summaryrefslogtreecommitdiff
path: root/sshd_config.0
diff options
context:
space:
mode:
authorColin Watson <cjwatson@debian.org>2010-01-24 22:46:54 +0000
committerColin Watson <cjwatson@debian.org>2010-01-24 22:46:54 +0000
commit59247ecde39f2d826a94ab07f6095ca1f6644e88 (patch)
tree5910d4a840352aafbf67e8a39fa63936e5529b26 /sshd_config.0
parent07d905b406c4ab64ea2f10a22f4f8f0d595269f6 (diff)
parent964476f91b66c475d5b8fa1e8b28d39a97a1b56e (diff)
* New upstream release.
* Update to GSSAPI patch from http://www.sxw.org.uk/computing/patches/openssh-5.3p1-gsskex-all-20100124.patch.
Diffstat (limited to 'sshd_config.0')
-rw-r--r--sshd_config.019
1 files changed, 11 insertions, 8 deletions
diff --git a/sshd_config.0 b/sshd_config.0
index 067f757de..9e73c5906 100644
--- a/sshd_config.0
+++ b/sshd_config.0
@@ -88,14 +88,16 @@ DESCRIPTION
88 protocol version 2. By default, no banner is displayed. 88 protocol version 2. By default, no banner is displayed.
89 89
90 ChallengeResponseAuthentication 90 ChallengeResponseAuthentication
91 Specifies whether challenge-response authentication is allowed. 91 Specifies whether challenge-response authentication is allowed
92 All authentication styles from login.conf(5) are supported. The 92 (e.g. via PAM or though authentication styles supported in
93 default is ``yes''. 93 login.conf(5)) The default is ``yes''.
94 94
95 ChrootDirectory 95 ChrootDirectory
96 Specifies a path to chroot(2) to after authentication. This 96 Specifies a path to chroot(2) to after authentication. This
97 path, and all its components, must be root-owned directories that 97 path, and all its components, must be root-owned directories that
98 are not writable by any other user or group. 98 are not writable by any other user or group. After the chroot,
99 sshd(8) changes the working directory to the user's home directo-
100 ry.
99 101
100 The path may contain the following tokens that are expanded at 102 The path may contain the following tokens that are expanded at
101 runtime once the connecting user has been authenticated: %% is 103 runtime once the connecting user has been authenticated: %% is
@@ -104,13 +106,14 @@ DESCRIPTION
104 name of that user. 106 name of that user.
105 107
106 The ChrootDirectory must contain the necessary files and directo- 108 The ChrootDirectory must contain the necessary files and directo-
107 ries to support the users' session. For an interactive session 109 ries to support the user's session. For an interactive session
108 this requires at least a shell, typically sh(1), and basic /dev 110 this requires at least a shell, typically sh(1), and basic /dev
109 nodes such as null(4), zero(4), stdin(4), stdout(4), stderr(4), 111 nodes such as null(4), zero(4), stdin(4), stdout(4), stderr(4),
110 arandom(4) and tty(4) devices. For file transfer sessions using 112 arandom(4) and tty(4) devices. For file transfer sessions using
111 ``sftp'', no additional configuration of the environment is nec- 113 ``sftp'', no additional configuration of the environment is nec-
112 essary if the in-process sftp server is used (see Subsystem for 114 essary if the in-process sftp server is used, though sessions
113 details). 115 which use logging do require /dev/log inside the chroot directory
116 (see sftp-server(8) for details).
114 117
115 The default is not to chroot(2). 118 The default is not to chroot(2).
116 119
@@ -628,4 +631,4 @@ AUTHORS
628 versions 1.5 and 2.0. Niels Provos and Markus Friedl contributed support 631 versions 1.5 and 2.0. Niels Provos and Markus Friedl contributed support
629 for privilege separation. 632 for privilege separation.
630 633
631OpenBSD 4.5 February 22, 2009 10 634OpenBSD 4.6 April 21, 2009 10