summaryrefslogtreecommitdiff
path: root/sshd_config.0
diff options
context:
space:
mode:
authorColin Watson <cjwatson@debian.org>2007-12-23 15:20:40 +0000
committerColin Watson <cjwatson@debian.org>2007-12-23 15:20:40 +0000
commit70847d299887abb96f8703ca99db6d817b78960e (patch)
treef8e6473c82fb339cbbb1d6598a9dc1c7f122c7cc /sshd_config.0
parent09bfb50d0dc78390593749e6f37e403da404dc94 (diff)
parent086ea76990b1e6287c24b6db74adffd4605eb3b0 (diff)
Import OpenSSH 4.7p1.
Diffstat (limited to 'sshd_config.0')
-rw-r--r--sshd_config.0575
1 files changed, 575 insertions, 0 deletions
diff --git a/sshd_config.0 b/sshd_config.0
new file mode 100644
index 000000000..0b340ad20
--- /dev/null
+++ b/sshd_config.0
@@ -0,0 +1,575 @@
1SSHD_CONFIG(5) OpenBSD Programmer's Manual SSHD_CONFIG(5)
2
3NAME
4 sshd_config - OpenSSH SSH daemon configuration file
5
6SYNOPSIS
7 /etc/ssh/sshd_config
8
9DESCRIPTION
10 sshd(8) reads configuration data from /etc/ssh/sshd_config (or the file
11 specified with -f on the command line). The file contains keyword-argu-
12 ment pairs, one per line. Lines starting with `#' and empty lines are
13 interpreted as comments. Arguments may optionally be enclosed in double
14 quotes (") in order to represent arguments containing spaces.
15
16 The possible keywords and their meanings are as follows (note that key-
17 words are case-insensitive and arguments are case-sensitive):
18
19 AcceptEnv
20 Specifies what environment variables sent by the client will be
21 copied into the session's environ(7). See SendEnv in
22 ssh_config(5) for how to configure the client. Note that envi-
23 ronment passing is only supported for protocol 2. Variables are
24 specified by name, which may contain the wildcard characters `*'
25 and `?'. Multiple environment variables may be separated by
26 whitespace or spread across multiple AcceptEnv directives. Be
27 warned that some environment variables could be used to bypass
28 restricted user environments. For this reason, care should be
29 taken in the use of this directive. The default is not to accept
30 any environment variables.
31
32 AddressFamily
33 Specifies which address family should be used by sshd(8). Valid
34 arguments are ``any'', ``inet'' (use IPv4 only), or ``inet6''
35 (use IPv6 only). The default is ``any''.
36
37 AllowGroups
38 This keyword can be followed by a list of group name patterns,
39 separated by spaces. If specified, login is allowed only for
40 users whose primary group or supplementary group list matches one
41 of the patterns. Only group names are valid; a numerical group
42 ID is not recognized. By default, login is allowed for all
43 groups. The allow/deny directives are processed in the following
44 order: DenyUsers, AllowUsers, DenyGroups, and finally
45 AllowGroups.
46
47 See PATTERNS in ssh_config(5) for more information on patterns.
48
49 AllowTcpForwarding
50 Specifies whether TCP forwarding is permitted. The default is
51 ``yes''. Note that disabling TCP forwarding does not improve se-
52 curity unless users are also denied shell access, as they can al-
53 ways install their own forwarders.
54
55 AllowUsers
56 This keyword can be followed by a list of user name patterns,
57 separated by spaces. If specified, login is allowed only for us-
58 er names that match one of the patterns. Only user names are
59 valid; a numerical user ID is not recognized. By default, login
60 is allowed for all users. If the pattern takes the form US-
61 ER@HOST then USER and HOST are separately checked, restricting
62 logins to particular users from particular hosts. The allow/deny
63 directives are processed in the following order: DenyUsers,
64 AllowUsers, DenyGroups, and finally AllowGroups.
65
66 See PATTERNS in ssh_config(5) for more information on patterns.
67
68 AuthorizedKeysFile
69 Specifies the file that contains the public keys that can be used
70 for user authentication. AuthorizedKeysFile may contain tokens
71 of the form %T which are substituted during connection setup.
72 The following tokens are defined: %% is replaced by a literal
73 '%', %h is replaced by the home directory of the user being au-
74 thenticated, and %u is replaced by the username of that user.
75 After expansion, AuthorizedKeysFile is taken to be an absolute
76 path or one relative to the user's home directory. The default
77 is ``.ssh/authorized_keys''.
78
79 Banner In some jurisdictions, sending a warning message before authenti-
80 cation may be relevant for getting legal protection. The con-
81 tents of the specified file are sent to the remote user before
82 authentication is allowed. This option is only available for
83 protocol version 2. By default, no banner is displayed.
84
85 ChallengeResponseAuthentication
86 Specifies whether challenge-response authentication is allowed.
87 All authentication styles from login.conf(5) are supported. The
88 default is ``yes''.
89
90 Ciphers
91 Specifies the ciphers allowed for protocol version 2. Multiple
92 ciphers must be comma-separated. The supported ciphers are
93 ``3des-cbc'', ``aes128-cbc'', ``aes192-cbc'', ``aes256-cbc'',
94 ``aes128-ctr'', ``aes192-ctr'', ``aes256-ctr'', ``arcfour128'',
95 ``arcfour256'', ``arcfour'', ``blowfish-cbc'', and
96 ``cast128-cbc''. The default is:
97
98 aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,
99 arcfour256,arcfour,aes192-cbc,aes256-cbc,aes128-ctr,
100 aes192-ctr,aes256-ctr
101
102 ClientAliveCountMax
103 Sets the number of client alive messages (see below) which may be
104 sent without sshd(8) receiving any messages back from the client.
105 If this threshold is reached while client alive messages are be-
106 ing sent, sshd will disconnect the client, terminating the ses-
107 sion. It is important to note that the use of client alive mes-
108 sages is very different from TCPKeepAlive (below). The client
109 alive messages are sent through the encrypted channel and there-
110 fore will not be spoofable. The TCP keepalive option enabled by
111 TCPKeepAlive is spoofable. The client alive mechanism is valu-
112 able when the client or server depend on knowing when a connec-
113 tion has become inactive.
114
115 The default value is 3. If ClientAliveInterval (see below) is
116 set to 15, and ClientAliveCountMax is left at the default, unre-
117 sponsive SSH clients will be disconnected after approximately 45
118 seconds. This option applies to protocol version 2 only.
119
120 ClientAliveInterval
121 Sets a timeout interval in seconds after which if no data has
122 been received from the client, sshd(8) will send a message
123 through the encrypted channel to request a response from the
124 client. The default is 0, indicating that these messages will
125 not be sent to the client. This option applies to protocol ver-
126 sion 2 only.
127
128 Compression
129 Specifies whether compression is allowed, or delayed until the
130 user has authenticated successfully. The argument must be
131 ``yes'', ``delayed'', or ``no''. The default is ``delayed''.
132
133 DenyGroups
134 This keyword can be followed by a list of group name patterns,
135 separated by spaces. Login is disallowed for users whose primary
136 group or supplementary group list matches one of the patterns.
137 Only group names are valid; a numerical group ID is not recog-
138 nized. By default, login is allowed for all groups. The al-
139 low/deny directives are processed in the following order:
140 DenyUsers, AllowUsers, DenyGroups, and finally AllowGroups.
141
142 See PATTERNS in ssh_config(5) for more information on patterns.
143
144 DenyUsers
145 This keyword can be followed by a list of user name patterns,
146 separated by spaces. Login is disallowed for user names that
147 match one of the patterns. Only user names are valid; a numeri-
148 cal user ID is not recognized. By default, login is allowed for
149 all users. If the pattern takes the form USER@HOST then USER and
150 HOST are separately checked, restricting logins to particular
151 users from particular hosts. The allow/deny directives are pro-
152 cessed in the following order: DenyUsers, AllowUsers, DenyGroups,
153 and finally AllowGroups.
154
155 See PATTERNS in ssh_config(5) for more information on patterns.
156
157 ForceCommand
158 Forces the execution of the command specified by ForceCommand,
159 ignoring any command supplied by the client. The command is in-
160 voked by using the user's login shell with the -c option. This
161 applies to shell, command, or subsystem execution. It is most
162 useful inside a Match block. The command originally supplied by
163 the client is available in the SSH_ORIGINAL_COMMAND environment
164 variable.
165
166 GatewayPorts
167 Specifies whether remote hosts are allowed to connect to ports
168 forwarded for the client. By default, sshd(8) binds remote port
169 forwardings to the loopback address. This prevents other remote
170 hosts from connecting to forwarded ports. GatewayPorts can be
171 used to specify that sshd should allow remote port forwardings to
172 bind to non-loopback addresses, thus allowing other hosts to con-
173 nect. The argument may be ``no'' to force remote port forward-
174 ings to be available to the local host only, ``yes'' to force re-
175 mote port forwardings to bind to the wildcard address, or
176 ``clientspecified'' to allow the client to select the address to
177 which the forwarding is bound. The default is ``no''.
178
179 GSSAPIAuthentication
180 Specifies whether user authentication based on GSSAPI is allowed.
181 The default is ``no''. Note that this option applies to protocol
182 version 2 only.
183
184 GSSAPICleanupCredentials
185 Specifies whether to automatically destroy the user's credentials
186 cache on logout. The default is ``yes''. Note that this option
187 applies to protocol version 2 only.
188
189 HostbasedAuthentication
190 Specifies whether rhosts or /etc/hosts.equiv authentication to-
191 gether with successful public key client host authentication is
192 allowed (host-based authentication). This option is similar to
193 RhostsRSAAuthentication and applies to protocol version 2 only.
194 The default is ``no''.
195
196 HostbasedUsesNameFromPacketOnly
197 Specifies whether or not the server will attempt to perform a re-
198 verse name lookup when matching the name in the ~/.shosts,
199 ~/.rhosts, and /etc/hosts.equiv files during
200 HostbasedAuthentication. A setting of ``yes'' means that sshd(8)
201 uses the name supplied by the client rather than attempting to
202 resolve the name from the TCP connection itself. The default is
203 ``no''.
204
205 HostKey
206 Specifies a file containing a private host key used by SSH. The
207 default is /etc/ssh/ssh_host_key for protocol version 1, and
208 /etc/ssh/ssh_host_rsa_key and /etc/ssh/ssh_host_dsa_key for pro-
209 tocol version 2. Note that sshd(8) will refuse to use a file if
210 it is group/world-accessible. It is possible to have multiple
211 host key files. ``rsa1'' keys are used for version 1 and ``dsa''
212 or ``rsa'' are used for version 2 of the SSH protocol.
213
214 IgnoreRhosts
215 Specifies that .rhosts and .shosts files will not be used in
216 RhostsRSAAuthentication or HostbasedAuthentication.
217
218 /etc/hosts.equiv and /etc/shosts.equiv are still used. The de-
219 fault is ``yes''.
220
221 IgnoreUserKnownHosts
222 Specifies whether sshd(8) should ignore the user's
223 ~/.ssh/known_hosts during RhostsRSAAuthentication or
224 HostbasedAuthentication. The default is ``no''.
225
226 KerberosAuthentication
227 Specifies whether the password provided by the user for
228 PasswordAuthentication will be validated through the Kerberos
229 KDC. To use this option, the server needs a Kerberos servtab
230 which allows the verification of the KDC's identity. The default
231 is ``no''.
232
233 KerberosGetAFSToken
234 If AFS is active and the user has a Kerberos 5 TGT, attempt to
235 acquire an AFS token before accessing the user's home directory.
236 The default is ``no''.
237
238 KerberosOrLocalPasswd
239 If password authentication through Kerberos fails then the pass-
240 word will be validated via any additional local mechanism such as
241 /etc/passwd. The default is ``yes''.
242
243 KerberosTicketCleanup
244 Specifies whether to automatically destroy the user's ticket
245 cache file on logout. The default is ``yes''.
246
247 KeyRegenerationInterval
248 In protocol version 1, the ephemeral server key is automatically
249 regenerated after this many seconds (if it has been used). The
250 purpose of regeneration is to prevent decrypting captured ses-
251 sions by later breaking into the machine and stealing the keys.
252 The key is never stored anywhere. If the value is 0, the key is
253 never regenerated. The default is 3600 (seconds).
254
255 ListenAddress
256 Specifies the local addresses sshd(8) should listen on. The fol-
257 lowing forms may be used:
258
259 ListenAddress host|IPv4_addr|IPv6_addr
260 ListenAddress host|IPv4_addr:port
261 ListenAddress [host|IPv6_addr]:port
262
263 If port is not specified, sshd will listen on the address and all
264 prior Port options specified. The default is to listen on all
265 local addresses. Multiple ListenAddress options are permitted.
266 Additionally, any Port options must precede this option for non-
267 port qualified addresses.
268
269 LoginGraceTime
270 The server disconnects after this time if the user has not suc-
271 cessfully logged in. If the value is 0, there is no time limit.
272 The default is 120 seconds.
273
274 LogLevel
275 Gives the verbosity level that is used when logging messages from
276 sshd(8). The possible values are: QUIET, FATAL, ERROR, INFO,
277 VERBOSE, DEBUG, DEBUG1, DEBUG2, and DEBUG3. The default is INFO.
278 DEBUG and DEBUG1 are equivalent. DEBUG2 and DEBUG3 each specify
279 higher levels of debugging output. Logging with a DEBUG level
280 violates the privacy of users and is not recommended.
281
282 MACs Specifies the available MAC (message authentication code) algo-
283 rithms. The MAC algorithm is used in protocol version 2 for data
284 integrity protection. Multiple algorithms must be comma-separat-
285 ed. The default is:
286
287 hmac-md5,hmac-sha1,umac-64@openssh.com,
288 hmac-ripemd160,hmac-sha1-96,hmac-md5-96
289
290 Match Introduces a conditional block. If all of the criteria on the
291 Match line are satisfied, the keywords on the following lines
292 override those set in the global section of the config file, un-
293 til either another Match line or the end of the file. The argu-
294 ments to Match are one or more criteria-pattern pairs. The
295 available criteria are User, Group, Host, and Address. Only a
296 subset of keywords may be used on the lines following a Match
297 keyword. Available keywords are AllowTcpForwarding, Banner,
298 ForceCommand, GatewayPorts, GSSApiAuthentication,
299 KbdInteractiveAuthentication, KerberosAuthentication,
300 PasswordAuthentication, PermitOpen, RhostsRSAAuthentication,
301 RSAAuthentication, X11DisplayOffset, X11Forwarding, and
302 X11UseLocalHost.
303
304 MaxAuthTries
305 Specifies the maximum number of authentication attempts permitted
306 per connection. Once the number of failures reaches half this
307 value, additional failures are logged. The default is 6.
308
309 MaxStartups
310 Specifies the maximum number of concurrent unauthenticated con-
311 nections to the SSH daemon. Additional connections will be
312 dropped until authentication succeeds or the LoginGraceTime ex-
313 pires for a connection. The default is 10.
314
315 Alternatively, random early drop can be enabled by specifying the
316 three colon separated values ``start:rate:full'' (e.g.
317 "10:30:60"). sshd(8) will refuse connection attempts with a
318 probability of ``rate/100'' (30%) if there are currently
319 ``start'' (10) unauthenticated connections. The probability in-
320 creases linearly and all connection attempts are refused if the
321 number of unauthenticated connections reaches ``full'' (60).
322
323 PasswordAuthentication
324 Specifies whether password authentication is allowed. The de-
325 fault is ``yes''.
326
327 PermitEmptyPasswords
328 When password authentication is allowed, it specifies whether the
329 server allows login to accounts with empty password strings. The
330 default is ``no''.
331
332 PermitOpen
333 Specifies the destinations to which TCP port forwarding is per-
334 mitted. The forwarding specification must be one of the follow-
335 ing forms:
336
337 PermitOpen host:port
338 PermitOpen IPv4_addr:port
339 PermitOpen [IPv6_addr]:port
340
341 Multiple forwards may be specified by separating them with
342 whitespace. An argument of ``any'' can be used to remove all re-
343 strictions and permit any forwarding requests. By default all
344 port forwarding requests are permitted.
345
346 PermitRootLogin
347 Specifies whether root can log in using ssh(1). The argument
348 must be ``yes'', ``without-password'', ``forced-commands-only'',
349 or ``no''. The default is ``yes''.
350
351 If this option is set to ``without-password'', password authenti-
352 cation is disabled for root.
353
354 If this option is set to ``forced-commands-only'', root login
355 with public key authentication will be allowed, but only if the
356 command option has been specified (which may be useful for taking
357 remote backups even if root login is normally not allowed). All
358 other authentication methods are disabled for root.
359
360 If this option is set to ``no'', root is not allowed to log in.
361
362 PermitTunnel
363 Specifies whether tun(4) device forwarding is allowed. The argu-
364 ment must be ``yes'', ``point-to-point'' (layer 3), ``ethernet''
365 (layer 2), or ``no''. Specifying ``yes'' permits both ``point-
366 to-point'' and ``ethernet''. The default is ``no''.
367
368 PermitUserEnvironment
369 Specifies whether ~/.ssh/environment and environment= options in
370 ~/.ssh/authorized_keys are processed by sshd(8). The default is
371 ``no''. Enabling environment processing may enable users to by-
372 pass access restrictions in some configurations using mechanisms
373 such as LD_PRELOAD.
374
375 PidFile
376 Specifies the file that contains the process ID of the SSH dae-
377 mon. The default is /var/run/sshd.pid.
378
379 Port Specifies the port number that sshd(8) listens on. The default
380 is 22. Multiple options of this type are permitted. See also
381 ListenAddress.
382
383 PrintLastLog
384 Specifies whether sshd(8) should print the date and time of the
385 last user login when a user logs in interactively. The default
386 is ``yes''.
387
388 PrintMotd
389 Specifies whether sshd(8) should print /etc/motd when a user logs
390 in interactively. (On some systems it is also printed by the
391 shell, /etc/profile, or equivalent.) The default is ``yes''.
392
393 Protocol
394 Specifies the protocol versions sshd(8) supports. The possible
395 values are `1' and `2'. Multiple versions must be comma-separat-
396 ed. The default is ``2,1''. Note that the order of the protocol
397 list does not indicate preference, because the client selects
398 among multiple protocol versions offered by the server. Specify-
399 ing ``2,1'' is identical to ``1,2''.
400
401 PubkeyAuthentication
402 Specifies whether public key authentication is allowed. The de-
403 fault is ``yes''. Note that this option applies to protocol ver-
404 sion 2 only.
405
406 RhostsRSAAuthentication
407 Specifies whether rhosts or /etc/hosts.equiv authentication to-
408 gether with successful RSA host authentication is allowed. The
409 default is ``no''. This option applies to protocol version 1 on-
410 ly.
411
412 RSAAuthentication
413 Specifies whether pure RSA authentication is allowed. The de-
414 fault is ``yes''. This option applies to protocol version 1 on-
415 ly.
416
417 ServerKeyBits
418 Defines the number of bits in the ephemeral protocol version 1
419 server key. The minimum value is 512, and the default is 768.
420
421 StrictModes
422 Specifies whether sshd(8) should check file modes and ownership
423 of the user's files and home directory before accepting login.
424 This is normally desirable because novices sometimes accidentally
425 leave their directory or files world-writable. The default is
426 ``yes''.
427
428 Subsystem
429 Configures an external subsystem (e.g. file transfer daemon).
430 Arguments should be a subsystem name and a command (with optional
431 arguments) to execute upon subsystem request. The command
432 sftp-server(8) implements the ``sftp'' file transfer subsystem.
433 By default no subsystems are defined. Note that this option ap-
434 plies to protocol version 2 only.
435
436 SyslogFacility
437 Gives the facility code that is used when logging messages from
438 sshd(8). The possible values are: DAEMON, USER, AUTH, LOCAL0,
439 LOCAL1, LOCAL2, LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7. The de-
440 fault is AUTH.
441
442 TCPKeepAlive
443 Specifies whether the system should send TCP keepalive messages
444 to the other side. If they are sent, death of the connection or
445 crash of one of the machines will be properly noticed. However,
446 this means that connections will die if the route is down tem-
447 porarily, and some people find it annoying. On the other hand,
448 if TCP keepalives are not sent, sessions may hang indefinitely on
449 the server, leaving ``ghost'' users and consuming server re-
450 sources.
451
452 The default is ``yes'' (to send TCP keepalive messages), and the
453 server will notice if the network goes down or the client host
454 crashes. This avoids infinitely hanging sessions.
455
456 To disable TCP keepalive messages, the value should be set to
457 ``no''.
458
459 UseDNS Specifies whether sshd(8) should look up the remote host name and
460 check that the resolved host name for the remote IP address maps
461 back to the very same IP address. The default is ``yes''.
462
463 UseLogin
464 Specifies whether login(1) is used for interactive login ses-
465 sions. The default is ``no''. Note that login(1) is never used
466 for remote command execution. Note also, that if this is en-
467 abled, X11Forwarding will be disabled because login(1) does not
468 know how to handle xauth(1) cookies. If UsePrivilegeSeparation
469 is specified, it will be disabled after authentication.
470
471 UsePAM Enables the Pluggable Authentication Module interface. If set to
472 ``yes'' this will enable PAM authentication using
473 ChallengeResponseAuthentication and PasswordAuthentication in ad-
474 dition to PAM account and session module processing for all au-
475 thentication types.
476
477 Because PAM challenge-response authentication usually serves an
478 equivalent role to password authentication, you should disable
479 either PasswordAuthentication or ChallengeResponseAuthentication.
480
481 If UsePAM is enabled, you will not be able to run sshd(8) as a
482 non-root user. The default is ``no''.
483
484 UsePrivilegeSeparation
485 Specifies whether sshd(8) separates privileges by creating an un-
486 privileged child process to deal with incoming network traffic.
487 After successful authentication, another process will be created
488 that has the privilege of the authenticated user. The goal of
489 privilege separation is to prevent privilege escalation by con-
490 taining any corruption within the unprivileged processes. The
491 default is ``yes''.
492
493 X11DisplayOffset
494 Specifies the first display number available for sshd(8)'s X11
495 forwarding. This prevents sshd from interfering with real X11
496 servers. The default is 10.
497
498 X11Forwarding
499 Specifies whether X11 forwarding is permitted. The argument must
500 be ``yes'' or ``no''. The default is ``no''.
501
502 When X11 forwarding is enabled, there may be additional exposure
503 to the server and to client displays if the sshd(8) proxy display
504 is configured to listen on the wildcard address (see
505 X11UseLocalhost below), though this is not the default. Addi-
506 tionally, the authentication spoofing and authentication data
507 verification and substitution occur on the client side. The se-
508 curity risk of using X11 forwarding is that the client's X11 dis-
509 play server may be exposed to attack when the SSH client requests
510 forwarding (see the warnings for ForwardX11 in ssh_config(5)). A
511 system administrator may have a stance in which they want to pro-
512 tect clients that may expose themselves to attack by unwittingly
513 requesting X11 forwarding, which can warrant a ``no'' setting.
514
515 Note that disabling X11 forwarding does not prevent users from
516 forwarding X11 traffic, as users can always install their own
517 forwarders. X11 forwarding is automatically disabled if UseLogin
518 is enabled.
519
520 X11UseLocalhost
521 Specifies whether sshd(8) should bind the X11 forwarding server
522 to the loopback address or to the wildcard address. By default,
523 sshd binds the forwarding server to the loopback address and sets
524 the hostname part of the DISPLAY environment variable to
525 ``localhost''. This prevents remote hosts from connecting to the
526 proxy display. However, some older X11 clients may not function
527 with this configuration. X11UseLocalhost may be set to ``no'' to
528 specify that the forwarding server should be bound to the wild-
529 card address. The argument must be ``yes'' or ``no''. The de-
530 fault is ``yes''.
531
532 XAuthLocation
533 Specifies the full pathname of the xauth(1) program. The default
534 is /usr/X11R6/bin/xauth.
535
536TIME FORMATS
537 sshd(8) command-line arguments and configuration file options that speci-
538 fy time may be expressed using a sequence of the form: time[qualifier],
539 where time is a positive integer value and qualifier is one of the fol-
540 lowing:
541
542 <none> seconds
543 s | S seconds
544 m | M minutes
545 h | H hours
546 d | D days
547 w | W weeks
548
549 Each member of the sequence is added together to calculate the total time
550 value.
551
552 Time format examples:
553
554 600 600 seconds (10 minutes)
555 10m 10 minutes
556 1h30m 1 hour 30 minutes (90 minutes)
557
558FILES
559 /etc/ssh/sshd_config
560 Contains configuration data for sshd(8). This file should be
561 writable by root only, but it is recommended (though not neces-
562 sary) that it be world-readable.
563
564SEE ALSO
565 sshd(8)
566
567AUTHORS
568 OpenSSH is a derivative of the original and free ssh 1.2.12 release by
569 Tatu Ylonen. Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, Theo
570 de Raadt and Dug Song removed many bugs, re-added newer features and cre-
571 ated OpenSSH. Markus Friedl contributed the support for SSH protocol
572 versions 1.5 and 2.0. Niels Provos and Markus Friedl contributed support
573 for privilege separation.
574
575OpenBSD 4.2 June 11, 2007 9
generated by cgit v1.2.3 (git 2.39.1) at 2024-06-01 09:12:33 +0000