diff options
| author | Damien Miller <djm@mindrot.org> | 2003-06-03 10:25:48 +1000 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2003-06-03 10:25:48 +1000 |
| commit | 3a961dc0d36c1f87788b707130f6d07709822d38 (patch) | |
| tree | 57f3a729408e4cbe08fa7f9699de2e583e0b2ca0 /sshd_config.5 | |
| parent | 35276253a60a3e57ec21b82b2e3c81e03c0206de (diff) | |
- (djm) OpenBSD CVS Sync
- markus@cvs.openbsd.org 2003/06/02 09:17:34
[auth2-hostbased.c auth.c auth-options.c auth-rhosts.c auth-rh-rsa.c]
[canohost.c monitor.c servconf.c servconf.h session.c sshd_config]
[sshd_config.5]
deprecate VerifyReverseMapping since it's dangerous if combined
with IP based access control as noted by Mike Harding; replace with
a UseDNS option, UseDNS is on by default and includes the
VerifyReverseMapping check; with itojun@, provos@, jakob@ and deraadt@
ok deraadt@, djm@
- (djm) Fix portable-specific uses of verify_reverse_mapping too
Diffstat (limited to 'sshd_config.5')
| -rw-r--r-- | sshd_config.5 | 18 |
1 files changed, 9 insertions, 9 deletions
diff --git a/sshd_config.5 b/sshd_config.5 index 86b3289a1..0c6108e0f 100644 --- a/sshd_config.5 +++ b/sshd_config.5 | |||
| @@ -34,7 +34,7 @@ | |||
| 34 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 34 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
| 35 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 35 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
| 36 | .\" | 36 | .\" |
| 37 | .\" $OpenBSD: sshd_config.5,v 1.17 2003/05/20 12:09:32 jmc Exp $ | 37 | .\" $OpenBSD: sshd_config.5,v 1.18 2003/06/02 09:17:34 markus Exp $ |
| 38 | .Dd September 25, 1999 | 38 | .Dd September 25, 1999 |
| 39 | .Dt SSHD_CONFIG 5 | 39 | .Dt SSHD_CONFIG 5 |
| 40 | .Os | 40 | .Os |
| @@ -585,6 +585,14 @@ Gives the facility code that is used when logging messages from | |||
| 585 | The possible values are: DAEMON, USER, AUTH, LOCAL0, LOCAL1, LOCAL2, | 585 | The possible values are: DAEMON, USER, AUTH, LOCAL0, LOCAL1, LOCAL2, |
| 586 | LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7. | 586 | LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7. |
| 587 | The default is AUTH. | 587 | The default is AUTH. |
| 588 | .It Cm UseDNS | ||
| 589 | Specifies whether | ||
| 590 | .Nm sshd | ||
| 591 | should lookup the remote host name and check that | ||
| 592 | the resolved host name for the remote IP address maps back to the | ||
| 593 | very same IP address. | ||
| 594 | The default is | ||
| 595 | .Dq yes . | ||
| 588 | .It Cm UseLogin | 596 | .It Cm UseLogin |
| 589 | Specifies whether | 597 | Specifies whether |
| 590 | .Xr login 1 | 598 | .Xr login 1 |
| @@ -622,14 +630,6 @@ The goal of privilege separation is to prevent privilege | |||
| 622 | escalation by containing any corruption within the unprivileged processes. | 630 | escalation by containing any corruption within the unprivileged processes. |
| 623 | The default is | 631 | The default is |
| 624 | .Dq yes . | 632 | .Dq yes . |
| 625 | .It Cm VerifyReverseMapping | ||
| 626 | Specifies whether | ||
| 627 | .Nm sshd | ||
| 628 | should try to verify the remote host name and check that | ||
| 629 | the resolved host name for the remote IP address maps back to the | ||
| 630 | very same IP address. | ||
| 631 | The default is | ||
| 632 | .Dq no . | ||
| 633 | .It Cm X11DisplayOffset | 633 | .It Cm X11DisplayOffset |
| 634 | Specifies the first display number available for | 634 | Specifies the first display number available for |
| 635 | .Nm sshd Ns 's | 635 | .Nm sshd Ns 's |