- (djm) Sync with OpenBSD:

- markus@cvs.openbsd.org 2000/10/14 04:01:15 [cipher.c] debug3 - markus@cvs.openbsd.org 2000/10/14 04:07:23 [scp.c] remove spaces from arguments; from djm@mindrot.org - markus@cvs.openbsd.org 2000/10/14 06:09:46 [ssh.1] Cipher is for SSH-1 only - markus@cvs.openbsd.org 2000/10/14 06:12:09 [servconf.c servconf.h serverloop.c session.c sshd.8] AllowTcpForwarding; from naddy@ - markus@cvs.openbsd.org 2000/10/14 06:16:56 [auth2.c compat.c compat.h sshconnect2.c version.h] OpenSSH_2.3; note that is is not complete, but the version number needs to be changed for interoperability reasons - markus@cvs.openbsd.org 2000/10/14 06:19:45 [auth-rsa.c] do not send RSA challenge if key is not allowed by key-options; from eivind@ThinkSec.com - markus@cvs.openbsd.org 2000/10/15 08:14:01 [rijndael.c session.c] typos; from stevesk@sweden.hp.com - markus@cvs.openbsd.org 2000/10/15 08:18:31 [rijndael.c] typo - Copy manpages back over from OpenBSD - too tedious to wade through diffs
author: Damien Miller <djm@mindrot.org> 2000-10-16 12:14:42 +1100
committer: Damien Miller <djm@mindrot.org> 2000-10-16 12:14:42 +1100
commit: 50a41ed079629fdcd9a1d2a781b73170422fc73a (patch)
tree: dbac99a364edff124412c16f079975a2e89a0389 /sshd.8
parent: 5993935f76e66c957f02efaa8fc0c8ff8a3f92c9 (diff)
1 files changed, 8 insertions, 0 deletions
diff --git a/sshd.8 b/sshd.8
index 29ad2144a..a474d2fd1 100644
--- a/sshd.8
+++ b/sshd.8
@@ -303,6 +303,14 @@ wildcards in the patterns.
 Only group names are valid; a numerical group ID isn't recognized.
 By default login is allowed regardless of the primary group.
 .Pp
+.It Cm AllowTcpForwarding
+Specifies whether TCP forwarding is permitted.
+The default is
+.Dq yes .
+Note that disabling TCP forwarding does not improve security unless
+users are also denied shell access, as they can always install their
+own forwarders.
+.Pp
 .It Cm AllowUsers
 This keyword can be followed by a number of user names, separated
 by spaces.
author	Damien Miller <djm@mindrot.org>	2000-10-16 12:14:42 +1100
committer	Damien Miller <djm@mindrot.org>	2000-10-16 12:14:42 +1100
commit	50a41ed079629fdcd9a1d2a781b73170422fc73a (patch)
tree	dbac99a364edff124412c16f079975a2e89a0389 /sshd.8
parent	5993935f76e66c957f02efaa8fc0c8ff8a3f92c9 (diff)

diff --git a/sshd.8 b/sshd.8 index 29ad2144a..a474d2fd1 100644 --- a/sshd.8 +++ b/sshd.8
@@ -303,6 +303,14 @@ wildcards in the patterns.
303	Only group names are valid; a numerical group ID isn't recognized.	303	Only group names are valid; a numerical group ID isn't recognized.
304	By default login is allowed regardless of the primary group.	304	By default login is allowed regardless of the primary group.
305	.Pp	305	.Pp
		306	.It Cm AllowTcpForwarding
		307	Specifies whether TCP forwarding is permitted.
		308	The default is
		309	.Dq yes .
		310	Note that disabling TCP forwarding does not improve security unless
		311	users are also denied shell access, as they can always install their
		312	own forwarders.
		313	.Pp
306	.It Cm AllowUsers	314	.It Cm AllowUsers
307	This keyword can be followed by a number of user names, separated	315	This keyword can be followed by a number of user names, separated
308	by spaces.	316	by spaces.