SSH Configuration File

More on SecureShell Client Configuration file

The configuration file is used to modify default values. It must be a text file, named config, located in the .ssh subdirectory. Each option has a keyword that must be located on its own line followed by the desired value, separated by a whitespace character, either a space or tab. Not all options are supported by all ssh servers.

The following keywords are supported:

Keyword

Parameters

Function

batchmode

yes/no

turn off/on prompting for password, default is no

challengeresponseauthentication

tisauthentication alias

cipher

cipher name

assign the encryption algorithm

compression

yes/no

enable/disable data

compressionlevel

number (1-9)

set the compression level

connectionattempts

number

number of times to attempt connection before failing

dsaauthentication

pubkeyauthentication alias

escapechar

character

ssh escape character, typically ~

fallbacktorsh

yes/no

fall back to rsh client if connection fails

forwardagent

yes/no

forward the connection to authentication agent on remote host

gatewayports

yes/no

specify whether remote systems can connect to locally forwarded ports

globalknownhostsfile

filename

location of the known hosts file

globalknownhostsfile2

filename

location of the known hosts file for ssh2

host

host/IP address

host to which to connect

hostbasedauthentication

yes/no

allow host based authentication for ssh2

hostkeyalgorithms

cipher list

server key types in order of preference for ssh2

hostkeyalias

filename

host name alias for known_hosts

hostname

host/IP address

alias for the host

identityfile

RSA key filename

gives directory name of RSA private key file

identityfile2

identityfile alias

kbdinteractiveauthentication

yes/no

allow keyboard interactive authentication

kbdinteractivedevices

list

Keyboard-interactive auth devices

keepalive

yes/no

send/don't send keep alive messages

localforward

x:host:y

assign a local port forwarding

loglevel

number

set how much information will be logged

numberofpasswordprompts

number

number of login attempts before disconnected from server

passwordauthentication

yes/no

allow password authentication

port

tcp port

sshd port; usually 22

preferredauthentications

list

order that authentication types should be tried

protocol

1/2

specify whether to use ssh1 or ssh2

proxycommand

command

command to connect to proxy server

pubkeyauthentication

yes/no

ssh2 only - allow only RSA authentication

remoteforward

x:host:y

assign a remote port forwarding

rhostsauthentication

yes/no

authentication based on .rhosts file alone

rhostsrsaauthentication

yes/no

authentication based on .rhosts file or hosts.equiv with RSA key

rsaauthentication

yes/no

allow only RSA authentication

skeyauthentication

tisauthentication alias

stricthostkeychecking

yes/no/ask

automatically add host keys to the known_hosts file or ask

tisauthentication

yes/no

allow TIS authentication

useprivilegedport

yes/no

allow use of ports above 1023

user

username

assign a user identity

userknownhostsfile

filename

known_hosts file to use for this user

userknownhostsfile2

filename

known_hosts file to use for ssh2 user

usersh

yes/no

use rsh to connect to host

Keyword	Parameters	Function
batchmode	yes/no	turn off/on prompting for password, default is no
challengeresponseauthentication		tisauthentication alias
cipher	cipher name	assign the encryption algorithm
compression	yes/no	enable/disable data
compressionlevel	number (1-9)	set the compression level
connectionattempts	number	number of times to attempt connection before failing
dsaauthentication		pubkeyauthentication alias
escapechar	character	ssh escape character, typically ~
fallbacktorsh	yes/no	fall back to rsh client if connection fails
forwardagent	yes/no	forward the connection to authentication agent on remote host
gatewayports	yes/no	specify whether remote systems can connect to locally forwarded ports
globalknownhostsfile	filename	location of the known hosts file
globalknownhostsfile2	filename	location of the known hosts file for ssh2
host	host/IP address	host to which to connect
hostbasedauthentication	yes/no	allow host based authentication for ssh2
hostkeyalgorithms	cipher list	server key types in order of preference for ssh2
hostkeyalias	filename	host name alias for known_hosts
hostname	host/IP address	alias for the host
identityfile	RSA key filename	gives directory name of RSA private key file
identityfile2		identityfile alias
kbdinteractiveauthentication	yes/no	allow keyboard interactive authentication
kbdinteractivedevices	list	Keyboard-interactive auth devices
keepalive	yes/no	send/don't send keep alive messages
localforward	x:host:y	assign a local port forwarding
loglevel	number	set how much information will be logged
numberofpasswordprompts	number	number of login attempts before disconnected from server
passwordauthentication	yes/no	allow password authentication
port	tcp port	sshd port; usually 22
preferredauthentications	list	order that authentication types should be tried
protocol	1/2	specify whether to use ssh1 or ssh2
proxycommand	command	command to connect to proxy server
pubkeyauthentication	yes/no	ssh2 only - allow only RSA authentication
remoteforward	x:host:y	assign a remote port forwarding
rhostsauthentication	yes/no	authentication based on .rhosts file alone
rhostsrsaauthentication	yes/no	authentication based on .rhosts file or hosts.equiv with RSA key
rsaauthentication	yes/no	allow only RSA authentication
skeyauthentication		tisauthentication alias
stricthostkeychecking	yes/no/ask	automatically add host keys to the known_hosts file or ask
tisauthentication	yes/no	allow TIS authentication
useprivilegedport	yes/no	allow use of ports above 1023
user	username	assign a user identity
userknownhostsfile	filename	known_hosts file to use for this user
userknownhostsfile2	filename	known_hosts file to use for ssh2 user
usersh	yes/no	use rsh to connect to host