summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authordtucker@openbsd.org <dtucker@openbsd.org>2015-04-16 23:25:50 +0000
committerDamien Miller <djm@mindrot.org>2015-04-29 18:13:34 +1000
commit6cc7cfa936afde2d829e56ee6528c7ea47a42441 (patch)
treec959220297fe981da4856d49154377f215765902
parent15fdfc9b1c6808b26bc54d4d61a38b54541763ed (diff)
upstream commit
Document "none" for PidFile XAuthLocation TrustedUserCAKeys and RevokedKeys. bz#2382, feedback from jmc@, ok djm@
-rw-r--r--sshd_config.520
1 files changed, 14 insertions, 6 deletions
diff --git a/sshd_config.5 b/sshd_config.5
index 6dce0c70c..2bc9360d0 100644
--- a/sshd_config.5
+++ b/sshd_config.5
@@ -33,8 +33,8 @@
33.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 33.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
34.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 34.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
35.\" 35.\"
36.\" $OpenBSD: sshd_config.5,v 1.194 2015/02/20 23:46:01 djm Exp $ 36.\" $OpenBSD: sshd_config.5,v 1.195 2015/04/16 23:25:50 dtucker Exp $
37.Dd $Mdocdate: February 20 2015 $ 37.Dd $Mdocdate: April 16 2015 $
38.Dt SSHD_CONFIG 5 38.Dt SSHD_CONFIG 5
39.Os 39.Os
40.Sh NAME 40.Sh NAME
@@ -1163,7 +1163,9 @@ The default is
1163.Dq yes . 1163.Dq yes .
1164.It Cm PidFile 1164.It Cm PidFile
1165Specifies the file that contains the process ID of the 1165Specifies the file that contains the process ID of the
1166SSH daemon. 1166SSH daemon, or
1167.Dq none
1168to not write one.
1167The default is 1169The default is
1168.Pa /var/run/sshd.pid . 1170.Pa /var/run/sshd.pid .
1169.It Cm Port 1171.It Cm Port
@@ -1253,7 +1255,9 @@ which means that rekeying is performed after the cipher's default amount
1253of data has been sent or received and no time based rekeying is done. 1255of data has been sent or received and no time based rekeying is done.
1254This option applies to protocol version 2 only. 1256This option applies to protocol version 2 only.
1255.It Cm RevokedKeys 1257.It Cm RevokedKeys
1256Specifies revoked public keys. 1258Specifies revoked public keys file, or
1259.Dq none
1260to not use one.
1257Keys listed in this file will be refused for public key authentication. 1261Keys listed in this file will be refused for public key authentication.
1258Note that if this file is not readable, then public key authentication will 1262Note that if this file is not readable, then public key authentication will
1259be refused for all users. 1263be refused for all users.
@@ -1366,7 +1370,9 @@ To disable TCP keepalive messages, the value should be set to
1366.Dq no . 1370.Dq no .
1367.It Cm TrustedUserCAKeys 1371.It Cm TrustedUserCAKeys
1368Specifies a file containing public keys of certificate authorities that are 1372Specifies a file containing public keys of certificate authorities that are
1369trusted to sign user certificates for authentication. 1373trusted to sign user certificates for authentication, or
1374.Dq none
1375to not use one.
1370Keys are listed one per line; empty lines and comments starting with 1376Keys are listed one per line; empty lines and comments starting with
1371.Ql # 1377.Ql #
1372are allowed. 1378are allowed.
@@ -1519,7 +1525,9 @@ The default is
1519.It Cm XAuthLocation 1525.It Cm XAuthLocation
1520Specifies the full pathname of the 1526Specifies the full pathname of the
1521.Xr xauth 1 1527.Xr xauth 1
1522program. 1528program, or
1529.Dq none
1530to not use one.
1523The default is 1531The default is
1524.Pa /usr/X11R6/bin/xauth . 1532.Pa /usr/X11R6/bin/xauth .
1525.El 1533.El