| SSH1
| SSH2
| OpenSSH
| Keyword
| Value
| Meaning
|
|
|
| #
| Any text
| Comment line
|
|
|
AccountExpireWarningDays
| # days
| Warn user of expiration
|
|
|
AFSTokenPassing
| Yes/no
| Forward AFS tokens to server
|
| N
|
AllowAgentForwarding
| Yes/no
| Enable agent forwarding
|
|
|
AllowedAuthentications
| Auth types
| Permitted authentication techniques
|
| N
|
AllowCshrcSourcingWithSubsystems
| Yes/no
| Source shell startup file
|
| F
|
AllowForwardingPort
| Port list
| Permit forwarding for ports
|
| F
|
AllowForwardingTo
| Host/port list
| Permit forwarding for hosts
|
|
| N
|
|
AllowGroups
| Group list
| Access control by Unix group
|
|
|
|
AllowHosts
| Host list
| Access control by hostname
|
|
|
|
AllowSHosts
| Host list
| Access control via .shosts
|
|
| N
|
|
AllowTcpForwarding
| Yes/no
| Enable TCP port forwarding
|
| N
|
AllowTcpForwardingFor-Users
| User list
| Per user forwarding
|
| N
|
AllowTcpForwardingForGroups
| Group list
| Per group forwarding
|
|
| N
|
|
AllowUsers
| User list
| Access control by username
|
| N
|
AllowX11Forwarding
| Yes/no
| Enable X forwarding
|
|
|
AuthorizationFile
| Filename
| Location of authorization file
|
|
|
|
|
CheckMail
| Yes/no
| Check new mail on login
|
| N
|
ChRootGroups
| Group list
| Run chroot() on login
|
| N
|
ChRootUsers
| User list
| Run chroot() on login
|
|
| 2
|
Ciphers
| Cipher list
| Select encryption ciphers
|
| F
|
DenyForwardingPort
| Port list
| Forbid forwarding for ports
|
| F
|
DenyForwardingTo
| Host/port list
| Forbid forwarding for hosts
|
|
| N
|
|
DenyGroups
| Group list
| Access control by Unix group
|
|
|
|
DenyHosts
| Host list
| Access control by hostname
|
|
|
|
DenySHosts
| Host list
| Access control via shosts
|
| N
|
DenyTcpForwardingFor-Users
| User list
| Per user forwarding
|
| N
|
DenyTcpForwardingForGroups
| Group list
| Per group forwarding
|
|
| N
|
|
DenyUsers
| User list
| Access control by username
|
| 2
|
DSAAuthentication
| Yes/no
| Permit SSH-2 DSA authentication
|
|
|
|
FascistLogging
| Yes/no
| Verbose mode
|
|
|
ForcedEmptyPasswdChange
| Yes/no
| Change password if empty
|
|
|
ForcedPasswdChange
| Yes/no
| Change password on first login
|
|
|
ForwardAgent
| Yes/no
| Enable agent forwarding
|
|
|
ForwardX11
| Yes/no
| Enable X forwarding
|
|
|
GatewayPorts
| Yes/no
| Gateway all locally forwarded ports
|
| 2
|
HostDSAKey
| Filename
| Location of DSA key file
|
|
|
|
HostKey
| Filename
| Location of host key file
|
|
|
Hostkeyfile
| Filename
| Location of host key file
|
|
|
IdleTimeout
| Time
| Set idle timeout
|
|
|
|
|
IgnoreRhosts
| Yes/no
| Ignore .rhosts files
|
|
|
|
IgnoreRootRhosts
| Yes/no
| Ignore /.rhosts file
|
|
|
|
IgnoreUserKnownHosts
| Yes/no
| Ignore user's known-hosts keys
|
|
|
|
|
KeepAlive
| Yes/no
| Send keepalive packets
|
|
|
|
KerberosAuthentication
| Yes/no
| Permit Kerberos authentication
|
|
|
|
KerberosOrLocalPasswd
| Yes/no
| Kerberos fallback authentication
|
|
|
|
KerberosTgtPassing
| Yes/no
| Support ticket-granting-tickets
|
|
|
KerberosTicketCleanup
| Yes/no
| Destroy ticket cache on logout
|
|
|
|
KeyRegenerationInterval
| Time
| Key regeneration interval
|
|
|
|
|
ListenAddress
| IP address
| Listen on given interface
|
|
|
|
|
LoginGraceTime
| Time
| Time limit for authentication
|
|
|
LogLevel
| Syslog level
| Set syslog level
|
| N
|
Macs
| Algorithm
| Select MAC algorithm
|
| N
|
MaxBroadcastsPerSecond
| # broadcasts
| Listen for UDP broadcasts
|
|
|
MaxConnections
| # connections
| Maximum # of simultaneous connections
|
|
|
NoDelay
| Yes/no
| Enable Nagle algorithm
|
|
|
|
|
PasswordAuthentication
| Yes/no
| Permit password authentication
|
|
|
PasswordGuesses
| # guesses
| Limit # of password tries
|
|
|
PasswordExpireWarningDays
| # days
| Warn user before expiration
|
|
|
|
|
PermitEmptyPasswords
| Yes/no
| Permit empty passwords
|
|
|
|
|
PermitRootLogin
| Yes/no/ nopwd
| Permit superuser logins
|
| N
|
PGPPublicKeyFile
| Filename
| Default location of PGP public key file for authentication
|
|
|
|
PidFile
| Filename
| Location of pid file
|
|
|
|
|
Port
| Port number
| Select server port number
|
|
|
|
|
PrintMotd
| Yes/no
| Print message of the day
|
|
|
Protocol
| 1/2/1,2
| Permit SSH-1 SSH-2 connections
|
|
|
PubKeyAuthentication
| Yes/no
| Permit public-key authentication
|
|
|
PublicHostKeyFile
| Filename
| Location of public host key
|
|
|
|
QuietMode
| Yes/no
| Quiet mode
|
|
|
RandomSeed
| Filename
| Location of random seed file
|
|
|
RandomSeedFile
| Filename
| Location of random seed file
|
| N
|
RekeyIntervalSeconds
| Seconds
| Frequency of rekeying
|
|
|
RequireReverseMapping
| Yes/no
| Do reverse DNS lookup
|
|
|
RequiredAuthentications
| Auth types
| Required authentication techniques
|
|
|
|
|
RhostsAuthentication
| Yes/no
| Permit .rhosts authentication
|
|
|
RhostsPubKey- Authentication
| Yes/no
| Permit combined authentication
|
|
|
|
|
RhostsRSAAuthentication
| Yes/no
| Permit combined authentication
|
|
|
|
|
RSAAuthentication
| Yes/no
| Permit public-key authentication
|
|
|
|
ServerKeyBits
| # bits
| # of bits in server key
|
|
|
SkeyAuthentication
| Yes/no
| Permit S/Key authentication
|
|
|
Ssh1Compatibility
| Yes/no
| Enable SSH1 compatibility
|
|
|
Sshd1Path
| Filename
| Path to sshd1
|
|
|
SilentDeny
| Yes/no
| DenyHosts prints no message
|
|
|
|
|
StrictModes
| Yes/no
| Strict file/directory permissions
|
|
|
|
|
SyslogFacility
| Syslog level
| Set syslog level
|
|
|
TISAuthentication
| Yes/no
| Permit TIS authentication
|
|
|
Umask
| Unix umask
| Set login umask
|
|
|
|
UseLogin
| Yes/no
| Select login program
|
|
|
UserConfigDirectory
| Directory name
| Location of user SSH2 directories
|
|
|
UserKnownHosts
| Yes/no
| Respect ~/.ssh2/knownhosts
|
|
|
VerboseMode
| Yes/no
| Verbose mode
|
|
| N
|
|
X11Forwarding
| Yes/no
| Enable X forwarding
|
|
|
|
X11DisplayOffset
| # offset
| Limit X displays for SSH
|
|
|
|
XAuthLocation
| Filename
| Location of xauth |