Партнёры:
Хостинг:
NAME
ssh2_config - format of configuration file for ssh2
CONFIGURATION FILES
Ssh2 obtains configuration data from the following sources
(in this order): system's global configuration file (typi-
cally /etc/ssh2/ssh2_config), user's configuration file
($HOME/.ssh2/ssh2_config) and the command line options. For
each parameter, the last obtained value will be effective.
The configuration file has the following format:
`expression:' denotes the start of a per-host confi-
guration block, where `expression' is an arbitrary
string which distinguishes this block from others. The
`expression' can contain wildcards. The `expression'
will be compared with the hostname obtained from the
command-line, and if it matches, the block will be
evaluated. Evaluation stops at the next `expression:'
statement. If more than one match is found, all will be
evaluated and the last obtained values for parameters
will be effective. Note that the `expression' doesn't
have to be a real hostname, as long as the `expression'
block contains a "Host" configuration parameter, where
the real hostname to connect is defined.
Empty lines and lines starting with '#' are ignored as
comments.
Otherwise a line is of the format "keyword arguments".
Note that it is possible to enclose arguments in
quotes, and use the standard C convention. The possi-
ble keywords and their meanings are as follows (note
that the configuration files are case-sensitive, but
keywords are case-insensitive):
AllowedAuthentications
This keyword specifies the authentications methods that
are allowed. This is a comma-separated list currently
consisting of the following words: password, publickey
and hostbased. Each specifies an authentication
method. The default is "publickey,password". The
authentication methods are tried in the order in which
they are specified with this configuration parameter.
That means that the least interactive methods should be
placed first in this list, for example "hostbased,
publickey,password" (because publickey authentication
can be automated by the user, with ssh-agent).
AuthenticationSuccessMsg
Specifies whether to display "Authentication success-
ful." after authentication has completed successfully.
This is mainly to prevent malicious servers from get-
ting information from the user by displaying additional
password or passphrase prompts. The argument must be
"yes" or "no". The default is "yes".
AuthorizationFile
Specifies the name of the user's authorization file.
BatchMode
If set to "yes", ssh2 disables password/passhphrase
querying. This is useful in scripts and other batch
jobs where you don't have a user to supply the pass-
word. If the "StrictHostKeyChecking" parameter is set
to "ask", ssh2 assumes a "no" answer to queries (this
is because ssh doesn't even try to get user input when
invoked with "BatchMode yes"). The argument must be
"yes" or "no".
Ciphers
Specifies the ciphers to use for encrypting the ses-
sion. Currently, des, 3des, blowfish, arcfour twofish
and cast are supported. Multiple ciphers can be speci-
fied as a comma-separated list. Special values to this
option are any, anystd, that allows only standard (see
below) ciphers (and 'none'), and anycipher that allows
either any available cipher or excludes non-encrypting
cipher mode none but allows all others. anystdcipher
is the same as anycipher above, but includes only those
ciphers mentioned in the IETF-SecSH-draft (excluding
'none').
ClearAllForwardings
Specifies whether to clear all remote and local for-
warded ports defined so far. The argument must be "yes"
or "no". Note that scp always automatically clears all
forwarded ports.
Compression
Specifies whether to use compression. The argument must
be "yes" or "no".
DefaultDomain
This option is only useful if set in the global confi-
guration file. This is used by ssh2 and ssh-signer2 to
find out the system name, if only the base part of the
system name is available by normal means (those used by
e.g. hostname(1)). This is appended to the found sys-
tem name, if the system name returned doesn't contain a
dot ('.').
DontReadStdin
Redirect input from /dev/null, ie. don't read stdin.
The argument must be "yes" or "no".
EscapeChar
Sets the escape character (default: ~). The escape
character can also be set on the command line. The
argument should be a single character, '^' followed by
a letter, or "none" to disable the escape character
entirely (making the connection transparent for binary
data).
ForcePTTYAllocation
For tty allocation. Ie. allocate a tty even if a com-
mand is given. The argument must be "yes" or "no".
ForwardAgent
Specifies whether the connection to the authentication
agent (if any) will be forwarded to the remote machine.
The argument must be "yes" or "no".
ForwardX11
Specifies whether X11 connections will be automatically
redirected over the secure channel and DISPLAY set. The
argument must be "yes" or "no".
GatewayPorts
Specifies that also remote hosts may connect to locally
forwarded ports. The argument must be "yes" or "no".
The default is "no".
GoBackground
Requests ssh2 to go to background after authentication
is done and the forwardings have been established. This
is useful if ssh2 is going to ask for passwords or
passphrases, but the user wants it in the background.
The argument must be "yes", "no" or "oneshot". With
"oneshot", ssh2 behaves the same way as with `-f o'
commandline arguments. The default is "no".
Host Specifies the real host name to log into. With `expres-
sion' above, this can be used to specify nicknames or
abbreviations for hosts. The default is the name given
on the command line. Numeric IP addresses are also per-
mitted (both on the command line and in HostName
specifications).
IdentityFile
Specifies the name of the user's identification file.
KeepAlive
Specifies whether the system should send keepalive mes-
sages to the other side. If they are sent, death of
the connection or crash of one of the machines will be
properly noticed. However, this means that connections
will die if the route is down temporarily, and some
people find this annoying.
The default is "yes" (to send keepalives), and the
client will notice if the network goes down or the
remote host dies. This is important when using
scripts, and many users want it too.
To disable keepalives, the value should be set to "no"
in both the server and the client configuration files.
LocalForward
Specifies that a TCP/IP port on the local machine is
forwarded over the secure channel to given host:port
from the remote machine. The argument should be
enclosed in double-quotes (""). The argument format is
port:remotehost:remoteport .
MACs Specifies the MAC (Message Authentication Code) algo-
rithm to use for data integrity verification.
Currently, hmac-sha1, hmac-sha1-96, hmac-md5, hmac-
md5-96, hmac-ripemd160 and hmac-ripemd160-96 are sup-
ported, of which hmac-sha1, hmac-sha1-96, hmac-md5 and
hmac-md5-96 are included in all distributions. Multiple
MACs can be specified as a comma-separated list.
Special values to this option are any, anystd, that
allows only standard (see below) MACs (and 'none'), and
anymac that allows either any available MAC or excludes
none but allows all others. anystdmac is the same as
anymac above, but includes only those MACs mentioned in
the IETF-SecSH-draft (excluding 'none').
NoDelay
If "yes", enable socket option TCP_NODELAY. The argu-
ment must be "yes" or "no". Default is "no".
NumberofPasswordPrompts
Specifies the number of password prompts before giving
up. The argument must be an integer. Note that the
server also limits the number of attempts, so setting
this value larger than the server's value doesn't have
any effect. Default value is three (3).
PasswordPrompt
Sets the password prompt that the user sees when con-
necting to a host. Variables '%U' and '%H' can be used
to give the user's login name and host, respectively.
Port Specifies the port number to connect on the remote
host. The default port number is 22.
QuietMode
Quiet mode. Causes all warnings and diagnostic messages
to be suppressed. Only fatal errors are displayed. The
argument must be "yes" or "no".
RandomSeedFile
Specifies the name of the user's randomseed file.
RekeyIntervalSeconds
Specifies the number of seconds that the key exchange
is done again. The default is 3600 seconds. A value of
'0' turns rekey-requests off. This doesn't prevent the
server from requesting rekeys. Other servers may not
have rekey-capabilities implemented correctly, and your
connection may be cut off if you're connecting to a
server other than sshd2. (The server may also possibly
crash, but that is no fault of ssh2).
RemoteForward
Specifies that a TCP/IP port on the remote machine be
forwarded over the secure channel to given host:port
from the local machine. The argument should be
enclosed in double-quotes (""). The argument format is
port:remotehost:remoteport .
Ssh1AgentCompatibility
Specifies whether to forward also an SSH1 agent connec-
tion. Legal values for this option are "none", "tradi-
tional" and "ssh2". With value "none" (default), the
SSH1 agent connection is not forwarded at all. With
value "traditional", SSH1 agent connection is forwarded
transparently like in SSH1. Value "traditional" can
always be used, but it constitutes a security risk,
because the agent does not get the information about
the forwarding path. Value "ssh2" makes SSH1 agent
forwarding similar to SSH2 agent forwarding and with
this mode agent gets the information about the agent
forwarding path. Note that value "ssh2" can only be
used, if you use ssh-agent2 in SSH1 compatibility mode.
"yes" or "no".
Ssh1Compatibility
Specifies whether to use SSH1 compatibility code. With
this option, ssh1 is executed when the server supports
only SSH 1.x protocols. The argument must be "yes" or
"no".
Ssh1Path
Specifies the path to ssh1 client, which is executed if
the server supports only SSH 1.x protocols. The argu-
ments for ssh2 are passed to the ssh1 client.
SocksServer
Overrides the value of SSH_SOCKS_SERVER. Otherwise,
functions completely equivalently.
StrictHostKeyChecking
If this flag is set to "yes", ssh2 will never automati-
cally add host keys to the $HOME/.ssh2/hostkeys direc-
tory, and refuses to connect hosts whose host key has
changed. This provides maximum protection against Tro-
jan horse attacks. However, it can be somewhat annoying
if you don't have the necessary keys in
/etc/ssh2/hostkeys and you frequently connect new
hosts. Basically this option forces the user to
manually add any new hosts. Normally this option is set
to "ask", and new hosts will automatically be added to
the known host files after you have confirmed that you
really want to do that. If this is set to "no" then the
new host will automatically be added to the known host
files. The host keys of known hosts will be verified
automatically in either case. If this value is set to
"ask", the user also has the option to change the key
on the disk on the fly.
The argument must be "yes", "no" or "ask".
User Specifies the user to log in as. This can be useful if
you have a different user name in different machines.
This saves the trouble of having to remember to specify
the user name on the command line.
VerboseMode
Verbose mode. Causes ssh2 to print debugging messages
about its progress. This is helpful when debugging con-
nection, authentication, and configuration problems.
AUTHORS
SSH Communications Security Corp
For more information, see http://www.ssh.com.
SEE ALSO
ssh2(1)
|
Закладки на сайте Проследить за страницей |
Created 1996-2025 by Maxim Chirkov Добавить, Поддержать, Вебмастеру |