summaryrefslogtreecommitdiff
path: root/sshd_config.0
diff options
context:
space:
mode:
authorColin Watson <cjwatson@debian.org>2014-02-10 00:18:28 +0000
committerColin Watson <cjwatson@debian.org>2014-02-10 00:18:28 +0000
commit9a975a9faed7c4f334e8c8490db3e77e102f2b21 (patch)
tree764a885ec9a963f6a8b15de6e1765f16b9ac4738 /sshd_config.0
parentee196dab7c5f97f0b80c8099343a375bead92010 (diff)
parentcdb6c90811caa5df2df856be9b0b16db020fe31d (diff)
Import openssh_6.5p1.orig.tar.gz
Diffstat (limited to 'sshd_config.0')
-rw-r--r--sshd_config.066
1 files changed, 40 insertions, 26 deletions
diff --git a/sshd_config.0 b/sshd_config.0
index 5f1df7b58..5962b02b9 100644
--- a/sshd_config.0
+++ b/sshd_config.0
@@ -198,18 +198,25 @@ DESCRIPTION
198 198
199 Ciphers 199 Ciphers
200 Specifies the ciphers allowed for protocol version 2. Multiple 200 Specifies the ciphers allowed for protocol version 2. Multiple
201 ciphers must be comma-separated. The supported ciphers are 201 ciphers must be comma-separated. The supported ciphers are:
202
202 ``3des-cbc'', ``aes128-cbc'', ``aes192-cbc'', ``aes256-cbc'', 203 ``3des-cbc'', ``aes128-cbc'', ``aes192-cbc'', ``aes256-cbc'',
203 ``aes128-ctr'', ``aes192-ctr'', ``aes256-ctr'', 204 ``aes128-ctr'', ``aes192-ctr'', ``aes256-ctr'',
204 ``aes128-gcm@openssh.com'', ``aes256-gcm@openssh.com'', 205 ``aes128-gcm@openssh.com'', ``aes256-gcm@openssh.com'',
205 ``arcfour128'', ``arcfour256'', ``arcfour'', ``blowfish-cbc'', 206 ``arcfour128'', ``arcfour256'', ``arcfour'', ``blowfish-cbc'',
206 and ``cast128-cbc''. The default is: 207 ``cast128-cbc'', and ``chacha20-poly1305@openssh.com''.
208
209 The default is:
207 210
208 aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128, 211 aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,
209 aes128-gcm@openssh.com,aes256-gcm@openssh.com, 212 aes128-gcm@openssh.com,aes256-gcm@openssh.com,
213 chacha20-poly1305@openssh.com,
210 aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc, 214 aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,
211 aes256-cbc,arcfour 215 aes256-cbc,arcfour
212 216
217 The list of available ciphers may also be obtained using the -Q
218 option of ssh(1).
219
213 ClientAliveCountMax 220 ClientAliveCountMax
214 Sets the number of client alive messages (see below) which may be 221 Sets the number of client alive messages (see below) which may be
215 sent without sshd(8) receiving any messages back from the client. 222 sent without sshd(8) receiving any messages back from the client.
@@ -325,15 +332,15 @@ DESCRIPTION
325 HostKey 332 HostKey
326 Specifies a file containing a private host key used by SSH. The 333 Specifies a file containing a private host key used by SSH. The
327 default is /etc/ssh/ssh_host_key for protocol version 1, and 334 default is /etc/ssh/ssh_host_key for protocol version 1, and
328 /etc/ssh/ssh_host_dsa_key, /etc/ssh/ssh_host_ecdsa_key and 335 /etc/ssh/ssh_host_dsa_key, /etc/ssh/ssh_host_ecdsa_key,
329 /etc/ssh/ssh_host_rsa_key for protocol version 2. Note that 336 /etc/ssh/ssh_host_ed25519_key and /etc/ssh/ssh_host_rsa_key for
330 sshd(8) will refuse to use a file if it is group/world- 337 protocol version 2. Note that sshd(8) will refuse to use a file
331 accessible. It is possible to have multiple host key files. 338 if it is group/world-accessible. It is possible to have multiple
332 ``rsa1'' keys are used for version 1 and ``dsa'', ``ecdsa'' or 339 host key files. ``rsa1'' keys are used for version 1 and
333 ``rsa'' are used for version 2 of the SSH protocol. It is also 340 ``dsa'', ``ecdsa'', ``ed25519'' or ``rsa'' are used for version 2
334 possible to specify public host key files instead. In this case 341 of the SSH protocol. It is also possible to specify public host
335 operations on the private key will be delegated to an 342 key files instead. In this case operations on the private key
336 ssh-agent(1). 343 will be delegated to an ssh-agent(1).
337 344
338 HostKeyAgent 345 HostKeyAgent
339 Identifies the UNIX-domain socket used to communicate with an 346 Identifies the UNIX-domain socket used to communicate with an
@@ -391,10 +398,13 @@ DESCRIPTION
391 KexAlgorithms 398 KexAlgorithms
392 Specifies the available KEX (Key Exchange) algorithms. Multiple 399 Specifies the available KEX (Key Exchange) algorithms. Multiple
393 algorithms must be comma-separated. The default is 400 algorithms must be comma-separated. The default is
394 ``ecdh-sha2-nistp256'', ``ecdh-sha2-nistp384'', 401
395 ``ecdh-sha2-nistp521'', ``diffie-hellman-group-exchange-sha256'', 402 curve25519-sha256@libssh.org,
396 ``diffie-hellman-group-exchange-sha1'', 403 ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,
397 ``diffie-hellman-group14-sha1'', ``diffie-hellman-group1-sha1''. 404 diffie-hellman-group-exchange-sha256,
405 diffie-hellman-group-exchange-sha1,
406 diffie-hellman-group14-sha1,
407 diffie-hellman-group1-sha1
398 408
399 KeyRegenerationInterval 409 KeyRegenerationInterval
400 In protocol version 1, the ephemeral server key is automatically 410 In protocol version 1, the ephemeral server key is automatically
@@ -452,12 +462,12 @@ DESCRIPTION
452 override those set in the global section of the config file, 462 override those set in the global section of the config file,
453 until either another Match line or the end of the file. 463 until either another Match line or the end of the file.
454 464
455 The arguments to Match are one or more criteria-pattern pairs. 465 The arguments to Match are one or more criteria-pattern pairs or
456 The available criteria are User, Group, Host, LocalAddress, 466 the single token All which matches all criteria. The available
457 LocalPort, and Address. The match patterns may consist of single 467 criteria are User, Group, Host, LocalAddress, LocalPort, and
458 entries or comma-separated lists and may use the wildcard and 468 Address. The match patterns may consist of single entries or
459 negation operators described in the PATTERNS section of 469 comma-separated lists and may use the wildcard and negation
460 ssh_config(5). 470 operators described in the PATTERNS section of ssh_config(5).
461 471
462 The patterns in an Address criteria may additionally contain 472 The patterns in an Address criteria may additionally contain
463 addresses to match in CIDR address/masklen format, e.g. 473 addresses to match in CIDR address/masklen format, e.g.
@@ -477,10 +487,10 @@ DESCRIPTION
477 HostbasedAuthentication, HostbasedUsesNameFromPacketOnly, 487 HostbasedAuthentication, HostbasedUsesNameFromPacketOnly,
478 KbdInteractiveAuthentication, KerberosAuthentication, 488 KbdInteractiveAuthentication, KerberosAuthentication,
479 MaxAuthTries, MaxSessions, PasswordAuthentication, 489 MaxAuthTries, MaxSessions, PasswordAuthentication,
480 PermitEmptyPasswords, PermitOpen, PermitRootLogin, PermitTunnel, 490 PermitEmptyPasswords, PermitOpen, PermitRootLogin, PermitTTY,
481 PubkeyAuthentication, RekeyLimit, RhostsRSAAuthentication, 491 PermitTunnel, PubkeyAuthentication, RekeyLimit,
482 RSAAuthentication, X11DisplayOffset, X11Forwarding and 492 RhostsRSAAuthentication, RSAAuthentication, X11DisplayOffset,
483 X11UseLocalHost. 493 X11Forwarding and X11UseLocalHost.
484 494
485 MaxAuthTries 495 MaxAuthTries
486 Specifies the maximum number of authentication attempts permitted 496 Specifies the maximum number of authentication attempts permitted
@@ -551,6 +561,10 @@ DESCRIPTION
551 ``ethernet'' (layer 2), or ``no''. Specifying ``yes'' permits 561 ``ethernet'' (layer 2), or ``no''. Specifying ``yes'' permits
552 both ``point-to-point'' and ``ethernet''. The default is ``no''. 562 both ``point-to-point'' and ``ethernet''. The default is ``no''.
553 563
564 PermitTTY
565 Specifies whether pty(4) allocation is permitted. The default is
566 ``yes''.
567
554 PermitUserEnvironment 568 PermitUserEnvironment
555 Specifies whether ~/.ssh/environment and environment= options in 569 Specifies whether ~/.ssh/environment and environment= options in
556 ~/.ssh/authorized_keys are processed by sshd(8). The default is 570 ~/.ssh/authorized_keys are processed by sshd(8). The default is
@@ -810,4 +824,4 @@ AUTHORS
810 versions 1.5 and 2.0. Niels Provos and Markus Friedl contributed support 824 versions 1.5 and 2.0. Niels Provos and Markus Friedl contributed support
811 for privilege separation. 825 for privilege separation.
812 826
813OpenBSD 5.4 July 19, 2013 OpenBSD 5.4 827OpenBSD 5.4 December 8, 2013 OpenBSD 5.4