| version 1.238, 2016/09/22 17:55:13 |
version 1.239, 2016/09/28 17:59:22 |
|
|
| keyword executes the specified command under the user's shell. |
keyword executes the specified command under the user's shell. |
| If the command returns a zero exit status then the condition is considered true. |
If the command returns a zero exit status then the condition is considered true. |
| Commands containing whitespace characters must be quoted. |
Commands containing whitespace characters must be quoted. |
| The following character sequences in the command will be expanded prior to |
Arguments to |
| execution: |
.Cm exec |
| .Ql %L |
accept the tokens described in the |
| will be substituted by the first component of the local host name, |
.Sx TOKENS |
| .Ql %l |
section. |
| will be substituted by the local host name (including any domain name), |
|
| .Ql %h |
|
| will be substituted by the target host name, |
|
| .Ql %n |
|
| will be substituted by the original target host name |
|
| specified on the command-line, |
|
| .Ql %p |
|
| the destination port, |
|
| .Ql %r |
|
| by the remote login username, and |
|
| .Ql %u |
|
| by the username of the user running |
|
| .Xr ssh 1 . |
|
| .Pp |
.Pp |
| The other keywords' criteria must be single entries or comma-separated |
The other keywords' criteria must be single entries or comma-separated |
| lists and may use the wildcard and negation operators described in the |
lists and may use the wildcard and negation operators described in the |
|
|
| or via a |
or via a |
| .Cm PKCS11Provider . |
.Cm PKCS11Provider . |
| .Pp |
.Pp |
| The file name may use the tilde |
Arguments to |
| syntax to refer to a user's home directory or one of the following |
.Cm CertificateFile |
| escape characters: |
may use the tilde syntax to refer to a user's home directory |
| .Ql %d |
or the tokens described in the |
| (local user's home directory), |
.Sx TOKENS |
| .Ql %u |
section. |
| (local user name), |
|
| .Ql %l |
|
| (local host name), |
|
| .Ql %h |
|
| (remote host name) or |
|
| .Ql %r |
|
| (remote user name). |
|
| .Pp |
.Pp |
| It is possible to have multiple certificate files specified in |
It is possible to have multiple certificate files specified in |
| configuration files; these certificates will be tried in sequence. |
configuration files; these certificates will be tried in sequence. |
|
|
| section above or the string |
section above or the string |
| .Dq none |
.Dq none |
| to disable connection sharing. |
to disable connection sharing. |
| In the path, |
Arguments to |
| .Ql %L |
.Cm ControlPath |
| will be substituted by the first component of the local host name, |
may use the tilde syntax to refer to a user's home directory |
| .Ql %l |
or the tokens described in the |
| will be substituted by the local host name (including any domain name), |
.Sx TOKENS |
| .Ql %h |
section. |
| will be substituted by the target host name, |
|
| .Ql %n |
|
| will be substituted by the original target host name |
|
| specified on the command line, |
|
| .Ql %p |
|
| the destination port, |
|
| .Ql %r |
|
| by the remote login username, |
|
| .Ql %u |
|
| by the username and |
|
| .Ql %i |
|
| by the numeric user ID (uid) of the user running |
|
| .Xr ssh 1 , |
|
| and |
|
| .Ql \&%C |
|
| by a hash of the concatenation: %l%h%p%r. |
|
| It is recommended that any |
It is recommended that any |
| .Cm ControlPath |
.Cm ControlPath |
| used for opportunistic connection sharing include |
used for opportunistic connection sharing include |
|
|
| .It Cm HostName |
.It Cm HostName |
| Specifies the real host name to log into. |
Specifies the real host name to log into. |
| This can be used to specify nicknames or abbreviations for hosts. |
This can be used to specify nicknames or abbreviations for hosts. |
| If the hostname contains the character sequence |
Arguments to |
| .Ql %h , |
.Cm HostName |
| then this will be replaced with the host name specified on the command line |
accept the tokens described in the |
| (this is useful for manipulating unqualified names). |
.Sx TOKENS |
| The character sequence |
section. |
| .Ql %% |
|
| will be replaced by a single |
|
| .Ql % |
|
| character, which may be used when specifying IPv6 link-local addresses. |
|
| .Pp |
|
| The default is the name given on the command line. |
|
| Numeric IP addresses are also permitted (both on the command line and in |
Numeric IP addresses are also permitted (both on the command line and in |
| .Cm HostName |
.Cm HostName |
| specifications). |
specifications). |
| |
The default is the name given on the command line. |
| .It Cm IdentitiesOnly |
.It Cm IdentitiesOnly |
| Specifies that |
Specifies that |
| .Xr ssh 1 |
.Xr ssh 1 |
|
|
| .Ev SSH_AUTH_SOCK |
.Ev SSH_AUTH_SOCK |
| environment variable. |
environment variable. |
| .Pp |
.Pp |
| The socket name may use the tilde |
Arguments to |
| syntax to refer to a user's home directory or one of the following |
.Cm IdentityAgent |
| escape characters: |
may use the tilde syntax to refer to a user's home directory |
| .Ql %d |
or the tokens described in the |
| (local user's home directory), |
.Sx TOKENS |
| .Ql %u |
section. |
| (local user name), |
|
| .Ql %l |
|
| (local host name), |
|
| .Ql %h |
|
| (remote host name) or |
|
| .Ql %r |
|
| (remote user name). |
|
| .It Cm IdentityFile |
.It Cm IdentityFile |
| Specifies a file from which the user's DSA, ECDSA, Ed25519 or RSA authentication |
Specifies a file from which the user's DSA, ECDSA, Ed25519 or RSA authentication |
| identity is read. |
identity is read. |
|
|
| to the path of a specified |
to the path of a specified |
| .Cm IdentityFile . |
.Cm IdentityFile . |
| .Pp |
.Pp |
| The file name may use the tilde |
Arguments to |
| syntax to refer to a user's home directory or one of the following |
.Cm IdentityFile |
| escape characters: |
may use the tilde syntax to refer to a user's home directory |
| .Ql %d |
or the tokens described in the |
| (local user's home directory), |
.Sx TOKENS |
| .Ql %u |
section. |
| (local user name), |
|
| .Ql %l |
|
| (local host name), |
|
| .Ql %h |
|
| (remote host name) or |
|
| .Ql %r |
|
| (remote user name). |
|
| .Pp |
.Pp |
| It is possible to have |
It is possible to have |
| multiple identity files specified in configuration files; all these |
multiple identity files specified in configuration files; all these |
|
|
| connecting to the server. |
connecting to the server. |
| The command string extends to the end of the line, and is executed with |
The command string extends to the end of the line, and is executed with |
| the user's shell. |
the user's shell. |
| The following escape character substitutions will be performed: |
Arguments to |
| .Ql %d |
.Cm LocalCommand |
| (local user's home directory), |
accept the tokens described in the |
| .Ql %h |
.Sx TOKENS |
| (remote host name), |
section. |
| .Ql %l |
|
| (local host name), |
|
| .Ql %n |
|
| (host name as provided on the command line), |
|
| .Ql %p |
|
| (remote port), |
|
| .Ql %r |
|
| (remote user name) or |
|
| .Ql %u |
|
| (local user name) or |
|
| .Ql \&%C |
|
| by a hash of the concatenation: %l%h%p%r. |
|
| .Pp |
.Pp |
| The command is run synchronously and does not have access to the |
The command is run synchronously and does not have access to the |
| session of the |
session of the |
|
|
| .Ql exec |
.Ql exec |
| directive to avoid a lingering shell process. |
directive to avoid a lingering shell process. |
| .Pp |
.Pp |
| In the command string, any occurrence of |
Arguments to |
| .Ql %h |
.Cm ProxyCommand |
| will be substituted by the host name to |
accept the tokens described in the |
| connect, |
.Sx TOKENS |
| .Ql %p |
section. |
| by the port, and |
|
| .Ql %r |
|
| by the remote user name. |
|
| The command can be basically anything, |
The command can be basically anything, |
| and should read from its standard input and write to its standard output. |
and should read from its standard input and write to its standard output. |
| It should eventually connect an |
It should eventually connect an |
|
|
| the following entry (in authorized_keys) could be used: |
the following entry (in authorized_keys) could be used: |
| .Pp |
.Pp |
| .Dl from=\&"!*.dialup.example.com,*.example.com\&" |
.Dl from=\&"!*.dialup.example.com,*.example.com\&" |
| |
.Sh TOKENS |
| |
Arguments to some keywords can make use of tokens, |
| |
which are expanded at runtime: |
| |
.Pp |
| |
.Bl -tag -width XXXX -offset indent -compact |
| |
.It %% |
| |
A literal |
| |
.Sq % . |
| |
.It \&%C |
| |
Shorthand for %l%h%p%r. |
| |
.It %d |
| |
Local user's home directory. |
| |
.It %h |
| |
The remote hostname. |
| |
.It %i |
| |
The local user ID. |
| |
.It %L |
| |
The local hostname. |
| |
.It %l |
| |
The local hostname, including the domain name. |
| |
.It %n |
| |
The original remote hostname, as given on the command line. |
| |
.It %p |
| |
The remote port. |
| |
.It %r |
| |
The remote username. |
| |
.It %u |
| |
The local username. |
| |
.El |
| |
.Pp |
| |
.Cm Match exec |
| |
accepts the tokens %%, %h, %L, %l, %n, %p, %r, and %u. |
| |
.Pp |
| |
.Cm CertificateFile |
| |
accepts the tokens %%, %d, %h, %l, %r, and %u. |
| |
.Pp |
| |
.Cm ControlPath |
| |
accepts the tokens %%, %C, %h, %i, %L, %l, %n, %p, %r, and %u. |
| |
.Pp |
| |
.Cm HostName |
| |
accepts the tokens %% and %h. |
| |
.Pp |
| |
.Cm IdentityAgent |
| |
and |
| |
.Cm IdentityFile |
| |
accept the tokens %%, %d, %h, %l, %r, and %u. |
| |
.Pp |
| |
.Cm LocalCommand |
| |
accepts the tokens %%, %C, %d, %h, %l, %n, %p, %r, and %u. |
| |
.Pp |
| |
.Cm ProxyCommand |
| |
accepts the tokens %%, %h, %p, and %r. |
| .Sh FILES |
.Sh FILES |
| .Bl -tag -width Ds |
.Bl -tag -width Ds |
| .It Pa ~/.ssh/config |
.It Pa ~/.ssh/config |
![[BACK]](/icons/back.gif){kind=icon}
Return to ssh_config.5 CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / src / usr.bin / ssh