mirror of
https://github.com/freebsd/freebsd-src
synced 2024-07-21 10:19:04 +00:00
535af610a4
Excerpts from the release notes: * ssh-agent(1): PKCS#11 modules must now be specified by their full paths. Previously dlopen(3) could search for them in system library directories. * ssh(1): allow forwarding Unix Domain sockets via ssh -W. * ssh(1): add support for configuration tags to ssh(1). This adds a ssh_config(5) "Tag" directive and corresponding "Match tag" predicate that may be used to select blocks of configuration similar to the pf.conf(5) keywords of the same name. * ssh(1): add a "match localnetwork" predicate. This allows matching on the addresses of available network interfaces and may be used to vary the effective client configuration based on network location. * ssh-agent(1): improve isolation between loaded PKCS#11 modules by running separate ssh-pkcs11-helpers for each loaded provider. * ssh-agent(1), ssh(1): improve defences against invalid PKCS#11 modules being loaded by checking that the requested module contains the required symbol before loading it. * ssh(1): don't incorrectly disable hostname canonicalization when CanonicalizeHostname=yes and ProxyJump was expicitly set to "none". bz3567 Full release notes at https://www.openssh.com/txt/release-9.4 Relnotes: Yes Sponsored by: The FreeBSD Foundation
47 lines
1.5 KiB
Plaintext
47 lines
1.5 KiB
Plaintext
# $OpenBSD: ssh_config,v 1.36 2023/08/02 23:04:38 djm Exp $
|
|
|
|
# This is the ssh client system-wide configuration file. See
|
|
# ssh_config(5) for more information. This file provides defaults for
|
|
# users, and the values can be changed in per-user configuration files
|
|
# or on the command line.
|
|
|
|
# Configuration data is parsed as follows:
|
|
# 1. command line options
|
|
# 2. user-specific file
|
|
# 3. system-wide file
|
|
# Any configuration value is only changed the first time it is set.
|
|
# Thus, host-specific definitions should be at the beginning of the
|
|
# configuration file, and defaults at the end.
|
|
|
|
# Site-wide defaults for some commonly used options. For a comprehensive
|
|
# list of available options, their meanings and defaults, please see the
|
|
# ssh_config(5) man page.
|
|
|
|
# Host *
|
|
# ForwardAgent no
|
|
# ForwardX11 no
|
|
# PasswordAuthentication yes
|
|
# HostbasedAuthentication no
|
|
# GSSAPIAuthentication no
|
|
# GSSAPIDelegateCredentials no
|
|
# BatchMode no
|
|
# CheckHostIP no
|
|
# AddressFamily any
|
|
# ConnectTimeout 0
|
|
# StrictHostKeyChecking ask
|
|
# IdentityFile ~/.ssh/id_rsa
|
|
# IdentityFile ~/.ssh/id_dsa
|
|
# IdentityFile ~/.ssh/id_ecdsa
|
|
# IdentityFile ~/.ssh/id_ed25519
|
|
# Port 22
|
|
# Ciphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc
|
|
# MACs hmac-md5,hmac-sha1,umac-64@openssh.com
|
|
# EscapeChar ~
|
|
# Tunnel no
|
|
# TunnelDevice any:any
|
|
# PermitLocalCommand no
|
|
# VisualHostKey no
|
|
# ProxyCommand ssh -q -W %h:%p gateway.example.com
|
|
# RekeyLimit 1G 1h
|
|
# UserKnownHostsFile ~/.ssh/known_hosts.d/%k
|