| version 1.1.4.1, 2002/06/26 15:30:39 |
version 1.1.4.2, 2002/10/11 14:51:53 |
|
|
| .Nm ssh |
.Nm ssh |
| obtains configuration data from the following sources in |
obtains configuration data from the following sources in |
| the following order: |
the following order: |
| command line options, user's configuration file |
.Bl -enum -offset indent -compact |
| .Pq Pa $HOME/.ssh/config , |
.It |
| and system-wide configuration file |
command-line options |
| .Pq Pa /etc/ssh/ssh_config . |
.It |
| |
user's configuration file |
| |
.Pq Pa $HOME/.ssh/config |
| |
.It |
| |
system-wide configuration file |
| |
.Pq Pa /etc/ssh/ssh_config |
| |
.El |
| .Pp |
.Pp |
| For each parameter, the first obtained value |
For each parameter, the first obtained value |
| will be used. |
will be used. |
|
|
| .Dq no . |
.Dq no . |
| The default is |
The default is |
| .Dq no . |
.Dq no . |
| |
.Pp |
| |
Agent forwarding should be enabled with caution. Users with the |
| |
ability to bypass file permissions on the remote host (for the agent's |
| |
Unix-domain socket) can access the local agent through the forwarded |
| |
connection. An attacker cannot obtain key material from the agent, |
| |
however they can perform operations on the keys that enable them to |
| |
authenticate using the identities loaded into the agent. |
| .It Cm ForwardX11 |
.It Cm ForwardX11 |
| Specifies whether X11 connections will be automatically redirected |
Specifies whether X11 connections will be automatically redirected |
| over the secure channel and |
over the secure channel and |
|
|
| .Dq no . |
.Dq no . |
| The default is |
The default is |
| .Dq no . |
.Dq no . |
| |
.Pp |
| |
X11 forwarding should be enabled with caution. Users with the ability |
| |
to bypass file permissions on the remote host (for the user's X |
| |
authorization database) can access the local X11 display through the |
| |
forwarded connection. An attacker may then be able to perform |
| |
activities such as keystroke monitoring. |
| .It Cm GatewayPorts |
.It Cm GatewayPorts |
| Specifies whether remote hosts are allowed to connect to local |
Specifies whether remote hosts are allowed to connect to local |
| forwarded ports. |
forwarded ports. |
|
|
| .Dq no . |
.Dq no . |
| The default is |
The default is |
| .Dq no . |
.Dq no . |
| This option applies to protocol version 1 only. |
This option applies to protocol version 1 only and requires |
| |
.Nm ssh |
| |
to be setuid root and |
| |
.Cm UsePrivilegedPort |
| |
to be set to |
| |
.Dq yes . |
| .It Cm RhostsRSAAuthentication |
.It Cm RhostsRSAAuthentication |
| Specifies whether to try rhosts based authentication with RSA host |
Specifies whether to try rhosts based authentication with RSA host |
| authentication. |
authentication. |
|
|
| .Dq no . |
.Dq no . |
| The default is |
The default is |
| .Dq no . |
.Dq no . |
| |
If set to |
| |
.Dq yes |
| |
.Nm ssh |
| |
must be setuid root. |
| Note that this option must be set to |
Note that this option must be set to |
| .Dq yes |
.Dq yes |
| if |
if |
|
|
| host key database instead of |
host key database instead of |
| .Pa $HOME/.ssh/known_hosts . |
.Pa $HOME/.ssh/known_hosts . |
| .It Cm XAuthLocation |
.It Cm XAuthLocation |
| Specifies the location of the |
Specifies the full pathname of the |
| .Xr xauth 1 |
.Xr xauth 1 |
| program. |
program. |
| The default is |
The default is |
![[BACK]](/icons/back.gif){kind=icon}
Return to ssh_config.5 CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / src / usr.bin / ssh