1.\" 2.\" Author: Tatu Ylonen <ylo@cs.hut.fi> 3.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4.\" All rights reserved 5.\" 6.\" As far as I am concerned, the code I have written for this software 7.\" can be used freely for any purpose. Any derived versions of this 8.\" software must be clearly marked as such, and if the derived work is 9.\" incompatible with the protocol description in the RFC file, it must be 10.\" called by a name other than "ssh" or "Secure Shell". 11.\" 12.\" Copyright (c) 1999,2000 Markus Friedl. All rights reserved. 13.\" Copyright (c) 1999 Aaron Campbell. All rights reserved. 14.\" Copyright (c) 1999 Theo de Raadt. All rights reserved. 15.\" 16.\" Redistribution and use in source and binary forms, with or without 17.\" modification, are permitted provided that the following conditions 18.\" are met: 19.\" 1. Redistributions of source code must retain the above copyright 20.\" notice, this list of conditions and the following disclaimer. 21.\" 2. Redistributions in binary form must reproduce the above copyright 22.\" notice, this list of conditions and the following disclaimer in the 23.\" documentation and/or other materials provided with the distribution. 24.\" 25.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 26.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 27.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 28.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 29.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 30.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 31.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 32.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 33.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 34.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 35.\" 36.\" $OpenBSD: ssh_config.5,v 1.391 2023/10/12 02:18:18 djm Exp $ 37.Dd $Mdocdate: October 12 2023 $ 38.Dt SSH_CONFIG 5 39.Os 40.Sh NAME 41.Nm ssh_config 42.Nd OpenSSH client configuration file 43.Sh DESCRIPTION 44.Xr ssh 1 45obtains configuration data from the following sources in 46the following order: 47.Pp 48.Bl -enum -offset indent -compact 49.It 50command-line options 51.It 52user's configuration file 53.Pq Pa ~/.ssh/config 54.It 55system-wide configuration file 56.Pq Pa /etc/ssh/ssh_config 57.El 58.Pp 59Unless noted otherwise, for each parameter, the first obtained value 60will be used. 61The configuration files contain sections separated by 62.Cm Host 63specifications, and that section is only applied for hosts that 64match one of the patterns given in the specification. 65The matched host name is usually the one given on the command line 66(see the 67.Cm CanonicalizeHostname 68option for exceptions). 69.Pp 70Since the first obtained value for each parameter is used, more 71host-specific declarations should be given near the beginning of the 72file, and general defaults at the end. 73.Pp 74The file contains keyword-argument pairs, one per line. 75Lines starting with 76.Ql # 77and empty lines are interpreted as comments. 78Arguments may optionally be enclosed in double quotes 79.Pq \&" 80in order to represent arguments containing spaces. 81Configuration options may be separated by whitespace or 82optional whitespace and exactly one 83.Ql = ; 84the latter format is useful to avoid the need to quote whitespace 85when specifying configuration options using the 86.Nm ssh , 87.Nm scp , 88and 89.Nm sftp 90.Fl o 91option. 92.Pp 93The possible 94keywords and their meanings are as follows (note that 95keywords are case-insensitive and arguments are case-sensitive): 96.Bl -tag -width Ds 97.It Cm Host 98Restricts the following declarations (up to the next 99.Cm Host 100or 101.Cm Match 102keyword) to be only for those hosts that match one of the patterns 103given after the keyword. 104If more than one pattern is provided, they should be separated by whitespace. 105A single 106.Ql * 107as a pattern can be used to provide global 108defaults for all hosts. 109The host is usually the 110.Ar hostname 111argument given on the command line 112(see the 113.Cm CanonicalizeHostname 114keyword for exceptions). 115.Pp 116A pattern entry may be negated by prefixing it with an exclamation mark 117.Pq Sq !\& . 118If a negated entry is matched, then the 119.Cm Host 120entry is ignored, regardless of whether any other patterns on the line 121match. 122Negated matches are therefore useful to provide exceptions for wildcard 123matches. 124.Pp 125See 126.Sx PATTERNS 127for more information on patterns. 128.It Cm Match 129Restricts the following declarations (up to the next 130.Cm Host 131or 132.Cm Match 133keyword) to be used only when the conditions following the 134.Cm Match 135keyword are satisfied. 136Match conditions are specified using one or more criteria 137or the single token 138.Cm all 139which always matches. 140The available criteria keywords are: 141.Cm canonical , 142.Cm final , 143.Cm exec , 144.Cm localnetwork , 145.Cm host , 146.Cm originalhost , 147.Cm Tag , 148.Cm user , 149and 150.Cm localuser . 151The 152.Cm all 153criteria must appear alone or immediately after 154.Cm canonical 155or 156.Cm final . 157Other criteria may be combined arbitrarily. 158All criteria but 159.Cm all , 160.Cm canonical , 161and 162.Cm final 163require an argument. 164Criteria may be negated by prepending an exclamation mark 165.Pq Sq !\& . 166.Pp 167The 168.Cm canonical 169keyword matches only when the configuration file is being re-parsed 170after hostname canonicalization (see the 171.Cm CanonicalizeHostname 172option). 173This may be useful to specify conditions that work with canonical host 174names only. 175.Pp 176The 177.Cm final 178keyword requests that the configuration be re-parsed (regardless of whether 179.Cm CanonicalizeHostname 180is enabled), and matches only during this final pass. 181If 182.Cm CanonicalizeHostname 183is enabled, then 184.Cm canonical 185and 186.Cm final 187match during the same pass. 188.Pp 189The 190.Cm exec 191keyword executes the specified command under the user's shell. 192If the command returns a zero exit status then the condition is considered true. 193Commands containing whitespace characters must be quoted. 194Arguments to 195.Cm exec 196accept the tokens described in the 197.Sx TOKENS 198section. 199.Pp 200The 201.Cm localnetwork 202keyword matches the addresses of active local network interfaces against the 203supplied list of networks in CIDR format. 204This may be convenient for varying the effective configuration on devices that 205roam between networks. 206Note that network address is not a trustworthy criteria in many 207situations (e.g. when the network is automatically configured using DHCP) 208and so caution should be applied if using it to control security-sensitive 209configuration. 210.Pp 211The other keywords' criteria must be single entries or comma-separated 212lists and may use the wildcard and negation operators described in the 213.Sx PATTERNS 214section. 215The criteria for the 216.Cm host 217keyword are matched against the target hostname, after any substitution 218by the 219.Cm Hostname 220or 221.Cm CanonicalizeHostname 222options. 223The 224.Cm originalhost 225keyword matches against the hostname as it was specified on the command-line. 226The 227.Cm tagged 228keyword matches a tag name specified by a prior 229.Cm Tag 230directive or on the 231.Xr ssh 1 232command-line using the 233.Fl P 234flag. 235The 236.Cm user 237keyword matches against the target username on the remote host. 238The 239.Cm localuser 240keyword matches against the name of the local user running 241.Xr ssh 1 242(this keyword may be useful in system-wide 243.Nm 244files). 245.It Cm AddKeysToAgent 246Specifies whether keys should be automatically added to a running 247.Xr ssh-agent 1 . 248If this option is set to 249.Cm yes 250and a key is loaded from a file, the key and its passphrase are added to 251the agent with the default lifetime, as if by 252.Xr ssh-add 1 . 253If this option is set to 254.Cm ask , 255.Xr ssh 1 256will require confirmation using the 257.Ev SSH_ASKPASS 258program before adding a key (see 259.Xr ssh-add 1 260for details). 261If this option is set to 262.Cm confirm , 263each use of the key must be confirmed, as if the 264.Fl c 265option was specified to 266.Xr ssh-add 1 . 267If this option is set to 268.Cm no , 269no keys are added to the agent. 270Alternately, this option may be specified as a time interval 271using the format described in the 272.Sx TIME FORMATS 273section of 274.Xr sshd_config 5 275to specify the key's lifetime in 276.Xr ssh-agent 1 , 277after which it will automatically be removed. 278The argument must be 279.Cm no 280(the default), 281.Cm yes , 282.Cm confirm 283(optionally followed by a time interval), 284.Cm ask 285or a time interval. 286.It Cm AddressFamily 287Specifies which address family to use when connecting. 288Valid arguments are 289.Cm any 290(the default), 291.Cm inet 292(use IPv4 only), or 293.Cm inet6 294(use IPv6 only). 295.It Cm BatchMode 296If set to 297.Cm yes , 298user interaction such as password prompts and host key confirmation requests 299will be disabled. 300This option is useful in scripts and other batch jobs where no user 301is present to interact with 302.Xr ssh 1 . 303The argument must be 304.Cm yes 305or 306.Cm no 307(the default). 308.It Cm BindAddress 309Use the specified address on the local machine as the source address of 310the connection. 311Only useful on systems with more than one address. 312.It Cm BindInterface 313Use the address of the specified interface on the local machine as the 314source address of the connection. 315.It Cm CanonicalDomains 316When 317.Cm CanonicalizeHostname 318is enabled, this option specifies the list of domain suffixes in which to 319search for the specified destination host. 320.It Cm CanonicalizeFallbackLocal 321Specifies whether to fail with an error when hostname canonicalization fails. 322The default, 323.Cm yes , 324will attempt to look up the unqualified hostname using the system resolver's 325search rules. 326A value of 327.Cm no 328will cause 329.Xr ssh 1 330to fail instantly if 331.Cm CanonicalizeHostname 332is enabled and the target hostname cannot be found in any of the domains 333specified by 334.Cm CanonicalDomains . 335.It Cm CanonicalizeHostname 336Controls whether explicit hostname canonicalization is performed. 337The default, 338.Cm no , 339is not to perform any name rewriting and let the system resolver handle all 340hostname lookups. 341If set to 342.Cm yes 343then, for connections that do not use a 344.Cm ProxyCommand 345or 346.Cm ProxyJump , 347.Xr ssh 1 348will attempt to canonicalize the hostname specified on the command line 349using the 350.Cm CanonicalDomains 351suffixes and 352.Cm CanonicalizePermittedCNAMEs 353rules. 354If 355.Cm CanonicalizeHostname 356is set to 357.Cm always , 358then canonicalization is applied to proxied connections too. 359.Pp 360If this option is enabled, then the configuration files are processed 361again using the new target name to pick up any new configuration in matching 362.Cm Host 363and 364.Cm Match 365stanzas. 366A value of 367.Cm none 368disables the use of a 369.Cm ProxyJump 370host. 371.It Cm CanonicalizeMaxDots 372Specifies the maximum number of dot characters in a hostname before 373canonicalization is disabled. 374The default, 1, 375allows a single dot (i.e. hostname.subdomain). 376.It Cm CanonicalizePermittedCNAMEs 377Specifies rules to determine whether CNAMEs should be followed when 378canonicalizing hostnames. 379The rules consist of one or more arguments of 380.Ar source_domain_list : Ns Ar target_domain_list , 381where 382.Ar source_domain_list 383is a pattern-list of domains that may follow CNAMEs in canonicalization, 384and 385.Ar target_domain_list 386is a pattern-list of domains that they may resolve to. 387.Pp 388For example, 389.Qq *.a.example.com:*.b.example.com,*.c.example.com 390will allow hostnames matching 391.Qq *.a.example.com 392to be canonicalized to names in the 393.Qq *.b.example.com 394or 395.Qq *.c.example.com 396domains. 397.Pp 398A single argument of 399.Qq none 400causes no CNAMEs to be considered for canonicalization. 401This is the default behaviour. 402.It Cm CASignatureAlgorithms 403Specifies which algorithms are allowed for signing of certificates 404by certificate authorities (CAs). 405The default is: 406.Bd -literal -offset indent 407ssh-ed25519,ecdsa-sha2-nistp256, 408ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, 409sk-ssh-ed25519@openssh.com, 410sk-ecdsa-sha2-nistp256@openssh.com, 411rsa-sha2-512,rsa-sha2-256 412.Ed 413.Pp 414If the specified list begins with a 415.Sq + 416character, then the specified algorithms will be appended to the default set 417instead of replacing them. 418If the specified list begins with a 419.Sq - 420character, then the specified algorithms (including wildcards) will be removed 421from the default set instead of replacing them. 422.Pp 423.Xr ssh 1 424will not accept host certificates signed using algorithms other than those 425specified. 426.It Cm CertificateFile 427Specifies a file from which the user's certificate is read. 428A corresponding private key must be provided separately in order 429to use this certificate either 430from an 431.Cm IdentityFile 432directive or 433.Fl i 434flag to 435.Xr ssh 1 , 436via 437.Xr ssh-agent 1 , 438or via a 439.Cm PKCS11Provider 440or 441.Cm SecurityKeyProvider . 442.Pp 443Arguments to 444.Cm CertificateFile 445may use the tilde syntax to refer to a user's home directory, 446the tokens described in the 447.Sx TOKENS 448section and environment variables as described in the 449.Sx ENVIRONMENT VARIABLES 450section. 451.Pp 452It is possible to have multiple certificate files specified in 453configuration files; these certificates will be tried in sequence. 454Multiple 455.Cm CertificateFile 456directives will add to the list of certificates used for 457authentication. 458.It Cm ChannelTimeout 459Specifies whether and how quickly 460.Xr ssh 1 461should close inactive channels. 462Timeouts are specified as one or more 463.Dq type=interval 464pairs separated by whitespace, where the 465.Dq type 466must be a channel type name (as described in the table below), optionally 467containing wildcard characters. 468.Pp 469The timeout value 470.Dq interval 471is specified in seconds or may use any of the units documented in the 472.Sx TIME FORMATS 473section. 474For example, 475.Dq session=5m 476would cause the interactive session to terminate after five minutes of 477inactivity. 478Specifying a zero value disables the inactivity timeout. 479.Pp 480The available channel types include: 481.Bl -tag -width Ds 482.It Cm agent-connection 483Open connections to 484.Xr ssh-agent 1 . 485.It Cm direct-tcpip , Cm direct-streamlocal@openssh.com 486Open TCP or Unix socket (respectively) connections that have 487been established from a 488.Xr ssh 1 489local forwarding, i.e.\& 490.Cm LocalForward 491or 492.Cm DynamicForward . 493.It Cm forwarded-tcpip , Cm forwarded-streamlocal@openssh.com 494Open TCP or Unix socket (respectively) connections that have been 495established to a 496.Xr sshd 8 497listening on behalf of a 498.Xr ssh 1 499remote forwarding, i.e.\& 500.Cm RemoteForward . 501.It Cm session 502The interactive main session, including shell session, command execution, 503.Xr scp 1 , 504.Xr sftp 1 , 505etc. 506.It Cm tun-connection 507Open 508.Cm TunnelForward 509connections. 510.It Cm x11-connection 511Open X11 forwarding sessions. 512.El 513.Pp 514Note that in all the above cases, terminating an inactive session does not 515guarantee to remove all resources associated with the session, e.g. shell 516processes or X11 clients relating to the session may continue to execute. 517.Pp 518Moreover, terminating an inactive channel or session does not necessarily 519close the SSH connection, nor does it prevent a client from 520requesting another channel of the same type. 521In particular, expiring an inactive forwarding session does not prevent 522another identical forwarding from being subsequently created. 523.Pp 524The default is not to expire channels of any type for inactivity. 525.It Cm CheckHostIP 526If set to 527.Cm yes , 528.Xr ssh 1 529will additionally check the host IP address in the 530.Pa known_hosts 531file. 532This allows it to detect if a host key changed due to DNS spoofing 533and will add addresses of destination hosts to 534.Pa ~/.ssh/known_hosts 535in the process, regardless of the setting of 536.Cm StrictHostKeyChecking . 537If the option is set to 538.Cm no 539(the default), 540the check will not be executed. 541The default is 542.Cm no . 543.It Cm Ciphers 544Specifies the ciphers allowed and their order of preference. 545Multiple ciphers must be comma-separated. 546If the specified list begins with a 547.Sq + 548character, then the specified ciphers will be appended to the default set 549instead of replacing them. 550If the specified list begins with a 551.Sq - 552character, then the specified ciphers (including wildcards) will be removed 553from the default set instead of replacing them. 554If the specified list begins with a 555.Sq ^ 556character, then the specified ciphers will be placed at the head of the 557default set. 558.Pp 559The supported ciphers are: 560.Bd -literal -offset indent 5613des-cbc 562aes128-cbc 563aes192-cbc 564aes256-cbc 565aes128-ctr 566aes192-ctr 567aes256-ctr 568aes128-gcm@openssh.com 569aes256-gcm@openssh.com 570chacha20-poly1305@openssh.com 571.Ed 572.Pp 573The default is: 574.Bd -literal -offset indent 575chacha20-poly1305@openssh.com, 576aes128-ctr,aes192-ctr,aes256-ctr, 577aes128-gcm@openssh.com,aes256-gcm@openssh.com 578.Ed 579.Pp 580The list of available ciphers may also be obtained using 581.Qq ssh -Q cipher . 582.It Cm ClearAllForwardings 583Specifies that all local, remote, and dynamic port forwardings 584specified in the configuration files or on the command line be 585cleared. 586This option is primarily useful when used from the 587.Xr ssh 1 588command line to clear port forwardings set in 589configuration files, and is automatically set by 590.Xr scp 1 591and 592.Xr sftp 1 . 593The argument must be 594.Cm yes 595or 596.Cm no 597(the default). 598.It Cm Compression 599Specifies whether to use compression. 600The argument must be 601.Cm yes 602or 603.Cm no 604(the default). 605.It Cm ConnectionAttempts 606Specifies the number of tries (one per second) to make before exiting. 607The argument must be an integer. 608This may be useful in scripts if the connection sometimes fails. 609The default is 1. 610.It Cm ConnectTimeout 611Specifies the timeout (in seconds) used when connecting to the 612SSH server, instead of using the default system TCP timeout. 613This timeout is applied both to establishing the connection and to performing 614the initial SSH protocol handshake and key exchange. 615.It Cm ControlMaster 616Enables the sharing of multiple sessions over a single network connection. 617When set to 618.Cm yes , 619.Xr ssh 1 620will listen for connections on a control socket specified using the 621.Cm ControlPath 622argument. 623Additional sessions can connect to this socket using the same 624.Cm ControlPath 625with 626.Cm ControlMaster 627set to 628.Cm no 629(the default). 630These sessions will try to reuse the master instance's network connection 631rather than initiating new ones, but will fall back to connecting normally 632if the control socket does not exist, or is not listening. 633.Pp 634Setting this to 635.Cm ask 636will cause 637.Xr ssh 1 638to listen for control connections, but require confirmation using 639.Xr ssh-askpass 1 . 640If the 641.Cm ControlPath 642cannot be opened, 643.Xr ssh 1 644will continue without connecting to a master instance. 645.Pp 646X11 and 647.Xr ssh-agent 1 648forwarding is supported over these multiplexed connections, however the 649display and agent forwarded will be the one belonging to the master 650connection i.e. it is not possible to forward multiple displays or agents. 651.Pp 652Two additional options allow for opportunistic multiplexing: try to use a 653master connection but fall back to creating a new one if one does not already 654exist. 655These options are: 656.Cm auto 657and 658.Cm autoask . 659The latter requires confirmation like the 660.Cm ask 661option. 662.It Cm ControlPath 663Specify the path to the control socket used for connection sharing as described 664in the 665.Cm ControlMaster 666section above or the string 667.Cm none 668to disable connection sharing. 669Arguments to 670.Cm ControlPath 671may use the tilde syntax to refer to a user's home directory, 672the tokens described in the 673.Sx TOKENS 674section and environment variables as described in the 675.Sx ENVIRONMENT VARIABLES 676section. 677It is recommended that any 678.Cm ControlPath 679used for opportunistic connection sharing include 680at least %h, %p, and %r (or alternatively %C) and be placed in a directory 681that is not writable by other users. 682This ensures that shared connections are uniquely identified. 683.It Cm ControlPersist 684When used in conjunction with 685.Cm ControlMaster , 686specifies that the master connection should remain open 687in the background (waiting for future client connections) 688after the initial client connection has been closed. 689If set to 690.Cm no 691(the default), 692then the master connection will not be placed into the background, 693and will close as soon as the initial client connection is closed. 694If set to 695.Cm yes 696or 0, 697then the master connection will remain in the background indefinitely 698(until killed or closed via a mechanism such as the 699.Qq ssh -O exit ) . 700If set to a time in seconds, or a time in any of the formats documented in 701.Xr sshd_config 5 , 702then the backgrounded master connection will automatically terminate 703after it has remained idle (with no client connections) for the 704specified time. 705.It Cm DynamicForward 706Specifies that a TCP port on the local machine be forwarded 707over the secure channel, and the application 708protocol is then used to determine where to connect to from the 709remote machine. 710.Pp 711The argument must be 712.Sm off 713.Oo Ar bind_address : Oc Ar port . 714.Sm on 715IPv6 addresses can be specified by enclosing addresses in square brackets. 716By default, the local port is bound in accordance with the 717.Cm GatewayPorts 718setting. 719However, an explicit 720.Ar bind_address 721may be used to bind the connection to a specific address. 722The 723.Ar bind_address 724of 725.Cm localhost 726indicates that the listening port be bound for local use only, while an 727empty address or 728.Sq * 729indicates that the port should be available from all interfaces. 730.Pp 731Currently the SOCKS4 and SOCKS5 protocols are supported, and 732.Xr ssh 1 733will act as a SOCKS server. 734Multiple forwardings may be specified, and 735additional forwardings can be given on the command line. 736Only the superuser can forward privileged ports. 737.It Cm EnableEscapeCommandline 738Enables the command line option in the 739.Cm EscapeChar 740menu for interactive sessions (default 741.Ql ~C ) . 742By default, the command line is disabled. 743.It Cm EnableSSHKeysign 744Setting this option to 745.Cm yes 746in the global client configuration file 747.Pa /etc/ssh/ssh_config 748enables the use of the helper program 749.Xr ssh-keysign 8 750during 751.Cm HostbasedAuthentication . 752The argument must be 753.Cm yes 754or 755.Cm no 756(the default). 757This option should be placed in the non-hostspecific section. 758See 759.Xr ssh-keysign 8 760for more information. 761.It Cm EscapeChar 762Sets the escape character (default: 763.Ql ~ ) . 764The escape character can also 765be set on the command line. 766The argument should be a single character, 767.Ql ^ 768followed by a letter, or 769.Cm none 770to disable the escape 771character entirely (making the connection transparent for binary 772data). 773.It Cm ExitOnForwardFailure 774Specifies whether 775.Xr ssh 1 776should terminate the connection if it cannot set up all requested 777dynamic, tunnel, local, and remote port forwardings, (e.g.\& 778if either end is unable to bind and listen on a specified port). 779Note that 780.Cm ExitOnForwardFailure 781does not apply to connections made over port forwardings and will not, 782for example, cause 783.Xr ssh 1 784to exit if TCP connections to the ultimate forwarding destination fail. 785The argument must be 786.Cm yes 787or 788.Cm no 789(the default). 790.It Cm FingerprintHash 791Specifies the hash algorithm used when displaying key fingerprints. 792Valid options are: 793.Cm md5 794and 795.Cm sha256 796(the default). 797.It Cm ForkAfterAuthentication 798Requests 799.Nm ssh 800to go to background just before command execution. 801This is useful if 802.Nm ssh 803is going to ask for passwords or passphrases, but the user 804wants it in the background. 805This implies the 806.Cm StdinNull 807configuration option being set to 808.Dq yes . 809The recommended way to start X11 programs at a remote site is with 810something like 811.Ic ssh -f host xterm , 812which is the same as 813.Ic ssh host xterm 814if the 815.Cm ForkAfterAuthentication 816configuration option is set to 817.Dq yes . 818.Pp 819If the 820.Cm ExitOnForwardFailure 821configuration option is set to 822.Dq yes , 823then a client started with the 824.Cm ForkAfterAuthentication 825configuration option being set to 826.Dq yes 827will wait for all remote port forwards to be successfully established 828before placing itself in the background. 829The argument to this keyword must be 830.Cm yes 831(same as the 832.Fl f 833option) or 834.Cm no 835(the default). 836.It Cm ForwardAgent 837Specifies whether the connection to the authentication agent (if any) 838will be forwarded to the remote machine. 839The argument may be 840.Cm yes , 841.Cm no 842(the default), 843an explicit path to an agent socket or the name of an environment variable 844(beginning with 845.Sq $ ) 846in which to find the path. 847.Pp 848Agent forwarding should be enabled with caution. 849Users with the ability to bypass file permissions on the remote host 850(for the agent's Unix-domain socket) 851can access the local agent through the forwarded connection. 852An attacker cannot obtain key material from the agent, 853however they can perform operations on the keys that enable them to 854authenticate using the identities loaded into the agent. 855.It Cm ForwardX11 856Specifies whether X11 connections will be automatically redirected 857over the secure channel and 858.Ev DISPLAY 859set. 860The argument must be 861.Cm yes 862or 863.Cm no 864(the default). 865.Pp 866X11 forwarding should be enabled with caution. 867Users with the ability to bypass file permissions on the remote host 868(for the user's X11 authorization database) 869can access the local X11 display through the forwarded connection. 870An attacker may then be able to perform activities such as keystroke monitoring 871if the 872.Cm ForwardX11Trusted 873option is also enabled. 874.It Cm ForwardX11Timeout 875Specify a timeout for untrusted X11 forwarding 876using the format described in the 877.Sx TIME FORMATS 878section of 879.Xr sshd_config 5 . 880X11 connections received by 881.Xr ssh 1 882after this time will be refused. 883Setting 884.Cm ForwardX11Timeout 885to zero will disable the timeout and permit X11 forwarding for the life 886of the connection. 887The default is to disable untrusted X11 forwarding after twenty minutes has 888elapsed. 889.It Cm ForwardX11Trusted 890If this option is set to 891.Cm yes , 892remote X11 clients will have full access to the original X11 display. 893.Pp 894If this option is set to 895.Cm no 896(the default), 897remote X11 clients will be considered untrusted and prevented 898from stealing or tampering with data belonging to trusted X11 899clients. 900Furthermore, the 901.Xr xauth 1 902token used for the session will be set to expire after 20 minutes. 903Remote clients will be refused access after this time. 904.Pp 905See the X11 SECURITY extension specification for full details on 906the restrictions imposed on untrusted clients. 907.It Cm GatewayPorts 908Specifies whether remote hosts are allowed to connect to local 909forwarded ports. 910By default, 911.Xr ssh 1 912binds local port forwardings to the loopback address. 913This prevents other remote hosts from connecting to forwarded ports. 914.Cm GatewayPorts 915can be used to specify that ssh 916should bind local port forwardings to the wildcard address, 917thus allowing remote hosts to connect to forwarded ports. 918The argument must be 919.Cm yes 920or 921.Cm no 922(the default). 923.It Cm GlobalKnownHostsFile 924Specifies one or more files to use for the global 925host key database, separated by whitespace. 926The default is 927.Pa /etc/ssh/ssh_known_hosts , 928.Pa /etc/ssh/ssh_known_hosts2 . 929.It Cm GSSAPIAuthentication 930Specifies whether user authentication based on GSSAPI is allowed. 931The default is 932.Cm no . 933.It Cm GSSAPIDelegateCredentials 934Forward (delegate) credentials to the server. 935The default is 936.Cm no . 937.It Cm HashKnownHosts 938Indicates that 939.Xr ssh 1 940should hash host names and addresses when they are added to 941.Pa ~/.ssh/known_hosts . 942These hashed names may be used normally by 943.Xr ssh 1 944and 945.Xr sshd 8 , 946but they do not visually reveal identifying information if the 947file's contents are disclosed. 948The default is 949.Cm no . 950Note that existing names and addresses in known hosts files 951will not be converted automatically, 952but may be manually hashed using 953.Xr ssh-keygen 1 . 954.It Cm HostbasedAcceptedAlgorithms 955Specifies the signature algorithms that will be used for hostbased 956authentication as a comma-separated list of patterns. 957Alternately if the specified list begins with a 958.Sq + 959character, then the specified signature algorithms will be appended 960to the default set instead of replacing them. 961If the specified list begins with a 962.Sq - 963character, then the specified signature algorithms (including wildcards) 964will be removed from the default set instead of replacing them. 965If the specified list begins with a 966.Sq ^ 967character, then the specified signature algorithms will be placed 968at the head of the default set. 969The default for this option is: 970.Bd -literal -offset 3n 971ssh-ed25519-cert-v01@openssh.com, 972ecdsa-sha2-nistp256-cert-v01@openssh.com, 973ecdsa-sha2-nistp384-cert-v01@openssh.com, 974ecdsa-sha2-nistp521-cert-v01@openssh.com, 975sk-ssh-ed25519-cert-v01@openssh.com, 976sk-ecdsa-sha2-nistp256-cert-v01@openssh.com, 977rsa-sha2-512-cert-v01@openssh.com, 978rsa-sha2-256-cert-v01@openssh.com, 979ssh-ed25519, 980ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, 981sk-ssh-ed25519@openssh.com, 982sk-ecdsa-sha2-nistp256@openssh.com, 983rsa-sha2-512,rsa-sha2-256 984.Ed 985.Pp 986The 987.Fl Q 988option of 989.Xr ssh 1 990may be used to list supported signature algorithms. 991This was formerly named HostbasedKeyTypes. 992.It Cm HostbasedAuthentication 993Specifies whether to try rhosts based authentication with public key 994authentication. 995The argument must be 996.Cm yes 997or 998.Cm no 999(the default). 1000.It Cm HostKeyAlgorithms 1001Specifies the host key signature algorithms 1002that the client wants to use in order of preference. 1003Alternately if the specified list begins with a 1004.Sq + 1005character, then the specified signature algorithms will be appended to 1006the default set instead of replacing them. 1007If the specified list begins with a 1008.Sq - 1009character, then the specified signature algorithms (including wildcards) 1010will be removed from the default set instead of replacing them. 1011If the specified list begins with a 1012.Sq ^ 1013character, then the specified signature algorithms will be placed 1014at the head of the default set. 1015The default for this option is: 1016.Bd -literal -offset 3n 1017ssh-ed25519-cert-v01@openssh.com, 1018ecdsa-sha2-nistp256-cert-v01@openssh.com, 1019ecdsa-sha2-nistp384-cert-v01@openssh.com, 1020ecdsa-sha2-nistp521-cert-v01@openssh.com, 1021sk-ssh-ed25519-cert-v01@openssh.com, 1022sk-ecdsa-sha2-nistp256-cert-v01@openssh.com, 1023rsa-sha2-512-cert-v01@openssh.com, 1024rsa-sha2-256-cert-v01@openssh.com, 1025ssh-ed25519, 1026ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, 1027sk-ecdsa-sha2-nistp256@openssh.com, 1028sk-ssh-ed25519@openssh.com, 1029rsa-sha2-512,rsa-sha2-256 1030.Ed 1031.Pp 1032If hostkeys are known for the destination host then this default is modified 1033to prefer their algorithms. 1034.Pp 1035The list of available signature algorithms may also be obtained using 1036.Qq ssh -Q HostKeyAlgorithms . 1037.It Cm HostKeyAlias 1038Specifies an alias that should be used instead of the 1039real host name when looking up or saving the host key 1040in the host key database files and when validating host certificates. 1041This option is useful for tunneling SSH connections 1042or for multiple servers running on a single host. 1043.It Cm Hostname 1044Specifies the real host name to log into. 1045This can be used to specify nicknames or abbreviations for hosts. 1046Arguments to 1047.Cm Hostname 1048accept the tokens described in the 1049.Sx TOKENS 1050section. 1051Numeric IP addresses are also permitted (both on the command line and in 1052.Cm Hostname 1053specifications). 1054The default is the name given on the command line. 1055.It Cm IdentitiesOnly 1056Specifies that 1057.Xr ssh 1 1058should only use the configured authentication identity and certificate files 1059(either the default files, or those explicitly configured in the 1060.Nm 1061files 1062or passed on the 1063.Xr ssh 1 1064command-line), 1065even if 1066.Xr ssh-agent 1 1067or a 1068.Cm PKCS11Provider 1069or 1070.Cm SecurityKeyProvider 1071offers more identities. 1072The argument to this keyword must be 1073.Cm yes 1074or 1075.Cm no 1076(the default). 1077This option is intended for situations where ssh-agent 1078offers many different identities. 1079.It Cm IdentityAgent 1080Specifies the 1081.Ux Ns -domain 1082socket used to communicate with the authentication agent. 1083.Pp 1084This option overrides the 1085.Ev SSH_AUTH_SOCK 1086environment variable and can be used to select a specific agent. 1087Setting the socket name to 1088.Cm none 1089disables the use of an authentication agent. 1090If the string 1091.Qq SSH_AUTH_SOCK 1092is specified, the location of the socket will be read from the 1093.Ev SSH_AUTH_SOCK 1094environment variable. 1095Otherwise if the specified value begins with a 1096.Sq $ 1097character, then it will be treated as an environment variable containing 1098the location of the socket. 1099.Pp 1100Arguments to 1101.Cm IdentityAgent 1102may use the tilde syntax to refer to a user's home directory, 1103the tokens described in the 1104.Sx TOKENS 1105section and environment variables as described in the 1106.Sx ENVIRONMENT VARIABLES 1107section. 1108.It Cm IdentityFile 1109Specifies a file from which the user's DSA, ECDSA, authenticator-hosted ECDSA, 1110Ed25519, authenticator-hosted Ed25519 or RSA authentication identity is read. 1111You can also specify a public key file to use the corresponding 1112private key that is loaded in 1113.Xr ssh-agent 1 1114when the private key file is not present locally. 1115The default is 1116.Pa ~/.ssh/id_rsa , 1117.Pa ~/.ssh/id_ecdsa , 1118.Pa ~/.ssh/id_ecdsa_sk , 1119.Pa ~/.ssh/id_ed25519 , 1120.Pa ~/.ssh/id_ed25519_sk 1121and 1122.Pa ~/.ssh/id_dsa . 1123Additionally, any identities represented by the authentication agent 1124will be used for authentication unless 1125.Cm IdentitiesOnly 1126is set. 1127If no certificates have been explicitly specified by 1128.Cm CertificateFile , 1129.Xr ssh 1 1130will try to load certificate information from the filename obtained by 1131appending 1132.Pa -cert.pub 1133to the path of a specified 1134.Cm IdentityFile . 1135.Pp 1136Arguments to 1137.Cm IdentityFile 1138may use the tilde syntax to refer to a user's home directory 1139or the tokens described in the 1140.Sx TOKENS 1141section. 1142Alternately an argument of 1143.Cm none 1144may be used to indicate no identity files should be loaded. 1145.Pp 1146It is possible to have 1147multiple identity files specified in configuration files; all these 1148identities will be tried in sequence. 1149Multiple 1150.Cm IdentityFile 1151directives will add to the list of identities tried (this behaviour 1152differs from that of other configuration directives). 1153.Pp 1154.Cm IdentityFile 1155may be used in conjunction with 1156.Cm IdentitiesOnly 1157to select which identities in an agent are offered during authentication. 1158.Cm IdentityFile 1159may also be used in conjunction with 1160.Cm CertificateFile 1161in order to provide any certificate also needed for authentication with 1162the identity. 1163.It Cm IgnoreUnknown 1164Specifies a pattern-list of unknown options to be ignored if they are 1165encountered in configuration parsing. 1166This may be used to suppress errors if 1167.Nm 1168contains options that are unrecognised by 1169.Xr ssh 1 . 1170It is recommended that 1171.Cm IgnoreUnknown 1172be listed early in the configuration file as it will not be applied 1173to unknown options that appear before it. 1174.It Cm Include 1175Include the specified configuration file(s). 1176Multiple pathnames may be specified and each pathname may contain 1177.Xr glob 7 1178wildcards and, for user configurations, shell-like 1179.Sq ~ 1180references to user home directories. 1181Wildcards will be expanded and processed in lexical order. 1182Files without absolute paths are assumed to be in 1183.Pa ~/.ssh 1184if included in a user configuration file or 1185.Pa /etc/ssh 1186if included from the system configuration file. 1187.Cm Include 1188directive may appear inside a 1189.Cm Match 1190or 1191.Cm Host 1192block 1193to perform conditional inclusion. 1194.It Cm IPQoS 1195Specifies the IPv4 type-of-service or DSCP class for connections. 1196Accepted values are 1197.Cm af11 , 1198.Cm af12 , 1199.Cm af13 , 1200.Cm af21 , 1201.Cm af22 , 1202.Cm af23 , 1203.Cm af31 , 1204.Cm af32 , 1205.Cm af33 , 1206.Cm af41 , 1207.Cm af42 , 1208.Cm af43 , 1209.Cm cs0 , 1210.Cm cs1 , 1211.Cm cs2 , 1212.Cm cs3 , 1213.Cm cs4 , 1214.Cm cs5 , 1215.Cm cs6 , 1216.Cm cs7 , 1217.Cm ef , 1218.Cm le , 1219.Cm lowdelay , 1220.Cm throughput , 1221.Cm reliability , 1222a numeric value, or 1223.Cm none 1224to use the operating system default. 1225This option may take one or two arguments, separated by whitespace. 1226If one argument is specified, it is used as the packet class unconditionally. 1227If two values are specified, the first is automatically selected for 1228interactive sessions and the second for non-interactive sessions. 1229The default is 1230.Cm af21 1231(Low-Latency Data) 1232for interactive sessions and 1233.Cm cs1 1234(Lower Effort) 1235for non-interactive sessions. 1236.It Cm KbdInteractiveAuthentication 1237Specifies whether to use keyboard-interactive authentication. 1238The argument to this keyword must be 1239.Cm yes 1240(the default) 1241or 1242.Cm no . 1243.Cm ChallengeResponseAuthentication 1244is a deprecated alias for this. 1245.It Cm KbdInteractiveDevices 1246Specifies the list of methods to use in keyboard-interactive authentication. 1247Multiple method names must be comma-separated. 1248The default is to use the server specified list. 1249The methods available vary depending on what the server supports. 1250For an OpenSSH server, 1251it may be zero or more of: 1252.Cm bsdauth 1253and 1254.Cm pam . 1255.It Cm KexAlgorithms 1256Specifies the available KEX (Key Exchange) algorithms. 1257Multiple algorithms must be comma-separated. 1258If the specified list begins with a 1259.Sq + 1260character, then the specified algorithms will be appended to the default set 1261instead of replacing them. 1262If the specified list begins with a 1263.Sq - 1264character, then the specified algorithms (including wildcards) will be removed 1265from the default set instead of replacing them. 1266If the specified list begins with a 1267.Sq ^ 1268character, then the specified algorithms will be placed at the head of the 1269default set. 1270The default is: 1271.Bd -literal -offset indent 1272sntrup761x25519-sha512@openssh.com, 1273curve25519-sha256,curve25519-sha256@libssh.org, 1274ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521, 1275diffie-hellman-group-exchange-sha256, 1276diffie-hellman-group16-sha512, 1277diffie-hellman-group18-sha512, 1278diffie-hellman-group14-sha256 1279.Ed 1280.Pp 1281The list of available key exchange algorithms may also be obtained using 1282.Qq ssh -Q kex . 1283.It Cm KnownHostsCommand 1284Specifies a command to use to obtain a list of host keys, in addition to 1285those listed in 1286.Cm UserKnownHostsFile 1287and 1288.Cm GlobalKnownHostsFile . 1289This command is executed after the files have been read. 1290It may write host key lines to standard output in identical format to the 1291usual files (described in the 1292.Sx VERIFYING HOST KEYS 1293section in 1294.Xr ssh 1 ) . 1295Arguments to 1296.Cm KnownHostsCommand 1297accept the tokens described in the 1298.Sx TOKENS 1299section. 1300The command may be invoked multiple times per connection: once when preparing 1301the preference list of host key algorithms to use, again to obtain the 1302host key for the requested host name and, if 1303.Cm CheckHostIP 1304is enabled, one more time to obtain the host key matching the server's 1305address. 1306If the command exits abnormally or returns a non-zero exit status then the 1307connection is terminated. 1308.It Cm LocalCommand 1309Specifies a command to execute on the local machine after successfully 1310connecting to the server. 1311The command string extends to the end of the line, and is executed with 1312the user's shell. 1313Arguments to 1314.Cm LocalCommand 1315accept the tokens described in the 1316.Sx TOKENS 1317section. 1318.Pp 1319The command is run synchronously and does not have access to the 1320session of the 1321.Xr ssh 1 1322that spawned it. 1323It should not be used for interactive commands. 1324.Pp 1325This directive is ignored unless 1326.Cm PermitLocalCommand 1327has been enabled. 1328.It Cm LocalForward 1329Specifies that a TCP port on the local machine be forwarded over 1330the secure channel to the specified host and port from the remote machine. 1331The first argument specifies the listener and may be 1332.Sm off 1333.Oo Ar bind_address : Oc Ar port 1334.Sm on 1335or a Unix domain socket path. 1336The second argument is the destination and may be 1337.Ar host : Ns Ar hostport 1338or a Unix domain socket path if the remote host supports it. 1339.Pp 1340IPv6 addresses can be specified by enclosing addresses in square brackets. 1341Multiple forwardings may be specified, and additional forwardings can be 1342given on the command line. 1343Only the superuser can forward privileged ports. 1344By default, the local port is bound in accordance with the 1345.Cm GatewayPorts 1346setting. 1347However, an explicit 1348.Ar bind_address 1349may be used to bind the connection to a specific address. 1350The 1351.Ar bind_address 1352of 1353.Cm localhost 1354indicates that the listening port be bound for local use only, while an 1355empty address or 1356.Sq * 1357indicates that the port should be available from all interfaces. 1358Unix domain socket paths may use the tokens described in the 1359.Sx TOKENS 1360section and environment variables as described in the 1361.Sx ENVIRONMENT VARIABLES 1362section. 1363.It Cm LogLevel 1364Gives the verbosity level that is used when logging messages from 1365.Xr ssh 1 . 1366The possible values are: 1367QUIET, FATAL, ERROR, INFO, VERBOSE, DEBUG, DEBUG1, DEBUG2, and DEBUG3. 1368The default is INFO. 1369DEBUG and DEBUG1 are equivalent. 1370DEBUG2 and DEBUG3 each specify higher levels of verbose output. 1371.It Cm LogVerbose 1372Specify one or more overrides to LogLevel. 1373An override consists of a pattern lists that matches the source file, function 1374and line number to force detailed logging for. 1375For example, an override pattern of: 1376.Bd -literal -offset indent 1377kex.c:*:1000,*:kex_exchange_identification():*,packet.c:* 1378.Ed 1379.Pp 1380would enable detailed logging for line 1000 of 1381.Pa kex.c , 1382everything in the 1383.Fn kex_exchange_identification 1384function, and all code in the 1385.Pa packet.c 1386file. 1387This option is intended for debugging and no overrides are enabled by default. 1388.It Cm MACs 1389Specifies the MAC (message authentication code) algorithms 1390in order of preference. 1391The MAC algorithm is used for data integrity protection. 1392Multiple algorithms must be comma-separated. 1393If the specified list begins with a 1394.Sq + 1395character, then the specified algorithms will be appended to the default set 1396instead of replacing them. 1397If the specified list begins with a 1398.Sq - 1399character, then the specified algorithms (including wildcards) will be removed 1400from the default set instead of replacing them. 1401If the specified list begins with a 1402.Sq ^ 1403character, then the specified algorithms will be placed at the head of the 1404default set. 1405.Pp 1406The algorithms that contain 1407.Qq -etm 1408calculate the MAC after encryption (encrypt-then-mac). 1409These are considered safer and their use recommended. 1410.Pp 1411The default is: 1412.Bd -literal -offset indent 1413umac-64-etm@openssh.com,umac-128-etm@openssh.com, 1414hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com, 1415hmac-sha1-etm@openssh.com, 1416umac-64@openssh.com,umac-128@openssh.com, 1417hmac-sha2-256,hmac-sha2-512,hmac-sha1 1418.Ed 1419.Pp 1420The list of available MAC algorithms may also be obtained using 1421.Qq ssh -Q mac . 1422.It Cm NoHostAuthenticationForLocalhost 1423Disable host authentication for localhost (loopback addresses). 1424The argument to this keyword must be 1425.Cm yes 1426or 1427.Cm no 1428(the default). 1429.It Cm NumberOfPasswordPrompts 1430Specifies the number of password prompts before giving up. 1431The argument to this keyword must be an integer. 1432The default is 3. 1433.It Cm ObscureKeystrokeTiming 1434Specifies whether 1435.Xr ssh 1 1436should try to obscure inter-keystroke timings from passive observers of 1437network traffic. 1438If enabled, then for interactive sessions, 1439.Xr ssh 1 1440will send keystrokes at fixed intervals of a few tens of milliseconds 1441and will send fake keystroke packets for some time after typing ceases. 1442The argument to this keyword must be 1443.Cm yes , 1444.Cm no 1445or an interval specifier of the form 1446.Cm interval:milliseconds 1447(e.g.\& 1448.Cm interval:80 1449for 80 milliseconds). 1450The default is to obscure keystrokes using a 20ms packet interval. 1451Note that smaller intervals will result in higher fake keystroke packet rates. 1452.It Cm PasswordAuthentication 1453Specifies whether to use password authentication. 1454The argument to this keyword must be 1455.Cm yes 1456(the default) 1457or 1458.Cm no . 1459.It Cm PermitLocalCommand 1460Allow local command execution via the 1461.Ic LocalCommand 1462option or using the 1463.Ic !\& Ns Ar command 1464escape sequence in 1465.Xr ssh 1 . 1466The argument must be 1467.Cm yes 1468or 1469.Cm no 1470(the default). 1471.It Cm PermitRemoteOpen 1472Specifies the destinations to which remote TCP port forwarding is permitted when 1473.Cm RemoteForward 1474is used as a SOCKS proxy. 1475The forwarding specification must be one of the following forms: 1476.Pp 1477.Bl -item -offset indent -compact 1478.It 1479.Cm PermitRemoteOpen 1480.Sm off 1481.Ar host : port 1482.Sm on 1483.It 1484.Cm PermitRemoteOpen 1485.Sm off 1486.Ar IPv4_addr : port 1487.Sm on 1488.It 1489.Cm PermitRemoteOpen 1490.Sm off 1491.Ar \&[ IPv6_addr \&] : port 1492.Sm on 1493.El 1494.Pp 1495Multiple forwards may be specified by separating them with whitespace. 1496An argument of 1497.Cm any 1498can be used to remove all restrictions and permit any forwarding requests. 1499An argument of 1500.Cm none 1501can be used to prohibit all forwarding requests. 1502The wildcard 1503.Sq * 1504can be used for host or port to allow all hosts or ports respectively. 1505Otherwise, no pattern matching or address lookups are performed on supplied 1506names. 1507.It Cm PKCS11Provider 1508Specifies which PKCS#11 provider to use or 1509.Cm none 1510to indicate that no provider should be used (the default). 1511The argument to this keyword is a path to the PKCS#11 shared library 1512.Xr ssh 1 1513should use to communicate with a PKCS#11 token providing keys for user 1514authentication. 1515.It Cm Port 1516Specifies the port number to connect on the remote host. 1517The default is 22. 1518.It Cm PreferredAuthentications 1519Specifies the order in which the client should try authentication methods. 1520This allows a client to prefer one method (e.g.\& 1521.Cm keyboard-interactive ) 1522over another method (e.g.\& 1523.Cm password ) . 1524The default is: 1525.Bd -literal -offset indent 1526gssapi-with-mic,hostbased,publickey, 1527keyboard-interactive,password 1528.Ed 1529.It Cm ProxyCommand 1530Specifies the command to use to connect to the server. 1531The command 1532string extends to the end of the line, and is executed 1533using the user's shell 1534.Ql exec 1535directive to avoid a lingering shell process. 1536.Pp 1537Arguments to 1538.Cm ProxyCommand 1539accept the tokens described in the 1540.Sx TOKENS 1541section. 1542The command can be basically anything, 1543and should read from its standard input and write to its standard output. 1544It should eventually connect an 1545.Xr sshd 8 1546server running on some machine, or execute 1547.Ic sshd -i 1548somewhere. 1549Host key management will be done using the 1550.Cm Hostname 1551of the host being connected (defaulting to the name typed by the user). 1552Setting the command to 1553.Cm none 1554disables this option entirely. 1555Note that 1556.Cm CheckHostIP 1557is not available for connects with a proxy command. 1558.Pp 1559This directive is useful in conjunction with 1560.Xr nc 1 1561and its proxy support. 1562For example, the following directive would connect via an HTTP proxy at 1563192.0.2.0: 1564.Bd -literal -offset 3n 1565ProxyCommand /usr/bin/nc -X connect -x 192.0.2.0:8080 %h %p 1566.Ed 1567.It Cm ProxyJump 1568Specifies one or more jump proxies as either 1569.Xo 1570.Sm off 1571.Op Ar user No @ 1572.Ar host 1573.Op : Ns Ar port 1574.Sm on 1575or an ssh URI 1576.Xc . 1577Multiple proxies may be separated by comma characters and will be visited 1578sequentially. 1579Setting this option will cause 1580.Xr ssh 1 1581to connect to the target host by first making a 1582.Xr ssh 1 1583connection to the specified 1584.Cm ProxyJump 1585host and then establishing a 1586TCP forwarding to the ultimate target from there. 1587Setting the host to 1588.Cm none 1589disables this option entirely. 1590.Pp 1591Note that this option will compete with the 1592.Cm ProxyCommand 1593option - whichever is specified first will prevent later instances of the 1594other from taking effect. 1595.Pp 1596Note also that the configuration for the destination host (either supplied 1597via the command-line or the configuration file) is not generally applied 1598to jump hosts. 1599.Pa ~/.ssh/config 1600should be used if specific configuration is required for jump hosts. 1601.It Cm ProxyUseFdpass 1602Specifies that 1603.Cm ProxyCommand 1604will pass a connected file descriptor back to 1605.Xr ssh 1 1606instead of continuing to execute and pass data. 1607The default is 1608.Cm no . 1609.It Cm PubkeyAcceptedAlgorithms 1610Specifies the signature algorithms that will be used for public key 1611authentication as a comma-separated list of patterns. 1612If the specified list begins with a 1613.Sq + 1614character, then the algorithms after it will be appended to the default 1615instead of replacing it. 1616If the specified list begins with a 1617.Sq - 1618character, then the specified algorithms (including wildcards) will be removed 1619from the default set instead of replacing them. 1620If the specified list begins with a 1621.Sq ^ 1622character, then the specified algorithms will be placed at the head of the 1623default set. 1624The default for this option is: 1625.Bd -literal -offset 3n 1626ssh-ed25519-cert-v01@openssh.com, 1627ecdsa-sha2-nistp256-cert-v01@openssh.com, 1628ecdsa-sha2-nistp384-cert-v01@openssh.com, 1629ecdsa-sha2-nistp521-cert-v01@openssh.com, 1630sk-ssh-ed25519-cert-v01@openssh.com, 1631sk-ecdsa-sha2-nistp256-cert-v01@openssh.com, 1632rsa-sha2-512-cert-v01@openssh.com, 1633rsa-sha2-256-cert-v01@openssh.com, 1634ssh-ed25519, 1635ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, 1636sk-ssh-ed25519@openssh.com, 1637sk-ecdsa-sha2-nistp256@openssh.com, 1638rsa-sha2-512,rsa-sha2-256 1639.Ed 1640.Pp 1641The list of available signature algorithms may also be obtained using 1642.Qq ssh -Q PubkeyAcceptedAlgorithms . 1643.It Cm PubkeyAuthentication 1644Specifies whether to try public key authentication. 1645The argument to this keyword must be 1646.Cm yes 1647(the default), 1648.Cm no , 1649.Cm unbound 1650or 1651.Cm host-bound . 1652The final two options enable public key authentication while respectively 1653disabling or enabling the OpenSSH host-bound authentication protocol 1654extension required for restricted 1655.Xr ssh-agent 1 1656forwarding. 1657.It Cm RekeyLimit 1658Specifies the maximum amount of data that may be transmitted or received 1659before the session key is renegotiated, optionally followed by a maximum 1660amount of time that may pass before the session key is renegotiated. 1661The first argument is specified in bytes and may have a suffix of 1662.Sq K , 1663.Sq M , 1664or 1665.Sq G 1666to indicate Kilobytes, Megabytes, or Gigabytes, respectively. 1667The default is between 1668.Sq 1G 1669and 1670.Sq 4G , 1671depending on the cipher. 1672The optional second value is specified in seconds and may use any of the 1673units documented in the TIME FORMATS section of 1674.Xr sshd_config 5 . 1675The default value for 1676.Cm RekeyLimit 1677is 1678.Cm default none , 1679which means that rekeying is performed after the cipher's default amount 1680of data has been sent or received and no time based rekeying is done. 1681.It Cm RemoteCommand 1682Specifies a command to execute on the remote machine after successfully 1683connecting to the server. 1684The command string extends to the end of the line, and is executed with 1685the user's shell. 1686Arguments to 1687.Cm RemoteCommand 1688accept the tokens described in the 1689.Sx TOKENS 1690section. 1691.It Cm RemoteForward 1692Specifies that a TCP port on the remote machine be forwarded over 1693the secure channel. 1694The remote port may either be forwarded to a specified host and port 1695from the local machine, or may act as a SOCKS 4/5 proxy that allows a remote 1696client to connect to arbitrary destinations from the local machine. 1697The first argument is the listening specification and may be 1698.Sm off 1699.Oo Ar bind_address : Oc Ar port 1700.Sm on 1701or, if the remote host supports it, a Unix domain socket path. 1702If forwarding to a specific destination then the second argument must be 1703.Ar host : Ns Ar hostport 1704or a Unix domain socket path, 1705otherwise if no destination argument is specified then the remote forwarding 1706will be established as a SOCKS proxy. 1707When acting as a SOCKS proxy, the destination of the connection can be 1708restricted by 1709.Cm PermitRemoteOpen . 1710.Pp 1711IPv6 addresses can be specified by enclosing addresses in square brackets. 1712Multiple forwardings may be specified, and additional 1713forwardings can be given on the command line. 1714Privileged ports can be forwarded only when 1715logging in as root on the remote machine. 1716Unix domain socket paths may use the tokens described in the 1717.Sx TOKENS 1718section and environment variables as described in the 1719.Sx ENVIRONMENT VARIABLES 1720section. 1721.Pp 1722If the 1723.Ar port 1724argument is 0, 1725the listen port will be dynamically allocated on the server and reported 1726to the client at run time. 1727.Pp 1728If the 1729.Ar bind_address 1730is not specified, the default is to only bind to loopback addresses. 1731If the 1732.Ar bind_address 1733is 1734.Ql * 1735or an empty string, then the forwarding is requested to listen on all 1736interfaces. 1737Specifying a remote 1738.Ar bind_address 1739will only succeed if the server's 1740.Cm GatewayPorts 1741option is enabled (see 1742.Xr sshd_config 5 ) . 1743.It Cm RequestTTY 1744Specifies whether to request a pseudo-tty for the session. 1745The argument may be one of: 1746.Cm no 1747(never request a TTY), 1748.Cm yes 1749(always request a TTY when standard input is a TTY), 1750.Cm force 1751(always request a TTY) or 1752.Cm auto 1753(request a TTY when opening a login session). 1754This option mirrors the 1755.Fl t 1756and 1757.Fl T 1758flags for 1759.Xr ssh 1 . 1760.It Cm RequiredRSASize 1761Specifies the minimum RSA key size (in bits) that 1762.Xr ssh 1 1763will accept. 1764User authentication keys smaller than this limit will be ignored. 1765Servers that present host keys smaller than this limit will cause the 1766connection to be terminated. 1767The default is 1768.Cm 1024 1769bits. 1770Note that this limit may only be raised from the default. 1771.It Cm RevokedHostKeys 1772Specifies revoked host public keys. 1773Keys listed in this file will be refused for host authentication. 1774Note that if this file does not exist or is not readable, 1775then host authentication will be refused for all hosts. 1776Keys may be specified as a text file, listing one public key per line, or as 1777an OpenSSH Key Revocation List (KRL) as generated by 1778.Xr ssh-keygen 1 . 1779For more information on KRLs, see the KEY REVOCATION LISTS section in 1780.Xr ssh-keygen 1 . 1781Arguments to 1782.Cm RevokedHostKeys 1783may use the tilde syntax to refer to a user's home directory, 1784the tokens described in the 1785.Sx TOKENS 1786section and environment variables as described in the 1787.Sx ENVIRONMENT VARIABLES 1788section. 1789.It Cm SecurityKeyProvider 1790Specifies a path to a library that will be used when loading any 1791FIDO authenticator-hosted keys, overriding the default of using 1792the built-in USB HID support. 1793.Pp 1794If the specified value begins with a 1795.Sq $ 1796character, then it will be treated as an environment variable containing 1797the path to the library. 1798.It Cm SendEnv 1799Specifies what variables from the local 1800.Xr environ 7 1801should be sent to the server. 1802The server must also support it, and the server must be configured to 1803accept these environment variables. 1804Note that the 1805.Ev TERM 1806environment variable is always sent whenever a 1807pseudo-terminal is requested as it is required by the protocol. 1808Refer to 1809.Cm AcceptEnv 1810in 1811.Xr sshd_config 5 1812for how to configure the server. 1813Variables are specified by name, which may contain wildcard characters. 1814Multiple environment variables may be separated by whitespace or spread 1815across multiple 1816.Cm SendEnv 1817directives. 1818.Pp 1819See 1820.Sx PATTERNS 1821for more information on patterns. 1822.Pp 1823It is possible to clear previously set 1824.Cm SendEnv 1825variable names by prefixing patterns with 1826.Pa - . 1827The default is not to send any environment variables. 1828.It Cm ServerAliveCountMax 1829Sets the number of server alive messages (see below) which may be 1830sent without 1831.Xr ssh 1 1832receiving any messages back from the server. 1833If this threshold is reached while server alive messages are being sent, 1834ssh will disconnect from the server, terminating the session. 1835It is important to note that the use of server alive messages is very 1836different from 1837.Cm TCPKeepAlive 1838(below). 1839The server alive messages are sent through the encrypted channel 1840and therefore will not be spoofable. 1841The TCP keepalive option enabled by 1842.Cm TCPKeepAlive 1843is spoofable. 1844The server alive mechanism is valuable when the client or 1845server depend on knowing when a connection has become unresponsive. 1846.Pp 1847The default value is 3. 1848If, for example, 1849.Cm ServerAliveInterval 1850(see below) is set to 15 and 1851.Cm ServerAliveCountMax 1852is left at the default, if the server becomes unresponsive, 1853ssh will disconnect after approximately 45 seconds. 1854.It Cm ServerAliveInterval 1855Sets a timeout interval in seconds after which if no data has been received 1856from the server, 1857.Xr ssh 1 1858will send a message through the encrypted 1859channel to request a response from the server. 1860The default 1861is 0, indicating that these messages will not be sent to the server. 1862.It Cm SessionType 1863May be used to either request invocation of a subsystem on the remote system, 1864or to prevent the execution of a remote command at all. 1865The latter is useful for just forwarding ports. 1866The argument to this keyword must be 1867.Cm none 1868(same as the 1869.Fl N 1870option), 1871.Cm subsystem 1872(same as the 1873.Fl s 1874option) or 1875.Cm default 1876(shell or command execution). 1877.It Cm SetEnv 1878Directly specify one or more environment variables and their contents to 1879be sent to the server. 1880Similarly to 1881.Cm SendEnv , 1882with the exception of the 1883.Ev TERM 1884variable, the server must be prepared to accept the environment variable. 1885.It Cm StdinNull 1886Redirects stdin from 1887.Pa /dev/null 1888(actually, prevents reading from stdin). 1889Either this or the equivalent 1890.Fl n 1891option must be used when 1892.Nm ssh 1893is run in the background. 1894The argument to this keyword must be 1895.Cm yes 1896(same as the 1897.Fl n 1898option) or 1899.Cm no 1900(the default). 1901.It Cm StreamLocalBindMask 1902Sets the octal file creation mode mask 1903.Pq umask 1904used when creating a Unix-domain socket file for local or remote 1905port forwarding. 1906This option is only used for port forwarding to a Unix-domain socket file. 1907.Pp 1908The default value is 0177, which creates a Unix-domain socket file that is 1909readable and writable only by the owner. 1910Note that not all operating systems honor the file mode on Unix-domain 1911socket files. 1912.It Cm StreamLocalBindUnlink 1913Specifies whether to remove an existing Unix-domain socket file for local 1914or remote port forwarding before creating a new one. 1915If the socket file already exists and 1916.Cm StreamLocalBindUnlink 1917is not enabled, 1918.Nm ssh 1919will be unable to forward the port to the Unix-domain socket file. 1920This option is only used for port forwarding to a Unix-domain socket file. 1921.Pp 1922The argument must be 1923.Cm yes 1924or 1925.Cm no 1926(the default). 1927.It Cm StrictHostKeyChecking 1928If this flag is set to 1929.Cm yes , 1930.Xr ssh 1 1931will never automatically add host keys to the 1932.Pa ~/.ssh/known_hosts 1933file, and refuses to connect to hosts whose host key has changed. 1934This provides maximum protection against man-in-the-middle (MITM) attacks, 1935though it can be annoying when the 1936.Pa /etc/ssh/ssh_known_hosts 1937file is poorly maintained or when connections to new hosts are 1938frequently made. 1939This option forces the user to manually 1940add all new hosts. 1941.Pp 1942If this flag is set to 1943.Cm accept-new 1944then ssh will automatically add new host keys to the user's 1945.Pa known_hosts 1946file, but will not permit connections to hosts with 1947changed host keys. 1948If this flag is set to 1949.Cm no 1950or 1951.Cm off , 1952ssh will automatically add new host keys to the user known hosts files 1953and allow connections to hosts with changed hostkeys to proceed, 1954subject to some restrictions. 1955If this flag is set to 1956.Cm ask 1957(the default), 1958new host keys 1959will be added to the user known host files only after the user 1960has confirmed that is what they really want to do, and 1961ssh will refuse to connect to hosts whose host key has changed. 1962The host keys of 1963known hosts will be verified automatically in all cases. 1964.It Cm SyslogFacility 1965Gives the facility code that is used when logging messages from 1966.Xr ssh 1 . 1967The possible values are: DAEMON, USER, AUTH, LOCAL0, LOCAL1, LOCAL2, 1968LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7. 1969The default is USER. 1970.It Cm TCPKeepAlive 1971Specifies whether the system should send TCP keepalive messages to the 1972other side. 1973If they are sent, death of the connection or crash of one 1974of the machines will be properly noticed. 1975However, this means that 1976connections will die if the route is down temporarily, and some people 1977find it annoying. 1978.Pp 1979The default is 1980.Cm yes 1981(to send TCP keepalive messages), and the client will notice 1982if the network goes down or the remote host dies. 1983This is important in scripts, and many users want it too. 1984.Pp 1985To disable TCP keepalive messages, the value should be set to 1986.Cm no . 1987See also 1988.Cm ServerAliveInterval 1989for protocol-level keepalives. 1990.It Cm Tag 1991Specify a configuration tag name that may be later used by a 1992.Cm Match 1993directive to select a block of configuration. 1994.It Cm Tunnel 1995Request 1996.Xr tun 4 1997device forwarding between the client and the server. 1998The argument must be 1999.Cm yes , 2000.Cm point-to-point 2001(layer 3), 2002.Cm ethernet 2003(layer 2), 2004or 2005.Cm no 2006(the default). 2007Specifying 2008.Cm yes 2009requests the default tunnel mode, which is 2010.Cm point-to-point . 2011.It Cm TunnelDevice 2012Specifies the 2013.Xr tun 4 2014devices to open on the client 2015.Pq Ar local_tun 2016and the server 2017.Pq Ar remote_tun . 2018.Pp 2019The argument must be 2020.Sm off 2021.Ar local_tun Op : Ar remote_tun . 2022.Sm on 2023The devices may be specified by numerical ID or the keyword 2024.Cm any , 2025which uses the next available tunnel device. 2026If 2027.Ar remote_tun 2028is not specified, it defaults to 2029.Cm any . 2030The default is 2031.Cm any:any . 2032.It Cm UpdateHostKeys 2033Specifies whether 2034.Xr ssh 1 2035should accept notifications of additional hostkeys from the server sent 2036after authentication has completed and add them to 2037.Cm UserKnownHostsFile . 2038The argument must be 2039.Cm yes , 2040.Cm no 2041or 2042.Cm ask . 2043This option allows learning alternate hostkeys for a server 2044and supports graceful key rotation by allowing a server to send replacement 2045public keys before old ones are removed. 2046.Pp 2047Additional hostkeys are only accepted if the key used to authenticate the 2048host was already trusted or explicitly accepted by the user, the host was 2049authenticated via 2050.Cm UserKnownHostsFile 2051(i.e. not 2052.Cm GlobalKnownHostsFile ) 2053and the host was authenticated using a plain key and not a certificate. 2054.Pp 2055.Cm UpdateHostKeys 2056is enabled by default if the user has not overridden the default 2057.Cm UserKnownHostsFile 2058setting and has not enabled 2059.Cm VerifyHostKeyDNS , 2060otherwise 2061.Cm UpdateHostKeys 2062will be set to 2063.Cm no . 2064.Pp 2065If 2066.Cm UpdateHostKeys 2067is set to 2068.Cm ask , 2069then the user is asked to confirm the modifications to the known_hosts file. 2070Confirmation is currently incompatible with 2071.Cm ControlPersist , 2072and will be disabled if it is enabled. 2073.Pp 2074Presently, only 2075.Xr sshd 8 2076from OpenSSH 6.8 and greater support the 2077.Qq hostkeys@openssh.com 2078protocol extension used to inform the client of all the server's hostkeys. 2079.It Cm User 2080Specifies the user to log in as. 2081This can be useful when a different user name is used on different machines. 2082This saves the trouble of 2083having to remember to give the user name on the command line. 2084.It Cm UserKnownHostsFile 2085Specifies one or more files to use for the user 2086host key database, separated by whitespace. 2087Each filename may use tilde notation to refer to the user's home directory, 2088the tokens described in the 2089.Sx TOKENS 2090section and environment variables as described in the 2091.Sx ENVIRONMENT VARIABLES 2092section. 2093A value of 2094.Cm none 2095causes 2096.Xr ssh 1 2097to ignore any user-specific known hosts files. 2098The default is 2099.Pa ~/.ssh/known_hosts , 2100.Pa ~/.ssh/known_hosts2 . 2101.It Cm VerifyHostKeyDNS 2102Specifies whether to verify the remote key using DNS and SSHFP resource 2103records. 2104If this option is set to 2105.Cm yes , 2106the client will implicitly trust keys that match a secure fingerprint 2107from DNS. 2108Insecure fingerprints will be handled as if this option was set to 2109.Cm ask . 2110If this option is set to 2111.Cm ask , 2112information on fingerprint match will be displayed, but the user will still 2113need to confirm new host keys according to the 2114.Cm StrictHostKeyChecking 2115option. 2116The default is 2117.Cm no . 2118.Pp 2119See also 2120.Sx VERIFYING HOST KEYS 2121in 2122.Xr ssh 1 . 2123.It Cm VisualHostKey 2124If this flag is set to 2125.Cm yes , 2126an ASCII art representation of the remote host key fingerprint is 2127printed in addition to the fingerprint string at login and 2128for unknown host keys. 2129If this flag is set to 2130.Cm no 2131(the default), 2132no fingerprint strings are printed at login and 2133only the fingerprint string will be printed for unknown host keys. 2134.It Cm XAuthLocation 2135Specifies the full pathname of the 2136.Xr xauth 1 2137program. 2138The default is 2139.Pa /usr/local/bin/xauth . 2140.El 2141.Sh PATTERNS 2142A 2143.Em pattern 2144consists of zero or more non-whitespace characters, 2145.Sq * 2146(a wildcard that matches zero or more characters), 2147or 2148.Sq ?\& 2149(a wildcard that matches exactly one character). 2150For example, to specify a set of declarations for any host in the 2151.Qq .co.uk 2152set of domains, 2153the following pattern could be used: 2154.Pp 2155.Dl Host *.co.uk 2156.Pp 2157The following pattern 2158would match any host in the 192.168.0.[0-9] network range: 2159.Pp 2160.Dl Host 192.168.0.? 2161.Pp 2162A 2163.Em pattern-list 2164is a comma-separated list of patterns. 2165Patterns within pattern-lists may be negated 2166by preceding them with an exclamation mark 2167.Pq Sq !\& . 2168For example, 2169to allow a key to be used from anywhere within an organization 2170except from the 2171.Qq dialup 2172pool, 2173the following entry (in authorized_keys) could be used: 2174.Pp 2175.Dl from=\&"!*.dialup.example.com,*.example.com\&" 2176.Pp 2177Note that a negated match will never produce a positive result by itself. 2178For example, attempting to match 2179.Qq host3 2180against the following pattern-list will fail: 2181.Pp 2182.Dl from=\&"!host1,!host2\&" 2183.Pp 2184The solution here is to include a term that will yield a positive match, 2185such as a wildcard: 2186.Pp 2187.Dl from=\&"!host1,!host2,*\&" 2188.Sh TOKENS 2189Arguments to some keywords can make use of tokens, 2190which are expanded at runtime: 2191.Pp 2192.Bl -tag -width XXXX -offset indent -compact 2193.It %% 2194A literal 2195.Sq % . 2196.It \&%C 2197Hash of %l%h%p%r%j. 2198.It %d 2199Local user's home directory. 2200.It %f 2201The fingerprint of the server's host key. 2202.It %H 2203The 2204.Pa known_hosts 2205hostname or address that is being searched for. 2206.It %h 2207The remote hostname. 2208.It \%%I 2209A string describing the reason for a 2210.Cm KnownHostsCommand 2211execution: either 2212.Cm ADDRESS 2213when looking up a host by address (only when 2214.Cm CheckHostIP 2215is enabled), 2216.Cm HOSTNAME 2217when searching by hostname, or 2218.Cm ORDER 2219when preparing the host key algorithm preference list to use for the 2220destination host. 2221.It %i 2222The local user ID. 2223.It %j 2224The contents of the ProxyJump option, or the empty string if this 2225option is unset. 2226.It %K 2227The base64 encoded host key. 2228.It %k 2229The host key alias if specified, otherwise the original remote hostname given 2230on the command line. 2231.It %L 2232The local hostname. 2233.It %l 2234The local hostname, including the domain name. 2235.It %n 2236The original remote hostname, as given on the command line. 2237.It %p 2238The remote port. 2239.It %r 2240The remote username. 2241.It \&%T 2242The local 2243.Xr tun 4 2244or 2245.Xr tap 4 2246network interface assigned if 2247tunnel forwarding was requested, or 2248.Qq NONE 2249otherwise. 2250.It %t 2251The type of the server host key, e.g. 2252.Cm ssh-ed25519 . 2253.It %u 2254The local username. 2255.El 2256.Pp 2257.Cm CertificateFile , 2258.Cm ControlPath , 2259.Cm IdentityAgent , 2260.Cm IdentityFile , 2261.Cm KnownHostsCommand , 2262.Cm LocalForward , 2263.Cm Match exec , 2264.Cm RemoteCommand , 2265.Cm RemoteForward , 2266.Cm RevokedHostKeys , 2267and 2268.Cm UserKnownHostsFile 2269accept the tokens %%, %C, %d, %h, %i, %j, %k, %L, %l, %n, %p, %r, and %u. 2270.Pp 2271.Cm KnownHostsCommand 2272additionally accepts the tokens %f, %H, %I, %K and %t. 2273.Pp 2274.Cm Hostname 2275accepts the tokens %% and %h. 2276.Pp 2277.Cm LocalCommand 2278accepts all tokens. 2279.Pp 2280.Cm ProxyCommand 2281and 2282.Cm ProxyJump 2283accept the tokens %%, %h, %n, %p, and %r. 2284.Pp 2285Note that some of these directives build commands for execution via the shell. 2286Because 2287.Xr ssh 1 2288performs no filtering or escaping of characters that have special meaning in 2289shell commands (e.g. quotes), it is the user's responsibility to ensure that 2290the arguments passed to 2291.Xr ssh 1 2292do not contain such characters and that tokens are appropriately quoted 2293when used. 2294.Sh ENVIRONMENT VARIABLES 2295Arguments to some keywords can be expanded at runtime from environment 2296variables on the client by enclosing them in 2297.Ic ${} , 2298for example 2299.Ic ${HOME}/.ssh 2300would refer to the user's .ssh directory. 2301If a specified environment variable does not exist then an error will be 2302returned and the setting for that keyword will be ignored. 2303.Pp 2304The keywords 2305.Cm CertificateFile , 2306.Cm ControlPath , 2307.Cm IdentityAgent , 2308.Cm IdentityFile , 2309.Cm KnownHostsCommand , 2310and 2311.Cm UserKnownHostsFile 2312support environment variables. 2313The keywords 2314.Cm LocalForward 2315and 2316.Cm RemoteForward 2317support environment variables only for Unix domain socket paths. 2318.Sh FILES 2319.Bl -tag -width Ds 2320.It Pa ~/.ssh/config 2321This is the per-user configuration file. 2322The format of this file is described above. 2323This file is used by the SSH client. 2324Because of the potential for abuse, this file must have strict permissions: 2325read/write for the user, and not writable by others. 2326.It Pa /etc/ssh/ssh_config 2327Systemwide configuration file. 2328This file provides defaults for those 2329values that are not specified in the user's configuration file, and 2330for those users who do not have a configuration file. 2331This file must be world-readable. 2332.El 2333.Sh SEE ALSO 2334.Xr ssh 1 2335.Sh AUTHORS 2336.An -nosplit 2337OpenSSH is a derivative of the original and free 2338ssh 1.2.12 release by 2339.An Tatu Ylonen . 2340.An Aaron Campbell , Bob Beck , Markus Friedl , 2341.An Niels Provos , Theo de Raadt 2342and 2343.An Dug Song 2344removed many bugs, re-added newer features and 2345created OpenSSH. 2346.An Markus Friedl 2347contributed the support for SSH protocol versions 1.5 and 2.0. 2348