forwarding to the ultimate destination from there.  Multiple
               jump  hops may be specified separated by comma characters.  This
               is a shortcut to specify a  ProxyJump  configuration  directive.
               Note  that configuration directives supplied on the command‐line
               generally apply to the destination host and  not  any  specified
               jump hosts.  Use ~/.ssh/config to specify configuration for jump
               hosts.

       -K      Enables  GSSAPI‐based authentication and forwarding (delegation)
               of GSSAPI credentials to the server.

       -k      Disables forwarding (delegation) of GSSAPI  credentials  to  the
               server.

       -L [bind_address:]port:host:hostport
       -L [bind_address:]port:remote_socket
       -L local_socket:host:hostport
       -L local_socket:remote_socket
               Specifies  that connections to the given TCP port or Unix socket
               on the local (client) host are to be forwarded to the given host
               and port, or Unix socket, on the remote side.  This works by al‐
               locating a socket to listen to either a TCP port  on  the  local
               side,  optionally  bound  to the specified bind_address, or to a
               Unix socket.  Whenever a connection is made to the local port or
               socket, the connection is forwarded over the secure channel, and
               a connection is made to either host port hostport, or  the  Unix
               socket remote_socket, from the remote machine.

               Port  forwardings  can  also  be  specified in the configuration
               file.  Only the superuser can forward  privileged  ports.   IPv6
               addresses  can  be  specified by enclosing the address in square
               brackets.

               By default, the local port  is  bound  in  accordance  with  the
               GatewayPorts  setting.  However, an explicit bind_address may be
               used  to  bind  the  connection  to  a  specific  address.   The
               bind_address of “localhost” indicates that the listening port be
               bound  for  local  use only, while an empty address or ‘*’ indi‐
               cates that the port should be available from all interfaces.

       -l login_name
               Specifies the user to log in as on  the  remote  machine.   This
               also  may  be specified on a per‐host basis in the configuration
               file.

       -M      Places the ssh client into “master” mode for connection sharing.
               Multiple -M options places ssh into “master” mode but with  con‐
               firmation  required  using  ssh‐askpass(1) before each operation
               that changes the multiplexing state (e.g.  opening  a  new  ses‐
               sion).    Refer   to   the   description   of  ControlMaster  in
               ssh_config(5) for details.

       -m mac_spec
               A comma‐separated list of MAC (message authentication code)  al‐
               gorithms,  specified  in order of preference.  See the MACs key‐
               word in ssh_config(5) for more information.

       -N      Do not execute a remote command.  This is useful for  just  for‐
               warding  ports.   Refer  to  the  description  of SessionType in
               ssh_config(5) for details.

       -n      Redirects stdin from /dev/null (actually, prevents reading  from
               stdin).  This must be used when ssh is run in the background.  A
               common  trick is to use this to run X11 programs on a remote ma‐
               chine.  For example, ssh ‐n shadows.cs.hut.fi emacs & will start
               an emacs on shadows.cs.hut.fi, and the X11  connection  will  be
               automatically forwarded over an encrypted channel.  The ssh pro‐
               gram  will be put in the background.  (This does not work if ssh
               needs to