xref: /freebsd/crypto/openssh/ssh_config.5 (revision 78ae60b447ebf420dd5cebfec30480866fd5cef4)
1.\"
2.\" Author: Tatu Ylonen <ylo@cs.hut.fi>
3.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
4.\"                    All rights reserved
5.\"
6.\" As far as I am concerned, the code I have written for this software
7.\" can be used freely for any purpose.  Any derived versions of this
8.\" software must be clearly marked as such, and if the derived work is
9.\" incompatible with the protocol description in the RFC file, it must be
10.\" called by a name other than "ssh" or "Secure Shell".
11.\"
12.\" Copyright (c) 1999,2000 Markus Friedl.  All rights reserved.
13.\" Copyright (c) 1999 Aaron Campbell.  All rights reserved.
14.\" Copyright (c) 1999 Theo de Raadt.  All rights reserved.
15.\"
16.\" Redistribution and use in source and binary forms, with or without
17.\" modification, are permitted provided that the following conditions
18.\" are met:
19.\" 1. Redistributions of source code must retain the above copyright
20.\"    notice, this list of conditions and the following disclaimer.
21.\" 2. Redistributions in binary form must reproduce the above copyright
22.\"    notice, this list of conditions and the following disclaimer in the
23.\"    documentation and/or other materials provided with the distribution.
24.\"
25.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
26.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
27.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
28.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
29.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
30.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
31.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
32.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
33.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
34.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
35.\"
36.\" $OpenBSD: ssh_config.5,v 1.391 2023/10/12 02:18:18 djm Exp $
37.Dd $Mdocdate: October 12 2023 $
38.Dt SSH_CONFIG 5
39.Os
40.Sh NAME
41.Nm ssh_config
42.Nd OpenSSH client configuration file
43.Sh DESCRIPTION
44.Xr ssh 1
45obtains configuration data from the following sources in
46the following order:
47.Pp
48.Bl -enum -offset indent -compact
49.It
50command-line options
51.It
52user's configuration file
53.Pq Pa ~/.ssh/config
54.It
55system-wide configuration file
56.Pq Pa /etc/ssh/ssh_config
57.El
58.Pp
59Unless noted otherwise, for each parameter, the first obtained value
60will be used.
61The configuration files contain sections separated by
62.Cm Host
63specifications, and that section is only applied for hosts that
64match one of the patterns given in the specification.
65The matched host name is usually the one given on the command line
66(see the
67.Cm CanonicalizeHostname
68option for exceptions).
69.Pp
70Since the first obtained value for each parameter is used, more
71host-specific declarations should be given near the beginning of the
72file, and general defaults at the end.
73.Pp
74The file contains keyword-argument pairs, one per line.
75Lines starting with
76.Ql #
77and empty lines are interpreted as comments.
78Arguments may optionally be enclosed in double quotes
79.Pq \&"
80in order to represent arguments containing spaces.
81Configuration options may be separated by whitespace or
82optional whitespace and exactly one
83.Ql = ;
84the latter format is useful to avoid the need to quote whitespace
85when specifying configuration options using the
86.Nm ssh ,
87.Nm scp ,
88and
89.Nm sftp
90.Fl o
91option.
92.Pp
93The possible
94keywords and their meanings are as follows (note that
95keywords are case-insensitive and arguments are case-sensitive):
96.Bl -tag -width Ds
97.It Cm Host
98Restricts the following declarations (up to the next
99.Cm Host
100or
101.Cm Match
102keyword) to be only for those hosts that match one of the patterns
103given after the keyword.
104If more than one pattern is provided, they should be separated by whitespace.
105A single
106.Ql *
107as a pattern can be used to provide global
108defaults for all hosts.
109The host is usually the
110.Ar hostname
111argument given on the command line
112(see the
113.Cm CanonicalizeHostname
114keyword for exceptions).
115.Pp
116A pattern entry may be negated by prefixing it with an exclamation mark
117.Pq Sq !\& .
118If a negated entry is matched, then the
119.Cm Host
120entry is ignored, regardless of whether any other patterns on the line
121match.
122Negated matches are therefore useful to provide exceptions for wildcard
123matches.
124.Pp
125See
126.Sx PATTERNS
127for more information on patterns.
128.It Cm Match
129Restricts the following declarations (up to the next
130.Cm Host
131or
132.Cm Match
133keyword) to be used only when the conditions following the
134.Cm Match
135keyword are satisfied.
136Match conditions are specified using one or more criteria
137or the single token
138.Cm all
139which always matches.
140The available criteria keywords are:
141.Cm canonical ,
142.Cm final ,
143.Cm exec ,
144.Cm localnetwork ,
145.Cm host ,
146.Cm originalhost ,
147.Cm Tag ,
148.Cm user ,
149and
150.Cm localuser .
151The
152.Cm all
153criteria must appear alone or immediately after
154.Cm canonical
155or
156.Cm final .
157Other criteria may be combined arbitrarily.
158All criteria but
159.Cm all ,
160.Cm canonical ,
161and
162.Cm final
163require an argument.
164Criteria may be negated by prepending an exclamation mark
165.Pq Sq !\& .
166.Pp
167The
168.Cm canonical
169keyword matches only when the configuration file is being re-parsed
170after hostname canonicalization (see the
171.Cm CanonicalizeHostname
172option).
173This may be useful to specify conditions that work with canonical host
174names only.
175.Pp
176The
177.Cm final
178keyword requests that the configuration be re-parsed (regardless of whether
179.Cm CanonicalizeHostname
180is enabled), and matches only during this final pass.
181If
182.Cm CanonicalizeHostname
183is enabled, then
184.Cm canonical
185and
186.Cm final
187match during the same pass.
188.Pp
189The
190.Cm exec
191keyword executes the specified command under the user's shell.
192If the command returns a zero exit status then the condition is considered true.
193Commands containing whitespace characters must be quoted.
194Arguments to
195.Cm exec
196accept the tokens described in the
197.Sx TOKENS
198section.
199.Pp
200The
201.Cm localnetwork
202keyword matches the addresses of active local network interfaces against the
203supplied list of networks in CIDR format.
204This may be convenient for varying the effective configuration on devices that
205roam between networks.
206Note that network address is not a trustworthy criteria in many
207situations (e.g. when the network is automatically configured using DHCP)
208and so caution should be applied if using it to control security-sensitive
209configuration.
210.Pp
211The other keywords' criteria must be single entries or comma-separated
212lists and may use the wildcard and negation operators described in the
213.Sx PATTERNS
214section.
215The criteria for the
216.Cm host
217keyword are matched against the target hostname, after any substitution
218by the
219.Cm Hostname
220or
221.Cm CanonicalizeHostname
222options.
223The
224.Cm originalhost
225keyword matches against the hostname as it was specified on the command-line.
226The
227.Cm tagged
228keyword matches a tag name specified by a prior
229.Cm Tag
230directive or on the
231.Xr ssh 1
232command-line using the
233.Fl P
234flag.
235The
236.Cm user
237keyword matches against the target username on the remote host.
238The
239.Cm localuser
240keyword matches against the name of the local user running
241.Xr ssh 1
242(this keyword may be useful in system-wide
243.Nm
244files).
245.It Cm AddKeysToAgent
246Specifies whether keys should be automatically added to a running
247.Xr ssh-agent 1 .
248If this option is set to
249.Cm yes
250and a key is loaded from a file, the key and its passphrase are added to
251the agent with the default lifetime, as if by
252.Xr ssh-add 1 .
253If this option is set to
254.Cm ask ,
255.Xr ssh 1
256will require confirmation using the
257.Ev SSH_ASKPASS
258program before adding a key (see
259.Xr ssh-add 1
260for details).
261If this option is set to
262.Cm confirm ,
263each use of the key must be confirmed, as if the
264.Fl c
265option was specified to
266.Xr ssh-add 1 .
267If this option is set to
268.Cm no ,
269no keys are added to the agent.
270Alternately, this option may be specified as a time interval
271using the format described in the
272.Sx TIME FORMATS
273section of
274.Xr sshd_config 5
275to specify the key's lifetime in
276.Xr ssh-agent 1 ,
277after which it will automatically be removed.
278The argument must be
279.Cm no
280(the default),
281.Cm yes ,
282.Cm confirm
283(optionally followed by a time interval),
284.Cm ask
285or a time interval.
286.It Cm AddressFamily
287Specifies which address family to use when connecting.
288Valid arguments are
289.Cm any
290(the default),
291.Cm inet
292(use IPv4 only), or
293.Cm inet6
294(use IPv6 only).
295.It Cm BatchMode
296If set to
297.Cm yes ,
298user interaction such as password prompts and host key confirmation requests
299will be disabled.
300This option is useful in scripts and other batch jobs where no user
301is present to interact with
302.Xr ssh 1 .
303The argument must be
304.Cm yes
305or
306.Cm no
307(the default).
308.It Cm BindAddress
309Use the specified address on the local machine as the source address of
310the connection.
311Only useful on systems with more than one address.
312.It Cm BindInterface
313Use the address of the specified interface on the local machine as the
314source address of the connection.
315.It Cm CanonicalDomains
316When
317.Cm CanonicalizeHostname
318is enabled, this option specifies the list of domain suffixes in which to
319search for the specified destination host.
320.It Cm CanonicalizeFallbackLocal
321Specifies whether to fail with an error when hostname canonicalization fails.
322The default,
323.Cm yes ,
324will attempt to look up the unqualified hostname using the system resolver's
325search rules.
326A value of
327.Cm no
328will cause
329.Xr ssh 1
330to fail instantly if
331.Cm CanonicalizeHostname
332is enabled and the target hostname cannot be found in any of the domains
333specified by
334.Cm CanonicalDomains .
335.It Cm CanonicalizeHostname
336Controls whether explicit hostname canonicalization is performed.
337The default,
338.Cm no ,
339is not to perform any name rewriting and let the system resolver handle all
340hostname lookups.
341If set to
342.Cm yes
343then, for connections that do not use a
344.Cm ProxyCommand
345or
346.Cm ProxyJump ,
347.Xr ssh 1
348will attempt to canonicalize the hostname specified on the command line
349using the
350.Cm CanonicalDomains
351suffixes and
352.Cm CanonicalizePermittedCNAMEs
353rules.
354If
355.Cm CanonicalizeHostname
356is set to
357.Cm always ,
358then canonicalization is applied to proxied connections too.
359.Pp
360If this option is enabled, then the configuration files are processed
361again using the new target name to pick up any new configuration in matching
362.Cm Host
363and
364.Cm Match
365stanzas.
366A value of
367.Cm none
368disables the use of a
369.Cm ProxyJump
370host.
371.It Cm CanonicalizeMaxDots
372Specifies the maximum number of dot characters in a hostname before
373canonicalization is disabled.
374The default, 1,
375allows a single dot (i.e. hostname.subdomain).
376.It Cm CanonicalizePermittedCNAMEs
377Specifies rules to determine whether CNAMEs should be followed when
378canonicalizing hostnames.
379The rules consist of one or more arguments of
380.Ar source_domain_list : Ns Ar target_domain_list ,
381where
382.Ar source_domain_list
383is a pattern-list of domains that may follow CNAMEs in canonicalization,
384and
385.Ar target_domain_list
386is a pattern-list of domains that they may resolve to.
387.Pp
388For example,
389.Qq *.a.example.com:*.b.example.com,*.c.example.com
390will allow hostnames matching
391.Qq *.a.example.com
392to be canonicalized to names in the
393.Qq *.b.example.com
394or
395.Qq *.c.example.com
396domains.
397.Pp
398A single argument of
399.Qq none
400causes no CNAMEs to be considered for canonicalization.
401This is the default behaviour.
402.It Cm CASignatureAlgorithms
403Specifies which algorithms are allowed for signing of certificates
404by certificate authorities (CAs).
405The default is:
406.Bd -literal -offset indent
407ssh-ed25519,ecdsa-sha2-nistp256,
408ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
409sk-ssh-ed25519@openssh.com,
410sk-ecdsa-sha2-nistp256@openssh.com,
411rsa-sha2-512,rsa-sha2-256
412.Ed
413.Pp
414If the specified list begins with a
415.Sq +
416character, then the specified algorithms will be appended to the default set
417instead of replacing them.
418If the specified list begins with a
419.Sq -
420character, then the specified algorithms (including wildcards) will be removed
421from the default set instead of replacing them.
422.Pp
423.Xr ssh 1
424will not accept host certificates signed using algorithms other than those
425specified.
426.It Cm CertificateFile
427Specifies a file from which the user's certificate is read.
428A corresponding private key must be provided separately in order
429to use this certificate either
430from an
431.Cm IdentityFile
432directive or
433.Fl i
434flag to
435.Xr ssh 1 ,
436via
437.Xr ssh-agent 1 ,
438or via a
439.Cm PKCS11Provider
440or
441.Cm SecurityKeyProvider .
442.Pp
443Arguments to
444.Cm CertificateFile
445may use the tilde syntax to refer to a user's home directory,
446the tokens described in the
447.Sx TOKENS
448section and environment variables as described in the
449.Sx ENVIRONMENT VARIABLES
450section.
451.Pp
452It is possible to have multiple certificate files specified in
453configuration files; these certificates will be tried in sequence.
454Multiple
455.Cm CertificateFile
456directives will add to the list of certificates used for
457authentication.
458.It Cm ChannelTimeout
459Specifies whether and how quickly
460.Xr ssh 1
461should close inactive channels.
462Timeouts are specified as one or more
463.Dq type=interval
464pairs separated by whitespace, where the
465.Dq type
466must be a channel type name (as described in the table below), optionally
467containing wildcard characters.
468.Pp
469The timeout value
470.Dq interval
471is specified in seconds or may use any of the units documented in the
472.Sx TIME FORMATS
473section.
474For example,
475.Dq session=5m
476would cause the interactive session to terminate after five minutes of
477inactivity.
478Specifying a zero value disables the inactivity timeout.
479.Pp
480The available channel types include:
481.Bl -tag -width Ds
482.It Cm agent-connection
483Open connections to
484.Xr ssh-agent 1 .
485.It Cm direct-tcpip , Cm direct-streamlocal@openssh.com
486Open TCP or Unix socket (respectively) connections that have
487been established from a
488.Xr ssh 1
489local forwarding, i.e.\&
490.Cm LocalForward
491or
492.Cm DynamicForward .
493.It Cm forwarded-tcpip , Cm forwarded-streamlocal@openssh.com
494Open TCP or Unix socket (respectively) connections that have been
495established to a
496.Xr sshd 8
497listening on behalf of a
498.Xr ssh 1
499remote forwarding, i.e.\&
500.Cm RemoteForward .
501.It Cm session
502The interactive main session, including shell session, command execution,
503.Xr scp 1 ,
504.Xr sftp 1 ,
505etc.
506.It Cm tun-connection
507Open
508.Cm TunnelForward
509connections.
510.It Cm x11-connection
511Open X11 forwarding sessions.
512.El
513.Pp
514Note that in all the above cases, terminating an inactive session does not
515guarantee to remove all resources associated with the session, e.g. shell
516processes or X11 clients relating to the session may continue to execute.
517.Pp
518Moreover, terminating an inactive channel or session does not necessarily
519close the SSH connection, nor does it prevent a client from
520requesting another channel of the same type.
521In particular, expiring an inactive forwarding session does not prevent
522another identical forwarding from being subsequently created.
523.Pp
524The default is not to expire channels of any type for inactivity.
525.It Cm CheckHostIP
526If set to
527.Cm yes ,
528.Xr ssh 1
529will additionally check the host IP address in the
530.Pa known_hosts
531file.
532This allows it to detect if a host key changed due to DNS spoofing
533and will add addresses of destination hosts to
534.Pa ~/.ssh/known_hosts
535in the process, regardless of the setting of
536.Cm StrictHostKeyChecking .
537If the option is set to
538.Cm no
539(the default),
540the check will not be executed.
541The default is
542.Cm no .
543.It Cm Ciphers
544Specifies the ciphers allowed and their order of preference.
545Multiple ciphers must be comma-separated.
546If the specified list begins with a
547.Sq +
548character, then the specified ciphers will be appended to the default set
549instead of replacing them.
550If the specified list begins with a
551.Sq -
552character, then the specified ciphers (including wildcards) will be removed
553from the default set instead of replacing them.
554If the specified list begins with a
555.Sq ^
556character, then the specified ciphers will be placed at the head of the
557default set.
558.Pp
559The supported ciphers are:
560.Bd -literal -offset indent
5613des-cbc
562aes128-cbc
563aes192-cbc
564aes256-cbc
565aes128-ctr
566aes192-ctr
567aes256-ctr
568aes128-gcm@openssh.com
569aes256-gcm@openssh.com
570chacha20-poly1305@openssh.com
571.Ed
572.Pp
573The default is:
574.Bd -literal -offset indent
575chacha20-poly1305@openssh.com,
576aes128-ctr,aes192-ctr,aes256-ctr,
577aes128-gcm@openssh.com,aes256-gcm@openssh.com
578.Ed
579.Pp
580The list of available ciphers may also be obtained using
581.Qq ssh -Q cipher .
582.It Cm ClearAllForwardings
583Specifies that all local, remote, and dynamic port forwardings
584specified in the configuration files or on the command line be
585cleared.
586This option is primarily useful when used from the
587.Xr ssh 1
588command line to clear port forwardings set in
589configuration files, and is automatically set by
590.Xr scp 1
591and
592.Xr sftp 1 .
593The argument must be
594.Cm yes
595or
596.Cm no
597(the default).
598.It Cm Compression
599Specifies whether to use compression.
600The argument must be
601.Cm yes
602or
603.Cm no
604(the default).
605.It Cm ConnectionAttempts
606Specifies the number of tries (one per second) to make before exiting.
607The argument must be an integer.
608This may be useful in scripts if the connection sometimes fails.
609The default is 1.
610.It Cm ConnectTimeout
611Specifies the timeout (in seconds) used when connecting to the
612SSH server, instead of using the default system TCP timeout.
613This timeout is applied both to establishing the connection and to performing
614the initial SSH protocol handshake and key exchange.
615.It Cm ControlMaster
616Enables the sharing of multiple sessions over a single network connection.
617When set to
618.Cm yes ,
619.Xr ssh 1
620will listen for connections on a control socket specified using the
621.Cm ControlPath
622argument.
623Additional sessions can connect to this socket using the same
624.Cm ControlPath
625with
626.Cm ControlMaster
627set to
628.Cm no
629(the default).
630These sessions will try to reuse the master instance's network connection
631rather than initiating new ones, but will fall back to connecting normally
632if the control socket does not exist, or is not listening.
633.Pp
634Setting this to
635.Cm ask
636will cause
637.Xr ssh 1
638to listen for control connections, but require confirmation using
639.Xr ssh-askpass 1 .
640If the
641.Cm ControlPath
642cannot be opened,
643.Xr ssh 1
644will continue without connecting to a master instance.
645.Pp
646X11 and
647.Xr ssh-agent 1
648forwarding is supported over these multiplexed connections, however the
649display and agent forwarded will be the one belonging to the master
650connection i.e. it is not possible to forward multiple displays or agents.
651.Pp
652Two additional options allow for opportunistic multiplexing: try to use a
653master connection but fall back to creating a new one if one does not already
654exist.
655These options are:
656.Cm auto
657and
658.Cm autoask .
659The latter requires confirmation like the
660.Cm ask
661option.
662.It Cm ControlPath
663Specify the path to the control socket used for connection sharing as described
664in the
665.Cm ControlMaster
666section above or the string
667.Cm none
668to disable connection sharing.
669Arguments to
670.Cm ControlPath
671may use the tilde syntax to refer to a user's home directory,
672the tokens described in the
673.Sx TOKENS
674section and environment variables as described in the
675.Sx ENVIRONMENT VARIABLES
676section.
677It is recommended that any
678.Cm ControlPath
679used for opportunistic connection sharing include
680at least %h, %p, and %r (or alternatively %C) and be placed in a directory
681that is not writable by other users.
682This ensures that shared connections are uniquely identified.
683.It Cm ControlPersist
684When used in conjunction with
685.Cm ControlMaster ,
686specifies that the master connection should remain open
687in the background (waiting for future client connections)
688after the initial client connection has been closed.
689If set to
690.Cm no
691(the default),
692then the master connection will not be placed into the background,
693and will close as soon as the initial client connection is closed.
694If set to
695.Cm yes
696or 0,
697then the master connection will remain in the background indefinitely
698(until killed or closed via a mechanism such as the
699.Qq ssh -O exit ) .
700If set to a time in seconds, or a time in any of the formats documented in
701.Xr sshd_config 5 ,
702then the backgrounded master connection will automatically terminate
703after it has remained idle (with no client connections) for the
704specified time.
705.It Cm DynamicForward
706Specifies that a TCP port on the local machine be forwarded
707over the secure channel, and the application
708protocol is then used to determine where to connect to from the
709remote machine.
710.Pp
711The argument must be
712.Sm off
713.Oo Ar bind_address : Oc Ar port .
714.Sm on
715IPv6 addresses can be specified by enclosing addresses in square brackets.
716By default, the local port is bound in accordance with the
717.Cm GatewayPorts
718setting.
719However, an explicit
720.Ar bind_address
721may be used to bind the connection to a specific address.
722The
723.Ar bind_address
724of
725.Cm localhost
726indicates that the listening port be bound for local use only, while an
727empty address or
728.Sq *
729indicates that the port should be available from all interfaces.
730.Pp
731Currently the SOCKS4 and SOCKS5 protocols are supported, and
732.Xr ssh 1
733will act as a SOCKS server.
734Multiple forwardings may be specified, and
735additional forwardings can be given on the command line.
736Only the superuser can forward privileged ports.
737.It Cm EnableEscapeCommandline
738Enables the command line option in the
739.Cm EscapeChar
740menu for interactive sessions (default
741.Ql ~C ) .
742By default, the command line is disabled.
743.It Cm EnableSSHKeysign
744Setting this option to
745.Cm yes
746in the global client configuration file
747.Pa /etc/ssh/ssh_config
748enables the use of the helper program
749.Xr ssh-keysign 8
750during
751.Cm HostbasedAuthentication .
752The argument must be
753.Cm yes
754or
755.Cm no
756(the default).
757This option should be placed in the non-hostspecific section.
758See
759.Xr ssh-keysign 8
760for more information.
761.It Cm EscapeChar
762Sets the escape character (default:
763.Ql ~ ) .
764The escape character can also
765be set on the command line.
766The argument should be a single character,
767.Ql ^
768followed by a letter, or
769.Cm none
770to disable the escape
771character entirely (making the connection transparent for binary
772data).
773.It Cm ExitOnForwardFailure
774Specifies whether
775.Xr ssh 1
776should terminate the connection if it cannot set up all requested
777dynamic, tunnel, local, and remote port forwardings, (e.g.\&
778if either end is unable to bind and listen on a specified port).
779Note that
780.Cm ExitOnForwardFailure
781does not apply to connections made over port forwardings and will not,
782for example, cause
783.Xr ssh 1
784to exit if TCP connections to the ultimate forwarding destination fail.
785The argument must be
786.Cm yes
787or
788.Cm no
789(the default).
790.It Cm FingerprintHash
791Specifies the hash algorithm used when displaying key fingerprints.
792Valid options are:
793.Cm md5
794and
795.Cm sha256
796(the default).
797.It Cm ForkAfterAuthentication
798Requests
799.Nm ssh
800to go to background just before command execution.
801This is useful if
802.Nm ssh
803is going to ask for passwords or passphrases, but the user
804wants it in the background.
805This implies the
806.Cm StdinNull
807configuration option being set to
808.Dq yes .
809The recommended way to start X11 programs at a remote site is with
810something like
811.Ic ssh -f host xterm ,
812which is the same as
813.Ic ssh host xterm
814if the
815.Cm ForkAfterAuthentication
816configuration option is set to
817.Dq yes .
818.Pp
819If the
820.Cm ExitOnForwardFailure
821configuration option is set to
822.Dq yes ,
823then a client started with the
824.Cm ForkAfterAuthentication
825configuration option being set to
826.Dq yes
827will wait for all remote port forwards to be successfully established
828before placing itself in the background.
829The argument to this keyword must be
830.Cm yes
831(same as the
832.Fl f
833option) or
834.Cm no
835(the default).
836.It Cm ForwardAgent
837Specifies whether the connection to the authentication agent (if any)
838will be forwarded to the remote machine.
839The argument may be
840.Cm yes ,
841.Cm no
842(the default),
843an explicit path to an agent socket or the name of an environment variable
844(beginning with
845.Sq $ )
846in which to find the path.
847.Pp
848Agent forwarding should be enabled with caution.
849Users with the ability to bypass file permissions on the remote host
850(for the agent's Unix-domain socket)
851can access the local agent through the forwarded connection.
852An attacker cannot obtain key material from the agent,
853however they can perform operations on the keys that enable them to
854authenticate using the identities loaded into the agent.
855.It Cm ForwardX11
856Specifies whether X11 connections will be automatically redirected
857over the secure channel and
858.Ev DISPLAY
859set.
860The argument must be
861.Cm yes
862or
863.Cm no
864(the default).
865.Pp
866X11 forwarding should be enabled with caution.
867Users with the ability to bypass file permissions on the remote host
868(for the user's X11 authorization database)
869can access the local X11 display through the forwarded connection.
870An attacker may then be able to perform activities such as keystroke monitoring
871if the
872.Cm ForwardX11Trusted
873option is also enabled.
874.It Cm ForwardX11Timeout
875Specify a timeout for untrusted X11 forwarding
876using the format described in the
877.Sx TIME FORMATS
878section of
879.Xr sshd_config 5 .
880X11 connections received by
881.Xr ssh 1
882after this time will be refused.
883Setting
884.Cm ForwardX11Timeout
885to zero will disable the timeout and permit X11 forwarding for the life
886of the connection.
887The default is to disable untrusted X11 forwarding after twenty minutes has
888elapsed.
889.It Cm ForwardX11Trusted
890If this option is set to
891.Cm yes ,
892remote X11 clients will have full access to the original X11 display.
893.Pp
894If this option is set to
895.Cm no
896(the default),
897remote X11 clients will be considered untrusted and prevented
898from stealing or tampering with data belonging to trusted X11
899clients.
900Furthermore, the
901.Xr xauth 1
902token used for the session will be set to expire after 20 minutes.
903Remote clients will be refused access after this time.
904.Pp
905See the X11 SECURITY extension specification for full details on
906the restrictions imposed on untrusted clients.
907.It Cm GatewayPorts
908Specifies whether remote hosts are allowed to connect to local
909forwarded ports.
910By default,
911.Xr ssh 1
912binds local port forwardings to the loopback address.
913This prevents other remote hosts from connecting to forwarded ports.
914.Cm GatewayPorts
915can be used to specify that ssh
916should bind local port forwardings to the wildcard address,
917thus allowing remote hosts to connect to forwarded ports.
918The argument must be
919.Cm yes
920or
921.Cm no
922(the default).
923.It Cm GlobalKnownHostsFile
924Specifies one or more files to use for the global
925host key database, separated by whitespace.
926The default is
927.Pa /etc/ssh/ssh_known_hosts ,
928.Pa /etc/ssh/ssh_known_hosts2 .
929.It Cm GSSAPIAuthentication
930Specifies whether user authentication based on GSSAPI is allowed.
931The default is
932.Cm no .
933.It Cm GSSAPIDelegateCredentials
934Forward (delegate) credentials to the server.
935The default is
936.Cm no .
937.It Cm HashKnownHosts
938Indicates that
939.Xr ssh 1
940should hash host names and addresses when they are added to
941.Pa ~/.ssh/known_hosts .
942These hashed names may be used normally by
943.Xr ssh 1
944and
945.Xr sshd 8 ,
946but they do not visually reveal identifying information if the
947file's contents are disclosed.
948The default is
949.Cm no .
950Note that existing names and addresses in known hosts files
951will not be converted automatically,
952but may be manually hashed using
953.Xr ssh-keygen 1 .
954.It Cm HostbasedAcceptedAlgorithms
955Specifies the signature algorithms that will be used for hostbased
956authentication as a comma-separated list of patterns.
957Alternately if the specified list begins with a
958.Sq +
959character, then the specified signature algorithms will be appended
960to the default set instead of replacing them.
961If the specified list begins with a
962.Sq -
963character, then the specified signature algorithms (including wildcards)
964will be removed from the default set instead of replacing them.
965If the specified list begins with a
966.Sq ^
967character, then the specified signature algorithms will be placed
968at the head of the default set.
969The default for this option is:
970.Bd -literal -offset 3n
971ssh-ed25519-cert-v01@openssh.com,
972ecdsa-sha2-nistp256-cert-v01@openssh.com,
973ecdsa-sha2-nistp384-cert-v01@openssh.com,
974ecdsa-sha2-nistp521-cert-v01@openssh.com,
975sk-ssh-ed25519-cert-v01@openssh.com,
976sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,
977rsa-sha2-512-cert-v01@openssh.com,
978rsa-sha2-256-cert-v01@openssh.com,
979ssh-ed25519,
980ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
981sk-ssh-ed25519@openssh.com,
982sk-ecdsa-sha2-nistp256@openssh.com,
983rsa-sha2-512,rsa-sha2-256
984.Ed
985.Pp
986The
987.Fl Q
988option of
989.Xr ssh 1
990may be used to list supported signature algorithms.
991This was formerly named HostbasedKeyTypes.
992.It Cm HostbasedAuthentication
993Specifies whether to try rhosts based authentication with public key
994authentication.
995The argument must be
996.Cm yes
997or
998.Cm no
999(the default).
1000.It Cm HostKeyAlgorithms
1001Specifies the host key signature algorithms
1002that the client wants to use in order of preference.
1003Alternately if the specified list begins with a
1004.Sq +
1005character, then the specified signature algorithms will be appended to
1006the default set instead of replacing them.
1007If the specified list begins with a
1008.Sq -
1009character, then the specified signature algorithms (including wildcards)
1010will be removed from the default set instead of replacing them.
1011If the specified list begins with a
1012.Sq ^
1013character, then the specified signature algorithms will be placed
1014at the head of the default set.
1015The default for this option is:
1016.Bd -literal -offset 3n
1017ssh-ed25519-cert-v01@openssh.com,
1018ecdsa-sha2-nistp256-cert-v01@openssh.com,
1019ecdsa-sha2-nistp384-cert-v01@openssh.com,
1020ecdsa-sha2-nistp521-cert-v01@openssh.com,
1021sk-ssh-ed25519-cert-v01@openssh.com,
1022sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,
1023rsa-sha2-512-cert-v01@openssh.com,
1024rsa-sha2-256-cert-v01@openssh.com,
1025ssh-ed25519,
1026ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
1027sk-ecdsa-sha2-nistp256@openssh.com,
1028sk-ssh-ed25519@openssh.com,
1029rsa-sha2-512,rsa-sha2-256
1030.Ed
1031.Pp
1032If hostkeys are known for the destination host then this default is modified
1033to prefer their algorithms.
1034.Pp
1035The list of available signature algorithms may also be obtained using
1036.Qq ssh -Q HostKeyAlgorithms .
1037.It Cm HostKeyAlias
1038Specifies an alias that should be used instead of the
1039real host name when looking up or saving the host key
1040in the host key database files and when validating host certificates.
1041This option is useful for tunneling SSH connections
1042or for multiple servers running on a single host.
1043.It Cm Hostname
1044Specifies the real host name to log into.
1045This can be used to specify nicknames or abbreviations for hosts.
1046Arguments to
1047.Cm Hostname
1048accept the tokens described in the
1049.Sx TOKENS
1050section.
1051Numeric IP addresses are also permitted (both on the command line and in
1052.Cm Hostname
1053specifications).
1054The default is the name given on the command line.
1055.It Cm IdentitiesOnly
1056Specifies that
1057.Xr ssh 1
1058should only use the configured authentication identity and certificate files
1059(either the default files, or those explicitly configured in the
1060.Nm
1061files
1062or passed on the
1063.Xr ssh 1
1064command-line),
1065even if
1066.Xr ssh-agent 1
1067or a
1068.Cm PKCS11Provider
1069or
1070.Cm SecurityKeyProvider
1071offers more identities.
1072The argument to this keyword must be
1073.Cm yes
1074or
1075.Cm no
1076(the default).
1077This option is intended for situations where ssh-agent
1078offers many different identities.
1079.It Cm IdentityAgent
1080Specifies the
1081.Ux Ns -domain
1082socket used to communicate with the authentication agent.
1083.Pp
1084This option overrides the
1085.Ev SSH_AUTH_SOCK
1086environment variable and can be used to select a specific agent.
1087Setting the socket name to
1088.Cm none
1089disables the use of an authentication agent.
1090If the string
1091.Qq SSH_AUTH_SOCK
1092is specified, the location of the socket will be read from the
1093.Ev SSH_AUTH_SOCK
1094environment variable.
1095Otherwise if the specified value begins with a
1096.Sq $
1097character, then it will be treated as an environment variable containing
1098the location of the socket.
1099.Pp
1100Arguments to
1101.Cm IdentityAgent
1102may use the tilde syntax to refer to a user's home directory,
1103the tokens described in the
1104.Sx TOKENS
1105section and environment variables as described in the
1106.Sx ENVIRONMENT VARIABLES
1107section.
1108.It Cm IdentityFile
1109Specifies a file from which the user's DSA, ECDSA, authenticator-hosted ECDSA,
1110Ed25519, authenticator-hosted Ed25519 or RSA authentication identity is read.
1111You can also specify a public key file to use the corresponding
1112private key that is loaded in
1113.Xr ssh-agent 1
1114when the private key file is not present locally.
1115The default is
1116.Pa ~/.ssh/id_rsa ,
1117.Pa ~/.ssh/id_ecdsa ,
1118.Pa ~/.ssh/id_ecdsa_sk ,
1119.Pa ~/.ssh/id_ed25519 ,
1120.Pa ~/.ssh/id_ed25519_sk
1121and
1122.Pa ~/.ssh/id_dsa .
1123Additionally, any identities represented by the authentication agent
1124will be used for authentication unless
1125.Cm IdentitiesOnly
1126is set.
1127If no certificates have been explicitly specified by
1128.Cm CertificateFile ,
1129.Xr ssh 1
1130will try to load certificate information from the filename obtained by
1131appending
1132.Pa -cert.pub
1133to the path of a specified
1134.Cm IdentityFile .
1135.Pp
1136Arguments to
1137.Cm IdentityFile
1138may use the tilde syntax to refer to a user's home directory
1139or the tokens described in the
1140.Sx TOKENS
1141section.
1142Alternately an argument of
1143.Cm none
1144may be used to indicate no identity files should be loaded.
1145.Pp
1146It is possible to have
1147multiple identity files specified in configuration files; all these
1148identities will be tried in sequence.
1149Multiple
1150.Cm IdentityFile
1151directives will add to the list of identities tried (this behaviour
1152differs from that of other configuration directives).
1153.Pp
1154.Cm IdentityFile
1155may be used in conjunction with
1156.Cm IdentitiesOnly
1157to select which identities in an agent are offered during authentication.
1158.Cm IdentityFile
1159may also be used in conjunction with
1160.Cm CertificateFile
1161in order to provide any certificate also needed for authentication with
1162the identity.
1163.It Cm IgnoreUnknown
1164Specifies a pattern-list of unknown options to be ignored if they are
1165encountered in configuration parsing.
1166This may be used to suppress errors if
1167.Nm
1168contains options that are unrecognised by
1169.Xr ssh 1 .
1170It is recommended that
1171.Cm IgnoreUnknown
1172be listed early in the configuration file as it will not be applied
1173to unknown options that appear before it.
1174.It Cm Include
1175Include the specified configuration file(s).
1176Multiple pathnames may be specified and each pathname may contain
1177.Xr glob 7
1178wildcards and, for user configurations, shell-like
1179.Sq ~
1180references to user home directories.
1181Wildcards will be expanded and processed in lexical order.
1182Files without absolute paths are assumed to be in
1183.Pa ~/.ssh
1184if included in a user configuration file or
1185.Pa /etc/ssh
1186if included from the system configuration file.
1187.Cm Include
1188directive may appear inside a
1189.Cm Match
1190or
1191.Cm Host
1192block
1193to perform conditional inclusion.
1194.It Cm IPQoS
1195Specifies the IPv4 type-of-service or DSCP class for connections.
1196Accepted values are
1197.Cm af11 ,
1198.Cm af12 ,
1199.Cm af13 ,
1200.Cm af21 ,
1201.Cm af22 ,
1202.Cm af23 ,
1203.Cm af31 ,
1204.Cm af32 ,
1205.Cm af33 ,
1206.Cm af41 ,
1207.Cm af42 ,
1208.Cm af43 ,
1209.Cm cs0 ,
1210.Cm cs1 ,
1211.Cm cs2 ,
1212.Cm cs3 ,
1213.Cm cs4 ,
1214.Cm cs5 ,
1215.Cm cs6 ,
1216.Cm cs7 ,
1217.Cm ef ,
1218.Cm le ,
1219.Cm lowdelay ,
1220.Cm throughput ,
1221.Cm reliability ,
1222a numeric value, or
1223.Cm none
1224to use the operating system default.
1225This option may take one or two arguments, separated by whitespace.
1226If one argument is specified, it is used as the packet class unconditionally.
1227If two values are specified, the first is automatically selected for
1228interactive sessions and the second for non-interactive sessions.
1229The default is
1230.Cm af21
1231(Low-Latency Data)
1232for interactive sessions and
1233.Cm cs1
1234(Lower Effort)
1235for non-interactive sessions.
1236.It Cm KbdInteractiveAuthentication
1237Specifies whether to use keyboard-interactive authentication.
1238The argument to this keyword must be
1239.Cm yes
1240(the default)
1241or
1242.Cm no .
1243.Cm ChallengeResponseAuthentication
1244is a deprecated alias for this.
1245.It Cm KbdInteractiveDevices
1246Specifies the list of methods to use in keyboard-interactive authentication.
1247Multiple method names must be comma-separated.
1248The default is to use the server specified list.
1249The methods available vary depending on what the server supports.
1250For an OpenSSH server,
1251it may be zero or more of:
1252.Cm bsdauth
1253and
1254.Cm pam .
1255.It Cm KexAlgorithms
1256Specifies the available KEX (Key Exchange) algorithms.
1257Multiple algorithms must be comma-separated.
1258If the specified list begins with a
1259.Sq +
1260character, then the specified algorithms will be appended to the default set
1261instead of replacing them.
1262If the specified list begins with a
1263.Sq -
1264character, then the specified algorithms (including wildcards) will be removed
1265from the default set instead of replacing them.
1266If the specified list begins with a
1267.Sq ^
1268character, then the specified algorithms will be placed at the head of the
1269default set.
1270The default is:
1271.Bd -literal -offset indent
1272sntrup761x25519-sha512@openssh.com,
1273curve25519-sha256,curve25519-sha256@libssh.org,
1274ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,
1275diffie-hellman-group-exchange-sha256,
1276diffie-hellman-group16-sha512,
1277diffie-hellman-group18-sha512,
1278diffie-hellman-group14-sha256
1279.Ed
1280.Pp
1281The list of available key exchange algorithms may also be obtained using
1282.Qq ssh -Q kex .
1283.It Cm KnownHostsCommand
1284Specifies a command to use to obtain a list of host keys, in addition to
1285those listed in
1286.Cm UserKnownHostsFile
1287and
1288.Cm GlobalKnownHostsFile .
1289This command is executed after the files have been read.
1290It may write host key lines to standard output in identical format to the
1291usual files (described in the
1292.Sx VERIFYING HOST KEYS
1293section in
1294.Xr ssh 1 ) .
1295Arguments to
1296.Cm KnownHostsCommand
1297accept the tokens described in the
1298.Sx TOKENS
1299section.
1300The command may be invoked multiple times per connection: once when preparing
1301the preference list of host key algorithms to use, again to obtain the
1302host key for the requested host name and, if
1303.Cm CheckHostIP
1304is enabled, one more time to obtain the host key matching the server's
1305address.
1306If the command exits abnormally or returns a non-zero exit status then the
1307connection is terminated.
1308.It Cm LocalCommand
1309Specifies a command to execute on the local machine after successfully
1310connecting to the server.
1311The command string extends to the end of the line, and is executed with
1312the user's shell.
1313Arguments to
1314.Cm LocalCommand
1315accept the tokens described in the
1316.Sx TOKENS
1317section.
1318.Pp
1319The command is run synchronously and does not have access to the
1320session of the
1321.Xr ssh 1
1322that spawned it.
1323It should not be used for interactive commands.
1324.Pp
1325This directive is ignored unless
1326.Cm PermitLocalCommand
1327has been enabled.
1328.It Cm LocalForward
1329Specifies that a TCP port on the local machine be forwarded over
1330the secure channel to the specified host and port from the remote machine.
1331The first argument specifies the listener and may be
1332.Sm off
1333.Oo Ar bind_address : Oc Ar port
1334.Sm on
1335or a Unix domain socket path.
1336The second argument is the destination and may be
1337.Ar host : Ns Ar hostport
1338or a Unix domain socket path if the remote host supports it.
1339.Pp
1340IPv6 addresses can be specified by enclosing addresses in square brackets.
1341Multiple forwardings may be specified, and additional forwardings can be
1342given on the command line.
1343Only the superuser can forward privileged ports.
1344By default, the local port is bound in accordance with the
1345.Cm GatewayPorts
1346setting.
1347However, an explicit
1348.Ar bind_address
1349may be used to bind the connection to a specific address.
1350The
1351.Ar bind_address
1352of
1353.Cm localhost
1354indicates that the listening port be bound for local use only, while an
1355empty address or
1356.Sq *
1357indicates that the port should be available from all interfaces.
1358Unix domain socket paths may use the tokens described in the
1359.Sx TOKENS
1360section and environment variables as described in the
1361.Sx ENVIRONMENT VARIABLES
1362section.
1363.It Cm LogLevel
1364Gives the verbosity level that is used when logging messages from
1365.Xr ssh 1 .
1366The possible values are:
1367QUIET, FATAL, ERROR, INFO, VERBOSE, DEBUG, DEBUG1, DEBUG2, and DEBUG3.
1368The default is INFO.
1369DEBUG and DEBUG1 are equivalent.
1370DEBUG2 and DEBUG3 each specify higher levels of verbose output.
1371.It Cm LogVerbose
1372Specify one or more overrides to LogLevel.
1373An override consists of a pattern lists that matches the source file, function
1374and line number to force detailed logging for.
1375For example, an override pattern of:
1376.Bd -literal -offset indent
1377kex.c:*:1000,*:kex_exchange_identification():*,packet.c:*
1378.Ed
1379.Pp
1380would enable detailed logging for line 1000 of
1381.Pa kex.c ,
1382everything in the
1383.Fn kex_exchange_identification
1384function, and all code in the
1385.Pa packet.c
1386file.
1387This option is intended for debugging and no overrides are enabled by default.
1388.It Cm MACs
1389Specifies the MAC (message authentication code) algorithms
1390in order of preference.
1391The MAC algorithm is used for data integrity protection.
1392Multiple algorithms must be comma-separated.
1393If the specified list begins with a
1394.Sq +
1395character, then the specified algorithms will be appended to the default set
1396instead of replacing them.
1397If the specified list begins with a
1398.Sq -
1399character, then the specified algorithms (including wildcards) will be removed
1400from the default set instead of replacing them.
1401If the specified list begins with a
1402.Sq ^
1403character, then the specified algorithms will be placed at the head of the
1404default set.
1405.Pp
1406The algorithms that contain
1407.Qq -etm
1408calculate the MAC after encryption (encrypt-then-mac).
1409These are considered safer and their use recommended.
1410.Pp
1411The default is:
1412.Bd -literal -offset indent
1413umac-64-etm@openssh.com,umac-128-etm@openssh.com,
1414hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,
1415hmac-sha1-etm@openssh.com,
1416umac-64@openssh.com,umac-128@openssh.com,
1417hmac-sha2-256,hmac-sha2-512,hmac-sha1
1418.Ed
1419.Pp
1420The list of available MAC algorithms may also be obtained using
1421.Qq ssh -Q mac .
1422.It Cm NoHostAuthenticationForLocalhost
1423Disable host authentication for localhost (loopback addresses).
1424The argument to this keyword must be
1425.Cm yes
1426or
1427.Cm no
1428(the default).
1429.It Cm NumberOfPasswordPrompts
1430Specifies the number of password prompts before giving up.
1431The argument to this keyword must be an integer.
1432The default is 3.
1433.It Cm ObscureKeystrokeTiming
1434Specifies whether
1435.Xr ssh 1
1436should try to obscure inter-keystroke timings from passive observers of
1437network traffic.
1438If enabled, then for interactive sessions,
1439.Xr ssh 1
1440will send keystrokes at fixed intervals of a few tens of milliseconds
1441and will send fake keystroke packets for some time after typing ceases.
1442The argument to this keyword must be
1443.Cm yes ,
1444.Cm no
1445or an interval specifier of the form
1446.Cm interval:milliseconds
1447(e.g.\&
1448.Cm interval:80
1449for 80 milliseconds).
1450The default is to obscure keystrokes using a 20ms packet interval.
1451Note that smaller intervals will result in higher fake keystroke packet rates.
1452.It Cm PasswordAuthentication
1453Specifies whether to use password authentication.
1454The argument to this keyword must be
1455.Cm yes
1456(the default)
1457or
1458.Cm no .
1459.It Cm PermitLocalCommand
1460Allow local command execution via the
1461.Ic LocalCommand
1462option or using the
1463.Ic !\& Ns Ar command
1464escape sequence in
1465.Xr ssh 1 .
1466The argument must be
1467.Cm yes
1468or
1469.Cm no
1470(the default).
1471.It Cm PermitRemoteOpen
1472Specifies the destinations to which remote TCP port forwarding is permitted when
1473.Cm RemoteForward
1474is used as a SOCKS proxy.
1475The forwarding specification must be one of the following forms:
1476.Pp
1477.Bl -item -offset indent -compact
1478.It
1479.Cm PermitRemoteOpen
1480.Sm off
1481.Ar host : port
1482.Sm on
1483.It
1484.Cm PermitRemoteOpen
1485.Sm off
1486.Ar IPv4_addr : port
1487.Sm on
1488.It
1489.Cm PermitRemoteOpen
1490.Sm off
1491.Ar \&[ IPv6_addr \&] : port
1492.Sm on
1493.El
1494.Pp
1495Multiple forwards may be specified by separating them with whitespace.
1496An argument of
1497.Cm any
1498can be used to remove all restrictions and permit any forwarding requests.
1499An argument of
1500.Cm none
1501can be used to prohibit all forwarding requests.
1502The wildcard
1503.Sq *
1504can be used for host or port to allow all hosts or ports respectively.
1505Otherwise, no pattern matching or address lookups are performed on supplied
1506names.
1507.It Cm PKCS11Provider
1508Specifies which PKCS#11 provider to use or
1509.Cm none
1510to indicate that no provider should be used (the default).
1511The argument to this keyword is a path to the PKCS#11 shared library
1512.Xr ssh 1
1513should use to communicate with a PKCS#11 token providing keys for user
1514authentication.
1515.It Cm Port
1516Specifies the port number to connect on the remote host.
1517The default is 22.
1518.It Cm PreferredAuthentications
1519Specifies the order in which the client should try authentication methods.
1520This allows a client to prefer one method (e.g.\&
1521.Cm keyboard-interactive )
1522over another method (e.g.\&
1523.Cm password ) .
1524The default is:
1525.Bd -literal -offset indent
1526gssapi-with-mic,hostbased,publickey,
1527keyboard-interactive,password
1528.Ed
1529.It Cm ProxyCommand
1530Specifies the command to use to connect to the server.
1531The command
1532string extends to the end of the line, and is executed
1533using the user's shell
1534.Ql exec
1535directive to avoid a lingering shell process.
1536.Pp
1537Arguments to
1538.Cm ProxyCommand
1539accept the tokens described in the
1540.Sx TOKENS
1541section.
1542The command can be basically anything,
1543and should read from its standard input and write to its standard output.
1544It should eventually connect an
1545.Xr sshd 8
1546server running on some machine, or execute
1547.Ic sshd -i
1548somewhere.
1549Host key management will be done using the
1550.Cm Hostname
1551of the host being connected (defaulting to the name typed by the user).
1552Setting the command to
1553.Cm none
1554disables this option entirely.
1555Note that
1556.Cm CheckHostIP
1557is not available for connects with a proxy command.
1558.Pp
1559This directive is useful in conjunction with
1560.Xr nc 1
1561and its proxy support.
1562For example, the following directive would connect via an HTTP proxy at
1563192.0.2.0:
1564.Bd -literal -offset 3n
1565ProxyCommand /usr/bin/nc -X connect -x 192.0.2.0:8080 %h %p
1566.Ed
1567.It Cm ProxyJump
1568Specifies one or more jump proxies as either
1569.Xo
1570.Sm off
1571.Op Ar user No @
1572.Ar host
1573.Op : Ns Ar port
1574.Sm on
1575or an ssh URI
1576.Xc .
1577Multiple proxies may be separated by comma characters and will be visited
1578sequentially.
1579Setting this option will cause
1580.Xr ssh 1
1581to connect to the target host by first making a
1582.Xr ssh 1
1583connection to the specified
1584.Cm ProxyJump
1585host and then establishing a
1586TCP forwarding to the ultimate target from there.
1587Setting the host to
1588.Cm none
1589disables this option entirely.
1590.Pp
1591Note that this option will compete with the
1592.Cm ProxyCommand
1593option - whichever is specified first will prevent later instances of the
1594other from taking effect.
1595.Pp
1596Note also that the configuration for the destination host (either supplied
1597via the command-line or the configuration file) is not generally applied
1598to jump hosts.
1599.Pa ~/.ssh/config
1600should be used if specific configuration is required for jump hosts.
1601.It Cm ProxyUseFdpass
1602Specifies that
1603.Cm ProxyCommand
1604will pass a connected file descriptor back to
1605.Xr ssh 1
1606instead of continuing to execute and pass data.
1607The default is
1608.Cm no .
1609.It Cm PubkeyAcceptedAlgorithms
1610Specifies the signature algorithms that will be used for public key
1611authentication as a comma-separated list of patterns.
1612If the specified list begins with a
1613.Sq +
1614character, then the algorithms after it will be appended to the default
1615instead of replacing it.
1616If the specified list begins with a
1617.Sq -
1618character, then the specified algorithms (including wildcards) will be removed
1619from the default set instead of replacing them.
1620If the specified list begins with a
1621.Sq ^
1622character, then the specified algorithms will be placed at the head of the
1623default set.
1624The default for this option is:
1625.Bd -literal -offset 3n
1626ssh-ed25519-cert-v01@openssh.com,
1627ecdsa-sha2-nistp256-cert-v01@openssh.com,
1628ecdsa-sha2-nistp384-cert-v01@openssh.com,
1629ecdsa-sha2-nistp521-cert-v01@openssh.com,
1630sk-ssh-ed25519-cert-v01@openssh.com,
1631sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,
1632rsa-sha2-512-cert-v01@openssh.com,
1633rsa-sha2-256-cert-v01@openssh.com,
1634ssh-ed25519,
1635ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
1636sk-ssh-ed25519@openssh.com,
1637sk-ecdsa-sha2-nistp256@openssh.com,
1638rsa-sha2-512,rsa-sha2-256
1639.Ed
1640.Pp
1641The list of available signature algorithms may also be obtained using
1642.Qq ssh -Q PubkeyAcceptedAlgorithms .
1643.It Cm PubkeyAuthentication
1644Specifies whether to try public key authentication.
1645The argument to this keyword must be
1646.Cm yes
1647(the default),
1648.Cm no ,
1649.Cm unbound
1650or
1651.Cm host-bound .
1652The final two options enable public key authentication while respectively
1653disabling or enabling the OpenSSH host-bound authentication protocol
1654extension required for restricted
1655.Xr ssh-agent 1
1656forwarding.
1657.It Cm RekeyLimit
1658Specifies the maximum amount of data that may be transmitted or received
1659before the session key is renegotiated, optionally followed by a maximum
1660amount of time that may pass before the session key is renegotiated.
1661The first argument is specified in bytes and may have a suffix of
1662.Sq K ,
1663.Sq M ,
1664or
1665.Sq G
1666to indicate Kilobytes, Megabytes, or Gigabytes, respectively.
1667The default is between
1668.Sq 1G
1669and
1670.Sq 4G ,
1671depending on the cipher.
1672The optional second value is specified in seconds and may use any of the
1673units documented in the TIME FORMATS section of
1674.Xr sshd_config 5 .
1675The default value for
1676.Cm RekeyLimit
1677is
1678.Cm default none ,
1679which means that rekeying is performed after the cipher's default amount
1680of data has been sent or received and no time based rekeying is done.
1681.It Cm RemoteCommand
1682Specifies a command to execute on the remote machine after successfully
1683connecting to the server.
1684The command string extends to the end of the line, and is executed with
1685the user's shell.
1686Arguments to
1687.Cm RemoteCommand
1688accept the tokens described in the
1689.Sx TOKENS
1690section.
1691.It Cm RemoteForward
1692Specifies that a TCP port on the remote machine be forwarded over
1693the secure channel.
1694The remote port may either be forwarded to a specified host and port
1695from the local machine, or may act as a SOCKS 4/5 proxy that allows a remote
1696client to connect to arbitrary destinations from the local machine.
1697The first argument is the listening specification and may be
1698.Sm off
1699.Oo Ar bind_address : Oc Ar port
1700.Sm on
1701or, if the remote host supports it, a Unix domain socket path.
1702If forwarding to a specific destination then the second argument must be
1703.Ar host : Ns Ar hostport
1704or a Unix domain socket path,
1705otherwise if no destination argument is specified then the remote forwarding
1706will be established as a SOCKS proxy.
1707When acting as a SOCKS proxy, the destination of the connection can be
1708restricted by
1709.Cm PermitRemoteOpen .
1710.Pp
1711IPv6 addresses can be specified by enclosing addresses in square brackets.
1712Multiple forwardings may be specified, and additional
1713forwardings can be given on the command line.
1714Privileged ports can be forwarded only when
1715logging in as root on the remote machine.
1716Unix domain socket paths may use the tokens described in the
1717.Sx TOKENS
1718section and environment variables as described in the
1719.Sx ENVIRONMENT VARIABLES
1720section.
1721.Pp
1722If the
1723.Ar port
1724argument is 0,
1725the listen port will be dynamically allocated on the server and reported
1726to the client at run time.
1727.Pp
1728If the
1729.Ar bind_address
1730is not specified, the default is to only bind to loopback addresses.
1731If the
1732.Ar bind_address
1733is
1734.Ql *
1735or an empty string, then the forwarding is requested to listen on all
1736interfaces.
1737Specifying a remote
1738.Ar bind_address
1739will only succeed if the server's
1740.Cm GatewayPorts
1741option is enabled (see
1742.Xr sshd_config 5 ) .
1743.It Cm RequestTTY
1744Specifies whether to request a pseudo-tty for the session.
1745The argument may be one of:
1746.Cm no
1747(never request a TTY),
1748.Cm yes
1749(always request a TTY when standard input is a TTY),
1750.Cm force
1751(always request a TTY) or
1752.Cm auto
1753(request a TTY when opening a login session).
1754This option mirrors the
1755.Fl t
1756and
1757.Fl T
1758flags for
1759.Xr ssh 1 .
1760.It Cm RequiredRSASize
1761Specifies the minimum RSA key size (in bits) that
1762.Xr ssh 1
1763will accept.
1764User authentication keys smaller than this limit will be ignored.
1765Servers that present host keys smaller than this limit will cause the
1766connection to be terminated.
1767The default is
1768.Cm 1024
1769bits.
1770Note that this limit may only be raised from the default.
1771.It Cm RevokedHostKeys
1772Specifies revoked host public keys.
1773Keys listed in this file will be refused for host authentication.
1774Note that if this file does not exist or is not readable,
1775then host authentication will be refused for all hosts.
1776Keys may be specified as a text file, listing one public key per line, or as
1777an OpenSSH Key Revocation List (KRL) as generated by
1778.Xr ssh-keygen 1 .
1779For more information on KRLs, see the KEY REVOCATION LISTS section in
1780.Xr ssh-keygen 1 .
1781Arguments to
1782.Cm RevokedHostKeys
1783may use the tilde syntax to refer to a user's home directory,
1784the tokens described in the
1785.Sx TOKENS
1786section and environment variables as described in the
1787.Sx ENVIRONMENT VARIABLES
1788section.
1789.It Cm SecurityKeyProvider
1790Specifies a path to a library that will be used when loading any
1791FIDO authenticator-hosted keys, overriding the default of using
1792the built-in USB HID support.
1793.Pp
1794If the specified value begins with a
1795.Sq $
1796character, then it will be treated as an environment variable containing
1797the path to the library.
1798.It Cm SendEnv
1799Specifies what variables from the local
1800.Xr environ 7
1801should be sent to the server.
1802The server must also support it, and the server must be configured to
1803accept these environment variables.
1804Note that the
1805.Ev TERM
1806environment variable is always sent whenever a
1807pseudo-terminal is requested as it is required by the protocol.
1808Refer to
1809.Cm AcceptEnv
1810in
1811.Xr sshd_config 5
1812for how to configure the server.
1813Variables are specified by name, which may contain wildcard characters.
1814Multiple environment variables may be separated by whitespace or spread
1815across multiple
1816.Cm SendEnv
1817directives.
1818.Pp
1819See
1820.Sx PATTERNS
1821for more information on patterns.
1822.Pp
1823It is possible to clear previously set
1824.Cm SendEnv
1825variable names by prefixing patterns with
1826.Pa - .
1827The default is not to send any environment variables.
1828.It Cm ServerAliveCountMax
1829Sets the number of server alive messages (see below) which may be
1830sent without
1831.Xr ssh 1
1832receiving any messages back from the server.
1833If this threshold is reached while server alive messages are being sent,
1834ssh will disconnect from the server, terminating the session.
1835It is important to note that the use of server alive messages is very
1836different from
1837.Cm TCPKeepAlive
1838(below).
1839The server alive messages are sent through the encrypted channel
1840and therefore will not be spoofable.
1841The TCP keepalive option enabled by
1842.Cm TCPKeepAlive
1843is spoofable.
1844The server alive mechanism is valuable when the client or
1845server depend on knowing when a connection has become unresponsive.
1846.Pp
1847The default value is 3.
1848If, for example,
1849.Cm ServerAliveInterval
1850(see below) is set to 15 and
1851.Cm ServerAliveCountMax
1852is left at the default, if the server becomes unresponsive,
1853ssh will disconnect after approximately 45 seconds.
1854.It Cm ServerAliveInterval
1855Sets a timeout interval in seconds after which if no data has been received
1856from the server,
1857.Xr ssh 1
1858will send a message through the encrypted
1859channel to request a response from the server.
1860The default
1861is 0, indicating that these messages will not be sent to the server.
1862.It Cm SessionType
1863May be used to either request invocation of a subsystem on the remote system,
1864or to prevent the execution of a remote command at all.
1865The latter is useful for just forwarding ports.
1866The argument to this keyword must be
1867.Cm none
1868(same as the
1869.Fl N
1870option),
1871.Cm subsystem
1872(same as the
1873.Fl s
1874option) or
1875.Cm default
1876(shell or command execution).
1877.It Cm SetEnv
1878Directly specify one or more environment variables and their contents to
1879be sent to the server.
1880Similarly to
1881.Cm SendEnv ,
1882with the exception of the
1883.Ev TERM
1884variable, the server must be prepared to accept the environment variable.
1885.It Cm StdinNull
1886Redirects stdin from
1887.Pa /dev/null
1888(actually, prevents reading from stdin).
1889Either this or the equivalent
1890.Fl n
1891option must be used when
1892.Nm ssh
1893is run in the background.
1894The argument to this keyword must be
1895.Cm yes
1896(same as the
1897.Fl n
1898option) or
1899.Cm no
1900(the default).
1901.It Cm StreamLocalBindMask
1902Sets the octal file creation mode mask
1903.Pq umask
1904used when creating a Unix-domain socket file for local or remote
1905port forwarding.
1906This option is only used for port forwarding to a Unix-domain socket file.
1907.Pp
1908The default value is 0177, which creates a Unix-domain socket file that is
1909readable and writable only by the owner.
1910Note that not all operating systems honor the file mode on Unix-domain
1911socket files.
1912.It Cm StreamLocalBindUnlink
1913Specifies whether to remove an existing Unix-domain socket file for local
1914or remote port forwarding before creating a new one.
1915If the socket file already exists and
1916.Cm StreamLocalBindUnlink
1917is not enabled,
1918.Nm ssh
1919will be unable to forward the port to the Unix-domain socket file.
1920This option is only used for port forwarding to a Unix-domain socket file.
1921.Pp
1922The argument must be
1923.Cm yes
1924or
1925.Cm no
1926(the default).
1927.It Cm StrictHostKeyChecking
1928If this flag is set to
1929.Cm yes ,
1930.Xr ssh 1
1931will never automatically add host keys to the
1932.Pa ~/.ssh/known_hosts
1933file, and refuses to connect to hosts whose host key has changed.
1934This provides maximum protection against man-in-the-middle (MITM) attacks,
1935though it can be annoying when the
1936.Pa /etc/ssh/ssh_known_hosts
1937file is poorly maintained or when connections to new hosts are
1938frequently made.
1939This option forces the user to manually
1940add all new hosts.
1941.Pp
1942If this flag is set to
1943.Cm accept-new
1944then ssh will automatically add new host keys to the user's
1945.Pa known_hosts
1946file, but will not permit connections to hosts with
1947changed host keys.
1948If this flag is set to
1949.Cm no
1950or
1951.Cm off ,
1952ssh will automatically add new host keys to the user known hosts files
1953and allow connections to hosts with changed hostkeys to proceed,
1954subject to some restrictions.
1955If this flag is set to
1956.Cm ask
1957(the default),
1958new host keys
1959will be added to the user known host files only after the user
1960has confirmed that is what they really want to do, and
1961ssh will refuse to connect to hosts whose host key has changed.
1962The host keys of
1963known hosts will be verified automatically in all cases.
1964.It Cm SyslogFacility
1965Gives the facility code that is used when logging messages from
1966.Xr ssh 1 .
1967The possible values are: DAEMON, USER, AUTH, LOCAL0, LOCAL1, LOCAL2,
1968LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7.
1969The default is USER.
1970.It Cm TCPKeepAlive
1971Specifies whether the system should send TCP keepalive messages to the
1972other side.
1973If they are sent, death of the connection or crash of one
1974of the machines will be properly noticed.
1975However, this means that
1976connections will die if the route is down temporarily, and some people
1977find it annoying.
1978.Pp
1979The default is
1980.Cm yes
1981(to send TCP keepalive messages), and the client will notice
1982if the network goes down or the remote host dies.
1983This is important in scripts, and many users want it too.
1984.Pp
1985To disable TCP keepalive messages, the value should be set to
1986.Cm no .
1987See also
1988.Cm ServerAliveInterval
1989for protocol-level keepalives.
1990.It Cm Tag
1991Specify a configuration tag name that may be later used by a
1992.Cm Match
1993directive to select a block of configuration.
1994.It Cm Tunnel
1995Request
1996.Xr tun 4
1997device forwarding between the client and the server.
1998The argument must be
1999.Cm yes ,
2000.Cm point-to-point
2001(layer 3),
2002.Cm ethernet
2003(layer 2),
2004or
2005.Cm no
2006(the default).
2007Specifying
2008.Cm yes
2009requests the default tunnel mode, which is
2010.Cm point-to-point .
2011.It Cm TunnelDevice
2012Specifies the
2013.Xr tun 4
2014devices to open on the client
2015.Pq Ar local_tun
2016and the server
2017.Pq Ar remote_tun .
2018.Pp
2019The argument must be
2020.Sm off
2021.Ar local_tun Op : Ar remote_tun .
2022.Sm on
2023The devices may be specified by numerical ID or the keyword
2024.Cm any ,
2025which uses the next available tunnel device.
2026If
2027.Ar remote_tun
2028is not specified, it defaults to
2029.Cm any .
2030The default is
2031.Cm any:any .
2032.It Cm UpdateHostKeys
2033Specifies whether
2034.Xr ssh 1
2035should accept notifications of additional hostkeys from the server sent
2036after authentication has completed and add them to
2037.Cm UserKnownHostsFile .
2038The argument must be
2039.Cm yes ,
2040.Cm no
2041or
2042.Cm ask .
2043This option allows learning alternate hostkeys for a server
2044and supports graceful key rotation by allowing a server to send replacement
2045public keys before old ones are removed.
2046.Pp
2047Additional hostkeys are only accepted if the key used to authenticate the
2048host was already trusted or explicitly accepted by the user, the host was
2049authenticated via
2050.Cm UserKnownHostsFile
2051(i.e. not
2052.Cm GlobalKnownHostsFile )
2053and the host was authenticated using a plain key and not a certificate.
2054.Pp
2055.Cm UpdateHostKeys
2056is enabled by default if the user has not overridden the default
2057.Cm UserKnownHostsFile
2058setting and has not enabled
2059.Cm VerifyHostKeyDNS ,
2060otherwise
2061.Cm UpdateHostKeys
2062will be set to
2063.Cm no .
2064.Pp
2065If
2066.Cm UpdateHostKeys
2067is set to
2068.Cm ask ,
2069then the user is asked to confirm the modifications to the known_hosts file.
2070Confirmation is currently incompatible with
2071.Cm ControlPersist ,
2072and will be disabled if it is enabled.
2073.Pp
2074Presently, only
2075.Xr sshd 8
2076from OpenSSH 6.8 and greater support the
2077.Qq hostkeys@openssh.com
2078protocol extension used to inform the client of all the server's hostkeys.
2079.It Cm User
2080Specifies the user to log in as.
2081This can be useful when a different user name is used on different machines.
2082This saves the trouble of
2083having to remember to give the user name on the command line.
2084.It Cm UserKnownHostsFile
2085Specifies one or more files to use for the user
2086host key database, separated by whitespace.
2087Each filename may use tilde notation to refer to the user's home directory,
2088the tokens described in the
2089.Sx TOKENS
2090section and environment variables as described in the
2091.Sx ENVIRONMENT VARIABLES
2092section.
2093A value of
2094.Cm none
2095causes
2096.Xr ssh 1
2097to ignore any user-specific known hosts files.
2098The default is
2099.Pa ~/.ssh/known_hosts ,
2100.Pa ~/.ssh/known_hosts2 .
2101.It Cm VerifyHostKeyDNS
2102Specifies whether to verify the remote key using DNS and SSHFP resource
2103records.
2104If this option is set to
2105.Cm yes ,
2106the client will implicitly trust keys that match a secure fingerprint
2107from DNS.
2108Insecure fingerprints will be handled as if this option was set to
2109.Cm ask .
2110If this option is set to
2111.Cm ask ,
2112information on fingerprint match will be displayed, but the user will still
2113need to confirm new host keys according to the
2114.Cm StrictHostKeyChecking
2115option.
2116The default is
2117.Cm no .
2118.Pp
2119See also
2120.Sx VERIFYING HOST KEYS
2121in
2122.Xr ssh 1 .
2123.It Cm VisualHostKey
2124If this flag is set to
2125.Cm yes ,
2126an ASCII art representation of the remote host key fingerprint is
2127printed in addition to the fingerprint string at login and
2128for unknown host keys.
2129If this flag is set to
2130.Cm no
2131(the default),
2132no fingerprint strings are printed at login and
2133only the fingerprint string will be printed for unknown host keys.
2134.It Cm XAuthLocation
2135Specifies the full pathname of the
2136.Xr xauth 1
2137program.
2138The default is
2139.Pa /usr/local/bin/xauth .
2140.El
2141.Sh PATTERNS
2142A
2143.Em pattern
2144consists of zero or more non-whitespace characters,
2145.Sq *
2146(a wildcard that matches zero or more characters),
2147or
2148.Sq ?\&
2149(a wildcard that matches exactly one character).
2150For example, to specify a set of declarations for any host in the
2151.Qq .co.uk
2152set of domains,
2153the following pattern could be used:
2154.Pp
2155.Dl Host *.co.uk
2156.Pp
2157The following pattern
2158would match any host in the 192.168.0.[0-9] network range:
2159.Pp
2160.Dl Host 192.168.0.?
2161.Pp
2162A
2163.Em pattern-list
2164is a comma-separated list of patterns.
2165Patterns within pattern-lists may be negated
2166by preceding them with an exclamation mark
2167.Pq Sq !\& .
2168For example,
2169to allow a key to be used from anywhere within an organization
2170except from the
2171.Qq dialup
2172pool,
2173the following entry (in authorized_keys) could be used:
2174.Pp
2175.Dl from=\&"!*.dialup.example.com,*.example.com\&"
2176.Pp
2177Note that a negated match will never produce a positive result by itself.
2178For example, attempting to match
2179.Qq host3
2180against the following pattern-list will fail:
2181.Pp
2182.Dl from=\&"!host1,!host2\&"
2183.Pp
2184The solution here is to include a term that will yield a positive match,
2185such as a wildcard:
2186.Pp
2187.Dl from=\&"!host1,!host2,*\&"
2188.Sh TOKENS
2189Arguments to some keywords can make use of tokens,
2190which are expanded at runtime:
2191.Pp
2192.Bl -tag -width XXXX -offset indent -compact
2193.It %%
2194A literal
2195.Sq % .
2196.It \&%C
2197Hash of %l%h%p%r%j.
2198.It %d
2199Local user's home directory.
2200.It %f
2201The fingerprint of the server's host key.
2202.It %H
2203The
2204.Pa known_hosts
2205hostname or address that is being searched for.
2206.It %h
2207The remote hostname.
2208.It \%%I
2209A string describing the reason for a
2210.Cm KnownHostsCommand
2211execution: either
2212.Cm ADDRESS
2213when looking up a host by address (only when
2214.Cm CheckHostIP
2215is enabled),
2216.Cm HOSTNAME
2217when searching by hostname, or
2218.Cm ORDER
2219when preparing the host key algorithm preference list to use for the
2220destination host.
2221.It %i
2222The local user ID.
2223.It %j
2224The contents of the ProxyJump option, or the empty string if this
2225option is unset.
2226.It %K
2227The base64 encoded host key.
2228.It %k
2229The host key alias if specified, otherwise the original remote hostname given
2230on the command line.
2231.It %L
2232The local hostname.
2233.It %l
2234The local hostname, including the domain name.
2235.It %n
2236The original remote hostname, as given on the command line.
2237.It %p
2238The remote port.
2239.It %r
2240The remote username.
2241.It \&%T
2242The local
2243.Xr tun 4
2244or
2245.Xr tap 4
2246network interface assigned if
2247tunnel forwarding was requested, or
2248.Qq NONE
2249otherwise.
2250.It %t
2251The type of the server host key, e.g.
2252.Cm ssh-ed25519 .
2253.It %u
2254The local username.
2255.El
2256.Pp
2257.Cm CertificateFile ,
2258.Cm ControlPath ,
2259.Cm IdentityAgent ,
2260.Cm IdentityFile ,
2261.Cm KnownHostsCommand ,
2262.Cm LocalForward ,
2263.Cm Match exec ,
2264.Cm RemoteCommand ,
2265.Cm RemoteForward ,
2266.Cm RevokedHostKeys ,
2267and
2268.Cm UserKnownHostsFile
2269accept the tokens %%, %C, %d, %h, %i, %j, %k, %L, %l, %n, %p, %r, and %u.
2270.Pp
2271.Cm KnownHostsCommand
2272additionally accepts the tokens %f, %H, %I, %K and %t.
2273.Pp
2274.Cm Hostname
2275accepts the tokens %% and %h.
2276.Pp
2277.Cm LocalCommand
2278accepts all tokens.
2279.Pp
2280.Cm ProxyCommand
2281and
2282.Cm ProxyJump
2283accept the tokens %%, %h, %n, %p, and %r.
2284.Pp
2285Note that some of these directives build commands for execution via the shell.
2286Because
2287.Xr ssh 1
2288performs no filtering or escaping of characters that have special meaning in
2289shell commands (e.g. quotes), it is the user's responsibility to ensure that
2290the arguments passed to
2291.Xr ssh 1
2292do not contain such characters and that tokens are appropriately quoted
2293when used.
2294.Sh ENVIRONMENT VARIABLES
2295Arguments to some keywords can be expanded at runtime from environment
2296variables on the client by enclosing them in
2297.Ic ${} ,
2298for example
2299.Ic ${HOME}/.ssh
2300would refer to the user's .ssh directory.
2301If a specified environment variable does not exist then an error will be
2302returned and the setting for that keyword will be ignored.
2303.Pp
2304The keywords
2305.Cm CertificateFile ,
2306.Cm ControlPath ,
2307.Cm IdentityAgent ,
2308.Cm IdentityFile ,
2309.Cm KnownHostsCommand ,
2310and
2311.Cm UserKnownHostsFile
2312support environment variables.
2313The keywords
2314.Cm LocalForward
2315and
2316.Cm RemoteForward
2317support environment variables only for Unix domain socket paths.
2318.Sh FILES
2319.Bl -tag -width Ds
2320.It Pa ~/.ssh/config
2321This is the per-user configuration file.
2322The format of this file is described above.
2323This file is used by the SSH client.
2324Because of the potential for abuse, this file must have strict permissions:
2325read/write for the user, and not writable by others.
2326.It Pa /etc/ssh/ssh_config
2327Systemwide configuration file.
2328This file provides defaults for those
2329values that are not specified in the user's configuration file, and
2330for those users who do not have a configuration file.
2331This file must be world-readable.
2332.El
2333.Sh SEE ALSO
2334.Xr ssh 1
2335.Sh AUTHORS
2336.An -nosplit
2337OpenSSH is a derivative of the original and free
2338ssh 1.2.12 release by
2339.An Tatu Ylonen .
2340.An Aaron Campbell , Bob Beck , Markus Friedl ,
2341.An Niels Provos , Theo de Raadt
2342and
2343.An Dug Song
2344removed many bugs, re-added newer features and
2345created OpenSSH.
2346.An Markus Friedl
2347contributed the support for SSH protocol versions 1.5 and 2.0.
2348