version 1.238, 2016/09/22 17:55:13 |
version 1.239, 2016/09/28 17:59:22 |
|
|
keyword executes the specified command under the user's shell. |
keyword executes the specified command under the user's shell. |
If the command returns a zero exit status then the condition is considered true. |
If the command returns a zero exit status then the condition is considered true. |
Commands containing whitespace characters must be quoted. |
Commands containing whitespace characters must be quoted. |
The following character sequences in the command will be expanded prior to |
Arguments to |
execution: |
.Cm exec |
.Ql %L |
accept the tokens described in the |
will be substituted by the first component of the local host name, |
.Sx TOKENS |
.Ql %l |
section. |
will be substituted by the local host name (including any domain name), |
|
.Ql %h |
|
will be substituted by the target host name, |
|
.Ql %n |
|
will be substituted by the original target host name |
|
specified on the command-line, |
|
.Ql %p |
|
the destination port, |
|
.Ql %r |
|
by the remote login username, and |
|
.Ql %u |
|
by the username of the user running |
|
.Xr ssh 1 . |
|
.Pp |
.Pp |
The other keywords' criteria must be single entries or comma-separated |
The other keywords' criteria must be single entries or comma-separated |
lists and may use the wildcard and negation operators described in the |
lists and may use the wildcard and negation operators described in the |
|
|
or via a |
or via a |
.Cm PKCS11Provider . |
.Cm PKCS11Provider . |
.Pp |
.Pp |
The file name may use the tilde |
Arguments to |
syntax to refer to a user's home directory or one of the following |
.Cm CertificateFile |
escape characters: |
may use the tilde syntax to refer to a user's home directory |
.Ql %d |
or the tokens described in the |
(local user's home directory), |
.Sx TOKENS |
.Ql %u |
section. |
(local user name), |
|
.Ql %l |
|
(local host name), |
|
.Ql %h |
|
(remote host name) or |
|
.Ql %r |
|
(remote user name). |
|
.Pp |
.Pp |
It is possible to have multiple certificate files specified in |
It is possible to have multiple certificate files specified in |
configuration files; these certificates will be tried in sequence. |
configuration files; these certificates will be tried in sequence. |
|
|
section above or the string |
section above or the string |
.Dq none |
.Dq none |
to disable connection sharing. |
to disable connection sharing. |
In the path, |
Arguments to |
.Ql %L |
.Cm ControlPath |
will be substituted by the first component of the local host name, |
may use the tilde syntax to refer to a user's home directory |
.Ql %l |
or the tokens described in the |
will be substituted by the local host name (including any domain name), |
.Sx TOKENS |
.Ql %h |
section. |
will be substituted by the target host name, |
|
.Ql %n |
|
will be substituted by the original target host name |
|
specified on the command line, |
|
.Ql %p |
|
the destination port, |
|
.Ql %r |
|
by the remote login username, |
|
.Ql %u |
|
by the username and |
|
.Ql %i |
|
by the numeric user ID (uid) of the user running |
|
.Xr ssh 1 , |
|
and |
|
.Ql \&%C |
|
by a hash of the concatenation: %l%h%p%r. |
|
It is recommended that any |
It is recommended that any |
.Cm ControlPath |
.Cm ControlPath |
used for opportunistic connection sharing include |
used for opportunistic connection sharing include |
|
|
.It Cm HostName |
.It Cm HostName |
Specifies the real host name to log into. |
Specifies the real host name to log into. |
This can be used to specify nicknames or abbreviations for hosts. |
This can be used to specify nicknames or abbreviations for hosts. |
If the hostname contains the character sequence |
Arguments to |
.Ql %h , |
.Cm HostName |
then this will be replaced with the host name specified on the command line |
accept the tokens described in the |
(this is useful for manipulating unqualified names). |
.Sx TOKENS |
The character sequence |
section. |
.Ql %% |
|
will be replaced by a single |
|
.Ql % |
|
character, which may be used when specifying IPv6 link-local addresses. |
|
.Pp |
|
The default is the name given on the command line. |
|
Numeric IP addresses are also permitted (both on the command line and in |
Numeric IP addresses are also permitted (both on the command line and in |
.Cm HostName |
.Cm HostName |
specifications). |
specifications). |
|
The default is the name given on the command line. |
.It Cm IdentitiesOnly |
.It Cm IdentitiesOnly |
Specifies that |
Specifies that |
.Xr ssh 1 |
.Xr ssh 1 |
|
|
.Ev SSH_AUTH_SOCK |
.Ev SSH_AUTH_SOCK |
environment variable. |
environment variable. |
.Pp |
.Pp |
The socket name may use the tilde |
Arguments to |
syntax to refer to a user's home directory or one of the following |
.Cm IdentityAgent |
escape characters: |
may use the tilde syntax to refer to a user's home directory |
.Ql %d |
or the tokens described in the |
(local user's home directory), |
.Sx TOKENS |
.Ql %u |
section. |
(local user name), |
|
.Ql %l |
|
(local host name), |
|
.Ql %h |
|
(remote host name) or |
|
.Ql %r |
|
(remote user name). |
|
.It Cm IdentityFile |
.It Cm IdentityFile |
Specifies a file from which the user's DSA, ECDSA, Ed25519 or RSA authentication |
Specifies a file from which the user's DSA, ECDSA, Ed25519 or RSA authentication |
identity is read. |
identity is read. |
|
|
to the path of a specified |
to the path of a specified |
.Cm IdentityFile . |
.Cm IdentityFile . |
.Pp |
.Pp |
The file name may use the tilde |
Arguments to |
syntax to refer to a user's home directory or one of the following |
.Cm IdentityFile |
escape characters: |
may use the tilde syntax to refer to a user's home directory |
.Ql %d |
or the tokens described in the |
(local user's home directory), |
.Sx TOKENS |
.Ql %u |
section. |
(local user name), |
|
.Ql %l |
|
(local host name), |
|
.Ql %h |
|
(remote host name) or |
|
.Ql %r |
|
(remote user name). |
|
.Pp |
.Pp |
It is possible to have |
It is possible to have |
multiple identity files specified in configuration files; all these |
multiple identity files specified in configuration files; all these |
|
|
connecting to the server. |
connecting to the server. |
The command string extends to the end of the line, and is executed with |
The command string extends to the end of the line, and is executed with |
the user's shell. |
the user's shell. |
The following escape character substitutions will be performed: |
Arguments to |
.Ql %d |
.Cm LocalCommand |
(local user's home directory), |
accept the tokens described in the |
.Ql %h |
.Sx TOKENS |
(remote host name), |
section. |
.Ql %l |
|
(local host name), |
|
.Ql %n |
|
(host name as provided on the command line), |
|
.Ql %p |
|
(remote port), |
|
.Ql %r |
|
(remote user name) or |
|
.Ql %u |
|
(local user name) or |
|
.Ql \&%C |
|
by a hash of the concatenation: %l%h%p%r. |
|
.Pp |
.Pp |
The command is run synchronously and does not have access to the |
The command is run synchronously and does not have access to the |
session of the |
session of the |
|
|
.Ql exec |
.Ql exec |
directive to avoid a lingering shell process. |
directive to avoid a lingering shell process. |
.Pp |
.Pp |
In the command string, any occurrence of |
Arguments to |
.Ql %h |
.Cm ProxyCommand |
will be substituted by the host name to |
accept the tokens described in the |
connect, |
.Sx TOKENS |
.Ql %p |
section. |
by the port, and |
|
.Ql %r |
|
by the remote user name. |
|
The command can be basically anything, |
The command can be basically anything, |
and should read from its standard input and write to its standard output. |
and should read from its standard input and write to its standard output. |
It should eventually connect an |
It should eventually connect an |
|
|
the following entry (in authorized_keys) could be used: |
the following entry (in authorized_keys) could be used: |
.Pp |
.Pp |
.Dl from=\&"!*.dialup.example.com,*.example.com\&" |
.Dl from=\&"!*.dialup.example.com,*.example.com\&" |
|
.Sh TOKENS |
|
Arguments to some keywords can make use of tokens, |
|
which are expanded at runtime: |
|
.Pp |
|
.Bl -tag -width XXXX -offset indent -compact |
|
.It %% |
|
A literal |
|
.Sq % . |
|
.It \&%C |
|
Shorthand for %l%h%p%r. |
|
.It %d |
|
Local user's home directory. |
|
.It %h |
|
The remote hostname. |
|
.It %i |
|
The local user ID. |
|
.It %L |
|
The local hostname. |
|
.It %l |
|
The local hostname, including the domain name. |
|
.It %n |
|
The original remote hostname, as given on the command line. |
|
.It %p |
|
The remote port. |
|
.It %r |
|
The remote username. |
|
.It %u |
|
The local username. |
|
.El |
|
.Pp |
|
.Cm Match exec |
|
accepts the tokens %%, %h, %L, %l, %n, %p, %r, and %u. |
|
.Pp |
|
.Cm CertificateFile |
|
accepts the tokens %%, %d, %h, %l, %r, and %u. |
|
.Pp |
|
.Cm ControlPath |
|
accepts the tokens %%, %C, %h, %i, %L, %l, %n, %p, %r, and %u. |
|
.Pp |
|
.Cm HostName |
|
accepts the tokens %% and %h. |
|
.Pp |
|
.Cm IdentityAgent |
|
and |
|
.Cm IdentityFile |
|
accept the tokens %%, %d, %h, %l, %r, and %u. |
|
.Pp |
|
.Cm LocalCommand |
|
accepts the tokens %%, %C, %d, %h, %l, %n, %p, %r, and %u. |
|
.Pp |
|
.Cm ProxyCommand |
|
accepts the tokens %%, %h, %p, and %r. |
.Sh FILES |
.Sh FILES |
.Bl -tag -width Ds |
.Bl -tag -width Ds |
.It Pa ~/.ssh/config |
.It Pa ~/.ssh/config |