| version 1.218, 2016/02/16 05:11:04 |
version 1.219, 2016/02/17 07:38:19 |
|
|
| in |
in |
| .Xr ssh_config 5 |
.Xr ssh_config 5 |
| for how to configure the client. |
for how to configure the client. |
| Note that environment passing is only supported for protocol 2, and |
The |
| that the |
|
| .Ev TERM |
.Ev TERM |
| environment variable is always sent whenever the client |
environment variable is always sent whenever the client |
| requests a pseudo-terminal as it is required by the protocol. |
requests a pseudo-terminal as it is required by the protocol. |
|
|
| .Dq publickey,publickey |
.Dq publickey,publickey |
| will require successful authentication using two different public keys. |
will require successful authentication using two different public keys. |
| .Pp |
.Pp |
| This option is only available for SSH protocol 2 and will yield a fatal |
This option will yield a fatal |
| error if enabled if protocol 1 is also enabled. |
error if enabled if protocol 1 is also enabled. |
| Note that each authentication method listed should also be explicitly enabled |
Note that each authentication method listed should also be explicitly enabled |
| in the configuration. |
in the configuration. |
|
|
| If the argument is |
If the argument is |
| .Dq none |
.Dq none |
| then no banner is displayed. |
then no banner is displayed. |
| This option is only available for protocol version 2. |
|
| By default, no banner is displayed. |
By default, no banner is displayed. |
| .It Cm ChallengeResponseAuthentication |
.It Cm ChallengeResponseAuthentication |
| Specifies whether challenge-response authentication is allowed. |
Specifies whether challenge-response authentication is allowed. |
|
|
| indicating not to |
indicating not to |
| .Xr chroot 2 . |
.Xr chroot 2 . |
| .It Cm Ciphers |
.It Cm Ciphers |
| Specifies the ciphers allowed for protocol version 2. |
Specifies the ciphers allowed. |
| Multiple ciphers must be comma-separated. |
Multiple ciphers must be comma-separated. |
| If the specified value begins with a |
If the specified value begins with a |
| .Sq + |
.Sq + |
|
|
| .Cm ClientAliveCountMax |
.Cm ClientAliveCountMax |
| is left at the default, unresponsive SSH clients |
is left at the default, unresponsive SSH clients |
| will be disconnected after approximately 45 seconds. |
will be disconnected after approximately 45 seconds. |
| This option applies to protocol version 2 only. |
|
| .It Cm ClientAliveInterval |
.It Cm ClientAliveInterval |
| Sets a timeout interval in seconds after which if no data has been received |
Sets a timeout interval in seconds after which if no data has been received |
| from the client, |
from the client, |
|
|
| channel to request a response from the client. |
channel to request a response from the client. |
| The default |
The default |
| is 0, indicating that these messages will not be sent to the client. |
is 0, indicating that these messages will not be sent to the client. |
| This option applies to protocol version 2 only. |
|
| .It Cm Compression |
.It Cm Compression |
| Specifies whether compression is allowed, or delayed until |
Specifies whether compression is allowed, or delayed until |
| the user has authenticated successfully. |
the user has authenticated successfully. |
|
|
| Specifies whether user authentication based on GSSAPI is allowed. |
Specifies whether user authentication based on GSSAPI is allowed. |
| The default is |
The default is |
| .Dq no . |
.Dq no . |
| Note that this option applies to protocol version 2 only. |
|
| .It Cm GSSAPICleanupCredentials |
.It Cm GSSAPICleanupCredentials |
| Specifies whether to automatically destroy the user's credentials cache |
Specifies whether to automatically destroy the user's credentials cache |
| on logout. |
on logout. |
| The default is |
The default is |
| .Dq yes . |
.Dq yes . |
| Note that this option applies to protocol version 2 only. |
|
| .It Cm GSSAPIStrictAcceptorCheck |
.It Cm GSSAPIStrictAcceptorCheck |
| Determines whether to be strict about the identity of the GSSAPI acceptor |
Determines whether to be strict about the identity of the GSSAPI acceptor |
| a client authenticates against. |
a client authenticates against. |
|
|
| Specifies whether rhosts or /etc/hosts.equiv authentication together |
Specifies whether rhosts or /etc/hosts.equiv authentication together |
| with successful public key client host authentication is allowed |
with successful public key client host authentication is allowed |
| (host-based authentication). |
(host-based authentication). |
| This option is similar to |
|
| .Cm RhostsRSAAuthentication |
|
| and applies to protocol version 2 only. |
|
| The default is |
The default is |
| .Dq no . |
.Dq no . |
| .It Cm HostbasedUsesNameFromPacketOnly |
.It Cm HostbasedUsesNameFromPacketOnly |
|
|
| .Ev SSH_AUTH_SOCK |
.Ev SSH_AUTH_SOCK |
| environment variable. |
environment variable. |
| .It Cm HostKeyAlgorithms |
.It Cm HostKeyAlgorithms |
| Specifies the protocol version 2 host key algorithms |
Specifies the host key algorithms |
| that the server offers. |
that the server offers. |
| The default for this option is: |
The default for this option is: |
| .Bd -literal -offset 3n |
.Bd -literal -offset 3n |
|
|
| Logging with a DEBUG level violates the privacy of users and is not recommended. |
Logging with a DEBUG level violates the privacy of users and is not recommended. |
| .It Cm MACs |
.It Cm MACs |
| Specifies the available MAC (message authentication code) algorithms. |
Specifies the available MAC (message authentication code) algorithms. |
| The MAC algorithm is used in protocol version 2 |
The MAC algorithm is used for data integrity protection. |
| for data integrity protection. |
|
| Multiple algorithms must be comma-separated. |
Multiple algorithms must be comma-separated. |
| If the specified value begins with a |
If the specified value begins with a |
| .Sq + |
.Sq + |
|
|
| Specifies whether public key authentication is allowed. |
Specifies whether public key authentication is allowed. |
| The default is |
The default is |
| .Dq yes . |
.Dq yes . |
| Note that this option applies to protocol version 2 only. |
|
| .It Cm RekeyLimit |
.It Cm RekeyLimit |
| Specifies the maximum amount of data that may be transmitted before the |
Specifies the maximum amount of data that may be transmitted before the |
| session key is renegotiated, optionally followed a maximum amount of |
session key is renegotiated, optionally followed a maximum amount of |
|
|
| .Dq default none , |
.Dq default none , |
| which means that rekeying is performed after the cipher's default amount |
which means that rekeying is performed after the cipher's default amount |
| of data has been sent or received and no time based rekeying is done. |
of data has been sent or received and no time based rekeying is done. |
| This option applies to protocol version 2 only. |
|
| .It Cm RevokedKeys |
.It Cm RevokedKeys |
| Specifies revoked public keys file, or |
Specifies revoked public keys file, or |
| .Dq none |
.Dq none |
|
|
| to force a different filesystem root on clients. |
to force a different filesystem root on clients. |
| .Pp |
.Pp |
| By default no subsystems are defined. |
By default no subsystems are defined. |
| Note that this option applies to protocol version 2 only. |
|
| .It Cm SyslogFacility |
.It Cm SyslogFacility |
| Gives the facility code that is used when logging messages from |
Gives the facility code that is used when logging messages from |
| .Xr sshd 8 . |
.Xr sshd 8 . |
![[BACK]](/icons/back.gif){kind=icon}
Return to sshd_config.5 CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / src / usr.bin / ssh