 |
Index for
Section 4 |
|
 |
Alphabetical
listing for S |
|
 |
Bottom of
page |
|
ssh2_config(4)
NAME
ssh2_config - Configuration file for the Secure Shell client
DESCRIPTION
The Secure Shell client reads configuration data from the following sources
(in this order): system's global configuration file
(/etc/ssh2/ssh2_config), user's configuration file
($HOME/.ssh2/ssh2_config), and the command-line options. The file contains
keyword-argument pairs, one per line. Keywords are case insensitive. It is
possible to enclose arguments in quotes and use the standard C conventions.
Empty lines and lines starting with a number sign ( # ) are ignored as
comments. For each keyword, the last obtained value will be effective.
The following are ssh2_configfile keywords.
AllowedAuthentications
Specifies the authentication methods that the client uses to
authenticate users. Supported authentication methods are password,
publickey, and hostbased. The default is publickey,password.
You can specify any or all authentication methods. Use a comma-
separated list when specifying more than one argument. The order in
which authentication methods are listed is the order in which they are
used. For example, if hostbased is listed first, the client will use
hostbased authentication before trying the next listed authentication.
The first successful authentication is the one used.
AuthenticationSuccessMsg
Specifies whether or not to display the Authentication successful
message after authentication has completed successfully. This is mainly
to prevent malicious servers from getting information from the user by
displaying additional password or passphrase prompts. The argument must
be yes or no. The default is yes.
AuthorizationFile
Specifies the name of the user's authorization file.
BatchMode
Specifies whether or not password or passhphrase querying is disabled.
This keyword is useful in scripts and other batch jobs where you don't
have a user to supply the password. If the StrictHostKeyChecking
keyword is set to ask, the client assumes a no answer because user
input is not accepted when invoked with BatchMode yes. The argument
must be yes or no.
Ciphers
Specifies the Secure Shell ciphers to use for encrypting the session.
Supported ciphers are des, 3des, blowfish, arcfour, twofish, and
cast.Arguments for this keyword are any, anystd, that allows only
standard ciphers (and none), and anycipher that allows any available
cipher or excludes non-encrypting cipher mode none but allows all
others. Use a comma-separated list when specifying more than one
cipher.
ClearAllForwardings
Specifies whether or not to clear all defined remote and local
forwarded ports. The argument must be yes or no. Note that the scp
command always automatically clears all forwarded ports.
Compression
Specifies whether or not to use compression. The argument must be yes
or no.
DefaultDomain
Specifies whether or not to find out the system name if only the base
part of the system name is available by normal means (for example,
those used by the hostname command). This results are appended to the
found system name, if the system name returned does not contain a dot (
. ). This keyword is only useful if set in the system configuration
file.
DontReadStdin
Specifies whether or not to redirect input from /dev/null, for example
do not read stdin. The argument must be yes or no.
EnforceSecureRutils
Specifies whether or not to configure the suite of r* commands (rsh,
rlogin, and rcp commands and applications that use the rcmd function)
to automatically use a Secure Shell connection.
The argument must be yes or no. The default is no in the
/etc/ssh2/ssh2_config file and yes in the $HOME/.ssh2/ssh2_config file
of the root account.
EscapeChar
Sets the escape character. The escape character can also be set on the
command line. The argument should be a single character; for example,
^ followed by a letter or none to disable the escape character entirely
(making the connection transparent for binary data). The default is ~.
ForcePTTYAllocation
Specifies whether or not to allocate a terminal. For example, allocate
a terminal when a command is given. The argument must be yes or no.
ForwardAgent
Specifies whether or not the connection to the authentication agent (if
any) will be forwarded to the remote system. The argument must be yes
or no.
ForwardX11
Specifies whether or not X11 connections will be automatically
redirected over the secure channel and set the DISPLAY environment
variable. The argument must be yes or no.
GatewayPorts
Specifies whether or not remote hosts can connect to locally forwarded
ports. The argument must be yes or no. The default is no.
GoBackground
Specifies whether or not the client will go to the background after
authentication is done and the forwardings have been established. This
is useful if the client is going to ask for passwords or passphrases,
but the user wants it in the background. The argument must be yes, no,
or oneshot. With oneshot, the client behaves the same way as with
ssh2 -f o command. The default is no.
Host
Specifies the host name to log in to. With the expression format, this
can be used to specify nicknames or abbreviations for hosts. The
default is the name given on the command line. Numeric IP addresses are
also permitted (both on the command line and in HostName
specifications).
The expression format denotes the start of a per-host configuration
block, where expression is an arbitrary string that distinguishes this
block from others. The expressionformat can contain wildcards. The
expression will be compared with the host name obtained from the
command-line, and if it matches, the block will be evaluated.
Evaluation stops at the next expression: format. If more than one match
is found, the last obtained value will be effective. Note that the
expression format does not have to be a real host name, as long as the
expression block contains a host configuration parameter, where the
real host name to connect is defined.
IdentityFile
Specifies the name of the user's identification file.
KeepAlive
Specifies whether or not keepalive messages are sent. If they are
sent, the loss of a connection or crash of a system will be noticed.
However, this means that connections will die if the route is down
temporarily. The argument must be yes or no. The default is yes (send
keepalive messages). To disable keepalive messages, set the value to no
in both the server and the client configuration files.
LocalForward
Specifies that a TCP/IP port on the local system be forwarded over the
secure channel to the given host:port on the remote system. The
argument should be enclosed in double quotation marks (" "). The
argument format is port:remotehost:remoteport
MACs
Specifies the Secure Shell MAC (Message Authentication Code) algorithm
to use for data integrity verification. Supported MAC algorithms are
hmac-sha1, hmac-sha1-96, hmac-md5, hmac-md5-96, hmac-ripemd160, and
hmac-ripemd160-96, of which hmac-sha1, hmac-sha1-96, hmac-md5 and
hmac-md5-96 are included.
Use a comma-separated list when specifying more than one MAC. Special
arguments to this keyword are any, anystd, which allows only standard
MACs (and none), and anymac, which allows either any available MAC or
excludes none but allows all others. The anystdmac argument is the same
as the anymac argument, but includes only those MACs mentioned in the
IETF-SecSH-draft (excluding none).
NoDelay
Specifies whether or not to enable socket option TCP_NODELAY. The
argument must be yes or no. The default is no.
NumberofPasswordPrompts
Specifies the number of password prompts permitted. Note that the
server also limits the number of attempts, so setting this value larger
than the server's value does not have any effect. The default value is
3.
PasswordPrompt
Specifies the password prompt displayed when users log in. Variables %U
and %H can be used to give the user's login name and host name,
respectively.
Port
Specifies the port number on the remote host. The default is port
number 22.
QuietMode
Specifies whether or not all warnings and diagnostic messages are
displayed. Fatal errors are displayed. The argument must be yes or no.
RandomSeedFile
Specifies the name of the user's random seed file. The default is the
/$HOME/.ssh2/random_seed file, where $HOME is the name of the user's
account.
RekeyIntervalSeconds
Specifies the number of seconds between key exchanges. The default is
3600 seconds (one hour). A value of 0 (zero) turns rekey requests off.
This does not prevent the server from requesting rekeys. Other servers
might not have rekey capabilities implemented correctly, and might not
support rekey requests. This means that they might terminate the
connection or crash.
RemoteForward
Specifies that a TCP/IP port on the remote system be forwarded over the
secure channel to the specified host:port from the local system. The
argument should be enclosed in double quotation marks (" "). The
argument format is port:remotehost:remoteport
Ssh1AgentCompatibility
Specifies whether or not to forward an SSH1 agent connection. Arguments
are none, traditional, and ssh2. With value none (default), the SSH1
agent connection is not forwarded at all. With value traditional, the
SSH1 agent connection is forwarded transparently like in SSH1. Value
traditional can always be used, but it constitutes a security risk,
because the agent does not get the information about the forwarding
path. Value ssh2 makes SSH1 agent forwarding similar to SSH2 agent
forwarding, and with this mode the agent gets the information about the
agent forwarding path. Note that value ssh2 can be used only, if you
use ssh-agent2 in SSH1 compatibility mode.
Ssh1Compatibility
Specifies whether or not the client supports only SSH 1.x protocols.
The argument must be yes or no.
Ssh1Path
Specifies the path to ssh1 client, which is executed if the server
supports only SSH 1.x protocols. The arguments for ssh2 are passed to
the ssh1 client.
SocksServer
Overrides the value of the SSH_SOCKS_SERVER environment variable.
StrictHostKeyChecking
Specifies whether or not the client automatically adds new host keys to
the $HOME/.ssh2/hostkeys file. The argument must be yes, ask, or no.
If the argument is set to yes, new host keys will never be
automatically added to the hostkeys file, and connections will be
refused to hosts whose host key has changed.
If the argument is set to ask, new hosts will be automatically added to
the hostkeys file after the user confirms that they really want to add
it.
If the argument is set to no, new hosts will be automatically added to
the hostkeys file without prompting the user.
User
Specifies the user name to use when logging in. This keyword can be
useful if you have a different user name on different systems. You do
not have to specify the user name on the command line.
VerboseMode
Specifies whether or not debugging messages are displayed. The argument
must be yes or no. The default is no.
LEGAL NOTICES
SSH is a registered trademark of SSH Communication Security Ltd.
SEE ALSO
Commands: ssh2(1)
|
Index for
Section 4 |
|
|
Alphabetical
listing for S |
|
 |
Top of
page |
|