diff options
author | Colin Watson <cjwatson@debian.org> | 2011-09-06 09:45:52 +0100 |
---|---|---|
committer | Colin Watson <cjwatson@debian.org> | 2011-09-06 09:45:52 +0100 |
commit | f38224d546cdde55f45c13d3d8225d273a3f920e (patch) | |
tree | a91a26b88ac90dc72d0ea3767feabb341eaa50a8 /sshd_config.5 | |
parent | 338146a3fc257e216fe5c10fe40e6896b40d7739 (diff) | |
parent | e90790abaf031e037f444a6658e136e48577ea49 (diff) |
merge 5.9p1
Diffstat (limited to 'sshd_config.5')
-rw-r--r-- | sshd_config.5 | 17 |
1 files changed, 13 insertions, 4 deletions
diff --git a/sshd_config.5 b/sshd_config.5 index 449afb302..76c95aa19 100644 --- a/sshd_config.5 +++ b/sshd_config.5 | |||
@@ -33,8 +33,8 @@ | |||
33 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 33 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
34 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 34 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
35 | .\" | 35 | .\" |
36 | .\" $OpenBSD: sshd_config.5,v 1.131 2010/12/08 04:02:47 djm Exp $ | 36 | .\" $OpenBSD: sshd_config.5,v 1.135 2011/08/02 01:22:11 djm Exp $ |
37 | .Dd $Mdocdate: December 8 2010 $ | 37 | .Dd $Mdocdate: August 2 2011 $ |
38 | .Dt SSHD_CONFIG 5 | 38 | .Dt SSHD_CONFIG 5 |
39 | .Os | 39 | .Os |
40 | .Sh NAME | 40 | .Sh NAME |
@@ -168,8 +168,9 @@ After expansion, | |||
168 | .Cm AuthorizedKeysFile | 168 | .Cm AuthorizedKeysFile |
169 | is taken to be an absolute path or one relative to the user's home | 169 | is taken to be an absolute path or one relative to the user's home |
170 | directory. | 170 | directory. |
171 | Multiple files may be listed, separated by whitespace. | ||
171 | The default is | 172 | The default is |
172 | .Dq .ssh/authorized_keys . | 173 | .Dq .ssh/authorized_keys .ssh/authorized_keys2 . |
173 | .It Cm AuthorizedPrincipalsFile | 174 | .It Cm AuthorizedPrincipalsFile |
174 | Specifies a file that lists principal names that are accepted for | 175 | Specifies a file that lists principal names that are accepted for |
175 | certificate authentication. | 176 | certificate authentication. |
@@ -682,7 +683,9 @@ Multiple algorithms must be comma-separated. | |||
682 | The default is: | 683 | The default is: |
683 | .Bd -literal -offset indent | 684 | .Bd -literal -offset indent |
684 | hmac-md5,hmac-sha1,umac-64@openssh.com, | 685 | hmac-md5,hmac-sha1,umac-64@openssh.com, |
685 | hmac-ripemd160,hmac-sha1-96,hmac-md5-96 | 686 | hmac-ripemd160,hmac-sha1-96,hmac-md5-96, |
687 | hmac-sha2-256,hmac-sha256-96,hmac-sha2-512, | ||
688 | hmac-sha2-512-96 | ||
686 | .Ed | 689 | .Ed |
687 | .It Cm Match | 690 | .It Cm Match |
688 | Introduces a conditional block. | 691 | Introduces a conditional block. |
@@ -1098,6 +1101,12 @@ The goal of privilege separation is to prevent privilege | |||
1098 | escalation by containing any corruption within the unprivileged processes. | 1101 | escalation by containing any corruption within the unprivileged processes. |
1099 | The default is | 1102 | The default is |
1100 | .Dq yes . | 1103 | .Dq yes . |
1104 | If | ||
1105 | .Cm UsePrivilegeSeparation | ||
1106 | is set to | ||
1107 | .Dq sandbox | ||
1108 | then the pre-authentication unprivileged process is subject to additional | ||
1109 | restrictions. | ||
1101 | .It Cm X11DisplayOffset | 1110 | .It Cm X11DisplayOffset |
1102 | Specifies the first display number available for | 1111 | Specifies the first display number available for |
1103 | .Xr sshd 8 Ns 's | 1112 | .Xr sshd 8 Ns 's |