diff options
author | Colin Watson <cjwatson@debian.org> | 2016-02-29 12:15:15 +0000 |
---|---|---|
committer | Colin Watson <cjwatson@debian.org> | 2016-03-08 11:51:22 +0000 |
commit | 46961f5704f8e86cea3e99253faad55aef4d8f35 (patch) | |
tree | 0dd97fa4fb649a62b4639fe2674380872b1f3e98 /sshd_config.5 | |
parent | c753fe267efb1b027424fa8706cf0385fc3d14c1 (diff) | |
parent | 85e40e87a75fb80a0bf893ac05a417d6c353537d (diff) |
New upstream release (7.2).
Diffstat (limited to 'sshd_config.5')
-rw-r--r-- | sshd_config.5 | 65 |
1 files changed, 39 insertions, 26 deletions
diff --git a/sshd_config.5 b/sshd_config.5 index 0be7250b0..2387b51b8 100644 --- a/sshd_config.5 +++ b/sshd_config.5 | |||
@@ -33,8 +33,8 @@ | |||
33 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 33 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
34 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 34 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
35 | .\" | 35 | .\" |
36 | .\" $OpenBSD: sshd_config.5,v 1.211 2015/08/14 15:32:41 jmc Exp $ | 36 | .\" $OpenBSD: sshd_config.5,v 1.220 2016/02/17 08:57:34 djm Exp $ |
37 | .Dd $Mdocdate: August 14 2015 $ | 37 | .Dd $Mdocdate: February 17 2016 $ |
38 | .Dt SSHD_CONFIG 5 | 38 | .Dt SSHD_CONFIG 5 |
39 | .Os | 39 | .Os |
40 | .Sh NAME | 40 | .Sh NAME |
@@ -95,8 +95,7 @@ See | |||
95 | in | 95 | in |
96 | .Xr ssh_config 5 | 96 | .Xr ssh_config 5 |
97 | for how to configure the client. | 97 | for how to configure the client. |
98 | Note that environment passing is only supported for protocol 2, and | 98 | The |
99 | that the | ||
100 | .Ev TERM | 99 | .Ev TERM |
101 | environment variable is always sent whenever the client | 100 | environment variable is always sent whenever the client |
102 | requests a pseudo-terminal as it is required by the protocol. | 101 | requests a pseudo-terminal as it is required by the protocol. |
@@ -251,7 +250,7 @@ of | |||
251 | .Dq publickey,publickey | 250 | .Dq publickey,publickey |
252 | will require successful authentication using two different public keys. | 251 | will require successful authentication using two different public keys. |
253 | .Pp | 252 | .Pp |
254 | This option is only available for SSH protocol 2 and will yield a fatal | 253 | This option will yield a fatal |
255 | error if enabled if protocol 1 is also enabled. | 254 | error if enabled if protocol 1 is also enabled. |
256 | Note that each authentication method listed should also be explicitly enabled | 255 | Note that each authentication method listed should also be explicitly enabled |
257 | in the configuration. | 256 | in the configuration. |
@@ -310,6 +309,9 @@ After expansion, | |||
310 | is taken to be an absolute path or one relative to the user's home | 309 | is taken to be an absolute path or one relative to the user's home |
311 | directory. | 310 | directory. |
312 | Multiple files may be listed, separated by whitespace. | 311 | Multiple files may be listed, separated by whitespace. |
312 | Alternately this option may be set to | ||
313 | .Dq none | ||
314 | to skip checking for user keys in files. | ||
313 | The default is | 315 | The default is |
314 | .Dq .ssh/authorized_keys .ssh/authorized_keys2 . | 316 | .Dq .ssh/authorized_keys .ssh/authorized_keys2 . |
315 | .It Cm AuthorizedPrincipalsCommand | 317 | .It Cm AuthorizedPrincipalsCommand |
@@ -395,7 +397,6 @@ authentication is allowed. | |||
395 | If the argument is | 397 | If the argument is |
396 | .Dq none | 398 | .Dq none |
397 | then no banner is displayed. | 399 | then no banner is displayed. |
398 | This option is only available for protocol version 2. | ||
399 | By default, no banner is displayed. | 400 | By default, no banner is displayed. |
400 | .It Cm ChallengeResponseAuthentication | 401 | .It Cm ChallengeResponseAuthentication |
401 | Specifies whether challenge-response authentication is allowed (e.g. via | 402 | Specifies whether challenge-response authentication is allowed (e.g. via |
@@ -453,10 +454,12 @@ Misconfiguration can lead to unsafe environments which | |||
453 | .Xr sshd 8 | 454 | .Xr sshd 8 |
454 | cannot detect. | 455 | cannot detect. |
455 | .Pp | 456 | .Pp |
456 | The default is not to | 457 | The default is |
458 | .Dq none , | ||
459 | indicating not to | ||
457 | .Xr chroot 2 . | 460 | .Xr chroot 2 . |
458 | .It Cm Ciphers | 461 | .It Cm Ciphers |
459 | Specifies the ciphers allowed for protocol version 2. | 462 | Specifies the ciphers allowed. |
460 | Multiple ciphers must be comma-separated. | 463 | Multiple ciphers must be comma-separated. |
461 | If the specified value begins with a | 464 | If the specified value begins with a |
462 | .Sq + | 465 | .Sq + |
@@ -537,7 +540,6 @@ If | |||
537 | .Cm ClientAliveCountMax | 540 | .Cm ClientAliveCountMax |
538 | is left at the default, unresponsive SSH clients | 541 | is left at the default, unresponsive SSH clients |
539 | will be disconnected after approximately 45 seconds. | 542 | will be disconnected after approximately 45 seconds. |
540 | This option applies to protocol version 2 only. | ||
541 | .It Cm ClientAliveInterval | 543 | .It Cm ClientAliveInterval |
542 | Sets a timeout interval in seconds after which if no data has been received | 544 | Sets a timeout interval in seconds after which if no data has been received |
543 | from the client, | 545 | from the client, |
@@ -546,7 +548,6 @@ will send a message through the encrypted | |||
546 | channel to request a response from the client. | 548 | channel to request a response from the client. |
547 | The default | 549 | The default |
548 | is 0, indicating that these messages will not be sent to the client. | 550 | is 0, indicating that these messages will not be sent to the client. |
549 | This option applies to protocol version 2 only. | ||
550 | .It Cm Compression | 551 | .It Cm Compression |
551 | Specifies whether compression is allowed, or delayed until | 552 | Specifies whether compression is allowed, or delayed until |
552 | the user has authenticated successfully. | 553 | the user has authenticated successfully. |
@@ -625,6 +626,8 @@ Specifying a command of | |||
625 | will force the use of an in-process sftp server that requires no support | 626 | will force the use of an in-process sftp server that requires no support |
626 | files when used with | 627 | files when used with |
627 | .Cm ChrootDirectory . | 628 | .Cm ChrootDirectory . |
629 | The default is | ||
630 | .Dq none . | ||
628 | .It Cm GatewayPorts | 631 | .It Cm GatewayPorts |
629 | Specifies whether remote hosts are allowed to connect to ports | 632 | Specifies whether remote hosts are allowed to connect to ports |
630 | forwarded for the client. | 633 | forwarded for the client. |
@@ -649,19 +652,16 @@ The default is | |||
649 | Specifies whether user authentication based on GSSAPI is allowed. | 652 | Specifies whether user authentication based on GSSAPI is allowed. |
650 | The default is | 653 | The default is |
651 | .Dq no . | 654 | .Dq no . |
652 | Note that this option applies to protocol version 2 only. | ||
653 | .It Cm GSSAPIKeyExchange | 655 | .It Cm GSSAPIKeyExchange |
654 | Specifies whether key exchange based on GSSAPI is allowed. GSSAPI key exchange | 656 | Specifies whether key exchange based on GSSAPI is allowed. GSSAPI key exchange |
655 | doesn't rely on ssh keys to verify host identity. | 657 | doesn't rely on ssh keys to verify host identity. |
656 | The default is | 658 | The default is |
657 | .Dq no . | 659 | .Dq no . |
658 | Note that this option applies to protocol version 2 only. | ||
659 | .It Cm GSSAPICleanupCredentials | 660 | .It Cm GSSAPICleanupCredentials |
660 | Specifies whether to automatically destroy the user's credentials cache | 661 | Specifies whether to automatically destroy the user's credentials cache |
661 | on logout. | 662 | on logout. |
662 | The default is | 663 | The default is |
663 | .Dq yes . | 664 | .Dq yes . |
664 | Note that this option applies to protocol version 2 only. | ||
665 | .It Cm GSSAPIStrictAcceptorCheck | 665 | .It Cm GSSAPIStrictAcceptorCheck |
666 | Determines whether to be strict about the identity of the GSSAPI acceptor | 666 | Determines whether to be strict about the identity of the GSSAPI acceptor |
667 | a client authenticates against. | 667 | a client authenticates against. |
@@ -709,9 +709,6 @@ may be used to list supported key types. | |||
709 | Specifies whether rhosts or /etc/hosts.equiv authentication together | 709 | Specifies whether rhosts or /etc/hosts.equiv authentication together |
710 | with successful public key client host authentication is allowed | 710 | with successful public key client host authentication is allowed |
711 | (host-based authentication). | 711 | (host-based authentication). |
712 | This option is similar to | ||
713 | .Cm RhostsRSAAuthentication | ||
714 | and applies to protocol version 2 only. | ||
715 | The default is | 712 | The default is |
716 | .Dq no . | 713 | .Dq no . |
717 | .It Cm HostbasedUsesNameFromPacketOnly | 714 | .It Cm HostbasedUsesNameFromPacketOnly |
@@ -782,7 +779,7 @@ is specified, the location of the socket will be read from the | |||
782 | .Ev SSH_AUTH_SOCK | 779 | .Ev SSH_AUTH_SOCK |
783 | environment variable. | 780 | environment variable. |
784 | .It Cm HostKeyAlgorithms | 781 | .It Cm HostKeyAlgorithms |
785 | Specifies the protocol version 2 host key algorithms | 782 | Specifies the host key algorithms |
786 | that the server offers. | 783 | that the server offers. |
787 | The default for this option is: | 784 | The default for this option is: |
788 | .Bd -literal -offset 3n | 785 | .Bd -literal -offset 3n |
@@ -1003,8 +1000,7 @@ DEBUG2 and DEBUG3 each specify higher levels of debugging output. | |||
1003 | Logging with a DEBUG level violates the privacy of users and is not recommended. | 1000 | Logging with a DEBUG level violates the privacy of users and is not recommended. |
1004 | .It Cm MACs | 1001 | .It Cm MACs |
1005 | Specifies the available MAC (message authentication code) algorithms. | 1002 | Specifies the available MAC (message authentication code) algorithms. |
1006 | The MAC algorithm is used in protocol version 2 | 1003 | The MAC algorithm is used for data integrity protection. |
1007 | for data integrity protection. | ||
1008 | Multiple algorithms must be comma-separated. | 1004 | Multiple algorithms must be comma-separated. |
1009 | If the specified value begins with a | 1005 | If the specified value begins with a |
1010 | .Sq + | 1006 | .Sq + |
@@ -1060,8 +1056,9 @@ The default is: | |||
1060 | .Bd -literal -offset indent | 1056 | .Bd -literal -offset indent |
1061 | umac-64-etm@openssh.com,umac-128-etm@openssh.com, | 1057 | umac-64-etm@openssh.com,umac-128-etm@openssh.com, |
1062 | hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com, | 1058 | hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com, |
1059 | hmac-sha1-etm@openssh.com, | ||
1063 | umac-64@openssh.com,umac-128@openssh.com, | 1060 | umac-64@openssh.com,umac-128@openssh.com, |
1064 | hmac-sha2-256,hmac-sha2-512 | 1061 | hmac-sha2-256,hmac-sha2-512,hmac-sha1 |
1065 | .Ed | 1062 | .Ed |
1066 | .Pp | 1063 | .Pp |
1067 | The list of available MAC algorithms may also be obtained using the | 1064 | The list of available MAC algorithms may also be obtained using the |
@@ -1131,6 +1128,8 @@ Available keywords are | |||
1131 | .Cm AuthorizedKeysCommand , | 1128 | .Cm AuthorizedKeysCommand , |
1132 | .Cm AuthorizedKeysCommandUser , | 1129 | .Cm AuthorizedKeysCommandUser , |
1133 | .Cm AuthorizedKeysFile , | 1130 | .Cm AuthorizedKeysFile , |
1131 | .Cm AuthorizedPrincipalsCommand , | ||
1132 | .Cm AuthorizedPrincipalsCommandUser , | ||
1134 | .Cm AuthorizedPrincipalsFile , | 1133 | .Cm AuthorizedPrincipalsFile , |
1135 | .Cm Banner , | 1134 | .Cm Banner , |
1136 | .Cm ChrootDirectory , | 1135 | .Cm ChrootDirectory , |
@@ -1174,7 +1173,15 @@ Once the number of failures reaches half this value, | |||
1174 | additional failures are logged. | 1173 | additional failures are logged. |
1175 | The default is 6. | 1174 | The default is 6. |
1176 | .It Cm MaxSessions | 1175 | .It Cm MaxSessions |
1177 | Specifies the maximum number of open sessions permitted per network connection. | 1176 | Specifies the maximum number of open shell, login or subsystem (e.g. sftp) |
1177 | sessions permitted per network connection. | ||
1178 | Multiple sessions may be established by clients that support connection | ||
1179 | multiplexing. | ||
1180 | Setting | ||
1181 | .Cm MaxSessions | ||
1182 | to 1 will effectively disable session multiplexing, whereas setting it to 0 | ||
1183 | will prevent all shell, login and subsystem sessions while still permitting | ||
1184 | forwarding. | ||
1178 | The default is 10. | 1185 | The default is 10. |
1179 | .It Cm MaxStartups | 1186 | .It Cm MaxStartups |
1180 | Specifies the maximum number of concurrent unauthenticated connections to the | 1187 | Specifies the maximum number of concurrent unauthenticated connections to the |
@@ -1364,6 +1371,10 @@ and | |||
1364 | Multiple versions must be comma-separated. | 1371 | Multiple versions must be comma-separated. |
1365 | The default is | 1372 | The default is |
1366 | .Sq 2 . | 1373 | .Sq 2 . |
1374 | Protocol 1 suffers from a number of cryptographic weaknesses and should | ||
1375 | not be used. | ||
1376 | It is only offered to support legacy devices. | ||
1377 | .Pp | ||
1367 | Note that the order of the protocol list does not indicate preference, | 1378 | Note that the order of the protocol list does not indicate preference, |
1368 | because the client selects among multiple protocol versions offered | 1379 | because the client selects among multiple protocol versions offered |
1369 | by the server. | 1380 | by the server. |
@@ -1398,7 +1409,6 @@ may be used to list supported key types. | |||
1398 | Specifies whether public key authentication is allowed. | 1409 | Specifies whether public key authentication is allowed. |
1399 | The default is | 1410 | The default is |
1400 | .Dq yes . | 1411 | .Dq yes . |
1401 | Note that this option applies to protocol version 2 only. | ||
1402 | .It Cm RekeyLimit | 1412 | .It Cm RekeyLimit |
1403 | Specifies the maximum amount of data that may be transmitted before the | 1413 | Specifies the maximum amount of data that may be transmitted before the |
1404 | session key is renegotiated, optionally followed a maximum amount of | 1414 | session key is renegotiated, optionally followed a maximum amount of |
@@ -1424,7 +1434,6 @@ is | |||
1424 | .Dq default none , | 1434 | .Dq default none , |
1425 | which means that rekeying is performed after the cipher's default amount | 1435 | which means that rekeying is performed after the cipher's default amount |
1426 | of data has been sent or received and no time based rekeying is done. | 1436 | of data has been sent or received and no time based rekeying is done. |
1427 | This option applies to protocol version 2 only. | ||
1428 | .It Cm RevokedKeys | 1437 | .It Cm RevokedKeys |
1429 | Specifies revoked public keys file, or | 1438 | Specifies revoked public keys file, or |
1430 | .Dq none | 1439 | .Dq none |
@@ -1511,7 +1520,6 @@ This may simplify configurations using | |||
1511 | to force a different filesystem root on clients. | 1520 | to force a different filesystem root on clients. |
1512 | .Pp | 1521 | .Pp |
1513 | By default no subsystems are defined. | 1522 | By default no subsystems are defined. |
1514 | Note that this option applies to protocol version 2 only. | ||
1515 | .It Cm SyslogFacility | 1523 | .It Cm SyslogFacility |
1516 | Gives the facility code that is used when logging messages from | 1524 | Gives the facility code that is used when logging messages from |
1517 | .Xr sshd 8 . | 1525 | .Xr sshd 8 . |
@@ -1627,14 +1635,19 @@ After successful authentication, another process will be created that has | |||
1627 | the privilege of the authenticated user. | 1635 | the privilege of the authenticated user. |
1628 | The goal of privilege separation is to prevent privilege | 1636 | The goal of privilege separation is to prevent privilege |
1629 | escalation by containing any corruption within the unprivileged processes. | 1637 | escalation by containing any corruption within the unprivileged processes. |
1630 | The default is | 1638 | The argument must be |
1631 | .Dq yes . | 1639 | .Dq yes , |
1640 | .Dq no , | ||
1641 | or | ||
1642 | .Dq sandbox . | ||
1632 | If | 1643 | If |
1633 | .Cm UsePrivilegeSeparation | 1644 | .Cm UsePrivilegeSeparation |
1634 | is set to | 1645 | is set to |
1635 | .Dq sandbox | 1646 | .Dq sandbox |
1636 | then the pre-authentication unprivileged process is subject to additional | 1647 | then the pre-authentication unprivileged process is subject to additional |
1637 | restrictions. | 1648 | restrictions. |
1649 | The default is | ||
1650 | .Dq sandbox . | ||
1638 | .It Cm VersionAddendum | 1651 | .It Cm VersionAddendum |
1639 | Optionally specifies additional text to append to the SSH protocol banner | 1652 | Optionally specifies additional text to append to the SSH protocol banner |
1640 | sent by the server upon connection. | 1653 | sent by the server upon connection. |