It should eventually connect an 8 server running on some machine, or execute sshd -i somewhere. Valid commands are: ''check'' check that the master process is running and ''exit'' request the master to exit. This works by allocating a socket to listen to port on the remote side, and whenever a connection is made to this port, the connection is forwarded over the secure channel, and a connection is made to host port hostport from the local machine. The server must also support it, and the server must be configured to accept these environment variables. See for further details of the format of this file. Note that this option will compete with the ProxyCommand option - whichever is specified first will prevent later instances of the other from taking effect.
Agent forwarding should be enabled with caution. The command can be basically anything, and should read from its stdin and write to its stdout. GatewayPorts can be used to specify that ssh should bind local port forwardings to the wildcard address, thus allowing remote hosts to connect to forwarded ports. If they are sent, death of the connection or crash of one of the machines will be properly noticed. See the sshd 8 manual page for more information.
Setting ForwardX11Timeout to zero will disable the timeout and permit X11 forwarding for the life of the connection. KbdInteractiveAuthentication Specifies whether to use keyboard-interactive authentication. Multiple options of this type are permitted. This can also be specified on a per-host allocating a socket to listen to port on the local side, and whenever a connection is made to this port, the connection is forwarded over the secure channel, and a connection is made to host:hostport from the remote machine. However, I don't rate it much as a technique to counter script kiddies. See sshd 8 for further details of the format of this file. The argument is the number of bytes, with an optional suffix of 'K', 'M', or 'G' to indicate Kilobytes, Megabytes, or Gigabytes, respectively.
The host keys of known hosts are verified automatically in either case. See sshd 1M for more information. Disabling rhosts authentication can reduce authentication time on slow connections when rhosts authentication is not used. Port forwardings can also be specified in the configuration file. Only the superuser can forward privileged ports. If AuthorizedPrincipalsCommand is specified but AuthorizedPrincipalsCommandUser is not, then 8 will refuse to start. Since the first obtained value for each parameter is used, more host- specific declarations should be given near the beginning of the file, and general defaults at the end.
If one argument is specified, it is used as the packet class unconditionally. Specifies that ProxyCommand will pass a connected file descriptor back to instead of continuing to execute and pass data. Since the first obtained value for each parameter is used, more host-specific declarations should be given near the beginning of the file, and general defaults at the end. Port forwardings can also be specified in the configuration file. Runs user's shell or command.
PubkeyAcceptedKeyTypes Specifies the key types that will be accepted for public key authentication as a comma-separated pattern list. You can specify multiple forwardings and give additional forwardings on the command line. The all criteria must appear alone or immediately after canonical or final. Only the superuser can forward privileged ports. Users with the ability to bypass file permissions on the remote host for the agent's Unix-domain socket can access the local agent through the forwarded connection. Note that this option applies to protocol version 1 only.
ServerAliveInterval Sets a timeout interval in seconds after which if no data has been received from the server, ssh 1 will send a message through the encrypted channel to request a response from the server. The default is: gssapi-with-mic,hostbased,publickey, keyboard-interactive,password ProxyCommand Specifies the command to use to connect to the server. The argument to this keyword must be yes or no the default. The argument must be yes or no the default. The matched host name is the one given on the command line. The options are as follows: -3 Copies between two remote hosts are transferred through the local host.
Because of the difficulty of comparing host keys just by looking at fingerprint strings, there is also support to compare host keys visually, using random art. It is believed to be secure. Causes ssh to print debugging messages about its progress. The ssh program will be put in the background. Users with the ability to bypass file permissions on the remote host for the user's X11 authorization database can access the local X11 display through the forwarded connection.
By default, the local port is bound in accordance with the GatewayPorts setting. And I know that changing the port won't do that much to keep the kiddies with a brain away, but hopefully it will stunt some of the scripts running out there and decrease the number of notification emails I get. It provides a flow control service for these channels. CompressionLevel Specifies the compression level to use if compression is enable. The argument may be no to force remote port forwardings to be available to the local host only, yes to force remote port forwardings to bind to the wildcard address, or clientspecified to allow the client to select the address to which the forwarding is bound. The command string extends to the end of the line, and is executed with the user's shell.
Multiple CertificateFile directives will add to the list of certificates used for authentication. A pattern-list is a comma-separated list of patterns. Confirmation is currently incompatible with ControlPersist, and will be disabled if it is enabled. Note that this option applies to protocol version 1 only. DebianBanner Specifies whether the distribution-specified extra version suffix is included during initial protocol handshake. Specify the path to the control socket used for connection sharing as described in the ControlMaster section above or the string none to disable connection sharing. By default ssh is not setuid root.