Lines Matching +full:non +full:- +full:secure +full:- +full:domain

10 .\" called by a name other than "ssh" or "Secure Shell".
48 .Bl -enum -offset indent -compact
50 command-line options
55 system-wide configuration file
71 host-specific declarations should be given near the beginning of the
74 The file contains keyword-argument pairs, one per line.
95 keywords are case-insensitive and arguments are case-sensitive):
96 .Bl -tag -width Ds
169 keyword matches only when the configuration file is being re-parsed
178 keyword requests that the configuration be re-parsed (regardless of whether
208 and so caution should be applied if using it to control security-sensitive
211 The other keywords' criteria must be single entries or comma-separated
225 keyword matches against the hostname as it was specified on the command-line.
232 command-line using the
242 (this keyword may be useful in system-wide
247 .Xr ssh-agent 1 .
252 .Xr ssh-add 1 .
259 .Xr ssh-add 1
266 .Xr ssh-add 1 .
276 .Xr ssh-agent 1 ,
318 is enabled, this option specifies the list of domain suffixes in which to
383 is a pattern-list of domains that may follow CNAMEs in canonicalization,
386 is a pattern-list of domains that they may resolve to.
406 .Bd -literal -offset indent
407 ssh-ed25519,ecdsa-sha2-nistp256,
408 ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
409 sk-ssh-ed25519@openssh.com,
410 sk-ecdsa-sha2-nistp256@openssh.com,
411 rsa-sha2-512,rsa-sha2-256
419 .Sq -
437 .Xr ssh-agent 1 ,
491 .Bl -tag -width Ds
492 .It Cm agent-connection
494 .Xr ssh-agent 1 .
495 .It Cm direct-tcpip , Cm direct-streamlocal@openssh.com
503 .It Cm forwarded-tcpip , Cm forwarded-streamlocal@openssh.com
516 .It Cm tun-connection
520 .It Cm x11-connection
555 Multiple ciphers must be comma-separated.
561 .Sq -
570 .Bd -literal -offset indent
571 3des-cbc
572 aes128-cbc
573 aes192-cbc
574 aes256-cbc
575 aes128-ctr
576 aes192-ctr
577 aes256-ctr
578 aes128-gcm@openssh.com
579 aes256-gcm@openssh.com
580 chacha20-poly1305@openssh.com
584 .Bd -literal -offset indent
585 chacha20-poly1305@openssh.com,
586 aes128-ctr,aes192-ctr,aes256-ctr,
587 aes128-gcm@openssh.com,aes256-gcm@openssh.com
591 .Qq ssh -Q cipher .
649 .Xr ssh-askpass 1 .
657 .Xr ssh-agent 1
709 .Qq ssh -O exit ) .
717 over the secure channel, and the application
759 .Xr ssh-keysign 8
767 This option should be placed in the non-hostspecific section.
769 .Xr ssh-keysign 8
821 .Ic ssh -f host xterm ,
860 (for the agent's Unix-domain socket)
867 over the secure channel and
963 .Xr ssh-keygen 1 .
966 authentication as a comma-separated list of patterns.
972 .Sq -
980 .Bd -literal -offset 3n
981 ssh-ed25519-cert-v01@openssh.com,
982 ecdsa-sha2-nistp256-cert-v01@openssh.com,
983 ecdsa-sha2-nistp384-cert-v01@openssh.com,
984 ecdsa-sha2-nistp521-cert-v01@openssh.com,
985 sk-ssh-ed25519-cert-v01@openssh.com,
986 sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,
987 rsa-sha2-512-cert-v01@openssh.com,
988 rsa-sha2-256-cert-v01@openssh.com,
989 ssh-ed25519,
990 ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
991 sk-ssh-ed25519@openssh.com,
992 sk-ecdsa-sha2-nistp256@openssh.com,
993 rsa-sha2-512,rsa-sha2-256
1018 .Sq -
1026 .Bd -literal -offset 3n
1027 ssh-ed25519-cert-v01@openssh.com,
1028 ecdsa-sha2-nistp256-cert-v01@openssh.com,
1029 ecdsa-sha2-nistp384-cert-v01@openssh.com,
1030 ecdsa-sha2-nistp521-cert-v01@openssh.com,
1031 sk-ssh-ed25519-cert-v01@openssh.com,
1032 sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,
1033 rsa-sha2-512-cert-v01@openssh.com,
1034 rsa-sha2-256-cert-v01@openssh.com,
1035 ssh-ed25519,
1036 ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
1037 sk-ecdsa-sha2-nistp256@openssh.com,
1038 sk-ssh-ed25519@openssh.com,
1039 rsa-sha2-512,rsa-sha2-256
1046 .Qq ssh -Q HostKeyAlgorithms .
1074 command-line),
1076 .Xr ssh-agent 1
1087 This option is intended for situations where ssh-agent
1091 .Ux Ns -domain
1119 Specifies a file from which the user's DSA, ECDSA, authenticator-hosted ECDSA,
1120 Ed25519, authenticator-hosted Ed25519 or RSA authentication identity is read.
1123 .Xr ssh-agent 1
1142 .Pa -cert.pub
1174 Specifies a pattern-list of unknown options to be ignored if they are
1188 wildcards and, for user configurations, shell-like
1205 Specifies the IPv4 type-of-service or DSCP class for connections.
1238 interactive sessions and the second for non-interactive sessions.
1241 (Low-Latency Data)
1245 for non-interactive sessions.
1247 Specifies whether to use keyboard-interactive authentication.
1256 Specifies the list of methods to use in keyboard-interactive authentication.
1257 Multiple method names must be comma-separated.
1267 Multiple algorithms must be comma-separated.
1273 .Sq -
1281 .Bd -literal -offset indent
1282 sntrup761x25519-sha512@openssh.com,
1283 curve25519-sha256,curve25519-sha256@libssh.org,
1284 ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,
1285 diffie-hellman-group-exchange-sha256,
1286 diffie-hellman-group16-sha512,
1287 diffie-hellman-group18-sha512,
1288 diffie-hellman-group14-sha256
1292 .Qq ssh -Q kex .
1316 If the command exits abnormally or returns a non-zero exit status then the
1340 the secure channel to the specified host and port from the remote machine.
1345 or a Unix domain socket path.
1348 or a Unix domain socket path if the remote host supports it.
1368 Unix domain socket paths may use the tokens described in the
1386 .Bd -literal -offset indent
1402 Multiple algorithms must be comma-separated.
1408 .Sq -
1417 .Qq -etm
1418 calculate the MAC after encryption (encrypt-then-mac).
1422 .Bd -literal -offset indent
1423 umac-64-etm@openssh.com,umac-128-etm@openssh.com,
1424 hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,
1425 hmac-sha1-etm@openssh.com,
1426 umac-64@openssh.com,umac-128@openssh.com,
1427 hmac-sha2-256,hmac-sha2-512,hmac-sha1
1431 .Qq ssh -Q mac .
1446 should try to obscure inter-keystroke timings from passive observers of
1487 .Bl -item -offset indent -compact
1531 .Cm keyboard-interactive )
1535 .Bd -literal -offset indent
1536 gssapi-with-mic,hostbased,publickey,
1537 keyboard-interactive,password
1557 .Ic sshd -i
1574 .Bd -literal -offset 3n
1575 ProxyCommand /usr/bin/nc -X connect -x 192.0.2.0:8080 %h %p
1603 option - whichever is specified first will prevent later instances of the
1607 via the command-line or the configuration file) is not generally applied
1621 authentication as a comma-separated list of patterns.
1627 .Sq -
1635 .Bd -literal -offset 3n
1636 ssh-ed25519-cert-v01@openssh.com,
1637 ecdsa-sha2-nistp256-cert-v01@openssh.com,
1638 ecdsa-sha2-nistp384-cert-v01@openssh.com,
1639 ecdsa-sha2-nistp521-cert-v01@openssh.com,
1640 sk-ssh-ed25519-cert-v01@openssh.com,
1641 sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,
1642 rsa-sha2-512-cert-v01@openssh.com,
1643 rsa-sha2-256-cert-v01@openssh.com,
1644 ssh-ed25519,
1645 ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
1646 sk-ssh-ed25519@openssh.com,
1647 sk-ecdsa-sha2-nistp256@openssh.com,
1648 rsa-sha2-512,rsa-sha2-256
1652 .Qq ssh -Q PubkeyAcceptedAlgorithms .
1661 .Cm host-bound .
1663 disabling or enabling the OpenSSH host-bound authentication protocol
1665 .Xr ssh-agent 1
1703 the secure channel.
1711 or, if the remote host supports it, a Unix domain socket path.
1714 or a Unix domain socket path,
1726 Unix domain socket paths may use the tokens described in the
1754 Specifies whether to request a pseudo-tty for the session.
1788 .Xr ssh-keygen 1 .
1790 .Xr ssh-keygen 1 .
1801 FIDO authenticator-hosted keys, overriding the default of using
1802 the built-in USB HID support.
1817 pseudo-terminal is requested as it is required by the protocol.
1836 .Pa - .
1914 used when creating a Unix-domain socket file for local or remote
1916 This option is only used for port forwarding to a Unix-domain socket file.
1918 The default value is 0177, which creates a Unix-domain socket file that is
1920 Note that not all operating systems honor the file mode on Unix-domain
1923 Specifies whether to remove an existing Unix-domain socket file for local
1929 will be unable to forward the port to the Unix-domain socket file.
1930 This option is only used for port forwarding to a Unix-domain socket file.
1944 This provides maximum protection against man-in-the-middle (MITM) attacks,
1953 .Cm accept-new
1999 for protocol-level keepalives.
2010 .Cm point-to-point
2020 .Cm point-to-point .
2107 to ignore any user-specific known hosts files.
2116 the client will implicitly trust keys that match a secure fingerprint
2154 consists of zero or more non-whitespace characters,
2168 would match any host in the 192.168.0.[0-9] network range:
2173 .Em pattern-list
2174 is a comma-separated list of patterns.
2175 Patterns within pattern-lists may be negated
2190 against the following pattern-list will fail:
2202 .Bl -tag -width XXXX -offset indent -compact
2244 The local hostname, including the domain name.
2262 .Cm ssh-ed25519 .
2327 support environment variables only for Unix domain socket paths.
2329 .Bl -tag -width Ds
2331 This is the per-user configuration file.
2341 This file must be world-readable.
2346 .An -nosplit
2354 removed many bugs, re-added newer features and