diff options
| author | Damien Miller <djm@mindrot.org> | 2003-05-23 18:44:23 +1000 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2003-05-23 18:44:23 +1000 |
| commit | fbf486b4a6e0f39b3d6533a2c18d1a120e98b83c (patch) | |
| tree | 7377adcab2b512e9ab0eddab49554fc2687c6781 /sshd_config.5 | |
| parent | 5067792a7267cd1affe339bf7e9469ecc444eb25 (diff) | |
- jmc@cvs.openbsd.org 2003/05/20 12:09:31
[ssh.1 ssh_config.5 sshd.8 sshd_config.5 ssh-keygen.1]
new sentence, new line
Diffstat (limited to 'sshd_config.5')
| -rw-r--r-- | sshd_config.5 | 38 |
1 files changed, 22 insertions, 16 deletions
diff --git a/sshd_config.5 b/sshd_config.5 index 8250be8d6..86b3289a1 100644 --- a/sshd_config.5 +++ b/sshd_config.5 | |||
| @@ -34,7 +34,7 @@ | |||
| 34 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 34 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
| 35 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 35 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
| 36 | .\" | 36 | .\" |
| 37 | .\" $OpenBSD: sshd_config.5,v 1.16 2003/04/30 01:16:20 mouring Exp $ | 37 | .\" $OpenBSD: sshd_config.5,v 1.17 2003/05/20 12:09:32 jmc Exp $ |
| 38 | .Dd September 25, 1999 | 38 | .Dd September 25, 1999 |
| 39 | .Dt SSHD_CONFIG 5 | 39 | .Dt SSHD_CONFIG 5 |
| 40 | .Os | 40 | .Os |
| @@ -107,7 +107,8 @@ Specifies the file that contains the public keys that can be used | |||
| 107 | for user authentication. | 107 | for user authentication. |
| 108 | .Cm AuthorizedKeysFile | 108 | .Cm AuthorizedKeysFile |
| 109 | may contain tokens of the form %T which are substituted during connection | 109 | may contain tokens of the form %T which are substituted during connection |
| 110 | set-up. The following tokens are defined: %% is replaced by a literal '%', | 110 | set-up. |
| 111 | The following tokens are defined: %% is replaced by a literal '%', | ||
| 111 | %h is replaced by the home directory of the user being authenticated and | 112 | %h is replaced by the home directory of the user being authenticated and |
| 112 | %u is replaced by the username of that user. | 113 | %u is replaced by the username of that user. |
| 113 | After expansion, | 114 | After expansion, |
| @@ -153,20 +154,24 @@ This option applies to protocol version 2 only. | |||
| 153 | Sets the number of client alive messages (see above) which may be | 154 | Sets the number of client alive messages (see above) which may be |
| 154 | sent without | 155 | sent without |
| 155 | .Nm sshd | 156 | .Nm sshd |
| 156 | receiving any messages back from the client. If this threshold is | 157 | receiving any messages back from the client. |
| 157 | reached while client alive messages are being sent, | 158 | If this threshold is reached while client alive messages are being sent, |
| 158 | .Nm sshd | 159 | .Nm sshd |
| 159 | will disconnect the client, terminating the session. It is important | 160 | will disconnect the client, terminating the session. |
| 160 | to note that the use of client alive messages is very different from | 161 | It is important to note that the use of client alive messages is very |
| 162 | different from | ||
| 161 | .Cm KeepAlive | 163 | .Cm KeepAlive |
| 162 | (below). The client alive messages are sent through the | 164 | (below). |
| 163 | encrypted channel and therefore will not be spoofable. The TCP keepalive | 165 | The client alive messages are sent through the encrypted channel |
| 164 | option enabled by | 166 | and therefore will not be spoofable. |
| 167 | The TCP keepalive option enabled by | ||
| 165 | .Cm KeepAlive | 168 | .Cm KeepAlive |
| 166 | is spoofable. The client alive mechanism is valuable when the client or | 169 | is spoofable. |
| 170 | The client alive mechanism is valuable when the client or | ||
| 167 | server depend on knowing when a connection has become inactive. | 171 | server depend on knowing when a connection has become inactive. |
| 168 | .Pp | 172 | .Pp |
| 169 | The default value is 3. If | 173 | The default value is 3. |
| 174 | If | ||
| 170 | .Cm ClientAliveInterval | 175 | .Cm ClientAliveInterval |
| 171 | (above) is set to 15, and | 176 | (above) is set to 15, and |
| 172 | .Cm ClientAliveCountMax | 177 | .Cm ClientAliveCountMax |
| @@ -369,11 +374,12 @@ is not specified, | |||
| 369 | .Nm sshd | 374 | .Nm sshd |
| 370 | will listen on the address and all prior | 375 | will listen on the address and all prior |
| 371 | .Cm Port | 376 | .Cm Port |
| 372 | options specified. The default is to listen on all local | 377 | options specified. |
| 373 | addresses. | 378 | The default is to listen on all local addresses. |
| 374 | Multiple | 379 | Multiple |
| 375 | .Cm ListenAddress | 380 | .Cm ListenAddress |
| 376 | options are permitted. Additionally, any | 381 | options are permitted. |
| 382 | Additionally, any | ||
| 377 | .Cm Port | 383 | .Cm Port |
| 378 | options must precede this option for non port qualified addresses. | 384 | options must precede this option for non port qualified addresses. |
| 379 | .It Cm LoginGraceTime | 385 | .It Cm LoginGraceTime |
| @@ -454,8 +460,8 @@ but only if the | |||
| 454 | .Ar command | 460 | .Ar command |
| 455 | option has been specified | 461 | option has been specified |
| 456 | (which may be useful for taking remote backups even if root login is | 462 | (which may be useful for taking remote backups even if root login is |
| 457 | normally not allowed). All other authentication methods are disabled | 463 | normally not allowed). |
| 458 | for root. | 464 | All other authentication methods are disabled for root. |
| 459 | .Pp | 465 | .Pp |
| 460 | If this option is set to | 466 | If this option is set to |
| 461 | .Dq no | 467 | .Dq no |