upstream commit

sort; from matthew martin Upstream-ID: 73cec7f7ecc82d37a4adffad7745e4684de67ce7
author: jmc@openbsd.org <jmc@openbsd.org> 2016-09-07 18:39:24 +0000
committer: Darren Tucker <dtucker@zip.com.au> 2016-09-12 13:39:30 +1000
commit: f219fc8f03caca7ac82a38ed74bbd6432a1195e7 (patch)
tree: cec17bb8c141190c94a6c843b16c1cabf13c1244
parent: 06ce56b05def9460aecc7cdb40e861a346214793 (diff)
1 files changed, 18 insertions, 18 deletions
diff --git a/sshd_config.5 b/sshd_config.5
index fe3b23d6e..a4d1ca000 100644
--- a/sshd_config.5
+++ b/sshd_config.5
@@ -33,8 +33,8 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: sshd_config.5,v 1.230 2016/08/19 03:18:07 djm Exp $
+.\" $OpenBSD: sshd_config.5,v 1.231 2016/09/07 18:39:24 jmc Exp $
-.Dd $Mdocdate: August 19 2016 $
+.Dd $Mdocdate: September 7 2016 $
 .Dt SSHD_CONFIG 5
 .Os
 .Sh NAME
@@ -123,15 +123,15 @@ and finally
 See PATTERNS in
 .Xr ssh_config 5
 for more information on patterns.
-.It Cm AllowTcpForwarding
+.It Cm AllowStreamLocalForwarding
-Specifies whether TCP forwarding is permitted.
+Specifies whether StreamLocal (Unix-domain socket) forwarding is permitted.
 The available options are
 .Dq yes
 or
 .Dq all
-to allow TCP forwarding,
+to allow StreamLocal forwarding,
 .Dq no
-to prevent all TCP forwarding,
+to prevent all StreamLocal forwarding,
 .Dq local
 to allow local (from the perspective of
 .Xr ssh 1 )
@@ -140,18 +140,18 @@ forwarding only or
 to allow remote forwarding only.
 The default is
 .Dq yes .
-Note that disabling TCP forwarding does not improve security unless
+Note that disabling StreamLocal forwarding does not improve security unless
 users are also denied shell access, as they can always install their
 own forwarders.
-.It Cm AllowStreamLocalForwarding
+.It Cm AllowTcpForwarding
-Specifies whether StreamLocal (Unix-domain socket) forwarding is permitted.
+Specifies whether TCP forwarding is permitted.
 The available options are
 .Dq yes
 or
 .Dq all
-to allow StreamLocal forwarding,
+to allow TCP forwarding,
 .Dq no
-to prevent all StreamLocal forwarding,
+to prevent all TCP forwarding,
 .Dq local
 to allow local (from the perspective of
 .Xr ssh 1 )
@@ -160,7 +160,7 @@ forwarding only or
 to allow remote forwarding only.
 The default is
 .Dq yes .
-Note that disabling StreamLocal forwarding does not improve security unless
+Note that disabling TCP forwarding does not improve security unless
 users are also denied shell access, as they can always install their
 own forwarders.
 .It Cm AllowUsers
@@ -1223,6 +1223,12 @@ All other authentication methods are disabled for root.
 If this option is set to
 .Dq no ,
 root is not allowed to log in.
+.It Cm PermitTTY
+Specifies whether
+.Xr pty 4
+allocation is permitted.
+The default is
+.Dq yes .
 .It Cm PermitTunnel
 Specifies whether
 .Xr tun 4
@@ -1246,12 +1252,6 @@ The default is
 Independent of this setting, the permissions of the selected
 .Xr tun 4
 device must allow access to the user.
-.It Cm PermitTTY
-Specifies whether
-.Xr pty 4
-allocation is permitted.
-The default is
-.Dq yes .
 .It Cm PermitUserEnvironment
 Specifies whether
 .Pa ~/.ssh/environment
author	jmc@openbsd.org <jmc@openbsd.org>	2016-09-07 18:39:24 +0000
committer	Darren Tucker <dtucker@zip.com.au>	2016-09-12 13:39:30 +1000
commit	f219fc8f03caca7ac82a38ed74bbd6432a1195e7 (patch)
tree	cec17bb8c141190c94a6c843b16c1cabf13c1244
parent	06ce56b05def9460aecc7cdb40e861a346214793 (diff)

diff --git a/sshd_config.5 b/sshd_config.5 index fe3b23d6e..a4d1ca000 100644 --- a/sshd_config.5 +++ b/sshd_config.5
@@ -33,8 +33,8 @@
33	.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF	33	.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
34	.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.	34	.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
35	.\"	35	.\"
36	.\" $OpenBSD: sshd_config.5,v 1.230 2016/08/19 03:18:07 djm Exp $	36	.\" $OpenBSD: sshd_config.5,v 1.231 2016/09/07 18:39:24 jmc Exp $
37	.Dd $Mdocdate: August 19 2016 $	37	.Dd $Mdocdate: September 7 2016 $
38	.Dt SSHD_CONFIG 5	38	.Dt SSHD_CONFIG 5
39	.Os	39	.Os
40	.Sh NAME	40	.Sh NAME
@@ -123,15 +123,15 @@ and finally
123	See PATTERNS in	123	See PATTERNS in
124	.Xr ssh_config 5	124	.Xr ssh_config 5
125	for more information on patterns.	125	for more information on patterns.
126	.It Cm AllowTcpForwarding	126	.It Cm AllowStreamLocalForwarding
127	Specifies whether TCP forwarding is permitted.	127	Specifies whether StreamLocal (Unix-domain socket) forwarding is permitted.
128	The available options are	128	The available options are
129	.Dq yes	129	.Dq yes
130	or	130	or
131	.Dq all	131	.Dq all
132	to allow TCP forwarding,	132	to allow StreamLocal forwarding,
133	.Dq no	133	.Dq no
134	to prevent all TCP forwarding,	134	to prevent all StreamLocal forwarding,
135	.Dq local	135	.Dq local
136	to allow local (from the perspective of	136	to allow local (from the perspective of
137	.Xr ssh 1 )	137	.Xr ssh 1 )
@@ -140,18 +140,18 @@ forwarding only or
140	to allow remote forwarding only.	140	to allow remote forwarding only.
141	The default is	141	The default is
142	.Dq yes .	142	.Dq yes .
143	Note that disabling TCP forwarding does not improve security unless	143	Note that disabling StreamLocal forwarding does not improve security unless
144	users are also denied shell access, as they can always install their	144	users are also denied shell access, as they can always install their
145	own forwarders.	145	own forwarders.
146	.It Cm AllowStreamLocalForwarding	146	.It Cm AllowTcpForwarding
147	Specifies whether StreamLocal (Unix-domain socket) forwarding is permitted.	147	Specifies whether TCP forwarding is permitted.
148	The available options are	148	The available options are
149	.Dq yes	149	.Dq yes
150	or	150	or
151	.Dq all	151	.Dq all
152	to allow StreamLocal forwarding,	152	to allow TCP forwarding,
153	.Dq no	153	.Dq no
154	to prevent all StreamLocal forwarding,	154	to prevent all TCP forwarding,
155	.Dq local	155	.Dq local
156	to allow local (from the perspective of	156	to allow local (from the perspective of
157	.Xr ssh 1 )	157	.Xr ssh 1 )
@@ -160,7 +160,7 @@ forwarding only or
160	to allow remote forwarding only.	160	to allow remote forwarding only.
161	The default is	161	The default is
162	.Dq yes .	162	.Dq yes .
163	Note that disabling StreamLocal forwarding does not improve security unless	163	Note that disabling TCP forwarding does not improve security unless
164	users are also denied shell access, as they can always install their	164	users are also denied shell access, as they can always install their
165	own forwarders.	165	own forwarders.
166	.It Cm AllowUsers	166	.It Cm AllowUsers
@@ -1223,6 +1223,12 @@ All other authentication methods are disabled for root.
1223	If this option is set to	1223	If this option is set to
1224	.Dq no ,	1224	.Dq no ,
1225	root is not allowed to log in.	1225	root is not allowed to log in.
		1226	.It Cm PermitTTY
		1227	Specifies whether
		1228	.Xr pty 4
		1229	allocation is permitted.
		1230	The default is
		1231	.Dq yes .
1226	.It Cm PermitTunnel	1232	.It Cm PermitTunnel
1227	Specifies whether	1233	Specifies whether
1228	.Xr tun 4	1234	.Xr tun 4
@@ -1246,12 +1252,6 @@ The default is
1246	Independent of this setting, the permissions of the selected	1252	Independent of this setting, the permissions of the selected
1247	.Xr tun 4	1253	.Xr tun 4
1248	device must allow access to the user.	1254	device must allow access to the user.
1249	.It Cm PermitTTY
1250	Specifies whether
1251	.Xr pty 4
1252	allocation is permitted.
1253	The default is
1254	.Dq yes .
1255	.It Cm PermitUserEnvironment	1255	.It Cm PermitUserEnvironment
1256	Specifies whether	1256	Specifies whether
1257	.Pa ~/.ssh/environment	1257	.Pa ~/.ssh/environment