.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.\" $OpenBSD: ssh_config.5,v 1.94 2006/05/29 16:10:03 jmc Exp $
-.Dd September 25, 1999
+.\" $OpenBSD: ssh_config.5,v 1.100 2007/06/07 19:37:34 pvalchev Exp $
+.Dd $Mdocdate$
.Dt SSH_CONFIG 5
.Os
.Sh NAME
.Nm ssh_config
.Nd OpenSSH SSH client configuration files
.Sh SYNOPSIS
-.Bl -tag -width Ds -compact
-.It Pa ~/.ssh/config
-.It Pa /etc/ssh/ssh_config
-.El
+.Nm ~/.ssh/config
+.Nm /etc/ssh/ssh_config
.Sh DESCRIPTION
.Xr ssh 1
obtains configuration data from the following sources in
to disable the escape
character entirely (making the connection transparent for binary
data).
+.It Cm ExitOnForwardFailure
+Specifies whether
+.Xr ssh 1
+should terminate the connection if it cannot set up all requested
+dynamic, local, and remote port forwardings.
+The argument must be
+.Dq yes
+or
+.Dq no .
+The default is
+.Dq no .
.It Cm ForwardAgent
Specifies whether the connection to the authentication agent (if any)
will be forwarded to the remote machine.
be disclosed.
The default is
.Dq no .
-Note that hashing of names and addresses will not be retrospectively applied
-to existing known hosts files, but these may be manually hashed using
+Note that existing names and addresses in known hosts files
+will not be converted automatically,
+but may be manually hashed using
.Xr ssh-keygen 1 .
.It Cm HostbasedAuthentication
Specifies whether to try rhosts based authentication with public key
for data integrity protection.
Multiple algorithms must be comma-separated.
The default is:
-.Dq hmac-md5,hmac-sha1,hmac-ripemd160,hmac-sha1-96,hmac-md5-96 .
+.Dq hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-sha1-96,hmac-md5-96 .
.It Cm NoHostAuthenticationForLocalhost
This option can be used if the home directory is shared across machines.
In this case localhost will refer to a different machine on each of
To disable TCP keepalive messages, the value should be set to
.Dq no .
.It Cm Tunnel
-Request starting
+Request
.Xr tun 4
device forwarding between the client and the server.
-This option also allows requesting layer 2 (ethernet)
-instead of layer 3 (point-to-point) tunneling from the server.
The argument must be
.Dq yes ,
-.Dq point-to-point ,
-.Dq ethernet ,
+.Dq point-to-point
+(layer 3),
+.Dq ethernet
+(layer 2),
or
.Dq no .
+Specifying
+.Dq yes
+requests the default tunnel mode, which is
+.Dq point-to-point .
The default is
.Dq no .
.It Cm TunnelDevice
-Force a specified
+Specifies the
.Xr tun 4
-device on the client.
-Without this option, the next available device will be used.
+devices to open on the client
+.Pq Ar local_tun
+and the server
+.Pq Ar remote_tun .
+.Pp
+The argument must be
+.Sm off
+.Ar local_tun Op : Ar remote_tun .
+.Sm on
+The devices may be specified by numerical ID or the keyword
+.Dq any ,
+which uses the next available tunnel device.
+If
+.Ar remote_tun
+is not specified, it defaults to
+.Dq any .
+The default is
+.Dq any:any .
.It Cm UsePrivilegedPort
Specifies whether to use a privileged port for outgoing connections.
The argument must be
andersk / openssh.git / blobdiff