xref: /freebsd/crypto/openssh/ssh_config.5 (revision d5b0e70f7e04d971691517ce1304d86a1e367e2e)
1.\"
2.\" Author: Tatu Ylonen <ylo@cs.hut.fi>
3.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
4.\"                    All rights reserved
5.\"
6.\" As far as I am concerned, the code I have written for this software
7.\" can be used freely for any purpose.  Any derived versions of this
8.\" software must be clearly marked as such, and if the derived work is
9.\" incompatible with the protocol description in the RFC file, it must be
10.\" called by a name other than "ssh" or "Secure Shell".
11.\"
12.\" Copyright (c) 1999,2000 Markus Friedl.  All rights reserved.
13.\" Copyright (c) 1999 Aaron Campbell.  All rights reserved.
14.\" Copyright (c) 1999 Theo de Raadt.  All rights reserved.
15.\"
16.\" Redistribution and use in source and binary forms, with or without
17.\" modification, are permitted provided that the following conditions
18.\" are met:
19.\" 1. Redistributions of source code must retain the above copyright
20.\"    notice, this list of conditions and the following disclaimer.
21.\" 2. Redistributions in binary form must reproduce the above copyright
22.\"    notice, this list of conditions and the following disclaimer in the
23.\"    documentation and/or other materials provided with the distribution.
24.\"
25.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
26.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
27.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
28.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
29.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
30.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
31.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
32.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
33.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
34.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
35.\"
36.\" $OpenBSD: ssh_config.5,v 1.374 2022/09/17 10:33:18 djm Exp $
37.Dd $Mdocdate: September 17 2022 $
38.Dt SSH_CONFIG 5
39.Os
40.Sh NAME
41.Nm ssh_config
42.Nd OpenSSH client configuration file
43.Sh DESCRIPTION
44.Xr ssh 1
45obtains configuration data from the following sources in
46the following order:
47.Pp
48.Bl -enum -offset indent -compact
49.It
50command-line options
51.It
52user's configuration file
53.Pq Pa ~/.ssh/config
54.It
55system-wide configuration file
56.Pq Pa /etc/ssh/ssh_config
57.El
58.Pp
59For each parameter, the first obtained value
60will be used.
61The configuration files contain sections separated by
62.Cm Host
63specifications, and that section is only applied for hosts that
64match one of the patterns given in the specification.
65The matched host name is usually the one given on the command line
66(see the
67.Cm CanonicalizeHostname
68option for exceptions).
69.Pp
70Since the first obtained value for each parameter is used, more
71host-specific declarations should be given near the beginning of the
72file, and general defaults at the end.
73.Pp
74The file contains keyword-argument pairs, one per line.
75Lines starting with
76.Ql #
77and empty lines are interpreted as comments.
78Arguments may optionally be enclosed in double quotes
79.Pq \&"
80in order to represent arguments containing spaces.
81Configuration options may be separated by whitespace or
82optional whitespace and exactly one
83.Ql = ;
84the latter format is useful to avoid the need to quote whitespace
85when specifying configuration options using the
86.Nm ssh ,
87.Nm scp ,
88and
89.Nm sftp
90.Fl o
91option.
92.Pp
93The possible
94keywords and their meanings are as follows (note that
95keywords are case-insensitive and arguments are case-sensitive):
96.Bl -tag -width Ds
97.It Cm Host
98Restricts the following declarations (up to the next
99.Cm Host
100or
101.Cm Match
102keyword) to be only for those hosts that match one of the patterns
103given after the keyword.
104If more than one pattern is provided, they should be separated by whitespace.
105A single
106.Ql *
107as a pattern can be used to provide global
108defaults for all hosts.
109The host is usually the
110.Ar hostname
111argument given on the command line
112(see the
113.Cm CanonicalizeHostname
114keyword for exceptions).
115.Pp
116A pattern entry may be negated by prefixing it with an exclamation mark
117.Pq Sq !\& .
118If a negated entry is matched, then the
119.Cm Host
120entry is ignored, regardless of whether any other patterns on the line
121match.
122Negated matches are therefore useful to provide exceptions for wildcard
123matches.
124.Pp
125See
126.Sx PATTERNS
127for more information on patterns.
128.It Cm Match
129Restricts the following declarations (up to the next
130.Cm Host
131or
132.Cm Match
133keyword) to be used only when the conditions following the
134.Cm Match
135keyword are satisfied.
136Match conditions are specified using one or more criteria
137or the single token
138.Cm all
139which always matches.
140The available criteria keywords are:
141.Cm canonical ,
142.Cm final ,
143.Cm exec ,
144.Cm host ,
145.Cm originalhost ,
146.Cm user ,
147and
148.Cm localuser .
149The
150.Cm all
151criteria must appear alone or immediately after
152.Cm canonical
153or
154.Cm final .
155Other criteria may be combined arbitrarily.
156All criteria but
157.Cm all ,
158.Cm canonical ,
159and
160.Cm final
161require an argument.
162Criteria may be negated by prepending an exclamation mark
163.Pq Sq !\& .
164.Pp
165The
166.Cm canonical
167keyword matches only when the configuration file is being re-parsed
168after hostname canonicalization (see the
169.Cm CanonicalizeHostname
170option).
171This may be useful to specify conditions that work with canonical host
172names only.
173.Pp
174The
175.Cm final
176keyword requests that the configuration be re-parsed (regardless of whether
177.Cm CanonicalizeHostname
178is enabled), and matches only during this final pass.
179If
180.Cm CanonicalizeHostname
181is enabled, then
182.Cm canonical
183and
184.Cm final
185match during the same pass.
186.Pp
187The
188.Cm exec
189keyword executes the specified command under the user's shell.
190If the command returns a zero exit status then the condition is considered true.
191Commands containing whitespace characters must be quoted.
192Arguments to
193.Cm exec
194accept the tokens described in the
195.Sx TOKENS
196section.
197.Pp
198The other keywords' criteria must be single entries or comma-separated
199lists and may use the wildcard and negation operators described in the
200.Sx PATTERNS
201section.
202The criteria for the
203.Cm host
204keyword are matched against the target hostname, after any substitution
205by the
206.Cm Hostname
207or
208.Cm CanonicalizeHostname
209options.
210The
211.Cm originalhost
212keyword matches against the hostname as it was specified on the command-line.
213The
214.Cm user
215keyword matches against the target username on the remote host.
216The
217.Cm localuser
218keyword matches against the name of the local user running
219.Xr ssh 1
220(this keyword may be useful in system-wide
221.Nm
222files).
223.It Cm AddKeysToAgent
224Specifies whether keys should be automatically added to a running
225.Xr ssh-agent 1 .
226If this option is set to
227.Cm yes
228and a key is loaded from a file, the key and its passphrase are added to
229the agent with the default lifetime, as if by
230.Xr ssh-add 1 .
231If this option is set to
232.Cm ask ,
233.Xr ssh 1
234will require confirmation using the
235.Ev SSH_ASKPASS
236program before adding a key (see
237.Xr ssh-add 1
238for details).
239If this option is set to
240.Cm confirm ,
241each use of the key must be confirmed, as if the
242.Fl c
243option was specified to
244.Xr ssh-add 1 .
245If this option is set to
246.Cm no ,
247no keys are added to the agent.
248Alternately, this option may be specified as a time interval
249using the format described in the
250.Sx TIME FORMATS
251section of
252.Xr sshd_config 5
253to specify the key's lifetime in
254.Xr ssh-agent 1 ,
255after which it will automatically be removed.
256The argument must be
257.Cm no
258(the default),
259.Cm yes ,
260.Cm confirm
261(optionally followed by a time interval),
262.Cm ask
263or a time interval.
264.It Cm AddressFamily
265Specifies which address family to use when connecting.
266Valid arguments are
267.Cm any
268(the default),
269.Cm inet
270(use IPv4 only), or
271.Cm inet6
272(use IPv6 only).
273.It Cm BatchMode
274If set to
275.Cm yes ,
276user interaction such as password prompts and host key confirmation requests
277will be disabled.
278This option is useful in scripts and other batch jobs where no user
279is present to interact with
280.Xr ssh 1 .
281The argument must be
282.Cm yes
283or
284.Cm no
285(the default).
286.It Cm BindAddress
287Use the specified address on the local machine as the source address of
288the connection.
289Only useful on systems with more than one address.
290.It Cm BindInterface
291Use the address of the specified interface on the local machine as the
292source address of the connection.
293.It Cm CanonicalDomains
294When
295.Cm CanonicalizeHostname
296is enabled, this option specifies the list of domain suffixes in which to
297search for the specified destination host.
298.It Cm CanonicalizeFallbackLocal
299Specifies whether to fail with an error when hostname canonicalization fails.
300The default,
301.Cm yes ,
302will attempt to look up the unqualified hostname using the system resolver's
303search rules.
304A value of
305.Cm no
306will cause
307.Xr ssh 1
308to fail instantly if
309.Cm CanonicalizeHostname
310is enabled and the target hostname cannot be found in any of the domains
311specified by
312.Cm CanonicalDomains .
313.It Cm CanonicalizeHostname
314Controls whether explicit hostname canonicalization is performed.
315The default,
316.Cm no ,
317is not to perform any name rewriting and let the system resolver handle all
318hostname lookups.
319If set to
320.Cm yes
321then, for connections that do not use a
322.Cm ProxyCommand
323or
324.Cm ProxyJump ,
325.Xr ssh 1
326will attempt to canonicalize the hostname specified on the command line
327using the
328.Cm CanonicalDomains
329suffixes and
330.Cm CanonicalizePermittedCNAMEs
331rules.
332If
333.Cm CanonicalizeHostname
334is set to
335.Cm always ,
336then canonicalization is applied to proxied connections too.
337.Pp
338If this option is enabled, then the configuration files are processed
339again using the new target name to pick up any new configuration in matching
340.Cm Host
341and
342.Cm Match
343stanzas.
344A value of
345.Cm none
346disables the use of a
347.Cm ProxyJump
348host.
349.It Cm CanonicalizeMaxDots
350Specifies the maximum number of dot characters in a hostname before
351canonicalization is disabled.
352The default, 1,
353allows a single dot (i.e. hostname.subdomain).
354.It Cm CanonicalizePermittedCNAMEs
355Specifies rules to determine whether CNAMEs should be followed when
356canonicalizing hostnames.
357The rules consist of one or more arguments of
358.Ar source_domain_list : Ns Ar target_domain_list ,
359where
360.Ar source_domain_list
361is a pattern-list of domains that may follow CNAMEs in canonicalization,
362and
363.Ar target_domain_list
364is a pattern-list of domains that they may resolve to.
365.Pp
366For example,
367.Qq *.a.example.com:*.b.example.com,*.c.example.com
368will allow hostnames matching
369.Qq *.a.example.com
370to be canonicalized to names in the
371.Qq *.b.example.com
372or
373.Qq *.c.example.com
374domains.
375.Pp
376A single argument of
377.Qq none
378causes no CNAMEs to be considered for canonicalization.
379This is the default behaviour.
380.It Cm CASignatureAlgorithms
381Specifies which algorithms are allowed for signing of certificates
382by certificate authorities (CAs).
383The default is:
384.Bd -literal -offset indent
385ssh-ed25519,ecdsa-sha2-nistp256,
386ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
387sk-ssh-ed25519@openssh.com,
388sk-ecdsa-sha2-nistp256@openssh.com,
389rsa-sha2-512,rsa-sha2-256
390.Ed
391.Pp
392If the specified list begins with a
393.Sq +
394character, then the specified algorithms will be appended to the default set
395instead of replacing them.
396If the specified list begins with a
397.Sq -
398character, then the specified algorithms (including wildcards) will be removed
399from the default set instead of replacing them.
400.Pp
401.Xr ssh 1
402will not accept host certificates signed using algorithms other than those
403specified.
404.It Cm CertificateFile
405Specifies a file from which the user's certificate is read.
406A corresponding private key must be provided separately in order
407to use this certificate either
408from an
409.Cm IdentityFile
410directive or
411.Fl i
412flag to
413.Xr ssh 1 ,
414via
415.Xr ssh-agent 1 ,
416or via a
417.Cm PKCS11Provider
418or
419.Cm SecurityKeyProvider .
420.Pp
421Arguments to
422.Cm CertificateFile
423may use the tilde syntax to refer to a user's home directory,
424the tokens described in the
425.Sx TOKENS
426section and environment variables as described in the
427.Sx ENVIRONMENT VARIABLES
428section.
429.Pp
430It is possible to have multiple certificate files specified in
431configuration files; these certificates will be tried in sequence.
432Multiple
433.Cm CertificateFile
434directives will add to the list of certificates used for
435authentication.
436.It Cm CheckHostIP
437If set to
438.Cm yes ,
439.Xr ssh 1
440will additionally check the host IP address in the
441.Pa known_hosts
442file.
443This allows it to detect if a host key changed due to DNS spoofing
444and will add addresses of destination hosts to
445.Pa ~/.ssh/known_hosts
446in the process, regardless of the setting of
447.Cm StrictHostKeyChecking .
448If the option is set to
449.Cm no
450(the default),
451the check will not be executed.
452The default is
453.Cm no .
454.It Cm Ciphers
455Specifies the ciphers allowed and their order of preference.
456Multiple ciphers must be comma-separated.
457If the specified list begins with a
458.Sq +
459character, then the specified ciphers will be appended to the default set
460instead of replacing them.
461If the specified list begins with a
462.Sq -
463character, then the specified ciphers (including wildcards) will be removed
464from the default set instead of replacing them.
465If the specified list begins with a
466.Sq ^
467character, then the specified ciphers will be placed at the head of the
468default set.
469.Pp
470The supported ciphers are:
471.Bd -literal -offset indent
4723des-cbc
473aes128-cbc
474aes192-cbc
475aes256-cbc
476aes128-ctr
477aes192-ctr
478aes256-ctr
479aes128-gcm@openssh.com
480aes256-gcm@openssh.com
481chacha20-poly1305@openssh.com
482.Ed
483.Pp
484The default is:
485.Bd -literal -offset indent
486chacha20-poly1305@openssh.com,
487aes128-ctr,aes192-ctr,aes256-ctr,
488aes128-gcm@openssh.com,aes256-gcm@openssh.com
489.Ed
490.Pp
491The list of available ciphers may also be obtained using
492.Qq ssh -Q cipher .
493.It Cm ClearAllForwardings
494Specifies that all local, remote, and dynamic port forwardings
495specified in the configuration files or on the command line be
496cleared.
497This option is primarily useful when used from the
498.Xr ssh 1
499command line to clear port forwardings set in
500configuration files, and is automatically set by
501.Xr scp 1
502and
503.Xr sftp 1 .
504The argument must be
505.Cm yes
506or
507.Cm no
508(the default).
509.It Cm Compression
510Specifies whether to use compression.
511The argument must be
512.Cm yes
513or
514.Cm no
515(the default).
516.It Cm ConnectionAttempts
517Specifies the number of tries (one per second) to make before exiting.
518The argument must be an integer.
519This may be useful in scripts if the connection sometimes fails.
520The default is 1.
521.It Cm ConnectTimeout
522Specifies the timeout (in seconds) used when connecting to the
523SSH server, instead of using the default system TCP timeout.
524This timeout is applied both to establishing the connection and to performing
525the initial SSH protocol handshake and key exchange.
526.It Cm ControlMaster
527Enables the sharing of multiple sessions over a single network connection.
528When set to
529.Cm yes ,
530.Xr ssh 1
531will listen for connections on a control socket specified using the
532.Cm ControlPath
533argument.
534Additional sessions can connect to this socket using the same
535.Cm ControlPath
536with
537.Cm ControlMaster
538set to
539.Cm no
540(the default).
541These sessions will try to reuse the master instance's network connection
542rather than initiating new ones, but will fall back to connecting normally
543if the control socket does not exist, or is not listening.
544.Pp
545Setting this to
546.Cm ask
547will cause
548.Xr ssh 1
549to listen for control connections, but require confirmation using
550.Xr ssh-askpass 1 .
551If the
552.Cm ControlPath
553cannot be opened,
554.Xr ssh 1
555will continue without connecting to a master instance.
556.Pp
557X11 and
558.Xr ssh-agent 1
559forwarding is supported over these multiplexed connections, however the
560display and agent forwarded will be the one belonging to the master
561connection i.e. it is not possible to forward multiple displays or agents.
562.Pp
563Two additional options allow for opportunistic multiplexing: try to use a
564master connection but fall back to creating a new one if one does not already
565exist.
566These options are:
567.Cm auto
568and
569.Cm autoask .
570The latter requires confirmation like the
571.Cm ask
572option.
573.It Cm ControlPath
574Specify the path to the control socket used for connection sharing as described
575in the
576.Cm ControlMaster
577section above or the string
578.Cm none
579to disable connection sharing.
580Arguments to
581.Cm ControlPath
582may use the tilde syntax to refer to a user's home directory,
583the tokens described in the
584.Sx TOKENS
585section and environment variables as described in the
586.Sx ENVIRONMENT VARIABLES
587section.
588It is recommended that any
589.Cm ControlPath
590used for opportunistic connection sharing include
591at least %h, %p, and %r (or alternatively %C) and be placed in a directory
592that is not writable by other users.
593This ensures that shared connections are uniquely identified.
594.It Cm ControlPersist
595When used in conjunction with
596.Cm ControlMaster ,
597specifies that the master connection should remain open
598in the background (waiting for future client connections)
599after the initial client connection has been closed.
600If set to
601.Cm no
602(the default),
603then the master connection will not be placed into the background,
604and will close as soon as the initial client connection is closed.
605If set to
606.Cm yes
607or 0,
608then the master connection will remain in the background indefinitely
609(until killed or closed via a mechanism such as the
610.Qq ssh -O exit ) .
611If set to a time in seconds, or a time in any of the formats documented in
612.Xr sshd_config 5 ,
613then the backgrounded master connection will automatically terminate
614after it has remained idle (with no client connections) for the
615specified time.
616.It Cm DynamicForward
617Specifies that a TCP port on the local machine be forwarded
618over the secure channel, and the application
619protocol is then used to determine where to connect to from the
620remote machine.
621.Pp
622The argument must be
623.Sm off
624.Oo Ar bind_address : Oc Ar port .
625.Sm on
626IPv6 addresses can be specified by enclosing addresses in square brackets.
627By default, the local port is bound in accordance with the
628.Cm GatewayPorts
629setting.
630However, an explicit
631.Ar bind_address
632may be used to bind the connection to a specific address.
633The
634.Ar bind_address
635of
636.Cm localhost
637indicates that the listening port be bound for local use only, while an
638empty address or
639.Sq *
640indicates that the port should be available from all interfaces.
641.Pp
642Currently the SOCKS4 and SOCKS5 protocols are supported, and
643.Xr ssh 1
644will act as a SOCKS server.
645Multiple forwardings may be specified, and
646additional forwardings can be given on the command line.
647Only the superuser can forward privileged ports.
648.It Cm EnableSSHKeysign
649Setting this option to
650.Cm yes
651in the global client configuration file
652.Pa /etc/ssh/ssh_config
653enables the use of the helper program
654.Xr ssh-keysign 8
655during
656.Cm HostbasedAuthentication .
657The argument must be
658.Cm yes
659or
660.Cm no
661(the default).
662This option should be placed in the non-hostspecific section.
663See
664.Xr ssh-keysign 8
665for more information.
666.It Cm EscapeChar
667Sets the escape character (default:
668.Ql ~ ) .
669The escape character can also
670be set on the command line.
671The argument should be a single character,
672.Ql ^
673followed by a letter, or
674.Cm none
675to disable the escape
676character entirely (making the connection transparent for binary
677data).
678.It Cm ExitOnForwardFailure
679Specifies whether
680.Xr ssh 1
681should terminate the connection if it cannot set up all requested
682dynamic, tunnel, local, and remote port forwardings, (e.g.\&
683if either end is unable to bind and listen on a specified port).
684Note that
685.Cm ExitOnForwardFailure
686does not apply to connections made over port forwardings and will not,
687for example, cause
688.Xr ssh 1
689to exit if TCP connections to the ultimate forwarding destination fail.
690The argument must be
691.Cm yes
692or
693.Cm no
694(the default).
695.It Cm FingerprintHash
696Specifies the hash algorithm used when displaying key fingerprints.
697Valid options are:
698.Cm md5
699and
700.Cm sha256
701(the default).
702.It Cm ForkAfterAuthentication
703Requests
704.Nm ssh
705to go to background just before command execution.
706This is useful if
707.Nm ssh
708is going to ask for passwords or passphrases, but the user
709wants it in the background.
710This implies the
711.Cm StdinNull
712configuration option being set to
713.Dq yes .
714The recommended way to start X11 programs at a remote site is with
715something like
716.Ic ssh -f host xterm ,
717which is the same as
718.Ic ssh host xterm
719if the
720.Cm ForkAfterAuthentication
721configuration option is set to
722.Dq yes .
723.Pp
724If the
725.Cm ExitOnForwardFailure
726configuration option is set to
727.Dq yes ,
728then a client started with the
729.Cm ForkAfterAuthentication
730configuration option being set to
731.Dq yes
732will wait for all remote port forwards to be successfully established
733before placing itself in the background.
734The argument to this keyword must be
735.Cm yes
736(same as the
737.Fl f
738option) or
739.Cm no
740(the default).
741.It Cm ForwardAgent
742Specifies whether the connection to the authentication agent (if any)
743will be forwarded to the remote machine.
744The argument may be
745.Cm yes ,
746.Cm no
747(the default),
748an explicit path to an agent socket or the name of an environment variable
749(beginning with
750.Sq $ )
751in which to find the path.
752.Pp
753Agent forwarding should be enabled with caution.
754Users with the ability to bypass file permissions on the remote host
755(for the agent's Unix-domain socket)
756can access the local agent through the forwarded connection.
757An attacker cannot obtain key material from the agent,
758however they can perform operations on the keys that enable them to
759authenticate using the identities loaded into the agent.
760.It Cm ForwardX11
761Specifies whether X11 connections will be automatically redirected
762over the secure channel and
763.Ev DISPLAY
764set.
765The argument must be
766.Cm yes
767or
768.Cm no
769(the default).
770.Pp
771X11 forwarding should be enabled with caution.
772Users with the ability to bypass file permissions on the remote host
773(for the user's X11 authorization database)
774can access the local X11 display through the forwarded connection.
775An attacker may then be able to perform activities such as keystroke monitoring
776if the
777.Cm ForwardX11Trusted
778option is also enabled.
779.It Cm ForwardX11Timeout
780Specify a timeout for untrusted X11 forwarding
781using the format described in the
782.Sx TIME FORMATS
783section of
784.Xr sshd_config 5 .
785X11 connections received by
786.Xr ssh 1
787after this time will be refused.
788Setting
789.Cm ForwardX11Timeout
790to zero will disable the timeout and permit X11 forwarding for the life
791of the connection.
792The default is to disable untrusted X11 forwarding after twenty minutes has
793elapsed.
794.It Cm ForwardX11Trusted
795If this option is set to
796.Cm yes ,
797remote X11 clients will have full access to the original X11 display.
798.Pp
799If this option is set to
800.Cm no
801(the default),
802remote X11 clients will be considered untrusted and prevented
803from stealing or tampering with data belonging to trusted X11
804clients.
805Furthermore, the
806.Xr xauth 1
807token used for the session will be set to expire after 20 minutes.
808Remote clients will be refused access after this time.
809.Pp
810See the X11 SECURITY extension specification for full details on
811the restrictions imposed on untrusted clients.
812.It Cm GatewayPorts
813Specifies whether remote hosts are allowed to connect to local
814forwarded ports.
815By default,
816.Xr ssh 1
817binds local port forwardings to the loopback address.
818This prevents other remote hosts from connecting to forwarded ports.
819.Cm GatewayPorts
820can be used to specify that ssh
821should bind local port forwardings to the wildcard address,
822thus allowing remote hosts to connect to forwarded ports.
823The argument must be
824.Cm yes
825or
826.Cm no
827(the default).
828.It Cm GlobalKnownHostsFile
829Specifies one or more files to use for the global
830host key database, separated by whitespace.
831The default is
832.Pa /etc/ssh/ssh_known_hosts ,
833.Pa /etc/ssh/ssh_known_hosts2 .
834.It Cm GSSAPIAuthentication
835Specifies whether user authentication based on GSSAPI is allowed.
836The default is
837.Cm no .
838.It Cm GSSAPIDelegateCredentials
839Forward (delegate) credentials to the server.
840The default is
841.Cm no .
842.It Cm HashKnownHosts
843Indicates that
844.Xr ssh 1
845should hash host names and addresses when they are added to
846.Pa ~/.ssh/known_hosts .
847These hashed names may be used normally by
848.Xr ssh 1
849and
850.Xr sshd 8 ,
851but they do not visually reveal identifying information if the
852file's contents are disclosed.
853The default is
854.Cm no .
855Note that existing names and addresses in known hosts files
856will not be converted automatically,
857but may be manually hashed using
858.Xr ssh-keygen 1 .
859.It Cm HostbasedAcceptedAlgorithms
860Specifies the signature algorithms that will be used for hostbased
861authentication as a comma-separated list of patterns.
862Alternately if the specified list begins with a
863.Sq +
864character, then the specified signature algorithms will be appended
865to the default set instead of replacing them.
866If the specified list begins with a
867.Sq -
868character, then the specified signature algorithms (including wildcards)
869will be removed from the default set instead of replacing them.
870If the specified list begins with a
871.Sq ^
872character, then the specified signature algorithms will be placed
873at the head of the default set.
874The default for this option is:
875.Bd -literal -offset 3n
876ssh-ed25519-cert-v01@openssh.com,
877ecdsa-sha2-nistp256-cert-v01@openssh.com,
878ecdsa-sha2-nistp384-cert-v01@openssh.com,
879ecdsa-sha2-nistp521-cert-v01@openssh.com,
880sk-ssh-ed25519-cert-v01@openssh.com,
881sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,
882rsa-sha2-512-cert-v01@openssh.com,
883rsa-sha2-256-cert-v01@openssh.com,
884ssh-ed25519,
885ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
886sk-ssh-ed25519@openssh.com,
887sk-ecdsa-sha2-nistp256@openssh.com,
888rsa-sha2-512,rsa-sha2-256
889.Ed
890.Pp
891The
892.Fl Q
893option of
894.Xr ssh 1
895may be used to list supported signature algorithms.
896This was formerly named HostbasedKeyTypes.
897.It Cm HostbasedAuthentication
898Specifies whether to try rhosts based authentication with public key
899authentication.
900The argument must be
901.Cm yes
902or
903.Cm no
904(the default).
905.It Cm HostKeyAlgorithms
906Specifies the host key signature algorithms
907that the client wants to use in order of preference.
908Alternately if the specified list begins with a
909.Sq +
910character, then the specified signature algorithms will be appended to
911the default set instead of replacing them.
912If the specified list begins with a
913.Sq -
914character, then the specified signature algorithms (including wildcards)
915will be removed from the default set instead of replacing them.
916If the specified list begins with a
917.Sq ^
918character, then the specified signature algorithms will be placed
919at the head of the default set.
920The default for this option is:
921.Bd -literal -offset 3n
922ssh-ed25519-cert-v01@openssh.com,
923ecdsa-sha2-nistp256-cert-v01@openssh.com,
924ecdsa-sha2-nistp384-cert-v01@openssh.com,
925ecdsa-sha2-nistp521-cert-v01@openssh.com,
926sk-ssh-ed25519-cert-v01@openssh.com,
927sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,
928rsa-sha2-512-cert-v01@openssh.com,
929rsa-sha2-256-cert-v01@openssh.com,
930ssh-ed25519,
931ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
932sk-ecdsa-sha2-nistp256@openssh.com,
933sk-ssh-ed25519@openssh.com,
934rsa-sha2-512,rsa-sha2-256
935.Ed
936.Pp
937If hostkeys are known for the destination host then this default is modified
938to prefer their algorithms.
939.Pp
940The list of available signature algorithms may also be obtained using
941.Qq ssh -Q HostKeyAlgorithms .
942.It Cm HostKeyAlias
943Specifies an alias that should be used instead of the
944real host name when looking up or saving the host key
945in the host key database files and when validating host certificates.
946This option is useful for tunneling SSH connections
947or for multiple servers running on a single host.
948.It Cm Hostname
949Specifies the real host name to log into.
950This can be used to specify nicknames or abbreviations for hosts.
951Arguments to
952.Cm Hostname
953accept the tokens described in the
954.Sx TOKENS
955section.
956Numeric IP addresses are also permitted (both on the command line and in
957.Cm Hostname
958specifications).
959The default is the name given on the command line.
960.It Cm IdentitiesOnly
961Specifies that
962.Xr ssh 1
963should only use the configured authentication identity and certificate files
964(either the default files, or those explicitly configured in the
965.Nm
966files
967or passed on the
968.Xr ssh 1
969command-line),
970even if
971.Xr ssh-agent 1
972or a
973.Cm PKCS11Provider
974or
975.Cm SecurityKeyProvider
976offers more identities.
977The argument to this keyword must be
978.Cm yes
979or
980.Cm no
981(the default).
982This option is intended for situations where ssh-agent
983offers many different identities.
984.It Cm IdentityAgent
985Specifies the
986.Ux Ns -domain
987socket used to communicate with the authentication agent.
988.Pp
989This option overrides the
990.Ev SSH_AUTH_SOCK
991environment variable and can be used to select a specific agent.
992Setting the socket name to
993.Cm none
994disables the use of an authentication agent.
995If the string
996.Qq SSH_AUTH_SOCK
997is specified, the location of the socket will be read from the
998.Ev SSH_AUTH_SOCK
999environment variable.
1000Otherwise if the specified value begins with a
1001.Sq $
1002character, then it will be treated as an environment variable containing
1003the location of the socket.
1004.Pp
1005Arguments to
1006.Cm IdentityAgent
1007may use the tilde syntax to refer to a user's home directory,
1008the tokens described in the
1009.Sx TOKENS
1010section and environment variables as described in the
1011.Sx ENVIRONMENT VARIABLES
1012section.
1013.It Cm IdentityFile
1014Specifies a file from which the user's DSA, ECDSA, authenticator-hosted ECDSA,
1015Ed25519, authenticator-hosted Ed25519 or RSA authentication identity is read.
1016The default is
1017.Pa ~/.ssh/id_rsa ,
1018.Pa ~/.ssh/id_ecdsa ,
1019.Pa ~/.ssh/id_ecdsa_sk ,
1020.Pa ~/.ssh/id_ed25519 ,
1021.Pa ~/.ssh/id_ed25519_sk
1022and
1023.Pa ~/.ssh/id_dsa .
1024Additionally, any identities represented by the authentication agent
1025will be used for authentication unless
1026.Cm IdentitiesOnly
1027is set.
1028If no certificates have been explicitly specified by
1029.Cm CertificateFile ,
1030.Xr ssh 1
1031will try to load certificate information from the filename obtained by
1032appending
1033.Pa -cert.pub
1034to the path of a specified
1035.Cm IdentityFile .
1036.Pp
1037Arguments to
1038.Cm IdentityFile
1039may use the tilde syntax to refer to a user's home directory
1040or the tokens described in the
1041.Sx TOKENS
1042section.
1043.Pp
1044It is possible to have
1045multiple identity files specified in configuration files; all these
1046identities will be tried in sequence.
1047Multiple
1048.Cm IdentityFile
1049directives will add to the list of identities tried (this behaviour
1050differs from that of other configuration directives).
1051.Pp
1052.Cm IdentityFile
1053may be used in conjunction with
1054.Cm IdentitiesOnly
1055to select which identities in an agent are offered during authentication.
1056.Cm IdentityFile
1057may also be used in conjunction with
1058.Cm CertificateFile
1059in order to provide any certificate also needed for authentication with
1060the identity.
1061.It Cm IgnoreUnknown
1062Specifies a pattern-list of unknown options to be ignored if they are
1063encountered in configuration parsing.
1064This may be used to suppress errors if
1065.Nm
1066contains options that are unrecognised by
1067.Xr ssh 1 .
1068It is recommended that
1069.Cm IgnoreUnknown
1070be listed early in the configuration file as it will not be applied
1071to unknown options that appear before it.
1072.It Cm Include
1073Include the specified configuration file(s).
1074Multiple pathnames may be specified and each pathname may contain
1075.Xr glob 7
1076wildcards and, for user configurations, shell-like
1077.Sq ~
1078references to user home directories.
1079Wildcards will be expanded and processed in lexical order.
1080Files without absolute paths are assumed to be in
1081.Pa ~/.ssh
1082if included in a user configuration file or
1083.Pa /etc/ssh
1084if included from the system configuration file.
1085.Cm Include
1086directive may appear inside a
1087.Cm Match
1088or
1089.Cm Host
1090block
1091to perform conditional inclusion.
1092.It Cm IPQoS
1093Specifies the IPv4 type-of-service or DSCP class for connections.
1094Accepted values are
1095.Cm af11 ,
1096.Cm af12 ,
1097.Cm af13 ,
1098.Cm af21 ,
1099.Cm af22 ,
1100.Cm af23 ,
1101.Cm af31 ,
1102.Cm af32 ,
1103.Cm af33 ,
1104.Cm af41 ,
1105.Cm af42 ,
1106.Cm af43 ,
1107.Cm cs0 ,
1108.Cm cs1 ,
1109.Cm cs2 ,
1110.Cm cs3 ,
1111.Cm cs4 ,
1112.Cm cs5 ,
1113.Cm cs6 ,
1114.Cm cs7 ,
1115.Cm ef ,
1116.Cm le ,
1117.Cm lowdelay ,
1118.Cm throughput ,
1119.Cm reliability ,
1120a numeric value, or
1121.Cm none
1122to use the operating system default.
1123This option may take one or two arguments, separated by whitespace.
1124If one argument is specified, it is used as the packet class unconditionally.
1125If two values are specified, the first is automatically selected for
1126interactive sessions and the second for non-interactive sessions.
1127The default is
1128.Cm af21
1129(Low-Latency Data)
1130for interactive sessions and
1131.Cm cs1
1132(Lower Effort)
1133for non-interactive sessions.
1134.It Cm KbdInteractiveAuthentication
1135Specifies whether to use keyboard-interactive authentication.
1136The argument to this keyword must be
1137.Cm yes
1138(the default)
1139or
1140.Cm no .
1141.Cm ChallengeResponseAuthentication
1142is a deprecated alias for this.
1143.It Cm KbdInteractiveDevices
1144Specifies the list of methods to use in keyboard-interactive authentication.
1145Multiple method names must be comma-separated.
1146The default is to use the server specified list.
1147The methods available vary depending on what the server supports.
1148For an OpenSSH server,
1149it may be zero or more of:
1150.Cm bsdauth
1151and
1152.Cm pam .
1153.It Cm KexAlgorithms
1154Specifies the available KEX (Key Exchange) algorithms.
1155Multiple algorithms must be comma-separated.
1156If the specified list begins with a
1157.Sq +
1158character, then the specified algorithms will be appended to the default set
1159instead of replacing them.
1160If the specified list begins with a
1161.Sq -
1162character, then the specified algorithms (including wildcards) will be removed
1163from the default set instead of replacing them.
1164If the specified list begins with a
1165.Sq ^
1166character, then the specified algorithms will be placed at the head of the
1167default set.
1168The default is:
1169.Bd -literal -offset indent
1170sntrup761x25519-sha512@openssh.com,
1171curve25519-sha256,curve25519-sha256@libssh.org,
1172ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,
1173diffie-hellman-group-exchange-sha256,
1174diffie-hellman-group16-sha512,
1175diffie-hellman-group18-sha512,
1176diffie-hellman-group14-sha256
1177.Ed
1178.Pp
1179The list of available key exchange algorithms may also be obtained using
1180.Qq ssh -Q kex .
1181.It Cm KnownHostsCommand
1182Specifies a command to use to obtain a list of host keys, in addition to
1183those listed in
1184.Cm UserKnownHostsFile
1185and
1186.Cm GlobalKnownHostsFile .
1187This command is executed after the files have been read.
1188It may write host key lines to standard output in identical format to the
1189usual files (described in the
1190.Sx VERIFYING HOST KEYS
1191section in
1192.Xr ssh 1 ) .
1193Arguments to
1194.Cm KnownHostsCommand
1195accept the tokens described in the
1196.Sx TOKENS
1197section.
1198The command may be invoked multiple times per connection: once when preparing
1199the preference list of host key algorithms to use, again to obtain the
1200host key for the requested host name and, if
1201.Cm CheckHostIP
1202is enabled, one more time to obtain the host key matching the server's
1203address.
1204If the command exits abnormally or returns a non-zero exit status then the
1205connection is terminated.
1206.It Cm LocalCommand
1207Specifies a command to execute on the local machine after successfully
1208connecting to the server.
1209The command string extends to the end of the line, and is executed with
1210the user's shell.
1211Arguments to
1212.Cm LocalCommand
1213accept the tokens described in the
1214.Sx TOKENS
1215section.
1216.Pp
1217The command is run synchronously and does not have access to the
1218session of the
1219.Xr ssh 1
1220that spawned it.
1221It should not be used for interactive commands.
1222.Pp
1223This directive is ignored unless
1224.Cm PermitLocalCommand
1225has been enabled.
1226.It Cm LocalForward
1227Specifies that a TCP port on the local machine be forwarded over
1228the secure channel to the specified host and port from the remote machine.
1229The first argument specifies the listener and may be
1230.Sm off
1231.Oo Ar bind_address : Oc Ar port
1232.Sm on
1233or a Unix domain socket path.
1234The second argument is the destination and may be
1235.Ar host : Ns Ar hostport
1236or a Unix domain socket path if the remote host supports it.
1237.Pp
1238IPv6 addresses can be specified by enclosing addresses in square brackets.
1239Multiple forwardings may be specified, and additional forwardings can be
1240given on the command line.
1241Only the superuser can forward privileged ports.
1242By default, the local port is bound in accordance with the
1243.Cm GatewayPorts
1244setting.
1245However, an explicit
1246.Ar bind_address
1247may be used to bind the connection to a specific address.
1248The
1249.Ar bind_address
1250of
1251.Cm localhost
1252indicates that the listening port be bound for local use only, while an
1253empty address or
1254.Sq *
1255indicates that the port should be available from all interfaces.
1256Unix domain socket paths may use the tokens described in the
1257.Sx TOKENS
1258section and environment variables as described in the
1259.Sx ENVIRONMENT VARIABLES
1260section.
1261.It Cm LogLevel
1262Gives the verbosity level that is used when logging messages from
1263.Xr ssh 1 .
1264The possible values are:
1265QUIET, FATAL, ERROR, INFO, VERBOSE, DEBUG, DEBUG1, DEBUG2, and DEBUG3.
1266The default is INFO.
1267DEBUG and DEBUG1 are equivalent.
1268DEBUG2 and DEBUG3 each specify higher levels of verbose output.
1269.It Cm LogVerbose
1270Specify one or more overrides to LogLevel.
1271An override consists of a pattern lists that matches the source file, function
1272and line number to force detailed logging for.
1273For example, an override pattern of:
1274.Bd -literal -offset indent
1275kex.c:*:1000,*:kex_exchange_identification():*,packet.c:*
1276.Ed
1277.Pp
1278would enable detailed logging for line 1000 of
1279.Pa kex.c ,
1280everything in the
1281.Fn kex_exchange_identification
1282function, and all code in the
1283.Pa packet.c
1284file.
1285This option is intended for debugging and no overrides are enabled by default.
1286.It Cm MACs
1287Specifies the MAC (message authentication code) algorithms
1288in order of preference.
1289The MAC algorithm is used for data integrity protection.
1290Multiple algorithms must be comma-separated.
1291If the specified list begins with a
1292.Sq +
1293character, then the specified algorithms will be appended to the default set
1294instead of replacing them.
1295If the specified list begins with a
1296.Sq -
1297character, then the specified algorithms (including wildcards) will be removed
1298from the default set instead of replacing them.
1299If the specified list begins with a
1300.Sq ^
1301character, then the specified algorithms will be placed at the head of the
1302default set.
1303.Pp
1304The algorithms that contain
1305.Qq -etm
1306calculate the MAC after encryption (encrypt-then-mac).
1307These are considered safer and their use recommended.
1308.Pp
1309The default is:
1310.Bd -literal -offset indent
1311umac-64-etm@openssh.com,umac-128-etm@openssh.com,
1312hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,
1313hmac-sha1-etm@openssh.com,
1314umac-64@openssh.com,umac-128@openssh.com,
1315hmac-sha2-256,hmac-sha2-512,hmac-sha1
1316.Ed
1317.Pp
1318The list of available MAC algorithms may also be obtained using
1319.Qq ssh -Q mac .
1320.It Cm NoHostAuthenticationForLocalhost
1321Disable host authentication for localhost (loopback addresses).
1322The argument to this keyword must be
1323.Cm yes
1324or
1325.Cm no
1326(the default).
1327.It Cm NumberOfPasswordPrompts
1328Specifies the number of password prompts before giving up.
1329The argument to this keyword must be an integer.
1330The default is 3.
1331.It Cm PasswordAuthentication
1332Specifies whether to use password authentication.
1333The argument to this keyword must be
1334.Cm yes
1335(the default)
1336or
1337.Cm no .
1338.It Cm PermitLocalCommand
1339Allow local command execution via the
1340.Ic LocalCommand
1341option or using the
1342.Ic !\& Ns Ar command
1343escape sequence in
1344.Xr ssh 1 .
1345The argument must be
1346.Cm yes
1347or
1348.Cm no
1349(the default).
1350.It Cm PermitRemoteOpen
1351Specifies the destinations to which remote TCP port forwarding is permitted when
1352.Cm RemoteForward
1353is used as a SOCKS proxy.
1354The forwarding specification must be one of the following forms:
1355.Pp
1356.Bl -item -offset indent -compact
1357.It
1358.Cm PermitRemoteOpen
1359.Sm off
1360.Ar host : port
1361.Sm on
1362.It
1363.Cm PermitRemoteOpen
1364.Sm off
1365.Ar IPv4_addr : port
1366.Sm on
1367.It
1368.Cm PermitRemoteOpen
1369.Sm off
1370.Ar \&[ IPv6_addr \&] : port
1371.Sm on
1372.El
1373.Pp
1374Multiple forwards may be specified by separating them with whitespace.
1375An argument of
1376.Cm any
1377can be used to remove all restrictions and permit any forwarding requests.
1378An argument of
1379.Cm none
1380can be used to prohibit all forwarding requests.
1381The wildcard
1382.Sq *
1383can be used for host or port to allow all hosts or ports respectively.
1384Otherwise, no pattern matching or address lookups are performed on supplied
1385names.
1386.It Cm PKCS11Provider
1387Specifies which PKCS#11 provider to use or
1388.Cm none
1389to indicate that no provider should be used (the default).
1390The argument to this keyword is a path to the PKCS#11 shared library
1391.Xr ssh 1
1392should use to communicate with a PKCS#11 token providing keys for user
1393authentication.
1394.It Cm Port
1395Specifies the port number to connect on the remote host.
1396The default is 22.
1397.It Cm PreferredAuthentications
1398Specifies the order in which the client should try authentication methods.
1399This allows a client to prefer one method (e.g.\&
1400.Cm keyboard-interactive )
1401over another method (e.g.\&
1402.Cm password ) .
1403The default is:
1404.Bd -literal -offset indent
1405gssapi-with-mic,hostbased,publickey,
1406keyboard-interactive,password
1407.Ed
1408.It Cm ProxyCommand
1409Specifies the command to use to connect to the server.
1410The command
1411string extends to the end of the line, and is executed
1412using the user's shell
1413.Ql exec
1414directive to avoid a lingering shell process.
1415.Pp
1416Arguments to
1417.Cm ProxyCommand
1418accept the tokens described in the
1419.Sx TOKENS
1420section.
1421The command can be basically anything,
1422and should read from its standard input and write to its standard output.
1423It should eventually connect an
1424.Xr sshd 8
1425server running on some machine, or execute
1426.Ic sshd -i
1427somewhere.
1428Host key management will be done using the
1429.Cm Hostname
1430of the host being connected (defaulting to the name typed by the user).
1431Setting the command to
1432.Cm none
1433disables this option entirely.
1434Note that
1435.Cm CheckHostIP
1436is not available for connects with a proxy command.
1437.Pp
1438This directive is useful in conjunction with
1439.Xr nc 1
1440and its proxy support.
1441For example, the following directive would connect via an HTTP proxy at
1442192.0.2.0:
1443.Bd -literal -offset 3n
1444ProxyCommand /usr/bin/nc -X connect -x 192.0.2.0:8080 %h %p
1445.Ed
1446.It Cm ProxyJump
1447Specifies one or more jump proxies as either
1448.Xo
1449.Sm off
1450.Op Ar user No @
1451.Ar host
1452.Op : Ns Ar port
1453.Sm on
1454or an ssh URI
1455.Xc .
1456Multiple proxies may be separated by comma characters and will be visited
1457sequentially.
1458Setting this option will cause
1459.Xr ssh 1
1460to connect to the target host by first making a
1461.Xr ssh 1
1462connection to the specified
1463.Cm ProxyJump
1464host and then establishing a
1465TCP forwarding to the ultimate target from there.
1466Setting the host to
1467.Cm none
1468disables this option entirely.
1469.Pp
1470Note that this option will compete with the
1471.Cm ProxyCommand
1472option - whichever is specified first will prevent later instances of the
1473other from taking effect.
1474.Pp
1475Note also that the configuration for the destination host (either supplied
1476via the command-line or the configuration file) is not generally applied
1477to jump hosts.
1478.Pa ~/.ssh/config
1479should be used if specific configuration is required for jump hosts.
1480.It Cm ProxyUseFdpass
1481Specifies that
1482.Cm ProxyCommand
1483will pass a connected file descriptor back to
1484.Xr ssh 1
1485instead of continuing to execute and pass data.
1486The default is
1487.Cm no .
1488.It Cm PubkeyAcceptedAlgorithms
1489Specifies the signature algorithms that will be used for public key
1490authentication as a comma-separated list of patterns.
1491If the specified list begins with a
1492.Sq +
1493character, then the algorithms after it will be appended to the default
1494instead of replacing it.
1495If the specified list begins with a
1496.Sq -
1497character, then the specified algorithms (including wildcards) will be removed
1498from the default set instead of replacing them.
1499If the specified list begins with a
1500.Sq ^
1501character, then the specified algorithms will be placed at the head of the
1502default set.
1503The default for this option is:
1504.Bd -literal -offset 3n
1505ssh-ed25519-cert-v01@openssh.com,
1506ecdsa-sha2-nistp256-cert-v01@openssh.com,
1507ecdsa-sha2-nistp384-cert-v01@openssh.com,
1508ecdsa-sha2-nistp521-cert-v01@openssh.com,
1509sk-ssh-ed25519-cert-v01@openssh.com,
1510sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,
1511rsa-sha2-512-cert-v01@openssh.com,
1512rsa-sha2-256-cert-v01@openssh.com,
1513ssh-ed25519,
1514ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
1515sk-ssh-ed25519@openssh.com,
1516sk-ecdsa-sha2-nistp256@openssh.com,
1517rsa-sha2-512,rsa-sha2-256
1518.Ed
1519.Pp
1520The list of available signature algorithms may also be obtained using
1521.Qq ssh -Q PubkeyAcceptedAlgorithms .
1522.It Cm PubkeyAuthentication
1523Specifies whether to try public key authentication.
1524The argument to this keyword must be
1525.Cm yes
1526(the default),
1527.Cm no ,
1528.Cm unbound
1529or
1530.Cm host-bound .
1531The final two options enable public key authentication while respectively
1532disabling or enabling the OpenSSH host-bound authentication protocol
1533extension required for restricted
1534.Xr ssh-agent 1
1535forwarding.
1536.It Cm RekeyLimit
1537Specifies the maximum amount of data that may be transmitted or received
1538before the session key is renegotiated, optionally followed by a maximum
1539amount of time that may pass before the session key is renegotiated.
1540The first argument is specified in bytes and may have a suffix of
1541.Sq K ,
1542.Sq M ,
1543or
1544.Sq G
1545to indicate Kilobytes, Megabytes, or Gigabytes, respectively.
1546The default is between
1547.Sq 1G
1548and
1549.Sq 4G ,
1550depending on the cipher.
1551The optional second value is specified in seconds and may use any of the
1552units documented in the TIME FORMATS section of
1553.Xr sshd_config 5 .
1554The default value for
1555.Cm RekeyLimit
1556is
1557.Cm default none ,
1558which means that rekeying is performed after the cipher's default amount
1559of data has been sent or received and no time based rekeying is done.
1560.It Cm RemoteCommand
1561Specifies a command to execute on the remote machine after successfully
1562connecting to the server.
1563The command string extends to the end of the line, and is executed with
1564the user's shell.
1565Arguments to
1566.Cm RemoteCommand
1567accept the tokens described in the
1568.Sx TOKENS
1569section.
1570.It Cm RemoteForward
1571Specifies that a TCP port on the remote machine be forwarded over
1572the secure channel.
1573The remote port may either be forwarded to a specified host and port
1574from the local machine, or may act as a SOCKS 4/5 proxy that allows a remote
1575client to connect to arbitrary destinations from the local machine.
1576The first argument is the listening specification and may be
1577.Sm off
1578.Oo Ar bind_address : Oc Ar port
1579.Sm on
1580or, if the remote host supports it, a Unix domain socket path.
1581If forwarding to a specific destination then the second argument must be
1582.Ar host : Ns Ar hostport
1583or a Unix domain socket path,
1584otherwise if no destination argument is specified then the remote forwarding
1585will be established as a SOCKS proxy.
1586When acting as a SOCKS proxy, the destination of the connection can be
1587restricted by
1588.Cm PermitRemoteOpen .
1589.Pp
1590IPv6 addresses can be specified by enclosing addresses in square brackets.
1591Multiple forwardings may be specified, and additional
1592forwardings can be given on the command line.
1593Privileged ports can be forwarded only when
1594logging in as root on the remote machine.
1595Unix domain socket paths may use the tokens described in the
1596.Sx TOKENS
1597section and environment variables as described in the
1598.Sx ENVIRONMENT VARIABLES
1599section.
1600.Pp
1601If the
1602.Ar port
1603argument is 0,
1604the listen port will be dynamically allocated on the server and reported
1605to the client at run time.
1606.Pp
1607If the
1608.Ar bind_address
1609is not specified, the default is to only bind to loopback addresses.
1610If the
1611.Ar bind_address
1612is
1613.Ql *
1614or an empty string, then the forwarding is requested to listen on all
1615interfaces.
1616Specifying a remote
1617.Ar bind_address
1618will only succeed if the server's
1619.Cm GatewayPorts
1620option is enabled (see
1621.Xr sshd_config 5 ) .
1622.It Cm RequestTTY
1623Specifies whether to request a pseudo-tty for the session.
1624The argument may be one of:
1625.Cm no
1626(never request a TTY),
1627.Cm yes
1628(always request a TTY when standard input is a TTY),
1629.Cm force
1630(always request a TTY) or
1631.Cm auto
1632(request a TTY when opening a login session).
1633This option mirrors the
1634.Fl t
1635and
1636.Fl T
1637flags for
1638.Xr ssh 1 .
1639.It Cm RequiredRSASize
1640Specifies the minimum RSA key size (in bits) that
1641.Xr ssh 1
1642will accept.
1643User authentication keys smaller than this limit will be ignored.
1644Servers that present host keys smaller than this limit will cause the
1645connection to be terminated.
1646The default is
1647.Cm 1024
1648bits.
1649Note that this limit may only be raised from the default.
1650.It Cm RevokedHostKeys
1651Specifies revoked host public keys.
1652Keys listed in this file will be refused for host authentication.
1653Note that if this file does not exist or is not readable,
1654then host authentication will be refused for all hosts.
1655Keys may be specified as a text file, listing one public key per line, or as
1656an OpenSSH Key Revocation List (KRL) as generated by
1657.Xr ssh-keygen 1 .
1658For more information on KRLs, see the KEY REVOCATION LISTS section in
1659.Xr ssh-keygen 1 .
1660.It Cm SecurityKeyProvider
1661Specifies a path to a library that will be used when loading any
1662FIDO authenticator-hosted keys, overriding the default of using
1663the built-in USB HID support.
1664.Pp
1665If the specified value begins with a
1666.Sq $
1667character, then it will be treated as an environment variable containing
1668the path to the library.
1669.It Cm SendEnv
1670Specifies what variables from the local
1671.Xr environ 7
1672should be sent to the server.
1673The server must also support it, and the server must be configured to
1674accept these environment variables.
1675Note that the
1676.Ev TERM
1677environment variable is always sent whenever a
1678pseudo-terminal is requested as it is required by the protocol.
1679Refer to
1680.Cm AcceptEnv
1681in
1682.Xr sshd_config 5
1683for how to configure the server.
1684Variables are specified by name, which may contain wildcard characters.
1685Multiple environment variables may be separated by whitespace or spread
1686across multiple
1687.Cm SendEnv
1688directives.
1689.Pp
1690See
1691.Sx PATTERNS
1692for more information on patterns.
1693.Pp
1694It is possible to clear previously set
1695.Cm SendEnv
1696variable names by prefixing patterns with
1697.Pa - .
1698The default is not to send any environment variables.
1699.It Cm ServerAliveCountMax
1700Sets the number of server alive messages (see below) which may be
1701sent without
1702.Xr ssh 1
1703receiving any messages back from the server.
1704If this threshold is reached while server alive messages are being sent,
1705ssh will disconnect from the server, terminating the session.
1706It is important to note that the use of server alive messages is very
1707different from
1708.Cm TCPKeepAlive
1709(below).
1710The server alive messages are sent through the encrypted channel
1711and therefore will not be spoofable.
1712The TCP keepalive option enabled by
1713.Cm TCPKeepAlive
1714is spoofable.
1715The server alive mechanism is valuable when the client or
1716server depend on knowing when a connection has become unresponsive.
1717.Pp
1718The default value is 3.
1719If, for example,
1720.Cm ServerAliveInterval
1721(see below) is set to 15 and
1722.Cm ServerAliveCountMax
1723is left at the default, if the server becomes unresponsive,
1724ssh will disconnect after approximately 45 seconds.
1725.It Cm ServerAliveInterval
1726Sets a timeout interval in seconds after which if no data has been received
1727from the server,
1728.Xr ssh 1
1729will send a message through the encrypted
1730channel to request a response from the server.
1731The default
1732is 0, indicating that these messages will not be sent to the server.
1733.It Cm SessionType
1734May be used to either request invocation of a subsystem on the remote system,
1735or to prevent the execution of a remote command at all.
1736The latter is useful for just forwarding ports.
1737The argument to this keyword must be
1738.Cm none
1739(same as the
1740.Fl N
1741option),
1742.Cm subsystem
1743(same as the
1744.Fl s
1745option) or
1746.Cm default
1747(shell or command execution).
1748.It Cm SetEnv
1749Directly specify one or more environment variables and their contents to
1750be sent to the server.
1751Similarly to
1752.Cm SendEnv ,
1753with the exception of the
1754.Ev TERM
1755variable, the server must be prepared to accept the environment variable.
1756.It Cm StdinNull
1757Redirects stdin from
1758.Pa /dev/null
1759(actually, prevents reading from stdin).
1760Either this or the equivalent
1761.Fl n
1762option must be used when
1763.Nm ssh
1764is run in the background.
1765The argument to this keyword must be
1766.Cm yes
1767(same as the
1768.Fl n
1769option) or
1770.Cm no
1771(the default).
1772.It Cm StreamLocalBindMask
1773Sets the octal file creation mode mask
1774.Pq umask
1775used when creating a Unix-domain socket file for local or remote
1776port forwarding.
1777This option is only used for port forwarding to a Unix-domain socket file.
1778.Pp
1779The default value is 0177, which creates a Unix-domain socket file that is
1780readable and writable only by the owner.
1781Note that not all operating systems honor the file mode on Unix-domain
1782socket files.
1783.It Cm StreamLocalBindUnlink
1784Specifies whether to remove an existing Unix-domain socket file for local
1785or remote port forwarding before creating a new one.
1786If the socket file already exists and
1787.Cm StreamLocalBindUnlink
1788is not enabled,
1789.Nm ssh
1790will be unable to forward the port to the Unix-domain socket file.
1791This option is only used for port forwarding to a Unix-domain socket file.
1792.Pp
1793The argument must be
1794.Cm yes
1795or
1796.Cm no
1797(the default).
1798.It Cm StrictHostKeyChecking
1799If this flag is set to
1800.Cm yes ,
1801.Xr ssh 1
1802will never automatically add host keys to the
1803.Pa ~/.ssh/known_hosts
1804file, and refuses to connect to hosts whose host key has changed.
1805This provides maximum protection against man-in-the-middle (MITM) attacks,
1806though it can be annoying when the
1807.Pa /etc/ssh/ssh_known_hosts
1808file is poorly maintained or when connections to new hosts are
1809frequently made.
1810This option forces the user to manually
1811add all new hosts.
1812.Pp
1813If this flag is set to
1814.Cm accept-new
1815then ssh will automatically add new host keys to the user's
1816.Pa known_hosts
1817file, but will not permit connections to hosts with
1818changed host keys.
1819If this flag is set to
1820.Cm no
1821or
1822.Cm off ,
1823ssh will automatically add new host keys to the user known hosts files
1824and allow connections to hosts with changed hostkeys to proceed,
1825subject to some restrictions.
1826If this flag is set to
1827.Cm ask
1828(the default),
1829new host keys
1830will be added to the user known host files only after the user
1831has confirmed that is what they really want to do, and
1832ssh will refuse to connect to hosts whose host key has changed.
1833The host keys of
1834known hosts will be verified automatically in all cases.
1835.It Cm SyslogFacility
1836Gives the facility code that is used when logging messages from
1837.Xr ssh 1 .
1838The possible values are: DAEMON, USER, AUTH, LOCAL0, LOCAL1, LOCAL2,
1839LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7.
1840The default is USER.
1841.It Cm TCPKeepAlive
1842Specifies whether the system should send TCP keepalive messages to the
1843other side.
1844If they are sent, death of the connection or crash of one
1845of the machines will be properly noticed.
1846However, this means that
1847connections will die if the route is down temporarily, and some people
1848find it annoying.
1849.Pp
1850The default is
1851.Cm yes
1852(to send TCP keepalive messages), and the client will notice
1853if the network goes down or the remote host dies.
1854This is important in scripts, and many users want it too.
1855.Pp
1856To disable TCP keepalive messages, the value should be set to
1857.Cm no .
1858See also
1859.Cm ServerAliveInterval
1860for protocol-level keepalives.
1861.It Cm Tunnel
1862Request
1863.Xr tun 4
1864device forwarding between the client and the server.
1865The argument must be
1866.Cm yes ,
1867.Cm point-to-point
1868(layer 3),
1869.Cm ethernet
1870(layer 2),
1871or
1872.Cm no
1873(the default).
1874Specifying
1875.Cm yes
1876requests the default tunnel mode, which is
1877.Cm point-to-point .
1878.It Cm TunnelDevice
1879Specifies the
1880.Xr tun 4
1881devices to open on the client
1882.Pq Ar local_tun
1883and the server
1884.Pq Ar remote_tun .
1885.Pp
1886The argument must be
1887.Sm off
1888.Ar local_tun Op : Ar remote_tun .
1889.Sm on
1890The devices may be specified by numerical ID or the keyword
1891.Cm any ,
1892which uses the next available tunnel device.
1893If
1894.Ar remote_tun
1895is not specified, it defaults to
1896.Cm any .
1897The default is
1898.Cm any:any .
1899.It Cm UpdateHostKeys
1900Specifies whether
1901.Xr ssh 1
1902should accept notifications of additional hostkeys from the server sent
1903after authentication has completed and add them to
1904.Cm UserKnownHostsFile .
1905The argument must be
1906.Cm yes ,
1907.Cm no
1908or
1909.Cm ask .
1910This option allows learning alternate hostkeys for a server
1911and supports graceful key rotation by allowing a server to send replacement
1912public keys before old ones are removed.
1913.Pp
1914Additional hostkeys are only accepted if the key used to authenticate the
1915host was already trusted or explicitly accepted by the user, the host was
1916authenticated via
1917.Cm UserKnownHostsFile
1918(i.e. not
1919.Cm GlobalKnownHostsFile )
1920and the host was authenticated using a plain key and not a certificate.
1921.Pp
1922.Cm UpdateHostKeys
1923is enabled by default if the user has not overridden the default
1924.Cm UserKnownHostsFile
1925setting and has not enabled
1926.Cm VerifyHostKeyDNS ,
1927otherwise
1928.Cm UpdateHostKeys
1929will be set to
1930.Cm no .
1931.Pp
1932If
1933.Cm UpdateHostKeys
1934is set to
1935.Cm ask ,
1936then the user is asked to confirm the modifications to the known_hosts file.
1937Confirmation is currently incompatible with
1938.Cm ControlPersist ,
1939and will be disabled if it is enabled.
1940.Pp
1941Presently, only
1942.Xr sshd 8
1943from OpenSSH 6.8 and greater support the
1944.Qq hostkeys@openssh.com
1945protocol extension used to inform the client of all the server's hostkeys.
1946.It Cm User
1947Specifies the user to log in as.
1948This can be useful when a different user name is used on different machines.
1949This saves the trouble of
1950having to remember to give the user name on the command line.
1951.It Cm UserKnownHostsFile
1952Specifies one or more files to use for the user
1953host key database, separated by whitespace.
1954Each filename may use tilde notation to refer to the user's home directory,
1955the tokens described in the
1956.Sx TOKENS
1957section and environment variables as described in the
1958.Sx ENVIRONMENT VARIABLES
1959section.
1960The default is
1961.Pa ~/.ssh/known_hosts ,
1962.Pa ~/.ssh/known_hosts2 .
1963.It Cm VerifyHostKeyDNS
1964Specifies whether to verify the remote key using DNS and SSHFP resource
1965records.
1966If this option is set to
1967.Cm yes ,
1968the client will implicitly trust keys that match a secure fingerprint
1969from DNS.
1970Insecure fingerprints will be handled as if this option was set to
1971.Cm ask .
1972If this option is set to
1973.Cm ask ,
1974information on fingerprint match will be displayed, but the user will still
1975need to confirm new host keys according to the
1976.Cm StrictHostKeyChecking
1977option.
1978The default is
1979.Cm yes
1980if compiled with LDNS and
1981.Cm no
1982otherwise.
1983.Pp
1984See also
1985.Sx VERIFYING HOST KEYS
1986in
1987.Xr ssh 1 .
1988.It Cm VisualHostKey
1989If this flag is set to
1990.Cm yes ,
1991an ASCII art representation of the remote host key fingerprint is
1992printed in addition to the fingerprint string at login and
1993for unknown host keys.
1994If this flag is set to
1995.Cm no
1996(the default),
1997no fingerprint strings are printed at login and
1998only the fingerprint string will be printed for unknown host keys.
1999.It Cm XAuthLocation
2000Specifies the full pathname of the
2001.Xr xauth 1
2002program.
2003The default is
2004.Pa /usr/local/bin/xauth .
2005.El
2006.Sh PATTERNS
2007A
2008.Em pattern
2009consists of zero or more non-whitespace characters,
2010.Sq *
2011(a wildcard that matches zero or more characters),
2012or
2013.Sq ?\&
2014(a wildcard that matches exactly one character).
2015For example, to specify a set of declarations for any host in the
2016.Qq .co.uk
2017set of domains,
2018the following pattern could be used:
2019.Pp
2020.Dl Host *.co.uk
2021.Pp
2022The following pattern
2023would match any host in the 192.168.0.[0-9] network range:
2024.Pp
2025.Dl Host 192.168.0.?
2026.Pp
2027A
2028.Em pattern-list
2029is a comma-separated list of patterns.
2030Patterns within pattern-lists may be negated
2031by preceding them with an exclamation mark
2032.Pq Sq !\& .
2033For example,
2034to allow a key to be used from anywhere within an organization
2035except from the
2036.Qq dialup
2037pool,
2038the following entry (in authorized_keys) could be used:
2039.Pp
2040.Dl from=\&"!*.dialup.example.com,*.example.com\&"
2041.Pp
2042Note that a negated match will never produce a positive result by itself.
2043For example, attempting to match
2044.Qq host3
2045against the following pattern-list will fail:
2046.Pp
2047.Dl from=\&"!host1,!host2\&"
2048.Pp
2049The solution here is to include a term that will yield a positive match,
2050such as a wildcard:
2051.Pp
2052.Dl from=\&"!host1,!host2,*\&"
2053.Sh TOKENS
2054Arguments to some keywords can make use of tokens,
2055which are expanded at runtime:
2056.Pp
2057.Bl -tag -width XXXX -offset indent -compact
2058.It %%
2059A literal
2060.Sq % .
2061.It \&%C
2062Hash of %l%h%p%r.
2063.It %d
2064Local user's home directory.
2065.It %f
2066The fingerprint of the server's host key.
2067.It %H
2068The
2069.Pa known_hosts
2070hostname or address that is being searched for.
2071.It %h
2072The remote hostname.
2073.It \%%I
2074A string describing the reason for a
2075.Cm KnownHostsCommand
2076execution: either
2077.Cm ADDRESS
2078when looking up a host by address (only when
2079.Cm CheckHostIP
2080is enabled),
2081.Cm HOSTNAME
2082when searching by hostname, or
2083.Cm ORDER
2084when preparing the host key algorithm preference list to use for the
2085destination host.
2086.It %i
2087The local user ID.
2088.It %K
2089The base64 encoded host key.
2090.It %k
2091The host key alias if specified, otherwise the original remote hostname given
2092on the command line.
2093.It %L
2094The local hostname.
2095.It %l
2096The local hostname, including the domain name.
2097.It %n
2098The original remote hostname, as given on the command line.
2099.It %p
2100The remote port.
2101.It %r
2102The remote username.
2103.It \&%T
2104The local
2105.Xr tun 4
2106or
2107.Xr tap 4
2108network interface assigned if
2109tunnel forwarding was requested, or
2110.Qq NONE
2111otherwise.
2112.It %t
2113The type of the server host key, e.g.
2114.Cm ssh-ed25519 .
2115.It %u
2116The local username.
2117.El
2118.Pp
2119.Cm CertificateFile ,
2120.Cm ControlPath ,
2121.Cm IdentityAgent ,
2122.Cm IdentityFile ,
2123.Cm KnownHostsCommand ,
2124.Cm LocalForward ,
2125.Cm Match exec ,
2126.Cm RemoteCommand ,
2127.Cm RemoteForward ,
2128and
2129.Cm UserKnownHostsFile
2130accept the tokens %%, %C, %d, %h, %i, %k, %L, %l, %n, %p, %r, and %u.
2131.Pp
2132.Cm KnownHostsCommand
2133additionally accepts the tokens %f, %H, %I, %K and %t.
2134.Pp
2135.Cm Hostname
2136accepts the tokens %% and %h.
2137.Pp
2138.Cm LocalCommand
2139accepts all tokens.
2140.Pp
2141.Cm ProxyCommand
2142and
2143.Cm ProxyJump
2144accept the tokens %%, %h, %n, %p, and %r.
2145.Sh ENVIRONMENT VARIABLES
2146Arguments to some keywords can be expanded at runtime from environment
2147variables on the client by enclosing them in
2148.Ic ${} ,
2149for example
2150.Ic ${HOME}/.ssh
2151would refer to the user's .ssh directory.
2152If a specified environment variable does not exist then an error will be
2153returned and the setting for that keyword will be ignored.
2154.Pp
2155The keywords
2156.Cm CertificateFile ,
2157.Cm ControlPath ,
2158.Cm IdentityAgent ,
2159.Cm IdentityFile ,
2160.Cm KnownHostsCommand ,
2161and
2162.Cm UserKnownHostsFile
2163support environment variables.
2164The keywords
2165.Cm LocalForward
2166and
2167.Cm RemoteForward
2168support environment variables only for Unix domain socket paths.
2169.Sh FILES
2170.Bl -tag -width Ds
2171.It Pa ~/.ssh/config
2172This is the per-user configuration file.
2173The format of this file is described above.
2174This file is used by the SSH client.
2175Because of the potential for abuse, this file must have strict permissions:
2176read/write for the user, and not writable by others.
2177.It Pa /etc/ssh/ssh_config
2178Systemwide configuration file.
2179This file provides defaults for those
2180values that are not specified in the user's configuration file, and
2181for those users who do not have a configuration file.
2182This file must be world-readable.
2183.El
2184.Sh SEE ALSO
2185.Xr ssh 1
2186.Sh AUTHORS
2187.An -nosplit
2188OpenSSH is a derivative of the original and free
2189ssh 1.2.12 release by
2190.An Tatu Ylonen .
2191.An Aaron Campbell , Bob Beck , Markus Friedl ,
2192.An Niels Provos , Theo de Raadt
2193and
2194.An Dug Song
2195removed many bugs, re-added newer features and
2196created OpenSSH.
2197.An Markus Friedl
2198contributed the support for SSH protocol versions 1.5 and 2.0.
2199