Config-Model-OpenSsh
view release on metacpan or search on metacpan
lib/Config/Model/models/Ssh/HostElement.pl view on Meta::CPAN
B<no> (never request a TTY), B<yes> (always request
a TTY when standard input is a TTY), B<force> (always
request a TTY) or B<auto> (request a TTY when opening a
login session). This option mirrors the B<-t> and
B<-T> flags for L<ssh(1)>.Specifies whether to request a
pseudo-tty for the session. The argument may be one of:
B<no> (never request a TTY), B<yes> (always request
a TTY when standard input is a TTY), B<force> (always
request a TTY) or B<auto> (request a TTY when opening a
login session). This option mirrors the B<-t> and
B<-T> flags for L<ssh(1)>.',
'type' => 'leaf',
'value_type' => 'enum'
},
'RevokedHostKeys',
{
'description' => 'Specifies revoked host public
keys. Keys listed in this file will be refused for host
authentication. Note that if this file does not exist or is
not readable, then host authentication will be refused for
all hosts. Keys may be specified as a text file, listing one
public key per line, or as an OpenSSH Key Revocation List
(KRL) as generated by L<ssh-keygen(1)>. For more information on
KRLs, see the KEY REVOCATION LISTS section in
L<ssh-keygen(1)>.Specifies revoked host public
keys. Keys listed in this file will be refused for host
authentication. Note that if this file does not exist or is
not readable, then host authentication will be refused for
all hosts. Keys may be specified as a text file, listing one
public key per line, or as an OpenSSH Key Revocation List
(KRL) as generated by L<ssh-keygen(1)>. For more information on
KRLs, see the KEY REVOCATION LISTS section in
L<ssh-keygen(1)>.',
'type' => 'leaf',
'value_type' => 'uniline'
},
'SendEnv',
{
'cargo' => {
'type' => 'leaf',
'value_type' => 'uniline'
},
'description' => 'Specifies what variables from
the local L<environ(7)> should be sent to the server. The
server must also support it, and the server must be
configured to accept these environment variables. Note that
the TERM environment variable is always sent whenever a
pseudo-terminal is requested as it is required by the
protocol. Refer to B<AcceptEnv> in L<sshd_config(5)> for
how to configure the server. Variables are specified by
name, which may contain wildcard characters. Multiple
environment variables may be separated by whitespace or
spread across multiple B<SendEnv> directives.It is possible
to clear previously set B<SendEnv> variable names by
prefixing patterns with I<->. The default is not to send
any environment variables.',
'type' => 'list'
},
'ServerAliveCountMax',
{
'description' => 'Sets the number of server alive
messages (see below) which may be sent without L<ssh(1)>
receiving any messages back from the server. If this
threshold is reached while server alive messages are being
sent, ssh will disconnect from the server, terminating the
session. It is important to note that the use of server
alive messages is very different from B<TCPKeepAlive>
(below). The server alive messages are sent through the
encrypted channel and therefore will not be spoofable. The
TCP keepalive option enabled by B<TCPKeepAlive> is
spoofable. The server alive mechanism is valuable when the
client or server depend on knowing when a connection has
become inactive.The default
value is 3. If, for example, B<ServerAliveInterval> (see
below) is set to 15 and B<ServerAliveCountMax> is left
at the default, if the server becomes unresponsive, ssh will
disconnect after approximately 45 seconds.',
'type' => 'leaf',
'upstream_default' => '3',
'value_type' => 'integer'
},
'ServerAliveInterval',
{
'description' => 'Sets a timeout interval in
seconds after which if no data has been received from the
server, L<ssh(1)> will send a message through the encrypted
channel to request a response from the server. The default
is 0, indicating that these messages will not be sent to the
server, or 300 if the B<BatchMode> option is set
(Debian-specific). B<ProtocolKeepAlives> and
B<SetupTimeOut> are Debian-specific compatibility
aliases for this option.Sets a timeout interval in
seconds after which if no data has been received from the
server, L<ssh(1)> will send a message through the encrypted
channel to request a response from the server. The default
is 0, indicating that these messages will not be sent to the
server, or 300 if the B<BatchMode> option is set
(Debian-specific). B<ProtocolKeepAlives> and
B<SetupTimeOut> are Debian-specific compatibility
aliases for this option.',
'type' => 'leaf',
'upstream_default' => '0',
'value_type' => 'integer'
},
'SetEnv',
{
'description' => 'Directly
specify one or more environment variables and their contents
to be sent to the server. Similarly to B<SendEnv>, the
server must be prepared to accept the environment
variable.Directly
specify one or more environment variables and their contents
to be sent to the server. Similarly to B<SendEnv>, the
server must be prepared to accept the environment
variable.',
'type' => 'leaf',
'value_type' => 'uniline'
},
'StreamLocalBindMask',
{
'description' => 'Sets the octal file creation
mode mask (umask) used when creating a Unix-domain socket
file for local or remote port forwarding. This option is
only used for port forwarding to a Unix-domain socket
file.The default
value is 0177, which creates a Unix-domain socket file that
is readable and writable only by the owner. Note that not
all operating systems honor the file mode on Unix-domain
socket files.',
'type' => 'leaf',
'value_type' => 'uniline'
lib/Config/Model/models/Ssh/HostElement.pl view on Meta::CPAN
'accept-new',
'no',
'off',
'ask'
],
'description' => "If this flag is set to
B<yes>, L<ssh(1)> will never automatically add host keys to
the I<~/.ssh/known_hosts> file, and refuses to connect
to hosts whose host key has changed. This provides maximum
protection against man-in-the-middle (MITM) attacks, though
it can be annoying when the I</etc/ssh/ssh_known_hosts>
file is poorly maintained or when connections to new hosts
are frequently made. This option forces the user to manually
add all new hosts.If this flag is
set to \x{201c}accept-new\x{201d} then ssh will automatically
add new host keys to the user known hosts files, but will
not permit connections to hosts with changed host keys. If
this flag is set to \x{201c}no\x{201d} or \x{201c}off\x{201d},
ssh will automatically add new host keys to the user known
hosts files and allow connections to hosts with changed
hostkeys to proceed, subject to some restrictions. If this
flag is set to B<ask> (the default), new host keys will
be added to the user known host files only after the user
has confirmed that is what they really want to do, and ssh
will refuse to connect to hosts whose host key has changed.
The host keys of known hosts will be verified automatically
in all cases.",
'type' => 'leaf',
'upstream_default' => 'ask',
'value_type' => 'enum'
},
'SyslogFacility',
{
'choice' => [
'DAEMON',
'USER',
'AUTH',
'LOCAL0',
'LOCAL1',
'LOCAL2',
'LOCAL3',
'LOCAL4',
'LOCAL5',
'LOCAL6',
'LOCAL7'
],
'description' => 'Gives the facility code that is
used when logging messages from L<ssh(1)>. The possible values
are: DAEMON, USER, AUTH, LOCAL0, LOCAL1, LOCAL2, LOCAL3,
LOCAL4, LOCAL5, LOCAL6, LOCAL7. The default is USER.Gives the facility code that is
used when logging messages from L<ssh(1)>. The possible values
are: DAEMON, USER, AUTH, LOCAL0, LOCAL1, LOCAL2, LOCAL3,
LOCAL4, LOCAL5, LOCAL6, LOCAL7. The default is USER.',
'type' => 'leaf',
'upstream_default' => 'USER',
'value_type' => 'enum'
},
'TCPKeepAlive',
{
'description' => 'Specifies whether the system
should send TCP keepalive messages to the other side. If
they are sent, death of the connection or crash of one of
the machines will be properly noticed. This option only uses
TCP keepalives (as opposed to using ssh level keepalives),
so takes a long time to notice when the connection dies. As
such, you probably want the B<ServerAliveInterval>
option as well. However, this means that connections will
die if the route is down temporarily, and some people find
it annoying.To disable TCP
keepalive messages, the value should be set to B<no>.
See also B<ServerAliveInterval> for protocol-level
keepalives.',
'type' => 'leaf',
'upstream_default' => 'yes',
'value_type' => 'boolean',
'write_as' => [
'no',
'yes'
]
},
'Tunnel',
{
'choice' => [
'yes',
'point-to-point',
'ethernet',
'no'
],
'description' => 'Request L<tun(4)>
device forwarding between the client and the server. The
argument must be B<yes>, B<point-to-point> (layer
3), B<ethernet> (layer 2), or B<no> (the default).
Specifying B<yes> requests the default tunnel mode,
which is B<point-to-point>.Request L<tun(4)>
device forwarding between the client and the server. The
argument must be B<yes>, B<point-to-point> (layer
3), B<ethernet> (layer 2), or B<no> (the default).
Specifying B<yes> requests the default tunnel mode,
which is B<point-to-point>.',
'type' => 'leaf',
'upstream_default' => 'no',
'value_type' => 'enum'
},
'TunnelDevice',
{
'description' => 'Specifies the L<tun(4)> devices to
open on the client (I<local_tun>) and the server
(I<remote_tun>).The argument
must be I<local_tun>[:I<remote_tun>]. The devices
may be specified by numerical ID or the keyword B<any>,
which uses the next available tunnel device. If
I<remote_tun> is not specified, it defaults to
B<any>. The default is B<any:any>.',
'type' => 'leaf',
'upstream_default' => 'any:any',
'value_type' => 'uniline'
},
'UpdateHostKeys',
{
'choice' => [
'yes',
'no',
'ask'
],
'description' => "Specifies whether L<ssh(1)> should
accept notifications of additional hostkeys from the server
sent after authentication has completed and add them to
B<UserKnownHostsFile>. The argument must be B<yes>,
B<no> (the default) or B<ask>. Enabling this option
allows learning alternate hostkeys for a server and supports
graceful key rotation by allowing a server to send
replacement public keys before old ones are removed.
( run in 1.633 second using v1.01-cache-2.11-cpan-39bf76dae61 )