diff options
author | Colin Watson <cjwatson@debian.org> | 2003-09-01 18:42:19 +0000 |
---|---|---|
committer | Colin Watson <cjwatson@debian.org> | 2003-09-01 18:42:19 +0000 |
commit | 8d6b7f4c46de3feb66f704ab483e51ea1a3bb0e1 (patch) | |
tree | 41fe3dd71501bbec5b0393f1536c925eaee180e9 /sshd.8 | |
parent | f045c69060bfdd5cf8759a5f29d7008d02e4de5b (diff) | |
parent | 58bfa257481a1c6938ada9bbd38801cc45633fb0 (diff) |
Debian release 3.6p1-1.
Diffstat (limited to 'sshd.8')
-rw-r--r-- | sshd.8 | 31 |
1 files changed, 19 insertions, 12 deletions
@@ -34,7 +34,7 @@ | |||
34 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 34 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
35 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 35 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
36 | .\" | 36 | .\" |
37 | .\" $OpenBSD: sshd.8,v 1.193 2002/09/24 20:59:44 todd Exp $ | 37 | .\" $OpenBSD: sshd.8,v 1.194 2003/01/31 21:54:40 jmc Exp $ |
38 | .Dd September 25, 1999 | 38 | .Dd September 25, 1999 |
39 | .Dt SSHD 8 | 39 | .Dt SSHD 8 |
40 | .Os | 40 | .Os |
@@ -43,6 +43,7 @@ | |||
43 | .Nd OpenSSH SSH daemon | 43 | .Nd OpenSSH SSH daemon |
44 | .Sh SYNOPSIS | 44 | .Sh SYNOPSIS |
45 | .Nm sshd | 45 | .Nm sshd |
46 | .Bk -words | ||
46 | .Op Fl deiqtD46 | 47 | .Op Fl deiqtD46 |
47 | .Op Fl b Ar bits | 48 | .Op Fl b Ar bits |
48 | .Op Fl f Ar config_file | 49 | .Op Fl f Ar config_file |
@@ -52,6 +53,7 @@ | |||
52 | .Op Fl o Ar option | 53 | .Op Fl o Ar option |
53 | .Op Fl p Ar port | 54 | .Op Fl p Ar port |
54 | .Op Fl u Ar len | 55 | .Op Fl u Ar len |
56 | .Ek | ||
55 | .Sh DESCRIPTION | 57 | .Sh DESCRIPTION |
56 | .Nm | 58 | .Nm |
57 | (SSH Daemon) is the daemon program for | 59 | (SSH Daemon) is the daemon program for |
@@ -75,7 +77,7 @@ This implementation of | |||
75 | .Nm | 77 | .Nm |
76 | supports both SSH protocol version 1 and 2 simultaneously. | 78 | supports both SSH protocol version 1 and 2 simultaneously. |
77 | .Nm | 79 | .Nm |
78 | works as follows. | 80 | works as follows: |
79 | .Pp | 81 | .Pp |
80 | .Ss SSH protocol version 1 | 82 | .Ss SSH protocol version 1 |
81 | .Pp | 83 | .Pp |
@@ -86,7 +88,7 @@ the daemon starts, it generates a server RSA key (normally 768 bits). | |||
86 | This key is normally regenerated every hour if it has been used, and | 88 | This key is normally regenerated every hour if it has been used, and |
87 | is never stored on disk. | 89 | is never stored on disk. |
88 | .Pp | 90 | .Pp |
89 | Whenever a client connects the daemon responds with its public | 91 | Whenever a client connects, the daemon responds with its public |
90 | host and server keys. | 92 | host and server keys. |
91 | The client compares the | 93 | The client compares the |
92 | RSA host key against its own database to verify that it has not changed. | 94 | RSA host key against its own database to verify that it has not changed. |
@@ -119,7 +121,7 @@ System security is not improved unless | |||
119 | .Nm rshd , | 121 | .Nm rshd , |
120 | .Nm rlogind , | 122 | .Nm rlogind , |
121 | and | 123 | and |
122 | .Xr rexecd | 124 | .Nm rexecd |
123 | are disabled (thus completely disabling | 125 | are disabled (thus completely disabling |
124 | .Xr rlogin | 126 | .Xr rlogin |
125 | and | 127 | and |
@@ -189,7 +191,9 @@ The server sends verbose debug output to the system | |||
189 | log, and does not put itself in the background. | 191 | log, and does not put itself in the background. |
190 | The server also will not fork and will only process one connection. | 192 | The server also will not fork and will only process one connection. |
191 | This option is only intended for debugging for the server. | 193 | This option is only intended for debugging for the server. |
192 | Multiple -d options increase the debugging level. | 194 | Multiple |
195 | .Fl d | ||
196 | options increase the debugging level. | ||
193 | Maximum is 3. | 197 | Maximum is 3. |
194 | .It Fl e | 198 | .It Fl e |
195 | When this option is specified, | 199 | When this option is specified, |
@@ -225,7 +229,8 @@ the different protocol versions and host key algorithms. | |||
225 | .It Fl i | 229 | .It Fl i |
226 | Specifies that | 230 | Specifies that |
227 | .Nm | 231 | .Nm |
228 | is being run from inetd. | 232 | is being run from |
233 | .Xr inetd 8 . | ||
229 | .Nm | 234 | .Nm |
230 | is normally not run | 235 | is normally not run |
231 | from inetd because it needs to generate the server key before it can | 236 | from inetd because it needs to generate the server key before it can |
@@ -285,7 +290,7 @@ should be put into the | |||
285 | .Pa utmp | 290 | .Pa utmp |
286 | file. | 291 | file. |
287 | .Fl u0 | 292 | .Fl u0 |
288 | is also be used to prevent | 293 | may also be used to prevent |
289 | .Nm | 294 | .Nm |
290 | from making DNS requests unless the authentication | 295 | from making DNS requests unless the authentication |
291 | mechanism or configuration requires it. | 296 | mechanism or configuration requires it. |
@@ -449,7 +454,7 @@ authentication. | |||
449 | The command supplied by the user (if any) is ignored. | 454 | The command supplied by the user (if any) is ignored. |
450 | The command is run on a pty if the client requests a pty; | 455 | The command is run on a pty if the client requests a pty; |
451 | otherwise it is run without a tty. | 456 | otherwise it is run without a tty. |
452 | If a 8-bit clean channel is required, | 457 | If an 8-bit clean channel is required, |
453 | one must not request a pty or should specify | 458 | one must not request a pty or should specify |
454 | .Cm no-pty . | 459 | .Cm no-pty . |
455 | A quote may be included in the command by quoting it with a backslash. | 460 | A quote may be included in the command by quoting it with a backslash. |
@@ -509,7 +514,7 @@ command="dump /home",no-pty,no-port-forwarding 1024 33 23.\|.\|.\|2323 backup.hu | |||
509 | permitopen="10.2.1.55:80",permitopen="10.2.1.56:25" 1024 33 23.\|.\|.\|2323 | 514 | permitopen="10.2.1.55:80",permitopen="10.2.1.56:25" 1024 33 23.\|.\|.\|2323 |
510 | .Sh SSH_KNOWN_HOSTS FILE FORMAT | 515 | .Sh SSH_KNOWN_HOSTS FILE FORMAT |
511 | The | 516 | The |
512 | .Pa /etc/ssh/ssh_known_hosts , | 517 | .Pa /etc/ssh/ssh_known_hosts |
513 | and | 518 | and |
514 | .Pa $HOME/.ssh/known_hosts | 519 | .Pa $HOME/.ssh/known_hosts |
515 | files contain host public keys for all known hosts. | 520 | files contain host public keys for all known hosts. |
@@ -630,7 +635,7 @@ These files should be writable only by root/the owner. | |||
630 | .Pa /etc/ssh/ssh_known_hosts | 635 | .Pa /etc/ssh/ssh_known_hosts |
631 | should be world-readable, and | 636 | should be world-readable, and |
632 | .Pa $HOME/.ssh/known_hosts | 637 | .Pa $HOME/.ssh/known_hosts |
633 | can but need not be world-readable. | 638 | can, but need not be, world-readable. |
634 | .It Pa /etc/nologin | 639 | .It Pa /etc/nologin |
635 | If this file exists, | 640 | If this file exists, |
636 | .Nm | 641 | .Nm |
@@ -647,7 +652,7 @@ Further details are described in | |||
647 | This file contains host-username pairs, separated by a space, one per | 652 | This file contains host-username pairs, separated by a space, one per |
648 | line. | 653 | line. |
649 | The given user on the corresponding host is permitted to log in | 654 | The given user on the corresponding host is permitted to log in |
650 | without password. | 655 | without a password. |
651 | The same file is used by rlogind and rshd. | 656 | The same file is used by rlogind and rshd. |
652 | The file must | 657 | The file must |
653 | be writable only by the user; it is recommended that it not be | 658 | be writable only by the user; it is recommended that it not be |
@@ -716,7 +721,9 @@ controlled via the | |||
716 | .Cm PermitUserEnvironment | 721 | .Cm PermitUserEnvironment |
717 | option. | 722 | option. |
718 | .It Pa $HOME/.ssh/rc | 723 | .It Pa $HOME/.ssh/rc |
719 | If this file exists, it is run with /bin/sh after reading the | 724 | If this file exists, it is run with |
725 | .Pa /bin/sh | ||
726 | after reading the | ||
720 | environment files but before starting the user's shell or command. | 727 | environment files but before starting the user's shell or command. |
721 | It must not produce any output on stdout; stderr must be used | 728 | It must not produce any output on stdout; stderr must be used |
722 | instead. | 729 | instead. |