SSH1 |
SSH2 |
OpenSSH |
Keyword |
Value |
Meaning |
![](figs/check.gif) |
![](figs/check.gif) |
![](figs/check.gif) |
# |
Any text |
Comment line |
![](figs/check.gif) |
|
|
AccountExpireWarningDays
|
# days |
Warn user of expiration |
|
|
![](figs/check.gif) |
AFSTokenPassing
|
Yes/no |
Forward AFS tokens to server |
|
N |
|
AllowAgentForwarding
|
Yes/no |
Enable agent forwarding |
|
![](figs/check.gif) |
|
AllowedAuthentications
|
Auth types |
Permitted authentication techniques |
|
N |
|
AllowCshrcSourcingWithSubsystems
|
Yes/no |
Source shell startup file |
F |
|
|
AllowForwardingPort
|
Port list |
Permit forwarding for ports |
F |
|
|
AllowForwardingTo
|
Host/port list |
Permit forwarding for hosts |
![](figs/check.gif) |
N |
![](figs/check.gif) |
AllowGroups
|
Group list |
Access control by Unix group |
![](figs/check.gif) |
![](figs/check.gif) |
|
AllowHosts
|
Host list |
Access control by hostname |
![](figs/check.gif) |
![](figs/check.gif) |
|
AllowSHosts
|
Host list |
Access control via .shosts |
![](figs/check.gif) |
N |
![](figs/check.gif) |
AllowTcpForwarding
|
Yes/no |
Enable TCP port forwarding |
|
N |
|
AllowTcpForwardingFor-Users
|
User list |
Per user forwarding |
|
N |
|
AllowTcpForwardingForGroups
|
Group list |
Per group forwarding |
![](figs/check.gif) |
N |
![](figs/check.gif) |
AllowUsers
|
User list |
Access control by username |
|
N |
|
AllowX11Forwarding
|
Yes/no |
Enable X forwarding |
|
![](figs/check.gif) |
|
AuthorizationFile
|
Filename |
Location of authorization file |
![](figs/check.gif) |
![](figs/check.gif) |
![](figs/check.gif) |
CheckMail
|
Yes/no |
Check new mail on login |
|
N |
|
ChRootGroups
|
Group list |
Run chroot() on login |
|
N |
|
ChRootUsers
|
User list |
Run chroot() on login |
|
![](figs/check.gif) |
2 |
Ciphers
|
Cipher list |
Select encryption ciphers |
F |
|
|
DenyForwardingPort
|
Port list |
Forbid forwarding for ports |
F |
|
|
DenyForwardingTo
|
Host/port list |
Forbid forwarding for hosts |
![](figs/check.gif) |
N |
![](figs/check.gif) |
DenyGroups
|
Group list |
Access control by Unix group |
![](figs/check.gif) |
![](figs/check.gif) |
|
DenyHosts
|
Host list |
Access control by hostname |
![](figs/check.gif) |
![](figs/check.gif) |
|
DenySHosts
|
Host list |
Access control via .shosts |
|
N |
|
DenyTcpForwardingFor-Users
|
User list |
Per user forwarding |
|
N |
|
DenyTcpForwardingForGroups
|
Group list |
Per group forwarding |
![](figs/check.gif) |
N |
![](figs/check.gif) |
DenyUsers
|
User list |
Access control by username |
|
|
2 |
DSAAuthentication
|
Yes/no |
Permit SSH-2 DSA authentication |
![](figs/check.gif) |
![](figs/check.gif) |
|
FascistLogging
|
Yes/no |
Verbose mode |
![](figs/check.gif) |
|
|
ForcedEmptyPasswdChange
|
Yes/no |
Change password if empty |
![](figs/check.gif) |
|
|
ForcedPasswdChange
|
Yes/no |
Change password on first login |
|
![](figs/check.gif) |
|
ForwardAgent
|
Yes/no |
Enable agent forwarding |
|
![](figs/check.gif) |
|
ForwardX11
|
Yes/no |
Enable X forwarding |
|
|
![](figs/check.gif) |
GatewayPorts
|
Yes/no |
Gateway all locally forwarded ports |
|
|
2 |
HostDSAKey
|
Filename |
Location of DSA key file |
![](figs/check.gif) |
|
![](figs/check.gif) |
HostKey
|
Filename |
Location of host key file |
|
![](figs/check.gif) |
|
Hostkeyfile
|
Filename |
Location of host key file |
![](figs/check.gif) |
|
|
IdleTimeout
|
Time |
Set idle timeout |
![](figs/check.gif) |
![](figs/check.gif) |
![](figs/check.gif) |
IgnoreRhosts
|
Yes/no |
Ignore .rhosts files |
![](figs/check.gif) |
![](figs/check.gif) |
|
IgnoreRootRhosts
|
Yes/no |
Ignore /.rhosts file |
![](figs/check.gif) |
![](figs/check.gif) |
|
IgnoreUserKnownHosts
|
Yes/no |
Ignore user's known-hosts keys |
![](figs/check.gif) |
![](figs/check.gif) |
![](figs/check.gif) |
KeepAlive
|
Yes/no |
Send keepalive packets |
![](figs/check.gif) |
|
![](figs/check.gif) |
KerberosAuthentication
|
Yes/no |
Permit Kerberos authentication |
![](figs/check.gif) |
|
![](figs/check.gif) |
KerberosOrLocalPasswd
|
Yes/no |
Kerberos fallback authentication |
![](figs/check.gif) |
|
![](figs/check.gif) |
KerberosTgtPassing
|
Yes/no |
Support ticket-granting-tickets |
|
|
![](figs/check.gif) |
KerberosTicketCleanup
|
Yes/no |
Destroy ticket cache on logout |
![](figs/check.gif) |
|
![](figs/check.gif) |
KeyRegenerationInterval
|
Time |
Key regeneration interval |
![](figs/check.gif) |
![](figs/check.gif) |
![](figs/check.gif) |
ListenAddress
|
IP address |
Listen on given interface |
![](figs/check.gif) |
![](figs/check.gif) |
![](figs/check.gif) |
LoginGraceTime
|
Time |
Time limit for authentication |
|
|
![](figs/check.gif) |
LogLevel
|
Syslog level |
Set syslog level |
|
N |
|
Macs
|
Algorithm |
Select MAC algorithm |
|
N |
|
MaxBroadcastsPerSecond
|
# broadcasts |
Listen for UDP broadcasts |
|
![](figs/check.gif) |
|
MaxConnections
|
# connections |
Maximum # of simultaneous connections |
|
![](figs/check.gif) |
|
NoDelay
|
Yes/no |
Enable Nagle algorithm |
![](figs/check.gif) |
![](figs/check.gif) |
![](figs/check.gif) |
PasswordAuthentication
|
Yes/no |
Permit password authentication |
|
![](figs/check.gif) |
|
PasswordGuesses
|
# guesses |
Limit # of password tries |
![](figs/check.gif) |
|
|
PasswordExpireWarningDays
|
# days |
Warn user before expiration |
![](figs/check.gif) |
![](figs/check.gif) |
![](figs/check.gif) |
PermitEmptyPasswords
|
Yes/no |
Permit empty passwords |
![](figs/check.gif) |
![](figs/check.gif) |
![](figs/check.gif) |
PermitRootLogin
|
Yes/no/ nopwd |
Permit superuser logins |
|
N |
|
PGPPublicKeyFile
|
Filename |
Default location of PGP public key file for authentication |
![](figs/check.gif) |
|
![](figs/check.gif) |
PidFile
|
Filename |
Location of pid file |
![](figs/check.gif) |
![](figs/check.gif) |
![](figs/check.gif) |
Port
|
Port number |
Select server port number |
![](figs/check.gif) |
![](figs/check.gif) |
![](figs/check.gif) |
PrintMotd
|
Yes/no |
Print message of the day |
|
|
![](figs/check.gif) |
Protocol
|
1/2/1,2 |
Permit SSH-1 SSH-2 connections |
|
![](figs/check.gif) |
|
PubKeyAuthentication
|
Yes/no |
Permit public-key authentication |
|
![](figs/check.gif) |
|
PublicHostKeyFile
|
Filename |
Location of public host key |
![](figs/check.gif) |
![](figs/check.gif) |
|
QuietMode
|
Yes/no |
Quiet mode |
![](figs/check.gif) |
|
|
RandomSeed
|
Filename |
Location of random seed file |
|
![](figs/check.gif) |
|
RandomSeedFile
|
Filename |
Location of random seed file |
|
N |
|
RekeyIntervalSeconds
|
Seconds |
Frequency of rekeying |
|
![](figs/check.gif) |
|
RequireReverseMapping
|
Yes/no |
Do reverse DNS lookup |
|
![](figs/check.gif) |
|
RequiredAuthentications
|
Auth types |
Required authentication techniques |
![](figs/check.gif) |
![](figs/check.gif) |
![](figs/check.gif) |
RhostsAuthentication
|
Yes/no |
Permit .rhosts authentication |
|
![](figs/check.gif) |
|
RhostsPubKey-
Authentication
|
Yes/no |
Permit combined authentication |
![](figs/check.gif) |
![](figs/check.gif) |
![](figs/check.gif) |
RhostsRSAAuthentication
|
Yes/no |
Permit combined authentication |
![](figs/check.gif) |
![](figs/check.gif) |
![](figs/check.gif) |
RSAAuthentication
|
Yes/no |
Permit public-key authentication |
![](figs/check.gif) |
|
![](figs/check.gif) |
ServerKeyBits
|
# bits |
# of bits in server key |
|
|
![](figs/check.gif) |
SkeyAuthentication
|
Yes/no |
Permit S/Key authentication |
|
![](figs/check.gif) |
|
Ssh1Compatibility
|
Yes/no |
Enable SSH1 compatibility |
|
![](figs/check.gif) |
|
Sshd1Path
|
Filename |
Path to sshd1 |
![](figs/check.gif) |
|
|
SilentDeny
|
Yes/no |
DenyHosts prints no message |
![](figs/check.gif) |
![](figs/check.gif) |
![](figs/check.gif) |
StrictModes
|
Yes/no |
Strict file/directory permissions |
![](figs/check.gif) |
![](figs/check.gif) |
![](figs/check.gif) |
SyslogFacility
|
Syslog level |
Set syslog level |
![](figs/check.gif) |
|
|
TISAuthentication
|
Yes/no |
Permit TIS authentication |
![](figs/check.gif) |
|
|
Umask
|
Unix umask |
Set login umask |
![](figs/check.gif) |
|
![](figs/check.gif) |
UseLogin
|
Yes/no |
Select login program |
|
![](figs/check.gif) |
|
UserConfigDirectory
|
Directory name |
Location of user SSH2 directories |
|
![](figs/check.gif) |
|
UserKnownHosts
|
Yes/no |
Respect ~/.ssh2/knownhosts |
|
![](figs/check.gif) |
|
VerboseMode
|
Yes/no |
Verbose mode |
![](figs/check.gif) |
N |
![](figs/check.gif) |
X11Forwarding
|
Yes/no |
Enable X forwarding |
![](figs/check.gif) |
|
![](figs/check.gif) |
X11DisplayOffset
|
# offset |
Limit X displays for SSH |
![](figs/check.gif) |
|
![](figs/check.gif) |
XAuthLocation
|
Filename |
Location of xauth |