view release on metacpan or  search on metacpan

xt/ssh_config.html  view on Meta::CPAN

following declarations (up to the next <b>Host</b> or
<b>Match</b> keyword) to be used only when the conditions
following the <b>Match</b> keyword are satisfied. Match
conditions are specified using one or more criteria or the
single token <b>all</b> which always matches. The available
criteria keywords are: <b>canonical</b>, <b>exec</b>,
<b>host</b>, <b>originalhost</b>, <b>user</b>, and
<b>localuser</b>. The <b>all</b> criteria must appear alone
or immediately after <b>canonical</b>. Other criteria may be
combined arbitrarily. All criteria but <b>all</b> and
<b>canonical</b> require an argument. Criteria may be
negated by prepending an exclamation mark
(&rsquo;!&rsquo;).</p>

<p style="margin-left:17%; margin-top: 1em">The
<b>canonical</b> keyword matches only when the configuration
file is being re-parsed after hostname canonicalization (see
the <b>CanonicalizeHostname</b> option.) This may be useful
to specify conditions that work with canonical host names
only. The <b>exec</b> keyword executes the specified command
under the user&rsquo;s shell. If the command returns a zero
exit status then the condition is considered true. Commands
containing whitespace characters must be quoted. Arguments
to <b>exec</b> accept the tokens described in the
<i>TOKENS</i> section.</p>

<p style="margin-left:17%; margin-top: 1em">The other
keywords&rsquo; criteria must be single entries or
comma-separated lists and may use the wildcard and negation
operators described in the <i>PATTERNS</i> section. The
criteria for the <b>host</b> keyword are matched against the
target hostname, after any substitution by the
<b>Hostname</b> or <b>CanonicalizeHostname</b> options. The
<b>originalhost</b> keyword matches against the hostname as
it was specified on the command-line. The <b>user</b>
keyword matches against the target username on the remote
host. The <b>localuser</b> keyword matches against the name
of the local user running ssh(1) (this keyword may be useful
in system-wide <b>ssh_config</b> files).</p>

<p style="margin-top: 1em"><b>AddKeysToAgent</b></p>

<p style="margin-left:17%;">Specifies whether keys should
be automatically added to a running ssh-agent(1). If this
option is set to <b>yes</b> and a key is loaded from a file,
the key and its passphrase are added to the agent with the
default lifetime, as if by ssh-add(1). If this option is set
to <b>ask</b>, ssh(1) will require confirmation using the
SSH_ASKPASS program before adding a key (see ssh-add(1) for
details). If this option is set to <b>confirm</b>, each use
of the key must be confirmed, as if the <b>-c</b> option was
specified to ssh-add(1). If this option is set to <b>no</b>,
no keys are added to the agent. The argument must be
<b>yes</b>, <b>confirm</b>, <b>ask</b>, or <b>no</b> (the
default).</p>

<p style="margin-top: 1em"><b>AddressFamily</b></p>

<p style="margin-left:17%;">Specifies which address family
to use when connecting. Valid arguments are <b>any</b> (the
default), <b>inet</b> (use IPv4 only), or <b>inet6</b> (use
IPv6 only).</p>

<p style="margin-top: 1em"><b>BatchMode</b></p>

<p style="margin-left:17%;">If set to <b>yes</b>,
passphrase/password querying will be disabled. In addition,
the <b>ServerAliveInterval</b> option will be set to 300
seconds by default (Debian-specific). This option is useful
in scripts and other batch jobs where no user is present to
supply the password, and where it is desirable to detect a
broken network swiftly. The argument must be <b>yes</b> or
<b>no</b> (the default).</p>

<p style="margin-top: 1em"><b>BindAddress</b></p>

<p style="margin-left:17%;">Use the specified address on
the local machine as the source address of the connection.
Only useful on systems with more than one address.</p>

<p style="margin-top: 1em"><b>BindInterface</b></p>

<p style="margin-left:17%;">Use the address of the
specified interface on the local machine as the source
address of the connection.</p>

<p style="margin-top: 1em"><b>CanonicalDomains</b></p>

<p style="margin-left:17%;">When
<b>CanonicalizeHostname</b> is enabled, this option
specifies the list of domain suffixes in which to search for
the specified destination host.</p>


<p style="margin-top: 1em"><b>CanonicalizeFallbackLocal</b></p>

<p style="margin-left:17%;">Specifies whether to fail with
an error when hostname canonicalization fails. The default,
<b>yes</b>, will attempt to look up the unqualified hostname
using the system resolver&rsquo;s search rules. A value of
<b>no</b> will cause ssh(1) to fail instantly if
<b>CanonicalizeHostname</b> is enabled and the target
hostname cannot be found in any of the domains specified by
<b>CanonicalDomains</b>.</p>

<p style="margin-top: 1em"><b>CanonicalizeHostname</b></p>

<p style="margin-left:17%;">Controls whether explicit
hostname canonicalization is performed. The default,
<b>no</b>, is not to perform any name rewriting and let the
system resolver handle all hostname lookups. If set to
<b>yes</b> then, for connections that do not use a
<b>ProxyCommand</b> or <b>ProxyJump</b>, ssh(1) will attempt
to canonicalize the hostname specified on the command line
using the <b>CanonicalDomains</b> suffixes and
<b>CanonicalizePermittedCNAMEs</b> rules. If
<b>CanonicalizeHostname</b> is set to <b>always</b>, then
canonicalization is applied to proxied connections too.</p>

<p style="margin-left:17%; margin-top: 1em">If this option
is enabled, then the configuration files are processed again