version 1.1.2.2, 2002/06/26 18:22:36 |
version 1.1.2.3, 2002/10/11 14:53:07 |
|
|
.Nm ssh |
.Nm ssh |
obtains configuration data from the following sources in |
obtains configuration data from the following sources in |
the following order: |
the following order: |
command line options, user's configuration file |
.Bl -enum -offset indent -compact |
.Pq Pa $HOME/.ssh/config , |
.It |
and system-wide configuration file |
command-line options |
.Pq Pa /etc/ssh_config . |
.It |
|
user's configuration file |
|
.Pq Pa $HOME/.ssh/config |
|
.It |
|
system-wide configuration file |
|
.Pq Pa /etc/ssh_config |
|
.El |
.Pp |
.Pp |
For each parameter, the first obtained value |
For each parameter, the first obtained value |
will be used. |
will be used. |
|
|
.Dq no . |
.Dq no . |
The default is |
The default is |
.Dq no . |
.Dq no . |
|
.Pp |
|
Agent forwarding should be enabled with caution. Users with the |
|
ability to bypass file permissions on the remote host (for the agent's |
|
Unix-domain socket) can access the local agent through the forwarded |
|
connection. An attacker cannot obtain key material from the agent, |
|
however they can perform operations on the keys that enable them to |
|
authenticate using the identities loaded into the agent. |
.It Cm ForwardX11 |
.It Cm ForwardX11 |
Specifies whether X11 connections will be automatically redirected |
Specifies whether X11 connections will be automatically redirected |
over the secure channel and |
over the secure channel and |
|
|
.Dq no . |
.Dq no . |
The default is |
The default is |
.Dq no . |
.Dq no . |
|
.Pp |
|
X11 forwarding should be enabled with caution. Users with the ability |
|
to bypass file permissions on the remote host (for the user's X |
|
authorization database) can access the local X11 display through the |
|
forwarded connection. An attacker may then be able to perform |
|
activities such as keystroke monitoring. |
.It Cm GatewayPorts |
.It Cm GatewayPorts |
Specifies whether remote hosts are allowed to connect to local |
Specifies whether remote hosts are allowed to connect to local |
forwarded ports. |
forwarded ports. |
|
|
.Dq no . |
.Dq no . |
The default is |
The default is |
.Dq no . |
.Dq no . |
This option applies to protocol version 1 only. |
This option applies to protocol version 1 only and requires |
|
.Nm ssh |
|
to be setuid root and |
|
.Cm UsePrivilegedPort |
|
to be set to |
|
.Dq yes . |
.It Cm RhostsRSAAuthentication |
.It Cm RhostsRSAAuthentication |
Specifies whether to try rhosts based authentication with RSA host |
Specifies whether to try rhosts based authentication with RSA host |
authentication. |
authentication. |
|
|
.Dq no . |
.Dq no . |
The default is |
The default is |
.Dq no . |
.Dq no . |
|
If set to |
|
.Dq yes |
|
.Nm ssh |
|
must be setuid root. |
Note that this option must be set to |
Note that this option must be set to |
.Dq yes |
.Dq yes |
if |
if |
|
|
host key database instead of |
host key database instead of |
.Pa $HOME/.ssh/known_hosts . |
.Pa $HOME/.ssh/known_hosts . |
.It Cm XAuthLocation |
.It Cm XAuthLocation |
Specifies the location of the |
Specifies the full pathname of the |
.Xr xauth 1 |
.Xr xauth 1 |
program. |
program. |
The default is |
The default is |