# SOME DESCRIPTIVE TITLE # Copyright (C) YEAR Free Software Foundation, Inc. # This file is distributed under the same license as the PACKAGE package. # FIRST AUTHOR , YEAR. # #, fuzzy msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "POT-Creation-Date: 2024-03-29 09:52+0100\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "Last-Translator: FULL NAME \n" "Language-Team: LANGUAGE \n" "Language: \n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" #. type: Dd #: archlinux debian-unstable #, no-wrap msgid "$Mdocdate: February 21 2024 $" msgstr "" #. type: Dt #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "SSH_CONFIG 5" msgstr "" #. type: Sh #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "NAME" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "E<.Nm ssh_config>" msgstr "" #. type: Nd #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "OpenSSH client configuration file" msgstr "" #. type: Sh #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "DESCRIPTION" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "E<.Xr ssh 1> obtains configuration data from the following sources in the " "following order:" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "command-line options" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "user's configuration file E<.Pq Pa ~/.ssh/config>" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "system-wide configuration file E<.Pq Pa /etc/ssh/ssh_config>" msgstr "" #. type: Plain text #: archlinux debian-unstable fedora-40 fedora-rawhide mageia-cauldron msgid "" "Unless noted otherwise, for each parameter, the first obtained value will be " "used. The configuration files contain sections separated by E<.Cm Host> " "specifications, and that section is only applied for hosts that match one of " "the patterns given in the specification. The matched host name is usually " "the one given on the command line (see the E<.Cm CanonicalizeHostname> " "option for exceptions)." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "Since the first obtained value for each parameter is used, more host-" "specific declarations should be given near the beginning of the file, and " "general defaults at the end." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "The file contains keyword-argument pairs, one per line. Lines starting with " "E<.Ql #> and empty lines are interpreted as comments. Arguments may " "optionally be enclosed in double quotes E<.Pq \\&\"> in order to represent " "arguments containing spaces. Configuration options may be separated by " "whitespace or optional whitespace and exactly one E<.Ql =>; the latter " "format is useful to avoid the need to quote whitespace when specifying " "configuration options using the E<.Nm ssh>, E<.Nm scp>, and E<.Nm sftp> E<." "Fl o> option." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "The possible keywords and their meanings are as follows (note that keywords " "are case-insensitive and arguments are case-sensitive):" msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "Cm Host" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "Restricts the following declarations (up to the next E<.Cm Host> or E<.Cm " "Match> keyword) to be only for those hosts that match one of the patterns " "given after the keyword. If more than one pattern is provided, they should " "be separated by whitespace. A single E<.Ql *> as a pattern can be used to " "provide global defaults for all hosts. The host is usually the E<.Ar " "hostname> argument given on the command line (see the E<.Cm " "CanonicalizeHostname> keyword for exceptions)." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "A pattern entry may be negated by prefixing it with an exclamation mark E<." "Pq Sq !\\&>. If a negated entry is matched, then the E<.Cm Host> entry is " "ignored, regardless of whether any other patterns on the line match. " "Negated matches are therefore useful to provide exceptions for wildcard " "matches." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "See E<.Sx PATTERNS> for more information on patterns." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "Cm Match" msgstr "" #. type: Plain text #: archlinux debian-unstable msgid "" "Restricts the following declarations (up to the next E<.Cm Host> or E<.Cm " "Match> keyword) to be used only when the conditions following the E<.Cm " "Match> keyword are satisfied. Match conditions are specified using one or " "more criteria or the single token E<.Cm all> which always matches. The " "available criteria keywords are: E<.Cm canonical>, E<.Cm final>, E<.Cm " "exec>, E<.Cm localnetwork>, E<.Cm host>, E<.Cm originalhost>, E<.Cm tagged>, " "E<.Cm user>, and E<.Cm localuser>. The E<.Cm all> criteria must appear " "alone or immediately after E<.Cm canonical> or E<.Cm final>. Other criteria " "may be combined arbitrarily. All criteria but E<.Cm all>, E<.Cm canonical>, " "and E<.Cm final> require an argument. Criteria may be negated by prepending " "an exclamation mark E<.Pq Sq !\\&>." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "The E<.Cm canonical> keyword matches only when the configuration file is " "being re-parsed after hostname canonicalization (see the E<.Cm " "CanonicalizeHostname> option). This may be useful to specify conditions " "that work with canonical host names only." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "The E<.Cm final> keyword requests that the configuration be re-parsed " "(regardless of whether E<.Cm CanonicalizeHostname> is enabled), and matches " "only during this final pass. If E<.Cm CanonicalizeHostname> is enabled, " "then E<.Cm canonical> and E<.Cm final> match during the same pass." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "The E<.Cm exec> keyword executes the specified command under the user's " "shell. If the command returns a zero exit status then the condition is " "considered true. Commands containing whitespace characters must be quoted. " "Arguments to E<.Cm exec> accept the tokens described in the E<.Sx TOKENS> " "section." msgstr "" #. type: Plain text #: archlinux debian-unstable fedora-40 fedora-rawhide msgid "" "The E<.Cm localnetwork> keyword matches the addresses of active local " "network interfaces against the supplied list of networks in CIDR format. " "This may be convenient for varying the effective configuration on devices " "that roam between networks. Note that network address is not a trustworthy " "criteria in many situations (e.g. when the network is automatically " "configured using DHCP) and so caution should be applied if using it to " "control security-sensitive configuration." msgstr "" #. type: Plain text #: archlinux debian-unstable fedora-40 fedora-rawhide msgid "" "The other keywords' criteria must be single entries or comma-separated lists " "and may use the wildcard and negation operators described in the E<.Sx " "PATTERNS> section. The criteria for the E<.Cm host> keyword are matched " "against the target hostname, after any substitution by the E<.Cm Hostname> " "or E<.Cm CanonicalizeHostname> options. The E<.Cm originalhost> keyword " "matches against the hostname as it was specified on the command-line. The " "E<.Cm tagged> keyword matches a tag name specified by a prior E<.Cm Tag> " "directive or on the E<.Xr ssh 1> command-line using the E<.Fl P> flag. The " "E<.Cm user> keyword matches against the target username on the remote host. " "The E<.Cm localuser> keyword matches against the name of the local user " "running E<.Xr ssh 1> (this keyword may be useful in system-wide E<.Nm> " "files)." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "Cm AddKeysToAgent" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "Specifies whether keys should be automatically added to a running E<.Xr ssh-" "agent 1>. If this option is set to E<.Cm yes> and a key is loaded from a " "file, the key and its passphrase are added to the agent with the default " "lifetime, as if by E<.Xr ssh-add 1>. If this option is set to E<.Cm ask>, " "E<.Xr ssh 1> will require confirmation using the E<.Ev SSH_ASKPASS> program " "before adding a key (see E<.Xr ssh-add 1> for details). If this option is " "set to E<.Cm confirm>, each use of the key must be confirmed, as if the E<." "Fl c> option was specified to E<.Xr ssh-add 1>. If this option is set to E<." "Cm no>, no keys are added to the agent. Alternately, this option may be " "specified as a time interval using the format described in the E<.Sx TIME " "FORMATS> section of E<.Xr sshd_config 5> to specify the key's lifetime in E<." "Xr ssh-agent 1>, after which it will automatically be removed. The argument " "must be E<.Cm no> (the default), E<.Cm yes>, E<.Cm confirm> (optionally " "followed by a time interval), E<.Cm ask> or a time interval." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "Cm AddressFamily" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "Specifies which address family to use when connecting. Valid arguments are " "E<.Cm any> (the default), E<.Cm inet> (use IPv4 only), or E<.Cm inet6> (use " "IPv6 only)." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "Cm BatchMode" msgstr "" #. type: Plain text #: archlinux fedora-40 fedora-rawhide mageia-cauldron msgid "" "If set to E<.Cm yes>, user interaction such as password prompts and host key " "confirmation requests will be disabled. This option is useful in scripts " "and other batch jobs where no user is present to interact with E<.Xr ssh " "1>. The argument must be E<.Cm yes> or E<.Cm no> (the default)." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "Cm BindAddress" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "Use the specified address on the local machine as the source address of the " "connection. Only useful on systems with more than one address." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "Cm BindInterface" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "Use the address of the specified interface on the local machine as the " "source address of the connection." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "Cm CanonicalDomains" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "When E<.Cm CanonicalizeHostname> is enabled, this option specifies the list " "of domain suffixes in which to search for the specified destination host." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "Cm CanonicalizeFallbackLocal" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "Specifies whether to fail with an error when hostname canonicalization " "fails. The default, E<.Cm yes>, will attempt to look up the unqualified " "hostname using the system resolver's search rules. A value of E<.Cm no> " "will cause E<.Xr ssh 1> to fail instantly if E<.Cm CanonicalizeHostname> is " "enabled and the target hostname cannot be found in any of the domains " "specified by E<.Cm CanonicalDomains>." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "Cm CanonicalizeHostname" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "Controls whether explicit hostname canonicalization is performed. The " "default, E<.Cm no>, is not to perform any name rewriting and let the system " "resolver handle all hostname lookups. If set to E<.Cm yes> then, for " "connections that do not use a E<.Cm ProxyCommand> or E<.Cm ProxyJump>, E<.Xr " "ssh 1> will attempt to canonicalize the hostname specified on the command " "line using the E<.Cm CanonicalDomains> suffixes and E<.Cm " "CanonicalizePermittedCNAMEs> rules. If E<.Cm CanonicalizeHostname> is set " "to E<.Cm always>, then canonicalization is applied to proxied connections " "too." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "If this option is enabled, then the configuration files are processed again " "using the new target name to pick up any new configuration in matching E<.Cm " "Host> and E<.Cm Match> stanzas. A value of E<.Cm none> disables the use of " "a E<.Cm ProxyJump> host." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "Cm CanonicalizeMaxDots" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "Specifies the maximum number of dot characters in a hostname before " "canonicalization is disabled. The default, 1, allows a single dot (i.e. " "hostname.subdomain)." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "Cm CanonicalizePermittedCNAMEs" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "Specifies rules to determine whether CNAMEs should be followed when " "canonicalizing hostnames. The rules consist of one or more arguments of E<." "Ar source_domain_list : Ns Ar target_domain_list>, where E<.Ar " "source_domain_list> is a pattern-list of domains that may follow CNAMEs in " "canonicalization, and E<.Ar target_domain_list> is a pattern-list of domains " "that they may resolve to." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "For example, E<.Qq *.a.example.com:*.b.example.com,*.c.example.com> will " "allow hostnames matching E<.Qq *.a.example.com> to be canonicalized to names " "in the E<.Qq *.b.example.com> or E<.Qq *.c.example.com> domains." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "A single argument of E<.Qq none> causes no CNAMEs to be considered for " "canonicalization. This is the default behaviour." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "Cm CASignatureAlgorithms" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable msgid "" "Specifies which algorithms are allowed for signing of certificates by " "certificate authorities (CAs). The default is:" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable #, no-wrap msgid "" "ssh-ed25519,ecdsa-sha2-nistp256,\n" "ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,\n" "sk-ssh-ed25519@openssh.com,\n" "sk-ecdsa-sha2-nistp256@openssh.com,\n" "rsa-sha2-512,rsa-sha2-256\n" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable msgid "" "If the specified list begins with a E<.Sq +> character, then the specified " "algorithms will be appended to the default set instead of replacing them. " "If the specified list begins with a E<.Sq -> character, then the specified " "algorithms (including wildcards) will be removed from the default set " "instead of replacing them." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "E<.Xr ssh 1> will not accept host certificates signed using algorithms other " "than those specified." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "Cm CertificateFile" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "Specifies a file from which the user's certificate is read. A corresponding " "private key must be provided separately in order to use this certificate " "either from an E<.Cm IdentityFile> directive or E<.Fl i> flag to E<.Xr ssh " "1>, via E<.Xr ssh-agent 1>, or via a E<.Cm PKCS11Provider> or E<.Cm " "SecurityKeyProvider>." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "Arguments to E<.Cm CertificateFile> may use the tilde syntax to refer to a " "user's home directory, the tokens described in the E<.Sx TOKENS> section and " "environment variables as described in the E<.Sx ENVIRONMENT VARIABLES> " "section." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "It is possible to have multiple certificate files specified in configuration " "files; these certificates will be tried in sequence. Multiple E<.Cm " "CertificateFile> directives will add to the list of certificates used for " "authentication." msgstr "" #. type: It #: archlinux debian-unstable fedora-40 fedora-rawhide #, no-wrap msgid "Cm ChannelTimeout" msgstr "" #. type: Plain text #: archlinux debian-unstable msgid "" "Specifies whether and how quickly E<.Xr ssh 1> should close inactive " "channels. Timeouts are specified as one or more E<.Dq type=interval> pairs " "separated by whitespace, where the E<.Dq type> must be the special keyword " "E<.Dq global> or a channel type name from the list below, optionally " "containing wildcard characters." msgstr "" #. type: Plain text #: archlinux debian-unstable msgid "" "The timeout value E<.Dq interval> is specified in seconds or may use any of " "the units documented in the E<.Sx TIME FORMATS> section. For example, E<.Dq " "session=5m> would cause interactive sessions to terminate after five minutes " "of inactivity. Specifying a zero value disables the inactivity timeout." msgstr "" #. type: Plain text #: archlinux debian-unstable msgid "" "The special timeout E<.Dq global> applies to all active channels, taken " "together. Traffic on any active channel will reset the timeout, but when " "the timeout expires then all open channels will be closed. Note that this " "global timeout is not matched by wildcards and must be specified explicitly." msgstr "" #. type: Plain text #: archlinux debian-unstable msgid "The available channel type names include:" msgstr "" #. type: It #: archlinux debian-unstable fedora-40 fedora-rawhide #, no-wrap msgid "Cm agent-connection" msgstr "" #. type: Plain text #: archlinux debian-unstable fedora-40 fedora-rawhide msgid "Open connections to E<.Xr ssh-agent 1>." msgstr "" #. type: It #: archlinux debian-unstable fedora-40 fedora-rawhide #, no-wrap msgid "Cm direct-tcpip , Cm direct-streamlocal@openssh.com" msgstr "" #. type: Plain text #: archlinux debian-unstable fedora-40 fedora-rawhide msgid "" "Open TCP or Unix socket (respectively) connections that have been " "established from a E<.Xr ssh 1> local forwarding, i.e.\\& E<.Cm " "LocalForward> or E<.Cm DynamicForward>." msgstr "" #. type: It #: archlinux debian-unstable fedora-40 fedora-rawhide #, no-wrap msgid "Cm forwarded-tcpip , Cm forwarded-streamlocal@openssh.com" msgstr "" #. type: Plain text #: archlinux debian-unstable fedora-40 fedora-rawhide msgid "" "Open TCP or Unix socket (respectively) connections that have been " "established to a E<.Xr sshd 8> listening on behalf of a E<.Xr ssh 1> remote " "forwarding, i.e.\\& E<.Cm RemoteForward>." msgstr "" #. type: It #: archlinux debian-unstable fedora-40 fedora-rawhide #, no-wrap msgid "Cm session" msgstr "" #. type: Plain text #: archlinux debian-unstable fedora-40 fedora-rawhide msgid "" "The interactive main session, including shell session, command execution, E<." "Xr scp 1>, E<.Xr sftp 1>, etc." msgstr "" #. type: It #: archlinux debian-unstable fedora-40 fedora-rawhide #, no-wrap msgid "Cm tun-connection" msgstr "" #. type: Plain text #: archlinux debian-unstable fedora-40 fedora-rawhide msgid "Open E<.Cm TunnelForward> connections." msgstr "" #. type: It #: archlinux debian-unstable fedora-40 fedora-rawhide #, no-wrap msgid "Cm x11-connection" msgstr "" #. type: Plain text #: archlinux debian-unstable fedora-40 fedora-rawhide msgid "Open X11 forwarding sessions." msgstr "" #. type: Plain text #: archlinux debian-unstable fedora-40 fedora-rawhide msgid "" "Note that in all the above cases, terminating an inactive session does not " "guarantee to remove all resources associated with the session, e.g. shell " "processes or X11 clients relating to the session may continue to execute." msgstr "" #. type: Plain text #: archlinux debian-unstable fedora-40 fedora-rawhide msgid "" "Moreover, terminating an inactive channel or session does not necessarily " "close the SSH connection, nor does it prevent a client from requesting " "another channel of the same type. In particular, expiring an inactive " "forwarding session does not prevent another identical forwarding from being " "subsequently created." msgstr "" #. type: Plain text #: archlinux debian-unstable fedora-40 fedora-rawhide msgid "The default is not to expire channels of any type for inactivity." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "Cm CheckHostIP" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "If set to E<.Cm yes>, E<.Xr ssh 1> will additionally check the host IP " "address in the E<.Pa known_hosts> file. This allows it to detect if a host " "key changed due to DNS spoofing and will add addresses of destination hosts " "to E<.Pa ~/.ssh/known_hosts> in the process, regardless of the setting of E<." "Cm StrictHostKeyChecking>. If the option is set to E<.Cm no> (the default), " "the check will not be executed." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "Cm Ciphers" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable msgid "" "Specifies the ciphers allowed and their order of preference. Multiple " "ciphers must be comma-separated. If the specified list begins with a E<.Sq " "+> character, then the specified ciphers will be appended to the default set " "instead of replacing them. If the specified list begins with a E<.Sq -> " "character, then the specified ciphers (including wildcards) will be removed " "from the default set instead of replacing them. If the specified list " "begins with a E<.Sq ^> character, then the specified ciphers will be placed " "at the head of the default set." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "The supported ciphers are:" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "" "3des-cbc\n" "aes128-cbc\n" "aes192-cbc\n" "aes256-cbc\n" "aes128-ctr\n" "aes192-ctr\n" "aes256-ctr\n" "aes128-gcm@openssh.com\n" "aes256-gcm@openssh.com\n" "chacha20-poly1305@openssh.com\n" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable msgid "The default is:" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable #, no-wrap msgid "" "chacha20-poly1305@openssh.com,\n" "aes128-ctr,aes192-ctr,aes256-ctr,\n" "aes128-gcm@openssh.com,aes256-gcm@openssh.com\n" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "The list of available ciphers may also be obtained using E<.Qq ssh -Q " "cipher>." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "Cm ClearAllForwardings" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "Specifies that all local, remote, and dynamic port forwardings specified in " "the configuration files or on the command line be cleared. This option is " "primarily useful when used from the E<.Xr ssh 1> command line to clear port " "forwardings set in configuration files, and is automatically set by E<.Xr " "scp 1> and E<.Xr sftp 1>. The argument must be E<.Cm yes> or E<.Cm no> (the " "default)." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "Cm Compression" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "Specifies whether to use compression. The argument must be E<.Cm yes> or E<." "Cm no> (the default)." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "Cm ConnectionAttempts" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "Specifies the number of tries (one per second) to make before exiting. The " "argument must be an integer. This may be useful in scripts if the " "connection sometimes fails. The default is 1." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "Cm ConnectTimeout" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "Specifies the timeout (in seconds) used when connecting to the SSH server, " "instead of using the default system TCP timeout. This timeout is applied " "both to establishing the connection and to performing the initial SSH " "protocol handshake and key exchange." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "Cm ControlMaster" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "Enables the sharing of multiple sessions over a single network connection. " "When set to E<.Cm yes>, E<.Xr ssh 1> will listen for connections on a " "control socket specified using the E<.Cm ControlPath> argument. Additional " "sessions can connect to this socket using the same E<.Cm ControlPath> with " "E<.Cm ControlMaster> set to E<.Cm no> (the default). These sessions will " "try to reuse the master instance's network connection rather than initiating " "new ones, but will fall back to connecting normally if the control socket " "does not exist, or is not listening." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "Setting this to E<.Cm ask> will cause E<.Xr ssh 1> to listen for control " "connections, but require confirmation using E<.Xr ssh-askpass 1>. If the E<." "Cm ControlPath> cannot be opened, E<.Xr ssh 1> will continue without " "connecting to a master instance." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "X11 and E<.Xr ssh-agent 1> forwarding is supported over these multiplexed " "connections, however the display and agent forwarded will be the one " "belonging to the master connection i.e. it is not possible to forward " "multiple displays or agents." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "Two additional options allow for opportunistic multiplexing: try to use a " "master connection but fall back to creating a new one if one does not " "already exist. These options are: E<.Cm auto> and E<.Cm autoask>. The " "latter requires confirmation like the E<.Cm ask> option." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "Cm ControlPath" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "Specify the path to the control socket used for connection sharing as " "described in the E<.Cm ControlMaster> section above or the string E<.Cm " "none> to disable connection sharing. Arguments to E<.Cm ControlPath> may " "use the tilde syntax to refer to a user's home directory, the tokens " "described in the E<.Sx TOKENS> section and environment variables as " "described in the E<.Sx ENVIRONMENT VARIABLES> section. It is recommended " "that any E<.Cm ControlPath> used for opportunistic connection sharing " "include at least %h, %p, and %r (or alternatively %C) and be placed in a " "directory that is not writable by other users. This ensures that shared " "connections are uniquely identified." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "Cm ControlPersist" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "When used in conjunction with E<.Cm ControlMaster>, specifies that the " "master connection should remain open in the background (waiting for future " "client connections) after the initial client connection has been closed. " "If set to E<.Cm no> (the default), then the master connection will not be " "placed into the background, and will close as soon as the initial client " "connection is closed. If set to E<.Cm yes> or 0, then the master connection " "will remain in the background indefinitely (until killed or closed via a " "mechanism such as the E<.Qq ssh -O exit>). If set to a time in seconds, or " "a time in any of the formats documented in E<.Xr sshd_config 5>, then the " "backgrounded master connection will automatically terminate after it has " "remained idle (with no client connections) for the specified time." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "Cm DynamicForward" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "Specifies that a TCP port on the local machine be forwarded over the secure " "channel, and the application protocol is then used to determine where to " "connect to from the remote machine." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "The argument must be E<.Sm off> E<.Oo Ar bind_address : Oc Ar port>. E<.Sm " "on> IPv6 addresses can be specified by enclosing addresses in square " "brackets. By default, the local port is bound in accordance with the E<.Cm " "GatewayPorts> setting. However, an explicit E<.Ar bind_address> may be used " "to bind the connection to a specific address. The E<.Ar bind_address> of E<." "Cm localhost> indicates that the listening port be bound for local use only, " "while an empty address or E<.Sq *> indicates that the port should be " "available from all interfaces." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "Currently the SOCKS4 and SOCKS5 protocols are supported, and E<.Xr ssh 1> " "will act as a SOCKS server. Multiple forwardings may be specified, and " "additional forwardings can be given on the command line. Only the superuser " "can forward privileged ports." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "Cm EnableEscapeCommandline" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "Enables the command line option in the E<.Cm EscapeChar> menu for " "interactive sessions (default E<.Ql ~C>). By default, the command line is " "disabled." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "Cm EnableSSHKeysign" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "Setting this option to E<.Cm yes> in the global client configuration file E<." "Pa /etc/ssh/ssh_config> enables the use of the helper program E<.Xr ssh-" "keysign 8> during E<.Cm HostbasedAuthentication>. The argument must be E<." "Cm yes> or E<.Cm no> (the default). This option should be placed in the non-" "hostspecific section. See E<.Xr ssh-keysign 8> for more information." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "Cm EscapeChar" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "Sets the escape character (default: E<.Ql ~>). The escape character can " "also be set on the command line. The argument should be a single character, " "E<.Ql ^> followed by a letter, or E<.Cm none> to disable the escape " "character entirely (making the connection transparent for binary data)." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "Cm ExitOnForwardFailure" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "Specifies whether E<.Xr ssh 1> should terminate the connection if it cannot " "set up all requested dynamic, tunnel, local, and remote port forwardings, (e." "g.\\& if either end is unable to bind and listen on a specified port). Note " "that E<.Cm ExitOnForwardFailure> does not apply to connections made over " "port forwardings and will not, for example, cause E<.Xr ssh 1> to exit if " "TCP connections to the ultimate forwarding destination fail. The argument " "must be E<.Cm yes> or E<.Cm no> (the default)." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "Cm FingerprintHash" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "Specifies the hash algorithm used when displaying key fingerprints. Valid " "options are: E<.Cm md5> and E<.Cm sha256> (the default)." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "Cm ForkAfterAuthentication" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "Requests E<.Nm ssh> to go to background just before command execution. This " "is useful if E<.Nm ssh> is going to ask for passwords or passphrases, but " "the user wants it in the background. This implies the E<.Cm StdinNull> " "configuration option being set to E<.Dq yes>. The recommended way to start " "X11 programs at a remote site is with something like E<.Ic ssh -f host " "xterm>, which is the same as E<.Ic ssh host xterm> if the E<.Cm " "ForkAfterAuthentication> configuration option is set to E<.Dq yes>." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "If the E<.Cm ExitOnForwardFailure> configuration option is set to E<.Dq " "yes>, then a client started with the E<.Cm ForkAfterAuthentication> " "configuration option being set to E<.Dq yes> will wait for all remote port " "forwards to be successfully established before placing itself in the " "background. The argument to this keyword must be E<.Cm yes> (same as the E<." "Fl f> option) or E<.Cm no> (the default)." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "Cm ForwardAgent" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "Specifies whether the connection to the authentication agent (if any) will " "be forwarded to the remote machine. The argument may be E<.Cm yes>, E<.Cm " "no> (the default), an explicit path to an agent socket or the name of an " "environment variable (beginning with E<.Sq $>) in which to find the path." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "Agent forwarding should be enabled with caution. Users with the ability to " "bypass file permissions on the remote host (for the agent's Unix-domain " "socket) can access the local agent through the forwarded connection. An " "attacker cannot obtain key material from the agent, however they can perform " "operations on the keys that enable them to authenticate using the identities " "loaded into the agent." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "Cm ForwardX11" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "Specifies whether X11 connections will be automatically redirected over the " "secure channel and E<.Ev DISPLAY> set. The argument must be E<.Cm yes> or " "E<.Cm no> (the default)." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "X11 forwarding should be enabled with caution. Users with the ability to " "bypass file permissions on the remote host (for the user's X11 authorization " "database) can access the local X11 display through the forwarded " "connection. An attacker may then be able to perform activities such as " "keystroke monitoring if the E<.Cm ForwardX11Trusted> option is also enabled." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "Cm ForwardX11Timeout" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "Specify a timeout for untrusted X11 forwarding using the format described in " "the E<.Sx TIME FORMATS> section of E<.Xr sshd_config 5>. X11 connections " "received by E<.Xr ssh 1> after this time will be refused. Setting E<.Cm " "ForwardX11Timeout> to zero will disable the timeout and permit X11 " "forwarding for the life of the connection. The default is to disable " "untrusted X11 forwarding after twenty minutes has elapsed." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "Cm ForwardX11Trusted" msgstr "" #. type: Plain text #: archlinux fedora-40 fedora-rawhide mageia-cauldron msgid "" "If this option is set to E<.Cm yes>, remote X11 clients will have full " "access to the original X11 display." msgstr "" #. type: Plain text #: archlinux fedora-40 fedora-rawhide mageia-cauldron msgid "" "If this option is set to E<.Cm no> (the default), remote X11 clients will be " "considered untrusted and prevented from stealing or tampering with data " "belonging to trusted X11 clients. Furthermore, the E<.Xr xauth 1> token " "used for the session will be set to expire after 20 minutes. Remote clients " "will be refused access after this time." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "See the X11 SECURITY extension specification for full details on the " "restrictions imposed on untrusted clients." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "Cm GatewayPorts" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "Specifies whether remote hosts are allowed to connect to local forwarded " "ports. By default, E<.Xr ssh 1> binds local port forwardings to the " "loopback address. This prevents other remote hosts from connecting to " "forwarded ports. E<.Cm GatewayPorts> can be used to specify that ssh should " "bind local port forwardings to the wildcard address, thus allowing remote " "hosts to connect to forwarded ports. The argument must be E<.Cm yes> or E<." "Cm no> (the default)." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "Cm GlobalKnownHostsFile" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "Specifies one or more files to use for the global host key database, " "separated by whitespace. The default is E<.Pa /etc/ssh/ssh_known_hosts>, E<." "Pa /etc/ssh/ssh_known_hosts2>." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "Cm GSSAPIAuthentication" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "Specifies whether user authentication based on GSSAPI is allowed. The " "default is E<.Cm no>." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "Cm GSSAPIDelegateCredentials" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "Forward (delegate) credentials to the server. The default is E<.Cm no>." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "Cm HashKnownHosts" msgstr "" #. type: Plain text #: archlinux fedora-40 fedora-rawhide mageia-cauldron msgid "" "Indicates that E<.Xr ssh 1> should hash host names and addresses when they " "are added to E<.Pa ~/.ssh/known_hosts>. These hashed names may be used " "normally by E<.Xr ssh 1> and E<.Xr sshd 8>, but they do not visually reveal " "identifying information if the file's contents are disclosed. The default " "is E<.Cm no>. Note that existing names and addresses in known hosts files " "will not be converted automatically, but may be manually hashed using E<.Xr " "ssh-keygen 1>." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "Cm HostbasedAcceptedAlgorithms" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable mageia-cauldron msgid "" "Specifies the signature algorithms that will be used for hostbased " "authentication as a comma-separated list of patterns. Alternately if the " "specified list begins with a E<.Sq +> character, then the specified " "signature algorithms will be appended to the default set instead of " "replacing them. If the specified list begins with a E<.Sq -> character, " "then the specified signature algorithms (including wildcards) will be " "removed from the default set instead of replacing them. If the specified " "list begins with a E<.Sq ^> character, then the specified signature " "algorithms will be placed at the head of the default set. The default for " "this option is:" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable mageia-cauldron #, no-wrap msgid "" "ssh-ed25519-cert-v01@openssh.com,\n" "ecdsa-sha2-nistp256-cert-v01@openssh.com,\n" "ecdsa-sha2-nistp384-cert-v01@openssh.com,\n" "ecdsa-sha2-nistp521-cert-v01@openssh.com,\n" "sk-ssh-ed25519-cert-v01@openssh.com,\n" "sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,\n" "rsa-sha2-512-cert-v01@openssh.com,\n" "rsa-sha2-256-cert-v01@openssh.com,\n" "ssh-ed25519,\n" "ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,\n" "sk-ssh-ed25519@openssh.com,\n" "sk-ecdsa-sha2-nistp256@openssh.com,\n" "rsa-sha2-512,rsa-sha2-256\n" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "The E<.Fl Q> option of E<.Xr ssh 1> may be used to list supported signature " "algorithms. This was formerly named HostbasedKeyTypes." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "Cm HostbasedAuthentication" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "Specifies whether to try rhosts based authentication with public key " "authentication. The argument must be E<.Cm yes> or E<.Cm no> (the default)." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "Cm HostKeyAlgorithms" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "Specifies the host key signature algorithms that the client wants to use in " "order of preference. Alternately if the specified list begins with a E<.Sq " "+> character, then the specified signature algorithms will be appended to " "the default set instead of replacing them. If the specified list begins " "with a E<.Sq -> character, then the specified signature algorithms " "(including wildcards) will be removed from the default set instead of " "replacing them. If the specified list begins with a E<.Sq ^> character, " "then the specified signature algorithms will be placed at the head of the " "default set. The default for this option is:" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "" "ssh-ed25519-cert-v01@openssh.com,\n" "ecdsa-sha2-nistp256-cert-v01@openssh.com,\n" "ecdsa-sha2-nistp384-cert-v01@openssh.com,\n" "ecdsa-sha2-nistp521-cert-v01@openssh.com,\n" "sk-ssh-ed25519-cert-v01@openssh.com,\n" "sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,\n" "rsa-sha2-512-cert-v01@openssh.com,\n" "rsa-sha2-256-cert-v01@openssh.com,\n" "ssh-ed25519,\n" "ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,\n" "sk-ecdsa-sha2-nistp256@openssh.com,\n" "sk-ssh-ed25519@openssh.com,\n" "rsa-sha2-512,rsa-sha2-256\n" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "If hostkeys are known for the destination host then this default is modified " "to prefer their algorithms." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "The list of available signature algorithms may also be obtained using E<.Qq " "ssh -Q HostKeyAlgorithms>." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "Cm HostKeyAlias" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "Specifies an alias that should be used instead of the real host name when " "looking up or saving the host key in the host key database files and when " "validating host certificates. This option is useful for tunneling SSH " "connections or for multiple servers running on a single host." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "Cm Hostname" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "Specifies the real host name to log into. This can be used to specify " "nicknames or abbreviations for hosts. Arguments to E<.Cm Hostname> accept " "the tokens described in the E<.Sx TOKENS> section. Numeric IP addresses are " "also permitted (both on the command line and in E<.Cm Hostname> " "specifications). The default is the name given on the command line." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "Cm IdentitiesOnly" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "Specifies that E<.Xr ssh 1> should only use the configured authentication " "identity and certificate files (either the default files, or those " "explicitly configured in the E<.Nm> files or passed on the E<.Xr ssh 1> " "command-line), even if E<.Xr ssh-agent 1> or a E<.Cm PKCS11Provider> or E<." "Cm SecurityKeyProvider> offers more identities. The argument to this " "keyword must be E<.Cm yes> or E<.Cm no> (the default). This option is " "intended for situations where ssh-agent offers many different identities." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "Cm IdentityAgent" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "Specifies the E<.Ux Ns -domain> socket used to communicate with the " "authentication agent." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "This option overrides the E<.Ev SSH_AUTH_SOCK> environment variable and can " "be used to select a specific agent. Setting the socket name to E<.Cm none> " "disables the use of an authentication agent. If the string E<.Qq " "SSH_AUTH_SOCK> is specified, the location of the socket will be read from " "the E<.Ev SSH_AUTH_SOCK> environment variable. Otherwise if the specified " "value begins with a E<.Sq $> character, then it will be treated as an " "environment variable containing the location of the socket." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "Arguments to E<.Cm IdentityAgent> may use the tilde syntax to refer to a " "user's home directory, the tokens described in the E<.Sx TOKENS> section and " "environment variables as described in the E<.Sx ENVIRONMENT VARIABLES> " "section." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "Cm IdentityFile" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "Specifies a file from which the user's DSA, ECDSA, authenticator-hosted " "ECDSA, Ed25519, authenticator-hosted Ed25519 or RSA authentication identity " "is read. You can also specify a public key file to use the corresponding " "private key that is loaded in E<.Xr ssh-agent 1> when the private key file " "is not present locally. The default is E<.Pa ~/.ssh/id_rsa>, E<.Pa ~/.ssh/" "id_ecdsa>, E<.Pa ~/.ssh/id_ecdsa_sk>, E<.Pa ~/.ssh/id_ed25519>, E<.Pa ~/.ssh/" "id_ed25519_sk> and E<.Pa ~/.ssh/id_dsa>. Additionally, any identities " "represented by the authentication agent will be used for authentication " "unless E<.Cm IdentitiesOnly> is set. If no certificates have been " "explicitly specified by E<.Cm CertificateFile>, E<.Xr ssh 1> will try to " "load certificate information from the filename obtained by appending E<.Pa -" "cert.pub> to the path of a specified E<.Cm IdentityFile>." msgstr "" #. type: Plain text #: archlinux debian-unstable fedora-40 fedora-rawhide msgid "" "Arguments to E<.Cm IdentityFile> may use the tilde syntax to refer to a " "user's home directory or the tokens described in the E<.Sx TOKENS> section. " "Alternately an argument of E<.Cm none> may be used to indicate no identity " "files should be loaded." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "It is possible to have multiple identity files specified in configuration " "files; all these identities will be tried in sequence. Multiple E<.Cm " "IdentityFile> directives will add to the list of identities tried (this " "behaviour differs from that of other configuration directives)." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "E<.Cm IdentityFile> may be used in conjunction with E<.Cm IdentitiesOnly> to " "select which identities in an agent are offered during authentication. E<." "Cm IdentityFile> may also be used in conjunction with E<.Cm CertificateFile> " "in order to provide any certificate also needed for authentication with the " "identity." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "Cm IgnoreUnknown" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "Specifies a pattern-list of unknown options to be ignored if they are " "encountered in configuration parsing. This may be used to suppress errors " "if E<.Nm> contains options that are unrecognised by E<.Xr ssh 1>. It is " "recommended that E<.Cm IgnoreUnknown> be listed early in the configuration " "file as it will not be applied to unknown options that appear before it." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "Cm Include" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "Include the specified configuration file(s). Multiple pathnames may be " "specified and each pathname may contain E<.Xr glob 7> wildcards and, for " "user configurations, shell-like E<.Sq ~> references to user home " "directories. Wildcards will be expanded and processed in lexical order. " "Files without absolute paths are assumed to be in E<.Pa ~/.ssh> if included " "in a user configuration file or E<.Pa /etc/ssh> if included from the system " "configuration file. E<.Cm Include> directive may appear inside a E<.Cm " "Match> or E<.Cm Host> block to perform conditional inclusion." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "Cm IPQoS" msgstr "" #. type: Plain text #: archlinux fedora-40 fedora-rawhide mageia-cauldron msgid "" "Specifies the IPv4 type-of-service or DSCP class for connections. Accepted " "values are E<.Cm af11>, E<.Cm af12>, E<.Cm af13>, E<.Cm af21>, E<.Cm af22>, " "E<.Cm af23>, E<.Cm af31>, E<.Cm af32>, E<.Cm af33>, E<.Cm af41>, E<.Cm " "af42>, E<.Cm af43>, E<.Cm cs0>, E<.Cm cs1>, E<.Cm cs2>, E<.Cm cs3>, E<.Cm " "cs4>, E<.Cm cs5>, E<.Cm cs6>, E<.Cm cs7>, E<.Cm ef>, E<.Cm le>, E<.Cm " "lowdelay>, E<.Cm throughput>, E<.Cm reliability>, a numeric value, or E<.Cm " "none> to use the operating system default. This option may take one or two " "arguments, separated by whitespace. If one argument is specified, it is " "used as the packet class unconditionally. If two values are specified, the " "first is automatically selected for interactive sessions and the second for " "non-interactive sessions. The default is E<.Cm af21> (Low-Latency Data) " "for interactive sessions and E<.Cm cs1> (Lower Effort) for non-interactive " "sessions." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "Cm KbdInteractiveAuthentication" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "Specifies whether to use keyboard-interactive authentication. The argument " "to this keyword must be E<.Cm yes> (the default) or E<.Cm no>. E<.Cm " "ChallengeResponseAuthentication> is a deprecated alias for this." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "Cm KbdInteractiveDevices" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "Specifies the list of methods to use in keyboard-interactive " "authentication. Multiple method names must be comma-separated. The default " "is to use the server specified list. The methods available vary depending " "on what the server supports. For an OpenSSH server, it may be zero or more " "of: E<.Cm bsdauth> and E<.Cm pam>." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "Cm KexAlgorithms" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable msgid "" "Specifies the available KEX (Key Exchange) algorithms. Multiple algorithms " "must be comma-separated. If the specified list begins with a E<.Sq +> " "character, then the specified algorithms will be appended to the default set " "instead of replacing them. If the specified list begins with a E<.Sq -> " "character, then the specified algorithms (including wildcards) will be " "removed from the default set instead of replacing them. If the specified " "list begins with a E<.Sq ^> character, then the specified algorithms will be " "placed at the head of the default set. The default is:" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable #, no-wrap msgid "" "sntrup761x25519-sha512@openssh.com,\n" "curve25519-sha256,curve25519-sha256@libssh.org,\n" "ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,\n" "diffie-hellman-group-exchange-sha256,\n" "diffie-hellman-group16-sha512,\n" "diffie-hellman-group18-sha512,\n" "diffie-hellman-group14-sha256\n" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "The list of available key exchange algorithms may also be obtained using E<." "Qq ssh -Q kex>." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "Cm KnownHostsCommand" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "Specifies a command to use to obtain a list of host keys, in addition to " "those listed in E<.Cm UserKnownHostsFile> and E<.Cm GlobalKnownHostsFile>. " "This command is executed after the files have been read. It may write host " "key lines to standard output in identical format to the usual files " "(described in the E<.Sx VERIFYING HOST KEYS> section in E<.Xr ssh 1>). " "Arguments to E<.Cm KnownHostsCommand> accept the tokens described in the E<." "Sx TOKENS> section. The command may be invoked multiple times per " "connection: once when preparing the preference list of host key algorithms " "to use, again to obtain the host key for the requested host name and, if E<." "Cm CheckHostIP> is enabled, one more time to obtain the host key matching " "the server's address. If the command exits abnormally or returns a non-zero " "exit status then the connection is terminated." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "Cm LocalCommand" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "Specifies a command to execute on the local machine after successfully " "connecting to the server. The command string extends to the end of the " "line, and is executed with the user's shell. Arguments to E<.Cm " "LocalCommand> accept the tokens described in the E<.Sx TOKENS> section." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "The command is run synchronously and does not have access to the session of " "the E<.Xr ssh 1> that spawned it. It should not be used for interactive " "commands." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "This directive is ignored unless E<.Cm PermitLocalCommand> has been enabled." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "Cm LocalForward" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "Specifies that a TCP port on the local machine be forwarded over the secure " "channel to the specified host and port from the remote machine. The first " "argument specifies the listener and may be E<.Sm off> E<.Oo Ar " "bind_address : Oc Ar port> E<.Sm on> or a Unix domain socket path. The " "second argument is the destination and may be E<.Ar host : Ns Ar hostport> " "or a Unix domain socket path if the remote host supports it." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "IPv6 addresses can be specified by enclosing addresses in square brackets. " "Multiple forwardings may be specified, and additional forwardings can be " "given on the command line. Only the superuser can forward privileged " "ports. By default, the local port is bound in accordance with the E<.Cm " "GatewayPorts> setting. However, an explicit E<.Ar bind_address> may be used " "to bind the connection to a specific address. The E<.Ar bind_address> of E<." "Cm localhost> indicates that the listening port be bound for local use only, " "while an empty address or E<.Sq *> indicates that the port should be " "available from all interfaces. Unix domain socket paths may use the tokens " "described in the E<.Sx TOKENS> section and environment variables as " "described in the E<.Sx ENVIRONMENT VARIABLES> section." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "Cm LogLevel" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "Gives the verbosity level that is used when logging messages from E<.Xr ssh " "1>. The possible values are: QUIET, FATAL, ERROR, INFO, VERBOSE, DEBUG, " "DEBUG1, DEBUG2, and DEBUG3. The default is INFO. DEBUG and DEBUG1 are " "equivalent. DEBUG2 and DEBUG3 each specify higher levels of verbose output." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "Cm LogVerbose" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "Specify one or more overrides to LogLevel. An override consists of a " "pattern lists that matches the source file, function and line number to " "force detailed logging for. For example, an override pattern of:" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "kex.c:*:1000,*:kex_exchange_identification():*,packet.c:*\n" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "would enable detailed logging for line 1000 of E<.Pa kex.c>, everything in " "the E<.Fn kex_exchange_identification> function, and all code in the E<.Pa " "packet.c> file. This option is intended for debugging and no overrides are " "enabled by default." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "Cm MACs" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable msgid "" "Specifies the MAC (message authentication code) algorithms in order of " "preference. The MAC algorithm is used for data integrity protection. " "Multiple algorithms must be comma-separated. If the specified list begins " "with a E<.Sq +> character, then the specified algorithms will be appended to " "the default set instead of replacing them. If the specified list begins " "with a E<.Sq -> character, then the specified algorithms (including " "wildcards) will be removed from the default set instead of replacing them. " "If the specified list begins with a E<.Sq ^> character, then the specified " "algorithms will be placed at the head of the default set." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "The algorithms that contain E<.Qq -etm> calculate the MAC after encryption " "(encrypt-then-mac). These are considered safer and their use recommended." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable #, no-wrap msgid "" "umac-64-etm@openssh.com,umac-128-etm@openssh.com,\n" "hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,\n" "hmac-sha1-etm@openssh.com,\n" "umac-64@openssh.com,umac-128@openssh.com,\n" "hmac-sha2-256,hmac-sha2-512,hmac-sha1\n" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "The list of available MAC algorithms may also be obtained using E<.Qq ssh -Q " "mac>." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "Cm NoHostAuthenticationForLocalhost" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "Disable host authentication for localhost (loopback addresses). The " "argument to this keyword must be E<.Cm yes> or E<.Cm no> (the default)." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "Cm NumberOfPasswordPrompts" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "Specifies the number of password prompts before giving up. The argument to " "this keyword must be an integer. The default is 3." msgstr "" #. type: It #: archlinux debian-unstable fedora-40 fedora-rawhide #, no-wrap msgid "Cm ObscureKeystrokeTiming" msgstr "" #. type: Plain text #: archlinux debian-unstable fedora-40 fedora-rawhide msgid "" "Specifies whether E<.Xr ssh 1> should try to obscure inter-keystroke timings " "from passive observers of network traffic. If enabled, then for interactive " "sessions, E<.Xr ssh 1> will send keystrokes at fixed intervals of a few tens " "of milliseconds and will send fake keystroke packets for some time after " "typing ceases. The argument to this keyword must be E<.Cm yes>, E<.Cm no> " "or an interval specifier of the form E<.Cm interval:milliseconds> (e.g.\\& " "E<.Cm interval:80> for 80 milliseconds). The default is to obscure " "keystrokes using a 20ms packet interval. Note that smaller intervals will " "result in higher fake keystroke packet rates." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "Cm PasswordAuthentication" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "Specifies whether to use password authentication. The argument to this " "keyword must be E<.Cm yes> (the default) or E<.Cm no>." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "Cm PermitLocalCommand" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "Allow local command execution via the E<.Ic LocalCommand> option or using " "the E<.Ic !\\& Ns Ar command> escape sequence in E<.Xr ssh 1>. The argument " "must be E<.Cm yes> or E<.Cm no> (the default)." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "Cm PermitRemoteOpen" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "Specifies the destinations to which remote TCP port forwarding is permitted " "when E<.Cm RemoteForward> is used as a SOCKS proxy. The forwarding " "specification must be one of the following forms:" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "E<.Cm PermitRemoteOpen> E<.Sm off> E<.Ar host : port> E<.Sm on>" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "E<.Cm PermitRemoteOpen> E<.Sm off> E<.Ar IPv4_addr : port> E<.Sm on>" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "E<.Cm PermitRemoteOpen> E<.Sm off> E<.Ar \\&[ IPv6_addr \\&] : port> E<.Sm " "on>" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "Multiple forwards may be specified by separating them with whitespace. An " "argument of E<.Cm any> can be used to remove all restrictions and permit any " "forwarding requests. An argument of E<.Cm none> can be used to prohibit all " "forwarding requests. The wildcard E<.Sq *> can be used for host or port to " "allow all hosts or ports respectively. Otherwise, no pattern matching or " "address lookups are performed on supplied names." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "Cm PKCS11Provider" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "Specifies which PKCS#11 provider to use or E<.Cm none> to indicate that no " "provider should be used (the default). The argument to this keyword is a " "path to the PKCS#11 shared library E<.Xr ssh 1> should use to communicate " "with a PKCS#11 token providing keys for user authentication." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "Cm Port" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "Specifies the port number to connect on the remote host. The default is 22." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "Cm PreferredAuthentications" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "Specifies the order in which the client should try authentication methods. " "This allows a client to prefer one method (e.g.\\& E<.Cm keyboard-" "interactive>) over another method (e.g.\\& E<.Cm password>). The default " "is:" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "" "gssapi-with-mic,hostbased,publickey,\n" "keyboard-interactive,password\n" msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "Cm ProxyCommand" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "Specifies the command to use to connect to the server. The command string " "extends to the end of the line, and is executed using the user's shell E<.Ql " "exec> directive to avoid a lingering shell process." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "Arguments to E<.Cm ProxyCommand> accept the tokens described in the E<.Sx " "TOKENS> section. The command can be basically anything, and should read " "from its standard input and write to its standard output. It should " "eventually connect an E<.Xr sshd 8> server running on some machine, or " "execute E<.Ic sshd -i> somewhere. Host key management will be done using " "the E<.Cm Hostname> of the host being connected (defaulting to the name " "typed by the user). Setting the command to E<.Cm none> disables this option " "entirely. Note that E<.Cm CheckHostIP> is not available for connects with a " "proxy command." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "This directive is useful in conjunction with E<.Xr nc 1> and its proxy " "support. For example, the following directive would connect via an HTTP " "proxy at 192.0.2.0:" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "ProxyCommand /usr/bin/nc -X connect -x 192.0.2.0:8080 %h %p\n" msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "Cm ProxyJump" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "Specifies one or more jump proxies as either E<.Xo> E<.Sm off> E<.Op Ar user " "No @> E<.Ar host> E<.Op : Ns Ar port> E<.Sm on> or an ssh URI E<.Xc>. " "Multiple proxies may be separated by comma characters and will be visited " "sequentially. Setting this option will cause E<.Xr ssh 1> to connect to the " "target host by first making a E<.Xr ssh 1> connection to the specified E<.Cm " "ProxyJump> host and then establishing a TCP forwarding to the ultimate " "target from there. Setting the host to E<.Cm none> disables this option " "entirely." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "Note that this option will compete with the E<.Cm ProxyCommand> option - " "whichever is specified first will prevent later instances of the other from " "taking effect." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "Note also that the configuration for the destination host (either supplied " "via the command-line or the configuration file) is not generally applied to " "jump hosts. E<.Pa ~/.ssh/config> should be used if specific configuration " "is required for jump hosts." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "Cm ProxyUseFdpass" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "Specifies that E<.Cm ProxyCommand> will pass a connected file descriptor " "back to E<.Xr ssh 1> instead of continuing to execute and pass data. The " "default is E<.Cm no>." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "Cm PubkeyAcceptedAlgorithms" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable msgid "" "Specifies the signature algorithms that will be used for public key " "authentication as a comma-separated list of patterns. If the specified list " "begins with a E<.Sq +> character, then the algorithms after it will be " "appended to the default instead of replacing it. If the specified list " "begins with a E<.Sq -> character, then the specified algorithms (including " "wildcards) will be removed from the default set instead of replacing them. " "If the specified list begins with a E<.Sq ^> character, then the specified " "algorithms will be placed at the head of the default set. The default for " "this option is:" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "The list of available signature algorithms may also be obtained using E<.Qq " "ssh -Q PubkeyAcceptedAlgorithms>." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "Cm PubkeyAuthentication" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "Specifies whether to try public key authentication. The argument to this " "keyword must be E<.Cm yes> (the default), E<.Cm no>, E<.Cm unbound> or E<.Cm " "host-bound>. The final two options enable public key authentication while " "respectively disabling or enabling the OpenSSH host-bound authentication " "protocol extension required for restricted E<.Xr ssh-agent 1> forwarding." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "Cm RekeyLimit" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "Specifies the maximum amount of data that may be transmitted or received " "before the session key is renegotiated, optionally followed by a maximum " "amount of time that may pass before the session key is renegotiated. The " "first argument is specified in bytes and may have a suffix of E<.Sq K>, E<." "Sq M>, or E<.Sq G> to indicate Kilobytes, Megabytes, or Gigabytes, " "respectively. The default is between E<.Sq 1G> and E<.Sq 4G>, depending on " "the cipher. The optional second value is specified in seconds and may use " "any of the units documented in the TIME FORMATS section of E<.Xr sshd_config " "5>. The default value for E<.Cm RekeyLimit> is E<.Cm default none>, which " "means that rekeying is performed after the cipher's default amount of data " "has been sent or received and no time based rekeying is done." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "Cm RemoteCommand" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "Specifies a command to execute on the remote machine after successfully " "connecting to the server. The command string extends to the end of the " "line, and is executed with the user's shell. Arguments to E<.Cm " "RemoteCommand> accept the tokens described in the E<.Sx TOKENS> section." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "Cm RemoteForward" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "Specifies that a TCP port on the remote machine be forwarded over the secure " "channel. The remote port may either be forwarded to a specified host and " "port from the local machine, or may act as a SOCKS 4/5 proxy that allows a " "remote client to connect to arbitrary destinations from the local machine. " "The first argument is the listening specification and may be E<.Sm off> E<." "Oo Ar bind_address : Oc Ar port> E<.Sm on> or, if the remote host supports " "it, a Unix domain socket path. If forwarding to a specific destination then " "the second argument must be E<.Ar host : Ns Ar hostport> or a Unix domain " "socket path, otherwise if no destination argument is specified then the " "remote forwarding will be established as a SOCKS proxy. When acting as a " "SOCKS proxy, the destination of the connection can be restricted by E<.Cm " "PermitRemoteOpen>." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "IPv6 addresses can be specified by enclosing addresses in square brackets. " "Multiple forwardings may be specified, and additional forwardings can be " "given on the command line. Privileged ports can be forwarded only when " "logging in as root on the remote machine. Unix domain socket paths may use " "the tokens described in the E<.Sx TOKENS> section and environment variables " "as described in the E<.Sx ENVIRONMENT VARIABLES> section." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "If the E<.Ar port> argument is 0, the listen port will be dynamically " "allocated on the server and reported to the client at run time." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "If the E<.Ar bind_address> is not specified, the default is to only bind to " "loopback addresses. If the E<.Ar bind_address> is E<.Ql *> or an empty " "string, then the forwarding is requested to listen on all interfaces. " "Specifying a remote E<.Ar bind_address> will only succeed if the server's E<." "Cm GatewayPorts> option is enabled (see E<.Xr sshd_config 5>)." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "Cm RequestTTY" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "Specifies whether to request a pseudo-tty for the session. The argument may " "be one of: E<.Cm no> (never request a TTY), E<.Cm yes> (always request a TTY " "when standard input is a TTY), E<.Cm force> (always request a TTY) or E<.Cm " "auto> (request a TTY when opening a login session). This option mirrors the " "E<.Fl t> and E<.Fl T> flags for E<.Xr ssh 1>." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "Cm RequiredRSASize" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "Specifies the minimum RSA key size (in bits) that E<.Xr ssh 1> will accept. " "User authentication keys smaller than this limit will be ignored. Servers " "that present host keys smaller than this limit will cause the connection to " "be terminated. The default is E<.Cm 1024> bits. Note that this limit may " "only be raised from the default." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "Cm RevokedHostKeys" msgstr "" #. type: Plain text #: archlinux debian-unstable fedora-40 fedora-rawhide msgid "" "Specifies revoked host public keys. Keys listed in this file will be " "refused for host authentication. Note that if this file does not exist or " "is not readable, then host authentication will be refused for all hosts. " "Keys may be specified as a text file, listing one public key per line, or as " "an OpenSSH Key Revocation List (KRL) as generated by E<.Xr ssh-keygen 1>. " "For more information on KRLs, see the KEY REVOCATION LISTS section in E<.Xr " "ssh-keygen 1>. Arguments to E<.Cm RevokedHostKeys> may use the tilde syntax " "to refer to a user's home directory, the tokens described in the E<.Sx " "TOKENS> section and environment variables as described in the E<.Sx " "ENVIRONMENT VARIABLES> section." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "Cm SecurityKeyProvider" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "Specifies a path to a library that will be used when loading any FIDO " "authenticator-hosted keys, overriding the default of using the built-in USB " "HID support." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "If the specified value begins with a E<.Sq $> character, then it will be " "treated as an environment variable containing the path to the library." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "Cm SendEnv" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "Specifies what variables from the local E<.Xr environ 7> should be sent to " "the server. The server must also support it, and the server must be " "configured to accept these environment variables. Note that the E<.Ev TERM> " "environment variable is always sent whenever a pseudo-terminal is requested " "as it is required by the protocol. Refer to E<.Cm AcceptEnv> in E<.Xr " "sshd_config 5> for how to configure the server. Variables are specified by " "name, which may contain wildcard characters. Multiple environment variables " "may be separated by whitespace or spread across multiple E<.Cm SendEnv> " "directives." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "It is possible to clear previously set E<.Cm SendEnv> variable names by " "prefixing patterns with E<.Pa ->. The default is not to send any " "environment variables." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "Cm ServerAliveCountMax" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "Sets the number of server alive messages (see below) which may be sent " "without E<.Xr ssh 1> receiving any messages back from the server. If this " "threshold is reached while server alive messages are being sent, ssh will " "disconnect from the server, terminating the session. It is important to " "note that the use of server alive messages is very different from E<.Cm " "TCPKeepAlive> (below). The server alive messages are sent through the " "encrypted channel and therefore will not be spoofable. The TCP keepalive " "option enabled by E<.Cm TCPKeepAlive> is spoofable. The server alive " "mechanism is valuable when the client or server depend on knowing when a " "connection has become unresponsive." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "The default value is 3. If, for example, E<.Cm ServerAliveInterval> (see " "below) is set to 15 and E<.Cm ServerAliveCountMax> is left at the default, " "if the server becomes unresponsive, ssh will disconnect after approximately " "45 seconds." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "Cm ServerAliveInterval" msgstr "" #. type: Plain text #: archlinux fedora-40 fedora-rawhide mageia-cauldron msgid "" "Sets a timeout interval in seconds after which if no data has been received " "from the server, E<.Xr ssh 1> will send a message through the encrypted " "channel to request a response from the server. The default is 0, indicating " "that these messages will not be sent to the server." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "Cm SessionType" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "May be used to either request invocation of a subsystem on the remote " "system, or to prevent the execution of a remote command at all. The latter " "is useful for just forwarding ports. The argument to this keyword must be " "E<.Cm none> (same as the E<.Fl N> option), E<.Cm subsystem> (same as the E<." "Fl s> option) or E<.Cm default> (shell or command execution)." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "Cm SetEnv" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "Directly specify one or more environment variables and their contents to be " "sent to the server. Similarly to E<.Cm SendEnv>, with the exception of the " "E<.Ev TERM> variable, the server must be prepared to accept the environment " "variable." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "Cm StdinNull" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "Redirects stdin from E<.Pa /dev/null> (actually, prevents reading from " "stdin). Either this or the equivalent E<.Fl n> option must be used when E<." "Nm ssh> is run in the background. The argument to this keyword must be E<." "Cm yes> (same as the E<.Fl n> option) or E<.Cm no> (the default)." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "Cm StreamLocalBindMask" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "Sets the octal file creation mode mask E<.Pq umask> used when creating a " "Unix-domain socket file for local or remote port forwarding. This option is " "only used for port forwarding to a Unix-domain socket file." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "The default value is 0177, which creates a Unix-domain socket file that is " "readable and writable only by the owner. Note that not all operating " "systems honor the file mode on Unix-domain socket files." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "Cm StreamLocalBindUnlink" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "Specifies whether to remove an existing Unix-domain socket file for local or " "remote port forwarding before creating a new one. If the socket file " "already exists and E<.Cm StreamLocalBindUnlink> is not enabled, E<.Nm ssh> " "will be unable to forward the port to the Unix-domain socket file. This " "option is only used for port forwarding to a Unix-domain socket file." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "The argument must be E<.Cm yes> or E<.Cm no> (the default)." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "Cm StrictHostKeyChecking" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "If this flag is set to E<.Cm yes>, E<.Xr ssh 1> will never automatically add " "host keys to the E<.Pa ~/.ssh/known_hosts> file, and refuses to connect to " "hosts whose host key has changed. This provides maximum protection against " "man-in-the-middle (MITM) attacks, though it can be annoying when the E<.Pa /" "etc/ssh/ssh_known_hosts> file is poorly maintained or when connections to " "new hosts are frequently made. This option forces the user to manually add " "all new hosts." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "If this flag is set to E<.Cm accept-new> then ssh will automatically add new " "host keys to the user's E<.Pa known_hosts> file, but will not permit " "connections to hosts with changed host keys. If this flag is set to E<.Cm " "no> or E<.Cm off>, ssh will automatically add new host keys to the user " "known hosts files and allow connections to hosts with changed hostkeys to " "proceed, subject to some restrictions. If this flag is set to E<.Cm ask> " "(the default), new host keys will be added to the user known host files only " "after the user has confirmed that is what they really want to do, and ssh " "will refuse to connect to hosts whose host key has changed. The host keys " "of known hosts will be verified automatically in all cases." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "Cm SyslogFacility" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "Gives the facility code that is used when logging messages from E<.Xr ssh " "1>. The possible values are: DAEMON, USER, AUTH, LOCAL0, LOCAL1, LOCAL2, " "LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7. The default is USER." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "Cm TCPKeepAlive" msgstr "" #. type: Plain text #: archlinux fedora-40 fedora-rawhide mageia-cauldron msgid "" "Specifies whether the system should send TCP keepalive messages to the other " "side. If they are sent, death of the connection or crash of one of the " "machines will be properly noticed. However, this means that connections " "will die if the route is down temporarily, and some people find it annoying." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "The default is E<.Cm yes> (to send TCP keepalive messages), and the client " "will notice if the network goes down or the remote host dies. This is " "important in scripts, and many users want it too." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "To disable TCP keepalive messages, the value should be set to E<.Cm no>. " "See also E<.Cm ServerAliveInterval> for protocol-level keepalives." msgstr "" #. type: It #: archlinux debian-unstable fedora-40 fedora-rawhide #, no-wrap msgid "Cm Tag" msgstr "" #. type: Plain text #: archlinux debian-unstable fedora-40 fedora-rawhide msgid "" "Specify a configuration tag name that may be later used by a E<.Cm Match> " "directive to select a block of configuration." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "Cm Tunnel" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "Request E<.Xr tun 4> device forwarding between the client and the server. " "The argument must be E<.Cm yes>, E<.Cm point-to-point> (layer 3), E<.Cm " "ethernet> (layer 2), or E<.Cm no> (the default). Specifying E<.Cm yes> " "requests the default tunnel mode, which is E<.Cm point-to-point>." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "Cm TunnelDevice" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "Specifies the E<.Xr tun 4> devices to open on the client E<.Pq Ar local_tun> " "and the server E<.Pq Ar remote_tun>." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "The argument must be E<.Sm off> E<.Ar local_tun Op : Ar remote_tun>. E<.Sm " "on> The devices may be specified by numerical ID or the keyword E<.Cm any>, " "which uses the next available tunnel device. If E<.Ar remote_tun> is not " "specified, it defaults to E<.Cm any>. The default is E<.Cm any:any>." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "Cm UpdateHostKeys" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "Specifies whether E<.Xr ssh 1> should accept notifications of additional " "hostkeys from the server sent after authentication has completed and add " "them to E<.Cm UserKnownHostsFile>. The argument must be E<.Cm yes>, E<.Cm " "no> or E<.Cm ask>. This option allows learning alternate hostkeys for a " "server and supports graceful key rotation by allowing a server to send " "replacement public keys before old ones are removed." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "Additional hostkeys are only accepted if the key used to authenticate the " "host was already trusted or explicitly accepted by the user, the host was " "authenticated via E<.Cm UserKnownHostsFile> (i.e. not E<.Cm " "GlobalKnownHostsFile>) and the host was authenticated using a plain key and " "not a certificate." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "E<.Cm UpdateHostKeys> is enabled by default if the user has not overridden " "the default E<.Cm UserKnownHostsFile> setting and has not enabled E<.Cm " "VerifyHostKeyDNS>, otherwise E<.Cm UpdateHostKeys> will be set to E<.Cm no>." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "If E<.Cm UpdateHostKeys> is set to E<.Cm ask>, then the user is asked to " "confirm the modifications to the known_hosts file. Confirmation is " "currently incompatible with E<.Cm ControlPersist>, and will be disabled if " "it is enabled." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "Presently, only E<.Xr sshd 8> from OpenSSH 6.8 and greater support the E<.Qq " "hostkeys@openssh.com> protocol extension used to inform the client of all " "the server's hostkeys." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "Cm User" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "Specifies the user to log in as. This can be useful when a different user " "name is used on different machines. This saves the trouble of having to " "remember to give the user name on the command line." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "Cm UserKnownHostsFile" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "Specifies one or more files to use for the user host key database, separated " "by whitespace. Each filename may use tilde notation to refer to the user's " "home directory, the tokens described in the E<.Sx TOKENS> section and " "environment variables as described in the E<.Sx ENVIRONMENT VARIABLES> " "section. A value of E<.Cm none> causes E<.Xr ssh 1> to ignore any user-" "specific known hosts files. The default is E<.Pa ~/.ssh/known_hosts>, E<.Pa " "~/.ssh/known_hosts2>." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "Cm VerifyHostKeyDNS" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "Specifies whether to verify the remote key using DNS and SSHFP resource " "records. If this option is set to E<.Cm yes>, the client will implicitly " "trust keys that match a secure fingerprint from DNS. Insecure fingerprints " "will be handled as if this option was set to E<.Cm ask>. If this option is " "set to E<.Cm ask>, information on fingerprint match will be displayed, but " "the user will still need to confirm new host keys according to the E<.Cm " "StrictHostKeyChecking> option. The default is E<.Cm no>." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "See also E<.Sx VERIFYING HOST KEYS> in E<.Xr ssh 1>." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "Cm VisualHostKey" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "If this flag is set to E<.Cm yes>, an ASCII art representation of the remote " "host key fingerprint is printed in addition to the fingerprint string at " "login and for unknown host keys. If this flag is set to E<.Cm no> (the " "default), no fingerprint strings are printed at login and only the " "fingerprint string will be printed for unknown host keys." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "Cm XAuthLocation" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "Specifies the full pathname of the E<.Xr xauth 1> program. The default is " "E<.Pa /usr/bin/xauth>." msgstr "" #. type: Sh #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "PATTERNS" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "A E<.Em pattern> consists of zero or more non-whitespace characters, E<.Sq " "*> (a wildcard that matches zero or more characters), or E<.Sq ?\\&> (a " "wildcard that matches exactly one character). For example, to specify a set " "of declarations for any host in the E<.Qq .co.uk> set of domains, the " "following pattern could be used:" msgstr "" #. type: Dl #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "Host *.co.uk" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "The following pattern would match any host in the 192.168.0.[0-9] network " "range:" msgstr "" #. type: Dl #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "Host 192.168.0.?" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "A E<.Em pattern-list> is a comma-separated list of patterns. Patterns " "within pattern-lists may be negated by preceding them with an exclamation " "mark E<.Pq Sq !\\&>. For example, to allow a key to be used from anywhere " "within an organization except from the E<.Qq dialup> pool, the following " "entry (in authorized_keys) could be used:" msgstr "" #. type: Dl #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "from=\\(dq!*.dialup.example.com,*.example.com\\(dq" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "Note that a negated match will never produce a positive result by itself. " "For example, attempting to match E<.Qq host3> against the following pattern-" "list will fail:" msgstr "" #. type: Dl #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "from=\\(dq!host1,!host2\\(dq" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "The solution here is to include a term that will yield a positive match, " "such as a wildcard:" msgstr "" #. type: Dl #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "from=\\(dq!host1,!host2,*\\(dq" msgstr "" #. type: Sh #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "TOKENS" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "Arguments to some keywords can make use of tokens, which are expanded at " "runtime:" msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "%%" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "A literal E<.Sq %>." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "\\&%C" msgstr "" #. type: Plain text #: archlinux debian-unstable fedora-40 fedora-rawhide msgid "Hash of %l%h%p%r%j." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "%d" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "Local user's home directory." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "%f" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "The fingerprint of the server's host key." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "%H" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "The E<.Pa known_hosts> hostname or address that is being searched for." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "%h" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "The remote hostname." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "\\%%I" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "A string describing the reason for a E<.Cm KnownHostsCommand> execution: " "either E<.Cm ADDRESS> when looking up a host by address (only when E<.Cm " "CheckHostIP> is enabled), E<.Cm HOSTNAME> when searching by hostname, or E<." "Cm ORDER> when preparing the host key algorithm preference list to use for " "the destination host." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "%i" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "The local user ID." msgstr "" #. type: It #: archlinux debian-unstable fedora-40 fedora-rawhide #, no-wrap msgid "%j" msgstr "" #. type: Plain text #: archlinux debian-unstable fedora-40 fedora-rawhide msgid "" "The contents of the ProxyJump option, or the empty string if this option is " "unset." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "%K" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "The base64 encoded host key." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "%k" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "The host key alias if specified, otherwise the original remote hostname " "given on the command line." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "%L" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "The local hostname." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "%l" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "The local hostname, including the domain name." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "%n" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "The original remote hostname, as given on the command line." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "%p" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "The remote port." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "%r" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "The remote username." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "\\&%T" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "The local E<.Xr tun 4> or E<.Xr tap 4> network interface assigned if tunnel " "forwarding was requested, or E<.Qq NONE> otherwise." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "%t" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "The type of the server host key, e.g. E<.Cm ssh-ed25519>." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "%u" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "The local username." msgstr "" #. type: Plain text #: archlinux debian-unstable fedora-40 fedora-rawhide msgid "" "E<.Cm CertificateFile>, E<.Cm ControlPath>, E<.Cm IdentityAgent>, E<.Cm " "IdentityFile>, E<.Cm KnownHostsCommand>, E<.Cm LocalForward>, E<.Cm Match " "exec>, E<.Cm RemoteCommand>, E<.Cm RemoteForward>, E<.Cm RevokedHostKeys>, " "and E<.Cm UserKnownHostsFile> accept the tokens %%, %C, %d, %h, %i, %j, %k, " "%L, %l, %n, %p, %r, and %u." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "E<.Cm KnownHostsCommand> additionally accepts the tokens %f, %H, %I, %K and " "%t." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "E<.Cm Hostname> accepts the tokens %% and %h." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "E<.Cm LocalCommand> accepts all tokens." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "E<.Cm ProxyCommand> and E<.Cm ProxyJump> accept the tokens %%, %h, %n, %p, " "and %r." msgstr "" #. type: Plain text #: archlinux debian-unstable fedora-40 fedora-rawhide msgid "" "Note that some of these directives build commands for execution via the " "shell. Because E<.Xr ssh 1> performs no filtering or escaping of characters " "that have special meaning in shell commands (e.g. quotes), it is the user's " "responsibility to ensure that the arguments passed to E<.Xr ssh 1> do not " "contain such characters and that tokens are appropriately quoted when used." msgstr "" #. type: Sh #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "ENVIRONMENT VARIABLES" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "Arguments to some keywords can be expanded at runtime from environment " "variables on the client by enclosing them in E<.Ic ${}>, for example E<.Ic " "${HOME}/.ssh> would refer to the user's .ssh directory. If a specified " "environment variable does not exist then an error will be returned and the " "setting for that keyword will be ignored." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "The keywords E<.Cm CertificateFile>, E<.Cm ControlPath>, E<.Cm " "IdentityAgent>, E<.Cm IdentityFile>, E<.Cm KnownHostsCommand>, and E<.Cm " "UserKnownHostsFile> support environment variables. The keywords E<.Cm " "LocalForward> and E<.Cm RemoteForward> support environment variables only " "for Unix domain socket paths." msgstr "" #. type: Sh #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "FILES" msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "Pa ~/.ssh/config" msgstr "" #. type: Plain text #: archlinux fedora-40 fedora-rawhide mageia-cauldron msgid "" "This is the per-user configuration file. The format of this file is " "described above. This file is used by the SSH client. Because of the " "potential for abuse, this file must have strict permissions: read/write for " "the user, and not writable by others." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "Pa /etc/ssh/ssh_config" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "Systemwide configuration file. This file provides defaults for those values " "that are not specified in the user's configuration file, and for those users " "who do not have a configuration file. This file must be world-readable." msgstr "" #. type: Sh #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "SEE ALSO" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable mageia-cauldron msgid "E<.Xr ssh 1>" msgstr "" #. type: Sh #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "AUTHORS" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "E<.An -nosplit> OpenSSH is a derivative of the original and free ssh 1.2.12 " "release by E<.An Tatu Ylonen>. E<.An Aaron Campbell , Bob Beck , Markus " "Friedl>, E<.An Niels Provos , Theo de Raadt> and E<.An Dug Song> removed " "many bugs, re-added newer features and created OpenSSH. E<.An Markus " "Friedl> contributed the support for SSH protocol versions 1.5 and 2.0." msgstr "" #. type: Dd #: debian-bookworm #, no-wrap msgid "$Mdocdate: January 13 2023 $" msgstr "" #. type: Plain text #: debian-bookworm msgid "" "For each parameter, the first obtained value will be used. The " "configuration files contain sections separated by E<.Cm Host> " "specifications, and that section is only applied for hosts that match one of " "the patterns given in the specification. The matched host name is usually " "the one given on the command line (see the E<.Cm CanonicalizeHostname> " "option for exceptions)." msgstr "" #. type: Plain text #: debian-bookworm debian-unstable msgid "" "Note that the Debian E<.Ic openssh-client> package sets several options as " "standard in E<.Pa /etc/ssh/ssh_config> which are not the default in E<.Xr " "ssh 1>:" msgstr "" #. type: Plain text #: debian-bookworm debian-unstable msgid "E<.Cm Include /etc/ssh/ssh_config.d/*.conf>" msgstr "" #. type: Plain text #: debian-bookworm debian-unstable msgid "E<.Cm SendEnv No LANG LC_*>" msgstr "" #. type: Plain text #: debian-bookworm debian-unstable msgid "E<.Cm HashKnownHosts No yes>" msgstr "" #. type: Plain text #: debian-bookworm debian-unstable msgid "E<.Cm GSSAPIAuthentication No yes>" msgstr "" #. type: Plain text #: debian-bookworm debian-unstable msgid "" "E<.Pa /etc/ssh/ssh_config.d/*.conf> files are included at the start of the " "system-wide configuration file, so options set there will override those in " "E<.Pa /etc/ssh/ssh_config.>" msgstr "" #. type: Plain text #: debian-bookworm mageia-cauldron msgid "" "Restricts the following declarations (up to the next E<.Cm Host> or E<.Cm " "Match> keyword) to be used only when the conditions following the E<.Cm " "Match> keyword are satisfied. Match conditions are specified using one or " "more criteria or the single token E<.Cm all> which always matches. The " "available criteria keywords are: E<.Cm canonical>, E<.Cm final>, E<.Cm " "exec>, E<.Cm host>, E<.Cm originalhost>, E<.Cm user>, and E<.Cm localuser>. " "The E<.Cm all> criteria must appear alone or immediately after E<.Cm " "canonical> or E<.Cm final>. Other criteria may be combined arbitrarily. " "All criteria but E<.Cm all>, E<.Cm canonical>, and E<.Cm final> require an " "argument. Criteria may be negated by prepending an exclamation mark E<.Pq " "Sq !\\&>." msgstr "" #. type: Plain text #: debian-bookworm mageia-cauldron msgid "" "The other keywords' criteria must be single entries or comma-separated lists " "and may use the wildcard and negation operators described in the E<.Sx " "PATTERNS> section. The criteria for the E<.Cm host> keyword are matched " "against the target hostname, after any substitution by the E<.Cm Hostname> " "or E<.Cm CanonicalizeHostname> options. The E<.Cm originalhost> keyword " "matches against the hostname as it was specified on the command-line. The " "E<.Cm user> keyword matches against the target username on the remote host. " "The E<.Cm localuser> keyword matches against the name of the local user " "running E<.Xr ssh 1> (this keyword may be useful in system-wide E<.Nm> " "files)." msgstr "" #. type: Plain text #: debian-bookworm debian-unstable msgid "" "If set to E<.Cm yes>, user interaction such as password prompts and host key " "confirmation requests will be disabled. In addition, the E<.Cm " "ServerAliveInterval> option will be set to 300 seconds by default (Debian-" "specific). This option is useful in scripts and other batch jobs where no " "user is present to interact with E<.Xr ssh 1>, and where it is desirable to " "detect a broken network swiftly. The argument must be E<.Cm yes> or E<.Cm " "no> (the default)." msgstr "" #. type: Plain text #: debian-bookworm debian-unstable msgid "" "If this option is set to E<.Cm yes>, (the Debian-specific default), remote " "X11 clients will have full access to the original X11 display." msgstr "" #. type: Plain text #: debian-bookworm debian-unstable msgid "" "If this option is set to E<.Cm no> (the upstream default), remote X11 " "clients will be considered untrusted and prevented from stealing or " "tampering with data belonging to trusted X11 clients. Furthermore, the E<." "Xr xauth 1> token used for the session will be set to expire after 20 " "minutes. Remote clients will be refused access after this time." msgstr "" #. type: It #: debian-bookworm debian-unstable fedora-40 fedora-rawhide mageia-cauldron #, no-wrap msgid "Cm GSSAPIClientIdentity" msgstr "" #. type: Plain text #: debian-bookworm debian-unstable fedora-40 fedora-rawhide mageia-cauldron msgid "" "If set, specifies the GSSAPI client identity that ssh should use when " "connecting to the server. The default is unset, which means that the default " "identity will be used." msgstr "" #. type: It #: debian-bookworm debian-unstable fedora-40 fedora-rawhide mageia-cauldron #, no-wrap msgid "Cm GSSAPIKeyExchange" msgstr "" #. type: Plain text #: debian-bookworm debian-unstable fedora-40 fedora-rawhide mageia-cauldron msgid "" "Specifies whether key exchange based on GSSAPI may be used. When using " "GSSAPI key exchange the server need not have a host key. The default is E<." "Dq no>." msgstr "" #. type: It #: debian-bookworm debian-unstable fedora-40 fedora-rawhide mageia-cauldron #, no-wrap msgid "Cm GSSAPIRenewalForcesRekey" msgstr "" #. type: Plain text #: debian-bookworm debian-unstable fedora-40 fedora-rawhide mageia-cauldron msgid "" "If set to E<.Dq yes> then renewal of the client's GSSAPI credentials will " "force the rekeying of the ssh connection. With a compatible server, this " "will delegate the renewed credentials to a session on the server." msgstr "" #. type: Plain text #: debian-bookworm debian-unstable fedora-40 fedora-rawhide mageia-cauldron msgid "" "Checks are made to ensure that credentials are only propagated when the new " "credentials match the old ones on the originating client and where the " "receiving server still has the old set in its cache." msgstr "" #. type: Plain text #: debian-bookworm debian-unstable fedora-40 fedora-rawhide mageia-cauldron msgid "The default is E<.Dq no>." msgstr "" #. type: Plain text #: debian-bookworm debian-unstable fedora-40 fedora-rawhide mageia-cauldron msgid "" "For this to work E<.Cm GSSAPIKeyExchange> needs to be enabled in the server " "and also used by the client." msgstr "" #. type: It #: debian-bookworm debian-unstable fedora-40 fedora-rawhide mageia-cauldron #, no-wrap msgid "Cm GSSAPIServerIdentity" msgstr "" #. type: Plain text #: debian-bookworm debian-unstable fedora-40 fedora-rawhide mageia-cauldron msgid "" "If set, specifies the GSSAPI server identity that ssh should expect when " "connecting to the server. The default is unset, which means that the " "expected GSSAPI server identity will be determined from the target hostname." msgstr "" #. type: It #: debian-bookworm debian-unstable fedora-40 fedora-rawhide mageia-cauldron #, no-wrap msgid "Cm GSSAPITrustDns" msgstr "" #. type: Plain text #: debian-bookworm debian-unstable fedora-40 fedora-rawhide mageia-cauldron msgid "" "Set to E<.Dq yes> to indicate that the DNS is trusted to securely " "canonicalize the name of the host being connected to. If E<.Dq no>, the " "hostname entered on the command line will be passed untouched to the GSSAPI " "library. The default is E<.Dq no>." msgstr "" #. type: It #: debian-bookworm debian-unstable fedora-40 fedora-rawhide mageia-cauldron #, no-wrap msgid "Cm GSSAPIKexAlgorithms" msgstr "" #. type: Plain text #: debian-bookworm debian-unstable fedora-40 fedora-rawhide mageia-cauldron msgid "" "The list of key exchange algorithms that are offered for GSSAPI key " "exchange. Possible values are" msgstr "" #. type: Plain text #: debian-bookworm debian-unstable fedora-40 fedora-rawhide mageia-cauldron #, no-wrap msgid "" "gss-gex-sha1-,\n" "gss-group1-sha1-,\n" "gss-group14-sha1-,\n" "gss-group14-sha256-,\n" "gss-group16-sha512-,\n" "gss-nistp256-sha256-,\n" "gss-curve25519-sha256-\n" msgstr "" #. type: Plain text #: debian-bookworm debian-unstable msgid "" "The default is E<.Dq gss-group14-sha256-,gss-group16-sha512-,gss-nistp256-" "sha256-,gss-curve25519-sha256-,gss-gex-sha1-,gss-group14-sha1->. This " "option only applies to connections using GSSAPI." msgstr "" #. type: Plain text #: debian-bookworm debian-unstable msgid "" "Indicates that E<.Xr ssh 1> should hash host names and addresses when they " "are added to E<.Pa ~/.ssh/known_hosts>. These hashed names may be used " "normally by E<.Xr ssh 1> and E<.Xr sshd 8>, but they do not visually reveal " "identifying information if the file's contents are disclosed. The default " "is E<.Cm no>. Note that existing names and addresses in known hosts files " "will not be converted automatically, but may be manually hashed using E<.Xr " "ssh-keygen 1>. Use of this option may break facilities such as tab-" "completion that rely on being able to read unhashed host names from E<.Pa ~/." "ssh/known_hosts>." msgstr "" #. type: Plain text #: debian-bookworm mageia-cauldron msgid "" "Arguments to E<.Cm IdentityFile> may use the tilde syntax to refer to a " "user's home directory or the tokens described in the E<.Sx TOKENS> section." msgstr "" #. type: Plain text #: debian-bookworm debian-unstable msgid "" "Specifies the IPv4 type-of-service or DSCP class for connections. Accepted " "values are E<.Cm af11>, E<.Cm af12>, E<.Cm af13>, E<.Cm af21>, E<.Cm af22>, " "E<.Cm af23>, E<.Cm af31>, E<.Cm af32>, E<.Cm af33>, E<.Cm af41>, E<.Cm " "af42>, E<.Cm af43>, E<.Cm cs0>, E<.Cm cs1>, E<.Cm cs2>, E<.Cm cs3>, E<.Cm " "cs4>, E<.Cm cs5>, E<.Cm cs6>, E<.Cm cs7>, E<.Cm ef>, E<.Cm le>, E<.Cm " "lowdelay>, E<.Cm throughput>, E<.Cm reliability>, a numeric value, or E<.Cm " "none> to use the operating system default. This option may take one or two " "arguments, separated by whitespace. If one argument is specified, it is " "used as the packet class unconditionally. If two values are specified, the " "first is automatically selected for interactive sessions and the second for " "non-interactive sessions. The default is E<.Cm lowdelay> for interactive " "sessions and E<.Cm throughput> for non-interactive sessions." msgstr "" #. type: Plain text #: debian-bookworm mageia-cauldron msgid "" "Specifies revoked host public keys. Keys listed in this file will be " "refused for host authentication. Note that if this file does not exist or " "is not readable, then host authentication will be refused for all hosts. " "Keys may be specified as a text file, listing one public key per line, or as " "an OpenSSH Key Revocation List (KRL) as generated by E<.Xr ssh-keygen 1>. " "For more information on KRLs, see the KEY REVOCATION LISTS section in E<.Xr " "ssh-keygen 1>." msgstr "" #. type: Plain text #: debian-bookworm debian-unstable msgid "" "Sets a timeout interval in seconds after which if no data has been received " "from the server, E<.Xr ssh 1> will send a message through the encrypted " "channel to request a response from the server. The default is 0, indicating " "that these messages will not be sent to the server, or 300 if the E<.Cm " "BatchMode> option is set (Debian-specific). E<.Cm ProtocolKeepAlives> and " "E<.Cm SetupTimeOut> are Debian-specific compatibility aliases for this " "option." msgstr "" #. type: Plain text #: debian-bookworm debian-unstable msgid "" "Specifies whether the system should send TCP keepalive messages to the other " "side. If they are sent, death of the connection or crash of one of the " "machines will be properly noticed. This option only uses TCP keepalives (as " "opposed to using ssh level keepalives), so takes a long time to notice when " "the connection dies. As such, you probably want the E<.Cm " "ServerAliveInterval> option as well. However, this means that connections " "will die if the route is down temporarily, and some people find it annoying." msgstr "" #. type: Plain text #: debian-bookworm mageia-cauldron msgid "Hash of %l%h%p%r." msgstr "" #. type: Plain text #: debian-bookworm mageia-cauldron msgid "" "E<.Cm CertificateFile>, E<.Cm ControlPath>, E<.Cm IdentityAgent>, E<.Cm " "IdentityFile>, E<.Cm KnownHostsCommand>, E<.Cm LocalForward>, E<.Cm Match " "exec>, E<.Cm RemoteCommand>, E<.Cm RemoteForward>, and E<.Cm " "UserKnownHostsFile> accept the tokens %%, %C, %d, %h, %i, %k, %L, %l, %n, " "%p, %r, and %u." msgstr "" #. type: Plain text #: debian-bookworm debian-unstable msgid "" "This is the per-user configuration file. The format of this file is " "described above. This file is used by the SSH client. Because of the " "potential for abuse, this file must have strict permissions: read/write for " "the user, and not writable by others. It may be group-writable provided " "that the group in question contains only the user." msgstr "" #. type: Dd #: fedora-40 fedora-rawhide #, no-wrap msgid "$Mdocdate: October 12 2023 $" msgstr "" #. type: Plain text #: fedora-40 fedora-rawhide msgid "" "Restricts the following declarations (up to the next E<.Cm Host> or E<.Cm " "Match> keyword) to be used only when the conditions following the E<.Cm " "Match> keyword are satisfied. Match conditions are specified using one or " "more criteria or the single token E<.Cm all> which always matches. The " "available criteria keywords are: E<.Cm canonical>, E<.Cm final>, E<.Cm " "exec>, E<.Cm localnetwork>, E<.Cm host>, E<.Cm originalhost>, E<.Cm Tag>, E<." "Cm user>, and E<.Cm localuser>. The E<.Cm all> criteria must appear alone " "or immediately after E<.Cm canonical> or E<.Cm final>. Other criteria may " "be combined arbitrarily. All criteria but E<.Cm all>, E<.Cm canonical>, and " "E<.Cm final> require an argument. Criteria may be negated by prepending an " "exclamation mark E<.Pq Sq !\\&>." msgstr "" #. type: Plain text #: fedora-40 fedora-rawhide mageia-cauldron msgid "" "The default is handled system-wide by E<.Xr crypto-policies 7>. Information " "about defaults, how to modify the defaults and how to customize existing " "policies with sub-policies are present in manual page E<.Xr update-crypto-" "policies 8>." msgstr "" #. type: Plain text #: fedora-40 fedora-rawhide mageia-cauldron msgid "" "Specifies which algorithms are allowed for signing of certificates by " "certificate authorities (CAs). If the specified list begins with a E<.Sq +> " "character, then the specified algorithms will be appended to the default set " "instead of replacing them. If the specified list begins with a E<.Sq -> " "character, then the specified algorithms (including wildcards) will be " "removed from the default set instead of replacing them." msgstr "" #. type: Plain text #: fedora-40 fedora-rawhide msgid "" "Specifies whether and how quickly E<.Xr ssh 1> should close inactive " "channels. Timeouts are specified as one or more E<.Dq type=interval> pairs " "separated by whitespace, where the E<.Dq type> must be a channel type name " "(as described in the table below), optionally containing wildcard characters." msgstr "" #. type: Plain text #: fedora-40 fedora-rawhide msgid "" "The timeout value E<.Dq interval> is specified in seconds or may use any of " "the units documented in the E<.Sx TIME FORMATS> section. For example, E<.Dq " "session=5m> would cause the interactive session to terminate after five " "minutes of inactivity. Specifying a zero value disables the inactivity " "timeout." msgstr "" #. type: Plain text #: fedora-40 fedora-rawhide msgid "The available channel types include:" msgstr "" #. type: Plain text #: fedora-40 fedora-rawhide mageia-cauldron msgid "" "Specifies the ciphers allowed and their order of preference. Multiple " "ciphers must be comma-separated. If the specified list begins with a E<.Sq " "+> character, then the specified ciphers will be appended to the built-in " "openssh default set instead of replacing them. If the specified list begins " "with a E<.Sq -> character, then the specified ciphers (including wildcards) " "will be removed from the built-in openssh default set instead of replacing " "them. If the specified list begins with a E<.Sq ^> character, then the " "specified ciphers will be placed at the head of the built-in openssh default " "set." msgstr "" #. type: Plain text #: fedora-40 fedora-rawhide mageia-cauldron msgid "This option only applies to connections using GSSAPI." msgstr "" #. type: Plain text #: fedora-40 fedora-rawhide msgid "" "Specifies the signature algorithms that will be used for hostbased " "authentication as a comma-separated list of patterns. Alternately if the " "specified list begins with a E<.Sq +> character, then the specified " "signature algorithms will be appended to the built-in openssh default set " "instead of replacing them. If the specified list begins with a E<.Sq -> " "character, then the specified signature algorithms (including wildcards) " "will be removed from the built-in openssh default set instead of replacing " "them. If the specified list begins with a E<.Sq ^> character, then the " "specified signature algorithms will be placed at the head of the built-in " "openssh default set." msgstr "" #. type: Plain text #: fedora-40 fedora-rawhide msgid "" "The proposed E<.Cm HostKeyAlgorithms> during KEX are limited to the set of " "algorithms that is defined in E<.Cm PubkeyAcceptedAlgorithms> and therefore " "they are indirectly affected by system-wide E<.Xr crypto_policies 7>. E<.Xr " "crypto_policies 7 can not handle the list of host key algorithms directly as " "doing so> would break the order given by the E<.Pa known_hosts> file." msgstr "" #. type: Plain text #: fedora-40 fedora-rawhide mageia-cauldron msgid "" "The authentication identity can be also specified in a form of PKCS#11 URI " "starting with a string E<.Cm pkcs11:>. There is supported a subset of the " "PKCS#11 URI as defined in RFC 7512 (implemented path arguments E<.Cm id>, E<." "Cm manufacturer>, E<.Cm object>, E<.Cm token> and query arguments E<.Cm " "module-path> and E<.Cm pin-value> ). The URI can not be in quotes." msgstr "" #. type: Plain text #: fedora-40 fedora-rawhide mageia-cauldron msgid "" "Specifies the available KEX (Key Exchange) algorithms. Multiple algorithms " "must be comma-separated. If the specified list begins with a E<.Sq +> " "character, then the specified methods will be appended to the built-in " "openssh default set instead of replacing them. If the specified list begins " "with a E<.Sq -> character, then the specified algorithms (including " "wildcards) will be removed from the built-in openssh default set instead of " "replacing them. If the specified list begins with a E<.Sq ^> character, " "then the specified algorithms will be placed at the head of the built-in " "openssh default set." msgstr "" #. type: Plain text #: fedora-40 fedora-rawhide mageia-cauldron msgid "" "Specifies the MAC (message authentication code) algorithms in order of " "preference. The MAC algorithm is used for data integrity protection. " "Multiple algorithms must be comma-separated. If the specified list begins " "with a E<.Sq +> character, then the specified algorithms will be appended to " "the built-in openssh default set instead of replacing them. If the " "specified list begins with a E<.Sq -> character, then the specified " "algorithms (including wildcards) will be removed from the built-in openssh " "default set instead of replacing them. If the specified list begins with a " "E<.Sq ^> character, then the specified algorithms will be placed at the head " "of the built-in openssh default set." msgstr "" #. type: Plain text #: fedora-40 fedora-rawhide mageia-cauldron msgid "" "Specifies the signature algorithms that will be used for public key " "authentication as a comma-separated list of patterns. If the specified list " "begins with a E<.Sq +> character, then the algorithms after it will be " "appended to the built-in openssh default instead of replacing it. If the " "specified list begins with a E<.Sq -> character, then the specified " "algorithms (including wildcards) will be removed from the built-in openssh " "default set instead of replacing them. If the specified list begins with a " "E<.Sq ^> character, then the specified algorithms will be placed at the head " "of the built-in openssh default set." msgstr "" #. type: Plain text #: fedora-40 fedora-rawhide msgid "This option affects also E<.Cm HostKeyAlgorithms>" msgstr "" #. type: Plain text #: fedora-40 fedora-rawhide msgid "E<.Xr ssh 1>, E<.Xr crypto-policies 7>, E<.Xr update-crypto-policies 8>" msgstr "" #. type: Dd #: mageia-cauldron #, no-wrap msgid "$Mdocdate: March 10 2023 $" msgstr "" #. type: Plain text #: mageia-cauldron msgid "" "E<.Xr crypto_policies 7 does not handle the list of algorithms as doing so> " "would break the order given by the E<.Pa known_hosts> file. Therefore the " "list is filtered by E<.Cm PubkeyAcceptedAlgorithms.>" msgstr ""