openssh-portable/ssh_config

#	$OpenBSD: ssh_config,v 1.18 2003/05/16 03:27:12 djm Exp $

# This is the ssh client system-wide configuration file.  See
# ssh_config(5) for more information.  This file provides defaults for
# users, and the values can be changed in per-user configuration files
# or on the command line.

# Configuration data is parsed as follows:
#  1. command line options
#  2. user-specific file
#  3. system-wide file
# Any configuration value is only changed the first time it is set.
# Thus, host-specific definitions should be at the beginning of the
# configuration file, and defaults at the end.

# Site-wide defaults for various options

# Host *
#   ForwardAgent no
#   ForwardX11 no
#   RhostsAuthentication no
#   RhostsRSAAuthentication no
#   RSAAuthentication yes
#   PasswordAuthentication yes
#   HostbasedAuthentication no
#   BatchMode no
#   CheckHostIP yes
#   AddressFamily any
#   ConnectTimeout 0
#   StrictHostKeyChecking ask
#   IdentityFile ~/.ssh/identity
#   IdentityFile ~/.ssh/id_rsa
#   IdentityFile ~/.ssh/id_dsa
#   Port 22
#   Protocol 2,1
#   Cipher 3des
#   Ciphers aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc
#   EscapeChar ~
- djm@cvs.openbsd.org 2003/05/16 03:27:12 [readconf.c ssh_config ssh_config.5 ssh-keysign.c] add AddressFamily option to ssh_config (like -4, -6 on commandline). Portable bug #534; ok markus@ 2003-05-18 12:50:30 +02:00			`# $OpenBSD: ssh_config,v 1.18 2003/05/16 03:27:12 djm Exp $`
- niklas@cvs.openbsd.org 2001/01/2001 [atomicio.h canohost.h clientloop.h deattack.h dh.h dispatch.h groupaccess.c groupaccess.h hmac.h hostfile.h includes.h kex.h key.h log.h login.h match.h misc.h myproposal.h nchan.ms pathnames.h radix.h readpass.h rijndael.h serverloop.h session.h sftp.h ssh-add.1 ssh-dss.h ssh-keygen.1 ssh-keyscan.1 ssh-rsa.h ssh1.h ssh_config sshconnect.h sshd_config tildexpand.h uidswap.h uuencode.h] $OpenBSD$ 2001-01-29 08:39:26 +01:00
- stevesk@cvs.openbsd.org 2002/06/20 20:03:34 [ssh_config sshd_config] refer to config file man page 2002-06-21 03:06:03 +02:00			`# This is the ssh client system-wide configuration file. See`
			`# ssh_config(5) for more information. This file provides defaults for`
			`# users, and the values can be changed in per-user configuration files`
			`# or on the command line.`
Initial revision 1999-10-27 05:42:43 +02:00
			`# Configuration data is parsed as follows:`
			`# 1. command line options`
			`# 2. user-specific file`
			`# 3. system-wide file`
			`# Any configuration value is only changed the first time it is set.`
			`# Thus, host-specific definitions should be at the beginning of the`
			`# configuration file, and defaults at the end.`

			`# Site-wide defaults for various options`

			`# Host *`
- (djm) Merge OpenBSD changes: - markus@cvs.openbsd.org 2000/11/06 16:04:56 [channels.c channels.h clientloop.c nchan.c serverloop.c] [session.c ssh.c] agent forwarding and -R for ssh2, based on work from jhuuskon@messi.uku.fi - markus@cvs.openbsd.org 2000/11/06 16:13:27 [ssh.c sshconnect.c sshd.c] do not disabled rhosts(rsa) if server port > 1024; from pekkas@netcore.fi - markus@cvs.openbsd.org 2000/11/06 16:16:35 [sshconnect.c] downgrade client to 1.3 if server is 1.4; help from mdb@juniper.net - markus@cvs.openbsd.org 2000/11/09 18:04:40 [auth1.c] typo; from mouring@pconline.com - markus@cvs.openbsd.org 2000/11/12 12:03:28 [ssh-agent.c] off-by-one when removing a key from the agent - markus@cvs.openbsd.org 2000/11/12 12:50:39 [auth-rh-rsa.c auth2.c authfd.c authfd.h] [authfile.c hostfile.c kex.c kex.h key.c key.h myproposal.h] [readconf.c readconf.h rsa.c rsa.h servconf.c servconf.h ssh-add.c] [ssh-agent.c ssh-keygen.1 ssh-keygen.c ssh.1 ssh.c ssh_config] [sshconnect1.c sshconnect2.c sshd.8 sshd.c sshd_config ssh-dss.c] [ssh-dss.h ssh-rsa.c ssh-rsa.h dsa.c dsa.h] add support for RSA to SSH2. please test. there are now 3 types of keys: RSA1 is used by ssh-1 only, RSA and DSA are used by SSH2. you can use 'ssh-keygen -t rsa -f ssh2_rsa_file' to generate RSA keys for SSH2 and use the RSA keys for hostkeys or for user keys. SSH2 RSA or DSA keys are added to .ssh/authorised_keys2 as before. - (djm) Fix up Makefile and Redhat init script to create RSA host keys - (djm) Change to interim version 2000-11-13 12:57:25 +01:00			`# ForwardAgent no`
			`# ForwardX11 no`
- stevesk@cvs.openbsd.org 2002/06/10 21:21:10 [ssh_config] update defaults for RhostsRSAAuthentication and RhostsAuthentication here too (all options commented out with default value). 2002-06-11 17:55:01 +02:00			`# RhostsAuthentication no`
			`# RhostsRSAAuthentication no`
Initial revision 1999-10-27 05:42:43 +02:00			`# RSAAuthentication yes`
			`# PasswordAuthentication yes`
- markus@cvs.openbsd.org 2002/07/03 14:21:05 [ssh-keysign.8 ssh-keysign.c ssh.c ssh_config] re-enable ssh-keysign's sbit, but make ssh-keysign read /etc/ssh/ssh_config and exit if HostbasedAuthentication is disabled globally. based on discussions with deraadt, itojun and sommerfeld; ok itojun@ 2002-07-04 02:19:40 +02:00			`# HostbasedAuthentication no`
Initial revision 1999-10-27 05:42:43 +02:00			`# BatchMode no`
			`# CheckHostIP yes`
- djm@cvs.openbsd.org 2003/05/16 03:27:12 [readconf.c ssh_config ssh_config.5 ssh-keysign.c] add AddressFamily option to ssh_config (like -4, -6 on commandline). Portable bug #534; ok markus@ 2003-05-18 12:50:30 +02:00			`# AddressFamily any`
- djm@cvs.openbsd.org 2003/05/15 14:55:25 [readconf.c readconf.h ssh_config ssh_config.5 sshconnect.c] add a ConnectTimeout option to ssh, based on patch from Jean-Charles Longuet (jclonguet at free.fr); portable #207 ok markus@ 2003-05-16 03:39:04 +02:00			`# ConnectTimeout 0`
- stevesk@cvs.openbsd.org 2002/01/16 17:55:33 [ssh_config] correct some commented defaults. add Ciphers default. ok markus@ 2002-01-22 13:32:39 +01:00			`# StrictHostKeyChecking ask`
Initial revision 1999-10-27 05:42:43 +02:00			`# IdentityFile ~/.ssh/identity`
- todd@cvs.openbsd.org 2001/04/03 21:19:38 [ssh_config] id_rsa1/2 -> id_rsa; ok markus@ 2001-04-04 03:58:48 +02:00			`# IdentityFile ~/.ssh/id_rsa`
- stevesk@cvs.openbsd.org 2002/01/16 17:55:33 [ssh_config] correct some commented defaults. add Ciphers default. ok markus@ 2002-01-22 13:32:39 +01:00			`# IdentityFile ~/.ssh/id_dsa`
Initial revision 1999-10-27 05:42:43 +02:00			`# Port 22`
- deraadt@cvs.openbsd.org 2001/03/10 12:53:51 [readconf.c ssh_config] default to SSH2, now that m68k runs fast 2001-03-10 18:15:39 +01:00			`# Protocol 2,1`
- stevesk@cvs.openbsd.org 2002/01/16 17:55:33 [ssh_config] correct some commented defaults. add Ciphers default. ok markus@ 2002-01-22 13:32:39 +01:00			`# Cipher 3des`
			`# Ciphers aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc`
Initial revision 1999-10-27 05:42:43 +02:00			`# EscapeChar ~`