diff options
author | Damien Miller <djm@mindrot.org> | 2000-04-13 12:26:34 +1000 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2000-04-13 12:26:34 +1000 |
commit | 22c772609aa0e97fb39a6ec609c2f16445644055 (patch) | |
tree | 5246a2a1ab8e761fe1a22ec2c8d5fe52fe139e36 /sshd.8 | |
parent | e71eb91259388de4aea7d46738f3b8b5593bccbe (diff) |
- Merged OpenBSD updates to include paths.
Diffstat (limited to 'sshd.8')
-rw-r--r-- | sshd.8 | 56 |
1 files changed, 36 insertions, 20 deletions
@@ -9,7 +9,7 @@ | |||
9 | .\" | 9 | .\" |
10 | .\" Created: Sat Apr 22 21:55:14 1995 ylo | 10 | .\" Created: Sat Apr 22 21:55:14 1995 ylo |
11 | .\" | 11 | .\" |
12 | .\" $Id: sshd.8,v 1.16 2000/04/01 01:09:27 damien Exp $ | 12 | .\" $Id: sshd.8,v 1.17 2000/04/13 02:26:38 damien Exp $ |
13 | .\" | 13 | .\" |
14 | .Dd September 25, 1999 | 14 | .Dd September 25, 1999 |
15 | .Dt SSHD 8 | 15 | .Dt SSHD 8 |
@@ -27,9 +27,9 @@ | |||
27 | .Op Fl k Ar key_gen_time | 27 | .Op Fl k Ar key_gen_time |
28 | .Op Fl p Ar port | 28 | .Op Fl p Ar port |
29 | .Op Fl V Ar client_protocol_id | 29 | .Op Fl V Ar client_protocol_id |
30 | .Sh DESCRIPTION | 30 | .Sh DESCRIPTION |
31 | .Nm | 31 | .Nm |
32 | (Secure Shell Daemon) is the daemon program for | 32 | (Secure Shell Daemon) is the daemon program for |
33 | .Xr ssh 1 . | 33 | .Xr ssh 1 . |
34 | Together these programs replace rlogin and rsh programs, and | 34 | Together these programs replace rlogin and rsh programs, and |
35 | provide secure encrypted communications between two untrusted hosts | 35 | provide secure encrypted communications between two untrusted hosts |
@@ -39,7 +39,7 @@ install and use as possible. | |||
39 | .Pp | 39 | .Pp |
40 | .Nm | 40 | .Nm |
41 | is the daemon that listens for connections from clients. | 41 | is the daemon that listens for connections from clients. |
42 | It is normally started at boot from | 42 | It is normally started at boot from |
43 | .Pa /etc/rc . | 43 | .Pa /etc/rc . |
44 | It forks a new | 44 | It forks a new |
45 | daemon for each incoming connection. | 45 | daemon for each incoming connection. |
@@ -157,7 +157,7 @@ host file is normally not readable by anyone but root). | |||
157 | .It Fl i | 157 | .It Fl i |
158 | Specifies that | 158 | Specifies that |
159 | .Nm | 159 | .Nm |
160 | is being run from inetd. | 160 | is being run from inetd. |
161 | .Nm | 161 | .Nm |
162 | is normally not run | 162 | is normally not run |
163 | from inetd because it needs to generate the server key before it can | 163 | from inetd because it needs to generate the server key before it can |
@@ -204,7 +204,7 @@ to use IPv6 addresses only. | |||
204 | .El | 204 | .El |
205 | .Sh CONFIGURATION FILE | 205 | .Sh CONFIGURATION FILE |
206 | .Nm | 206 | .Nm |
207 | reads configuration data from | 207 | reads configuration data from |
208 | .Pa /etc/sshd_config | 208 | .Pa /etc/sshd_config |
209 | (or the file specified with | 209 | (or the file specified with |
210 | .Fl f | 210 | .Fl f |
@@ -246,6 +246,11 @@ wildcards in the patterns. | |||
246 | Only user names are valid, a numerical user ID isn't recognized. | 246 | Only user names are valid, a numerical user ID isn't recognized. |
247 | By default login is allowed regardless of the user name. | 247 | By default login is allowed regardless of the user name. |
248 | .Pp | 248 | .Pp |
249 | .It Cm Ciphers | ||
250 | Specifies the ciphers allowed for protocol version 2. | ||
251 | Multiple ciphers must be comma-separated. | ||
252 | The default is | ||
253 | .Dq blowfish-cbc,3des-cbc,arcfour,cast128-cbc . | ||
249 | .It Cm CheckMail | 254 | .It Cm CheckMail |
250 | Specifies whether | 255 | Specifies whether |
251 | .Nm | 256 | .Nm |
@@ -284,14 +289,14 @@ does not start if this file is group/world-accessible. | |||
284 | .It Cm IgnoreRhosts | 289 | .It Cm IgnoreRhosts |
285 | Specifies that | 290 | Specifies that |
286 | .Pa .rhosts | 291 | .Pa .rhosts |
287 | and | 292 | and |
288 | .Pa .shosts | 293 | .Pa .shosts |
289 | files will not be used in authentication. | 294 | files will not be used in authentication. |
290 | .Pa /etc/hosts.equiv | 295 | .Pa /etc/hosts.equiv |
291 | and | 296 | and |
292 | .Pa /etc/shosts.equiv | 297 | .Pa /etc/shosts.equiv |
293 | are still used. | 298 | are still used. |
294 | The default is | 299 | The default is |
295 | .Dq yes . | 300 | .Dq yes . |
296 | .It Cm IgnoreUserKnownHosts | 301 | .It Cm IgnoreUserKnownHosts |
297 | Specifies whether | 302 | Specifies whether |
@@ -342,7 +347,7 @@ Default is | |||
342 | .Dq yes . | 347 | .Dq yes . |
343 | .It Cm KerberosTgtPassing | 348 | .It Cm KerberosTgtPassing |
344 | Specifies whether a Kerberos TGT may be forwarded to the server. | 349 | Specifies whether a Kerberos TGT may be forwarded to the server. |
345 | Default is | 350 | Default is |
346 | .Dq no , | 351 | .Dq no , |
347 | as this only works when the Kerberos KDC is actually an AFS kaserver. | 352 | as this only works when the Kerberos KDC is actually an AFS kaserver. |
348 | .It Cm KerberosTicketCleanup | 353 | .It Cm KerberosTicketCleanup |
@@ -419,7 +424,7 @@ Multiple options of this type are permitted. | |||
419 | .It Cm PrintMotd | 424 | .It Cm PrintMotd |
420 | Specifies whether | 425 | Specifies whether |
421 | .Nm | 426 | .Nm |
422 | should print | 427 | should print |
423 | .Pa /etc/motd | 428 | .Pa /etc/motd |
424 | when a user logs in interactively. | 429 | when a user logs in interactively. |
425 | (On some systems it is also printed by the shell, | 430 | (On some systems it is also printed by the shell, |
@@ -427,6 +432,17 @@ when a user logs in interactively. | |||
427 | or equivalent.) | 432 | or equivalent.) |
428 | The default is | 433 | The default is |
429 | .Dq yes . | 434 | .Dq yes . |
435 | .It Cm Protocol | ||
436 | Specifies the protocol versions | ||
437 | .Nm | ||
438 | should support. | ||
439 | The possible values are | ||
440 | .Dq 1 | ||
441 | and | ||
442 | .Dq 2 . | ||
443 | Multiple versions must be comma-separated. | ||
444 | The default is | ||
445 | .Dq 1 . | ||
430 | .It Cm RandomSeed | 446 | .It Cm RandomSeed |
431 | Obsolete. | 447 | Obsolete. |
432 | Random number generation uses other techniques. | 448 | Random number generation uses other techniques. |
@@ -454,7 +470,7 @@ Defines the number of bits in the server key. | |||
454 | The minimum value is 512, and the default is 768. | 470 | The minimum value is 512, and the default is 768. |
455 | .It Cm SkeyAuthentication | 471 | .It Cm SkeyAuthentication |
456 | Specifies whether | 472 | Specifies whether |
457 | .Xr skey 1 | 473 | .Xr skey 1 |
458 | authentication is allowed. | 474 | authentication is allowed. |
459 | The default is | 475 | The default is |
460 | .Dq yes . | 476 | .Dq yes . |
@@ -504,12 +520,12 @@ does the following: | |||
504 | .Bl -enum -offset indent | 520 | .Bl -enum -offset indent |
505 | .It | 521 | .It |
506 | If the login is on a tty, and no command has been specified, | 522 | If the login is on a tty, and no command has been specified, |
507 | prints last login time and | 523 | prints last login time and |
508 | .Pa /etc/motd | 524 | .Pa /etc/motd |
509 | (unless prevented in the configuration file or by | 525 | (unless prevented in the configuration file or by |
510 | .Pa $HOME/.hushlogin ; | 526 | .Pa $HOME/.hushlogin ; |
511 | see the | 527 | see the |
512 | .Sx FILES | 528 | .Sx FILES |
513 | section). | 529 | section). |
514 | .It | 530 | .It |
515 | If the login is on a tty, records login time. | 531 | If the login is on a tty, records login time. |
@@ -543,7 +559,7 @@ authentication protocol and cookie in standard input. | |||
543 | Runs user's shell or command. | 559 | Runs user's shell or command. |
544 | .El | 560 | .El |
545 | .Sh AUTHORIZED_KEYS FILE FORMAT | 561 | .Sh AUTHORIZED_KEYS FILE FORMAT |
546 | The | 562 | The |
547 | .Pa $HOME/.ssh/authorized_keys | 563 | .Pa $HOME/.ssh/authorized_keys |
548 | file lists the RSA keys that are | 564 | file lists the RSA keys that are |
549 | permitted for RSA authentication. | 565 | permitted for RSA authentication. |
@@ -632,9 +648,9 @@ from="*.niksula.hut.fi,!pc.niksula.hut.fi" 1024 35 23.\|.\|.\|2334 ylo@niksula | |||
632 | .Pp | 648 | .Pp |
633 | command="dump /home",no-pty,no-port-forwarding 1024 33 23.\|.\|.\|2323 backup.hut.fi | 649 | command="dump /home",no-pty,no-port-forwarding 1024 33 23.\|.\|.\|2323 backup.hut.fi |
634 | .Sh SSH_KNOWN_HOSTS FILE FORMAT | 650 | .Sh SSH_KNOWN_HOSTS FILE FORMAT |
635 | The | 651 | The |
636 | .Pa /etc/ssh_known_hosts | 652 | .Pa /etc/ssh_known_hosts |
637 | and | 653 | and |
638 | .Pa $HOME/.ssh/known_hosts | 654 | .Pa $HOME/.ssh/known_hosts |
639 | files contain host public keys for all known hosts. | 655 | files contain host public keys for all known hosts. |
640 | The global file should | 656 | The global file should |
@@ -679,7 +695,7 @@ accepted if valid information can be found from either file. | |||
679 | Note that the lines in these files are typically hundreds of characters | 695 | Note that the lines in these files are typically hundreds of characters |
680 | long, and you definitely don't want to type in the host keys by hand. | 696 | long, and you definitely don't want to type in the host keys by hand. |
681 | Rather, generate them by a script | 697 | Rather, generate them by a script |
682 | or by taking | 698 | or by taking |
683 | .Pa /etc/ssh_host_key.pub | 699 | .Pa /etc/ssh_host_key.pub |
684 | and adding the host names at the front. | 700 | and adding the host names at the front. |
685 | .Ss Examples | 701 | .Ss Examples |
@@ -734,7 +750,7 @@ should be world-readable, and | |||
734 | .Pa $HOME/.ssh/known_hosts | 750 | .Pa $HOME/.ssh/known_hosts |
735 | can but need not be world-readable. | 751 | can but need not be world-readable. |
736 | .It Pa /etc/nologin | 752 | .It Pa /etc/nologin |
737 | If this file exists, | 753 | If this file exists, |
738 | .Nm | 754 | .Nm |
739 | refuses to let anyone except root log in. | 755 | refuses to let anyone except root log in. |
740 | The contents of the file | 756 | The contents of the file |
@@ -865,7 +881,7 @@ external libraries. | |||
865 | has been updated to support ssh protocol 1.5, making it compatible with | 881 | has been updated to support ssh protocol 1.5, making it compatible with |
866 | all other ssh protocol 1 clients and servers. | 882 | all other ssh protocol 1 clients and servers. |
867 | .It | 883 | .It |
868 | contains added support for | 884 | contains added support for |
869 | .Xr kerberos 8 | 885 | .Xr kerberos 8 |
870 | authentication and ticket passing. | 886 | authentication and ticket passing. |
871 | .It | 887 | .It |