diff options
author | Damien Miller <djm@mindrot.org> | 2003-06-03 10:25:48 +1000 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2003-06-03 10:25:48 +1000 |
commit | 3a961dc0d36c1f87788b707130f6d07709822d38 (patch) | |
tree | 57f3a729408e4cbe08fa7f9699de2e583e0b2ca0 /sshd_config.5 | |
parent | 35276253a60a3e57ec21b82b2e3c81e03c0206de (diff) |
- (djm) OpenBSD CVS Sync
- markus@cvs.openbsd.org 2003/06/02 09:17:34
[auth2-hostbased.c auth.c auth-options.c auth-rhosts.c auth-rh-rsa.c]
[canohost.c monitor.c servconf.c servconf.h session.c sshd_config]
[sshd_config.5]
deprecate VerifyReverseMapping since it's dangerous if combined
with IP based access control as noted by Mike Harding; replace with
a UseDNS option, UseDNS is on by default and includes the
VerifyReverseMapping check; with itojun@, provos@, jakob@ and deraadt@
ok deraadt@, djm@
- (djm) Fix portable-specific uses of verify_reverse_mapping too
Diffstat (limited to 'sshd_config.5')
-rw-r--r-- | sshd_config.5 | 18 |
1 files changed, 9 insertions, 9 deletions
diff --git a/sshd_config.5 b/sshd_config.5 index 86b3289a1..0c6108e0f 100644 --- a/sshd_config.5 +++ b/sshd_config.5 | |||
@@ -34,7 +34,7 @@ | |||
34 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 34 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
35 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 35 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
36 | .\" | 36 | .\" |
37 | .\" $OpenBSD: sshd_config.5,v 1.17 2003/05/20 12:09:32 jmc Exp $ | 37 | .\" $OpenBSD: sshd_config.5,v 1.18 2003/06/02 09:17:34 markus Exp $ |
38 | .Dd September 25, 1999 | 38 | .Dd September 25, 1999 |
39 | .Dt SSHD_CONFIG 5 | 39 | .Dt SSHD_CONFIG 5 |
40 | .Os | 40 | .Os |
@@ -585,6 +585,14 @@ Gives the facility code that is used when logging messages from | |||
585 | The possible values are: DAEMON, USER, AUTH, LOCAL0, LOCAL1, LOCAL2, | 585 | The possible values are: DAEMON, USER, AUTH, LOCAL0, LOCAL1, LOCAL2, |
586 | LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7. | 586 | LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7. |
587 | The default is AUTH. | 587 | The default is AUTH. |
588 | .It Cm UseDNS | ||
589 | Specifies whether | ||
590 | .Nm sshd | ||
591 | should lookup the remote host name and check that | ||
592 | the resolved host name for the remote IP address maps back to the | ||
593 | very same IP address. | ||
594 | The default is | ||
595 | .Dq yes . | ||
588 | .It Cm UseLogin | 596 | .It Cm UseLogin |
589 | Specifies whether | 597 | Specifies whether |
590 | .Xr login 1 | 598 | .Xr login 1 |
@@ -622,14 +630,6 @@ The goal of privilege separation is to prevent privilege | |||
622 | escalation by containing any corruption within the unprivileged processes. | 630 | escalation by containing any corruption within the unprivileged processes. |
623 | The default is | 631 | The default is |
624 | .Dq yes . | 632 | .Dq yes . |
625 | .It Cm VerifyReverseMapping | ||
626 | Specifies whether | ||
627 | .Nm sshd | ||
628 | should try to verify the remote host name and check that | ||
629 | the resolved host name for the remote IP address maps back to the | ||
630 | very same IP address. | ||
631 | The default is | ||
632 | .Dq no . | ||
633 | .It Cm X11DisplayOffset | 633 | .It Cm X11DisplayOffset |
634 | Specifies the first display number available for | 634 | Specifies the first display number available for |
635 | .Nm sshd Ns 's | 635 | .Nm sshd Ns 's |