usr.bin/ssh/ssh_config.5 at jcs · jcs.org/openbsd-src

jcs.org / openbsd-src
fork atom
jcs's openbsd hax
openbsd
fork atom
openbsd-src / usr.bin / ssh / ssh_config.5
at jcs 2468 lines 71 kB view raw
wrap content
dtucker Remove references to skey auth which is long gone. 1mo ago
9e7d5783
   1.\"
   2.\" Author: Tatu Ylonen <ylo@cs.hut.fi>
   3.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
   4.\"                    All rights reserved
   5.\"
   6.\" As far as I am concerned, the code I have written for this software
   7.\" can be used freely for any purpose.  Any derived versions of this
   8.\" software must be clearly marked as such, and if the derived work is
   9.\" incompatible with the protocol description in the RFC file, it must be
  10.\" called by a name other than "ssh" or "Secure Shell".
  11.\"
  12.\" Copyright (c) 1999,2000 Markus Friedl.  All rights reserved.
  13.\" Copyright (c) 1999 Aaron Campbell.  All rights reserved.
  14.\" Copyright (c) 1999 Theo de Raadt.  All rights reserved.
  15.\"
  16.\" Redistribution and use in source and binary forms, with or without
  17.\" modification, are permitted provided that the following conditions
  18.\" are met:
  19.\" 1. Redistributions of source code must retain the above copyright
  20.\"    notice, this list of conditions and the following disclaimer.
  21.\" 2. Redistributions in binary form must reproduce the above copyright
  22.\"    notice, this list of conditions and the following disclaimer in the
  23.\"    documentation and/or other materials provided with the distribution.
  24.\"
  25.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
  26.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
  27.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
  28.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
  29.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
  30.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
  31.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
  32.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
  33.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
  34.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  35.\"
  36.\" $OpenBSD: ssh_config.5,v 1.422 2026/02/09 22:12:48 dtucker Exp $
  37.Dd $Mdocdate: February 9 2026 $
  38.Dt SSH_CONFIG 5
  39.Os
  40.Sh NAME
  41.Nm ssh_config
  42.Nd OpenSSH client configuration file
  43.Sh DESCRIPTION
  44.Xr ssh 1
  45obtains configuration data from the following sources in
  46the following order:
  47.Pp
  48.Bl -enum -offset indent -compact
  49.It
  50command-line options
  51.It
  52user's configuration file
  53.Pq Pa ~/.ssh/config
  54.It
  55system-wide configuration file
  56.Pq Pa /etc/ssh/ssh_config
  57.El
  58.Pp
  59Unless noted otherwise, for each parameter, the first obtained value
  60will be used.
  61The configuration files contain sections separated by
  62.Cm Host
  63specifications, and that section is only applied for hosts that
  64match one of the patterns given in the specification.
  65The matched host name is usually the one given on the command line
  66(see the
  67.Cm CanonicalizeHostname
  68option for exceptions).
  69.Pp
  70Since the first obtained value for each parameter is used, more
  71host-specific declarations should be given near the beginning of the
  72file, and general defaults at the end.
  73.Pp
  74The file contains keyword-argument pairs, one per line.
  75Lines starting with
  76.Ql #
  77and empty lines are interpreted as comments.
  78Arguments may optionally be enclosed in double quotes
  79.Pq \&"
  80in order to represent arguments containing spaces.
  81Configuration options may be separated by whitespace or
  82optional whitespace and exactly one
  83.Ql = ;
  84the latter format is useful to avoid the need to quote whitespace
  85when specifying configuration options using the
  86.Nm ssh ,
  87.Nm scp ,
  88and
  89.Nm sftp
  90.Fl o
  91option.
  92.Pp
  93The possible
  94keywords and their meanings are as follows (note that
  95keywords are case-insensitive and arguments are case-sensitive):
  96.Bl -tag -width Ds
  97.It Cm Host
  98Restricts the following declarations (up to the next
  99.Cm Host
 100or
 101.Cm Match
 102keyword) to be only for those hosts that match one of the patterns
 103given after the keyword.
 104If more than one pattern is provided, they should be separated by whitespace.
 105A single
 106.Ql *
 107as a pattern can be used to provide global
 108defaults for all hosts.
 109The host is usually the
 110.Ar hostname
 111argument given on the command line
 112(see the
 113.Cm CanonicalizeHostname
 114keyword for exceptions).
 115.Pp
 116A pattern entry may be negated by prefixing it with an exclamation mark
 117.Pq Sq !\& .
 118If a negated entry is matched, then the
 119.Cm Host
 120entry is ignored, regardless of whether any other patterns on the line
 121match.
 122Negated matches are therefore useful to provide exceptions for wildcard
 123matches.
 124.Pp
 125See
 126.Sx PATTERNS
 127for more information on patterns.
 128.It Cm Match
 129Restricts the following declarations (up to the next
 130.Cm Host
 131or
 132.Cm Match
 133keyword) to be used only when the conditions following the
 134.Cm Match
 135keyword are satisfied.
 136Match conditions are specified using one or more criteria
 137or the single token
 138.Cm all
 139which always matches.
 140The available criteria keywords are:
 141.Cm canonical ,
 142.Cm final ,
 143.Cm exec ,
 144.Cm localnetwork ,
 145.Cm host ,
 146.Cm originalhost ,
 147.Cm tagged ,
 148.Cm command ,
 149.Cm user ,
 150.Cm localuser ,
 151and
 152.Cm version .
 153The
 154.Cm all
 155criteria must appear alone or immediately after
 156.Cm canonical
 157or
 158.Cm final .
 159Other criteria may be combined arbitrarily.
 160All criteria but
 161.Cm all ,
 162.Cm canonical ,
 163and
 164.Cm final
 165require an argument.
 166Criteria may be negated by prepending an exclamation mark
 167.Pq Sq !\& .
 168.Pp
 169The
 170.Cm canonical
 171keyword matches only when the configuration file is being re-parsed
 172after hostname canonicalization (see the
 173.Cm CanonicalizeHostname
 174option).
 175This may be useful to specify conditions that work with canonical host
 176names only.
 177.Pp
 178The
 179.Cm final
 180keyword requests that the configuration be re-parsed (regardless of whether
 181.Cm CanonicalizeHostname
 182is enabled), and matches only during this final pass.
 183If
 184.Cm CanonicalizeHostname
 185is enabled, then
 186.Cm canonical
 187and
 188.Cm final
 189match during the same pass.
 190.Pp
 191The
 192.Cm exec
 193keyword executes the specified command under the user's shell.
 194If the command returns a zero exit status then the condition is considered true.
 195Commands containing whitespace characters must be quoted.
 196Arguments to
 197.Cm exec
 198accept the tokens described in the
 199.Sx TOKENS
 200section.
 201.Pp
 202The
 203.Cm localnetwork
 204keyword matches the addresses of active local network interfaces against the
 205supplied list of networks in CIDR format.
 206This may be convenient for varying the effective configuration on devices that
 207roam between networks.
 208Note that network address is not a trustworthy criteria in many
 209situations (e.g. when the network is automatically configured using DHCP)
 210and so caution should be applied if using it to control security-sensitive
 211configuration.
 212.Pp
 213The other keywords' criteria must be single entries or comma-separated
 214lists and may use the wildcard and negation operators described in the
 215.Sx PATTERNS
 216section.
 217.Pp
 218The criteria for the
 219.Cm host
 220keyword are matched against the target hostname, after any substitution
 221by the
 222.Cm Hostname
 223or
 224.Cm CanonicalizeHostname
 225options.
 226The
 227.Cm originalhost
 228keyword matches against the hostname as it was specified on the command-line.
 229.Pp
 230The
 231.Cm tagged
 232keyword matches a tag name specified by a prior
 233.Cm Tag
 234directive or on the
 235.Xr ssh 1
 236command-line using the
 237.Fl P
 238flag.
 239The
 240.Cm command
 241keyword matches the remote command that has been requested, or the subsystem
 242name that is being invoked (e.g.\&
 243.Qq sftp
 244for an SFTP session).
 245The empty string will match the case where a command or tag has not been
 246specified, i.e.\&
 247.Sq Match tag \&"\&" .
 248The
 249.Cm version
 250keyword matches against the version string of
 251.Xr ssh 1 ,
 252for example
 253.Dq OpenSSH_10.0 .
 254.Pp
 255The
 256.Cm user
 257keyword matches against the target username on the remote host.
 258The
 259.Cm localuser
 260keyword matches against the name of the local user running
 261.Xr ssh 1
 262(this keyword may be useful in system-wide
 263.Nm
 264files).
 265.Pp
 266Finally, the
 267.Cm sessiontype
 268keyword matches the requested session type, which may be one of
 269.Cm shell
 270for interactive sessions,
 271.Cm exec
 272for command execution sessions,
 273.Cm subsystem
 274for subsystem invocations such as
 275.Xr sftp 1 ,
 276or
 277.Cm none
 278for transport-only sessions, such as when
 279.Xr ssh 1
 280is started with the
 281.Fl N
 282flag.
 283.It Cm AddKeysToAgent
 284Specifies whether keys should be automatically added to a running
 285.Xr ssh-agent 1 .
 286If this option is set to
 287.Cm yes
 288and a key is loaded from a file, the key and its passphrase are added to
 289the agent with the default lifetime, as if by
 290.Xr ssh-add 1 .
 291If this option is set to
 292.Cm ask ,
 293.Xr ssh 1
 294will require confirmation using the
 295.Ev SSH_ASKPASS
 296program before adding a key (see
 297.Xr ssh-add 1
 298for details).
 299If this option is set to
 300.Cm confirm ,
 301each use of the key must be confirmed, as if the
 302.Fl c
 303option was specified to
 304.Xr ssh-add 1 .
 305If this option is set to
 306.Cm no ,
 307no keys are added to the agent.
 308Alternately, this option may be specified as a time interval
 309using the format described in the
 310.Sx TIME FORMATS
 311section of
 312.Xr sshd_config 5
 313to specify the key's lifetime in
 314.Xr ssh-agent 1 ,
 315after which it will automatically be removed.
 316The argument must be
 317.Cm no
 318(the default),
 319.Cm yes ,
 320.Cm confirm
 321(optionally followed by a time interval),
 322.Cm ask
 323or a time interval.
 324.It Cm AddressFamily
 325Specifies which address family to use when connecting.
 326Valid arguments are
 327.Cm any
 328(the default),
 329.Cm inet
 330(use IPv4 only), or
 331.Cm inet6
 332(use IPv6 only).
 333.It Cm BatchMode
 334If set to
 335.Cm yes ,
 336user interaction such as password prompts and host key confirmation requests
 337will be disabled.
 338This option is useful in scripts and other batch jobs where no user
 339is present to interact with
 340.Xr ssh 1 .
 341The argument must be
 342.Cm yes
 343or
 344.Cm no
 345(the default).
 346.It Cm BindAddress
 347Use the specified address on the local machine as the source address of
 348the connection.
 349Only useful on systems with more than one address.
 350.It Cm BindInterface
 351Use the address of the specified interface on the local machine as the
 352source address of the connection.
 353.It Cm CanonicalDomains
 354When
 355.Cm CanonicalizeHostname
 356is enabled, this option specifies the list of domain suffixes in which to
 357search for the specified destination host.
 358.It Cm CanonicalizeFallbackLocal
 359Specifies whether to fail with an error when hostname canonicalization fails.
 360The default,
 361.Cm yes ,
 362will attempt to look up the unqualified hostname using the system resolver's
 363search rules.
 364A value of
 365.Cm no
 366will cause
 367.Xr ssh 1
 368to fail instantly if
 369.Cm CanonicalizeHostname
 370is enabled and the target hostname cannot be found in any of the domains
 371specified by
 372.Cm CanonicalDomains .
 373.It Cm CanonicalizeHostname
 374Controls whether explicit hostname canonicalization is performed.
 375The default,
 376.Cm no ,
 377is not to perform any name rewriting and let the system resolver handle all
 378hostname lookups.
 379If set to
 380.Cm yes
 381then, for connections that do not use a
 382.Cm ProxyCommand
 383or
 384.Cm ProxyJump ,
 385.Xr ssh 1
 386will attempt to canonicalize the hostname specified on the command line
 387using the
 388.Cm CanonicalDomains
 389suffixes and
 390.Cm CanonicalizePermittedCNAMEs
 391rules.
 392If
 393.Cm CanonicalizeHostname
 394is set to
 395.Cm always ,
 396then canonicalization is applied to proxied connections too.
 397.Pp
 398If this option is enabled, then the configuration files are processed
 399again using the new target name to pick up any new configuration in matching
 400.Cm Host
 401and
 402.Cm Match
 403stanzas.
 404A value of
 405.Cm none
 406disables the use of a
 407.Cm ProxyJump
 408host.
 409.It Cm CanonicalizeMaxDots
 410Specifies the maximum number of dot characters in a hostname before
 411canonicalization is disabled.
 412The default, 1,
 413allows a single dot (i.e. hostname.subdomain).
 414.It Cm CanonicalizePermittedCNAMEs
 415Specifies rules to determine whether CNAMEs should be followed when
 416canonicalizing hostnames.
 417The rules consist of one or more arguments of
 418.Ar source_domain_list : Ns Ar target_domain_list ,
 419where
 420.Ar source_domain_list
 421is a pattern-list of domains that may follow CNAMEs in canonicalization,
 422and
 423.Ar target_domain_list
 424is a pattern-list of domains that they may resolve to.
 425.Pp
 426For example,
 427.Qq *.a.example.com:*.b.example.com,*.c.example.com
 428will allow hostnames matching
 429.Qq *.a.example.com
 430to be canonicalized to names in the
 431.Qq *.b.example.com
 432or
 433.Qq *.c.example.com
 434domains.
 435.Pp
 436A single argument of
 437.Qq none
 438causes no CNAMEs to be considered for canonicalization.
 439This is the default behaviour.
 440.It Cm CASignatureAlgorithms
 441Specifies which algorithms are allowed for signing of certificates
 442by certificate authorities (CAs).
 443The default is:
 444.Bd -literal -offset indent
 445ssh-ed25519,ecdsa-sha2-nistp256,
 446ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
 447sk-ssh-ed25519@openssh.com,
 448sk-ecdsa-sha2-nistp256@openssh.com,
 449rsa-sha2-512,rsa-sha2-256
 450.Ed
 451.Pp
 452If the specified list begins with a
 453.Sq +
 454character, then the specified algorithms will be appended to the default set
 455instead of replacing them.
 456If the specified list begins with a
 457.Sq -
 458character, then the specified algorithms (including wildcards) will be removed
 459from the default set instead of replacing them.
 460.Pp
 461.Xr ssh 1
 462will not accept host certificates signed using algorithms other than those
 463specified.
 464.It Cm CertificateFile
 465Specifies a file from which the user's certificate is read.
 466A corresponding private key must be provided separately in order
 467to use this certificate either
 468from an
 469.Cm IdentityFile
 470directive or
 471.Fl i
 472flag to
 473.Xr ssh 1 ,
 474via
 475.Xr ssh-agent 1 ,
 476or via a
 477.Cm PKCS11Provider
 478or
 479.Cm SecurityKeyProvider .
 480.Pp
 481Arguments to
 482.Cm CertificateFile
 483may use the tilde syntax to refer to a user's home directory,
 484the tokens described in the
 485.Sx TOKENS
 486section and environment variables as described in the
 487.Sx ENVIRONMENT VARIABLES
 488section.
 489.Pp
 490It is possible to have multiple certificate files specified in
 491configuration files; these certificates will be tried in sequence.
 492Multiple
 493.Cm CertificateFile
 494directives will add to the list of certificates used for
 495authentication.
 496.It Cm ChannelTimeout
 497Specifies whether and how quickly
 498.Xr ssh 1
 499should close inactive channels.
 500Timeouts are specified as one or more
 501.Dq type=interval
 502pairs separated by whitespace, where the
 503.Dq type
 504must be the special keyword
 505.Dq global
 506or a channel type name from the list below, optionally containing
 507wildcard characters.
 508.Pp
 509The timeout value
 510.Dq interval
 511is specified in seconds or may use any of the units documented in the
 512.Sx TIME FORMATS
 513section.
 514For example,
 515.Dq session=5m
 516would cause interactive sessions to terminate after five minutes of
 517inactivity.
 518Specifying a zero value disables the inactivity timeout.
 519.Pp
 520The special timeout
 521.Dq global
 522applies to all active channels, taken together.
 523Traffic on any active channel will reset the timeout, but when the timeout
 524expires then all open channels will be closed.
 525Note that this global timeout is not matched by wildcards and must be
 526specified explicitly.
 527.Pp
 528The available channel type names include:
 529.Bl -tag -width Ds
 530.It Cm agent-connection
 531Open connections to
 532.Xr ssh-agent 1 .
 533.It Cm direct-tcpip , Cm direct-streamlocal@openssh.com
 534Open TCP or Unix socket (respectively) connections that have
 535been established from an
 536.Xr ssh 1
 537local forwarding, i.e.\&
 538.Cm LocalForward
 539or
 540.Cm DynamicForward .
 541.It Cm forwarded-tcpip , Cm forwarded-streamlocal@openssh.com
 542Open TCP or Unix socket (respectively) connections that have been
 543established to an
 544.Xr sshd 8
 545listening on behalf of an
 546.Xr ssh 1
 547remote forwarding, i.e.\&
 548.Cm RemoteForward .
 549.It Cm session
 550The interactive main session, including shell session, command execution,
 551.Xr scp 1 ,
 552.Xr sftp 1 ,
 553etc.
 554.It Cm tun-connection
 555Open
 556.Cm TunnelForward
 557connections.
 558.It Cm x11-connection
 559Open X11 forwarding sessions.
 560.El
 561.Pp
 562Note that in all the above cases, terminating an inactive session does not
 563guarantee to remove all resources associated with the session, e.g. shell
 564processes or X11 clients relating to the session may continue to execute.
 565.Pp
 566Moreover, terminating an inactive channel or session does not necessarily
 567close the SSH connection, nor does it prevent a client from
 568requesting another channel of the same type.
 569In particular, expiring an inactive forwarding session does not prevent
 570another identical forwarding from being subsequently created.
 571.Pp
 572The default is not to expire channels of any type for inactivity.
 573.It Cm CheckHostIP
 574If set to
 575.Cm yes ,
 576.Xr ssh 1
 577will additionally check the host IP address in the
 578.Pa known_hosts
 579file.
 580This allows it to detect if a host key changed due to DNS spoofing
 581and will add addresses of destination hosts to
 582.Pa ~/.ssh/known_hosts
 583in the process, regardless of the setting of
 584.Cm StrictHostKeyChecking .
 585If the option is set to
 586.Cm no
 587(the default),
 588the check will not be executed.
 589.It Cm Ciphers
 590Specifies the ciphers allowed and their order of preference.
 591Multiple ciphers must be comma-separated.
 592If the specified list begins with a
 593.Sq +
 594character, then the specified ciphers will be appended to the default set
 595instead of replacing them.
 596If the specified list begins with a
 597.Sq -
 598character, then the specified ciphers (including wildcards) will be removed
 599from the default set instead of replacing them.
 600If the specified list begins with a
 601.Sq ^
 602character, then the specified ciphers will be placed at the head of the
 603default set.
 604.Pp
 605The supported ciphers are:
 606.Bd -literal -offset indent
 6073des-cbc
 608aes128-cbc
 609aes192-cbc
 610aes256-cbc
 611aes128-ctr
 612aes192-ctr
 613aes256-ctr
 614aes128-gcm@openssh.com
 615aes256-gcm@openssh.com
 616chacha20-poly1305@openssh.com
 617.Ed
 618.Pp
 619The default is:
 620.Bd -literal -offset indent
 621chacha20-poly1305@openssh.com,
 622aes128-gcm@openssh.com,aes256-gcm@openssh.com,
 623aes128-ctr,aes192-ctr,aes256-ctr
 624.Ed
 625.Pp
 626The list of available ciphers may also be obtained using
 627.Qq ssh -Q cipher .
 628.It Cm ClearAllForwardings
 629Specifies that all local, remote, and dynamic port forwardings
 630specified in the configuration files or on the command line be
 631cleared.
 632This option is primarily useful when used from the
 633.Xr ssh 1
 634command line to clear port forwardings set in
 635configuration files, and is automatically set by
 636.Xr scp 1
 637and
 638.Xr sftp 1 .
 639The argument must be
 640.Cm yes
 641or
 642.Cm no
 643(the default).
 644.It Cm Compression
 645Specifies whether to use compression.
 646The argument must be
 647.Cm yes
 648or
 649.Cm no
 650(the default).
 651.It Cm ConnectionAttempts
 652Specifies the number of tries (one per second) to make before exiting.
 653The argument must be an integer.
 654This may be useful in scripts if the connection sometimes fails.
 655The default is 1.
 656.It Cm ConnectTimeout
 657Specifies the timeout (in seconds) used when connecting to the
 658SSH server, instead of using the default system TCP timeout.
 659This timeout is applied both to establishing the connection and to performing
 660the initial SSH protocol handshake and key exchange.
 661.It Cm ControlMaster
 662Enables the sharing of multiple sessions over a single network connection.
 663When set to
 664.Cm yes ,
 665.Xr ssh 1
 666will listen for connections on a control socket specified using the
 667.Cm ControlPath
 668argument.
 669Additional sessions can connect to this socket using the same
 670.Cm ControlPath
 671with
 672.Cm ControlMaster
 673set to
 674.Cm no
 675(the default).
 676These sessions will try to reuse the master instance's network connection
 677rather than initiating new ones, but will fall back to connecting normally
 678if the control socket does not exist, or is not listening.
 679.Pp
 680Setting this to
 681.Cm ask
 682will cause
 683.Xr ssh 1
 684to listen for control connections, but require confirmation using
 685.Xr ssh-askpass 1 .
 686If the
 687.Cm ControlPath
 688cannot be opened,
 689.Xr ssh 1
 690will continue without connecting to a master instance.
 691.Pp
 692X11 and
 693.Xr ssh-agent 1
 694forwarding is supported over these multiplexed connections, however the
 695display and agent forwarded will be the one belonging to the master
 696connection i.e. it is not possible to forward multiple displays or agents.
 697.Pp
 698Two additional options allow for opportunistic multiplexing: try to use a
 699master connection but fall back to creating a new one if one does not already
 700exist.
 701These options are:
 702.Cm auto
 703and
 704.Cm autoask .
 705The latter requires confirmation like the
 706.Cm ask
 707option.
 708.It Cm ControlPath
 709Specify the path to the control socket used for connection sharing as described
 710in the
 711.Cm ControlMaster
 712section above or the string
 713.Cm none
 714to disable connection sharing.
 715Arguments to
 716.Cm ControlPath
 717may use the tilde syntax to refer to a user's home directory,
 718the tokens described in the
 719.Sx TOKENS
 720section and environment variables as described in the
 721.Sx ENVIRONMENT VARIABLES
 722section.
 723It is recommended that any
 724.Cm ControlPath
 725used for opportunistic connection sharing include
 726at least %h, %p, and %r (or alternatively %C) and be placed in a directory
 727that is not writable by other users.
 728This ensures that shared connections are uniquely identified.
 729.It Cm ControlPersist
 730When used in conjunction with
 731.Cm ControlMaster ,
 732specifies that the master connection should remain open
 733in the background (waiting for future client connections)
 734after the initial client connection has been closed.
 735If set to
 736.Cm no
 737(the default),
 738then the master connection will not be placed into the background,
 739and will close as soon as the initial client connection is closed.
 740If set to
 741.Cm yes
 742or 0,
 743then the master connection will remain in the background indefinitely
 744(until killed or closed via a mechanism such as the
 745.Qq ssh -O exit ) .
 746If set to a time in seconds, or a time in any of the formats documented in
 747.Xr sshd_config 5 ,
 748then the backgrounded master connection will automatically terminate
 749after it has remained idle (with no client connections) for the
 750specified time.
 751.It Cm DynamicForward
 752Specifies that a TCP port on the local machine be forwarded
 753over the secure channel, and the application
 754protocol is then used to determine where to connect to from the
 755remote machine.
 756.Pp
 757The argument must be
 758.Sm off
 759.Oo Ar bind_address : Oc Ar port .
 760.Sm on
 761IPv6 addresses can be specified by enclosing addresses in square brackets.
 762By default, the local port is bound in accordance with the
 763.Cm GatewayPorts
 764setting.
 765However, an explicit
 766.Ar bind_address
 767may be used to bind the connection to a specific address.
 768The
 769.Ar bind_address
 770of
 771.Cm localhost
 772indicates that the listening port be bound for local use only, while an
 773empty address or
 774.Sq *
 775indicates that the port should be available from all interfaces.
 776.Pp
 777Currently the SOCKS4 and SOCKS5 protocols are supported, and
 778.Xr ssh 1
 779will act as a SOCKS server.
 780Multiple forwardings may be specified, and
 781additional forwardings can be given on the command line.
 782Only the superuser can forward privileged ports.
 783.It Cm EnableEscapeCommandline
 784Enables the command line option in the
 785.Cm EscapeChar
 786menu for interactive sessions (default
 787.Ql ~C ) .
 788By default, the command line is disabled.
 789.It Cm EnableSSHKeysign
 790Setting this option to
 791.Cm yes
 792in the global client configuration file
 793.Pa /etc/ssh/ssh_config
 794enables the use of the helper program
 795.Xr ssh-keysign 8
 796during
 797.Cm HostbasedAuthentication .
 798The argument must be
 799.Cm yes
 800or
 801.Cm no
 802(the default).
 803This option should be placed in the non-hostspecific section.
 804See
 805.Xr ssh-keysign 8
 806for more information.
 807.It Cm EscapeChar
 808Sets the escape character (default:
 809.Ql ~ ) .
 810The escape character can also
 811be set on the command line.
 812The argument should be a single character,
 813.Ql ^
 814followed by a letter, or
 815.Cm none
 816to disable the escape
 817character entirely (making the connection transparent for binary
 818data).
 819.It Cm ExitOnForwardFailure
 820Specifies whether
 821.Xr ssh 1
 822should terminate the connection if it cannot set up all requested
 823dynamic, tunnel, local, and remote port forwardings, (e.g.\&
 824if either end is unable to bind and listen on a specified port).
 825Note that
 826.Cm ExitOnForwardFailure
 827does not apply to connections made over port forwardings and will not,
 828for example, cause
 829.Xr ssh 1
 830to exit if TCP connections to the ultimate forwarding destination fail.
 831The argument must be
 832.Cm yes
 833or
 834.Cm no
 835(the default).
 836.It Cm FingerprintHash
 837Specifies the hash algorithm used when displaying key fingerprints.
 838Valid options are:
 839.Cm md5
 840and
 841.Cm sha256
 842(the default).
 843.It Cm ForkAfterAuthentication
 844Requests
 845.Nm ssh
 846to go to background just before command execution.
 847This is useful if
 848.Nm ssh
 849is going to ask for passwords or passphrases, but the user
 850wants it in the background.
 851This implies the
 852.Cm StdinNull
 853configuration option being set to
 854.Dq yes .
 855The recommended way to start X11 programs at a remote site is with
 856something like
 857.Ic ssh -f host xterm ,
 858which is the same as
 859.Ic ssh host xterm
 860if the
 861.Cm ForkAfterAuthentication
 862configuration option is set to
 863.Dq yes .
 864.Pp
 865If the
 866.Cm ExitOnForwardFailure
 867configuration option is set to
 868.Dq yes ,
 869then a client started with the
 870.Cm ForkAfterAuthentication
 871configuration option being set to
 872.Dq yes
 873will wait for all remote port forwards to be successfully established
 874before placing itself in the background.
 875The argument to this keyword must be
 876.Cm yes
 877(same as the
 878.Fl f
 879option) or
 880.Cm no
 881(the default).
 882.It Cm ForwardAgent
 883Specifies whether the connection to the authentication agent (if any)
 884will be forwarded to the remote machine.
 885The argument may be
 886.Cm yes ,
 887.Cm no
 888(the default),
 889an explicit path to an agent socket or the name of an environment variable
 890(beginning with
 891.Sq $ )
 892in which to find the path.
 893.Pp
 894Agent forwarding should be enabled with caution.
 895Users with the ability to bypass file permissions on the remote host
 896(for the agent's Unix-domain socket)
 897can access the local agent through the forwarded connection.
 898An attacker cannot obtain key material from the agent,
 899however they can perform operations on the keys that enable them to
 900authenticate using the identities loaded into the agent.
 901.It Cm ForwardX11
 902Specifies whether X11 connections will be automatically redirected
 903over the secure channel and
 904.Ev DISPLAY
 905set.
 906The argument must be
 907.Cm yes
 908or
 909.Cm no
 910(the default).
 911.Pp
 912X11 forwarding should be enabled with caution.
 913Users with the ability to bypass file permissions on the remote host
 914(for the user's X11 authorization database)
 915can access the local X11 display through the forwarded connection.
 916An attacker may then be able to perform activities such as keystroke monitoring
 917if the
 918.Cm ForwardX11Trusted
 919option is also enabled.
 920.It Cm ForwardX11Timeout
 921Specify a timeout for untrusted X11 forwarding
 922using the format described in the
 923.Sx TIME FORMATS
 924section of
 925.Xr sshd_config 5 .
 926X11 connections received by
 927.Xr ssh 1
 928after this time will be refused.
 929Setting
 930.Cm ForwardX11Timeout
 931to zero will disable the timeout and permit X11 forwarding for the life
 932of the connection.
 933The default is to disable untrusted X11 forwarding after twenty minutes has
 934elapsed.
 935.It Cm ForwardX11Trusted
 936If this option is set to
 937.Cm yes ,
 938remote X11 clients will have full access to the original X11 display.
 939.Pp
 940If this option is set to
 941.Cm no
 942(the default),
 943remote X11 clients will be considered untrusted and prevented
 944from stealing or tampering with data belonging to trusted X11
 945clients.
 946Furthermore, the
 947.Xr xauth 1
 948token used for the session will be set to expire after 20 minutes.
 949Remote clients will be refused access after this time.
 950.Pp
 951See the X11 SECURITY extension specification for full details on
 952the restrictions imposed on untrusted clients.
 953.It Cm GatewayPorts
 954Specifies whether remote hosts are allowed to connect to local
 955forwarded ports.
 956By default,
 957.Xr ssh 1
 958binds local port forwardings to the loopback address.
 959This prevents other remote hosts from connecting to forwarded ports.
 960.Cm GatewayPorts
 961can be used to specify that ssh
 962should bind local port forwardings to the wildcard address,
 963thus allowing remote hosts to connect to forwarded ports.
 964The argument must be
 965.Cm yes
 966or
 967.Cm no
 968(the default).
 969.It Cm GlobalKnownHostsFile
 970Specifies one or more files to use for the global
 971host key database, separated by whitespace.
 972The default is
 973.Pa /etc/ssh/ssh_known_hosts ,
 974.Pa /etc/ssh/ssh_known_hosts2 .
 975.It Cm GSSAPIAuthentication
 976Specifies whether user authentication based on GSSAPI is allowed.
 977The default is
 978.Cm no .
 979.It Cm GSSAPIDelegateCredentials
 980Forward (delegate) credentials to the server.
 981The default is
 982.Cm no .
 983.It Cm HashKnownHosts
 984Indicates that
 985.Xr ssh 1
 986should hash host names and addresses when they are added to
 987.Pa ~/.ssh/known_hosts .
 988These hashed names may be used normally by
 989.Xr ssh 1
 990and
 991.Xr sshd 8 ,
 992but they do not visually reveal identifying information if the
 993file's contents are disclosed.
 994The default is
 995.Cm no .
 996Note that existing names and addresses in known hosts files
 997will not be converted automatically,
 998but may be manually hashed using
 999.Xr ssh-keygen 1 .
1000.It Cm HostbasedAcceptedAlgorithms
1001Specifies the signature algorithms that will be used for hostbased
1002authentication as a comma-separated list of patterns.
1003Alternately if the specified list begins with a
1004.Sq +
1005character, then the specified signature algorithms will be appended
1006to the default set instead of replacing them.
1007If the specified list begins with a
1008.Sq -
1009character, then the specified signature algorithms (including wildcards)
1010will be removed from the default set instead of replacing them.
1011If the specified list begins with a
1012.Sq ^
1013character, then the specified signature algorithms will be placed
1014at the head of the default set.
1015The default for this option is:
1016.Bd -literal -offset 3n
1017ssh-ed25519-cert-v01@openssh.com,
1018ecdsa-sha2-nistp256-cert-v01@openssh.com,
1019ecdsa-sha2-nistp384-cert-v01@openssh.com,
1020ecdsa-sha2-nistp521-cert-v01@openssh.com,
1021sk-ssh-ed25519-cert-v01@openssh.com,
1022sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,
1023webauthn-sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,
1024rsa-sha2-512-cert-v01@openssh.com,
1025rsa-sha2-256-cert-v01@openssh.com,
1026ssh-ed25519,
1027ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
1028sk-ssh-ed25519@openssh.com,
1029sk-ecdsa-sha2-nistp256@openssh.com,
1030webauthn-sk-ecdsa-sha2-nistp256@openssh.com,
1031rsa-sha2-512,rsa-sha2-256
1032.Ed
1033.Pp
1034The
1035.Fl Q
1036option of
1037.Xr ssh 1
1038may be used to list supported signature algorithms.
1039This was formerly named HostbasedKeyTypes.
1040.It Cm HostbasedAuthentication
1041Specifies whether to try rhosts based authentication with public key
1042authentication.
1043The argument must be
1044.Cm yes
1045or
1046.Cm no
1047(the default).
1048.It Cm HostKeyAlgorithms
1049Specifies the host key signature algorithms
1050that the client wants to use in order of preference.
1051Alternately if the specified list begins with a
1052.Sq +
1053character, then the specified signature algorithms will be appended to
1054the default set instead of replacing them.
1055If the specified list begins with a
1056.Sq -
1057character, then the specified signature algorithms (including wildcards)
1058will be removed from the default set instead of replacing them.
1059If the specified list begins with a
1060.Sq ^
1061character, then the specified signature algorithms will be placed
1062at the head of the default set.
1063The default for this option is:
1064.Bd -literal -offset 3n
1065ssh-ed25519-cert-v01@openssh.com,
1066ecdsa-sha2-nistp256-cert-v01@openssh.com,
1067ecdsa-sha2-nistp384-cert-v01@openssh.com,
1068ecdsa-sha2-nistp521-cert-v01@openssh.com,
1069sk-ssh-ed25519-cert-v01@openssh.com,
1070sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,
1071webauthn-sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,
1072rsa-sha2-512-cert-v01@openssh.com,
1073rsa-sha2-256-cert-v01@openssh.com,
1074ssh-ed25519,
1075ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
1076sk-ecdsa-sha2-nistp256@openssh.com,
1077webauthn-sk-ecdsa-sha2-nistp256@openssh.com
1078sk-ssh-ed25519@openssh.com,
1079rsa-sha2-512,rsa-sha2-256
1080.Ed
1081.Pp
1082If hostkeys are known for the destination host then this default is modified
1083to prefer their algorithms.
1084.Pp
1085The list of available signature algorithms may also be obtained using
1086.Qq ssh -Q HostKeyAlgorithms .
1087.It Cm HostKeyAlias
1088Specifies an alias that should be used instead of the
1089real host name when looking up or saving the host key
1090in the host key database files and when validating host certificates.
1091This option is useful for tunneling SSH connections
1092or for multiple servers running on a single host.
1093.It Cm Hostname
1094Specifies the real host name to log into.
1095This can be used to specify nicknames or abbreviations for hosts.
1096Arguments to
1097.Cm Hostname
1098accept the tokens described in the
1099.Sx TOKENS
1100section.
1101Numeric IP addresses are also permitted (both on the command line and in
1102.Cm Hostname
1103specifications).
1104The default is the name given on the command line.
1105.It Cm IdentitiesOnly
1106Specifies that
1107.Xr ssh 1
1108should only use the configured authentication identity and certificate files
1109(either the default files, or those explicitly configured in the
1110.Nm
1111files
1112or passed on the
1113.Xr ssh 1
1114command-line),
1115even if
1116.Xr ssh-agent 1
1117or a
1118.Cm PKCS11Provider
1119or
1120.Cm SecurityKeyProvider
1121offers more identities.
1122The argument to this keyword must be
1123.Cm yes
1124or
1125.Cm no
1126(the default).
1127This option is intended for situations where ssh-agent
1128offers many different identities.
1129.It Cm IdentityAgent
1130Specifies the
1131.Ux Ns -domain
1132socket used to communicate with the authentication agent.
1133.Pp
1134This option overrides the
1135.Ev SSH_AUTH_SOCK
1136environment variable and can be used to select a specific agent.
1137Setting the socket name to
1138.Cm none
1139disables the use of an authentication agent.
1140If the string
1141.Qq SSH_AUTH_SOCK
1142is specified, the location of the socket will be read from the
1143.Ev SSH_AUTH_SOCK
1144environment variable.
1145Otherwise if the specified value begins with a
1146.Sq $
1147character, then it will be treated as an environment variable containing
1148the location of the socket.
1149.Pp
1150Arguments to
1151.Cm IdentityAgent
1152may use the tilde syntax to refer to a user's home directory,
1153the tokens described in the
1154.Sx TOKENS
1155section and environment variables as described in the
1156.Sx ENVIRONMENT VARIABLES
1157section.
1158.It Cm IdentityFile
1159Specifies a file from which the user's ECDSA, authenticator-hosted ECDSA,
1160Ed25519, authenticator-hosted Ed25519 or RSA authentication identity is read.
1161You can also specify a public key file to use the corresponding
1162private key that is loaded in
1163.Xr ssh-agent 1
1164when the private key file is not present locally.
1165The default is
1166.Pa ~/.ssh/id_rsa ,
1167.Pa ~/.ssh/id_ecdsa ,
1168.Pa ~/.ssh/id_ecdsa_sk ,
1169.Pa ~/.ssh/id_ed25519
1170and
1171.Pa ~/.ssh/id_ed25519_sk .
1172Additionally, any identities represented by the authentication agent
1173will be used for authentication unless
1174.Cm IdentitiesOnly
1175is set.
1176If no certificates have been explicitly specified by
1177.Cm CertificateFile ,
1178.Xr ssh 1
1179will try to load certificate information from the filename obtained by
1180appending
1181.Pa -cert.pub
1182to the path of a specified
1183.Cm IdentityFile .
1184.Pp
1185Arguments to
1186.Cm IdentityFile
1187may use the tilde syntax to refer to a user's home directory
1188or the tokens described in the
1189.Sx TOKENS
1190section.
1191Alternately an argument of
1192.Cm none
1193may be used to indicate no identity files should be loaded.
1194.Pp
1195It is possible to have
1196multiple identity files specified in configuration files; all these
1197identities will be tried in sequence.
1198Multiple
1199.Cm IdentityFile
1200directives will add to the list of identities tried (this behaviour
1201differs from that of other configuration directives).
1202.Pp
1203.Cm IdentityFile
1204may be used in conjunction with
1205.Cm IdentitiesOnly
1206to select which identities in an agent are offered during authentication.
1207.Cm IdentityFile
1208may also be used in conjunction with
1209.Cm CertificateFile
1210in order to provide any certificate also needed for authentication with
1211the identity.
1212.It Cm IgnoreUnknown
1213Specifies a pattern-list of unknown options to be ignored if they are
1214encountered in configuration parsing.
1215This may be used to suppress errors if
1216.Nm
1217contains options that are unrecognised by
1218.Xr ssh 1 .
1219It is recommended that
1220.Cm IgnoreUnknown
1221be listed early in the configuration file as it will not be applied
1222to unknown options that appear before it.
1223.It Cm Include
1224Include the specified configuration file(s).
1225Multiple pathnames may be specified and each pathname may contain
1226.Xr glob 7
1227wildcards,
1228tokens as described in the
1229.Sx TOKENS
1230section, environment variables as described in the
1231.Sx ENVIRONMENT VARIABLES
1232section and, for user configurations, shell-like
1233.Sq ~
1234references to user home directories.
1235Wildcards will be expanded and processed in lexical order.
1236Files without absolute paths are assumed to be in
1237.Pa ~/.ssh
1238if included in a user configuration file or
1239.Pa /etc/ssh
1240if included from the system configuration file.
1241.Cm Include
1242directive may appear inside a
1243.Cm Match
1244or
1245.Cm Host
1246block
1247to perform conditional inclusion.
1248.It Cm IPQoS
1249Specifies the
1250.Em Differentiated Services Field Codepoint Pq DSCP
1251value for connections.
1252Accepted values are
1253.Cm af11 ,
1254.Cm af12 ,
1255.Cm af13 ,
1256.Cm af21 ,
1257.Cm af22 ,
1258.Cm af23 ,
1259.Cm af31 ,
1260.Cm af32 ,
1261.Cm af33 ,
1262.Cm af41 ,
1263.Cm af42 ,
1264.Cm af43 ,
1265.Cm cs0 ,
1266.Cm cs1 ,
1267.Cm cs2 ,
1268.Cm cs3 ,
1269.Cm cs4 ,
1270.Cm cs5 ,
1271.Cm cs6 ,
1272.Cm cs7 ,
1273.Cm ef ,
1274.Cm le ,
1275a numeric value, or
1276.Cm none
1277to use the operating system default.
1278This option may take one or two arguments, separated by whitespace.
1279If one argument is specified, it is used as the packet class unconditionally.
1280If two values are specified, the first is automatically selected for
1281interactive sessions and the second for non-interactive sessions.
1282The default is
1283.Cm ef
1284(Expedited Forwarding)
1285for interactive sessions and
1286.Cm none
1287(the operating system default)
1288for non-interactive sessions.
1289.It Cm KbdInteractiveAuthentication
1290Specifies whether to use keyboard-interactive authentication.
1291The argument to this keyword must be
1292.Cm yes
1293(the default)
1294or
1295.Cm no .
1296.Cm ChallengeResponseAuthentication
1297is a deprecated alias for this.
1298.It Cm KbdInteractiveDevices
1299Specifies the list of methods to use in keyboard-interactive authentication.
1300Multiple method names must be comma-separated.
1301The default is to use the server specified list.
1302The methods available vary depending on what the server supports.
1303For an OpenSSH server,
1304it may be zero or more of:
1305.Cm bsdauth
1306and
1307.Cm pam .
1308.It Cm KexAlgorithms
1309Specifies the permitted KEX (Key Exchange) algorithms that will be used and
1310their preference order.
1311The selected algorithm will be the first algorithm in this list that
1312the server also supports.
1313Multiple algorithms must be comma-separated.
1314.Pp
1315If the specified list begins with a
1316.Sq +
1317character, then the specified algorithms will be appended to the default set
1318instead of replacing them.
1319If the specified list begins with a
1320.Sq -
1321character, then the specified algorithms (including wildcards) will be removed
1322from the default set instead of replacing them.
1323If the specified list begins with a
1324.Sq ^
1325character, then the specified algorithms will be placed at the head of the
1326default set.
1327.Pp
1328The default is:
1329.Bd -literal -offset indent
1330mlkem768x25519-sha256,
1331sntrup761x25519-sha512,sntrup761x25519-sha512@openssh.com,
1332curve25519-sha256,curve25519-sha256@libssh.org,
1333ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,
1334diffie-hellman-group-exchange-sha256,
1335diffie-hellman-group16-sha512,
1336diffie-hellman-group18-sha512,
1337diffie-hellman-group14-sha256
1338.Ed
1339.Pp
1340The list of supported key exchange algorithms may also be obtained using
1341.Qq ssh -Q kex .
1342.It Cm KnownHostsCommand
1343Specifies a command to use to obtain a list of host keys, in addition to
1344those listed in
1345.Cm UserKnownHostsFile
1346and
1347.Cm GlobalKnownHostsFile .
1348This command is executed after the files have been read.
1349It may write host key lines to standard output in identical format to the
1350usual files (described in the
1351.Sx VERIFYING HOST KEYS
1352section in
1353.Xr ssh 1 ) .
1354Arguments to
1355.Cm KnownHostsCommand
1356accept the tokens described in the
1357.Sx TOKENS
1358section.
1359The command may be invoked multiple times per connection: once when preparing
1360the preference list of host key algorithms to use, again to obtain the
1361host key for the requested host name and, if
1362.Cm CheckHostIP
1363is enabled, one more time to obtain the host key matching the server's
1364address.
1365If the command exits abnormally or returns a non-zero exit status then the
1366connection is terminated.
1367.It Cm LocalCommand
1368Specifies a command to execute on the local machine after successfully
1369connecting to the server.
1370The command string extends to the end of the line, and is executed with
1371the user's shell.
1372Arguments to
1373.Cm LocalCommand
1374accept the tokens described in the
1375.Sx TOKENS
1376section.
1377.Pp
1378The command is run synchronously and does not have access to the
1379session of the
1380.Xr ssh 1
1381that spawned it.
1382It should not be used for interactive commands.
1383.Pp
1384This directive is ignored unless
1385.Cm PermitLocalCommand
1386has been enabled.
1387.It Cm LocalForward
1388Specifies that a TCP port or Unix-domain socket on the local machine
1389be forwarded over
1390the secure channel to the specified host and port (or Unix-domain socket)
1391from the remote machine.
1392For a TCP port, the first argument must be
1393.Sm off
1394.Oo Ar bind_address : Oc Ar port
1395.Sm on
1396or a Unix domain socket path.
1397The second argument is the destination and may be
1398.Ar host : Ns Ar hostport
1399or a Unix domain socket path if the remote host supports it.
1400.Pp
1401IPv6 addresses can be specified by enclosing addresses in square brackets.
1402.Pp
1403If either argument contains a '/' in it, that argument will be
1404interpreted as a Unix-domain socket (on the corresponding host) rather
1405than a TCP port.
1406.Pp
1407Multiple forwardings may be specified, and additional forwardings can be
1408given on the command line.
1409Only the superuser can forward privileged ports.
1410By default, the local port is bound in accordance with the
1411.Cm GatewayPorts
1412setting.
1413However, an explicit
1414.Ar bind_address
1415may be used to bind the connection to a specific address.
1416The
1417.Ar bind_address
1418of
1419.Cm localhost
1420indicates that the listening port be bound for local use only, while an
1421empty address or
1422.Sq *
1423indicates that the port should be available from all interfaces.
1424Unix domain socket paths may use the tokens described in the
1425.Sx TOKENS
1426section and environment variables as described in the
1427.Sx ENVIRONMENT VARIABLES
1428section.
1429.It Cm LogLevel
1430Gives the verbosity level that is used when logging messages from
1431.Xr ssh 1 .
1432The possible values are:
1433QUIET, FATAL, ERROR, INFO, VERBOSE, DEBUG, DEBUG1, DEBUG2, and DEBUG3.
1434The default is INFO.
1435DEBUG and DEBUG1 are equivalent.
1436DEBUG2 and DEBUG3 each specify higher levels of verbose output.
1437.It Cm LogVerbose
1438Specify one or more overrides to LogLevel.
1439An override consists of one or more pattern lists that matches the
1440source file, function and line number to force detailed logging for.
1441For example, an override pattern of:
1442.Bd -literal -offset indent
1443kex.c:*:1000,*:kex_exchange_identification():*,packet.c:*
1444.Ed
1445.Pp
1446would enable detailed logging for line 1000 of
1447.Pa kex.c ,
1448everything in the
1449.Fn kex_exchange_identification
1450function, and all code in the
1451.Pa packet.c
1452file.
1453This option is intended for debugging and no overrides are enabled by default.
1454.It Cm MACs
1455Specifies the MAC (message authentication code) algorithms
1456in order of preference.
1457The MAC algorithm is used for data integrity protection.
1458Multiple algorithms must be comma-separated.
1459If the specified list begins with a
1460.Sq +
1461character, then the specified algorithms will be appended to the default set
1462instead of replacing them.
1463If the specified list begins with a
1464.Sq -
1465character, then the specified algorithms (including wildcards) will be removed
1466from the default set instead of replacing them.
1467If the specified list begins with a
1468.Sq ^
1469character, then the specified algorithms will be placed at the head of the
1470default set.
1471.Pp
1472The algorithms that contain
1473.Qq -etm
1474calculate the MAC after encryption (encrypt-then-mac).
1475These are considered safer and their use recommended.
1476.Pp
1477The default is:
1478.Bd -literal -offset indent
1479umac-64-etm@openssh.com,umac-128-etm@openssh.com,
1480hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,
1481hmac-sha1-etm@openssh.com,
1482umac-64@openssh.com,umac-128@openssh.com,
1483hmac-sha2-256,hmac-sha2-512,hmac-sha1
1484.Ed
1485.Pp
1486The list of available MAC algorithms may also be obtained using
1487.Qq ssh -Q mac .
1488.It Cm NoHostAuthenticationForLocalhost
1489Disable host authentication for localhost (loopback addresses).
1490The argument to this keyword must be
1491.Cm yes
1492or
1493.Cm no
1494(the default).
1495.It Cm NumberOfPasswordPrompts
1496Specifies the number of password prompts before giving up.
1497The argument to this keyword must be an integer.
1498The default is 3.
1499.It Cm ObscureKeystrokeTiming
1500Specifies whether
1501.Xr ssh 1
1502should try to obscure inter-keystroke timings from passive observers of
1503network traffic.
1504If enabled, then for interactive sessions,
1505.Xr ssh 1
1506will send keystrokes at fixed intervals of a few tens of milliseconds
1507and will send fake keystroke packets for some time after typing ceases.
1508The argument to this keyword must be
1509.Cm yes ,
1510.Cm no
1511or an interval specifier of the form
1512.Cm interval:milliseconds
1513(e.g.\&
1514.Cm interval:80
1515for 80 milliseconds).
1516The default is to obscure keystrokes using a 20ms packet interval.
1517Note that smaller intervals will result in higher fake keystroke packet rates.
1518.It Cm PasswordAuthentication
1519Specifies whether to use password authentication.
1520The argument to this keyword must be
1521.Cm yes
1522(the default)
1523or
1524.Cm no .
1525.It Cm PermitLocalCommand
1526Allow local command execution via the
1527.Ic LocalCommand
1528option or using the
1529.Ic !\& Ns Ar command
1530escape sequence in
1531.Xr ssh 1 .
1532The argument must be
1533.Cm yes
1534or
1535.Cm no
1536(the default).
1537.It Cm PermitRemoteOpen
1538Specifies the destinations to which remote TCP port forwarding is permitted when
1539.Cm RemoteForward
1540is used as a SOCKS proxy.
1541The forwarding specification must be one of the following forms:
1542.Pp
1543.Bl -item -offset indent -compact
1544.It
1545.Cm PermitRemoteOpen
1546.Sm off
1547.Ar host : port
1548.Sm on
1549.It
1550.Cm PermitRemoteOpen
1551.Sm off
1552.Ar IPv4_addr : port
1553.Sm on
1554.It
1555.Cm PermitRemoteOpen
1556.Sm off
1557.Ar \&[ IPv6_addr \&] : port
1558.Sm on
1559.El
1560.Pp
1561Multiple forwards may be specified by separating them with whitespace.
1562An argument of
1563.Cm any
1564can be used to remove all restrictions and permit any forwarding requests.
1565An argument of
1566.Cm none
1567can be used to prohibit all forwarding requests.
1568The wildcard
1569.Sq *
1570can be used for host or port to allow all hosts or ports respectively.
1571Otherwise, no pattern matching or address lookups are performed on supplied
1572names.
1573.It Cm PKCS11Provider
1574Specifies which PKCS#11 provider to use or
1575.Cm none
1576to indicate that no provider should be used (the default).
1577The argument to this keyword is a path to the PKCS#11 shared library
1578.Xr ssh 1
1579should use to communicate with a PKCS#11 token providing keys for user
1580authentication.
1581.It Cm Port
1582Specifies the port number to connect on the remote host.
1583The default is 22.
1584.It Cm PreferredAuthentications
1585Specifies the order in which the client should try authentication methods.
1586This allows a client to prefer one method (e.g.\&
1587.Cm keyboard-interactive )
1588over another method (e.g.\&
1589.Cm password ) .
1590The default is:
1591.Bd -literal -offset indent
1592gssapi-with-mic,hostbased,publickey,
1593keyboard-interactive,password
1594.Ed
1595.It Cm ProxyCommand
1596Specifies the command to use to connect to the server.
1597The command
1598string extends to the end of the line, and is executed
1599using the user's shell
1600.Ql exec
1601directive to avoid a lingering shell process.
1602.Pp
1603Arguments to
1604.Cm ProxyCommand
1605accept the tokens described in the
1606.Sx TOKENS
1607section.
1608The command can be basically anything,
1609and should read from its standard input and write to its standard output.
1610It should eventually connect an
1611.Xr sshd 8
1612server running on some machine, or execute
1613.Ic sshd -i
1614somewhere.
1615Host key management will be done using the
1616.Cm Hostname
1617of the host being connected (defaulting to the name typed by the user).
1618Setting the command to
1619.Cm none
1620disables this option entirely.
1621Note that
1622.Cm CheckHostIP
1623is not available for connects with a proxy command.
1624.Pp
1625This directive is useful in conjunction with
1626.Xr nc 1
1627and its proxy support.
1628For example, the following directive would connect via an HTTP proxy at
1629192.0.2.0:
1630.Bd -literal -offset 3n
1631ProxyCommand /usr/bin/nc -X connect -x 192.0.2.0:8080 %h %p
1632.Ed
1633.It Cm ProxyJump
1634Specifies one or more jump proxies as either
1635.Sm off
1636.Op Ar user No @
1637.Ar host
1638.Op : Ns Ar port
1639.Sm on
1640or an ssh URI.
1641Multiple proxies may be separated by comma characters and will be visited
1642sequentially.
1643Setting this option will cause
1644.Xr ssh 1
1645to connect to the target host by first making an
1646.Xr ssh 1
1647connection to the specified
1648.Cm ProxyJump
1649host and then establishing a
1650TCP forwarding to the ultimate target from there.
1651Setting the host to
1652.Cm none
1653disables this option entirely.
1654.Pp
1655Note that this option will compete with the
1656.Cm ProxyCommand
1657option - whichever is specified first will prevent later instances of the
1658other from taking effect.
1659.Pp
1660Note also that the configuration for the destination host (either supplied
1661via the command-line or the configuration file) is not generally applied
1662to jump hosts.
1663.Pa ~/.ssh/config
1664should be used if specific configuration is required for jump hosts.
1665.It Cm ProxyUseFdpass
1666Specifies that
1667.Cm ProxyCommand
1668will pass a connected file descriptor back to
1669.Xr ssh 1
1670instead of continuing to execute and pass data.
1671The default is
1672.Cm no .
1673.It Cm PubkeyAcceptedAlgorithms
1674Specifies the signature algorithms that will be used for public key
1675authentication as a comma-separated list of patterns.
1676If the specified list begins with a
1677.Sq +
1678character, then the algorithms after it will be appended to the default
1679instead of replacing it.
1680If the specified list begins with a
1681.Sq -
1682character, then the specified algorithms (including wildcards) will be removed
1683from the default set instead of replacing them.
1684If the specified list begins with a
1685.Sq ^
1686character, then the specified algorithms will be placed at the head of the
1687default set.
1688The default for this option is:
1689.Bd -literal -offset 3n
1690ssh-ed25519-cert-v01@openssh.com,
1691ecdsa-sha2-nistp256-cert-v01@openssh.com,
1692ecdsa-sha2-nistp384-cert-v01@openssh.com,
1693ecdsa-sha2-nistp521-cert-v01@openssh.com,
1694sk-ssh-ed25519-cert-v01@openssh.com,
1695sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,
1696webauthn-sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,
1697rsa-sha2-512-cert-v01@openssh.com,
1698rsa-sha2-256-cert-v01@openssh.com,
1699ssh-ed25519,
1700ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
1701sk-ssh-ed25519@openssh.com,
1702sk-ecdsa-sha2-nistp256@openssh.com,
1703webauthn-sk-ecdsa-sha2-nistp256@openssh.com,
1704rsa-sha2-512,rsa-sha2-256
1705.Ed
1706.Pp
1707The list of available signature algorithms may also be obtained using
1708.Qq ssh -Q PubkeyAcceptedAlgorithms .
1709.It Cm PubkeyAuthentication
1710Specifies whether to try public key authentication.
1711The argument to this keyword must be
1712.Cm yes
1713(the default),
1714.Cm no ,
1715.Cm unbound
1716or
1717.Cm host-bound .
1718The final two options enable public key authentication while respectively
1719disabling or enabling the OpenSSH host-bound authentication protocol
1720extension required for restricted
1721.Xr ssh-agent 1
1722forwarding.
1723.It Cm RefuseConnection
1724Allows a connection to be refused by the configuration file.
1725If this option is specified, then
1726.Xr ssh 1
1727will terminate immediately before attempting to connect to the remote
1728host, display an error message that contains the argument to this keyword
1729and return a non-zero exit status.
1730This option may be useful to express reminders or warnings to the user via
1731.Nm .
1732.It Cm RekeyLimit
1733Specifies the maximum amount of data that may be transmitted or received
1734before the session key is renegotiated, optionally followed by a maximum
1735amount of time that may pass before the session key is renegotiated.
1736The first argument is specified in bytes and may have a suffix of
1737.Sq K ,
1738.Sq M ,
1739or
1740.Sq G
1741to indicate Kilobytes, Megabytes, or Gigabytes, respectively.
1742The default is between
1743.Sq 1G
1744and
1745.Sq 4G ,
1746depending on the cipher.
1747The optional second value is specified in seconds and may use any of the
1748units documented in the TIME FORMATS section of
1749.Xr sshd_config 5 .
1750The default value for
1751.Cm RekeyLimit
1752is
1753.Cm default none ,
1754which means that rekeying is performed after the cipher's default amount
1755of data has been sent or received and no time based rekeying is done.
1756.It Cm RemoteCommand
1757Specifies a command to execute on the remote machine after successfully
1758connecting to the server.
1759The command string extends to the end of the line, and is executed with
1760the user's shell.
1761Arguments to
1762.Cm RemoteCommand
1763accept the tokens described in the
1764.Sx TOKENS
1765section.
1766.It Cm RemoteForward
1767Specifies that a TCP port or Unix-domain socket on the remote machine
1768be forwarded over the secure channel.
1769The remote port may either be forwarded to a specified host and port
1770or Unix-domain socket
1771from the local machine, or may act as a SOCKS 4/5 proxy that allows a remote
1772client to connect to arbitrary destinations from the local machine.
1773The first argument is the listening specification and may be
1774.Sm off
1775.Oo Ar bind_address : Oc Ar port
1776.Sm on
1777or, if the remote host supports it, a Unix domain socket path.
1778If forwarding to a specific destination then the second argument must be
1779.Ar host : Ns Ar hostport
1780or a Unix domain socket path,
1781otherwise if no destination argument is specified then the remote forwarding
1782will be established as a SOCKS proxy.
1783When acting as a SOCKS proxy, the destination of the connection can be
1784restricted by
1785.Cm PermitRemoteOpen .
1786.Pp
1787IPv6 addresses can be specified by enclosing addresses in square brackets.
1788.Pp
1789If either argument contains a '/' in it, that argument will be
1790interpreted as a Unix-domain socket (on the corresponding host) rather
1791than a TCP port.
1792.Pp
1793Multiple forwardings may be specified, and additional
1794forwardings can be given on the command line.
1795Privileged ports can be forwarded only when
1796logging in as root on the remote machine.
1797Unix domain socket paths may use the tokens described in the
1798.Sx TOKENS
1799section and environment variables as described in the
1800.Sx ENVIRONMENT VARIABLES
1801section.
1802.Pp
1803If the
1804.Ar port
1805argument is 0,
1806the listen port will be dynamically allocated on the server and reported
1807to the client at run time.
1808.Pp
1809If the
1810.Ar bind_address
1811is not specified, the default is to only bind to loopback addresses.
1812If the
1813.Ar bind_address
1814is
1815.Ql *
1816or an empty string, then the forwarding is requested to listen on all
1817interfaces.
1818Specifying a remote
1819.Ar bind_address
1820will only succeed if the server's
1821.Cm GatewayPorts
1822option is enabled (see
1823.Xr sshd_config 5 ) .
1824.It Cm RequestTTY
1825Specifies whether to request a pseudo-tty for the session.
1826The argument may be one of:
1827.Cm no
1828(never request a TTY),
1829.Cm yes
1830(always request a TTY when standard input is a TTY),
1831.Cm force
1832(always request a TTY) or
1833.Cm auto
1834(request a TTY when opening a login session).
1835This option mirrors the
1836.Fl t
1837and
1838.Fl T
1839flags for
1840.Xr ssh 1 .
1841.It Cm RequiredRSASize
1842Specifies the minimum RSA key size (in bits) that
1843.Xr ssh 1
1844will accept.
1845User authentication keys smaller than this limit will be ignored.
1846Servers that present host keys smaller than this limit will cause the
1847connection to be terminated.
1848The default is
1849.Cm 1024
1850bits.
1851Note that this limit may only be raised from the default.
1852.It Cm RevokedHostKeys
1853Specifies revoked host public keys.
1854Keys listed in this file will be refused for host authentication.
1855Note that if this file does not exist or is not readable,
1856then host authentication will be refused for all hosts.
1857Keys may be specified as a text file, listing one public key per line, or as
1858an OpenSSH Key Revocation List (KRL) as generated by
1859.Xr ssh-keygen 1 .
1860For more information on KRLs, see the KEY REVOCATION LISTS section in
1861.Xr ssh-keygen 1 .
1862Arguments to
1863.Cm RevokedHostKeys
1864may use the tilde syntax to refer to a user's home directory,
1865the tokens described in the
1866.Sx TOKENS
1867section and environment variables as described in the
1868.Sx ENVIRONMENT VARIABLES
1869section.
1870.It Cm SecurityKeyProvider
1871Specifies a path to a library that will be used when loading any
1872FIDO authenticator-hosted keys, overriding the default of using
1873the built-in USB HID support.
1874.Pp
1875If the specified value begins with a
1876.Sq $
1877character, then it will be treated as an environment variable containing
1878the path to the library.
1879.It Cm SendEnv
1880Specifies what variables from the local
1881.Xr environ 7
1882should be sent to the server.
1883The server must also support it, and the server must be configured to
1884accept these environment variables.
1885Note that the
1886.Ev TERM
1887environment variable is always sent whenever a
1888pseudo-terminal is requested as it is required by the protocol.
1889Refer to
1890.Cm AcceptEnv
1891in
1892.Xr sshd_config 5
1893for how to configure the server.
1894Variables are specified by name, which may contain wildcard characters.
1895Multiple environment variables may be separated by whitespace or spread
1896across multiple
1897.Cm SendEnv
1898directives.
1899.Pp
1900See
1901.Sx PATTERNS
1902for more information on patterns.
1903.Pp
1904It is possible to clear previously set
1905.Cm SendEnv
1906variable names by prefixing patterns with
1907.Pa - .
1908The default is not to send any environment variables.
1909.It Cm ServerAliveCountMax
1910Sets the number of server alive messages (see below) which may be
1911sent without
1912.Xr ssh 1
1913receiving any messages back from the server.
1914If this threshold is reached while server alive messages are being sent,
1915ssh will disconnect from the server, terminating the session.
1916It is important to note that the use of server alive messages is very
1917different from
1918.Cm TCPKeepAlive
1919(below).
1920The server alive messages are sent through the encrypted channel
1921and therefore will not be spoofable.
1922The TCP keepalive option enabled by
1923.Cm TCPKeepAlive
1924is spoofable.
1925The server alive mechanism is valuable when the client or
1926server depend on knowing when a connection has become unresponsive.
1927.Pp
1928The default value is 3.
1929If, for example,
1930.Cm ServerAliveInterval
1931(see below) is set to 15 and
1932.Cm ServerAliveCountMax
1933is left at the default, if the server becomes unresponsive,
1934ssh will disconnect after approximately 45 seconds.
1935.It Cm ServerAliveInterval
1936Sets a timeout interval in seconds after which if no data has been received
1937from the server,
1938.Xr ssh 1
1939will send a message through the encrypted
1940channel to request a response from the server.
1941The default
1942is 0, indicating that these messages will not be sent to the server.
1943.It Cm SessionType
1944May be used to either request invocation of a subsystem on the remote system,
1945or to prevent the execution of a remote command at all.
1946The latter is useful for just forwarding ports.
1947The argument to this keyword must be
1948.Cm none
1949(same as the
1950.Fl N
1951option),
1952.Cm subsystem
1953(same as the
1954.Fl s
1955option) or
1956.Cm default
1957(shell or command execution).
1958.It Cm SetEnv
1959Directly specify one or more environment variables and their contents to
1960be sent to the server in the form
1961.Dq NAME=VALUE .
1962Similarly to
1963.Cm SendEnv ,
1964with the exception of the
1965.Ev TERM
1966variable, the server must be prepared to accept the environment variable.
1967.Pp
1968The
1969.Dq VALUE
1970may use the tokens described in the
1971.Sx TOKENS
1972section and environment variables as described in the
1973.Sx ENVIRONMENT VARIABLES
1974section.
1975.It Cm StdinNull
1976Redirects stdin from
1977.Pa /dev/null
1978(actually, prevents reading from stdin).
1979Either this or the equivalent
1980.Fl n
1981option must be used when
1982.Nm ssh
1983is run in the background.
1984The argument to this keyword must be
1985.Cm yes
1986(same as the
1987.Fl n
1988option) or
1989.Cm no
1990(the default).
1991.It Cm StreamLocalBindMask
1992Sets the octal file creation mode mask
1993.Pq umask
1994used when creating a Unix-domain socket file for local or remote
1995port forwarding.
1996This option is only used for port forwarding to a Unix-domain socket file.
1997.Pp
1998The default value is 0177, which creates a Unix-domain socket file that is
1999readable and writable only by the owner.
2000Note that not all operating systems honor the file mode on Unix-domain
2001socket files.
2002.It Cm StreamLocalBindUnlink
2003Specifies whether to remove an existing Unix-domain socket file for local
2004or remote port forwarding before creating a new one.
2005If the socket file already exists and
2006.Cm StreamLocalBindUnlink
2007is not enabled,
2008.Nm ssh
2009will be unable to forward the port to the Unix-domain socket file.
2010This option is only used for port forwarding to a Unix-domain socket file.
2011.Pp
2012The argument must be
2013.Cm yes
2014or
2015.Cm no
2016(the default).
2017.It Cm StrictHostKeyChecking
2018If this flag is set to
2019.Cm yes ,
2020.Xr ssh 1
2021will never automatically add host keys to the
2022.Pa ~/.ssh/known_hosts
2023file, and refuses to connect to hosts whose host key has changed.
2024This provides maximum protection against man-in-the-middle (MITM) attacks,
2025though it can be annoying when the
2026.Pa /etc/ssh/ssh_known_hosts
2027file is poorly maintained or when connections to new hosts are
2028frequently made.
2029This option forces the user to manually
2030add all new hosts.
2031.Pp
2032If this flag is set to
2033.Cm accept-new
2034then ssh will automatically add new host keys to the user's
2035.Pa known_hosts
2036file, but will not permit connections to hosts with
2037changed host keys.
2038If this flag is set to
2039.Cm no
2040or
2041.Cm off ,
2042ssh will automatically add new host keys to the user known hosts files
2043and allow connections to hosts with changed hostkeys to proceed,
2044subject to some restrictions.
2045If this flag is set to
2046.Cm ask
2047(the default),
2048new host keys
2049will be added to the user known host files only after the user
2050has confirmed that is what they really want to do, and
2051ssh will refuse to connect to hosts whose host key has changed.
2052The host keys of
2053known hosts will be verified automatically in all cases.
2054.It Cm SyslogFacility
2055Gives the facility code that is used when logging messages from
2056.Xr ssh 1 .
2057The possible values are: DAEMON, USER, AUTH, LOCAL0, LOCAL1, LOCAL2,
2058LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7.
2059The default is USER.
2060.It Cm TCPKeepAlive
2061Specifies whether the system should send TCP keepalive messages to the
2062other side.
2063If they are sent, death of the connection or crash of one
2064of the machines will be properly noticed.
2065However, this means that
2066connections will die if the route is down temporarily, and some people
2067find it annoying.
2068.Pp
2069The default is
2070.Cm yes
2071(to send TCP keepalive messages), and the client will notice
2072if the network goes down or the remote host dies.
2073This is important in scripts, and many users want it too.
2074.Pp
2075To disable TCP keepalive messages, the value should be set to
2076.Cm no .
2077See also
2078.Cm ServerAliveInterval
2079for protocol-level keepalives.
2080.It Cm Tag
2081Specify a configuration tag name that may be later used by a
2082.Cm Match
2083directive to select a block of configuration.
2084.It Cm Tunnel
2085Request
2086.Xr tun 4
2087device forwarding between the client and the server.
2088The argument must be
2089.Cm yes ,
2090.Cm point-to-point
2091(layer 3),
2092.Cm ethernet
2093(layer 2),
2094or
2095.Cm no
2096(the default).
2097Specifying
2098.Cm yes
2099requests the default tunnel mode, which is
2100.Cm point-to-point .
2101.It Cm TunnelDevice
2102Specifies the
2103.Xr tun 4
2104devices to open on the client
2105.Pq Ar local_tun
2106and the server
2107.Pq Ar remote_tun .
2108.Pp
2109The argument must be
2110.Sm off
2111.Ar local_tun Op : Ar remote_tun .
2112.Sm on
2113The devices may be specified by numerical ID or the keyword
2114.Cm any ,
2115which uses the next available tunnel device.
2116If
2117.Ar remote_tun
2118is not specified, it defaults to
2119.Cm any .
2120The default is
2121.Cm any:any .
2122.It Cm UpdateHostKeys
2123Specifies whether
2124.Xr ssh 1
2125should accept notifications of additional hostkeys from the server sent
2126after authentication has completed and add them to
2127.Cm UserKnownHostsFile .
2128The argument must be
2129.Cm yes ,
2130.Cm no
2131or
2132.Cm ask .
2133This option allows learning alternate hostkeys for a server
2134and supports graceful key rotation by allowing a server to send replacement
2135public keys before old ones are removed.
2136.Pp
2137Additional hostkeys are only accepted if the key used to authenticate the
2138host was already trusted or explicitly accepted by the user, the host was
2139authenticated via
2140.Cm UserKnownHostsFile
2141(i.e. not
2142.Cm GlobalKnownHostsFile )
2143and the host was authenticated using a plain key and not a certificate.
2144.Pp
2145.Cm UpdateHostKeys
2146is enabled by default if the user has not overridden the default
2147.Cm UserKnownHostsFile
2148setting and has not enabled
2149.Cm VerifyHostKeyDNS ,
2150otherwise
2151.Cm UpdateHostKeys
2152will be set to
2153.Cm no .
2154.Pp
2155If
2156.Cm UpdateHostKeys
2157is set to
2158.Cm ask ,
2159then the user is asked to confirm the modifications to the known_hosts file.
2160Confirmation is currently incompatible with
2161.Cm ControlPersist ,
2162and will be disabled if it is enabled.
2163.Pp
2164Presently, only
2165.Xr sshd 8
2166from OpenSSH 6.8 and greater support the
2167.Qq hostkeys@openssh.com
2168protocol extension used to inform the client of all the server's hostkeys.
2169.It Cm User
2170Specifies the user to log in as.
2171This can be useful when a different user name is used on different machines.
2172This saves the trouble of
2173having to remember to give the user name on the command line.
2174Arguments to
2175.Cm User
2176may use the tokens described in the
2177.Sx TOKENS
2178section
2179(with the exception of %r and %C)
2180and environment variables as described in the
2181.Sx ENVIRONMENT VARIABLES
2182section.
2183.It Cm UserKnownHostsFile
2184Specifies one or more files to use for the user
2185host key database, separated by whitespace.
2186Each filename may use tilde notation to refer to the user's home directory,
2187the tokens described in the
2188.Sx TOKENS
2189section and environment variables as described in the
2190.Sx ENVIRONMENT VARIABLES
2191section.
2192A value of
2193.Cm none
2194causes
2195.Xr ssh 1
2196to ignore any user-specific known hosts files.
2197The default is
2198.Pa ~/.ssh/known_hosts ,
2199.Pa ~/.ssh/known_hosts2 .
2200.It Cm VerifyHostKeyDNS
2201Specifies whether to verify the remote key using DNS and SSHFP resource
2202records.
2203If this option is set to
2204.Cm yes ,
2205the client will implicitly trust keys that match a secure fingerprint
2206from DNS.
2207Insecure fingerprints will be handled as if this option was set to
2208.Cm ask .
2209If this option is set to
2210.Cm ask ,
2211information on fingerprint match will be displayed, but the user will still
2212need to confirm new host keys according to the
2213.Cm StrictHostKeyChecking
2214option.
2215The default is
2216.Cm no .
2217.Pp
2218See also
2219.Sx VERIFYING HOST KEYS
2220in
2221.Xr ssh 1 .
2222.It Cm VersionAddendum
2223Optionally specifies additional text to append to the SSH protocol banner
2224sent by the client upon connection.
2225The default is
2226.Cm none .
2227.It Cm VisualHostKey
2228If this flag is set to
2229.Cm yes ,
2230an ASCII art representation of the remote host key fingerprint is
2231printed in addition to the fingerprint string at login and
2232for unknown host keys.
2233If this flag is set to
2234.Cm no
2235(the default),
2236no fingerprint strings are printed at login and
2237only the fingerprint string will be printed for unknown host keys.
2238.It Cm WarnWeakCrypto
2239controls whether the user is warned when the cryptographic algorithms
2240negotiated for the connection are weak or otherwise recommended against.
2241Warnings may be disabled by turning off a specific warning or by disabling
2242all warnings.
2243Warnings about connections that don't use a post-quantum key exchange
2244may be disabled using the
2245.Cm no-pq-kex
2246flag.
2247.Cm no
2248will disable all warnings.
2249The default, equivalent to
2250.Cm yes ,
2251is to enable all warnings.
2252.It Cm XAuthLocation
2253Specifies the full pathname of the
2254.Xr xauth 1
2255program.
2256The default is
2257.Pa /usr/X11R6/bin/xauth .
2258.El
2259.Sh PATTERNS
2260A
2261.Em pattern
2262consists of zero or more non-whitespace characters,
2263.Sq *
2264(a wildcard that matches zero or more characters),
2265or
2266.Sq ?\&
2267(a wildcard that matches exactly one character).
2268For example, to specify a set of declarations for any host in the
2269.Qq .co.uk
2270set of domains,
2271the following pattern could be used:
2272.Pp
2273.Dl Host *.co.uk
2274.Pp
2275The following pattern
2276would match any host in the 192.168.0.[0-9] network range:
2277.Pp
2278.Dl Host 192.168.0.?
2279.Pp
2280A
2281.Em pattern-list
2282is a comma-separated list of patterns.
2283Patterns within pattern-lists may be negated
2284by preceding them with an exclamation mark
2285.Pq Sq !\& .
2286For example,
2287to allow a key to be used from anywhere within an organization
2288except from the
2289.Qq dialup
2290pool,
2291the following entry (in authorized_keys) could be used:
2292.Pp
2293.Dl from=\&"!*.dialup.example.com,*.example.com\&"
2294.Pp
2295Note that a negated match will never produce a positive result by itself.
2296For example, attempting to match
2297.Qq host3
2298against the following pattern-list will fail:
2299.Pp
2300.Dl from=\&"!host1,!host2\&"
2301.Pp
2302The solution here is to include a term that will yield a positive match,
2303such as a wildcard:
2304.Pp
2305.Dl from=\&"!host1,!host2,*\&"
2306.Sh TOKENS
2307Arguments to some keywords can make use of tokens,
2308which are expanded at runtime:
2309.Pp
2310.Bl -tag -width XXXX -offset indent -compact
2311.It %%
2312A literal
2313.Sq % .
2314.It \&%C
2315Hash of %l%h%p%r%j.
2316.It %d
2317Local user's home directory.
2318.It %f
2319The fingerprint of the server's host key.
2320.It %H
2321The
2322.Pa known_hosts
2323hostname or address that is being searched for.
2324.It %h
2325The remote hostname.
2326.It \%%I
2327A string describing the reason for a
2328.Cm KnownHostsCommand
2329execution: either
2330.Cm ADDRESS
2331when looking up a host by address (only when
2332.Cm CheckHostIP
2333is enabled),
2334.Cm HOSTNAME
2335when searching by hostname, or
2336.Cm ORDER
2337when preparing the host key algorithm preference list to use for the
2338destination host.
2339.It %i
2340The local user ID.
2341.It %j
2342The contents of the ProxyJump option, or the empty string if this
2343option is unset.
2344.It %K
2345The base64 encoded host key.
2346.It %k
2347The host key alias if specified, otherwise the original remote hostname given
2348on the command line.
2349.It %L
2350The local hostname.
2351.It %l
2352The local hostname, including the domain name.
2353.It %n
2354The original remote hostname, as given on the command line.
2355.It %p
2356The remote port.
2357.It %r
2358The remote username.
2359.It \&%T
2360The local
2361.Xr tun 4
2362or
2363.Xr tap 4
2364network interface assigned if
2365tunnel forwarding was requested, or
2366.Qq NONE
2367otherwise.
2368.It %t
2369The type of the server host key, e.g.
2370.Cm ssh-ed25519 .
2371.It %u
2372The local username.
2373.El
2374.Pp
2375.Cm CertificateFile ,
2376.Cm ControlPath ,
2377.Cm IdentityAgent ,
2378.Cm IdentityFile ,
2379.Cm Include ,
2380.Cm KnownHostsCommand ,
2381.Cm LocalForward ,
2382.Cm Match exec ,
2383.Cm RemoteCommand ,
2384.Cm RemoteForward ,
2385.Cm RevokedHostKeys ,
2386.Cm UserKnownHostsFile
2387and
2388.Cm VersionAddendum
2389accept the tokens %%, %C, %d, %h, %i, %j, %k, %L, %l, %n, %p, %r, and %u.
2390.Pp
2391.Cm KnownHostsCommand
2392additionally accepts the tokens %f, %H, %I, %K and %t.
2393.Pp
2394.Cm Hostname
2395accepts the tokens %% and %h.
2396.Pp
2397.Cm LocalCommand
2398accepts all tokens.
2399.Pp
2400.Cm ProxyCommand
2401and
2402.Cm ProxyJump
2403accept the tokens %%, %h, %n, %p, and %r.
2404.Pp
2405Note that some of these directives build commands for execution via the shell.
2406Because
2407.Xr ssh 1
2408performs no filtering or escaping of characters that have special meaning in
2409shell commands (e.g. quotes), it is the user's responsibility to ensure that
2410the arguments passed to
2411.Xr ssh 1
2412do not contain such characters and that tokens are appropriately quoted
2413when used.
2414.Sh ENVIRONMENT VARIABLES
2415Arguments to some keywords can be expanded at runtime from environment
2416variables on the client by enclosing them in
2417.Ic ${} ,
2418for example
2419.Ic ${HOME}/.ssh
2420would refer to the user's .ssh directory.
2421If a specified environment variable does not exist then an error will be
2422returned and the setting for that keyword will be ignored.
2423.Pp
2424The keywords
2425.Cm CertificateFile ,
2426.Cm ControlPath ,
2427.Cm IdentityAgent ,
2428.Cm IdentityFile ,
2429.Cm Include ,
2430.Cm KnownHostsCommand ,
2431and
2432.Cm UserKnownHostsFile
2433support environment variables.
2434The keywords
2435.Cm LocalForward
2436and
2437.Cm RemoteForward
2438support environment variables only for Unix domain socket paths.
2439.Sh FILES
2440.Bl -tag -width Ds
2441.It Pa ~/.ssh/config
2442This is the per-user configuration file.
2443The format of this file is described above.
2444This file is used by the SSH client.
2445Because of the potential for abuse, this file must have strict permissions:
2446read/write for the user, and not writable by others.
2447.It Pa /etc/ssh/ssh_config
2448Systemwide configuration file.
2449This file provides defaults for those
2450values that are not specified in the user's configuration file, and
2451for those users who do not have a configuration file.
2452This file must be world-readable.
2453.El
2454.Sh SEE ALSO
2455.Xr ssh 1
2456.Sh AUTHORS
2457.An -nosplit
2458OpenSSH is a derivative of the original and free
2459ssh 1.2.12 release by
2460.An Tatu Ylonen .
2461.An Aaron Campbell , Bob Beck , Markus Friedl ,
2462.An Niels Provos , Theo de Raadt
2463and
2464.An Dug Song
2465removed many bugs, re-added newer features and
2466created OpenSSH.
2467.An Markus Friedl
2468contributed the support for SSH protocol versions 1.5 and 2.0.