4.25.5.1. Attributes of AbstractSshProxy

audit_channels (string, rw:r)
Default: ""
A comma separated list of channel types to be audited. See also Section 4.25.2.7, Auditing SSH channels.

auth_agent_forward (boolean, w:r)
Default: FALSE
Authenticate using the data received from the agent during agent-forwarding.

auth_methods (string, rw:rw)
Default: "password,keyboard-interactive,none"
A comma separated list of permitted authentication methods as defined in the SSH protocol specification. The proxy currently supports the following authentication methods: publickey, keyboard-interactive, password and none. The none method is only used to determine which authentication methods does the server support.

check_insane_settings (boolean, w:r)
Default: TRUE
Reject unrealistic terminal and screen settings. The number of columns and rows of the terminal must be lower than 512; the size of the screen cannot be greater than 8192 pixels in either directions.

client_channel (complex, r:r)
Default:
A normative policy hash defining the action to take when a specific channel type is opened on the client side. See Section 4.25.2.1, Configuring policies for SSH channels for details.

client_cipher_algos (string, rw:r)
Default: "aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,3des-cbc,arcfour"
A comma separated list of symmetric cipher algorithms permitted on the client side, in the order of preference. See Section 4.25.2.5, Configuring encryption parameters for details.

client_comp_algos (string, rw:r)
Default:
A comma separated list of compression algorithms, in the order of preference. Currently no compression algorithm is supported.

client_hostkey_algos (string, rw:r)
Default: "rsa-sha2-512,rsa-sha2-256,ssh-rsa,ssh-dss"
A comma separated list of hostkey algorithms permitted on the client side, in the order of preference. See Section 4.25.2.5, Configuring encryption parameters for details.

client_kex_algos (string, rw:r)
Default: "diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1"
A comma separated list of allowed key exchange algorithms permitted on the client side, in the order of preference. See Section 4.25.2.5, Configuring encryption parameters for details.

client_mac_algos (string, rw:r)
Default: "hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5"
A comma separated list of MAC algorithms, in the order of preference. See Section 4.25.2.5, Configuring encryption parameters for details.

client_pubkey_algos (string, rw:r)
Default: "rsa-sha2-512,rsa-sha2-256,ssh-rsa,ssh-dss"
A comma separated list of public key algorithms permitted on the client side, in the order of preference. See Section 4.25.2.5, Configuring encryption parameters for details.

client_request (complex, r:r)
Default:
A normative policy hash defining the action to take when a specific channel request is received from the client side. See Section 4.25.2.2, Configuring policies for SSH requests for details.

connection_start (enum, rw:r)
Default: SSH_CONN_START_IMMEDIATELY
Specifies when is the server-side connection started. When using agent authentication, set it to SSH_CONN_START_AFTER_PROXY_AUTH.

greeting (string, rw:r)
Default:
The content of this attribute is sent to the SSH client before sending the protocol header, e.g.: before performing key exchange or authentication. It is usually displayed to the user or sent to the system log.

host_key_x509_dss (string, rw:r)
Default:
The DSS host key in openssl PEM format used when communicating with SSH clients. Either host_key_rsa or host_key_dss is required.

host_key_x509_dss_certificate (string, rw:r)
Default:
The DSS host key in openssl PEM format used when communicating with SSH clients. Either host_key_rsa or host_key_dss is required.

host_key_x509_dss_files (certificate, rw:r)
Default:
A tuple of two file names containing the certificate and key files for the DSS host key in PEM format.

host_key_x509_rsa (string, rw:r)
Default:
The RSA host key in openssl PEM format used when communicating with SSH clients. Either host_key_rsa or host_key_dss is required.

host_key_x509_rsa_certificate (string, rw:r)
Default:
The RSA host key in openssl PEM format used when communicating with SSH clients. Either host_key_rsa or host_key_dss is required.

host_key_x509_rsa_files (certificate, rw:r)
Default:
A tuple of two file names containing the certificate and key files for the RSA host key in PEM format.

id_comment (string, rw:r)
Default:
Specifies the comment field in the SSH protocol header.

max_kbdint_prompt_len (integer, rw:r)
Default: 128
Specifies the maximum length of a prompt in the keyboard-interactive authentication method.

max_kbdint_prompts (integer, rw:r)
Default: 10
Specifies the maximum number of prompts in the keyboard-interactive authentication method.

max_kbdint_response_len (integer, rw:r)
Default: 128
Specifies the maximum length of a response in the keyboard-interactive authentication method.

server_channel (complex, r:r)
Default:
A normative policy hash defining the action to take when a specific channel type is opened on the server side. See Section 4.25.2.1, Configuring policies for SSH channels for details.

server_cipher_algos (string, rw:r)
Default: "aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,3des-cbc,arcfour"
A comma separated list of symmetric cipher algorithms permitted on the server side, in the order of preference.

server_comp_algos (string, rw:r)
Default:
A comma separated list of compression algorithms permitted on the server side, in the order of preference. Currently no compression algorithm is supported.

server_hostkey_algos (string, rw:r)
Default: "rsa-sha2-512,rsa-sha2-256,ssh-rsa,ssh-dss"
A comma separated list of hostkey algorithms permitted on the server side, in the order of preference. See Section 4.25.2.5, Configuring encryption parameters for details.

server_kex_algos (string, rw:r)
Default: "diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1"
A comma separated list of key exchange algorithms permitted on the server side, in the order of preference. See Section 4.25.2.5, Configuring encryption parameters for details.

server_mac_algos (string, rw:r)
Default: "hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5"
A comma separated list of MAC algorithms permitted on the server side, in the order of preference. See Section 4.25.2.5, Configuring encryption parameters for details.

server_pubkey_algos (string, rw:r)
Default: "rsa-sha2-512,rsa-sha2-256,ssh-rsa,ssh-dss"
A comma separated list of public key algorithms permitted on the server side, in the order of preference. See Section 4.25.2.5, Configuring encryption parameters for details.

server_request (complex, r:r)
Default:
A normative policy hash defining the action to take when a specific channel request is received from the server side. See Section 4.25.2.2, Configuring policies for SSH requests for details.

software_version (string, rw:r)
Default: "SSH"
The string sent to the SSH peers as the version of the software. Before changing the default, please note that peers enable or disable various protocol workarounds based on the value of this attribute.

timeout (integer, rw:r)
Default: 600000
I/O timeout in milliseconds. If no activity is detected within this period interval, the connection is terminated.

transparent_mode (boolean, rw:r)
Default: TRUE
Specifies whether the proxy is in transparent or non-transparent mode. In non-transparent mode the name of destination server is extracted from the username, which should be in the format (user@host:port). The set of characters accepted as username/hostname separators is '@' and '%'. The set of characters that separates hostname from port number is ':', '+' and '/'.

userauth_banner (string, rw:r)
Default:
The content of this attribute is sent to the SSH client at the start of the SSH userauth protocol. It is usually displayed by clients as a text message.

Previous Up Next
 Home