41
41
Host Restricts the following declarations (up to the next Host key-
42
42
word) to be only for those hosts that match one of the patterns
43
given after the keyword. A single `*' as a pattern can be used
44
to provide global defaults for all hosts. The host is the
45
hostname argument given on the command line (i.e. the name is not
46
converted to a canonicalized host name before matching).
43
given after the keyword. If more than one pattern is provided,
44
they should be separated by whitepsace. A single `*' as a pat-
45
tern can be used to provide global defaults for all hosts. The
46
host is the hostname argument given on the command line (i.e. the
47
name is not converted to a canonicalized host name before match-
48
50
See PATTERNS for more information on patterns.
201
203
ExitOnForwardFailure
202
204
Specifies whether ssh(1) should terminate the connection if it
203
cannot set up all requested dynamic, local, and remote port for-
204
wardings. The argument must be ``yes'' or ``no''. The default
205
cannot set up all requested dynamic, tunnel, local, and remote
206
port forwardings. The argument must be ``yes'' or ``no''. The
208
210
Specifies whether the connection to the authentication agent (if
324
326
It is possible to have multiple identity files specified in con-
325
327
figuration files; all these identities will be tried in sequence.
329
KbdInteractiveAuthentication
330
Specifies whether to use keyboard-interactive authentication.
331
The argument to this keyword must be ``yes'' or ``no''. The de-
327
334
KbdInteractiveDevices
328
335
Specifies the list of methods to use in keyboard-interactive au-
329
336
thentication. Multiple method names must be comma-separated.
336
343
Specifies a command to execute on the local machine after suc-
337
344
cessfully connecting to the server. The command string extends
338
to the end of the line, and is executed with /bin/sh. This di-
339
rective is ignored unless PermitLocalCommand has been enabled.
345
to the end of the line, and is executed with the user's shell.
346
The following escape character substitutions will be performed:
347
`%d' (local user's home directory), `%h' (remote host name), `%l'
348
(local host name), `%n' (host name as provided on the command
349
line), `%p' (remote port), `%r' (remote user name) or `%u' (local
350
user name). This directive is ignored unless PermitLocalCommand
342
354
Specifies that a TCP port on the local machine be forwarded over
365
377
MACs Specifies the MAC (message authentication code) algorithms in or-
366
378
der of preference. The MAC algorithm is used in protocol version
367
379
2 for data integrity protection. Multiple algorithms must be
368
comma-separated. The default is: ``hmac-md5,hmac-sha1,hmac-
369
ripemd160,hmac-sha1-96,hmac-md5-96''.
380
comma-separated. The default is:
382
hmac-md5,hmac-sha1,umac-64@openssh.com,
383
hmac-ripemd160,hmac-sha1-96,hmac-md5-96
371
385
NoHostAuthenticationForLocalhost
372
386
This option can be used if the home directory is shared across
412
426
Specifies the command to use to connect to the server. The com-
413
427
mand string extends to the end of the line, and is executed with
414
/bin/sh. In the command string, `%h' will be substituted by the
415
host name to connect and `%p' by the port. The command can be
416
basically anything, and should read from its standard input and
417
write to its standard output. It should eventually connect an
418
sshd(8) server running on some machine, or execute sshd -i some-
419
where. Host key management will be done using the HostName of
420
the host being connected (defaulting to the name typed by the us-
421
er). Setting the command to ``none'' disables this option en-
422
tirely. Note that CheckHostIP is not available for connects with
428
the user's shell. In the command string, `%h' will be substitut-
429
ed by the host name to connect and `%p' by the port. The command
430
can be basically anything, and should read from its standard in-
431
put and write to its standard output. It should eventually con-
432
nect an sshd(8) server running on some machine, or execute sshd
433
-i somewhere. Host key management will be done using the Host-
434
Name of the host being connected (defaulting to the name typed by
435
the user). Setting the command to ``none'' disables this option
436
entirely. Note that CheckHostIP is not available for connects
437
with a proxy command.
425
439
This directive is useful in conjunction with nc(1) and its proxy
426
440
support. For example, the following directive would connect via
594
608
See also VERIFYING HOST KEYS in ssh(1).
611
If this flag is set to ``yes'', an ASCII art representation of
612
the remote host key fingerprint is printed additionally to the
613
hex fingerprint string. If this flag is set to ``no'', only the
614
hex fingerprint string will be printed. The default is ``no''.
597
617
Specifies the full pathname of the xauth(1) program. The default
598
618
is /usr/X11R6/bin/xauth.