| version 1.1.2.3, 2002/10/11 14:53:07 |
version 1.2, 2002/08/17 23:55:01 |
|
|
| .Sh SYNOPSIS |
.Sh SYNOPSIS |
| .Bl -tag -width Ds -compact |
.Bl -tag -width Ds -compact |
| .It Pa $HOME/.ssh/config |
.It Pa $HOME/.ssh/config |
| .It Pa /etc/ssh_config |
.It Pa /etc/ssh/ssh_config |
| .El |
.El |
| .Sh DESCRIPTION |
.Sh DESCRIPTION |
| .Nm ssh |
.Nm ssh |
|
|
| .Pq Pa $HOME/.ssh/config |
.Pq Pa $HOME/.ssh/config |
| .It |
.It |
| system-wide configuration file |
system-wide configuration file |
| .Pq Pa /etc/ssh_config |
.Pq Pa /etc/ssh/ssh_config |
| .El |
.El |
| .Pp |
.Pp |
| For each parameter, the first obtained value |
For each parameter, the first obtained value |
|
|
| .Dq no . |
.Dq no . |
| The default is |
The default is |
| .Dq no . |
.Dq no . |
| .Pp |
|
| Agent forwarding should be enabled with caution. Users with the |
|
| ability to bypass file permissions on the remote host (for the agent's |
|
| Unix-domain socket) can access the local agent through the forwarded |
|
| connection. An attacker cannot obtain key material from the agent, |
|
| however they can perform operations on the keys that enable them to |
|
| authenticate using the identities loaded into the agent. |
|
| .It Cm ForwardX11 |
.It Cm ForwardX11 |
| Specifies whether X11 connections will be automatically redirected |
Specifies whether X11 connections will be automatically redirected |
| over the secure channel and |
over the secure channel and |
|
|
| .Dq no . |
.Dq no . |
| The default is |
The default is |
| .Dq no . |
.Dq no . |
| .Pp |
|
| X11 forwarding should be enabled with caution. Users with the ability |
|
| to bypass file permissions on the remote host (for the user's X |
|
| authorization database) can access the local X11 display through the |
|
| forwarded connection. An attacker may then be able to perform |
|
| activities such as keystroke monitoring. |
|
| .It Cm GatewayPorts |
.It Cm GatewayPorts |
| Specifies whether remote hosts are allowed to connect to local |
Specifies whether remote hosts are allowed to connect to local |
| forwarded ports. |
forwarded ports. |
|
|
| .It Cm GlobalKnownHostsFile |
.It Cm GlobalKnownHostsFile |
| Specifies a file to use for the global |
Specifies a file to use for the global |
| host key database instead of |
host key database instead of |
| .Pa /etc/ssh_known_hosts . |
.Pa /etc/ssh/ssh_known_hosts . |
| .It Cm HostbasedAuthentication |
.It Cm HostbasedAuthentication |
| Specifies whether to try rhosts based authentication with public key |
Specifies whether to try rhosts based authentication with public key |
| authentication. |
authentication. |
|
|
| .Dq no . |
.Dq no . |
| The default is |
The default is |
| .Dq no . |
.Dq no . |
| This option applies to protocol version 1 only and requires |
This option applies to protocol version 1 only. |
| .Nm ssh |
|
| to be setuid root and |
|
| .Cm UsePrivilegedPort |
|
| to be set to |
|
| .Dq yes . |
|
| .It Cm RhostsRSAAuthentication |
.It Cm RhostsRSAAuthentication |
| Specifies whether to try rhosts based authentication with RSA host |
Specifies whether to try rhosts based authentication with RSA host |
| authentication. |
authentication. |
|
|
| file, and refuses to connect to hosts whose host key has changed. |
file, and refuses to connect to hosts whose host key has changed. |
| This provides maximum protection against trojan horse attacks, |
This provides maximum protection against trojan horse attacks, |
| however, can be annoying when the |
however, can be annoying when the |
| .Pa /etc/ssh_known_hosts |
.Pa /etc/ssh/ssh_known_hosts |
| file is poorly maintained, or connections to new hosts are |
file is poorly maintained, or connections to new hosts are |
| frequently made. |
frequently made. |
| This option forces the user to manually |
This option forces the user to manually |
|
|
| .Dq no . |
.Dq no . |
| The default is |
The default is |
| .Dq no . |
.Dq no . |
| If set to |
|
| .Dq yes |
|
| .Nm ssh |
|
| must be setuid root. |
|
| Note that this option must be set to |
Note that this option must be set to |
| .Dq yes |
.Dq yes |
| if |
if |
|
|
| host key database instead of |
host key database instead of |
| .Pa $HOME/.ssh/known_hosts . |
.Pa $HOME/.ssh/known_hosts . |
| .It Cm XAuthLocation |
.It Cm XAuthLocation |
| Specifies the full pathname of the |
Specifies the location of the |
| .Xr xauth 1 |
.Xr xauth 1 |
| program. |
program. |
| The default is |
The default is |
|
|
| This file does not usually contain any sensitive information, |
This file does not usually contain any sensitive information, |
| but the recommended permissions are read/write for the user, and not |
but the recommended permissions are read/write for the user, and not |
| accessible by others. |
accessible by others. |
| .It Pa /etc/ssh_config |
.It Pa /etc/ssh/ssh_config |
| Systemwide configuration file. |
Systemwide configuration file. |
| This file provides defaults for those |
This file provides defaults for those |
| values that are not specified in the user's configuration file, and |
values that are not specified in the user's configuration file, and |
![[BACK]](/icons/back.gif){kind=icon}
Return to ssh_config.5 CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / src / usr.bin / ssh