--- title: PingID SSH configuration file parameters description: You can configure the behavior of the PingID SSH agent by modifying the configuration file. component: pingid page_id: pingid:pingid_integrations:pid_ssh_configuration_file_parameters canonical_url: http://docs.pingidentity.com/pingid/pingid_integrations/pid_ssh_configuration_file_parameters.html revdate: May 30, 2024 --- # PingID SSH configuration file parameters You can configure the behavior of the PingID SSH agent by modifying the configuration file. The PingID SSH configuration file, `pingid.conf`, is usually located under `/usr/etc/pingid`. | | | | - | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | | PingID verifies that the `pingid.conf` file has 644 permissions (write access only for the file owner). If you encounter problems with the integration with SSH, check that the permissions for this file have not been changed. | The following table describes the configuration parameters and their valid and default values. **PingID SSH Configuration File Parameters** | Parameter | Description | Valid Values | Default Values | | ---------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------- | | `verbose` | Toggle extended logging. | `true`, `false` | `false` | | `log_file` | Define a file name and path for the pingid log file. | Full path of the log file. | None. Messages are written to the system log. | | `policy_user_not_registered` | Set the policy for users that are not registered. | * `register`: Start the registration (onboarding) process for the user. * `allow`: Allow access without registration. * `fail`: Deny access. * `grace_fail`: Allow access as long as the organization grace period has not passed. After that, deny access. | `register` | | `domain_postfix` | The suffix to be appended to the user in cases where it should be registered with the full domain name. | The domain suffix. For example, `@example.com`. | None | | `max_prompts` | The maximum number of prompts the user can receive during the initial registration process. | Any integer from 1 - 10. | `8` | | `fail_mode` | How to behave if the connection to the PingID service cannot be established. | - `restrictive`: only online authentication is permitted. If the PingID server cannot be reached, authentication cannot be carried out. - `passive_offline_authentication`: offline authentication is permitted as a backup method if communication cannot be established with the PingID server - `enforce_offline_authentication`: only offline authentication is used - `permissive`: If the PingID server cannot be reached, bypass authentication. | `restrictive` | | `proxy` | The URL of the `http_proxy` or the `https_proxy`. | | None | | `proxy_verify_cert` | * If set to `true`, the SSH agent uses the default value for `curl` option: `CURLOPT_SSL_VERIFYPEER` * If set to `false`, SSH agent uses 0 value for `curl` option: `CURLOPT_SSL_VERIFYPEER`Relevant only when the `proxy` option is set. | `true`, `false` | `false` | | `proxy_ca_file` | Path to CA fileRelevant only when the `proxy` option is set. | Path to CA file | Empty | | `proxy_user_pwd` | If your proxy server requires you to provide a username and password for authentication, use `proxy_user_pwd` to specify that information.Relevant only when the `proxy` option is set. | Provide the username and pasword with a colon in between, for example, `proxy_user_pwd=myUserName:myPassword`.If the username or password include a colon, replace the colon in the username/password with `%3A` | If you specified a value for `proxy` but do not provide a value for`proxy_user_pwd`, it is assumed the proxy server does not require a username and password. |