ssh_config
If you want to send us your comments, please do so. Thanks
More on comments
ssh_config
The client side config file
All options
| Option | Setting | Remark |
|---|---|---|
| IgnoreUnknown | Put in front so all consecutive options are checked when this option is activated | |
| AddKeysToAgent | no | Default |
| AddressFamily | inet | IPv4 only. Default: any |
| BatchMode | no | Default |
| BindAddress | ||
| CanonicalDomains | ||
| CanonicalizeFallbackLocal | ||
| CanonicalizeHostname | no | Default |
| CanonicalizeMaxDots | ||
| CanonicalizePermittedCNAMEs | ||
| CertificateFile | ||
| CertificateFile | ||
| ChallengeResponseAuthentication | no | Default |
| CheckHostIP | yes | Default |
| Cipher | blowfish, 3des | Default |
| Ciphers | chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc | Default. Comma separated list |
| ClearAllForwardings | no | Default. Comma separated list |
| Compression | no | Default |
| CompressionLevel | 6 | Default |
| ConnectionAttempts | 1 | Default |
| ConnectTimeout | Default: Follow the system TCP timeout | |
| ControlMaster | no | Default |
| ControlPath | ||
| ControlPersist | ||
| DynamicForward | ||
| EnableSSHKeysign | no | Default |
| EscapeChar | ~ | Default |
| ExitOnForwardFailure | no | Default |
| FingerprintHash | sha256 | Default |
| ForwardAgent | no | Default |
| ForwardX11 | ||
| ForwardX11Timeout | ||
| ForwardX11Trusted | ||
| GatewayPorts | ||
| GlobalKnownHostsFile | ||
| GSSAPIAuthentication | yes | Default for the Debian openssh-client. Otherwise the default is “no” |
| GSSAPIKeyExchange | ||
| GSSAPIClientIdentity | ||
| GSSAPIServerIdentity | ||
| GSSAPIDelegateCredentials | ||
| GSSAPIRenewalForcesRekey | ||
| GSSAPITrustDns | ||
| HashKnownHosts | yes | Default for the Debian openssh-client. Otherwise the default is “no” |
| Host | * | Allow all |
| HostbasedAuthentication | no | Default |
| HostbasedKeyTypes | ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,ssh-rsa | Default. Comma separated list |
| HostKeyAlgorithms | ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,ssh-rsa | Default. Comma separated list |
| HostKeyAlias | ||
| HostName | ||
| IdentitiesOnly | no | Default |
| IdentityAgent | ||
| IdentityFile | ~/.ssh/id_dsa, ~/.ssh/id_ecdsa, ~/.ssh/id_ed25519 and ~/.ssh/id_rsa | Default. Protocol version 2 |
| Include | ||
| IPQoS | lowdelay throughput | Default |
| KbdInteractiveAuthentication | yes | Default |
| KbdInteractiveDevices | OpenSSH server: zero or more of: bsdauth, pam, skey | |
| KexAlgorithms | curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1 | Default. Comma separated list |
| LocalCommand | ||
| LocalForward | ||
| LogLevel | INFO | Default |
| MACs | umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1 | Default |
| Match | ||
| NoHostAuthenticationForLocalhost | no | Default |
| NumberOfPasswordPrompts | 3 | Default |
| PasswordAuthentication | yes | Default |
| PermitLocalCommand | no | Default |
| PKCS11Provider | ||
| Port | 22 | Default |
| PreferredAuthentications | gssapi-with-mic,hostbased,publickey,keyboard-interactive,password | Default |
| Protocol | 2 | Default |
| ProxyCommand | ||
| ProxyJump | ||
| ProxyUseFdpass | no | Default |
| PubkeyAcceptedKeyTypes | ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,ssh-rsa | Default. Comma separated list |
| PubkeyAuthentication | yes | Default |
| RekeyLimit | none | Default |
| RemoteForward | Bind to loopback addresses | Default |
| RequestTTY | no | |
| RevokedHostKeys | ||
| RhostsRSAAuthentication | no | Default |
| RSAAuthentication | yes | Default |
| SendEnv | LANG LC_* | Default for the Debian openssh-client Otherwise the default is ““ |
| ServerAliveCountMax | 3 | Default |
| ServerAliveInterval | 0 | |
| StreamLocalBindMask | 0177 | Default |
| StreamLocalBindUnlink | no | Default |
| StrictHostKeyChecking | ask | Default |
| TCPKeepAlive | yes | Default |
| Tunnel | no | Default |
| TunnelDevice | any:any | Default |
| UpdateHostKeys | no | Default |
| UsePrivilegedPort | no | Default |
| User | User to log in as | |
| UserKnownHostsFile | ~/.ssh/known_hosts, ~/.ssh/known_hosts2 | Default |
| VerifyHostKeyDNS | no | Default |
| VisualHostKey | no | Default |
| XAuthLocation | /usr/bin/xauth | Default |
Main subjects on this wiki: Linux, Debian, HTML, Microcontrollers, Privacy
RSS
Disclaimer
Privacy statement
Bugs statement
Cookies
Copyright © : 2014 - 2024 Webevaluation.nl and the authors
Changes reserved.
ssh_config.txt · Last modified: 09-05-2020 18:03 by wim