The following list is supported in 6. AddressFamily Specifies which address family to use when connecting. However, they increase the risk of an attack spreading from a compromised server to a user's desktop, so the most security-critical environments may want to leave them disabled. LocalCommand Specifies a command to execute on the local machine after successfully connecting to the server. LogLevel Specifies the verbosity level of logging messages from ssh.
This is mostly a legacy method and has been replaced by KbdInteractiveAuthentication. ForwardAgent Specifies whether the connection to the authentication agent will be forwarded to the remote machine. The subsystem is specified as the remote command. Multiple -t options force tty allocation, even if ssh has no local tty. This is for protocol version 1 only and is deprecated. BindAddress Specifies to use the specified address on the local machine as the source address of the connection.
This is a common method for password authentication, one-time passwords, and multi-factor authentication. Valid values are yes and no. The messages are sent through the encrypted channel, and serve to detect if the server has crashed or the network has gone down. This can be used to execute arbitrary screen-based programs on a remote machine, which can be very useful, e. CompressionLevel Specifies the compression level to use if compression is enabled.
See the page on for more information. It is also used by sophisticated end users and system administrators for single sign-on. The recommended way to start X11 programs at a remote site is with something like ssh -f host xterm. Multiple ciphers must be comma-separated. This can be used to specify nicknames or abbreviations for hosts.
KbdInteractiveDevices Specifies the list of methods to use in keyboard-interactive authentication. You only gain access if you are identified and authorized to do so. On the other hand, without it, the connection may stay alive and any windows open, even if the network is down for a while. The following list is supported in 6. Compression Specifies whether to use compression. Keywords are case-insensitive and arguments are case-sensitive. Whenever a connection is made to this port, the connection is forwarded over the secure channel, and the application protocol is then used to determine where to connect to from the remote machine.
Match Restricts the following declarations to apply only for hosts that match the specified criteria. Protocol Specifies the protocol versions in order of preference. ServerAliveCountMax Sets the number of keepalive messages that may be sent by the client without the client receiving any messages back from the server. ServerAliveInterval Specifies interval for sending keepalive messages to the server. . The pattern is matched against the host name given on the command line. Host Restricts the following declarations to be only for those hosts that match one of the patterns given after the keyword.
Hackers use it to leave permanent backdoor. UsePrivilegedPort Specifies whether or not to use a privileged port for outgoing connections. For instructions on configuring port forwarding, see the. A privileged port is required for host-based authentication. The possible values are '1' and '2'.
By default, the local port is bound in accordance with the GatewayPorts setting. Valid arguments are: any, inet, inet6. The following values are supported in 6. When a user has created more than one for authentication, the -i command line option may be helpful for specifying which key to use. ExitOnForwardFailure Specifies whether ssh should terminate the connection if it cannot set up all requested dynamic, tunnel, local, and remote port forwardings. The first obtained value for each configuration parameter will be used. Dynamic port forwardings can also be specified in the configuration file.
Tunnel If yes, request tun device forwarding between the client and the server. In the client configuration file, this can be specified using the IdentityFile options. HostName Specifies the real host name to log into. See the for configuring it. There is reason to believe it may be susceptible to.