ssh and scp Keywords

OpenSSH

Tectia

Keyword

Value

Meaning

#

Any text

Comment line

 

AddressFamily

any | inet | inet6

Set IP address type

 

AllowAgentForwarding

Yes/no

Same as ForwardAgent

 

AllowedAuthentications

Auth types

Permitted authentication techniques

 

AuthenticationNotify

Yes/no

Print message on stdout on successful authentication

 

AuthenticationSuccessMsg

Yes/no

Print message on stderr on successful authentication

BatchMode

Yes/no

Disable prompting

 

BindAddress

Interface

Select a network interface

 

Cert.DODPKI

Yes/no

Certificates must be DoD PKI-compliant

 

Cert.EndpointIdentityCheck

Yes/no

Verify server hostname versus certificate

 

Cert.RSA.Compat.HashScheme

md5/sha1

Set hash compatibility

 

ChallengeResponseAuthentication

Yes/no

Enable challenge-response authentication

 

CheckHostIP

Yes/no

Detect DNS spoofing

1

 

Cipher

Cipher

Request encryption cipher

2

Ciphers

Cipher_ list

Supported encryption ciphers

ClearAllForwardings

Yes/no

Ignore any specified forwarding

Compression

Yes/no

Enable data compression

 

CompressionLevel

0-9

Select compression algorithm

 

ConnectionAttempts

# attempts

# of retries by client

 

ConnectTimeout

Time

Timeout for connecting to SSH server

 

ControlMaster

Yes/no/ask

Enable connection sharing

 

ControlPath

Socket

Location of socket for connection sharing

 

DebugLogFile

Filename

File for debug messages

 

DefaultDomain

Domain

Specify domain name

 

DisableVersionFallback

Yes/no

Compatibility with old versions of software

 

DontReadStdin

Yes/no

Redirect stdin from /dev/ null

 

DynamicForward

Port, socket

Set up a dynamic forwarding

 

EkInitString

Init string

Initialization string for external host key provider

 

EkProvider

Provider

External host key provider

 

EnableSSHKeysign

Yes/no

Enable ssh-keysign

EscapeChar

Character

Set escape character (^ = Ctrl key)

 

ForcePTTYAllocation

Yes/no

Allocate a pseudo-tty

ForwardAgent

Yes/no

Enable agent forwarding

ForwardX11

Yes/no

Enable X forwarding

 

ForwardX11Trusted

Port, socket

Set up a trusted X forwarding

GatewayPorts

Yes/no

Gateway locally forwarded ports

 

GlobalKnownHostsFile

Filename

Location of global known hosts file

 

GoBackground

Yes/no

Fork into background

 

GSSAPI.AllowedMethods

kerberos

Permitted GSSAPI methods

 

GSSAPI.AllowOldMethodWhichIsInsecure

Yes/no

Use fallback code for old GSSAPI methods

 

GSSAPI.DelegateToken

Yes/no

Delegate GSSAPI tokens

 

GSSAPI.Dlls

Directory

Location of GSSAPI libraries

 

GSSAPIAuthentication

Yes/no

Enable GSSAPI authentication

 

GSSAPIDelegateCredentials

Yes/no

Delegate GSSAPI tokens

 

Host

Hostname

Real name of a host

 

Host

Pattern

Begin section for this host

 

HostCa

CA spec

CA certificate for authentication

 

HostCAMoCRLs

 

Same as HostCa but disables CRL checking

 

HostKeyAlgorithms

Algorithm list

Set precedence of host key algorithms

 

HostKeyAlias

Alias

Set alias for a host key

 

HostName

Hostname

Real name of host

 

IdentitiesOnly

Yes/no

Ignore ssh-agent

IdentityFile

Filename

Name of private-key file (RSA)

 

KeepAlive

Yes/no

Send keepalive packets

 

LDAPServers

LDAP URL

Locate LDAP servers

LocalForward

Port, socket

Local port forwarding

Macs

Algorithm

Select MAC algorithm

 

NoDelay

Yes/no

Enable Nagle Algorithm

 

NoHostAuthenticationForLocalhost

Yes/no

Ignore localhost when checking host keys

NumberOfPasswordPrompts

# prompts

# of prompts before failure

 

PasswordAuthentication

Yes/no

Permit password authentication

 

PasswordPrompt

String

Password prompt

Port

Port number

Select server port number

 

PreferredAuthentications

Auth list

Permitted authentication techniques

 

Protocol

1/2

SSH protocol version

 

ProxyCommand

Command

Connect to proxy server

 

ProxyServer

Server spec

SOCKS server

 

PubkeyAuthentication

Yes/no

Public-key authentication

 

QuietMode

Yes/no

Quiet mode

 

RandomSeedFile

Filename

Location of random seed file

 

RekeyIntervalSeconds

Time

Frequency of key exchange

RemoteForward

Port, socket

Remote port forwarding

1

 

RhostsRSAAuthentication

Yes/no

Permit combined authentication

1

 

RSAAuthentication

Yes/no

Permit public-key authentication

 

SendEnv

Variable list

Which environment variables are sent to SSH server

 

ServerAliveCountMax

# retries

Upper limit on retries to contact SSH server

 

ServerAliveInterval

Time

Timeout to contact SSH server

 

SetRemoteEnv

var=value

Set environment variable

 

SmartcardDevice

device

Smartcard device

 

SocksServer

Server

Same as ProxyServer

 

Ssh1AgentCompatibility

Yes/no

Enable SSH1 agent compatibility

 

Ssh1Compatibility

Yes/no

Enable SSH1 compatibility

 

Ssh1InternalEmulation

Yes/no

Do SSH-1 internally

 

Ssh1MaskPasswordLength

Yes/no

Mask password length

 

Ssh1Path

Filename

Path to ssh1

 

SshSignerPath

Filename

Path to ssh-signer2

StrictHostKeyChecking

Yes/no/ask

Behavior on host key mismatch

 

TCPKeepAlive

Yes/no

Send keepalive packets

 

TrustX11Applications

Yes/no

Enable trusted X11 forwarding

 

UsePrivilegedPort

Yes/no

Permit privileged port use

User

Username

Remote username

 

UserKnownHostsFile

Filename

Location of user known hosts file

 

UseSOCKS5

Yes/no

Use SOCKS5 instead of SOCKS4

 

VerboseMode

Yes/no

Verbose mode

 

VerifyHostKeyDNS

Yes/no/ask

Verify a remote host key via DNS

 

XAuthLocation

Filename

Location of xauth

 

XAuthPath

Filename

Location of xauth