The OpenNET Project / Index page

[ новости /+++ | форум | теги | ]

Интерактивная система просмотра системных руководств (man-ов)

 ТемаНаборКатегория 
 
 [Cписок руководств | Печать]

ssh2_config (5)
  • >> ssh2_config (5) ( Solaris man: Форматы файлов )
  • 
    NAME
         ssh2_config - format of configuration file for ssh2
    
    
    CONFIGURATION FILES
         Ssh2 obtains configuration data from the  following  sources
         (in  this  order): system's global configuration file (typi-
         cally  /etc/ssh2/ssh2_config),  user's  configuration   file
         ($HOME/.ssh2/ssh2_config) and the command line options.  For
         each parameter, the last obtained value will be effective.
    
    
         The configuration file has the following format:
    
              `expression:' denotes the start of  a  per-host  confi-
              guration  block,  where  `expression'  is  an arbitrary
              string which distinguishes this block from others.  The
              `expression'  can  contain wildcards. The  `expression'
              will be compared with the hostname  obtained  from  the
              command-line,  and  if  it  matches,  the block will be
              evaluated. Evaluation stops at the  next  `expression:'
              statement. If more than one match is found, all will be
              evaluated and the last obtained values  for  parameters
              will  be  effective. Note that the `expression' doesn't
              have to be a real hostname, as long as the `expression'
              block  contains a "Host" configuration parameter, where
              the real hostname to connect is defined.
    
              Empty lines and lines starting with '#' are ignored  as
              comments.
    
              Otherwise a line is of the format "keyword  arguments".
              Note  that  it  is  possible  to  enclose  arguments in
              quotes, and use the standard C convention.  The  possi-
              ble  keywords  and  their meanings are as follows (note
              that the configuration files  are  case-sensitive,  but
              keywords are case-insensitive):
    
    
         AllowedAuthentications
              This keyword specifies the authentications methods that
              are  allowed.  This is a comma-separated list currently
              consisting of the following words:  password, publickey
              and   hostbased.    Each  specifies  an  authentication
              method.  The  default  is   "publickey,password".   The
              authentication  methods are tried in the order in which
              they are specified with this  configuration  parameter.
              That means that the least interactive methods should be
              placed first in  this  list,  for  example  "hostbased,
              publickey,password"  (because  publickey authentication
    
    
              can be automated by the user, with ssh-agent).
    
    
         AuthenticationSuccessMsg
              Specifies whether to display  "Authentication  success-
              ful."  after authentication has completed successfully.
              This is mainly to prevent malicious servers  from  get-
              ting information from the user by displaying additional
              password or passphrase prompts. The  argument  must  be
              "yes" or "no".  The default is "yes".
    
    
         AuthorizationFile
              Specifies the name of the user's authorization file.
    
    
         BatchMode
              If set to  "yes",  ssh2  disables  password/passhphrase
              querying.  This  is  useful  in scripts and other batch
              jobs where you don't have a user to  supply  the  pass-
              word.  If  the "StrictHostKeyChecking" parameter is set
              to "ask", ssh2 assumes a "no" answer to  queries  (this
              is  because ssh doesn't even try to get user input when
              invoked with "BatchMode yes").  The  argument  must  be
              "yes" or "no".
    
    
         Ciphers
              Specifies the ciphers to use for  encrypting  the  ses-
              sion.  Currently,  des, 3des, blowfish, arcfour twofish
              and cast are supported. Multiple ciphers can be  speci-
              fied as a comma-separated list.  Special values to this
              option are any, anystd, that allows only standard  (see
              below)  ciphers (and 'none'), and anycipher that allows
              either any available cipher or excludes  non-encrypting
              cipher  mode  none but allows all others.  anystdcipher
              is the same as anycipher above, but includes only those
              ciphers  mentioned  in  the IETF-SecSH-draft (excluding
              'none').
    
    
         ClearAllForwardings
              Specifies whether to clear all remote  and  local  for-
              warded ports defined so far. The argument must be "yes"
              or "no".  Note that scp always automatically clears all
              forwarded ports.
    
    
         Compression
              Specifies whether to use compression. The argument must
    
    
              be "yes" or "no".
    
    
         DefaultDomain
              This option is only useful if set in the global  confi-
              guration  file. This is used by ssh2 and ssh-signer2 to
              find out the system name, if only the base part of  the
              system name is available by normal means (those used by
              e.g.  hostname(1)).  This is appended to the found sys-
              tem name, if the system name returned doesn't contain a
              dot ('.').
    
    
         DontReadStdin
              Redirect input from /dev/null, ie.  don't  read  stdin.
              The argument must be "yes" or "no".
    
    
         EscapeChar
              Sets the escape character  (default:  ~).   The  escape
              character  can  also  be  set on the command line.  The
              argument should be a single character, '^' followed  by
              a  letter,  or  "none"  to disable the escape character
              entirely (making the connection transparent for  binary
              data).
    
    
         ForcePTTYAllocation
              For tty allocation. Ie. allocate a tty even if  a  com-
              mand is given. The argument must be "yes" or "no".
    
    
         ForwardAgent
              Specifies whether the connection to the  authentication
              agent (if any) will be forwarded to the remote machine.
              The argument must be "yes" or "no".
    
    
         ForwardX11
              Specifies whether X11 connections will be automatically
              redirected over the secure channel and DISPLAY set. The
              argument must be "yes" or "no".
    
    
         GatewayPorts
              Specifies that also remote hosts may connect to locally
              forwarded  ports.  The  argument must be "yes" or "no".
              The default is "no".
    
    
         GoBackground
              Requests ssh2 to go to background after  authentication
              is done and the forwardings have been established. This
              is useful if ssh2 is going  to  ask  for  passwords  or
              passphrases,  but  the user wants it in the background.
              The argument must be "yes",  "no"  or  "oneshot".  With
              "oneshot",  ssh2  behaves  the  same way as with `-f o'
              commandline arguments.  The default is "no".
    
    
         Host Specifies the real host name to log into. With `expres-
              sion'  above,  this can be used to specify nicknames or
              abbreviations for hosts. The default is the name  given
              on the command line. Numeric IP addresses are also per-
              mitted (both  on  the  command  line  and  in  HostName
              specifications).
    
    
         IdentityFile
              Specifies the name of the user's identification file.
    
    
         KeepAlive
              Specifies whether the system should send keepalive mes-
              sages  to  the  other side.  If they are sent, death of
              the connection or crash of one of the machines will  be
              properly noticed.  However, this means that connections
              will die if the route is  down  temporarily,  and  some
              people find this annoying.
    
              The default is "yes"  (to  send  keepalives),  and  the
              client  will  notice  if  the  network goes down or the
              remote  host  dies.   This  is  important  when   using
              scripts, and many users want it too.
    
              To disable keepalives, the value should be set to  "no"
              in both the server and the client configuration files.
    
    
         LocalForward
              Specifies that a TCP/IP port on the  local  machine  is
              forwarded  over  the  secure channel to given host:port
              from  the  remote  machine.  The  argument  should   be
              enclosed  in double-quotes (""). The argument format is
              port:remotehost:remoteport .
    
    
         MACs Specifies the MAC (Message Authentication  Code)  algo-
              rithm   to   use   for   data  integrity  verification.
              Currently,  hmac-sha1,  hmac-sha1-96,  hmac-md5,  hmac-
              md5-96,  hmac-ripemd160  and hmac-ripemd160-96 are sup-
              ported, of which hmac-sha1, hmac-sha1-96, hmac-md5  and
              hmac-md5-96 are included in all distributions. Multiple
              MACs  can  be  specified  as  a  comma-separated  list.
              Special  values  to  this  option are any, anystd, that
              allows only standard (see below) MACs (and 'none'), and
              anymac that allows either any available MAC or excludes
              none but allows all others.  anystdmac is the  same  as
              anymac above, but includes only those MACs mentioned in
              the IETF-SecSH-draft (excluding 'none').
    
    
         NoDelay
              If "yes", enable socket option TCP_NODELAY.  The  argu-
              ment must be "yes" or "no".  Default is "no".
    
    
         NumberofPasswordPrompts
              Specifies the number of password prompts before  giving
              up.  The  argument  must  be  an integer. Note that the
              server also limits the number of attempts,  so  setting
              this  value larger than the server's value doesn't have
              any effect.  Default value is three (3).
    
    
         PasswordPrompt
              Sets the password prompt that the user sees  when  con-
              necting  to a host. Variables '%U' and '%H' can be used
              to give the user's login name and host, respectively.
    
    
         Port Specifies the port number  to  connect  on  the  remote
              host.  The default port number is 22.
    
    
         QuietMode
              Quiet mode. Causes all warnings and diagnostic messages
              to  be suppressed. Only fatal errors are displayed. The
              argument must be "yes" or "no".
    
    
         RandomSeedFile
              Specifies the name of the user's randomseed file.
    
    
         RekeyIntervalSeconds
              Specifies the number of seconds that the  key  exchange
              is done again.  The default is 3600 seconds. A value of
              '0' turns rekey-requests off. This doesn't prevent  the
              server  from  requesting  rekeys. Other servers may not
              have rekey-capabilities implemented correctly, and your
              connection  may  be  cut  off if you're connecting to a
              server other than sshd2.  (The server may also possibly
              crash, but that is no fault of ssh2).
    
    
         RemoteForward
              Specifies that a TCP/IP port on the remote  machine  be
              forwarded  over  the  secure channel to given host:port
              from  the  local  machine.   The  argument  should   be
              enclosed  in double-quotes (""). The argument format is
              port:remotehost:remoteport .
    
    
         Ssh1AgentCompatibility
              Specifies whether to forward also an SSH1 agent connec-
              tion.  Legal values for this option are "none", "tradi-
              tional" and "ssh2".  With value "none"  (default),  the
              SSH1  agent  connection  is not forwarded at all.  With
              value "traditional", SSH1 agent connection is forwarded
              transparently  like  in  SSH1.  Value "traditional" can
              always be used, but it  constitutes  a  security  risk,
              because  the  agent  does not get the information about
              the forwarding path.  Value  "ssh2"  makes  SSH1  agent
              forwarding  similar  to  SSH2 agent forwarding and with
              this mode agent gets the information  about  the  agent
              forwarding  path.   Note  that value "ssh2" can only be
              used, if you use ssh-agent2 in SSH1 compatibility mode.
              "yes" or "no".
    
    
         Ssh1Compatibility
              Specifies whether to use SSH1 compatibility code.  With
              this  option, ssh1 is executed when the server supports
              only SSH 1.x protocols. The argument must be  "yes"  or
              "no".
    
    
         Ssh1Path
              Specifies the path to ssh1 client, which is executed if
              the  server  supports only SSH 1.x protocols. The argu-
              ments for ssh2 are passed to the ssh1 client.
    
    
         SocksServer
              Overrides the  value  of  SSH_SOCKS_SERVER.  Otherwise,
              functions completely equivalently.
    
    
         StrictHostKeyChecking
              If this flag is set to "yes", ssh2 will never automati-
              cally  add host keys to the $HOME/.ssh2/hostkeys direc-
              tory, and refuses to connect hosts whose host  key  has
              changed.  This provides maximum protection against Tro-
              jan horse attacks. However, it can be somewhat annoying
              if    you    don't   have   the   necessary   keys   in
              /etc/ssh2/hostkeys  and  you  frequently  connect   new
              hosts.   Basically  this  option  forces  the  user  to
              manually add any new hosts. Normally this option is set
              to  "ask", and new hosts will automatically be added to
              the known host files after you have confirmed that  you
              really want to do that. If this is set to "no" then the
              new host will automatically be added to the known  host
              files.  The  host  keys of known hosts will be verified
              automatically in either case. If this value is  set  to
              "ask",  the  user also has the option to change the key
              on the disk on the fly.
    
              The argument must be "yes", "no" or "ask".
    
    
         User Specifies the user to log in as. This can be useful  if
              you  have  a different user name in different machines.
              This saves the trouble of having to remember to specify
              the user name on the command line.
    
    
         VerboseMode
              Verbose mode.  Causes ssh2 to print debugging  messages
              about its progress. This is helpful when debugging con-
              nection, authentication, and configuration problems.
    
    
    AUTHORS
         SSH Communications Security Corp
    
         For more information, see http://www.ssh.com.
    
    
    SEE ALSO
         ssh2(1)
    
    
    
    


    Поиск по тексту MAN-ов: 




    Партнёры:
    PostgresPro
    Inferno Solutions
    Hosting by Hoster.ru
    Хостинг:

    Закладки на сайте
    Проследить за страницей
    Created 1996-2025 by Maxim Chirkov
    Добавить, Поддержать, Вебмастеру