diff options
| author | Colin Watson <cjwatson@debian.org> | 2009-12-29 21:42:53 +0000 |
|---|---|---|
| committer | Colin Watson <cjwatson@debian.org> | 2009-12-29 21:42:53 +0000 |
| commit | 87552344215a38d3a2b0d4d63dc151e05978bbe1 (patch) | |
| tree | 9f4b96055e6ccaa915e8d59d9f2805e9e119371d /sshd.0 | |
| parent | a25ec0b132c44c9e341e08464ff830de06b81126 (diff) | |
| parent | ef94e5613d37bcbf880f21ee6094e4b1c7683a4c (diff) | |
import openssh-5.1p1-gsskex-cjwatson-20080722.patch
Diffstat (limited to 'sshd.0')
| -rw-r--r-- | sshd.0 | 62 |
1 files changed, 46 insertions, 16 deletions
| @@ -4,8 +4,9 @@ NAME | |||
| 4 | sshd - OpenSSH SSH daemon | 4 | sshd - OpenSSH SSH daemon |
| 5 | 5 | ||
| 6 | SYNOPSIS | 6 | SYNOPSIS |
| 7 | sshd [-46Ddeiqt] [-b bits] [-f config_file] [-g login_grace_time] | 7 | sshd [-46DdeiqTt] [-b bits] [-C connection_spec] [-f config_file] |
| 8 | [-h host_key_file] [-k key_gen_time] [-o option] [-p port] [-u len] | 8 | [-g login_grace_time] [-h host_key_file] [-k key_gen_time] |
| 9 | [-o option] [-p port] [-u len] | ||
| 9 | 10 | ||
| 10 | DESCRIPTION | 11 | DESCRIPTION |
| 11 | sshd (OpenSSH Daemon) is the daemon program for ssh(1). Together these | 12 | sshd (OpenSSH Daemon) is the daemon program for ssh(1). Together these |
| @@ -31,7 +32,17 @@ DESCRIPTION | |||
| 31 | 32 | ||
| 32 | -b bits | 33 | -b bits |
| 33 | Specifies the number of bits in the ephemeral protocol version 1 | 34 | Specifies the number of bits in the ephemeral protocol version 1 |
| 34 | server key (default 768). | 35 | server key (default 1024). |
| 36 | |||
| 37 | -C connection_spec | ||
| 38 | Specify the connection parameters to use for the -T extended test | ||
| 39 | mode. If provided, any Match directives in the configuration | ||
| 40 | file that would apply to the specified user, host, and address | ||
| 41 | will be set before the configuration is written to standard out- | ||
| 42 | put. The connection parameters are supplied as keyword=value | ||
| 43 | pairs. The keywords are ``user'', ``host'', and ``addr''. All | ||
| 44 | are required and may be supplied in any order, either with multi- | ||
| 45 | ple -C options or as a comma-separated list. | ||
| 35 | 46 | ||
| 36 | -D When this option is specified, sshd will not detach and does not | 47 | -D When this option is specified, sshd will not detach and does not |
| 37 | become a daemon. This allows easy monitoring of sshd. | 48 | become a daemon. This allows easy monitoring of sshd. |
| @@ -98,6 +109,11 @@ DESCRIPTION | |||
| 98 | ginning, authentication, and termination of each connection is | 109 | ginning, authentication, and termination of each connection is |
| 99 | logged. | 110 | logged. |
| 100 | 111 | ||
| 112 | -T Extended test mode. Check the validity of the configuration | ||
| 113 | file, output the effective configuration to stdout and then exit. | ||
| 114 | Optionally, Match rules may be applied by specifying the connec- | ||
| 115 | tion parameters using one or more -C options. | ||
| 116 | |||
| 101 | -t Test mode. Only check the validity of the configuration file and | 117 | -t Test mode. Only check the validity of the configuration file and |
| 102 | sanity of the keys. This is useful for updating sshd reliably as | 118 | sanity of the keys. This is useful for updating sshd reliably as |
| 103 | configuration options may change. | 119 | configuration options may change. |
| @@ -289,18 +305,22 @@ AUTHORIZED_KEYS FILE FORMAT | |||
| 289 | This option is automatically disabled if UseLogin is enabled. | 305 | This option is automatically disabled if UseLogin is enabled. |
| 290 | 306 | ||
| 291 | from="pattern-list" | 307 | from="pattern-list" |
| 292 | Specifies that in addition to public key authentication, the | 308 | Specifies that in addition to public key authentication, either |
| 293 | canonical name of the remote host must be present in the comma- | 309 | the canonical name of the remote host or its IP address must be |
| 294 | separated list of patterns. The purpose of this option is to op- | 310 | present in the comma-separated list of patterns. See PATTERNS in |
| 295 | tionally increase security: public key authentication by itself | 311 | ssh_config(5) for more information on patterns. |
| 296 | does not trust the network or name servers or anything (but the | 312 | |
| 297 | key); however, if somebody somehow steals the key, the key per- | 313 | In addition to the wildcard matching that may be applied to host- |
| 298 | mits an intruder to log in from anywhere in the world. This ad- | 314 | names or addresses, a from stanza may match IP addressess using |
| 299 | ditional option makes using a stolen key more difficult (name | 315 | CIDR address/masklen notation. |
| 300 | servers and/or routers would have to be compromised in addition | 316 | |
| 301 | to just the key). | 317 | The purpose of this option is to optionally increase security: |
| 302 | 318 | public key authentication by itself does not trust the network or | |
| 303 | See PATTERNS in ssh_config(5) for more information on patterns. | 319 | name servers or anything (but the key); however, if somebody |
| 320 | somehow steals the key, the key permits an intruder to log in | ||
| 321 | from anywhere in the world. This additional option makes using a | ||
| 322 | stolen key more difficult (name servers and/or routers would have | ||
| 323 | to be compromised in addition to just the key). | ||
| 304 | 324 | ||
| 305 | no-agent-forwarding | 325 | no-agent-forwarding |
| 306 | Forbids authentication agent forwarding when this key is used for | 326 | Forbids authentication agent forwarding when this key is used for |
| @@ -313,6 +333,9 @@ AUTHORIZED_KEYS FILE FORMAT | |||
| 313 | 333 | ||
| 314 | no-pty Prevents tty allocation (a request to allocate a pty will fail). | 334 | no-pty Prevents tty allocation (a request to allocate a pty will fail). |
| 315 | 335 | ||
| 336 | no-user-rc | ||
| 337 | Disables execution of ~/.ssh/rc. | ||
| 338 | |||
| 316 | no-X11-forwarding | 339 | no-X11-forwarding |
| 317 | Forbids X11 forwarding when this key is used for authentication. | 340 | Forbids X11 forwarding when this key is used for authentication. |
| 318 | Any X11 forward requests by the client will return an error. | 341 | Any X11 forward requests by the client will return an error. |
| @@ -417,6 +440,13 @@ FILES | |||
| 417 | host-based authentication without permitting login with | 440 | host-based authentication without permitting login with |
| 418 | rlogin/rsh. | 441 | rlogin/rsh. |
| 419 | 442 | ||
| 443 | ~/.ssh/ | ||
| 444 | This directory is the default location for all user-specific con- | ||
| 445 | figuration and authentication information. There is no general | ||
| 446 | requirement to keep the entire contents of this directory secret, | ||
| 447 | but the recommended permissions are read/write/execute for the | ||
| 448 | user, and not accessible by others. | ||
| 449 | |||
| 420 | ~/.ssh/authorized_keys | 450 | ~/.ssh/authorized_keys |
| 421 | Lists the public keys (RSA/DSA) that can be used for logging in | 451 | Lists the public keys (RSA/DSA) that can be used for logging in |
| 422 | as this user. The format of this file is described above. The | 452 | as this user. The format of this file is described above. The |
| @@ -542,4 +572,4 @@ CAVEATS | |||
| 542 | System security is not improved unless rshd, rlogind, and rexecd are dis- | 572 | System security is not improved unless rshd, rlogind, and rexecd are dis- |
| 543 | abled (thus completely disabling rlogin and rsh into the machine). | 573 | abled (thus completely disabling rlogin and rsh into the machine). |
| 544 | 574 | ||
| 545 | OpenBSD 4.2 August 16, 2007 9 | 575 | OpenBSD 4.4 July 2, 2008 9 |