diff options
author | Darren Tucker <dtucker@zip.com.au> | 2006-07-12 22:34:17 +1000 |
---|---|---|
committer | Darren Tucker <dtucker@zip.com.au> | 2006-07-12 22:34:17 +1000 |
commit | 4515047e47f26377a46f480ed5929e8ccfa18720 (patch) | |
tree | a7485f1794bcab3a46c5f3efcf2a3ba630021be9 /sshd_config.5 | |
parent | ba724050263c0bca0a7dffa26462d046c4df7e01 (diff) |
- dtucker@cvs.openbsd.org 2006/07/12 11:34:58
[sshd.c servconf.h servconf.c sshd_config.5 auth.c]
Add support for conditional directives to sshd_config via a "Match"
keyword, which works similarly to the "Host" directive in ssh_config.
Lines after a Match line override the default set in the main section
if the condition on the Match line is true, eg
AllowTcpForwarding yes
Match User anoncvs
AllowTcpForwarding no
will allow port forwarding by all users except "anoncvs".
Currently only a very small subset of directives are supported.
ok djm@
Diffstat (limited to 'sshd_config.5')
-rw-r--r-- | sshd_config.5 | 23 |
1 files changed, 22 insertions, 1 deletions
diff --git a/sshd_config.5 b/sshd_config.5 index 3b639b17d..0b2646027 100644 --- a/sshd_config.5 +++ b/sshd_config.5 | |||
@@ -34,7 +34,7 @@ | |||
34 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 34 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
35 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 35 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
36 | .\" | 36 | .\" |
37 | .\" $OpenBSD: sshd_config.5,v 1.59 2006/07/06 10:47:05 djm Exp $ | 37 | .\" $OpenBSD: sshd_config.5,v 1.60 2006/07/12 11:34:58 dtucker Exp $ |
38 | .Dd September 25, 1999 | 38 | .Dd September 25, 1999 |
39 | .Dt SSHD_CONFIG 5 | 39 | .Dt SSHD_CONFIG 5 |
40 | .Os | 40 | .Os |
@@ -463,6 +463,27 @@ for data integrity protection. | |||
463 | Multiple algorithms must be comma-separated. | 463 | Multiple algorithms must be comma-separated. |
464 | The default is: | 464 | The default is: |
465 | .Dq hmac-md5,hmac-sha1,hmac-ripemd160,hmac-sha1-96,hmac-md5-96 . | 465 | .Dq hmac-md5,hmac-sha1,hmac-ripemd160,hmac-sha1-96,hmac-md5-96 . |
466 | .It Cm Match | ||
467 | Introduces a conditional block. Keywords on lines following a | ||
468 | .Cm Match | ||
469 | block are only applied if all of the criteria on the | ||
470 | .Cm Match | ||
471 | are satisfied. | ||
472 | The the arguments to | ||
473 | .Cm Match | ||
474 | block are one or more criteria-pattern pairs. | ||
475 | The available criteria are | ||
476 | .Cm User , | ||
477 | .Cm Host , | ||
478 | and | ||
479 | .Cm Address . | ||
480 | Only a subset of keywords may be used on the lines following a | ||
481 | .Cm Match | ||
482 | keyword. | ||
483 | Available keywords are | ||
484 | .Cm AllowTcpForwarding , | ||
485 | and | ||
486 | .Cm GatewayPorts . | ||
466 | .It Cm MaxAuthTries | 487 | .It Cm MaxAuthTries |
467 | Specifies the maximum number of authentication attempts permitted per | 488 | Specifies the maximum number of authentication attempts permitted per |
468 | connection. | 489 | connection. |