diff options
| author | Colin Watson <cjwatson@debian.org> | 2018-08-24 12:49:36 +0100 |
|---|---|---|
| committer | Colin Watson <cjwatson@debian.org> | 2018-08-24 12:49:36 +0100 |
| commit | e6547182a54f0f268ee36e7c99319eeddffbaff2 (patch) | |
| tree | 417527229ad3f3764ba71ea383f478a168895087 /sshd.0 | |
| parent | ed6ae9c1a014a08ff5db3d768f01f2e427eeb476 (diff) | |
| parent | 71508e06fab14bc415a79a08f5535ad7bffa93d9 (diff) | |
Import openssh_7.8p1.orig.tar.gz
Diffstat (limited to 'sshd.0')
| -rw-r--r-- | sshd.0 | 38 |
1 files changed, 27 insertions, 11 deletions
| @@ -145,7 +145,7 @@ AUTHENTICATION | |||
| 145 | Regardless of the authentication type, the account is checked to ensure | 145 | Regardless of the authentication type, the account is checked to ensure |
| 146 | that it is accessible. An account is not accessible if it is locked, | 146 | that it is accessible. An account is not accessible if it is locked, |
| 147 | listed in DenyUsers or its group is listed in DenyGroups . The | 147 | listed in DenyUsers or its group is listed in DenyGroups . The |
| 148 | definition of a locked account is system dependant. Some platforms have | 148 | definition of a locked account is system dependent. Some platforms have |
| 149 | their own account database (eg AIX) and some modify the passwd field ( | 149 | their own account database (eg AIX) and some modify the passwd field ( |
| 150 | M-bM-^@M-^X*LK*M-bM-^@M-^Y on Solaris and UnixWare, M-bM-^@M-^X*M-bM-^@M-^Y on HP-UX, containing M-bM-^@M-^XNologinM-bM-^@M-^Y on | 150 | M-bM-^@M-^X*LK*M-bM-^@M-^Y on Solaris and UnixWare, M-bM-^@M-^X*M-bM-^@M-^Y on HP-UX, containing M-bM-^@M-^XNologinM-bM-^@M-^Y on |
| 151 | Tru64, a leading M-bM-^@M-^X*LOCKED*M-bM-^@M-^Y on FreeBSD and a leading M-bM-^@M-^X!M-bM-^@M-^Y on most | 151 | Tru64, a leading M-bM-^@M-^X*LOCKED*M-bM-^@M-^Y on FreeBSD and a leading M-bM-^@M-^X!M-bM-^@M-^Y on most |
| @@ -341,14 +341,28 @@ AUTHORIZED_KEYS FILE FORMAT | |||
| 341 | Forbids X11 forwarding when this key is used for authentication. | 341 | Forbids X11 forwarding when this key is used for authentication. |
| 342 | Any X11 forward requests by the client will return an error. | 342 | Any X11 forward requests by the client will return an error. |
| 343 | 343 | ||
| 344 | permitlisten="[host:]port" | ||
| 345 | Limit remote port forwarding with the ssh(1) -R option such that | ||
| 346 | it may only listen on the specified host (optional) and port. | ||
| 347 | IPv6 addresses can be specified by enclosing the address in | ||
| 348 | square brackets. Multiple permitlisten options may be applied | ||
| 349 | separated by commas. Hostnames may include wildcards as | ||
| 350 | described in the PATTERNS section in ssh_config(5). A port | ||
| 351 | specification of * matches any port. Note that the setting of | ||
| 352 | GatewayPorts may further restrict listen addresses. Note that | ||
| 353 | ssh(1) will send a hostname of M-bM-^@M-^\localhostM-bM-^@M-^] if a listen host was | ||
| 354 | not specified when the forwarding was requested, and that this | ||
| 355 | name is treated differently to the explicit localhost addresses | ||
| 356 | M-bM-^@M-^\127.0.0.1M-bM-^@M-^] and M-bM-^@M-^\::1M-bM-^@M-^]. | ||
| 357 | |||
| 344 | permitopen="host:port" | 358 | permitopen="host:port" |
| 345 | Limit local port forwarding with ssh(1) -L such that it may only | 359 | Limit local port forwarding with the ssh(1) -L option such that |
| 346 | connect to the specified host and port. IPv6 addresses can be | 360 | it may only connect to the specified host and port. IPv6 |
| 347 | specified by enclosing the address in square brackets. Multiple | 361 | addresses can be specified by enclosing the address in square |
| 348 | permitopen options may be applied separated by commas. No | 362 | brackets. Multiple permitopen options may be applied separated |
| 349 | pattern matching is performed on the specified hostnames, they | 363 | by commas. No pattern matching is performed on the specified |
| 350 | must be literal domains or addresses. A port specification of * | 364 | hostnames, they must be literal domains or addresses. A port |
| 351 | matches any port. | 365 | specification of * matches any port. |
| 352 | 366 | ||
| 353 | port-forwarding | 367 | port-forwarding |
| 354 | Enable port forwarding previously disabled by the restrict | 368 | Enable port forwarding previously disabled by the restrict |
| @@ -390,9 +404,11 @@ AUTHORIZED_KEYS FILE FORMAT | |||
| 390 | ssh-rsa AAAAB3Nza...LiPk== user@example.net | 404 | ssh-rsa AAAAB3Nza...LiPk== user@example.net |
| 391 | from="*.sales.example.net,!pc.sales.example.net" ssh-rsa | 405 | from="*.sales.example.net,!pc.sales.example.net" ssh-rsa |
| 392 | AAAAB2...19Q== john@example.net | 406 | AAAAB2...19Q== john@example.net |
| 393 | command="dump /home",no-pty,no-port-forwarding ssh-dss | 407 | command="dump /home",no-pty,no-port-forwarding ssh-rsa |
| 394 | AAAAC3...51R== example.net | 408 | AAAAC3...51R== example.net |
| 395 | permitopen="192.0.2.1:80",permitopen="192.0.2.2:25" ssh-dss | 409 | permitopen="192.0.2.1:80",permitopen="192.0.2.2:25" ssh-rsa |
| 410 | AAAAB5...21S== | ||
| 411 | permitlisten="localhost:8080",permitopen="localhost:22000" ssh-rsa | ||
| 396 | AAAAB5...21S== | 412 | AAAAB5...21S== |
| 397 | tunnel="0",command="sh /etc/netstart tun0" ssh-rsa AAAA...== | 413 | tunnel="0",command="sh /etc/netstart tun0" ssh-rsa AAAA...== |
| 398 | jane@example.net | 414 | jane@example.net |
| @@ -634,4 +650,4 @@ AUTHORS | |||
| 634 | versions 1.5 and 2.0. Niels Provos and Markus Friedl contributed support | 650 | versions 1.5 and 2.0. Niels Provos and Markus Friedl contributed support |
| 635 | for privilege separation. | 651 | for privilege separation. |
| 636 | 652 | ||
| 637 | OpenBSD 6.2 March 14, 2018 OpenBSD 6.2 | 653 | OpenBSD 6.4 July 22, 2018 OpenBSD 6.4 |