diff options
| author | Colin Watson <cjwatson@debian.org> | 2018-04-03 08:20:28 +0100 |
|---|---|---|
| committer | Colin Watson <cjwatson@debian.org> | 2018-04-03 08:20:28 +0100 |
| commit | ed6ae9c1a014a08ff5db3d768f01f2e427eeb476 (patch) | |
| tree | 601025e307745d351946c01ab13f419ddb6dae29 /sshd.0 | |
| parent | 62f54f20bf351468e0124f63cc2902ee40d9b0e9 (diff) | |
| parent | a0349a1cc4a18967ad1dbff5389bcdf9da098814 (diff) | |
Import openssh_7.7p1.orig.tar.gz
Diffstat (limited to 'sshd.0')
| -rw-r--r-- | sshd.0 | 31 |
1 files changed, 18 insertions, 13 deletions
| @@ -33,12 +33,14 @@ DESCRIPTION | |||
| 33 | -C connection_spec | 33 | -C connection_spec |
| 34 | Specify the connection parameters to use for the -T extended test | 34 | Specify the connection parameters to use for the -T extended test |
| 35 | mode. If provided, any Match directives in the configuration | 35 | mode. If provided, any Match directives in the configuration |
| 36 | file that would apply to the specified user, host, and address | 36 | file that would apply are applied before the configuration is |
| 37 | will be set before the configuration is written to standard | 37 | written to standard output. The connection parameters are |
| 38 | output. The connection parameters are supplied as keyword=value | 38 | supplied as keyword=value pairs and may be supplied in any order, |
| 39 | pairs. The keywords are M-bM-^@M-^\userM-bM-^@M-^], M-bM-^@M-^\hostM-bM-^@M-^], M-bM-^@M-^\laddrM-bM-^@M-^], M-bM-^@M-^\lportM-bM-^@M-^], and | ||
| 40 | M-bM-^@M-^\addrM-bM-^@M-^]. All are required and may be supplied in any order, | ||
| 41 | either with multiple -C options or as a comma-separated list. | 39 | either with multiple -C options or as a comma-separated list. |
| 40 | The keywords are M-bM-^@M-^\addr,M-bM-^@M-^] M-bM-^@M-^\userM-bM-^@M-^], M-bM-^@M-^\hostM-bM-^@M-^], M-bM-^@M-^\laddrM-bM-^@M-^], M-bM-^@M-^\lportM-bM-^@M-^], and | ||
| 41 | M-bM-^@M-^\rdomainM-bM-^@M-^] and correspond to source address, user, resolved source | ||
| 42 | host name, local address, local port number and routing domain | ||
| 43 | respectively. | ||
| 42 | 44 | ||
| 43 | -c host_certificate_file | 45 | -c host_certificate_file |
| 44 | Specifies a path to a certificate file to identify sshd during | 46 | Specifies a path to a certificate file to identify sshd during |
| @@ -75,10 +77,9 @@ DESCRIPTION | |||
| 75 | Specifies a file from which a host key is read. This option must | 77 | Specifies a file from which a host key is read. This option must |
| 76 | be given if sshd is not run as root (as the normal host key files | 78 | be given if sshd is not run as root (as the normal host key files |
| 77 | are normally not readable by anyone but root). The default is | 79 | are normally not readable by anyone but root). The default is |
| 78 | /etc/ssh/ssh_host_dsa_key, /etc/ssh/ssh_host_ecdsa_key, | 80 | /etc/ssh/ssh_host_ecdsa_key, /etc/ssh/ssh_host_ed25519_key and |
| 79 | /etc/ssh/ssh_host_ed25519_key and /etc/ssh/ssh_host_rsa_key. It | 81 | /etc/ssh/ssh_host_rsa_key. It is possible to have multiple host |
| 80 | is possible to have multiple host key files for the different | 82 | key files for the different host key algorithms. |
| 81 | host key algorithms. | ||
| 82 | 83 | ||
| 83 | -i Specifies that sshd is being run from inetd(8). | 84 | -i Specifies that sshd is being run from inetd(8). |
| 84 | 85 | ||
| @@ -247,7 +248,7 @@ AUTHORIZED_KEYS FILE FORMAT | |||
| 247 | You don't want to type them in; instead, copy the id_dsa.pub, | 248 | You don't want to type them in; instead, copy the id_dsa.pub, |
| 248 | id_ecdsa.pub, id_ed25519.pub, or the id_rsa.pub file and edit it. | 249 | id_ecdsa.pub, id_ed25519.pub, or the id_rsa.pub file and edit it. |
| 249 | 250 | ||
| 250 | sshd enforces a minimum RSA key modulus size of 768 bits. | 251 | sshd enforces a minimum RSA key modulus size of 1024 bits. |
| 251 | 252 | ||
| 252 | The options (if present) consist of comma-separated option | 253 | The options (if present) consist of comma-separated option |
| 253 | specifications. No spaces are permitted, except within double quotes. | 254 | specifications. No spaces are permitted, except within double quotes. |
| @@ -299,6 +300,11 @@ AUTHORIZED_KEYS FILE FORMAT | |||
| 299 | this type are permitted. Environment processing is disabled by | 300 | this type are permitted. Environment processing is disabled by |
| 300 | default and is controlled via the PermitUserEnvironment option. | 301 | default and is controlled via the PermitUserEnvironment option. |
| 301 | 302 | ||
| 303 | expiry-time="timespec" | ||
| 304 | Specifies a time after which the key will not be accepted. The | ||
| 305 | time may be specified as a YYYYMMDD date or a YYYYMMDDHHMM[SS] | ||
| 306 | time in the system time-zone. | ||
| 307 | |||
| 302 | from="pattern-list" | 308 | from="pattern-list" |
| 303 | Specifies that in addition to public key authentication, either | 309 | Specifies that in addition to public key authentication, either |
| 304 | the canonical name of the remote host or its IP address must be | 310 | the canonical name of the remote host or its IP address must be |
| @@ -346,6 +352,7 @@ AUTHORIZED_KEYS FILE FORMAT | |||
| 346 | 352 | ||
| 347 | port-forwarding | 353 | port-forwarding |
| 348 | Enable port forwarding previously disabled by the restrict | 354 | Enable port forwarding previously disabled by the restrict |
| 355 | option. | ||
| 349 | 356 | ||
| 350 | principals="principals" | 357 | principals="principals" |
| 351 | On a cert-authority line, specifies allowed principals for | 358 | On a cert-authority line, specifies allowed principals for |
| @@ -567,7 +574,6 @@ FILES | |||
| 567 | allows host-based authentication without permitting login with | 574 | allows host-based authentication without permitting login with |
| 568 | rlogin/rsh. | 575 | rlogin/rsh. |
| 569 | 576 | ||
| 570 | /etc/ssh/ssh_host_dsa_key | ||
| 571 | /etc/ssh/ssh_host_ecdsa_key | 577 | /etc/ssh/ssh_host_ecdsa_key |
| 572 | /etc/ssh/ssh_host_ed25519_key | 578 | /etc/ssh/ssh_host_ed25519_key |
| 573 | /etc/ssh/ssh_host_rsa_key | 579 | /etc/ssh/ssh_host_rsa_key |
| @@ -576,7 +582,6 @@ FILES | |||
| 576 | not accessible to others. Note that sshd does not start if these | 582 | not accessible to others. Note that sshd does not start if these |
| 577 | files are group/world-accessible. | 583 | files are group/world-accessible. |
| 578 | 584 | ||
| 579 | /etc/ssh/ssh_host_dsa_key.pub | ||
| 580 | /etc/ssh/ssh_host_ecdsa_key.pub | 585 | /etc/ssh/ssh_host_ecdsa_key.pub |
| 581 | /etc/ssh/ssh_host_ed25519_key.pub | 586 | /etc/ssh/ssh_host_ed25519_key.pub |
| 582 | /etc/ssh/ssh_host_rsa_key.pub | 587 | /etc/ssh/ssh_host_rsa_key.pub |
| @@ -629,4 +634,4 @@ AUTHORS | |||
| 629 | versions 1.5 and 2.0. Niels Provos and Markus Friedl contributed support | 634 | versions 1.5 and 2.0. Niels Provos and Markus Friedl contributed support |
| 630 | for privilege separation. | 635 | for privilege separation. |
| 631 | 636 | ||
| 632 | OpenBSD 6.2 June 24, 2017 OpenBSD 6.2 | 637 | OpenBSD 6.2 March 14, 2018 OpenBSD 6.2 |