xref: /freebsd/crypto/openssh/ssh_config.5 (revision b9f654b163bce26de79705e77b872427c9f2afa1) 
1.\"
2.\" Author: Tatu Ylonen <ylo@cs.hut.fi>
3.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
4.\"                    All rights reserved
5.\"
6.\" As far as I am concerned, the code I have written for this software
7.\" can be used freely for any purpose.  Any derived versions of this
8.\" software must be clearly marked as such, and if the derived work is
9.\" incompatible with the protocol description in the RFC file, it must be
10.\" called by a name other than "ssh" or "Secure Shell".
11.\"
12.\" Copyright (c) 1999,2000 Markus Friedl.  All rights reserved.
13.\" Copyright (c) 1999 Aaron Campbell.  All rights reserved.
14.\" Copyright (c) 1999 Theo de Raadt.  All rights reserved.
15.\"
16.\" Redistribution and use in source and binary forms, with or without
17.\" modification, are permitted provided that the following conditions
18.\" are met:
19.\" 1. Redistributions of source code must retain the above copyright
20.\"    notice, this list of conditions and the following disclaimer.
21.\" 2. Redistributions in binary form must reproduce the above copyright
22.\"    notice, this list of conditions and the following disclaimer in the
23.\"    documentation and/or other materials provided with the distribution.
24.\"
25.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
26.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
27.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
28.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
29.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
30.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
31.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
32.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
33.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
34.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
35.\"
36.\" $OpenBSD: ssh_config.5,v 1.281 2018/07/23 19:02:49 kn Exp $
37.\" $FreeBSD$
38.Dd $Mdocdate: July 23 2018 $
39.Dt SSH_CONFIG 5
40.Os
41.Sh NAME
42.Nm ssh_config
43.Nd OpenSSH SSH client configuration files
44.Sh DESCRIPTION
45.Xr ssh 1
46obtains configuration data from the following sources in
47the following order:
48.Pp
49.Bl -enum -offset indent -compact
50.It
51command-line options
52.It
53user's configuration file
54.Pq Pa ~/.ssh/config
55.It
56system-wide configuration file
57.Pq Pa /etc/ssh/ssh_config
58.El
59.Pp
60For each parameter, the first obtained value
61will be used.
62The configuration files contain sections separated by
63.Cm Host
64specifications, and that section is only applied for hosts that
65match one of the patterns given in the specification.
66The matched host name is usually the one given on the command line
67(see the
68.Cm CanonicalizeHostname
69option for exceptions).
70.Pp
71Since the first obtained value for each parameter is used, more
72host-specific declarations should be given near the beginning of the
73file, and general defaults at the end.
74.Pp
75The file contains keyword-argument pairs, one per line.
76Lines starting with
77.Ql #
78and empty lines are interpreted as comments.
79Arguments may optionally be enclosed in double quotes
80.Pq \&"
81in order to represent arguments containing spaces.
82Configuration options may be separated by whitespace or
83optional whitespace and exactly one
84.Ql = ;
85the latter format is useful to avoid the need to quote whitespace
86when specifying configuration options using the
87.Nm ssh ,
88.Nm scp ,
89and
90.Nm sftp
91.Fl o
92option.
93.Pp
94The possible
95keywords and their meanings are as follows (note that
96keywords are case-insensitive and arguments are case-sensitive):
97.Bl -tag -width Ds
98.It Cm Host
99Restricts the following declarations (up to the next
100.Cm Host
101or
102.Cm Match
103keyword) to be only for those hosts that match one of the patterns
104given after the keyword.
105If more than one pattern is provided, they should be separated by whitespace.
106A single
107.Ql *
108as a pattern can be used to provide global
109defaults for all hosts.
110The host is usually the
111.Ar hostname
112argument given on the command line
113(see the
114.Cm CanonicalizeHostname
115keyword for exceptions).
116.Pp
117A pattern entry may be negated by prefixing it with an exclamation mark
118.Pq Sq !\& .
119If a negated entry is matched, then the
120.Cm Host
121entry is ignored, regardless of whether any other patterns on the line
122match.
123Negated matches are therefore useful to provide exceptions for wildcard
124matches.
125.Pp
126See
127.Sx PATTERNS
128for more information on patterns.
129.It Cm Match
130Restricts the following declarations (up to the next
131.Cm Host
132or
133.Cm Match
134keyword) to be used only when the conditions following the
135.Cm Match
136keyword are satisfied.
137Match conditions are specified using one or more criteria
138or the single token
139.Cm all
140which always matches.
141The available criteria keywords are:
142.Cm canonical ,
143.Cm exec ,
144.Cm host ,
145.Cm originalhost ,
146.Cm user ,
147and
148.Cm localuser .
149The
150.Cm all
151criteria must appear alone or immediately after
152.Cm canonical .
153Other criteria may be combined arbitrarily.
154All criteria but
155.Cm all
156and
157.Cm canonical
158require an argument.
159Criteria may be negated by prepending an exclamation mark
160.Pq Sq !\& .
161.Pp
162The
163.Cm canonical
164keyword matches only when the configuration file is being re-parsed
165after hostname canonicalization (see the
166.Cm CanonicalizeHostname
167option.)
168This may be useful to specify conditions that work with canonical host
169names only.
170The
171.Cm exec
172keyword executes the specified command under the user's shell.
173If the command returns a zero exit status then the condition is considered true.
174Commands containing whitespace characters must be quoted.
175Arguments to
176.Cm exec
177accept the tokens described in the
178.Sx TOKENS
179section.
180.Pp
181The other keywords' criteria must be single entries or comma-separated
182lists and may use the wildcard and negation operators described in the
183.Sx PATTERNS
184section.
185The criteria for the
186.Cm host
187keyword are matched against the target hostname, after any substitution
188by the
189.Cm Hostname
190or
191.Cm CanonicalizeHostname
192options.
193The
194.Cm originalhost
195keyword matches against the hostname as it was specified on the command-line.
196The
197.Cm user
198keyword matches against the target username on the remote host.
199The
200.Cm localuser
201keyword matches against the name of the local user running
202.Xr ssh 1
203(this keyword may be useful in system-wide
204.Nm
205files).
206.It Cm AddKeysToAgent
207Specifies whether keys should be automatically added to a running
208.Xr ssh-agent 1 .
209If this option is set to
210.Cm yes
211and a key is loaded from a file, the key and its passphrase are added to
212the agent with the default lifetime, as if by
213.Xr ssh-add 1 .
214If this option is set to
215.Cm ask ,
216.Xr ssh 1
217will require confirmation using the
218.Ev SSH_ASKPASS
219program before adding a key (see
220.Xr ssh-add 1
221for details).
222If this option is set to
223.Cm confirm ,
224each use of the key must be confirmed, as if the
225.Fl c
226option was specified to
227.Xr ssh-add 1 .
228If this option is set to
229.Cm no ,
230no keys are added to the agent.
231The argument must be
232.Cm yes ,
233.Cm confirm ,
234.Cm ask ,
235or
236.Cm no
237(the default).
238.It Cm AddressFamily
239Specifies which address family to use when connecting.
240Valid arguments are
241.Cm any
242(the default),
243.Cm inet
244(use IPv4 only), or
245.Cm inet6
246(use IPv6 only).
247.It Cm BatchMode
248If set to
249.Cm yes ,
250passphrase/password querying will be disabled.
251This option is useful in scripts and other batch jobs where no user
252is present to supply the password.
253The argument must be
254.Cm yes
255or
256.Cm no
257(the default).
258.It Cm BindAddress
259Use the specified address on the local machine as the source address of
260the connection.
261Only useful on systems with more than one address.
262.It Cm BindInterface
263Use the address of the specified interface on the local machine as the
264source address of the connection.
265.It Cm CanonicalDomains
266When
267.Cm CanonicalizeHostname
268is enabled, this option specifies the list of domain suffixes in which to
269search for the specified destination host.
270.It Cm CanonicalizeFallbackLocal
271Specifies whether to fail with an error when hostname canonicalization fails.
272The default,
273.Cm yes ,
274will attempt to look up the unqualified hostname using the system resolver's
275search rules.
276A value of
277.Cm no
278will cause
279.Xr ssh 1
280to fail instantly if
281.Cm CanonicalizeHostname
282is enabled and the target hostname cannot be found in any of the domains
283specified by
284.Cm CanonicalDomains .
285.It Cm CanonicalizeHostname
286Controls whether explicit hostname canonicalization is performed.
287The default,
288.Cm no ,
289is not to perform any name rewriting and let the system resolver handle all
290hostname lookups.
291If set to
292.Cm yes
293then, for connections that do not use a
294.Cm ProxyCommand ,
295.Xr ssh 1
296will attempt to canonicalize the hostname specified on the command line
297using the
298.Cm CanonicalDomains
299suffixes and
300.Cm CanonicalizePermittedCNAMEs
301rules.
302If
303.Cm CanonicalizeHostname
304is set to
305.Cm always ,
306then canonicalization is applied to proxied connections too.
307.Pp
308If this option is enabled, then the configuration files are processed
309again using the new target name to pick up any new configuration in matching
310.Cm Host
311and
312.Cm Match
313stanzas.
314.It Cm CanonicalizeMaxDots
315Specifies the maximum number of dot characters in a hostname before
316canonicalization is disabled.
317The default, 1,
318allows a single dot (i.e. hostname.subdomain).
319.It Cm CanonicalizePermittedCNAMEs
320Specifies rules to determine whether CNAMEs should be followed when
321canonicalizing hostnames.
322The rules consist of one or more arguments of
323.Ar source_domain_list : Ns Ar target_domain_list ,
324where
325.Ar source_domain_list
326is a pattern-list of domains that may follow CNAMEs in canonicalization,
327and
328.Ar target_domain_list
329is a pattern-list of domains that they may resolve to.
330.Pp
331For example,
332.Qq *.a.example.com:*.b.example.com,*.c.example.com
333will allow hostnames matching
334.Qq *.a.example.com
335to be canonicalized to names in the
336.Qq *.b.example.com
337or
338.Qq *.c.example.com
339domains.
340.It Cm CertificateFile
341Specifies a file from which the user's certificate is read.
342A corresponding private key must be provided separately in order
343to use this certificate either
344from an
345.Cm IdentityFile
346directive or
347.Fl i
348flag to
349.Xr ssh 1 ,
350via
351.Xr ssh-agent 1 ,
352or via a
353.Cm PKCS11Provider .
354.Pp
355Arguments to
356.Cm CertificateFile
357may use the tilde syntax to refer to a user's home directory
358or the tokens described in the
359.Sx TOKENS
360section.
361.Pp
362It is possible to have multiple certificate files specified in
363configuration files; these certificates will be tried in sequence.
364Multiple
365.Cm CertificateFile
366directives will add to the list of certificates used for
367authentication.
368.It Cm ChallengeResponseAuthentication
369Specifies whether to use challenge-response authentication.
370The argument to this keyword must be
371.Cm yes
372(the default)
373or
374.Cm no .
375.It Cm CheckHostIP
376If set to
377.Cm yes ,
378.Xr ssh 1
379will additionally check the host IP address in the
380.Pa known_hosts
381file.
382This allows it to detect if a host key changed due to DNS spoofing
383and will add addresses of destination hosts to
384.Pa ~/.ssh/known_hosts
385in the process, regardless of the setting of
386.Cm StrictHostKeyChecking .
387If the option is set to
388.Cm no ,
389the check will not be executed.
390The default is
391.Cm no .
392.It Cm Ciphers
393Specifies the ciphers allowed and their order of preference.
394Multiple ciphers must be comma-separated.
395If the specified value begins with a
396.Sq +
397character, then the specified ciphers will be appended to the default set
398instead of replacing them.
399If the specified value begins with a
400.Sq -
401character, then the specified ciphers (including wildcards) will be removed
402from the default set instead of replacing them.
403.Pp
404The supported ciphers are:
405.Bd -literal -offset indent
4063des-cbc
407aes128-cbc
408aes192-cbc
409aes256-cbc
410aes128-ctr
411aes192-ctr
412aes256-ctr
413aes128-gcm@openssh.com
414aes256-gcm@openssh.com
415chacha20-poly1305@openssh.com
416.Ed
417.Pp
418The default is:
419.Bd -literal -offset indent
420chacha20-poly1305@openssh.com,
421aes128-ctr,aes192-ctr,aes256-ctr,
422aes128-gcm@openssh.com,aes256-gcm@openssh.com
423.Ed
424.Pp
425The list of available ciphers may also be obtained using
426.Qq ssh -Q cipher .
427.It Cm ClearAllForwardings
428Specifies that all local, remote, and dynamic port forwardings
429specified in the configuration files or on the command line be
430cleared.
431This option is primarily useful when used from the
432.Xr ssh 1
433command line to clear port forwardings set in
434configuration files, and is automatically set by
435.Xr scp 1
436and
437.Xr sftp 1 .
438The argument must be
439.Cm yes
440or
441.Cm no
442(the default).
443.It Cm Compression
444Specifies whether to use compression.
445The argument must be
446.Cm yes
447or
448.Cm no
449(the default).
450.It Cm ConnectionAttempts
451Specifies the number of tries (one per second) to make before exiting.
452The argument must be an integer.
453This may be useful in scripts if the connection sometimes fails.
454The default is 1.
455.It Cm ConnectTimeout
456Specifies the timeout (in seconds) used when connecting to the
457SSH server, instead of using the default system TCP timeout.
458This value is used only when the target is down or really unreachable,
459not when it refuses the connection.
460.It Cm ControlMaster
461Enables the sharing of multiple sessions over a single network connection.
462When set to
463.Cm yes ,
464.Xr ssh 1
465will listen for connections on a control socket specified using the
466.Cm ControlPath
467argument.
468Additional sessions can connect to this socket using the same
469.Cm ControlPath
470with
471.Cm ControlMaster
472set to
473.Cm no
474(the default).
475These sessions will try to reuse the master instance's network connection
476rather than initiating new ones, but will fall back to connecting normally
477if the control socket does not exist, or is not listening.
478.Pp
479Setting this to
480.Cm ask
481will cause
482.Xr ssh 1
483to listen for control connections, but require confirmation using
484.Xr ssh-askpass 1 .
485If the
486.Cm ControlPath
487cannot be opened,
488.Xr ssh 1
489will continue without connecting to a master instance.
490.Pp
491X11 and
492.Xr ssh-agent 1
493forwarding is supported over these multiplexed connections, however the
494display and agent forwarded will be the one belonging to the master
495connection i.e. it is not possible to forward multiple displays or agents.
496.Pp
497Two additional options allow for opportunistic multiplexing: try to use a
498master connection but fall back to creating a new one if one does not already
499exist.
500These options are:
501.Cm auto
502and
503.Cm autoask .
504The latter requires confirmation like the
505.Cm ask
506option.
507.It Cm ControlPath
508Specify the path to the control socket used for connection sharing as described
509in the
510.Cm ControlMaster
511section above or the string
512.Cm none
513to disable connection sharing.
514Arguments to
515.Cm ControlPath
516may use the tilde syntax to refer to a user's home directory
517or the tokens described in the
518.Sx TOKENS
519section.
520It is recommended that any
521.Cm ControlPath
522used for opportunistic connection sharing include
523at least %h, %p, and %r (or alternatively %C) and be placed in a directory
524that is not writable by other users.
525This ensures that shared connections are uniquely identified.
526.It Cm ControlPersist
527When used in conjunction with
528.Cm ControlMaster ,
529specifies that the master connection should remain open
530in the background (waiting for future client connections)
531after the initial client connection has been closed.
532If set to
533.Cm no ,
534then the master connection will not be placed into the background,
535and will close as soon as the initial client connection is closed.
536If set to
537.Cm yes
538or 0,
539then the master connection will remain in the background indefinitely
540(until killed or closed via a mechanism such as the
541.Qq ssh -O exit ) .
542If set to a time in seconds, or a time in any of the formats documented in
543.Xr sshd_config 5 ,
544then the backgrounded master connection will automatically terminate
545after it has remained idle (with no client connections) for the
546specified time.
547.It Cm DynamicForward
548Specifies that a TCP port on the local machine be forwarded
549over the secure channel, and the application
550protocol is then used to determine where to connect to from the
551remote machine.
552.Pp
553The argument must be
554.Sm off
555.Oo Ar bind_address : Oc Ar port .
556.Sm on
557IPv6 addresses can be specified by enclosing addresses in square brackets.
558By default, the local port is bound in accordance with the
559.Cm GatewayPorts
560setting.
561However, an explicit
562.Ar bind_address
563may be used to bind the connection to a specific address.
564The
565.Ar bind_address
566of
567.Cm localhost
568indicates that the listening port be bound for local use only, while an
569empty address or
570.Sq *
571indicates that the port should be available from all interfaces.
572.Pp
573Currently the SOCKS4 and SOCKS5 protocols are supported, and
574.Xr ssh 1
575will act as a SOCKS server.
576Multiple forwardings may be specified, and
577additional forwardings can be given on the command line.
578Only the superuser can forward privileged ports.
579.It Cm EnableSSHKeysign
580Setting this option to
581.Cm yes
582in the global client configuration file
583.Pa /etc/ssh/ssh_config
584enables the use of the helper program
585.Xr ssh-keysign 8
586during
587.Cm HostbasedAuthentication .
588The argument must be
589.Cm yes
590or
591.Cm no
592(the default).
593This option should be placed in the non-hostspecific section.
594See
595.Xr ssh-keysign 8
596for more information.
597.It Cm EscapeChar
598Sets the escape character (default:
599.Ql ~ ) .
600The escape character can also
601be set on the command line.
602The argument should be a single character,
603.Ql ^
604followed by a letter, or
605.Cm none
606to disable the escape
607character entirely (making the connection transparent for binary
608data).
609.It Cm ExitOnForwardFailure
610Specifies whether
611.Xr ssh 1
612should terminate the connection if it cannot set up all requested
613dynamic, tunnel, local, and remote port forwardings, (e.g.\&
614if either end is unable to bind and listen on a specified port).
615Note that
616.Cm ExitOnForwardFailure
617does not apply to connections made over port forwardings and will not,
618for example, cause
619.Xr ssh 1
620to exit if TCP connections to the ultimate forwarding destination fail.
621The argument must be
622.Cm yes
623or
624.Cm no
625(the default).
626.It Cm FingerprintHash
627Specifies the hash algorithm used when displaying key fingerprints.
628Valid options are:
629.Cm md5
630and
631.Cm sha256
632(the default).
633.It Cm ForwardAgent
634Specifies whether the connection to the authentication agent (if any)
635will be forwarded to the remote machine.
636The argument must be
637.Cm yes
638or
639.Cm no
640(the default).
641.Pp
642Agent forwarding should be enabled with caution.
643Users with the ability to bypass file permissions on the remote host
644(for the agent's Unix-domain socket)
645can access the local agent through the forwarded connection.
646An attacker cannot obtain key material from the agent,
647however they can perform operations on the keys that enable them to
648authenticate using the identities loaded into the agent.
649.It Cm ForwardX11
650Specifies whether X11 connections will be automatically redirected
651over the secure channel and
652.Ev DISPLAY
653set.
654The argument must be
655.Cm yes
656or
657.Cm no
658(the default).
659.Pp
660X11 forwarding should be enabled with caution.
661Users with the ability to bypass file permissions on the remote host
662(for the user's X11 authorization database)
663can access the local X11 display through the forwarded connection.
664An attacker may then be able to perform activities such as keystroke monitoring
665if the
666.Cm ForwardX11Trusted
667option is also enabled.
668.It Cm ForwardX11Timeout
669Specify a timeout for untrusted X11 forwarding
670using the format described in the
671.Sx TIME FORMATS
672section of
673.Xr sshd_config 5 .
674X11 connections received by
675.Xr ssh 1
676after this time will be refused.
677The default is to disable untrusted X11 forwarding after twenty minutes has
678elapsed.
679.It Cm ForwardX11Trusted
680If this option is set to
681.Cm yes ,
682remote X11 clients will have full access to the original X11 display.
683.Pp
684If this option is set to
685.Cm no
686(the default),
687remote X11 clients will be considered untrusted and prevented
688from stealing or tampering with data belonging to trusted X11
689clients.
690Furthermore, the
691.Xr xauth 1
692token used for the session will be set to expire after 20 minutes.
693Remote clients will be refused access after this time.
694.Pp
695See the X11 SECURITY extension specification for full details on
696the restrictions imposed on untrusted clients.
697.It Cm GatewayPorts
698Specifies whether remote hosts are allowed to connect to local
699forwarded ports.
700By default,
701.Xr ssh 1
702binds local port forwardings to the loopback address.
703This prevents other remote hosts from connecting to forwarded ports.
704.Cm GatewayPorts
705can be used to specify that ssh
706should bind local port forwardings to the wildcard address,
707thus allowing remote hosts to connect to forwarded ports.
708The argument must be
709.Cm yes
710or
711.Cm no
712(the default).
713.It Cm GlobalKnownHostsFile
714Specifies one or more files to use for the global
715host key database, separated by whitespace.
716The default is
717.Pa /etc/ssh/ssh_known_hosts ,
718.Pa /etc/ssh/ssh_known_hosts2 .
719.It Cm GSSAPIAuthentication
720Specifies whether user authentication based on GSSAPI is allowed.
721The default is
722.Cm no .
723.It Cm GSSAPIDelegateCredentials
724Forward (delegate) credentials to the server.
725The default is
726.Cm no .
727.It Cm HashKnownHosts
728Indicates that
729.Xr ssh 1
730should hash host names and addresses when they are added to
731.Pa ~/.ssh/known_hosts .
732These hashed names may be used normally by
733.Xr ssh 1
734and
735.Xr sshd 8 ,
736but they do not reveal identifying information should the file's contents
737be disclosed.
738The default is
739.Cm no .
740Note that existing names and addresses in known hosts files
741will not be converted automatically,
742but may be manually hashed using
743.Xr ssh-keygen 1 .
744.It Cm HostbasedAuthentication
745Specifies whether to try rhosts based authentication with public key
746authentication.
747The argument must be
748.Cm yes
749or
750.Cm no
751(the default).
752.It Cm HostbasedKeyTypes
753Specifies the key types that will be used for hostbased authentication
754as a comma-separated list of patterns.
755Alternately if the specified value begins with a
756.Sq +
757character, then the specified key types will be appended to the default set
758instead of replacing them.
759If the specified value begins with a
760.Sq -
761character, then the specified key types (including wildcards) will be removed
762from the default set instead of replacing them.
763The default for this option is:
764.Bd -literal -offset 3n
765ecdsa-sha2-nistp256-cert-v01@openssh.com,
766ecdsa-sha2-nistp384-cert-v01@openssh.com,
767ecdsa-sha2-nistp521-cert-v01@openssh.com,
768ssh-ed25519-cert-v01@openssh.com,
769rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com,
770ssh-rsa-cert-v01@openssh.com,
771ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
772ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa
773.Ed
774.Pp
775The
776.Fl Q
777option of
778.Xr ssh 1
779may be used to list supported key types.
780.It Cm HostKeyAlgorithms
781Specifies the host key algorithms
782that the client wants to use in order of preference.
783Alternately if the specified value begins with a
784.Sq +
785character, then the specified key types will be appended to the default set
786instead of replacing them.
787If the specified value begins with a
788.Sq -
789character, then the specified key types (including wildcards) will be removed
790from the default set instead of replacing them.
791The default for this option is:
792.Bd -literal -offset 3n
793ecdsa-sha2-nistp256-cert-v01@openssh.com,
794ecdsa-sha2-nistp384-cert-v01@openssh.com,
795ecdsa-sha2-nistp521-cert-v01@openssh.com,
796ssh-ed25519-cert-v01@openssh.com,
797rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com,
798ssh-rsa-cert-v01@openssh.com,
799ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
800ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa
801.Ed
802.Pp
803If hostkeys are known for the destination host then this default is modified
804to prefer their algorithms.
805.Pp
806The list of available key types may also be obtained using
807.Qq ssh -Q key .
808.It Cm HostKeyAlias
809Specifies an alias that should be used instead of the
810real host name when looking up or saving the host key
811in the host key database files and when validating host certificates.
812This option is useful for tunneling SSH connections
813or for multiple servers running on a single host.
814.It Cm HostName
815Specifies the real host name to log into.
816This can be used to specify nicknames or abbreviations for hosts.
817Arguments to
818.Cm HostName
819accept the tokens described in the
820.Sx TOKENS
821section.
822Numeric IP addresses are also permitted (both on the command line and in
823.Cm HostName
824specifications).
825The default is the name given on the command line.
826.It Cm IdentitiesOnly
827Specifies that
828.Xr ssh 1
829should only use the authentication identity and certificate files explicitly
830configured in the
831.Nm
832files
833or passed on the
834.Xr ssh 1
835command-line,
836even if
837.Xr ssh-agent 1
838or a
839.Cm PKCS11Provider
840offers more identities.
841The argument to this keyword must be
842.Cm yes
843or
844.Cm no
845(the default).
846This option is intended for situations where ssh-agent
847offers many different identities.
848.It Cm IdentityAgent
849Specifies the
850.Ux Ns -domain
851socket used to communicate with the authentication agent.
852.Pp
853This option overrides the
854.Ev SSH_AUTH_SOCK
855environment variable and can be used to select a specific agent.
856Setting the socket name to
857.Cm none
858disables the use of an authentication agent.
859If the string
860.Qq SSH_AUTH_SOCK
861is specified, the location of the socket will be read from the
862.Ev SSH_AUTH_SOCK
863environment variable.
864.Pp
865Arguments to
866.Cm IdentityAgent
867may use the tilde syntax to refer to a user's home directory
868or the tokens described in the
869.Sx TOKENS
870section.
871.It Cm IdentityFile
872Specifies a file from which the user's DSA, ECDSA, Ed25519 or RSA authentication
873identity is read.
874The default is
875.Pa ~/.ssh/id_dsa ,
876.Pa ~/.ssh/id_ecdsa ,
877.Pa ~/.ssh/id_ed25519
878and
879.Pa ~/.ssh/id_rsa .
880Additionally, any identities represented by the authentication agent
881will be used for authentication unless
882.Cm IdentitiesOnly
883is set.
884If no certificates have been explicitly specified by
885.Cm CertificateFile ,
886.Xr ssh 1
887will try to load certificate information from the filename obtained by
888appending
889.Pa -cert.pub
890to the path of a specified
891.Cm IdentityFile .
892.Pp
893Arguments to
894.Cm IdentityFile
895may use the tilde syntax to refer to a user's home directory
896or the tokens described in the
897.Sx TOKENS
898section.
899.Pp
900It is possible to have
901multiple identity files specified in configuration files; all these
902identities will be tried in sequence.
903Multiple
904.Cm IdentityFile
905directives will add to the list of identities tried (this behaviour
906differs from that of other configuration directives).
907.Pp
908.Cm IdentityFile
909may be used in conjunction with
910.Cm IdentitiesOnly
911to select which identities in an agent are offered during authentication.
912.Cm IdentityFile
913may also be used in conjunction with
914.Cm CertificateFile
915in order to provide any certificate also needed for authentication with
916the identity.
917.It Cm IgnoreUnknown
918Specifies a pattern-list of unknown options to be ignored if they are
919encountered in configuration parsing.
920This may be used to suppress errors if
921.Nm
922contains options that are unrecognised by
923.Xr ssh 1 .
924It is recommended that
925.Cm IgnoreUnknown
926be listed early in the configuration file as it will not be applied
927to unknown options that appear before it.
928.It Cm Include
929Include the specified configuration file(s).
930Multiple pathnames may be specified and each pathname may contain
931.Xr glob 7
932wildcards and, for user configurations, shell-like
933.Sq ~
934references to user home directories.
935Files without absolute paths are assumed to be in
936.Pa ~/.ssh
937if included in a user configuration file or
938.Pa /etc/ssh
939if included from the system configuration file.
940.Cm Include
941directive may appear inside a
942.Cm Match
943or
944.Cm Host
945block
946to perform conditional inclusion.
947.It Cm IPQoS
948Specifies the IPv4 type-of-service or DSCP class for connections.
949Accepted values are
950.Cm af11 ,
951.Cm af12 ,
952.Cm af13 ,
953.Cm af21 ,
954.Cm af22 ,
955.Cm af23 ,
956.Cm af31 ,
957.Cm af32 ,
958.Cm af33 ,
959.Cm af41 ,
960.Cm af42 ,
961.Cm af43 ,
962.Cm cs0 ,
963.Cm cs1 ,
964.Cm cs2 ,
965.Cm cs3 ,
966.Cm cs4 ,
967.Cm cs5 ,
968.Cm cs6 ,
969.Cm cs7 ,
970.Cm ef ,
971.Cm lowdelay ,
972.Cm throughput ,
973.Cm reliability ,
974a numeric value, or
975.Cm none
976to use the operating system default.
977This option may take one or two arguments, separated by whitespace.
978If one argument is specified, it is used as the packet class unconditionally.
979If two values are specified, the first is automatically selected for
980interactive sessions and the second for non-interactive sessions.
981The default is
982.Cm af21
983(Low-Latency Data)
984for interactive sessions and
985.Cm cs1
986(Lower Effort)
987for non-interactive sessions.
988.It Cm KbdInteractiveAuthentication
989Specifies whether to use keyboard-interactive authentication.
990The argument to this keyword must be
991.Cm yes
992(the default)
993or
994.Cm no .
995.It Cm KbdInteractiveDevices
996Specifies the list of methods to use in keyboard-interactive authentication.
997Multiple method names must be comma-separated.
998The default is to use the server specified list.
999The methods available vary depending on what the server supports.
1000For an OpenSSH server,
1001it may be zero or more of:
1002.Cm bsdauth
1003and
1004.Cm pam .
1005.It Cm KexAlgorithms
1006Specifies the available KEX (Key Exchange) algorithms.
1007Multiple algorithms must be comma-separated.
1008Alternately if the specified value begins with a
1009.Sq +
1010character, then the specified methods will be appended to the default set
1011instead of replacing them.
1012If the specified value begins with a
1013.Sq -
1014character, then the specified methods (including wildcards) will be removed
1015from the default set instead of replacing them.
1016The default is:
1017.Bd -literal -offset indent
1018curve25519-sha256,curve25519-sha256@libssh.org,
1019ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,
1020diffie-hellman-group-exchange-sha256,
1021diffie-hellman-group16-sha512,
1022diffie-hellman-group18-sha512,
1023diffie-hellman-group-exchange-sha1,
1024diffie-hellman-group14-sha256,
1025diffie-hellman-group14-sha1
1026.Ed
1027.Pp
1028The list of available key exchange algorithms may also be obtained using
1029.Qq ssh -Q kex .
1030.It Cm LocalCommand
1031Specifies a command to execute on the local machine after successfully
1032connecting to the server.
1033The command string extends to the end of the line, and is executed with
1034the user's shell.
1035Arguments to
1036.Cm LocalCommand
1037accept the tokens described in the
1038.Sx TOKENS
1039section.
1040.Pp
1041The command is run synchronously and does not have access to the
1042session of the
1043.Xr ssh 1
1044that spawned it.
1045It should not be used for interactive commands.
1046.Pp
1047This directive is ignored unless
1048.Cm PermitLocalCommand
1049has been enabled.
1050.It Cm LocalForward
1051Specifies that a TCP port on the local machine be forwarded over
1052the secure channel to the specified host and port from the remote machine.
1053The first argument must be
1054.Sm off
1055.Oo Ar bind_address : Oc Ar port
1056.Sm on
1057and the second argument must be
1058.Ar host : Ns Ar hostport .
1059IPv6 addresses can be specified by enclosing addresses in square brackets.
1060Multiple forwardings may be specified, and additional forwardings can be
1061given on the command line.
1062Only the superuser can forward privileged ports.
1063By default, the local port is bound in accordance with the
1064.Cm GatewayPorts
1065setting.
1066However, an explicit
1067.Ar bind_address
1068may be used to bind the connection to a specific address.
1069The
1070.Ar bind_address
1071of
1072.Cm localhost
1073indicates that the listening port be bound for local use only, while an
1074empty address or
1075.Sq *
1076indicates that the port should be available from all interfaces.
1077.It Cm LogLevel
1078Gives the verbosity level that is used when logging messages from
1079.Xr ssh 1 .
1080The possible values are:
1081QUIET, FATAL, ERROR, INFO, VERBOSE, DEBUG, DEBUG1, DEBUG2, and DEBUG3.
1082The default is INFO.
1083DEBUG and DEBUG1 are equivalent.
1084DEBUG2 and DEBUG3 each specify higher levels of verbose output.
1085.It Cm MACs
1086Specifies the MAC (message authentication code) algorithms
1087in order of preference.
1088The MAC algorithm is used for data integrity protection.
1089Multiple algorithms must be comma-separated.
1090If the specified value begins with a
1091.Sq +
1092character, then the specified algorithms will be appended to the default set
1093instead of replacing them.
1094If the specified value begins with a
1095.Sq -
1096character, then the specified algorithms (including wildcards) will be removed
1097from the default set instead of replacing them.
1098.Pp
1099The algorithms that contain
1100.Qq -etm
1101calculate the MAC after encryption (encrypt-then-mac).
1102These are considered safer and their use recommended.
1103.Pp
1104The default is:
1105.Bd -literal -offset indent
1106umac-64-etm@openssh.com,umac-128-etm@openssh.com,
1107hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,
1108hmac-sha1-etm@openssh.com,
1109umac-64@openssh.com,umac-128@openssh.com,
1110hmac-sha2-256,hmac-sha2-512,hmac-sha1
1111.Ed
1112.Pp
1113The list of available MAC algorithms may also be obtained using
1114.Qq ssh -Q mac .
1115.It Cm NoHostAuthenticationForLocalhost
1116Disable host authentication for localhost (loopback addresses).
1117The argument to this keyword must be
1118.Cm yes
1119or
1120.Cm no
1121(the default).
1122.It Cm NumberOfPasswordPrompts
1123Specifies the number of password prompts before giving up.
1124The argument to this keyword must be an integer.
1125The default is 3.
1126.It Cm PasswordAuthentication
1127Specifies whether to use password authentication.
1128The argument to this keyword must be
1129.Cm yes
1130(the default)
1131or
1132.Cm no .
1133.It Cm PermitLocalCommand
1134Allow local command execution via the
1135.Ic LocalCommand
1136option or using the
1137.Ic !\& Ns Ar command
1138escape sequence in
1139.Xr ssh 1 .
1140The argument must be
1141.Cm yes
1142or
1143.Cm no
1144(the default).
1145.It Cm PKCS11Provider
1146Specifies which PKCS#11 provider to use.
1147The argument to this keyword is the PKCS#11 shared library
1148.Xr ssh 1
1149should use to communicate with a PKCS#11 token providing the user's
1150private RSA key.
1151.It Cm Port
1152Specifies the port number to connect on the remote host.
1153The default is 22.
1154.It Cm PreferredAuthentications
1155Specifies the order in which the client should try authentication methods.
1156This allows a client to prefer one method (e.g.\&
1157.Cm keyboard-interactive )
1158over another method (e.g.\&
1159.Cm password ) .
1160The default is:
1161.Bd -literal -offset indent
1162gssapi-with-mic,hostbased,publickey,
1163keyboard-interactive,password
1164.Ed
1165.It Cm ProxyCommand
1166Specifies the command to use to connect to the server.
1167The command
1168string extends to the end of the line, and is executed
1169using the user's shell
1170.Ql exec
1171directive to avoid a lingering shell process.
1172.Pp
1173Arguments to
1174.Cm ProxyCommand
1175accept the tokens described in the
1176.Sx TOKENS
1177section.
1178The command can be basically anything,
1179and should read from its standard input and write to its standard output.
1180It should eventually connect an
1181.Xr sshd 8
1182server running on some machine, or execute
1183.Ic sshd -i
1184somewhere.
1185Host key management will be done using the
1186HostName of the host being connected (defaulting to the name typed by
1187the user).
1188Setting the command to
1189.Cm none
1190disables this option entirely.
1191Note that
1192.Cm CheckHostIP
1193is not available for connects with a proxy command.
1194.Pp
1195This directive is useful in conjunction with
1196.Xr nc 1
1197and its proxy support.
1198For example, the following directive would connect via an HTTP proxy at
1199192.0.2.0:
1200.Bd -literal -offset 3n
1201ProxyCommand /usr/bin/nc -X connect -x 192.0.2.0:8080 %h %p
1202.Ed
1203.It Cm ProxyJump
1204Specifies one or more jump proxies as either
1205.Xo
1206.Sm off
1207.Op Ar user No @
1208.Ar host
1209.Op : Ns Ar port
1210.Sm on
1211or an ssh URI
1212.Xc .
1213Multiple proxies may be separated by comma characters and will be visited
1214sequentially.
1215Setting this option will cause
1216.Xr ssh 1
1217to connect to the target host by first making a
1218.Xr ssh 1
1219connection to the specified
1220.Cm ProxyJump
1221host and then establishing a
1222TCP forwarding to the ultimate target from there.
1223.Pp
1224Note that this option will compete with the
1225.Cm ProxyCommand
1226option - whichever is specified first will prevent later instances of the
1227other from taking effect.
1228.It Cm ProxyUseFdpass
1229Specifies that
1230.Cm ProxyCommand
1231will pass a connected file descriptor back to
1232.Xr ssh 1
1233instead of continuing to execute and pass data.
1234The default is
1235.Cm no .
1236.It Cm PubkeyAcceptedKeyTypes
1237Specifies the key types that will be used for public key authentication
1238as a comma-separated list of patterns.
1239Alternately if the specified value begins with a
1240.Sq +
1241character, then the key types after it will be appended to the default
1242instead of replacing it.
1243If the specified value begins with a
1244.Sq -
1245character, then the specified key types (including wildcards) will be removed
1246from the default set instead of replacing them.
1247The default for this option is:
1248.Bd -literal -offset 3n
1249ecdsa-sha2-nistp256-cert-v01@openssh.com,
1250ecdsa-sha2-nistp384-cert-v01@openssh.com,
1251ecdsa-sha2-nistp521-cert-v01@openssh.com,
1252ssh-ed25519-cert-v01@openssh.com,
1253rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com,
1254ssh-rsa-cert-v01@openssh.com,
1255ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
1256ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa
1257.Ed
1258.Pp
1259The list of available key types may also be obtained using
1260.Qq ssh -Q key .
1261.It Cm PubkeyAuthentication
1262Specifies whether to try public key authentication.
1263The argument to this keyword must be
1264.Cm yes
1265(the default)
1266or
1267.Cm no .
1268.It Cm RekeyLimit
1269Specifies the maximum amount of data that may be transmitted before the
1270session key is renegotiated, optionally followed a maximum amount of
1271time that may pass before the session key is renegotiated.
1272The first argument is specified in bytes and may have a suffix of
1273.Sq K ,
1274.Sq M ,
1275or
1276.Sq G
1277to indicate Kilobytes, Megabytes, or Gigabytes, respectively.
1278The default is between
1279.Sq 1G
1280and
1281.Sq 4G ,
1282depending on the cipher.
1283The optional second value is specified in seconds and may use any of the
1284units documented in the
1285.Sx TIME FORMATS
1286section of
1287.Xr sshd_config 5 .
1288The default value for
1289.Cm RekeyLimit
1290is
1291.Cm default none ,
1292which means that rekeying is performed after the cipher's default amount
1293of data has been sent or received and no time based rekeying is done.
1294.It Cm RemoteCommand
1295Specifies a command to execute on the remote machine after successfully
1296connecting to the server.
1297The command string extends to the end of the line, and is executed with
1298the user's shell.
1299Arguments to
1300.Cm RemoteCommand
1301accept the tokens described in the
1302.Sx TOKENS
1303section.
1304.It Cm RemoteForward
1305Specifies that a TCP port on the remote machine be forwarded over
1306the secure channel.
1307The remote port may either be forwarded to a specified host and port
1308from the local machine, or may act as a SOCKS 4/5 proxy that allows a remote
1309client to connect to arbitrary destinations from the local machine.
1310The first argument must be
1311.Sm off
1312.Oo Ar bind_address : Oc Ar port
1313.Sm on
1314If forwarding to a specific destination then the second argument must be
1315.Ar host : Ns Ar hostport ,
1316otherwise if no destination argument is specified then the remote forwarding
1317will be established as a SOCKS proxy.
1318.Pp
1319IPv6 addresses can be specified by enclosing addresses in square brackets.
1320Multiple forwardings may be specified, and additional
1321forwardings can be given on the command line.
1322Privileged ports can be forwarded only when
1323logging in as root on the remote machine.
1324.Pp
1325If the
1326.Ar port
1327argument is 0,
1328the listen port will be dynamically allocated on the server and reported
1329to the client at run time.
1330.Pp
1331If the
1332.Ar bind_address
1333is not specified, the default is to only bind to loopback addresses.
1334If the
1335.Ar bind_address
1336is
1337.Ql *
1338or an empty string, then the forwarding is requested to listen on all
1339interfaces.
1340Specifying a remote
1341.Ar bind_address
1342will only succeed if the server's
1343.Cm GatewayPorts
1344option is enabled (see
1345.Xr sshd_config 5 ) .
1346.It Cm RequestTTY
1347Specifies whether to request a pseudo-tty for the session.
1348The argument may be one of:
1349.Cm no
1350(never request a TTY),
1351.Cm yes
1352(always request a TTY when standard input is a TTY),
1353.Cm force
1354(always request a TTY) or
1355.Cm auto
1356(request a TTY when opening a login session).
1357This option mirrors the
1358.Fl t
1359and
1360.Fl T
1361flags for
1362.Xr ssh 1 .
1363.It Cm RevokedHostKeys
1364Specifies revoked host public keys.
1365Keys listed in this file will be refused for host authentication.
1366Note that if this file does not exist or is not readable,
1367then host authentication will be refused for all hosts.
1368Keys may be specified as a text file, listing one public key per line, or as
1369an OpenSSH Key Revocation List (KRL) as generated by
1370.Xr ssh-keygen 1 .
1371For more information on KRLs, see the KEY REVOCATION LISTS section in
1372.Xr ssh-keygen 1 .
1373.It Cm SendEnv
1374Specifies what variables from the local
1375.Xr environ 7
1376should be sent to the server.
1377The server must also support it, and the server must be configured to
1378accept these environment variables.
1379Note that the
1380.Ev TERM
1381environment variable is always sent whenever a
1382pseudo-terminal is requested as it is required by the protocol.
1383Refer to
1384.Cm AcceptEnv
1385in
1386.Xr sshd_config 5
1387for how to configure the server.
1388Variables are specified by name, which may contain wildcard characters.
1389Multiple environment variables may be separated by whitespace or spread
1390across multiple
1391.Cm SendEnv
1392directives.
1393.Pp
1394See
1395.Sx PATTERNS
1396for more information on patterns.
1397.Pp
1398It is possible to clear previously set
1399.Cm SendEnv
1400variable names by prefixing patterns with
1401.Pa - .
1402The default is not to send any environment variables.
1403.It Cm ServerAliveCountMax
1404Sets the number of server alive messages (see below) which may be
1405sent without
1406.Xr ssh 1
1407receiving any messages back from the server.
1408If this threshold is reached while server alive messages are being sent,
1409ssh will disconnect from the server, terminating the session.
1410It is important to note that the use of server alive messages is very
1411different from
1412.Cm TCPKeepAlive
1413(below).
1414The server alive messages are sent through the encrypted channel
1415and therefore will not be spoofable.
1416The TCP keepalive option enabled by
1417.Cm TCPKeepAlive
1418is spoofable.
1419The server alive mechanism is valuable when the client or
1420server depend on knowing when a connection has become inactive.
1421.Pp
1422The default value is 3.
1423If, for example,
1424.Cm ServerAliveInterval
1425(see below) is set to 15 and
1426.Cm ServerAliveCountMax
1427is left at the default, if the server becomes unresponsive,
1428ssh will disconnect after approximately 45 seconds.
1429.It Cm ServerAliveInterval
1430Sets a timeout interval in seconds after which if no data has been received
1431from the server,
1432.Xr ssh 1
1433will send a message through the encrypted
1434channel to request a response from the server.
1435The default
1436is 0, indicating that these messages will not be sent to the server.
1437.It Cm SetEnv
1438Directly specify one or more environment variables and their contents to
1439be sent to the server.
1440Similarly to
1441.Cm SendEnv ,
1442the server must be prepared to accept the environment variable.
1443.It Cm StreamLocalBindMask
1444Sets the octal file creation mode mask
1445.Pq umask
1446used when creating a Unix-domain socket file for local or remote
1447port forwarding.
1448This option is only used for port forwarding to a Unix-domain socket file.
1449.Pp
1450The default value is 0177, which creates a Unix-domain socket file that is
1451readable and writable only by the owner.
1452Note that not all operating systems honor the file mode on Unix-domain
1453socket files.
1454.It Cm StreamLocalBindUnlink
1455Specifies whether to remove an existing Unix-domain socket file for local
1456or remote port forwarding before creating a new one.
1457If the socket file already exists and
1458.Cm StreamLocalBindUnlink
1459is not enabled,
1460.Nm ssh
1461will be unable to forward the port to the Unix-domain socket file.
1462This option is only used for port forwarding to a Unix-domain socket file.
1463.Pp
1464The argument must be
1465.Cm yes
1466or
1467.Cm no
1468(the default).
1469.It Cm StrictHostKeyChecking
1470If this flag is set to
1471.Cm yes ,
1472.Xr ssh 1
1473will never automatically add host keys to the
1474.Pa ~/.ssh/known_hosts
1475file, and refuses to connect to hosts whose host key has changed.
1476This provides maximum protection against man-in-the-middle (MITM) attacks,
1477though it can be annoying when the
1478.Pa /etc/ssh/ssh_known_hosts
1479file is poorly maintained or when connections to new hosts are
1480frequently made.
1481This option forces the user to manually
1482add all new hosts.
1483.Pp
1484If this flag is set to
1485.Dq accept-new
1486then ssh will automatically add new host keys to the user
1487known hosts files, but will not permit connections to hosts with
1488changed host keys.
1489If this flag is set to
1490.Dq no
1491or
1492.Dq off ,
1493ssh will automatically add new host keys to the user known hosts files
1494and allow connections to hosts with changed hostkeys to proceed,
1495subject to some restrictions.
1496If this flag is set to
1497.Cm ask
1498(the default),
1499new host keys
1500will be added to the user known host files only after the user
1501has confirmed that is what they really want to do, and
1502ssh will refuse to connect to hosts whose host key has changed.
1503The host keys of
1504known hosts will be verified automatically in all cases.
1505.It Cm SyslogFacility
1506Gives the facility code that is used when logging messages from
1507.Xr ssh 1 .
1508The possible values are: DAEMON, USER, AUTH, LOCAL0, LOCAL1, LOCAL2,
1509LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7.
1510The default is USER.
1511.It Cm TCPKeepAlive
1512Specifies whether the system should send TCP keepalive messages to the
1513other side.
1514If they are sent, death of the connection or crash of one
1515of the machines will be properly noticed.
1516However, this means that
1517connections will die if the route is down temporarily, and some people
1518find it annoying.
1519.Pp
1520The default is
1521.Cm yes
1522(to send TCP keepalive messages), and the client will notice
1523if the network goes down or the remote host dies.
1524This is important in scripts, and many users want it too.
1525.Pp
1526To disable TCP keepalive messages, the value should be set to
1527.Cm no .
1528See also
1529.Cm ServerAliveInterval
1530for protocol-level keepalives.
1531.It Cm Tunnel
1532Request
1533.Xr tun 4
1534device forwarding between the client and the server.
1535The argument must be
1536.Cm yes ,
1537.Cm point-to-point
1538(layer 3),
1539.Cm ethernet
1540(layer 2),
1541or
1542.Cm no
1543(the default).
1544Specifying
1545.Cm yes
1546requests the default tunnel mode, which is
1547.Cm point-to-point .
1548.It Cm TunnelDevice
1549Specifies the
1550.Xr tun 4
1551devices to open on the client
1552.Pq Ar local_tun
1553and the server
1554.Pq Ar remote_tun .
1555.Pp
1556The argument must be
1557.Sm off
1558.Ar local_tun Op : Ar remote_tun .
1559.Sm on
1560The devices may be specified by numerical ID or the keyword
1561.Cm any ,
1562which uses the next available tunnel device.
1563If
1564.Ar remote_tun
1565is not specified, it defaults to
1566.Cm any .
1567The default is
1568.Cm any:any .
1569.It Cm UpdateHostKeys
1570Specifies whether
1571.Xr ssh 1
1572should accept notifications of additional hostkeys from the server sent
1573after authentication has completed and add them to
1574.Cm UserKnownHostsFile .
1575The argument must be
1576.Cm yes ,
1577.Cm no
1578(the default) or
1579.Cm ask .
1580Enabling this option allows learning alternate hostkeys for a server
1581and supports graceful key rotation by allowing a server to send replacement
1582public keys before old ones are removed.
1583Additional hostkeys are only accepted if the key used to authenticate the
1584host was already trusted or explicitly accepted by the user.
1585If
1586.Cm UpdateHostKeys
1587is set to
1588.Cm ask ,
1589then the user is asked to confirm the modifications to the known_hosts file.
1590Confirmation is currently incompatible with
1591.Cm ControlPersist ,
1592and will be disabled if it is enabled.
1593.Pp
1594Presently, only
1595.Xr sshd 8
1596from OpenSSH 6.8 and greater support the
1597.Qq hostkeys@openssh.com
1598protocol extension used to inform the client of all the server's hostkeys.
1599.It Cm User
1600Specifies the user to log in as.
1601This can be useful when a different user name is used on different machines.
1602This saves the trouble of
1603having to remember to give the user name on the command line.
1604.It Cm UserKnownHostsFile
1605Specifies one or more files to use for the user
1606host key database, separated by whitespace.
1607The default is
1608.Pa ~/.ssh/known_hosts ,
1609.Pa ~/.ssh/known_hosts2 .
1610.It Cm VerifyHostKeyDNS
1611Specifies whether to verify the remote key using DNS and SSHFP resource
1612records.
1613If this option is set to
1614.Cm yes ,
1615the client will implicitly trust keys that match a secure fingerprint
1616from DNS.
1617Insecure fingerprints will be handled as if this option was set to
1618.Cm ask .
1619If this option is set to
1620.Cm ask ,
1621information on fingerprint match will be displayed, but the user will still
1622need to confirm new host keys according to the
1623.Cm StrictHostKeyChecking
1624option.
1625The default is
1626.Cm yes
1627if compiled with LDNS and
1628.Cm no
1629otherwise.
1630.Pp
1631See also
1632.Sx VERIFYING HOST KEYS
1633in
1634.Xr ssh 1 .
1635.It Cm VersionAddendum
1636Specifies a string to append to the regular version string to identify
1637OS- or site-specific modifications.
1638The default is
1639.Dq FreeBSD-20180909 .
1640The value
1641.Cm none
1642may be used to disable this.
1643.It Cm VisualHostKey
1644If this flag is set to
1645.Cm yes ,
1646an ASCII art representation of the remote host key fingerprint is
1647printed in addition to the fingerprint string at login and
1648for unknown host keys.
1649If this flag is set to
1650.Cm no
1651(the default),
1652no fingerprint strings are printed at login and
1653only the fingerprint string will be printed for unknown host keys.
1654.It Cm XAuthLocation
1655Specifies the full pathname of the
1656.Xr xauth 1
1657program.
1658The default is
1659.Pa /usr/local/bin/xauth .
1660.El
1661.Sh PATTERNS
1662A
1663.Em pattern
1664consists of zero or more non-whitespace characters,
1665.Sq *
1666(a wildcard that matches zero or more characters),
1667or
1668.Sq ?\&
1669(a wildcard that matches exactly one character).
1670For example, to specify a set of declarations for any host in the
1671.Qq .co.uk
1672set of domains,
1673the following pattern could be used:
1674.Pp
1675.Dl Host *.co.uk
1676.Pp
1677The following pattern
1678would match any host in the 192.168.0.[0-9] network range:
1679.Pp
1680.Dl Host 192.168.0.?
1681.Pp
1682A
1683.Em pattern-list
1684is a comma-separated list of patterns.
1685Patterns within pattern-lists may be negated
1686by preceding them with an exclamation mark
1687.Pq Sq !\& .
1688For example,
1689to allow a key to be used from anywhere within an organization
1690except from the
1691.Qq dialup
1692pool,
1693the following entry (in authorized_keys) could be used:
1694.Pp
1695.Dl from=\&"!*.dialup.example.com,*.example.com\&"
1696.Pp
1697Note that a negated match will never produce a positive result by itself.
1698For example, attempting to match
1699.Qq host3
1700against the following pattern-list will fail:
1701.Pp
1702.Dl from=\&"!host1,!host2\&"
1703.Pp
1704The solution here is to include a term that will yield a positive match,
1705such as a wildcard:
1706.Pp
1707.Dl from=\&"!host1,!host2,*\&"
1708.Sh TOKENS
1709Arguments to some keywords can make use of tokens,
1710which are expanded at runtime:
1711.Pp
1712.Bl -tag -width XXXX -offset indent -compact
1713.It %%
1714A literal
1715.Sq % .
1716.It \&%C
1717Hash of %l%h%p%r.
1718.It %d
1719Local user's home directory.
1720.It %h
1721The remote hostname.
1722.It %i
1723The local user ID.
1724.It %L
1725The local hostname.
1726.It %l
1727The local hostname, including the domain name.
1728.It %n
1729The original remote hostname, as given on the command line.
1730.It %p
1731The remote port.
1732.It %r
1733The remote username.
1734.It \&%T
1735The local
1736.Xr tun 4
1737or
1738.Xr tap 4
1739network interface assigned if
1740tunnel forwarding was requested, or
1741.Qq NONE
1742otherwise.
1743.It %u
1744The local username.
1745.El
1746.Pp
1747.Cm Match exec
1748accepts the tokens %%, %h, %i, %L, %l, %n, %p, %r, and %u.
1749.Pp
1750.Cm CertificateFile
1751accepts the tokens %%, %d, %h, %i, %l, %r, and %u.
1752.Pp
1753.Cm ControlPath
1754accepts the tokens %%, %C, %h, %i, %L, %l, %n, %p, %r, and %u.
1755.Pp
1756.Cm HostName
1757accepts the tokens %% and %h.
1758.Pp
1759.Cm IdentityAgent
1760and
1761.Cm IdentityFile
1762accept the tokens %%, %d, %h, %i, %l, %r, and %u.
1763.Pp
1764.Cm LocalCommand
1765accepts the tokens %%, %C, %d, %h, %i, %l, %n, %p, %r, %T, and %u.
1766.Pp
1767.Cm ProxyCommand
1768accepts the tokens %%, %h, %p, and %r.
1769.Pp
1770.Cm RemoteCommand
1771accepts the tokens %%, %C, %d, %h, %i, %l, %n, %p, %r, and %u.
1772.Sh FILES
1773.Bl -tag -width Ds
1774.It Pa ~/.ssh/config
1775This is the per-user configuration file.
1776The format of this file is described above.
1777This file is used by the SSH client.
1778Because of the potential for abuse, this file must have strict permissions:
1779read/write for the user, and not accessible by others.
1780.It Pa /etc/ssh/ssh_config
1781Systemwide configuration file.
1782This file provides defaults for those
1783values that are not specified in the user's configuration file, and
1784for those users who do not have a configuration file.
1785This file must be world-readable.
1786.El
1787.Sh SEE ALSO
1788.Xr ssh 1
1789.Sh AUTHORS
1790.An -nosplit
1791OpenSSH is a derivative of the original and free
1792ssh 1.2.12 release by
1793.An Tatu Ylonen .
1794.An Aaron Campbell , Bob Beck , Markus Friedl ,
1795.An Niels Provos , Theo de Raadt
1796and
1797.An Dug Song
1798removed many bugs, re-added newer features and
1799created OpenSSH.
1800.An Markus Friedl
1801contributed the support for SSH protocol versions 1.5 and 2.0.
1802