version 1.61, 2005/07/08 12:53:10 |
version 1.61.2.1, 2006/02/03 03:01:58 |
|
|
set to |
set to |
.Dq no |
.Dq no |
(the default). |
(the default). |
These sessions will reuse the master instance's network connection rather |
These sessions will try to reuse the master instance's network connection |
than initiating new ones. |
rather than initiating new ones, but will fall back to connecting normally |
|
if the control socket does not exist, or is not listening. |
|
.Pp |
Setting this to |
Setting this to |
.Dq ask |
.Dq ask |
will cause |
will cause |
|
|
X11 and |
X11 and |
.Xr ssh-agent 1 |
.Xr ssh-agent 1 |
forwarding is supported over these multiplexed connections, however the |
forwarding is supported over these multiplexed connections, however the |
display and agent fowarded will be the one belonging to the master |
display and agent forwarded will be the one belonging to the master |
connection i.e. it is not possible to forward multiple displays or agents. |
connection i.e. it is not possible to forward multiple displays or agents. |
.Pp |
.Pp |
Two additional options allow for opportunistic multiplexing: try to use a |
Two additional options allow for opportunistic multiplexing: try to use a |
|
|
all three of these escape sequences. |
all three of these escape sequences. |
This ensures that shared connections are uniquely identified. |
This ensures that shared connections are uniquely identified. |
.It Cm DynamicForward |
.It Cm DynamicForward |
Specifies that a TCP/IP port on the local machine be forwarded |
Specifies that a TCP port on the local machine be forwarded |
over the secure channel, and the application |
over the secure channel, and the application |
protocol is then used to determine where to connect to from the |
protocol is then used to determine where to connect to from the |
remote machine. |
remote machine. |
The argument must be a port number. |
.Pp |
|
The argument must be |
|
.Sm off |
|
.Oo Ar bind_address : Oc Ar port . |
|
.Sm on |
|
IPv6 addresses can be specified by enclosing addresses in square brackets or |
|
by using an alternative syntax: |
|
.Oo Ar bind_address Ns / Oc Ns Ar port . |
|
By default, the local port is bound in accordance with the |
|
.Cm GatewayPorts |
|
setting. |
|
However, an explicit |
|
.Ar bind_address |
|
may be used to bind the connection to a specific address. |
|
The |
|
.Ar bind_address |
|
of |
|
.Dq localhost |
|
indicates that the listening port be bound for local use only, while an |
|
empty address or |
|
.Sq * |
|
indicates that the port should be available from all interfaces. |
|
.Pp |
Currently the SOCKS4 and SOCKS5 protocols are supported, and |
Currently the SOCKS4 and SOCKS5 protocols are supported, and |
.Nm ssh |
.Nm ssh |
will act as a SOCKS server. |
will act as a SOCKS server. |
|
|
Numeric IP addresses are also permitted (both on the command line and in |
Numeric IP addresses are also permitted (both on the command line and in |
.Cm HostName |
.Cm HostName |
specifications). |
specifications). |
.It Cm IdentityFile |
|
Specifies a file from which the user's RSA or DSA authentication identity |
|
is read. |
|
The default is |
|
.Pa ~/.ssh/identity |
|
for protocol version 1, and |
|
.Pa ~/.ssh/id_rsa |
|
and |
|
.Pa ~/.ssh/id_dsa |
|
for protocol version 2. |
|
Additionally, any identities represented by the authentication agent |
|
will be used for authentication. |
|
The file name may use the tilde |
|
syntax to refer to a user's home directory. |
|
It is possible to have |
|
multiple identity files specified in configuration files; all these |
|
identities will be tried in sequence. |
|
.It Cm IdentitiesOnly |
.It Cm IdentitiesOnly |
Specifies that |
Specifies that |
.Nm ssh |
.Nm ssh |
|
|
.Dq yes |
.Dq yes |
or |
or |
.Dq no . |
.Dq no . |
This option is intented for situations where |
This option is intended for situations where |
.Nm ssh-agent |
.Nm ssh-agent |
offers many different identities. |
offers many different identities. |
The default is |
The default is |
.Dq no . |
.Dq no . |
|
.It Cm IdentityFile |
|
Specifies a file from which the user's RSA or DSA authentication identity |
|
is read. |
|
The default is |
|
.Pa ~/.ssh/identity |
|
for protocol version 1, and |
|
.Pa ~/.ssh/id_rsa |
|
and |
|
.Pa ~/.ssh/id_dsa |
|
for protocol version 2. |
|
Additionally, any identities represented by the authentication agent |
|
will be used for authentication. |
|
The file name may use the tilde |
|
syntax to refer to a user's home directory. |
|
It is possible to have |
|
multiple identity files specified in configuration files; all these |
|
identities will be tried in sequence. |
.It Cm KbdInteractiveDevices |
.It Cm KbdInteractiveDevices |
Specifies the list of methods to use in keyboard-interactive authentication. |
Specifies the list of methods to use in keyboard-interactive authentication. |
Multiple method names must be comma-separated. |
Multiple method names must be comma-separated. |
The default is to use the server specified list. |
The default is to use the server specified list. |
|
.It Cm LocalCommand |
|
Specifies a command to execute on the local machine after successfully |
|
connecting to the server. |
|
The command string extends to the end of the line, and is executed with |
|
.Pa /bin/sh . |
|
This directive is ignored unless |
|
.Cm PermitLocalCommand |
|
has been enabled. |
.It Cm LocalForward |
.It Cm LocalForward |
Specifies that a TCP/IP port on the local machine be forwarded over |
Specifies that a TCP port on the local machine be forwarded over |
the secure channel to the specified host and port from the remote machine. |
the secure channel to the specified host and port from the remote machine. |
The first argument must be |
The first argument must be |
.Sm off |
.Sm off |
|
|
.Dq no . |
.Dq no . |
The default is |
The default is |
.Dq yes . |
.Dq yes . |
|
.It Cm PermitLocalCommand |
|
Allow local command execution via the |
|
.Ic LocalCommand |
|
option or using the |
|
.Ic !\& Ns Ar command |
|
escape sequence in |
|
.Xr ssh 1 . |
|
The argument must be |
|
.Dq yes |
|
or |
|
.Dq no . |
|
The default is |
|
.Dq no . |
.It Cm Port |
.It Cm Port |
Specifies the port number to connect on the remote host. |
Specifies the port number to connect on the remote host. |
Default is 22. |
Default is 22. |
|
|
The default is |
The default is |
.Dq yes . |
.Dq yes . |
This option applies to protocol version 2 only. |
This option applies to protocol version 2 only. |
|
.It Cm RekeyLimit |
|
Specifies the maximum amount of data that may be transmitted before the |
|
session key is renegotiated. |
|
The argument is the number of bytes, with an optional suffix of |
|
.Sq K , |
|
.Sq M , |
|
or |
|
.Sq G |
|
to indicate Kilobytes, Megabytes, or Gigabytes, respectively. |
|
The default is between |
|
.Dq 1G |
|
and |
|
.Dq 4G , |
|
depending on the cipher. |
|
This option applies to protocol version 2 only. |
.It Cm RemoteForward |
.It Cm RemoteForward |
Specifies that a TCP/IP port on the remote machine be forwarded over |
Specifies that a TCP port on the remote machine be forwarded over |
the secure channel to the specified host and port from the local machine. |
the secure channel to the specified host and port from the local machine. |
The first argument must be |
The first argument must be |
.Sm off |
.Sm off |
|
|
.Cm SendEnv |
.Cm SendEnv |
directives. |
directives. |
The default is not to send any environment variables. |
The default is not to send any environment variables. |
.It Cm ServerAliveInterval |
|
Sets a timeout interval in seconds after which if no data has been received |
|
from the server, |
|
.Nm ssh |
|
will send a message through the encrypted |
|
channel to request a response from the server. |
|
The default |
|
is 0, indicating that these messages will not be sent to the server. |
|
This option applies to protocol version 2 only. |
|
.It Cm ServerAliveCountMax |
.It Cm ServerAliveCountMax |
Sets the number of server alive messages (see above) which may be |
Sets the number of server alive messages (see below) which may be |
sent without |
sent without |
.Nm ssh |
.Nm ssh |
receiving any messages back from the server. |
receiving any messages back from the server. |
|
|
The default value is 3. |
The default value is 3. |
If, for example, |
If, for example, |
.Cm ServerAliveInterval |
.Cm ServerAliveInterval |
(above) is set to 15, and |
(see below) is set to 15, and |
.Cm ServerAliveCountMax |
.Cm ServerAliveCountMax |
is left at the default, if the server becomes unresponsive ssh |
is left at the default, if the server becomes unresponsive ssh |
will disconnect after approximately 45 seconds. |
will disconnect after approximately 45 seconds. |
|
.It Cm ServerAliveInterval |
|
Sets a timeout interval in seconds after which if no data has been received |
|
from the server, |
|
.Nm ssh |
|
will send a message through the encrypted |
|
channel to request a response from the server. |
|
The default |
|
is 0, indicating that these messages will not be sent to the server. |
|
This option applies to protocol version 2 only. |
.It Cm SmartcardDevice |
.It Cm SmartcardDevice |
Specifies which smartcard device to use. |
Specifies which smartcard device to use. |
The argument to this keyword is the device |
The argument to this keyword is the device |
|
|
.Pp |
.Pp |
To disable TCP keepalive messages, the value should be set to |
To disable TCP keepalive messages, the value should be set to |
.Dq no . |
.Dq no . |
|
.It Cm Tunnel |
|
Request starting |
|
.Xr tun 4 |
|
device forwarding between the client and the server. |
|
This option also allows requesting layer 2 (ethernet) |
|
instead of layer 3 (point-to-point) tunneling from the server. |
|
The argument must be |
|
.Dq yes , |
|
.Dq point-to-point , |
|
.Dq ethernet |
|
or |
|
.Dq no . |
|
The default is |
|
.Dq no . |
|
.It Cm TunnelDevice |
|
Force a specified |
|
.Xr tun 4 |
|
device on the client. |
|
Without this option, the next available device will be used. |
.It Cm UsePrivilegedPort |
.It Cm UsePrivilegedPort |
Specifies whether to use a privileged port for outgoing connections. |
Specifies whether to use a privileged port for outgoing connections. |
The argument must be |
The argument must be |