SSH1 |
SSH2 |
OpenSSH |
Keyword |
Value |
Meaning |
|
|
|
# |
Any text |
Comment line |
|
|
|
AccountExpireWarningDays
|
# days |
Warn user of expiration |
|
|
|
AFSTokenPassing
|
Yes/no |
Forward AFS tokens to server |
|
N |
|
AllowAgentForwarding
|
Yes/no |
Enable agent forwarding |
|
|
|
AllowedAuthentications
|
Auth types |
Permitted authentication techniques |
|
N |
|
AllowCshrcSourcingWithSubsystems
|
Yes/no |
Source shell startup file |
F |
|
|
AllowForwardingPort
|
Port list |
Permit forwarding for ports |
F |
|
|
AllowForwardingTo
|
Host/port list |
Permit forwarding for hosts |
|
N |
|
AllowGroups
|
Group list |
Access control by Unix group |
|
|
|
AllowHosts
|
Host list |
Access control by hostname |
|
|
|
AllowSHosts
|
Host list |
Access control via .shosts |
|
N |
|
AllowTcpForwarding
|
Yes/no |
Enable TCP port forwarding |
|
N |
|
AllowTcpForwardingFor-Users
|
User list |
Per user forwarding |
|
N |
|
AllowTcpForwardingForGroups
|
Group list |
Per group forwarding |
|
N |
|
AllowUsers
|
User list |
Access control by username |
|
N |
|
AllowX11Forwarding
|
Yes/no |
Enable X forwarding |
|
|
|
AuthorizationFile
|
Filename |
Location of authorization file |
|
|
|
CheckMail
|
Yes/no |
Check new mail on login |
|
N |
|
ChRootGroups
|
Group list |
Run chroot() on login |
|
N |
|
ChRootUsers
|
User list |
Run chroot() on login |
|
|
2 |
Ciphers
|
Cipher list |
Select encryption ciphers |
F |
|
|
DenyForwardingPort
|
Port list |
Forbid forwarding for ports |
F |
|
|
DenyForwardingTo
|
Host/port list |
Forbid forwarding for hosts |
|
N |
|
DenyGroups
|
Group list |
Access control by Unix group |
|
|
|
DenyHosts
|
Host list |
Access control by hostname |
|
|
|
DenySHosts
|
Host list |
Access control via .shosts |
|
N |
|
DenyTcpForwardingFor-Users
|
User list |
Per user forwarding |
|
N |
|
DenyTcpForwardingForGroups
|
Group list |
Per group forwarding |
|
N |
|
DenyUsers
|
User list |
Access control by username |
|
|
2 |
DSAAuthentication
|
Yes/no |
Permit SSH-2 DSA authentication |
|
|
|
FascistLogging
|
Yes/no |
Verbose mode |
|
|
|
ForcedEmptyPasswdChange
|
Yes/no |
Change password if empty |
|
|
|
ForcedPasswdChange
|
Yes/no |
Change password on first login |
|
|
|
ForwardAgent
|
Yes/no |
Enable agent forwarding |
|
|
|
ForwardX11
|
Yes/no |
Enable X forwarding |
|
|
|
GatewayPorts
|
Yes/no |
Gateway all locally forwarded ports |
|
|
2 |
HostDSAKey
|
Filename |
Location of DSA key file |
|
|
|
HostKey
|
Filename |
Location of host key file |
|
|
|
Hostkeyfile
|
Filename |
Location of host key file |
|
|
|
IdleTimeout
|
Time |
Set idle timeout |
|
|
|
IgnoreRhosts
|
Yes/no |
Ignore .rhosts files |
|
|
|
IgnoreRootRhosts
|
Yes/no |
Ignore /.rhosts file |
|
|
|
IgnoreUserKnownHosts
|
Yes/no |
Ignore user's known-hosts keys |
|
|
|
KeepAlive
|
Yes/no |
Send keepalive packets |
|
|
|
KerberosAuthentication
|
Yes/no |
Permit Kerberos authentication |
|
|
|
KerberosOrLocalPasswd
|
Yes/no |
Kerberos fallback authentication |
|
|
|
KerberosTgtPassing
|
Yes/no |
Support ticket-granting-tickets |
|
|
|
KerberosTicketCleanup
|
Yes/no |
Destroy ticket cache on logout |
|
|
|
KeyRegenerationInterval
|
Time |
Key regeneration interval |
|
|
|
ListenAddress
|
IP address |
Listen on given interface |
|
|
|
LoginGraceTime
|
Time |
Time limit for authentication |
|
|
|
LogLevel
|
Syslog level |
Set syslog level |
|
N |
|
Macs
|
Algorithm |
Select MAC algorithm |
|
N |
|
MaxBroadcastsPerSecond
|
# broadcasts |
Listen for UDP broadcasts |
|
|
|
MaxConnections
|
# connections |
Maximum # of simultaneous connections |
|
|
|
NoDelay
|
Yes/no |
Enable Nagle algorithm |
|
|
|
PasswordAuthentication
|
Yes/no |
Permit password authentication |
|
|
|
PasswordGuesses
|
# guesses |
Limit # of password tries |
|
|
|
PasswordExpireWarningDays
|
# days |
Warn user before expiration |
|
|
|
PermitEmptyPasswords
|
Yes/no |
Permit empty passwords |
|
|
|
PermitRootLogin
|
Yes/no/ nopwd |
Permit superuser logins |
|
N |
|
PGPPublicKeyFile
|
Filename |
Default location of PGP public key file for authentication |
|
|
|
PidFile
|
Filename |
Location of pid file |
|
|
|
Port
|
Port number |
Select server port number |
|
|
|
PrintMotd
|
Yes/no |
Print message of the day |
|
|
|
Protocol
|
1/2/1,2 |
Permit SSH-1 SSH-2 connections |
|
|
|
PubKeyAuthentication
|
Yes/no |
Permit public-key authentication |
|
|
|
PublicHostKeyFile
|
Filename |
Location of public host key |
|
|
|
QuietMode
|
Yes/no |
Quiet mode |
|
|
|
RandomSeed
|
Filename |
Location of random seed file |
|
|
|
RandomSeedFile
|
Filename |
Location of random seed file |
|
N |
|
RekeyIntervalSeconds
|
Seconds |
Frequency of rekeying |
|
|
|
RequireReverseMapping
|
Yes/no |
Do reverse DNS lookup |
|
|
|
RequiredAuthentications
|
Auth types |
Required authentication techniques |
|
|
|
RhostsAuthentication
|
Yes/no |
Permit .rhosts authentication |
|
|
|
RhostsPubKey-
Authentication
|
Yes/no |
Permit combined authentication |
|
|
|
RhostsRSAAuthentication
|
Yes/no |
Permit combined authentication |
|
|
|
RSAAuthentication
|
Yes/no |
Permit public-key authentication |
|
|
|
ServerKeyBits
|
# bits |
# of bits in server key |
|
|
|
SkeyAuthentication
|
Yes/no |
Permit S/Key authentication |
|
|
|
Ssh1Compatibility
|
Yes/no |
Enable SSH1 compatibility |
|
|
|
Sshd1Path
|
Filename |
Path to sshd1 |
|
|
|
SilentDeny
|
Yes/no |
DenyHosts prints no message |
|
|
|
StrictModes
|
Yes/no |
Strict file/directory permissions |
|
|
|
SyslogFacility
|
Syslog level |
Set syslog level |
|
|
|
TISAuthentication
|
Yes/no |
Permit TIS authentication |
|
|
|
Umask
|
Unix umask |
Set login umask |
|
|
|
UseLogin
|
Yes/no |
Select login program |
|
|
|
UserConfigDirectory
|
Directory name |
Location of user SSH2 directories |
|
|
|
UserKnownHosts
|
Yes/no |
Respect ~/.ssh2/knownhosts |
|
|
|
VerboseMode
|
Yes/no |
Verbose mode |
|
N |
|
X11Forwarding
|
Yes/no |
Enable X forwarding |
|
|
|
X11DisplayOffset
|
# offset |
Limit X displays for SSH |
|
|
|
XAuthLocation
|
Filename |
Location of xauth |