
1672.Sq K ,
1673.Sq M ,
1674or
1675.Sq G
1676to indicate Kilobytes, Megabytes, or Gigabytes, respectively.
1677The default is between
1678.Sq 1G
1679and
1680.Sq 4G ,
1681depending on the cipher.
1682The optional second value is specified in seconds and may use any of the
1683units documented in the TIME FORMATS section of
1684.Xr sshd_config 5 .
1685The default value for
1686.Cm RekeyLimit
1687is
1688.Cm default none ,
1689which means that rekeying is performed after the cipher's default amount
1690of data has been sent or received and no time based rekeying is done.
1691.It Cm RemoteCommand
1692Specifies a command to execute on the remote machine after successfully
1693connecting to the server.
1694The command string extends to the end of the line, and is executed with
1695the user's shell.
1696Arguments to
1697.Cm RemoteCommand
1698accept the tokens described in the
1699.Sx TOKENS
1700section.
1701.It Cm RemoteForward
1702Specifies that a TCP port on the remote machine be forwarded over
1703the secure channel.
1704The remote port may either be forwarded to a specified host and port
1705from the local machine, or may act as a SOCKS 4/5 proxy that allows a remote
1706client to connect to arbitrary destinations from the local machine.
1707The first argument is the listening specification and may be
1708.Sm off
1709.Oo Ar bind_address : Oc Ar port
1710.Sm on
1711or, if the remote host supports it, a Unix domain socket path.
1712If forwarding to a specific destination then the second argument must be
1713.Ar host : Ns Ar hostport
1714or a Unix domain socket path,
1715otherwise if no destination argument is specified then the remote forwarding
1716will be established as a SOCKS proxy.
1717When acting as a SOCKS proxy, the destination of the connection can be
1718restricted by
1719.Cm PermitRemoteOpen .
1720.Pp
1721IPv6 addresses can be specified by enclosing addresses in square brackets.
1722Multiple forwardings may be specified, and additional
1723forwardings can be given on the command line.
1724Privileged ports can be forwarded only when
1725logging in as root on the remote machine.
1726Unix domain socket paths may use the tokens described in the
1727.Sx TOKENS
1728section and environment variables as described in the
1729.Sx ENVIRONMENT VARIABLES
1730section.
1731.Pp
1732If the
1733.Ar port
1734argument is 0,
1735the listen port will be dynamically allocated on the server and reported
1736to the client at run time.
1737.Pp
1738If the
1739.Ar bind_address
1740is not specified, the default is to only bind to loopback addresses.
1741If the
1742.Ar bind_address
1743is
1744.Ql *
1745or an empty string, then the forwarding is requested to listen on all
1746interfaces.
1747Specifying a remote
1748.Ar bind_address
1749will only succeed if the server's
1750.Cm GatewayPorts
1751option is enabled (see
1752.Xr sshd_config 5 ) .
1753.It Cm RequestTTY
1754Specifies whether to request a pseudo-tty for the session.
1755The argument may be one of:
1756.Cm no
1757(never request a TTY),
1758.Cm yes
1759(always request a TTY when standard input is a TTY),
1760.Cm force
1761(always request a TTY) or
1762.Cm auto
1763(request a TTY when opening a login session).
1764This option mirrors the
1765.Fl t
1766and
1767.Fl T
1768flags for
1769.Xr ssh 1 .
1770.It Cm RequiredRSASize
1771Specifies the minimum RSA key size (in bits) that
1772.Xr ssh 1
1773will accept.
1774User authentication keys smaller than this limit will be ignored.
1775Servers that present host keys smaller than this limit will cause the
1776connection to be terminated.
1777The default is
1778.Cm 1024
1779bits.
1780Note that this limit may only be raised from the default.
1781.It Cm RevokedHostKeys
1782Specifies revoked host public keys.
1783Keys listed in this file will be refused for host authentication.
1784Note that if this file does not exist or is not readable,
1785then host authentication will be refused for all hosts.
1786Keys may be specified as a text file, listing one public key per line, or as
1787an OpenSSH Key Revocation List (KRL) as generated by
1788.Xr ssh-keygen 1 .
1789For more information on KRLs, see the KEY REVOCATION LISTS section in
1790.Xr ssh-keygen 1 .
1791Arguments to
1792.Cm RevokedHostKeys
1793may use the tilde syntax to refer to a user's home directory,
1794the tokens described in the
1795.Sx TOKENS
1796section and environment variables as described in the
1797.Sx ENVIRONMENT VARIABLES
1798section.
1799.It Cm SecurityKeyProvider
1800Specifies a path to a library that will be used when loading any
1801FIDO authenticator-hosted keys, overriding the default of using
1802the built-in USB HID support.
1803.Pp
1804If the specified value begins with a
1805.Sq $
1806character, then it will be treated as an environment variable containing
1807the path to the library.
1808.It Cm SendEnv
1809Specifies what variables from the local
1810.Xr environ 7
1811should be sent to the server.
1812The server must also support it, and the server must be configured to
1813accept these environment variables.
1814Note that the
1815.Ev TERM
1816environment variable is always sent whenever a
1817pseudo-terminal is requested as it is required by the protocol.
1818Refer to
1819.Cm AcceptEnv
1820in
1821.Xr sshd_config 5
1822for how to configure the server.
1823Variables are specified by name, which may contain wildcard characters.
1824Multiple environment variables may be separated by whitespace or spread
1825across multiple
1826.Cm SendEnv
1827directives.
1828.Pp
1829See
1830.Sx PATTERNS
1831for more information on patterns.
1832.Pp
1833It is possible to clear previously set
1834.Cm SendEnv
1835variable names by prefixing patterns with
1836.Pa - .
1837The default is not to send any environment variables.
1838.It Cm ServerAliveCountMax
1839Sets the number of server alive messages (see below) which may be
1840sent without
1841.Xr ssh 1
1842receiving any messages back from the server.
1843If this threshold is reached while server alive messages are being sent,
1844ssh will disconnect from the server, terminating the session.
1845It is important to note that the use of server alive messages is very
1846different from
1847.Cm TCPKeepAlive
1848(below).
1849The server alive messages are sent through the encrypted channel
1850and therefore will not be spoofable.
1851The TCP keepalive option enabled by
1852.Cm TCPKeepAlive
1853is spoofable.
1854The server alive mechanism is valuable when the client or
1855server depend on knowing when a connection has become unresponsive.
1856.Pp
1857The default value is 3.
1858If, for example,
1859.Cm ServerAliveInterval
1860(see below) is set to 15 and
1861.Cm ServerAliveCountMax
1862is left at the default, if the server becomes unresponsive,
1863ssh will disconnect after approximately 45 seconds.
1864.It Cm ServerAliveInterval
1865Sets a timeout interval in seconds after which if no data has been received
1866from the server,
1867.Xr ssh 1
1868will send a message through the encrypted
1869channel to request a response from the server.
1870The default
1871is 0, indicating that these messages will not be sent to the server.
1872.It Cm SessionType
1873May be used to either request invocation of a subsystem on the remote system,
1874or to prevent the execution of a remote command at all.
1875The latter is useful for just forwarding ports.
1876The argument to this keyword must be
1877.Cm none
1878(same as the
1879.Fl N
1880option),
1881.Cm subsystem
1882(same as the
1883.Fl s
1884option) or
1885.Cm default
1886(shell or command execution).
1887.It Cm SetEnv
1888Directly specify one or more environment variables and their contents to
1889be sent to the server.
1890Similarly to
1891.Cm SendEnv ,
1892with the exception of the
1893.Ev TERM
1894variable, the server must be prepared to accept the environment variable.
1895.It Cm StdinNull
1896Redirects stdin from
1897.Pa /dev/null
1898(actually, prevents reading from stdin).
1899Either this or the equivalent
1900.Fl n
1901option must be used when
1902.Nm ssh
1903is run in the background.
1904The argument to this keyword must be
1905.Cm yes
1906(same as the
1907.Fl n
1908option) or
1909.Cm no
1910(the default).
1911.It Cm StreamLocalBindMask
1912Sets the octal file creation mode mask
1913.Pq umask
1914used when creating a Unix-domain socket file for local or remote
1915port forwarding.
1916This option is only used for port forwarding to a Unix-domain socket file.
1917.Pp
1918The default value is 0177, which creates a Unix-domain socket file that is
1919readable and writable only by the owner.
1920Note that not all operating systems honor the file mode on Unix-domain
1921socket files.
1922.It Cm StreamLocalBindUnlink
1923Specifies whether to remove an existing Unix-domain socket file for local
1924or remote port forwarding before creating a new one.
1925If the socket file already exists and
1926.Cm StreamLocalBindUnlink
1927is not enabled,
1928.Nm ssh
1929will be unable to forward the port to the Unix-domain socket file.
1930This option is only used for port forwarding to a Unix-domain socket file.
1931.Pp
1932The argument must be
1933.Cm yes
1934or
1935.Cm no
1936(the default).
1937.It Cm StrictHostKeyChecking
1938If this flag is set to
1939.Cm yes ,
1940.Xr ssh 1
1941will never automatically add host keys to the
1942.Pa ~/.ssh/known_hosts
1943file, and refuses to connect to hosts whose host key has changed.
1944This provides maximum protection against man-in-the-middle (MITM) attacks,
1945though it can be annoying when the
1946.Pa /etc/ssh/ssh_known_hosts
1947file is poorly maintained or when connections to new hosts are
1948frequently made.
1949This option forces the user to manually
1950add all new hosts.
1951.Pp
1952If this flag is set to
1953.Cm accept-new
1954then ssh will automatically add new host keys to the user's
1955.Pa known_hosts
1956file, but will not permit connections to hosts with
1957changed host keys.
1958If this flag is set to
1959.Cm no
1960or
1961.Cm off ,
1962ssh will automatically add new host keys to the user known hosts files
1963and allow connections to hosts with changed hostkeys to proceed,
1964subject to some restrictions.
1965If this flag is set to
1966.Cm ask
1967(the default),
1968new host keys
1969will be added to the user known host files only after the user
1970has confirmed that is what they really want to do, and
1971ssh will refuse to connect to hosts whose host key has changed.
1972The host keys of
1973known hosts will be verified automatically in all cases.
1974.It Cm SyslogFacility
1975Gives the facility code that is used when logging messages from
1976.Xr ssh 1 .
1977The possible values are: DAEMON, USER, AUTH, LOCAL0, LOCAL1, LOCAL2,
1978LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7.
1979The default is USER.
1980.It Cm TCPKeepAlive
1981Specifies whether the system should send TCP keepalive messages to the
1982other side.
1983If they are sent, death of the connection or crash of one
1984of the machines will be properly noticed.
1985However, this means that
1986connections will die if the route is down temporarily, and some people
1987find it annoying.
1988.Pp
1989The default is
1990.Cm yes
1991(to send TCP keepalive messages), and the client will notice
1992if the network goes down or the remote host dies.
1993This is important in scripts, and many users want it too.
1994.Pp
1995To disable TCP keepalive messages, the value should be set to
1996.Cm no .
1997See also
1998.Cm ServerAliveInterval
1999for protocol-level keepalives.
2000.It Cm Tag
2001Specify a configuration tag name that may be later used by a
2002.Cm Match
2003directive to select a block of configuration.
2004.It Cm Tunnel
2005Request
2006.Xr tun 4
2007device forwarding between the client and the server.
2008The argument must be
2009.Cm yes ,
2010.Cm point-to-point
2011(layer 3),
2012.Cm ethernet
2013(layer 2),
2014or
2015.Cm no
2016(the default).
2017Specifying
2018.Cm yes
2019requests the default tunnel mode, which is
2020.Cm point-to-point .
2021.It Cm TunnelDevice
2022Specifies the
2023.Xr tun 4
2024devices to open on the client
2025.Pq Ar local_tun
2026and the server
2027.Pq Ar remote_tun .
2028.Pp
2029The argument must be
2030.Sm off
2031.Ar local_tun Op : Ar remote_tun .
2032.Sm on
2033The devices may be specified by numerical ID or the keyword
2034.Cm any ,
2035which uses the next available tunnel device.
2036If
2037.Ar remote_tun
2038is not specified, it defaults to
2039.Cm any .
2040The default is
2041.Cm any:any .
2042.It Cm UpdateHostKeys
2043Specifies whether
2044.Xr ssh 1
2045should accept notifications of additional hostkeys from the server sent
2046after authentication has completed and add them to
2047.Cm UserKnownHostsFile .
2048The argument must be
2049.Cm yes ,
2050.Cm no
2051or
2052.Cm ask .
2053This option allows learning alternate hostkeys for a server
2054and supports graceful key rotation by allowing a server to send replacement
2055public keys before old ones are removed.
2056.Pp
2057Additional hostkeys are only accepted if the key used to authenticate the
2058host was already trusted or explicitly accepted by the user, the host was
2059authenticated via
2060.Cm UserKnownHostsFile
2061(i.e. not
2062.Cm GlobalKnownHostsFile )
2063and the host was authenticated using a plain key and not a certificate.
2064.Pp
2065.Cm UpdateHostKeys
2066is enabled by default if the user has not overridden the default
2067.Cm UserKnownHostsFile
2068setting and has not enabled
2069.Cm VerifyHostKeyDNS ,
2070otherwise
2071.Cm UpdateHostKeys
2072will be set to
2073.Cm no .
2074.Pp
2075If
2076.Cm UpdateHostKeys
2077is set to
2078.Cm ask ,
2079then the user is asked to confirm the modifications to the known_hosts file.
2080Confirmation is currently incompatible with
2081.Cm ControlPersist ,
2082and will be disabled if it is enabled.
2083.Pp
2084Presently, only
2085.Xr sshd 8
2086from OpenSSH 6.8 and greater support the
2087.Qq hostkeys@openssh.com
2088protocol extension used to inform the client of all the server's hostkeys.
2089.It Cm User
2090Specifies the user to log in as.
2091This can be useful when a different user name is used on different machines.
2092This saves the trouble of
2093having to remember to give the user name on the command line.
2094.It Cm UserKnownHostsFile
2095Specifies one or more files to use for the user
2096host key database, separated by whitespace.
2097Each filename may use tilde notation to refer to the user's home directory,
2098the tokens described in the
2099.Sx TOKENS
2100section and environment variables as described in the
2101.Sx ENVIRONMENT VARIABLES
2102section.
2103A value of
2104.Cm none
2105causes
2106.Xr ssh 1
2107to ignore any user-specific known hosts files.
2108The default is
2109.Pa ~/.ssh/known_hosts ,
2110.Pa ~/.ssh/known_hosts2 .
2111.It Cm VerifyHostKeyDNS
2112Specifies whether to verify the remote key using DNS and SSHFP resource
2113records.
2114If this option is set to
2115.Cm yes ,
2116the client will implicitly trust keys that match a secure fingerprint
2117from DNS.
2118Insecure fingerprints will be handled as if this option was set to
2119.Cm ask .
2120If this option is set to
2121.Cm ask ,
2122information on fingerprint match will be displayed, but the user will still
2123need to confirm new host keys according to the
2124.Cm StrictHostKeyChecking
2125option.
2126The default is
2127.Cm no .
2128.Pp
2129See also
2130.Sx VERIFYING HOST KEYS
2131in
2132.Xr ssh 1 .
2133.It Cm VisualHostKey
2134If this flag is set to
2135.Cm yes ,
2136an ASCII art representation of the remote host key fingerprint is
2137printed in addition to the fingerprint string at login and
2138for unknown host keys.
2139If this flag is set to
2140.Cm no
2141(the default),
2142no fingerprint strings are printed at login and
2143only the fingerprint string will be printed for unknown host keys.
2144.It Cm XAuthLocation
2145Specifies the full pathname of the
2146.Xr xauth 1
2147program.
2148The default is
2149.Pa /usr/local/bin/xauth .
2150.El
2151.Sh PATTERNS
2152A
2153.Em pattern
2154consists of zero or more non-whitespace characters,
2155.Sq *
2156(a wildcard that matches zero or more characters),
2157or
2158.Sq ?\&
2159(a wildcard that matches exactly one character).
2160For example, to specify a set of declarations for any host in the
2161.Qq .co.uk
2162set of domains,
2163the following pattern could be used:
2164.Pp
2165.Dl Host *.co.uk
2166.Pp
2167The following pattern
2168would match any host in the 192.168.0.[0-9] network range:
2169.Pp
2170.Dl Host 192.168.0.?
2171.Pp
2172A
2173.Em pattern-list
2174is a comma-separated list of patterns.
2175Patterns within pattern-lists may be negated
2176by preceding them with an exclamation mark
2177.Pq Sq !\& .
2178For example,
2179to allow a key to be used from anywhere within an organization
2180except from the
2181.Qq dialup
2182pool,
2183the following entry (in authorized_keys) could be used:
2184.Pp
2185.Dl from=\&"!*.dialup.example.com,*.example.com\&"
2186.Pp
2187Note that a negated match will never produce a positive result by itself.
2188For example, attempting to match
2189.Qq host3
2190against the following pattern-list will fail:
2191.Pp
2192.Dl from=\&"!host1,!host2\&"
2193.Pp
2194The solution here is to include a term that will yield a positive match,
2195such as a wildcard:
2196.Pp
2197.Dl from=\&"!host1,!host2,*\&"
2198.Sh TOKENS
2199Arguments to some keywords can make use of tokens,
2200which are expanded at runtime:
2201.Pp
2202.Bl -tag -width XXXX -offset indent -compact
2203.It %%
2204A literal
2205.Sq % .
2206.It \&%C
2207Hash of %l%h%p%r%j.
2208.It %d
2209Local user's home directory.
2210.It %f
2211The fingerprint of the server's host key.
2212.It %H
2213The
2214.Pa known_hosts
2215hostname or address that is being searched for.
2216.It %h
2217The remote hostname.
2218.It \%%I
2219A string describing the reason for a
2220.Cm KnownHostsCommand
2221execution: either
2222.Cm ADDRESS
2223when looking up a host by address (only when
2224.Cm CheckHostIP
2225is enabled),
2226.Cm HOSTNAME
2227when searching by hostname, or
2228.Cm ORDER
2229when preparing the host key algorithm preference list to use for the
2230destination host.
2231.It %i
2232The local user ID.
2233.It %j
2234The contents of the ProxyJump option, or the empty string if this
2235option is unset.
2236.It %K
2237The base64 encoded host key.
2238.It %k
2239The host key alias if specified, otherwise the original remote hostname given
2240on the command line.
2241.It %L
2242The local hostname.
2243.It %l
2244The local hostname, including the domain name.
2245.It %n
2246The original remote hostname, as given on the command line.
2247.It %p
2248The remote port.
2249.It %r
2250The remote username.
2251.It \&%T
2252The local
2253.Xr tun 4
2254or
2255.Xr tap 4
2256network interface assigned if
2257tunnel forwarding was requested, or
2258.Qq NONE
2259otherwise.
2260.It %t
2261The type of the server host key, e.g.
2262.Cm ssh-ed25519 .
2263.It %u
2264The local username.
2265.El
2266.Pp
2267.Cm CertificateFile ,
2268.Cm ControlPath ,
2269.Cm IdentityAgent ,
2270.Cm IdentityFile ,
2271.Cm KnownHostsCommand ,
2272.Cm LocalForward ,
2273.Cm Match exec ,
2274.Cm RemoteCommand ,
2275.Cm RemoteForward ,
2276.Cm RevokedHostKeys ,
2277and
2278.Cm UserKnownHostsFile
2279accept the tokens %%, %C, %d, %h, %i, %j, %k, %L, %l, %n, %p, %r, and %u.
2280.Pp
2281.Cm KnownHostsCommand
2282additionally accepts the tokens %f, %H, %I, %K and %t.
2283.Pp
2284.Cm Hostname
2285accepts the tokens %% and %h.
2286.Pp
2287.Cm LocalCommand
2288accepts all tokens.
2289.Pp
2290.Cm ProxyCommand
2291and
2292.Cm ProxyJump
2293accept the tokens %%, %h, %n, %p, and %r.
2294.Pp
2295Note that some of these directives build commands for execution via the shell.
2296Because
2297.Xr ssh 1
2298performs no filtering or escaping of characters that have special meaning in
2299shell commands (e.g. quotes), it is the user's responsibility to ensure that
2300the arguments passed to
2301.Xr ssh 1
2302do not contain such characters and that tokens are appropriately quoted
2303when used.
2304.Sh ENVIRONMENT VARIABLES
2305Arguments to some keywords can be expanded at runtime from environment
2306variables on the client by enclosing them in
2307.Ic ${} ,
2308for example
2309.Ic ${HOME}/.ssh
2310would refer to the user's .ssh directory.
2311If a specified environment variable does not exist then an error will be
2312returned and the setting for that keyword will be ignored.
2313.Pp
2314The keywords
2315.Cm CertificateFile ,
2316.Cm ControlPath ,
2317.Cm IdentityAgent ,
2318.Cm IdentityFile ,
2319.Cm KnownHostsCommand ,
2320and
2321.Cm UserKnownHostsFile
2322support environment variables.
2323The keywords
2324.Cm LocalForward
2325and
2326.Cm RemoteForward
2327support environment variables only for Unix domain socket paths.
2328.Sh FILES
2329.Bl -tag -width Ds
2330.It Pa ~/.ssh/config
2331This is the per-user configuration file.
2332The format of this file is described above.
2333This file is used by the SSH client.
2334Because of the potential for abuse, this file must have strict permissions:
2335read/write for the user, and not writable by others.
2336.It Pa /etc/ssh/ssh_config
2337Systemwide configuration file.
2338This file provides defaults for those
2339values that are not specified in the user's configuration file, and
2340for those users who do not have a configuration file.
2341This file must be world-readable.
2342.El
2343.Sh SEE ALSO
2344.Xr ssh 1
2345.Sh AUTHORS
2346.An -nosplit
2347OpenSSH is a derivative of the original and free
2348ssh 1.2.12 release by
2349.An Tatu Ylonen .
2350.An Aaron Campbell , Bob Beck , Markus Friedl ,
2351.An Niels Provos , Theo de Raadt
2352and
2353.An Dug Song
2354removed many bugs, re-added newer features and
2355created OpenSSH.
2356.An Markus Friedl
2357contributed the support for SSH protocol versions 1.5 and 2.0.
2358