| version 1.1.4.3, 2003/04/03 22:35:18 |
version 1.2, 2002/08/17 23:55:01 |
|
|
| client for interoperability with legacy protocol 1 implementations |
client for interoperability with legacy protocol 1 implementations |
| that do not support the |
that do not support the |
| .Ar 3des |
.Ar 3des |
| cipher. |
cipher. Its use is strongly discouraged due to cryptographic |
| Its use is strongly discouraged due to cryptographic weaknesses. |
weaknesses. |
| The default is |
The default is |
| .Dq 3des . |
.Dq 3des . |
| .It Cm Ciphers |
.It Cm Ciphers |
|
|
| .It Cm ClearAllForwardings |
.It Cm ClearAllForwardings |
| Specifies that all local, remote and dynamic port forwardings |
Specifies that all local, remote and dynamic port forwardings |
| specified in the configuration files or on the command line be |
specified in the configuration files or on the command line be |
| cleared. |
cleared. This option is primarily useful when used from the |
| This option is primarily useful when used from the |
|
| .Nm ssh |
.Nm ssh |
| command line to clear port forwardings set in |
command line to clear port forwardings set in |
| configuration files, and is automatically set by |
configuration files, and is automatically set by |
|
|
| Specifies that a TCP/IP port on the local machine be forwarded |
Specifies that a TCP/IP port on the local machine be forwarded |
| over the secure channel, and the application |
over the secure channel, and the application |
| protocol is then used to determine where to connect to from the |
protocol is then used to determine where to connect to from the |
| remote machine. |
remote machine. The argument must be a port number. |
| The argument must be a port number. |
|
| Currently the SOCKS4 protocol is supported, and |
Currently the SOCKS4 protocol is supported, and |
| .Nm ssh |
.Nm ssh |
| will act as a SOCKS4 server. |
will act as a SOCKS4 server. |
| Multiple forwardings may be specified, and |
Multiple forwardings may be specified, and |
| additional forwardings can be given on the command line. |
additional forwardings can be given on the command line. Only |
| Only the superuser can forward privileged ports. |
the superuser can forward privileged ports. |
| .It Cm EscapeChar |
.It Cm EscapeChar |
| Sets the escape character (default: |
Sets the escape character (default: |
| .Ql ~ ) . |
.Ql ~ ) . |
|
|
| .Dq no . |
.Dq no . |
| The default is |
The default is |
| .Dq no . |
.Dq no . |
| .Pp |
|
| Agent forwarding should be enabled with caution. |
|
| Users with the ability to bypass file permissions on the remote host |
|
| (for the agent's Unix-domain socket) |
|
| can access the local agent through the forwarded connection. |
|
| An attacker cannot obtain key material from the agent, |
|
| however they can perform operations on the keys that enable them to |
|
| authenticate using the identities loaded into the agent. |
|
| .It Cm ForwardX11 |
.It Cm ForwardX11 |
| Specifies whether X11 connections will be automatically redirected |
Specifies whether X11 connections will be automatically redirected |
| over the secure channel and |
over the secure channel and |
|
|
| .Dq no . |
.Dq no . |
| The default is |
The default is |
| .Dq no . |
.Dq no . |
| .Pp |
|
| X11 forwarding should be enabled with caution. |
|
| Users with the ability to bypass file permissions on the remote host |
|
| (for the user's X authorization database) |
|
| can access the local X11 display through the forwarded connection. |
|
| An attacker may then be able to perform activities such as keystroke monitoring. |
|
| .It Cm GatewayPorts |
.It Cm GatewayPorts |
| Specifies whether remote hosts are allowed to connect to local |
Specifies whether remote hosts are allowed to connect to local |
| forwarded ports. |
forwarded ports. |
| By default, |
By default, |
| .Nm ssh |
.Nm ssh |
| binds local port forwardings to the loopback address. |
binds local port forwardings to the loopback address. This |
| This prevents other remote hosts from connecting to forwarded ports. |
prevents other remote hosts from connecting to forwarded ports. |
| .Cm GatewayPorts |
.Cm GatewayPorts |
| can be used to specify that |
can be used to specify that |
| .Nm ssh |
.Nm ssh |
|
|
| .Nm ssh . |
.Nm ssh . |
| The possible values are: |
The possible values are: |
| QUIET, FATAL, ERROR, INFO, VERBOSE, DEBUG, DEBUG1, DEBUG2 and DEBUG3. |
QUIET, FATAL, ERROR, INFO, VERBOSE, DEBUG, DEBUG1, DEBUG2 and DEBUG3. |
| The default is INFO. |
The default is INFO. DEBUG and DEBUG1 are equivalent. DEBUG2 |
| DEBUG and DEBUG1 are equivalent. |
and DEBUG3 each specify higher levels of verbose output. |
| DEBUG2 and DEBUG3 each specify higher levels of verbose output. |
|
| .It Cm MACs |
.It Cm MACs |
| Specifies the MAC (message authentication code) algorithms |
Specifies the MAC (message authentication code) algorithms |
| in order of preference. |
in order of preference. |
|
|
| Host key management will be done using the |
Host key management will be done using the |
| HostName of the host being connected (defaulting to the name typed by |
HostName of the host being connected (defaulting to the name typed by |
| the user). |
the user). |
| Setting the command to |
|
| .Dq none |
|
| disables this option entirely. |
|
| Note that |
Note that |
| .Cm CheckHostIP |
.Cm CheckHostIP |
| is not available for connects with a proxy command. |
is not available for connects with a proxy command. |
|
|
| .Dq no . |
.Dq no . |
| The default is |
The default is |
| .Dq no . |
.Dq no . |
| This option applies to protocol version 1 only and requires |
This option applies to protocol version 1 only. |
| .Nm ssh |
|
| to be setuid root and |
|
| .Cm UsePrivilegedPort |
|
| to be set to |
|
| .Dq yes . |
|
| .It Cm RhostsRSAAuthentication |
.It Cm RhostsRSAAuthentication |
| Specifies whether to try rhosts based authentication with RSA host |
Specifies whether to try rhosts based authentication with RSA host |
| authentication. |
authentication. |
|
|
| .Dq no . |
.Dq no . |
| The default is |
The default is |
| .Dq no . |
.Dq no . |
| If set to |
|
| .Dq yes |
|
| .Nm ssh |
|
| must be setuid root. |
|
| Note that this option must be set to |
Note that this option must be set to |
| .Dq yes |
.Dq yes |
| if |
if |
|
|
| host key database instead of |
host key database instead of |
| .Pa $HOME/.ssh/known_hosts . |
.Pa $HOME/.ssh/known_hosts . |
| .It Cm XAuthLocation |
.It Cm XAuthLocation |
| Specifies the full pathname of the |
Specifies the location of the |
| .Xr xauth 1 |
.Xr xauth 1 |
| program. |
program. |
| The default is |
The default is |
![[BACK]](/icons/back.gif){kind=icon}
Return to ssh_config.5 CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / src / usr.bin / ssh