![]() If this flag is set to “yes”, ssh(1) will never automatically add host keys to the ~/.ssh/known_hosts file, and refuses to connect to hosts whose host key has changed. This option applies to protocol version 2 only. The default is 0, indicating that these messages will not be sent to the server. Sets a timeout interval in seconds after which if no data has been received from the server, ssh(1) will send a message through the encrypted channel to request a response from the server. If, for example, ServerAliveInterval (see below) is set to 15 and ServerAliveCountMax is left at the default, if the server becomes unresponsive, ssh will disconnect after approximately 45 seconds. The server alive mechanism is valuable when the client or server depend on knowing when a connection has become inactive. The TCP keepalive option enabled by TCPKeepAlive is spoofable. The server alive messages are sent through the encrypted channel and therefore will not be spoofable. It is important to note that the use of server alive messages is very different from TCPKeepAlive (below). If this threshold is reached while server alive messages are being sent, ssh will disconnect from the server, terminating the session. Sets the number of server alive messages (see below) which may be sent without ssh(1) receiving any messages back from the server. DEBUG2 and DEBUG3 each specify higher levels of verbose output. The possible values are: QUIET, FATAL, ERROR, INFO, VERBOSE, DEBUG, DEBUG1, DEBUG2, and DEBUG3. Gives the verbosity level that is used when logging messages from ssh(1). The file name may use the tilde syntax to refer to a user's home directory or one of the following escape characters: ‘%d’ (local user's home directory), ‘%u’ (local user name), ‘%l’ (local host name), ‘%h’ (remote host name) or ‘%r’ (remote user name). ssh(1) will try to load certificate information from the filename obtained by appending -cert.pub to the path of a specified IdentityFile. Additionally, any identities represented by the authentication agent will be used for authentication. The default is ~/.ssh/identity for protocol version 1, and ~/.ssh/id_rsa and ~/.ssh/id_dsa for protocol version 2. Specifies a file from which the user's RSA or DSA authentication identity is read. Note that this option applies to protocol version 1 only. The meaning of the values is the same as in gzip(1). ![]() The default level is 6, which is good for most applications. The argument must be an integer from 1 (fast) to 9 (slow, best). Specifies the compression level to use if compression is enabled. If the option is set to “no”, the check will not be executed. This allows ssh to detect if a host key changed due to DNS spoofing. If this flag is set to “yes”, ssh(1) will additionally check the host IP address in the known_hosts file. Note that this seems to be REQUIRED although being optional in older releases.ĭelay after a connection failure before trying to reconnect.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |