summaryrefslogtreecommitdiff
path: root/sshd_config.5
diff options
context:
space:
mode:
authorColin Watson <cjwatson@debian.org>2017-10-04 11:23:58 +0100
committerColin Watson <cjwatson@debian.org>2017-10-04 11:23:58 +0100
commit62f54f20bf351468e0124f63cc2902ee40d9b0e9 (patch)
tree3e090f2711b94ca5029d3fa3e8047b1ed1448b1f /sshd_config.5
parent6fabaf6fd9b07cc8bc6a17c9c4a5b76849cfc874 (diff)
parent66bf74a92131b7effe49fb0eefe5225151869dc5 (diff)
Import openssh_7.6p1.orig.tar.gz
Diffstat (limited to 'sshd_config.5')
-rw-r--r--sshd_config.545
1 files changed, 26 insertions, 19 deletions
diff --git a/sshd_config.5 b/sshd_config.5
index ac6ccc793..251b7467f 100644
--- a/sshd_config.5
+++ b/sshd_config.5
@@ -33,15 +33,13 @@
33.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 33.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
34.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 34.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
35.\" 35.\"
36.\" $OpenBSD: sshd_config.5,v 1.243 2017/03/14 07:19:07 djm Exp $ 36.\" $OpenBSD: sshd_config.5,v 1.253 2017/09/27 06:45:53 jmc Exp $
37.Dd $Mdocdate: March 14 2017 $ 37.Dd $Mdocdate: September 27 2017 $
38.Dt SSHD_CONFIG 5 38.Dt SSHD_CONFIG 5
39.Os 39.Os
40.Sh NAME 40.Sh NAME
41.Nm sshd_config 41.Nm sshd_config
42.Nd OpenSSH SSH daemon configuration file 42.Nd OpenSSH SSH daemon configuration file
43.Sh SYNOPSIS
44.Nm /etc/ssh/sshd_config
45.Sh DESCRIPTION 43.Sh DESCRIPTION
46.Xr sshd 8 44.Xr sshd 8
47reads configuration data from 45reads configuration data from
@@ -225,6 +223,18 @@ requires successful authentication using two different public keys.
225.Pp 223.Pp
226Note that each authentication method listed should also be explicitly enabled 224Note that each authentication method listed should also be explicitly enabled
227in the configuration. 225in the configuration.
226.Pp
227The available authentication methods are:
228.Qq gssapi-with-mic ,
229.Qq hostbased ,
230.Qq keyboard-interactive ,
231.Qq none
232(used for access to password-less accounts when
233.Cm PermitEmptyPassword
234is enabled),
235.Qq password
236and
237.Qq publickey .
228.It Cm AuthorizedKeysCommand 238.It Cm AuthorizedKeysCommand
229Specifies a program to be used to look up the user's public keys. 239Specifies a program to be used to look up the user's public keys.
230The program must be owned by root, not writable by group or others and 240The program must be owned by root, not writable by group or others and
@@ -464,16 +474,6 @@ aes128-gcm@openssh.com
464.It 474.It
465aes256-gcm@openssh.com 475aes256-gcm@openssh.com
466.It 476.It
467arcfour
468.It
469arcfour128
470.It
471arcfour256
472.It
473blowfish-cbc
474.It
475cast128-cbc
476.It
477chacha20-poly1305@openssh.com 477chacha20-poly1305@openssh.com
478.El 478.El
479.Pp 479.Pp
@@ -574,6 +574,14 @@ Disables all forwarding features, including X11,
574TCP and StreamLocal. 574TCP and StreamLocal.
575This option overrides all other forwarding-related options and may 575This option overrides all other forwarding-related options and may
576simplify restricted configurations. 576simplify restricted configurations.
577.It Cm ExposeAuthInfo
578Writes a temporary file containing a list of authentication methods and
579public credentials (e.g. keys) used to authenticate the user.
580The location of the file is exposed to the user session through the
581.Ev SSH_USER_AUTH
582environment variable.
583The default is
584.Cm no .
577.It Cm FingerprintHash 585.It Cm FingerprintHash
578Specifies the hash algorithm used when logging key fingerprints. 586Specifies the hash algorithm used when logging key fingerprints.
579Valid options are: 587Valid options are:
@@ -798,7 +806,9 @@ Accepted values are
798.Cm lowdelay , 806.Cm lowdelay ,
799.Cm throughput , 807.Cm throughput ,
800.Cm reliability , 808.Cm reliability ,
801or a numeric value. 809a numeric value, or
810.Cm none
811to use the operating system default.
802This option may take one or two arguments, separated by whitespace. 812This option may take one or two arguments, separated by whitespace.
803If one argument is specified, it is used as the packet class unconditionally. 813If one argument is specified, it is used as the packet class unconditionally.
804If two values are specified, the first is automatically selected for 814If two values are specified, the first is automatically selected for
@@ -962,8 +972,6 @@ hmac-md5
962.It 972.It
963hmac-md5-96 973hmac-md5-96
964.It 974.It
965hmac-ripemd160
966.It
967hmac-sha1 975hmac-sha1
968.It 976.It
969hmac-sha1-96 977hmac-sha1-96
@@ -980,8 +988,6 @@ hmac-md5-etm@openssh.com
980.It 988.It
981hmac-md5-96-etm@openssh.com 989hmac-md5-96-etm@openssh.com
982.It 990.It
983hmac-ripemd160-etm@openssh.com
984.It
985hmac-sha1-etm@openssh.com 991hmac-sha1-etm@openssh.com
986.It 992.It
987hmac-sha1-96-etm@openssh.com 993hmac-sha1-96-etm@openssh.com
@@ -1080,6 +1086,7 @@ Available keywords are
1080.Cm IPQoS , 1086.Cm IPQoS ,
1081.Cm KbdInteractiveAuthentication , 1087.Cm KbdInteractiveAuthentication ,
1082.Cm KerberosAuthentication , 1088.Cm KerberosAuthentication ,
1089.Cm LogLevel ,
1083.Cm MaxAuthTries , 1090.Cm MaxAuthTries ,
1084.Cm MaxSessions , 1091.Cm MaxSessions ,
1085.Cm PasswordAuthentication , 1092.Cm PasswordAuthentication ,