summaryrefslogtreecommitdiff
path: root/sshd_config.5
diff options
context:
space:
mode:
authorColin Watson <cjwatson@debian.org>2003-09-01 18:50:00 +0000
committerColin Watson <cjwatson@debian.org>2003-09-01 18:50:00 +0000
commit1501d1e253613aba573e163869a2f704abd73a44 (patch)
tree01cf736a2a33136d2da1d39a5fe4199318dce445 /sshd_config.5
parent8d6b7f4c46de3feb66f704ab483e51ea1a3bb0e1 (diff)
parent053db7da5ce09acdf742789d9d1a05e81d4861d0 (diff)
Debian release 3.6.1p1-1.
Diffstat (limited to 'sshd_config.5')
-rw-r--r--sshd_config.530
1 files changed, 17 insertions, 13 deletions
diff --git a/sshd_config.5 b/sshd_config.5
index 23ac0e96d..6f38a260a 100644
--- a/sshd_config.5
+++ b/sshd_config.5
@@ -34,7 +34,7 @@
34.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 34.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
35.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 35.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
36.\" 36.\"
37.\" $OpenBSD: sshd_config.5,v 1.14 2003/01/23 08:58:47 jmc Exp $ 37.\" $OpenBSD: sshd_config.5,v 1.15 2003/03/28 10:11:43 jmc Exp $
38.Dd September 25, 1999 38.Dd September 25, 1999
39.Dt SSHD_CONFIG 5 39.Dt SSHD_CONFIG 5
40.Os 40.Os
@@ -211,8 +211,8 @@ Specifies whether remote hosts are allowed to connect to ports
211forwarded for the client. 211forwarded for the client.
212By default, 212By default,
213.Nm sshd 213.Nm sshd
214binds remote port forwardings to the loopback address. This 214binds remote port forwardings to the loopback address.
215prevents other remote hosts from connecting to forwarded ports. 215This prevents other remote hosts from connecting to forwarded ports.
216.Cm GatewayPorts 216.Cm GatewayPorts
217can be used to specify that 217can be used to specify that
218.Nm sshd 218.Nm sshd
@@ -370,7 +370,8 @@ is not specified,
370will listen on the address and all prior 370will listen on the address and all prior
371.Cm Port 371.Cm Port
372options specified. The default is to listen on all local 372options specified. The default is to listen on all local
373addresses. Multiple 373addresses.
374Multiple
374.Cm ListenAddress 375.Cm ListenAddress
375options are permitted. Additionally, any 376options are permitted. Additionally, any
376.Cm Port 377.Cm Port
@@ -385,10 +386,10 @@ Gives the verbosity level that is used when logging messages from
385.Nm sshd . 386.Nm sshd .
386The possible values are: 387The possible values are:
387QUIET, FATAL, ERROR, INFO, VERBOSE, DEBUG, DEBUG1, DEBUG2 and DEBUG3. 388QUIET, FATAL, ERROR, INFO, VERBOSE, DEBUG, DEBUG1, DEBUG2 and DEBUG3.
388The default is INFO. DEBUG and DEBUG1 are equivalent. DEBUG2 389The default is INFO.
389and DEBUG3 each specify higher levels of debugging output. 390DEBUG and DEBUG1 are equivalent.
390Logging with a DEBUG level violates the privacy of users 391DEBUG2 and DEBUG3 each specify higher levels of debugging output.
391and is not recommended. 392Logging with a DEBUG level violates the privacy of users and is not recommended.
392.It Cm MACs 393.It Cm MACs
393Specifies the available MAC (message authentication code) algorithms. 394Specifies the available MAC (message authentication code) algorithms.
394The MAC algorithm is used in protocol version 2 395The MAC algorithm is used in protocol version 2
@@ -599,16 +600,18 @@ will be disabled because
599.Xr login 1 600.Xr login 1
600does not know how to handle 601does not know how to handle
601.Xr xauth 1 602.Xr xauth 1
602cookies. If 603cookies.
604If
603.Cm UsePrivilegeSeparation 605.Cm UsePrivilegeSeparation
604is specified, it will be disabled after authentication. 606is specified, it will be disabled after authentication.
605.It Cm UsePrivilegeSeparation 607.It Cm UsePrivilegeSeparation
606Specifies whether 608Specifies whether
607.Nm sshd 609.Nm sshd
608separates privileges by creating an unprivileged child process 610separates privileges by creating an unprivileged child process
609to deal with incoming network traffic. After successful authentication, 611to deal with incoming network traffic.
610another process will be created that has the privilege of the authenticated 612After successful authentication, another process will be created that has
611user. The goal of privilege separation is to prevent privilege 613the privilege of the authenticated user.
614The goal of privilege separation is to prevent privilege
612escalation by containing any corruption within the unprivileged processes. 615escalation by containing any corruption within the unprivileged processes.
613The default is 616The default is
614.Dq yes . 617.Dq yes .
@@ -666,7 +669,8 @@ is enabled.
666Specifies whether 669Specifies whether
667.Nm sshd 670.Nm sshd
668should bind the X11 forwarding server to the loopback address or to 671should bind the X11 forwarding server to the loopback address or to
669the wildcard address. By default, 672the wildcard address.
673By default,
670.Nm sshd 674.Nm sshd
671binds the forwarding server to the loopback address and sets the 675binds the forwarding server to the loopback address and sets the
672hostname part of the 676hostname part of the