merge 6.1p1

author: Colin Watson <cjwatson@debian.org> 2012-09-06 23:20:10 +0100
committer: Colin Watson <cjwatson@debian.org> 2012-09-06 23:20:10 +0100
commit: c6a2c0334e45419875687d250aed9bea78480f2e (patch)
tree: d8f01bef9f3921fa1ca7592a19474be9c8349f76 /sshd_config.5
parent: dd5ed53e20d218607260916a6b04d1c8c5b3d88f (diff)
parent: 8b13b5bdc4f19bd52ee673104d66b71c21153b96 (diff)
1 files changed, 22 insertions, 6 deletions
diff --git a/sshd_config.5 b/sshd_config.5
index e96a4ad86..ef4164edd 100644
--- a/sshd_config.5
+++ b/sshd_config.5
@@ -33,8 +33,8 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: sshd_config.5,v 1.136 2011/09/09 00:43:00 djm Exp $
+.\" $OpenBSD: sshd_config.5,v 1.144 2012/06/29 13:57:25 naddy Exp $
-.Dd $Mdocdate: September 9 2011 $
+.Dd $Mdocdate: June 29 2012 $
 .Dt SSHD_CONFIG 5
 .Os
 .Sh NAME
@@ -198,7 +198,9 @@ After expansion,
 is taken to be an absolute path or one relative to the user's home
 directory.
 .Pp
-The default is not to use a principals file \(en in this case, the username
+The default is
+.Dq none ,
+i.e. not to use a principals file \(en in this case, the username
 of the user must appear in a certificate's principals list for it to be
 accepted.
 Note that
@@ -683,9 +685,8 @@ Multiple algorithms must be comma-separated.
 The default is:
 .Bd -literal -offset indent
 hmac-md5,hmac-sha1,umac-64@openssh.com,
-hmac-ripemd160,hmac-sha1-96,hmac-md5-96,
+hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,
-hmac-sha2-256,hmac-sha256-96,hmac-sha2-512,
+hmac-sha1-96,hmac-md5-96
-hmac-sha2-512-96
 .Ed
 .It Cm Match
 Introduces a conditional block.
@@ -703,6 +704,8 @@ The available criteria are
 .Cm User ,
 .Cm Group ,
 .Cm Host ,
+.Cm LocalAddress ,
+.Cm LocalPort ,
 and
 .Cm Address .
 The match patterns may consist of single entries or comma-separated
@@ -731,12 +734,17 @@ Only a subset of keywords may be used on the lines following a
 .Cm Match
 keyword.
 Available keywords are
+.Cm AcceptEnv ,
 .Cm AllowAgentForwarding ,
+.Cm AllowGroups ,
 .Cm AllowTcpForwarding ,
+.Cm AllowUsers ,
 .Cm AuthorizedKeysFile ,
 .Cm AuthorizedPrincipalsFile ,
 .Cm Banner ,
 .Cm ChrootDirectory ,
+.Cm DenyGroups ,
+.Cm DenyUsers ,
 .Cm ForceCommand ,
 .Cm GatewayPorts ,
 .Cm GSSAPIAuthentication ,
@@ -826,6 +834,9 @@ Multiple forwards may be specified by separating them with whitespace.
 An argument of
 .Dq any
 can be used to remove all restrictions and permit any forwarding requests.
+An argument of
+.Dq none
+can be used to prohibit all forwarding requests.
 By default all port forwarding requests are permitted.
 .It Cm PermitRootLogin
 Specifies whether root can log in using
@@ -1107,6 +1118,11 @@ is set to
 .Dq sandbox
 then the pre-authentication unprivileged process is subject to additional
 restrictions.
+.It Cm VersionAddendum
+Optionally specifies additional text to append to the SSH protocol banner
+sent by the server upon connection.
+The default is
+.Dq none .
 .It Cm X11DisplayOffset
 Specifies the first display number available for
 .Xr sshd 8 Ns 's
author	Colin Watson <cjwatson@debian.org>	2012-09-06 23:20:10 +0100
committer	Colin Watson <cjwatson@debian.org>	2012-09-06 23:20:10 +0100
commit	c6a2c0334e45419875687d250aed9bea78480f2e (patch)
tree	d8f01bef9f3921fa1ca7592a19474be9c8349f76 /sshd_config.5
parent	dd5ed53e20d218607260916a6b04d1c8c5b3d88f (diff)
parent	8b13b5bdc4f19bd52ee673104d66b71c21153b96 (diff)

diff --git a/sshd_config.5 b/sshd_config.5 index e96a4ad86..ef4164edd 100644 --- a/sshd_config.5 +++ b/sshd_config.5
@@ -33,8 +33,8 @@
33	.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF	33	.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
34	.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.	34	.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
35	.\"	35	.\"
36	.\" $OpenBSD: sshd_config.5,v 1.136 2011/09/09 00:43:00 djm Exp $	36	.\" $OpenBSD: sshd_config.5,v 1.144 2012/06/29 13:57:25 naddy Exp $
37	.Dd $Mdocdate: September 9 2011 $	37	.Dd $Mdocdate: June 29 2012 $
38	.Dt SSHD_CONFIG 5	38	.Dt SSHD_CONFIG 5
39	.Os	39	.Os
40	.Sh NAME	40	.Sh NAME
@@ -198,7 +198,9 @@ After expansion,
198	is taken to be an absolute path or one relative to the user's home	198	is taken to be an absolute path or one relative to the user's home
199	directory.	199	directory.
200	.Pp	200	.Pp
201	The default is not to use a principals file \(en in this case, the username	201	The default is
		202	.Dq none ,
		203	i.e. not to use a principals file \(en in this case, the username
202	of the user must appear in a certificate's principals list for it to be	204	of the user must appear in a certificate's principals list for it to be
203	accepted.	205	accepted.
204	Note that	206	Note that
@@ -683,9 +685,8 @@ Multiple algorithms must be comma-separated.
683	The default is:	685	The default is:
684	.Bd -literal -offset indent	686	.Bd -literal -offset indent
685	hmac-md5,hmac-sha1,umac-64@openssh.com,	687	hmac-md5,hmac-sha1,umac-64@openssh.com,
686	hmac-ripemd160,hmac-sha1-96,hmac-md5-96,	688	hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,
687	hmac-sha2-256,hmac-sha256-96,hmac-sha2-512,	689	hmac-sha1-96,hmac-md5-96
688	hmac-sha2-512-96
689	.Ed	690	.Ed
690	.It Cm Match	691	.It Cm Match
691	Introduces a conditional block.	692	Introduces a conditional block.
@@ -703,6 +704,8 @@ The available criteria are
703	.Cm User ,	704	.Cm User ,
704	.Cm Group ,	705	.Cm Group ,
705	.Cm Host ,	706	.Cm Host ,
		707	.Cm LocalAddress ,
		708	.Cm LocalPort ,
706	and	709	and
707	.Cm Address .	710	.Cm Address .
708	The match patterns may consist of single entries or comma-separated	711	The match patterns may consist of single entries or comma-separated
@@ -731,12 +734,17 @@ Only a subset of keywords may be used on the lines following a
731	.Cm Match	734	.Cm Match
732	keyword.	735	keyword.
733	Available keywords are	736	Available keywords are
		737	.Cm AcceptEnv ,
734	.Cm AllowAgentForwarding ,	738	.Cm AllowAgentForwarding ,
		739	.Cm AllowGroups ,
735	.Cm AllowTcpForwarding ,	740	.Cm AllowTcpForwarding ,
		741	.Cm AllowUsers ,
736	.Cm AuthorizedKeysFile ,	742	.Cm AuthorizedKeysFile ,
737	.Cm AuthorizedPrincipalsFile ,	743	.Cm AuthorizedPrincipalsFile ,
738	.Cm Banner ,	744	.Cm Banner ,
739	.Cm ChrootDirectory ,	745	.Cm ChrootDirectory ,
		746	.Cm DenyGroups ,
		747	.Cm DenyUsers ,
740	.Cm ForceCommand ,	748	.Cm ForceCommand ,
741	.Cm GatewayPorts ,	749	.Cm GatewayPorts ,
742	.Cm GSSAPIAuthentication ,	750	.Cm GSSAPIAuthentication ,
@@ -826,6 +834,9 @@ Multiple forwards may be specified by separating them with whitespace.
826	An argument of	834	An argument of
827	.Dq any	835	.Dq any
828	can be used to remove all restrictions and permit any forwarding requests.	836	can be used to remove all restrictions and permit any forwarding requests.
		837	An argument of
		838	.Dq none
		839	can be used to prohibit all forwarding requests.
829	By default all port forwarding requests are permitted.	840	By default all port forwarding requests are permitted.
830	.It Cm PermitRootLogin	841	.It Cm PermitRootLogin
831	Specifies whether root can log in using	842	Specifies whether root can log in using
@@ -1107,6 +1118,11 @@ is set to
1107	.Dq sandbox	1118	.Dq sandbox
1108	then the pre-authentication unprivileged process is subject to additional	1119	then the pre-authentication unprivileged process is subject to additional
1109	restrictions.	1120	restrictions.
		1121	.It Cm VersionAddendum
		1122	Optionally specifies additional text to append to the SSH protocol banner
		1123	sent by the server upon connection.
		1124	The default is
		1125	.Dq none .
1110	.It Cm X11DisplayOffset	1126	.It Cm X11DisplayOffset
1111	Specifies the first display number available for	1127	Specifies the first display number available for
1112	.Xr sshd 8 Ns 's	1128	.Xr sshd 8 Ns 's