.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.\" $OpenBSD: ssh_config.5,v 1.71 2005/12/17 21:36:42 stevesk Exp $
+.\" $OpenBSD: ssh_config.5,v 1.75 2006/01/20 00:14:55 dtucker Exp $
.Dd September 25, 1999
.Dt SSH_CONFIG 5
.Os
all three of these escape sequences.
This ensures that shared connections are uniquely identified.
.It Cm DynamicForward
-Specifies that a TCP/IP port on the local machine be forwarded
+Specifies that a TCP port on the local machine be forwarded
over the secure channel, and the application
protocol is then used to determine where to connect to from the
remote machine.
.Cm PermitLocalCommand
has been enabled.
.It Cm LocalForward
-Specifies that a TCP/IP port on the local machine be forwarded over
+Specifies that a TCP port on the local machine be forwarded over
the secure channel to the specified host and port from the remote machine.
The first argument must be
.Sm off
The default is
.Dq yes .
This option applies to protocol version 2 only.
+.It Cm RekeyLimit
+Specifies the maximum amount of data that may be transmitted before the
+session key will be renegotiated.
+The argument is the number of bytes, with an optional suffix of
+.Dq K ,
+.Dq M ,
+or
+.Dq G
+to indicate Kilobytes, Megabytes, or Gigabytes, respectively.
+The default is between
+.Dq 1G
+and
+.Dq 4G ,
+depending on the cipher.
+Note that this option applies to protocol version 2 only.
.It Cm RemoteForward
-Specifies that a TCP/IP port on the remote machine be forwarded over
+Specifies that a TCP port on the remote machine be forwarded over
the secure channel to the specified host and port from the local machine.
The first argument must be
.Sm off
directives.
The default is not to send any environment variables.
.It Cm ServerAliveCountMax
-Sets the number of server alive messages (see above) which may be
+Sets the number of server alive messages (see below) which may be
sent without
.Nm ssh
receiving any messages back from the server.
The default value is 3.
If, for example,
.Cm ServerAliveInterval
-(above) is set to 15, and
+(see below) is set to 15, and
.Cm ServerAliveCountMax
is left at the default, if the server becomes unresponsive ssh
will disconnect after approximately 45 seconds.
.Pp
To disable TCP keepalive messages, the value should be set to
.Dq no .
-.It Cm UsePrivilegedPort
-Specifies whether to use a privileged port for outgoing connections.
-The argument must be
-.Dq yes
-or
-.Dq no .
-The default is
-.Dq no .
-If set to
-.Dq yes
-.Nm ssh
-must be setuid root.
-Note that this option must be set to
-.Dq yes
-for
-.Cm RhostsRSAAuthentication
-with older servers.
.It Cm Tunnel
Request starting
.Xr tun 4
.Xr tun 4
device on the client.
Without this option, the next available device will be used.
+.It Cm UsePrivilegedPort
+Specifies whether to use a privileged port for outgoing connections.
+The argument must be
+.Dq yes
+or
+.Dq no .
+The default is
+.Dq no .
+If set to
+.Dq yes
+.Nm ssh
+must be setuid root.
+Note that this option must be set to
+.Dq yes
+for
+.Cm RhostsRSAAuthentication
+with older servers.
.It Cm User
Specifies the user to log in as.
This can be useful when a different user name is used on different machines.