view release on metacpan or  search on metacpan

xt/ssh_config.html  view on Meta::CPAN

clients will be considered untrusted and prevented from
stealing or tampering with data belonging to trusted X11
clients. Furthermore, the xauth(1) token used for the
session will be set to expire after 20 minutes. Remote
clients will be refused access after this time.</p>

<p style="margin-left:17%; margin-top: 1em">See the X11
SECURITY extension specification for full details on the
restrictions imposed on untrusted clients.</p>

<p style="margin-top: 1em"><b>GatewayPorts</b></p>

<p style="margin-left:17%;">Specifies whether remote hosts
are allowed to connect to local forwarded ports. By default,
ssh(1) binds local port forwardings to the loopback address.
This prevents other remote hosts from connecting to
forwarded ports. <b>GatewayPorts</b> can be used to specify
that ssh should bind local port forwardings to the wildcard
address, thus allowing remote hosts to connect to forwarded
ports. The argument must be <b>yes</b> or <b>no</b> (the
default).</p>

<p style="margin-top: 1em"><b>GlobalKnownHostsFile</b></p>

<p style="margin-left:17%;">Specifies one or more files to
use for the global host key database, separated by
whitespace. The default is <i>/etc/ssh/ssh_known_hosts</i>,
<i>/etc/ssh/ssh_known_hosts2</i>.</p>

<p style="margin-top: 1em"><b>GSSAPIAuthentication</b></p>

<p style="margin-left:17%;">Specifies whether user
authentication based on GSSAPI is allowed. The default is
<b>no</b>.</p>

<p style="margin-top: 1em"><b>GSSAPIKeyExchange</b></p>

<p style="margin-left:17%;">Specifies whether key exchange
based on GSSAPI may be used. When using GSSAPI key exchange
the server need not have a host key. The default is
<b>no</b>.</p>

<p style="margin-top: 1em"><b>GSSAPIClientIdentity</b></p>

<p style="margin-left:17%;">If set, specifies the GSSAPI
client identity that ssh should use when connecting to the
server. The default is unset, which means that the default
identity will be used.</p>

<p style="margin-top: 1em"><b>GSSAPIServerIdentity</b></p>

<p style="margin-left:17%;">If set, specifies the GSSAPI
server identity that ssh should expect when connecting to
the server. The default is unset, which means that the
expected GSSAPI server identity will be determined from the
target hostname.</p>


<p style="margin-top: 1em"><b>GSSAPIDelegateCredentials</b></p>

<p style="margin-left:17%;">Forward (delegate) credentials
to the server. The default is <b>no</b>.</p>


<p style="margin-top: 1em"><b>GSSAPIRenewalForcesRekey</b></p>

<p style="margin-left:17%;">If set to <b>yes</b> then
renewal of the client&rsquo;s GSSAPI credentials will force
the rekeying of the ssh connection. With a compatible
server, this can delegate the renewed credentials to a
session on the server. The default is <b>no</b>.</p>

<p style="margin-top: 1em"><b>GSSAPITrustDns</b></p>

<p style="margin-left:17%;">Set to <b>yes</b> to indicate
that the DNS is trusted to securely canonicalize the name of
the host being connected to. If <b>no</b>, the hostname
entered on the command line will be passed untouched to the
GSSAPI library. The default is <b>no</b>.</p>

<p style="margin-top: 1em"><b>HashKnownHosts</b></p>

<p style="margin-left:17%;">Indicates that ssh(1) should
hash host names and addresses when they are added to
<i>~/.ssh/known_hosts</i>. These hashed names may be used
normally by ssh(1) and sshd(8), but they do not reveal
identifying information should the file&rsquo;s contents be
disclosed. The default is <b>no</b>. Note that existing
names and addresses in known hosts files will not be
converted automatically, but may be manually hashed using
ssh-keygen(1). Use of this option may break facilities such
as tab-completion that rely on being able to read unhashed
host names from <i>~/.ssh/known_hosts</i>.</p>


<p style="margin-top: 1em"><b>HostbasedAuthentication</b></p>

<p style="margin-left:17%;">Specifies whether to try rhosts
based authentication with public key authentication. The
argument must be <b>yes</b> or <b>no</b> (the default).</p>

<p style="margin-top: 1em"><b>HostbasedKeyTypes</b></p>

<p style="margin-left:17%;">Specifies the key types that
will be used for hostbased authentication as a
comma-separated list of patterns. Alternately if the
specified value begins with a &rsquo;+&rsquo; character,
then the specified key types will be appended to the default
set instead of replacing them. If the specified value begins
with a &rsquo;-&rsquo; character, then the specified key
types (including wildcards) will be removed from the default
set instead of replacing them. The default for this option
is:</p>


<p style="margin-left:21%; margin-top: 1em">ecdsa-sha2-nistp256-cert-v01@openssh.com,
<br>
ecdsa-sha2-nistp384-cert-v01@openssh.com, <br>
ecdsa-sha2-nistp521-cert-v01@openssh.com, <br>
ssh-ed25519-cert-v01@openssh.com, <br>

rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com,
<br>
ssh-rsa-cert-v01@openssh.com, <br>

ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
<br>
ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa</p>

<p style="margin-left:17%; margin-top: 1em">The <b>-Q</b>