version 1.218, 2016/02/16 05:11:04 |
version 1.219, 2016/02/17 07:38:19 |
|
|
in |
in |
.Xr ssh_config 5 |
.Xr ssh_config 5 |
for how to configure the client. |
for how to configure the client. |
Note that environment passing is only supported for protocol 2, and |
The |
that the |
|
.Ev TERM |
.Ev TERM |
environment variable is always sent whenever the client |
environment variable is always sent whenever the client |
requests a pseudo-terminal as it is required by the protocol. |
requests a pseudo-terminal as it is required by the protocol. |
|
|
.Dq publickey,publickey |
.Dq publickey,publickey |
will require successful authentication using two different public keys. |
will require successful authentication using two different public keys. |
.Pp |
.Pp |
This option is only available for SSH protocol 2 and will yield a fatal |
This option will yield a fatal |
error if enabled if protocol 1 is also enabled. |
error if enabled if protocol 1 is also enabled. |
Note that each authentication method listed should also be explicitly enabled |
Note that each authentication method listed should also be explicitly enabled |
in the configuration. |
in the configuration. |
|
|
If the argument is |
If the argument is |
.Dq none |
.Dq none |
then no banner is displayed. |
then no banner is displayed. |
This option is only available for protocol version 2. |
|
By default, no banner is displayed. |
By default, no banner is displayed. |
.It Cm ChallengeResponseAuthentication |
.It Cm ChallengeResponseAuthentication |
Specifies whether challenge-response authentication is allowed. |
Specifies whether challenge-response authentication is allowed. |
|
|
indicating not to |
indicating not to |
.Xr chroot 2 . |
.Xr chroot 2 . |
.It Cm Ciphers |
.It Cm Ciphers |
Specifies the ciphers allowed for protocol version 2. |
Specifies the ciphers allowed. |
Multiple ciphers must be comma-separated. |
Multiple ciphers must be comma-separated. |
If the specified value begins with a |
If the specified value begins with a |
.Sq + |
.Sq + |
|
|
.Cm ClientAliveCountMax |
.Cm ClientAliveCountMax |
is left at the default, unresponsive SSH clients |
is left at the default, unresponsive SSH clients |
will be disconnected after approximately 45 seconds. |
will be disconnected after approximately 45 seconds. |
This option applies to protocol version 2 only. |
|
.It Cm ClientAliveInterval |
.It Cm ClientAliveInterval |
Sets a timeout interval in seconds after which if no data has been received |
Sets a timeout interval in seconds after which if no data has been received |
from the client, |
from the client, |
|
|
channel to request a response from the client. |
channel to request a response from the client. |
The default |
The default |
is 0, indicating that these messages will not be sent to the client. |
is 0, indicating that these messages will not be sent to the client. |
This option applies to protocol version 2 only. |
|
.It Cm Compression |
.It Cm Compression |
Specifies whether compression is allowed, or delayed until |
Specifies whether compression is allowed, or delayed until |
the user has authenticated successfully. |
the user has authenticated successfully. |
|
|
Specifies whether user authentication based on GSSAPI is allowed. |
Specifies whether user authentication based on GSSAPI is allowed. |
The default is |
The default is |
.Dq no . |
.Dq no . |
Note that this option applies to protocol version 2 only. |
|
.It Cm GSSAPICleanupCredentials |
.It Cm GSSAPICleanupCredentials |
Specifies whether to automatically destroy the user's credentials cache |
Specifies whether to automatically destroy the user's credentials cache |
on logout. |
on logout. |
The default is |
The default is |
.Dq yes . |
.Dq yes . |
Note that this option applies to protocol version 2 only. |
|
.It Cm GSSAPIStrictAcceptorCheck |
.It Cm GSSAPIStrictAcceptorCheck |
Determines whether to be strict about the identity of the GSSAPI acceptor |
Determines whether to be strict about the identity of the GSSAPI acceptor |
a client authenticates against. |
a client authenticates against. |
|
|
Specifies whether rhosts or /etc/hosts.equiv authentication together |
Specifies whether rhosts or /etc/hosts.equiv authentication together |
with successful public key client host authentication is allowed |
with successful public key client host authentication is allowed |
(host-based authentication). |
(host-based authentication). |
This option is similar to |
|
.Cm RhostsRSAAuthentication |
|
and applies to protocol version 2 only. |
|
The default is |
The default is |
.Dq no . |
.Dq no . |
.It Cm HostbasedUsesNameFromPacketOnly |
.It Cm HostbasedUsesNameFromPacketOnly |
|
|
.Ev SSH_AUTH_SOCK |
.Ev SSH_AUTH_SOCK |
environment variable. |
environment variable. |
.It Cm HostKeyAlgorithms |
.It Cm HostKeyAlgorithms |
Specifies the protocol version 2 host key algorithms |
Specifies the host key algorithms |
that the server offers. |
that the server offers. |
The default for this option is: |
The default for this option is: |
.Bd -literal -offset 3n |
.Bd -literal -offset 3n |
|
|
Logging with a DEBUG level violates the privacy of users and is not recommended. |
Logging with a DEBUG level violates the privacy of users and is not recommended. |
.It Cm MACs |
.It Cm MACs |
Specifies the available MAC (message authentication code) algorithms. |
Specifies the available MAC (message authentication code) algorithms. |
The MAC algorithm is used in protocol version 2 |
The MAC algorithm is used for data integrity protection. |
for data integrity protection. |
|
Multiple algorithms must be comma-separated. |
Multiple algorithms must be comma-separated. |
If the specified value begins with a |
If the specified value begins with a |
.Sq + |
.Sq + |
|
|
Specifies whether public key authentication is allowed. |
Specifies whether public key authentication is allowed. |
The default is |
The default is |
.Dq yes . |
.Dq yes . |
Note that this option applies to protocol version 2 only. |
|
.It Cm RekeyLimit |
.It Cm RekeyLimit |
Specifies the maximum amount of data that may be transmitted before the |
Specifies the maximum amount of data that may be transmitted before the |
session key is renegotiated, optionally followed a maximum amount of |
session key is renegotiated, optionally followed a maximum amount of |
|
|
.Dq default none , |
.Dq default none , |
which means that rekeying is performed after the cipher's default amount |
which means that rekeying is performed after the cipher's default amount |
of data has been sent or received and no time based rekeying is done. |
of data has been sent or received and no time based rekeying is done. |
This option applies to protocol version 2 only. |
|
.It Cm RevokedKeys |
.It Cm RevokedKeys |
Specifies revoked public keys file, or |
Specifies revoked public keys file, or |
.Dq none |
.Dq none |
|
|
to force a different filesystem root on clients. |
to force a different filesystem root on clients. |
.Pp |
.Pp |
By default no subsystems are defined. |
By default no subsystems are defined. |
Note that this option applies to protocol version 2 only. |
|
.It Cm SyslogFacility |
.It Cm SyslogFacility |
Gives the facility code that is used when logging messages from |
Gives the facility code that is used when logging messages from |
.Xr sshd 8 . |
.Xr sshd 8 . |