1.\" 2.\" Author: Tatu Ylonen <ylo@cs.hut.fi> 3.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4.\" All rights reserved 5.\" 6.\" As far as I am concerned, the code I have written for this software 7.\" can be used freely for any purpose. Any derived versions of this 8.\" software must be clearly marked as such, and if the derived work is 9.\" incompatible with the protocol description in the RFC file, it must be 10.\" called by a name other than "ssh" or "Secure Shell". 11.\" 12.\" Copyright (c) 1999,2000 Markus Friedl. All rights reserved. 13.\" Copyright (c) 1999 Aaron Campbell. All rights reserved. 14.\" Copyright (c) 1999 Theo de Raadt. All rights reserved. 15.\" 16.\" Redistribution and use in source and binary forms, with or without 17.\" modification, are permitted provided that the following conditions 18.\" are met: 19.\" 1. Redistributions of source code must retain the above copyright 20.\" notice, this list of conditions and the following disclaimer. 21.\" 2. Redistributions in binary form must reproduce the above copyright 22.\" notice, this list of conditions and the following disclaimer in the 23.\" documentation and/or other materials provided with the distribution. 24.\" 25.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 26.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 27.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 28.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 29.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 30.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 31.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 32.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 33.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 34.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 35.\" 36.\" $OpenBSD: ssh_config.5,v 1.322 2020/02/07 03:54:44 dtucker Exp $ 37.Dd $Mdocdate: February 7 2020 $ 38.Dt SSH_CONFIG 5 39.Os 40.Sh NAME 41.Nm ssh_config 42.Nd OpenSSH client configuration file 43.Sh DESCRIPTION 44.Xr ssh 1 45obtains configuration data from the following sources in 46the following order: 47.Pp 48.Bl -enum -offset indent -compact 49.It 50command-line options 51.It 52user's configuration file 53.Pq Pa ~/.ssh/config 54.It 55system-wide configuration file 56.Pq Pa /etc/ssh/ssh_config 57.El 58.Pp 59For each parameter, the first obtained value 60will be used. 61The configuration files contain sections separated by 62.Cm Host 63specifications, and that section is only applied for hosts that 64match one of the patterns given in the specification. 65The matched host name is usually the one given on the command line 66(see the 67.Cm CanonicalizeHostname 68option for exceptions). 69.Pp 70Since the first obtained value for each parameter is used, more 71host-specific declarations should be given near the beginning of the 72file, and general defaults at the end. 73.Pp 74The file contains keyword-argument pairs, one per line. 75Lines starting with 76.Ql # 77and empty lines are interpreted as comments. 78Arguments may optionally be enclosed in double quotes 79.Pq \&" 80in order to represent arguments containing spaces. 81Configuration options may be separated by whitespace or 82optional whitespace and exactly one 83.Ql = ; 84the latter format is useful to avoid the need to quote whitespace 85when specifying configuration options using the 86.Nm ssh , 87.Nm scp , 88and 89.Nm sftp 90.Fl o 91option. 92.Pp 93The possible 94keywords and their meanings are as follows (note that 95keywords are case-insensitive and arguments are case-sensitive): 96.Bl -tag -width Ds 97.It Cm Host 98Restricts the following declarations (up to the next 99.Cm Host 100or 101.Cm Match 102keyword) to be only for those hosts that match one of the patterns 103given after the keyword. 104If more than one pattern is provided, they should be separated by whitespace. 105A single 106.Ql * 107as a pattern can be used to provide global 108defaults for all hosts. 109The host is usually the 110.Ar hostname 111argument given on the command line 112(see the 113.Cm CanonicalizeHostname 114keyword for exceptions). 115.Pp 116A pattern entry may be negated by prefixing it with an exclamation mark 117.Pq Sq !\& . 118If a negated entry is matched, then the 119.Cm Host 120entry is ignored, regardless of whether any other patterns on the line 121match. 122Negated matches are therefore useful to provide exceptions for wildcard 123matches. 124.Pp 125See 126.Sx PATTERNS 127for more information on patterns. 128.It Cm Match 129Restricts the following declarations (up to the next 130.Cm Host 131or 132.Cm Match 133keyword) to be used only when the conditions following the 134.Cm Match 135keyword are satisfied. 136Match conditions are specified using one or more criteria 137or the single token 138.Cm all 139which always matches. 140The available criteria keywords are: 141.Cm canonical , 142.Cm final , 143.Cm exec , 144.Cm host , 145.Cm originalhost , 146.Cm user , 147and 148.Cm localuser . 149The 150.Cm all 151criteria must appear alone or immediately after 152.Cm canonical 153or 154.Cm final . 155Other criteria may be combined arbitrarily. 156All criteria but 157.Cm all , 158.Cm canonical , 159and 160.Cm final 161require an argument. 162Criteria may be negated by prepending an exclamation mark 163.Pq Sq !\& . 164.Pp 165The 166.Cm canonical 167keyword matches only when the configuration file is being re-parsed 168after hostname canonicalization (see the 169.Cm CanonicalizeHostname 170option). 171This may be useful to specify conditions that work with canonical host 172names only. 173.Pp 174The 175.Cm final 176keyword requests that the configuration be re-parsed (regardless of whether 177.Cm CanonicalizeHostname 178is enabled), and matches only during this final pass. 179If 180.Cm CanonicalizeHostname 181is enabled, then 182.Cm canonical 183and 184.Cm final 185match during the same pass. 186.Pp 187The 188.Cm exec 189keyword executes the specified command under the user's shell. 190If the command returns a zero exit status then the condition is considered true. 191Commands containing whitespace characters must be quoted. 192Arguments to 193.Cm exec 194accept the tokens described in the 195.Sx TOKENS 196section. 197.Pp 198The other keywords' criteria must be single entries or comma-separated 199lists and may use the wildcard and negation operators described in the 200.Sx PATTERNS 201section. 202The criteria for the 203.Cm host 204keyword are matched against the target hostname, after any substitution 205by the 206.Cm Hostname 207or 208.Cm CanonicalizeHostname 209options. 210The 211.Cm originalhost 212keyword matches against the hostname as it was specified on the command-line. 213The 214.Cm user 215keyword matches against the target username on the remote host. 216The 217.Cm localuser 218keyword matches against the name of the local user running 219.Xr ssh 1 220(this keyword may be useful in system-wide 221.Nm 222files). 223.It Cm AddKeysToAgent 224Specifies whether keys should be automatically added to a running 225.Xr ssh-agent 1 . 226If this option is set to 227.Cm yes 228and a key is loaded from a file, the key and its passphrase are added to 229the agent with the default lifetime, as if by 230.Xr ssh-add 1 . 231If this option is set to 232.Cm ask , 233.Xr ssh 1 234will require confirmation using the 235.Ev SSH_ASKPASS 236program before adding a key (see 237.Xr ssh-add 1 238for details). 239If this option is set to 240.Cm confirm , 241each use of the key must be confirmed, as if the 242.Fl c 243option was specified to 244.Xr ssh-add 1 . 245If this option is set to 246.Cm no , 247no keys are added to the agent. 248The argument must be 249.Cm yes , 250.Cm confirm , 251.Cm ask , 252or 253.Cm no 254(the default). 255.It Cm AddressFamily 256Specifies which address family to use when connecting. 257Valid arguments are 258.Cm any 259(the default), 260.Cm inet 261(use IPv4 only), or 262.Cm inet6 263(use IPv6 only). 264.It Cm BatchMode 265If set to 266.Cm yes , 267user interaction such as password prompts and host key confirmation requests 268will be disabled. 269This option is useful in scripts and other batch jobs where no user 270is present to interact with 271.Xr ssh 1 . 272The argument must be 273.Cm yes 274or 275.Cm no 276(the default). 277.It Cm BindAddress 278Use the specified address on the local machine as the source address of 279the connection. 280Only useful on systems with more than one address. 281.It Cm BindInterface 282Use the address of the specified interface on the local machine as the 283source address of the connection. 284.It Cm CanonicalDomains 285When 286.Cm CanonicalizeHostname 287is enabled, this option specifies the list of domain suffixes in which to 288search for the specified destination host. 289.It Cm CanonicalizeFallbackLocal 290Specifies whether to fail with an error when hostname canonicalization fails. 291The default, 292.Cm yes , 293will attempt to look up the unqualified hostname using the system resolver's 294search rules. 295A value of 296.Cm no 297will cause 298.Xr ssh 1 299to fail instantly if 300.Cm CanonicalizeHostname 301is enabled and the target hostname cannot be found in any of the domains 302specified by 303.Cm CanonicalDomains . 304.It Cm CanonicalizeHostname 305Controls whether explicit hostname canonicalization is performed. 306The default, 307.Cm no , 308is not to perform any name rewriting and let the system resolver handle all 309hostname lookups. 310If set to 311.Cm yes 312then, for connections that do not use a 313.Cm ProxyCommand 314or 315.Cm ProxyJump , 316.Xr ssh 1 317will attempt to canonicalize the hostname specified on the command line 318using the 319.Cm CanonicalDomains 320suffixes and 321.Cm CanonicalizePermittedCNAMEs 322rules. 323If 324.Cm CanonicalizeHostname 325is set to 326.Cm always , 327then canonicalization is applied to proxied connections too. 328.Pp 329If this option is enabled, then the configuration files are processed 330again using the new target name to pick up any new configuration in matching 331.Cm Host 332and 333.Cm Match 334stanzas. 335.It Cm CanonicalizeMaxDots 336Specifies the maximum number of dot characters in a hostname before 337canonicalization is disabled. 338The default, 1, 339allows a single dot (i.e. hostname.subdomain). 340.It Cm CanonicalizePermittedCNAMEs 341Specifies rules to determine whether CNAMEs should be followed when 342canonicalizing hostnames. 343The rules consist of one or more arguments of 344.Ar source_domain_list : Ns Ar target_domain_list , 345where 346.Ar source_domain_list 347is a pattern-list of domains that may follow CNAMEs in canonicalization, 348and 349.Ar target_domain_list 350is a pattern-list of domains that they may resolve to. 351.Pp 352For example, 353.Qq *.a.example.com:*.b.example.com,*.c.example.com 354will allow hostnames matching 355.Qq *.a.example.com 356to be canonicalized to names in the 357.Qq *.b.example.com 358or 359.Qq *.c.example.com 360domains. 361.It Cm CASignatureAlgorithms 362Specifies which algorithms are allowed for signing of certificates 363by certificate authorities (CAs). 364The default is: 365.Bd -literal -offset indent 366ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, 367ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa 368.Ed 369.Pp 370.Xr ssh 1 371will not accept host certificates signed using algorithms other than those 372specified. 373.It Cm CertificateFile 374Specifies a file from which the user's certificate is read. 375A corresponding private key must be provided separately in order 376to use this certificate either 377from an 378.Cm IdentityFile 379directive or 380.Fl i 381flag to 382.Xr ssh 1 , 383via 384.Xr ssh-agent 1 , 385or via a 386.Cm PKCS11Provider 387or 388.Cm SecurityKeyProvider . 389.Pp 390Arguments to 391.Cm CertificateFile 392may use the tilde syntax to refer to a user's home directory 393or the tokens described in the 394.Sx TOKENS 395section. 396.Pp 397It is possible to have multiple certificate files specified in 398configuration files; these certificates will be tried in sequence. 399Multiple 400.Cm CertificateFile 401directives will add to the list of certificates used for 402authentication. 403.It Cm ChallengeResponseAuthentication 404Specifies whether to use challenge-response authentication. 405The argument to this keyword must be 406.Cm yes 407(the default) 408or 409.Cm no . 410.It Cm CheckHostIP 411If set to 412.Cm yes 413(the default), 414.Xr ssh 1 415will additionally check the host IP address in the 416.Pa known_hosts 417file. 418This allows it to detect if a host key changed due to DNS spoofing 419and will add addresses of destination hosts to 420.Pa ~/.ssh/known_hosts 421in the process, regardless of the setting of 422.Cm StrictHostKeyChecking . 423If the option is set to 424.Cm no , 425the check will not be executed. 426.It Cm Ciphers 427Specifies the ciphers allowed and their order of preference. 428Multiple ciphers must be comma-separated. 429If the specified list begins with a 430.Sq + 431character, then the specified ciphers will be appended to the default set 432instead of replacing them. 433If the specified list begins with a 434.Sq - 435character, then the specified ciphers (including wildcards) will be removed 436from the default set instead of replacing them. 437If the specified list begins with a 438.Sq ^ 439character, then the specified ciphers will be placed at the head of the 440default set. 441.Pp 442The supported ciphers are: 443.Bd -literal -offset indent 4443des-cbc 445aes128-cbc 446aes192-cbc 447aes256-cbc 448aes128-ctr 449aes192-ctr 450aes256-ctr 451aes128-gcm@openssh.com 452aes256-gcm@openssh.com 453chacha20-poly1305@openssh.com 454.Ed 455.Pp 456The default is: 457.Bd -literal -offset indent 458chacha20-poly1305@openssh.com, 459aes128-ctr,aes192-ctr,aes256-ctr, 460aes128-gcm@openssh.com,aes256-gcm@openssh.com 461.Ed 462.Pp 463The list of available ciphers may also be obtained using 464.Qq ssh -Q cipher . 465.It Cm ClearAllForwardings 466Specifies that all local, remote, and dynamic port forwardings 467specified in the configuration files or on the command line be 468cleared. 469This option is primarily useful when used from the 470.Xr ssh 1 471command line to clear port forwardings set in 472configuration files, and is automatically set by 473.Xr scp 1 474and 475.Xr sftp 1 . 476The argument must be 477.Cm yes 478or 479.Cm no 480(the default). 481.It Cm Compression 482Specifies whether to use compression. 483The argument must be 484.Cm yes 485or 486.Cm no 487(the default). 488.It Cm ConnectionAttempts 489Specifies the number of tries (one per second) to make before exiting. 490The argument must be an integer. 491This may be useful in scripts if the connection sometimes fails. 492The default is 1. 493.It Cm ConnectTimeout 494Specifies the timeout (in seconds) used when connecting to the 495SSH server, instead of using the default system TCP timeout. 496This timeout is applied both to establishing the connection and to performing 497the initial SSH protocol handshake and key exchange. 498.It Cm ControlMaster 499Enables the sharing of multiple sessions over a single network connection. 500When set to 501.Cm yes , 502.Xr ssh 1 503will listen for connections on a control socket specified using the 504.Cm ControlPath 505argument. 506Additional sessions can connect to this socket using the same 507.Cm ControlPath 508with 509.Cm ControlMaster 510set to 511.Cm no 512(the default). 513These sessions will try to reuse the master instance's network connection 514rather than initiating new ones, but will fall back to connecting normally 515if the control socket does not exist, or is not listening. 516.Pp 517Setting this to 518.Cm ask 519will cause 520.Xr ssh 1 521to listen for control connections, but require confirmation using 522.Xr ssh-askpass 1 . 523If the 524.Cm ControlPath 525cannot be opened, 526.Xr ssh 1 527will continue without connecting to a master instance. 528.Pp 529X11 and 530.Xr ssh-agent 1 531forwarding is supported over these multiplexed connections, however the 532display and agent forwarded will be the one belonging to the master 533connection i.e. it is not possible to forward multiple displays or agents. 534.Pp 535Two additional options allow for opportunistic multiplexing: try to use a 536master connection but fall back to creating a new one if one does not already 537exist. 538These options are: 539.Cm auto 540and 541.Cm autoask . 542The latter requires confirmation like the 543.Cm ask 544option. 545.It Cm ControlPath 546Specify the path to the control socket used for connection sharing as described 547in the 548.Cm ControlMaster 549section above or the string 550.Cm none 551to disable connection sharing. 552Arguments to 553.Cm ControlPath 554may use the tilde syntax to refer to a user's home directory 555or the tokens described in the 556.Sx TOKENS 557section. 558It is recommended that any 559.Cm ControlPath 560used for opportunistic connection sharing include 561at least %h, %p, and %r (or alternatively %C) and be placed in a directory 562that is not writable by other users. 563This ensures that shared connections are uniquely identified. 564.It Cm ControlPersist 565When used in conjunction with 566.Cm ControlMaster , 567specifies that the master connection should remain open 568in the background (waiting for future client connections) 569after the initial client connection has been closed. 570If set to 571.Cm no 572(the default), 573then the master connection will not be placed into the background, 574and will close as soon as the initial client connection is closed. 575If set to 576.Cm yes 577or 0, 578then the master connection will remain in the background indefinitely 579(until killed or closed via a mechanism such as the 580.Qq ssh -O exit ) . 581If set to a time in seconds, or a time in any of the formats documented in 582.Xr sshd_config 5 , 583then the backgrounded master connection will automatically terminate 584after it has remained idle (with no client connections) for the 585specified time. 586.It Cm DynamicForward 587Specifies that a TCP port on the local machine be forwarded 588over the secure channel, and the application 589protocol is then used to determine where to connect to from the 590remote machine. 591.Pp 592The argument must be 593.Sm off 594.Oo Ar bind_address : Oc Ar port . 595.Sm on 596IPv6 addresses can be specified by enclosing addresses in square brackets. 597By default, the local port is bound in accordance with the 598.Cm GatewayPorts 599setting. 600However, an explicit 601.Ar bind_address 602may be used to bind the connection to a specific address. 603The 604.Ar bind_address 605of 606.Cm localhost 607indicates that the listening port be bound for local use only, while an 608empty address or 609.Sq * 610indicates that the port should be available from all interfaces. 611.Pp 612Currently the SOCKS4 and SOCKS5 protocols are supported, and 613.Xr ssh 1 614will act as a SOCKS server. 615Multiple forwardings may be specified, and 616additional forwardings can be given on the command line. 617Only the superuser can forward privileged ports. 618.It Cm EnableSSHKeysign 619Setting this option to 620.Cm yes 621in the global client configuration file 622.Pa /etc/ssh/ssh_config 623enables the use of the helper program 624.Xr ssh-keysign 8 625during 626.Cm HostbasedAuthentication . 627The argument must be 628.Cm yes 629or 630.Cm no 631(the default). 632This option should be placed in the non-hostspecific section. 633See 634.Xr ssh-keysign 8 635for more information. 636.It Cm EscapeChar 637Sets the escape character (default: 638.Ql ~ ) . 639The escape character can also 640be set on the command line. 641The argument should be a single character, 642.Ql ^ 643followed by a letter, or 644.Cm none 645to disable the escape 646character entirely (making the connection transparent for binary 647data). 648.It Cm ExitOnForwardFailure 649Specifies whether 650.Xr ssh 1 651should terminate the connection if it cannot set up all requested 652dynamic, tunnel, local, and remote port forwardings, (e.g.\& 653if either end is unable to bind and listen on a specified port). 654Note that 655.Cm ExitOnForwardFailure 656does not apply to connections made over port forwardings and will not, 657for example, cause 658.Xr ssh 1 659to exit if TCP connections to the ultimate forwarding destination fail. 660The argument must be 661.Cm yes 662or 663.Cm no 664(the default). 665.It Cm FingerprintHash 666Specifies the hash algorithm used when displaying key fingerprints. 667Valid options are: 668.Cm md5 669and 670.Cm sha256 671(the default). 672.It Cm ForwardAgent 673Specifies whether the connection to the authentication agent (if any) 674will be forwarded to the remote machine. 675The argument may be 676.Cm yes , 677.Cm no 678(the default), 679an explicit path to an agent socket or the name of an environment variable 680(beginning with 681.Sq $ ) 682in which to find the path. 683.Pp 684Agent forwarding should be enabled with caution. 685Users with the ability to bypass file permissions on the remote host 686(for the agent's Unix-domain socket) 687can access the local agent through the forwarded connection. 688An attacker cannot obtain key material from the agent, 689however they can perform operations on the keys that enable them to 690authenticate using the identities loaded into the agent. 691.It Cm ForwardX11 692Specifies whether X11 connections will be automatically redirected 693over the secure channel and 694.Ev DISPLAY 695set. 696The argument must be 697.Cm yes 698or 699.Cm no 700(the default). 701.Pp 702X11 forwarding should be enabled with caution. 703Users with the ability to bypass file permissions on the remote host 704(for the user's X11 authorization database) 705can access the local X11 display through the forwarded connection. 706An attacker may then be able to perform activities such as keystroke monitoring 707if the 708.Cm ForwardX11Trusted 709option is also enabled. 710.It Cm ForwardX11Timeout 711Specify a timeout for untrusted X11 forwarding 712using the format described in the 713.Sx TIME FORMATS 714section of 715.Xr sshd_config 5 . 716X11 connections received by 717.Xr ssh 1 718after this time will be refused. 719Setting 720.Cm ForwardX11Timeout 721to zero will disable the timeout and permit X11 forwarding for the life 722of the connection. 723The default is to disable untrusted X11 forwarding after twenty minutes has 724elapsed. 725.It Cm ForwardX11Trusted 726If this option is set to 727.Cm yes , 728remote X11 clients will have full access to the original X11 display. 729.Pp 730If this option is set to 731.Cm no 732(the default), 733remote X11 clients will be considered untrusted and prevented 734from stealing or tampering with data belonging to trusted X11 735clients. 736Furthermore, the 737.Xr xauth 1 738token used for the session will be set to expire after 20 minutes. 739Remote clients will be refused access after this time. 740.Pp 741See the X11 SECURITY extension specification for full details on 742the restrictions imposed on untrusted clients. 743.It Cm GatewayPorts 744Specifies whether remote hosts are allowed to connect to local 745forwarded ports. 746By default, 747.Xr ssh 1 748binds local port forwardings to the loopback address. 749This prevents other remote hosts from connecting to forwarded ports. 750.Cm GatewayPorts 751can be used to specify that ssh 752should bind local port forwardings to the wildcard address, 753thus allowing remote hosts to connect to forwarded ports. 754The argument must be 755.Cm yes 756or 757.Cm no 758(the default). 759.It Cm GlobalKnownHostsFile 760Specifies one or more files to use for the global 761host key database, separated by whitespace. 762The default is 763.Pa /etc/ssh/ssh_known_hosts , 764.Pa /etc/ssh/ssh_known_hosts2 . 765.It Cm GSSAPIAuthentication 766Specifies whether user authentication based on GSSAPI is allowed. 767The default is 768.Cm no . 769.It Cm GSSAPIDelegateCredentials 770Forward (delegate) credentials to the server. 771The default is 772.Cm no . 773.It Cm HashKnownHosts 774Indicates that 775.Xr ssh 1 776should hash host names and addresses when they are added to 777.Pa ~/.ssh/known_hosts . 778These hashed names may be used normally by 779.Xr ssh 1 780and 781.Xr sshd 8 , 782but they do not visually reveal identifying information if the 783file's contents are disclosed. 784The default is 785.Cm no . 786Note that existing names and addresses in known hosts files 787will not be converted automatically, 788but may be manually hashed using 789.Xr ssh-keygen 1 . 790.It Cm HostbasedAuthentication 791Specifies whether to try rhosts based authentication with public key 792authentication. 793The argument must be 794.Cm yes 795or 796.Cm no 797(the default). 798.It Cm HostbasedKeyTypes 799Specifies the key types that will be used for hostbased authentication 800as a comma-separated list of patterns. 801Alternately if the specified list begins with a 802.Sq + 803character, then the specified key types will be appended to the default set 804instead of replacing them. 805If the specified list begins with a 806.Sq - 807character, then the specified key types (including wildcards) will be removed 808from the default set instead of replacing them. 809If the specified list begins with a 810.Sq ^ 811character, then the specified key types will be placed at the head of the 812default set. 813The default for this option is: 814.Bd -literal -offset 3n 815ecdsa-sha2-nistp256-cert-v01@openssh.com, 816ecdsa-sha2-nistp384-cert-v01@openssh.com, 817ecdsa-sha2-nistp521-cert-v01@openssh.com, 818sk-ecdsa-sha2-nistp256-cert-v01@openssh.com, 819ssh-ed25519-cert-v01@openssh.com, 820sk-ssh-ed25519-cert-v01@openssh.com, 821rsa-sha2-512-cert-v01@openssh.com, 822rsa-sha2-256-cert-v01@openssh.com, 823ssh-rsa-cert-v01@openssh.com, 824ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, 825sk-ecdsa-sha2-nistp256@openssh.com, 826ssh-ed25519,sk-ssh-ed25519@openssh.com, 827rsa-sha2-512,rsa-sha2-256,ssh-rsa 828.Ed 829.Pp 830The 831.Fl Q 832option of 833.Xr ssh 1 834may be used to list supported key types. 835.It Cm HostKeyAlgorithms 836Specifies the host key algorithms 837that the client wants to use in order of preference. 838Alternately if the specified list begins with a 839.Sq + 840character, then the specified key types will be appended to the default set 841instead of replacing them. 842If the specified list begins with a 843.Sq - 844character, then the specified key types (including wildcards) will be removed 845from the default set instead of replacing them. 846If the specified list begins with a 847.Sq ^ 848character, then the specified key types will be placed at the head of the 849default set. 850The default for this option is: 851.Bd -literal -offset 3n 852ecdsa-sha2-nistp256-cert-v01@openssh.com, 853ecdsa-sha2-nistp384-cert-v01@openssh.com, 854ecdsa-sha2-nistp521-cert-v01@openssh.com, 855sk-ecdsa-sha2-nistp256-cert-v01@openssh.com, 856ssh-ed25519-cert-v01@openssh.com, 857sk-ssh-ed25519-cert-v01@openssh.com, 858rsa-sha2-512-cert-v01@openssh.com, 859rsa-sha2-256-cert-v01@openssh.com, 860ssh-rsa-cert-v01@openssh.com, 861ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, 862sk-ecdsa-sha2-nistp256@openssh.com, 863ssh-ed25519,sk-ssh-ed25519@openssh.com, 864rsa-sha2-512,rsa-sha2-256,ssh-rsa 865.Ed 866.Pp 867If hostkeys are known for the destination host then this default is modified 868to prefer their algorithms. 869.Pp 870The list of available key types may also be obtained using 871.Qq ssh -Q HostKeyAlgorithms . 872.It Cm HostKeyAlias 873Specifies an alias that should be used instead of the 874real host name when looking up or saving the host key 875in the host key database files and when validating host certificates. 876This option is useful for tunneling SSH connections 877or for multiple servers running on a single host. 878.It Cm Hostname 879Specifies the real host name to log into. 880This can be used to specify nicknames or abbreviations for hosts. 881Arguments to 882.Cm Hostname 883accept the tokens described in the 884.Sx TOKENS 885section. 886Numeric IP addresses are also permitted (both on the command line and in 887.Cm Hostname 888specifications). 889The default is the name given on the command line. 890.It Cm IdentitiesOnly 891Specifies that 892.Xr ssh 1 893should only use the configured authentication identity and certificate files 894(either the default files, or those explicitly configured in the 895.Nm 896files 897or passed on the 898.Xr ssh 1 899command-line), 900even if 901.Xr ssh-agent 1 902or a 903.Cm PKCS11Provider 904or 905.Cm SecurityKeyProvider 906offers more identities. 907The argument to this keyword must be 908.Cm yes 909or 910.Cm no 911(the default). 912This option is intended for situations where ssh-agent 913offers many different identities. 914.It Cm IdentityAgent 915Specifies the 916.Ux Ns -domain 917socket used to communicate with the authentication agent. 918.Pp 919This option overrides the 920.Ev SSH_AUTH_SOCK 921environment variable and can be used to select a specific agent. 922Setting the socket name to 923.Cm none 924disables the use of an authentication agent. 925If the string 926.Qq SSH_AUTH_SOCK 927is specified, the location of the socket will be read from the 928.Ev SSH_AUTH_SOCK 929environment variable. 930Otherwise if the specified value begins with a 931.Sq $ 932character, then it will be treated as an environment variable containing 933the location of the socket. 934.Pp 935Arguments to 936.Cm IdentityAgent 937may use the tilde syntax to refer to a user's home directory 938or the tokens described in the 939.Sx TOKENS 940section. 941.It Cm IdentityFile 942Specifies a file from which the user's DSA, ECDSA, authenticator-hosted ECDSA, 943Ed25519, authenticator-hosted Ed25519 or RSA authentication identity is read. 944The default is 945.Pa ~/.ssh/id_dsa , 946.Pa ~/.ssh/id_ecdsa , 947.Pa ~/.ssh/id_ecdsa_sk , 948.Pa ~/.ssh/id_ed25519 , 949.Pa ~/.ssh/id_ed25519_sk 950and 951.Pa ~/.ssh/id_rsa . 952Additionally, any identities represented by the authentication agent 953will be used for authentication unless 954.Cm IdentitiesOnly 955is set. 956If no certificates have been explicitly specified by 957.Cm CertificateFile , 958.Xr ssh 1 959will try to load certificate information from the filename obtained by 960appending 961.Pa -cert.pub 962to the path of a specified 963.Cm IdentityFile . 964.Pp 965Arguments to 966.Cm IdentityFile 967may use the tilde syntax to refer to a user's home directory 968or the tokens described in the 969.Sx TOKENS 970section. 971.Pp 972It is possible to have 973multiple identity files specified in configuration files; all these 974identities will be tried in sequence. 975Multiple 976.Cm IdentityFile 977directives will add to the list of identities tried (this behaviour 978differs from that of other configuration directives). 979.Pp 980.Cm IdentityFile 981may be used in conjunction with 982.Cm IdentitiesOnly 983to select which identities in an agent are offered during authentication. 984.Cm IdentityFile 985may also be used in conjunction with 986.Cm CertificateFile 987in order to provide any certificate also needed for authentication with 988the identity. 989.It Cm IgnoreUnknown 990Specifies a pattern-list of unknown options to be ignored if they are 991encountered in configuration parsing. 992This may be used to suppress errors if 993.Nm 994contains options that are unrecognised by 995.Xr ssh 1 . 996It is recommended that 997.Cm IgnoreUnknown 998be listed early in the configuration file as it will not be applied 999to unknown options that appear before it. 1000.It Cm Include 1001Include the specified configuration file(s). 1002Multiple pathnames may be specified and each pathname may contain 1003.Xr glob 7 1004wildcards and, for user configurations, shell-like 1005.Sq ~ 1006references to user home directories. 1007Files without absolute paths are assumed to be in 1008.Pa ~/.ssh 1009if included in a user configuration file or 1010.Pa /etc/ssh 1011if included from the system configuration file. 1012.Cm Include 1013directive may appear inside a 1014.Cm Match 1015or 1016.Cm Host 1017block 1018to perform conditional inclusion. 1019.It Cm IPQoS 1020Specifies the IPv4 type-of-service or DSCP class for connections. 1021Accepted values are 1022.Cm af11 , 1023.Cm af12 , 1024.Cm af13 , 1025.Cm af21 , 1026.Cm af22 , 1027.Cm af23 , 1028.Cm af31 , 1029.Cm af32 , 1030.Cm af33 , 1031.Cm af41 , 1032.Cm af42 , 1033.Cm af43 , 1034.Cm cs0 , 1035.Cm cs1 , 1036.Cm cs2 , 1037.Cm cs3 , 1038.Cm cs4 , 1039.Cm cs5 , 1040.Cm cs6 , 1041.Cm cs7 , 1042.Cm ef , 1043.Cm le , 1044.Cm lowdelay , 1045.Cm throughput , 1046.Cm reliability , 1047a numeric value, or 1048.Cm none 1049to use the operating system default. 1050This option may take one or two arguments, separated by whitespace. 1051If one argument is specified, it is used as the packet class unconditionally. 1052If two values are specified, the first is automatically selected for 1053interactive sessions and the second for non-interactive sessions. 1054The default is 1055.Cm af21 1056(Low-Latency Data) 1057for interactive sessions and 1058.Cm cs1 1059(Lower Effort) 1060for non-interactive sessions. 1061.It Cm KbdInteractiveAuthentication 1062Specifies whether to use keyboard-interactive authentication. 1063The argument to this keyword must be 1064.Cm yes 1065(the default) 1066or 1067.Cm no . 1068.It Cm KbdInteractiveDevices 1069Specifies the list of methods to use in keyboard-interactive authentication. 1070Multiple method names must be comma-separated. 1071The default is to use the server specified list. 1072The methods available vary depending on what the server supports. 1073For an OpenSSH server, 1074it may be zero or more of: 1075.Cm bsdauth , 1076.Cm pam , 1077and 1078.Cm skey . 1079.It Cm KexAlgorithms 1080Specifies the available KEX (Key Exchange) algorithms. 1081Multiple algorithms must be comma-separated. 1082If the specified list begins with a 1083.Sq + 1084character, then the specified methods will be appended to the default set 1085instead of replacing them. 1086If the specified list begins with a 1087.Sq - 1088character, then the specified methods (including wildcards) will be removed 1089from the default set instead of replacing them. 1090If the specified list begins with a 1091.Sq ^ 1092character, then the specified methods will be placed at the head of the 1093default set. 1094The default is: 1095.Bd -literal -offset indent 1096curve25519-sha256,curve25519-sha256@libssh.org, 1097ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521, 1098diffie-hellman-group-exchange-sha256, 1099diffie-hellman-group16-sha512, 1100diffie-hellman-group18-sha512, 1101diffie-hellman-group14-sha256 1102.Ed 1103.Pp 1104The list of available key exchange algorithms may also be obtained using 1105.Qq ssh -Q kex . 1106.It Cm LocalCommand 1107Specifies a command to execute on the local machine after successfully 1108connecting to the server. 1109The command string extends to the end of the line, and is executed with 1110the user's shell. 1111Arguments to 1112.Cm LocalCommand 1113accept the tokens described in the 1114.Sx TOKENS 1115section. 1116.Pp 1117The command is run synchronously and does not have access to the 1118session of the 1119.Xr ssh 1 1120that spawned it. 1121It should not be used for interactive commands. 1122.Pp 1123This directive is ignored unless 1124.Cm PermitLocalCommand 1125has been enabled. 1126.It Cm LocalForward 1127Specifies that a TCP port on the local machine be forwarded over 1128the secure channel to the specified host and port from the remote machine. 1129The first argument must be 1130.Sm off 1131.Oo Ar bind_address : Oc Ar port 1132.Sm on 1133and the second argument must be 1134.Ar host : Ns Ar hostport . 1135IPv6 addresses can be specified by enclosing addresses in square brackets. 1136Multiple forwardings may be specified, and additional forwardings can be 1137given on the command line. 1138Only the superuser can forward privileged ports. 1139By default, the local port is bound in accordance with the 1140.Cm GatewayPorts 1141setting. 1142However, an explicit 1143.Ar bind_address 1144may be used to bind the connection to a specific address. 1145The 1146.Ar bind_address 1147of 1148.Cm localhost 1149indicates that the listening port be bound for local use only, while an 1150empty address or 1151.Sq * 1152indicates that the port should be available from all interfaces. 1153.It Cm LogLevel 1154Gives the verbosity level that is used when logging messages from 1155.Xr ssh 1 . 1156The possible values are: 1157QUIET, FATAL, ERROR, INFO, VERBOSE, DEBUG, DEBUG1, DEBUG2, and DEBUG3. 1158The default is INFO. 1159DEBUG and DEBUG1 are equivalent. 1160DEBUG2 and DEBUG3 each specify higher levels of verbose output. 1161.It Cm MACs 1162Specifies the MAC (message authentication code) algorithms 1163in order of preference. 1164The MAC algorithm is used for data integrity protection. 1165Multiple algorithms must be comma-separated. 1166If the specified list begins with a 1167.Sq + 1168character, then the specified algorithms will be appended to the default set 1169instead of replacing them. 1170If the specified list begins with a 1171.Sq - 1172character, then the specified algorithms (including wildcards) will be removed 1173from the default set instead of replacing them. 1174If the specified list begins with a 1175.Sq ^ 1176character, then the specified algorithms will be placed at the head of the 1177default set. 1178.Pp 1179The algorithms that contain 1180.Qq -etm 1181calculate the MAC after encryption (encrypt-then-mac). 1182These are considered safer and their use recommended. 1183.Pp 1184The default is: 1185.Bd -literal -offset indent 1186umac-64-etm@openssh.com,umac-128-etm@openssh.com, 1187hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com, 1188hmac-sha1-etm@openssh.com, 1189umac-64@openssh.com,umac-128@openssh.com, 1190hmac-sha2-256,hmac-sha2-512,hmac-sha1 1191.Ed 1192.Pp 1193The list of available MAC algorithms may also be obtained using 1194.Qq ssh -Q mac . 1195.It Cm NoHostAuthenticationForLocalhost 1196Disable host authentication for localhost (loopback addresses). 1197The argument to this keyword must be 1198.Cm yes 1199or 1200.Cm no 1201(the default). 1202.It Cm NumberOfPasswordPrompts 1203Specifies the number of password prompts before giving up. 1204The argument to this keyword must be an integer. 1205The default is 3. 1206.It Cm PasswordAuthentication 1207Specifies whether to use password authentication. 1208The argument to this keyword must be 1209.Cm yes 1210(the default) 1211or 1212.Cm no . 1213.It Cm PermitLocalCommand 1214Allow local command execution via the 1215.Ic LocalCommand 1216option or using the 1217.Ic !\& Ns Ar command 1218escape sequence in 1219.Xr ssh 1 . 1220The argument must be 1221.Cm yes 1222or 1223.Cm no 1224(the default). 1225.It Cm PKCS11Provider 1226Specifies which PKCS#11 provider to use or 1227.Cm none 1228to indicate that no provider should be used (the default). 1229The argument to this keyword is a path to the PKCS#11 shared library 1230.Xr ssh 1 1231should use to communicate with a PKCS#11 token providing keys for user 1232authentication. 1233.It Cm Port 1234Specifies the port number to connect on the remote host. 1235The default is 22. 1236.It Cm PreferredAuthentications 1237Specifies the order in which the client should try authentication methods. 1238This allows a client to prefer one method (e.g.\& 1239.Cm keyboard-interactive ) 1240over another method (e.g.\& 1241.Cm password ) . 1242The default is: 1243.Bd -literal -offset indent 1244gssapi-with-mic,hostbased,publickey, 1245keyboard-interactive,password 1246.Ed 1247.It Cm ProxyCommand 1248Specifies the command to use to connect to the server. 1249The command 1250string extends to the end of the line, and is executed 1251using the user's shell 1252.Ql exec 1253directive to avoid a lingering shell process. 1254.Pp 1255Arguments to 1256.Cm ProxyCommand 1257accept the tokens described in the 1258.Sx TOKENS 1259section. 1260The command can be basically anything, 1261and should read from its standard input and write to its standard output. 1262It should eventually connect an 1263.Xr sshd 8 1264server running on some machine, or execute 1265.Ic sshd -i 1266somewhere. 1267Host key management will be done using the 1268.Cm Hostname 1269of the host being connected (defaulting to the name typed by the user). 1270Setting the command to 1271.Cm none 1272disables this option entirely. 1273Note that 1274.Cm CheckHostIP 1275is not available for connects with a proxy command. 1276.Pp 1277This directive is useful in conjunction with 1278.Xr nc 1 1279and its proxy support. 1280For example, the following directive would connect via an HTTP proxy at 1281192.0.2.0: 1282.Bd -literal -offset 3n 1283ProxyCommand /usr/bin/nc -X connect -x 192.0.2.0:8080 %h %p 1284.Ed 1285.It Cm ProxyJump 1286Specifies one or more jump proxies as either 1287.Xo 1288.Sm off 1289.Op Ar user No @ 1290.Ar host 1291.Op : Ns Ar port 1292.Sm on 1293or an ssh URI 1294.Xc . 1295Multiple proxies may be separated by comma characters and will be visited 1296sequentially. 1297Setting this option will cause 1298.Xr ssh 1 1299to connect to the target host by first making a 1300.Xr ssh 1 1301connection to the specified 1302.Cm ProxyJump 1303host and then establishing a 1304TCP forwarding to the ultimate target from there. 1305.Pp 1306Note that this option will compete with the 1307.Cm ProxyCommand 1308option - whichever is specified first will prevent later instances of the 1309other from taking effect. 1310.Pp 1311Note also that the configuration for the destination host (either supplied 1312via the command-line or the configuration file) is not generally applied 1313to jump hosts. 1314.Pa ~/.ssh/config 1315should be used if specific configuration is required for jump hosts. 1316.It Cm ProxyUseFdpass 1317Specifies that 1318.Cm ProxyCommand 1319will pass a connected file descriptor back to 1320.Xr ssh 1 1321instead of continuing to execute and pass data. 1322The default is 1323.Cm no . 1324.It Cm PubkeyAcceptedKeyTypes 1325Specifies the key types that will be used for public key authentication 1326as a comma-separated list of patterns. 1327If the specified list begins with a 1328.Sq + 1329character, then the key types after it will be appended to the default 1330instead of replacing it. 1331If the specified list begins with a 1332.Sq - 1333character, then the specified key types (including wildcards) will be removed 1334from the default set instead of replacing them. 1335If the specified list begins with a 1336.Sq ^ 1337character, then the specified key types will be placed at the head of the 1338default set. 1339The default for this option is: 1340.Bd -literal -offset 3n 1341ecdsa-sha2-nistp256-cert-v01@openssh.com, 1342ecdsa-sha2-nistp384-cert-v01@openssh.com, 1343ecdsa-sha2-nistp521-cert-v01@openssh.com, 1344sk-ecdsa-sha2-nistp256-cert-v01@openssh.com, 1345ssh-ed25519-cert-v01@openssh.com, 1346sk-ssh-ed25519-cert-v01@openssh.com, 1347rsa-sha2-512-cert-v01@openssh.com, 1348rsa-sha2-256-cert-v01@openssh.com, 1349ssh-rsa-cert-v01@openssh.com, 1350ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, 1351sk-ecdsa-sha2-nistp256@openssh.com, 1352ssh-ed25519,sk-ssh-ed25519@openssh.com, 1353rsa-sha2-512,rsa-sha2-256,ssh-rsa 1354.Ed 1355.Pp 1356The list of available key types may also be obtained using 1357.Qq ssh -Q PubkeyAcceptedKeyTypes . 1358.It Cm PubkeyAuthentication 1359Specifies whether to try public key authentication. 1360The argument to this keyword must be 1361.Cm yes 1362(the default) 1363or 1364.Cm no . 1365.It Cm RekeyLimit 1366Specifies the maximum amount of data that may be transmitted before the 1367session key is renegotiated, optionally followed a maximum amount of 1368time that may pass before the session key is renegotiated. 1369The first argument is specified in bytes and may have a suffix of 1370.Sq K , 1371.Sq M , 1372or 1373.Sq G 1374to indicate Kilobytes, Megabytes, or Gigabytes, respectively. 1375The default is between 1376.Sq 1G 1377and 1378.Sq 4G , 1379depending on the cipher. 1380The optional second value is specified in seconds and may use any of the 1381units documented in the TIME FORMATS section of 1382.Xr sshd_config 5 . 1383The default value for 1384.Cm RekeyLimit 1385is 1386.Cm default none , 1387which means that rekeying is performed after the cipher's default amount 1388of data has been sent or received and no time based rekeying is done. 1389.It Cm RemoteCommand 1390Specifies a command to execute on the remote machine after successfully 1391connecting to the server. 1392The command string extends to the end of the line, and is executed with 1393the user's shell. 1394Arguments to 1395.Cm RemoteCommand 1396accept the tokens described in the 1397.Sx TOKENS 1398section. 1399.It Cm RemoteForward 1400Specifies that a TCP port on the remote machine be forwarded over 1401the secure channel. 1402The remote port may either be forwarded to a specified host and port 1403from the local machine, or may act as a SOCKS 4/5 proxy that allows a remote 1404client to connect to arbitrary destinations from the local machine. 1405The first argument must be 1406.Sm off 1407.Oo Ar bind_address : Oc Ar port 1408.Sm on 1409If forwarding to a specific destination then the second argument must be 1410.Ar host : Ns Ar hostport , 1411otherwise if no destination argument is specified then the remote forwarding 1412will be established as a SOCKS proxy. 1413.Pp 1414IPv6 addresses can be specified by enclosing addresses in square brackets. 1415Multiple forwardings may be specified, and additional 1416forwardings can be given on the command line. 1417Privileged ports can be forwarded only when 1418logging in as root on the remote machine. 1419.Pp 1420If the 1421.Ar port 1422argument is 0, 1423the listen port will be dynamically allocated on the server and reported 1424to the client at run time. 1425.Pp 1426If the 1427.Ar bind_address 1428is not specified, the default is to only bind to loopback addresses. 1429If the 1430.Ar bind_address 1431is 1432.Ql * 1433or an empty string, then the forwarding is requested to listen on all 1434interfaces. 1435Specifying a remote 1436.Ar bind_address 1437will only succeed if the server's 1438.Cm GatewayPorts 1439option is enabled (see 1440.Xr sshd_config 5 ) . 1441.It Cm RequestTTY 1442Specifies whether to request a pseudo-tty for the session. 1443The argument may be one of: 1444.Cm no 1445(never request a TTY), 1446.Cm yes 1447(always request a TTY when standard input is a TTY), 1448.Cm force 1449(always request a TTY) or 1450.Cm auto 1451(request a TTY when opening a login session). 1452This option mirrors the 1453.Fl t 1454and 1455.Fl T 1456flags for 1457.Xr ssh 1 . 1458.It Cm RevokedHostKeys 1459Specifies revoked host public keys. 1460Keys listed in this file will be refused for host authentication. 1461Note that if this file does not exist or is not readable, 1462then host authentication will be refused for all hosts. 1463Keys may be specified as a text file, listing one public key per line, or as 1464an OpenSSH Key Revocation List (KRL) as generated by 1465.Xr ssh-keygen 1 . 1466For more information on KRLs, see the KEY REVOCATION LISTS section in 1467.Xr ssh-keygen 1 . 1468.It Cm SecurityKeyProvider 1469Specifies a path to a library that will be used when loading any 1470FIDO authenticator-hosted keys, overriding the default of using 1471the built-in USB HID support. 1472.Pp 1473If the specified value begins with a 1474.Sq $ 1475character, then it will be treated as an environment variable containing 1476the path to the library. 1477.It Cm SendEnv 1478Specifies what variables from the local 1479.Xr environ 7 1480should be sent to the server. 1481The server must also support it, and the server must be configured to 1482accept these environment variables. 1483Note that the 1484.Ev TERM 1485environment variable is always sent whenever a 1486pseudo-terminal is requested as it is required by the protocol. 1487Refer to 1488.Cm AcceptEnv 1489in 1490.Xr sshd_config 5 1491for how to configure the server. 1492Variables are specified by name, which may contain wildcard characters. 1493Multiple environment variables may be separated by whitespace or spread 1494across multiple 1495.Cm SendEnv 1496directives. 1497.Pp 1498See 1499.Sx PATTERNS 1500for more information on patterns. 1501.Pp 1502It is possible to clear previously set 1503.Cm SendEnv 1504variable names by prefixing patterns with 1505.Pa - . 1506The default is not to send any environment variables. 1507.It Cm ServerAliveCountMax 1508Sets the number of server alive messages (see below) which may be 1509sent without 1510.Xr ssh 1 1511receiving any messages back from the server. 1512If this threshold is reached while server alive messages are being sent, 1513ssh will disconnect from the server, terminating the session. 1514It is important to note that the use of server alive messages is very 1515different from 1516.Cm TCPKeepAlive 1517(below). 1518The server alive messages are sent through the encrypted channel 1519and therefore will not be spoofable. 1520The TCP keepalive option enabled by 1521.Cm TCPKeepAlive 1522is spoofable. 1523The server alive mechanism is valuable when the client or 1524server depend on knowing when a connection has become unresponsive. 1525.Pp 1526The default value is 3. 1527If, for example, 1528.Cm ServerAliveInterval 1529(see below) is set to 15 and 1530.Cm ServerAliveCountMax 1531is left at the default, if the server becomes unresponsive, 1532ssh will disconnect after approximately 45 seconds. 1533.It Cm ServerAliveInterval 1534Sets a timeout interval in seconds after which if no data has been received 1535from the server, 1536.Xr ssh 1 1537will send a message through the encrypted 1538channel to request a response from the server. 1539The default 1540is 0, indicating that these messages will not be sent to the server. 1541.It Cm SetEnv 1542Directly specify one or more environment variables and their contents to 1543be sent to the server. 1544Similarly to 1545.Cm SendEnv , 1546the server must be prepared to accept the environment variable. 1547.It Cm StreamLocalBindMask 1548Sets the octal file creation mode mask 1549.Pq umask 1550used when creating a Unix-domain socket file for local or remote 1551port forwarding. 1552This option is only used for port forwarding to a Unix-domain socket file. 1553.Pp 1554The default value is 0177, which creates a Unix-domain socket file that is 1555readable and writable only by the owner. 1556Note that not all operating systems honor the file mode on Unix-domain 1557socket files. 1558.It Cm StreamLocalBindUnlink 1559Specifies whether to remove an existing Unix-domain socket file for local 1560or remote port forwarding before creating a new one. 1561If the socket file already exists and 1562.Cm StreamLocalBindUnlink 1563is not enabled, 1564.Nm ssh 1565will be unable to forward the port to the Unix-domain socket file. 1566This option is only used for port forwarding to a Unix-domain socket file. 1567.Pp 1568The argument must be 1569.Cm yes 1570or 1571.Cm no 1572(the default). 1573.It Cm StrictHostKeyChecking 1574If this flag is set to 1575.Cm yes , 1576.Xr ssh 1 1577will never automatically add host keys to the 1578.Pa ~/.ssh/known_hosts 1579file, and refuses to connect to hosts whose host key has changed. 1580This provides maximum protection against man-in-the-middle (MITM) attacks, 1581though it can be annoying when the 1582.Pa /etc/ssh/ssh_known_hosts 1583file is poorly maintained or when connections to new hosts are 1584frequently made. 1585This option forces the user to manually 1586add all new hosts. 1587.Pp 1588If this flag is set to 1589.Dq accept-new 1590then ssh will automatically add new host keys to the user 1591known hosts files, but will not permit connections to hosts with 1592changed host keys. 1593If this flag is set to 1594.Dq no 1595or 1596.Dq off , 1597ssh will automatically add new host keys to the user known hosts files 1598and allow connections to hosts with changed hostkeys to proceed, 1599subject to some restrictions. 1600If this flag is set to 1601.Cm ask 1602(the default), 1603new host keys 1604will be added to the user known host files only after the user 1605has confirmed that is what they really want to do, and 1606ssh will refuse to connect to hosts whose host key has changed. 1607The host keys of 1608known hosts will be verified automatically in all cases. 1609.It Cm SyslogFacility 1610Gives the facility code that is used when logging messages from 1611.Xr ssh 1 . 1612The possible values are: DAEMON, USER, AUTH, LOCAL0, LOCAL1, LOCAL2, 1613LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7. 1614The default is USER. 1615.It Cm TCPKeepAlive 1616Specifies whether the system should send TCP keepalive messages to the 1617other side. 1618If they are sent, death of the connection or crash of one 1619of the machines will be properly noticed. 1620However, this means that 1621connections will die if the route is down temporarily, and some people 1622find it annoying. 1623.Pp 1624The default is 1625.Cm yes 1626(to send TCP keepalive messages), and the client will notice 1627if the network goes down or the remote host dies. 1628This is important in scripts, and many users want it too. 1629.Pp 1630To disable TCP keepalive messages, the value should be set to 1631.Cm no . 1632See also 1633.Cm ServerAliveInterval 1634for protocol-level keepalives. 1635.It Cm Tunnel 1636Request 1637.Xr tun 4 1638device forwarding between the client and the server. 1639The argument must be 1640.Cm yes , 1641.Cm point-to-point 1642(layer 3), 1643.Cm ethernet 1644(layer 2), 1645or 1646.Cm no 1647(the default). 1648Specifying 1649.Cm yes 1650requests the default tunnel mode, which is 1651.Cm point-to-point . 1652.It Cm TunnelDevice 1653Specifies the 1654.Xr tun 4 1655devices to open on the client 1656.Pq Ar local_tun 1657and the server 1658.Pq Ar remote_tun . 1659.Pp 1660The argument must be 1661.Sm off 1662.Ar local_tun Op : Ar remote_tun . 1663.Sm on 1664The devices may be specified by numerical ID or the keyword 1665.Cm any , 1666which uses the next available tunnel device. 1667If 1668.Ar remote_tun 1669is not specified, it defaults to 1670.Cm any . 1671The default is 1672.Cm any:any . 1673.It Cm UpdateHostKeys 1674Specifies whether 1675.Xr ssh 1 1676should accept notifications of additional hostkeys from the server sent 1677after authentication has completed and add them to 1678.Cm UserKnownHostsFile . 1679The argument must be 1680.Cm yes , 1681.Cm no 1682or 1683.Cm ask . 1684This option allows learning alternate hostkeys for a server 1685and supports graceful key rotation by allowing a server to send replacement 1686public keys before old ones are removed. 1687Additional hostkeys are only accepted if the key used to authenticate the 1688host was already trusted or explicitly accepted by the user. 1689.Pp 1690.Cm UpdateHostKeys 1691is enabled by default if the user has not overridden the default 1692.Cm UserKnownHostsFile 1693setting, otherwise 1694.Cm UpdateHostKeys 1695will be set to 1696.Cm ask . 1697.Pp 1698If 1699.Cm UpdateHostKeys 1700is set to 1701.Cm ask , 1702then the user is asked to confirm the modifications to the known_hosts file. 1703Confirmation is currently incompatible with 1704.Cm ControlPersist , 1705and will be disabled if it is enabled. 1706.Pp 1707Presently, only 1708.Xr sshd 8 1709from OpenSSH 6.8 and greater support the 1710.Qq hostkeys@openssh.com 1711protocol extension used to inform the client of all the server's hostkeys. 1712.It Cm User 1713Specifies the user to log in as. 1714This can be useful when a different user name is used on different machines. 1715This saves the trouble of 1716having to remember to give the user name on the command line. 1717.It Cm UserKnownHostsFile 1718Specifies one or more files to use for the user 1719host key database, separated by whitespace. 1720The default is 1721.Pa ~/.ssh/known_hosts , 1722.Pa ~/.ssh/known_hosts2 . 1723.It Cm VerifyHostKeyDNS 1724Specifies whether to verify the remote key using DNS and SSHFP resource 1725records. 1726If this option is set to 1727.Cm yes , 1728the client will implicitly trust keys that match a secure fingerprint 1729from DNS. 1730Insecure fingerprints will be handled as if this option was set to 1731.Cm ask . 1732If this option is set to 1733.Cm ask , 1734information on fingerprint match will be displayed, but the user will still 1735need to confirm new host keys according to the 1736.Cm StrictHostKeyChecking 1737option. 1738The default is 1739.Cm no . 1740.Pp 1741See also 1742.Sx VERIFYING HOST KEYS 1743in 1744.Xr ssh 1 . 1745.It Cm VisualHostKey 1746If this flag is set to 1747.Cm yes , 1748an ASCII art representation of the remote host key fingerprint is 1749printed in addition to the fingerprint string at login and 1750for unknown host keys. 1751If this flag is set to 1752.Cm no 1753(the default), 1754no fingerprint strings are printed at login and 1755only the fingerprint string will be printed for unknown host keys. 1756.It Cm XAuthLocation 1757Specifies the full pathname of the 1758.Xr xauth 1 1759program. 1760The default is 1761.Pa /usr/X11R6/bin/xauth . 1762.El 1763.Sh PATTERNS 1764A 1765.Em pattern 1766consists of zero or more non-whitespace characters, 1767.Sq * 1768(a wildcard that matches zero or more characters), 1769or 1770.Sq ?\& 1771(a wildcard that matches exactly one character). 1772For example, to specify a set of declarations for any host in the 1773.Qq .co.uk 1774set of domains, 1775the following pattern could be used: 1776.Pp 1777.Dl Host *.co.uk 1778.Pp 1779The following pattern 1780would match any host in the 192.168.0.[0-9] network range: 1781.Pp 1782.Dl Host 192.168.0.? 1783.Pp 1784A 1785.Em pattern-list 1786is a comma-separated list of patterns. 1787Patterns within pattern-lists may be negated 1788by preceding them with an exclamation mark 1789.Pq Sq !\& . 1790For example, 1791to allow a key to be used from anywhere within an organization 1792except from the 1793.Qq dialup 1794pool, 1795the following entry (in authorized_keys) could be used: 1796.Pp 1797.Dl from=\&"!*.dialup.example.com,*.example.com\&" 1798.Pp 1799Note that a negated match will never produce a positive result by itself. 1800For example, attempting to match 1801.Qq host3 1802against the following pattern-list will fail: 1803.Pp 1804.Dl from=\&"!host1,!host2\&" 1805.Pp 1806The solution here is to include a term that will yield a positive match, 1807such as a wildcard: 1808.Pp 1809.Dl from=\&"!host1,!host2,*\&" 1810.Sh TOKENS 1811Arguments to some keywords can make use of tokens, 1812which are expanded at runtime: 1813.Pp 1814.Bl -tag -width XXXX -offset indent -compact 1815.It %% 1816A literal 1817.Sq % . 1818.It \&%C 1819Hash of %l%h%p%r. 1820.It %d 1821Local user's home directory. 1822.It %h 1823The remote hostname. 1824.It %i 1825The local user ID. 1826.It %L 1827The local hostname. 1828.It %l 1829The local hostname, including the domain name. 1830.It %n 1831The original remote hostname, as given on the command line. 1832.It %p 1833The remote port. 1834.It %r 1835The remote username. 1836.It \&%T 1837The local 1838.Xr tun 4 1839or 1840.Xr tap 4 1841network interface assigned if 1842tunnel forwarding was requested, or 1843.Qq NONE 1844otherwise. 1845.It %u 1846The local username. 1847.El 1848.Pp 1849.Cm Match exec 1850accepts the tokens %%, %h, %i, %L, %l, %n, %p, %r, and %u. 1851.Pp 1852.Cm CertificateFile 1853accepts the tokens %%, %d, %h, %i, %l, %r, and %u. 1854.Pp 1855.Cm ControlPath 1856accepts the tokens %%, %C, %h, %i, %L, %l, %n, %p, %r, and %u. 1857.Pp 1858.Cm Hostname 1859accepts the tokens %% and %h. 1860.Pp 1861.Cm IdentityAgent 1862and 1863.Cm IdentityFile 1864accept the tokens %%, %d, %h, %i, %l, %r, and %u. 1865.Pp 1866.Cm LocalCommand 1867accepts the tokens %%, %C, %d, %h, %i, %l, %n, %p, %r, %T, and %u. 1868.Pp 1869.Cm ProxyCommand 1870accepts the tokens %%, %h, %n, %p, and %r. 1871.Pp 1872.Cm RemoteCommand 1873accepts the tokens %%, %C, %d, %h, %i, %l, %n, %p, %r, and %u. 1874.Sh FILES 1875.Bl -tag -width Ds 1876.It Pa ~/.ssh/config 1877This is the per-user configuration file. 1878The format of this file is described above. 1879This file is used by the SSH client. 1880Because of the potential for abuse, this file must have strict permissions: 1881read/write for the user, and not writable by others. 1882.It Pa /etc/ssh/ssh_config 1883Systemwide configuration file. 1884This file provides defaults for those 1885values that are not specified in the user's configuration file, and 1886for those users who do not have a configuration file. 1887This file must be world-readable. 1888.El 1889.Sh SEE ALSO 1890.Xr ssh 1 1891.Sh AUTHORS 1892.An -nosplit 1893OpenSSH is a derivative of the original and free 1894ssh 1.2.12 release by 1895.An Tatu Ylonen . 1896.An Aaron Campbell , Bob Beck , Markus Friedl , 1897.An Niels Provos , Theo de Raadt 1898and 1899.An Dug Song 1900removed many bugs, re-added newer features and 1901created OpenSSH. 1902.An Markus Friedl 1903contributed the support for SSH protocol versions 1.5 and 2.0. 1904