summaryrefslogtreecommitdiff
path: root/sshd_config.5
diff options
context:
space:
mode:
authorColin Watson <cjwatson@debian.org>2010-01-24 22:46:54 +0000
committerColin Watson <cjwatson@debian.org>2010-01-24 22:46:54 +0000
commit59247ecde39f2d826a94ab07f6095ca1f6644e88 (patch)
tree5910d4a840352aafbf67e8a39fa63936e5529b26 /sshd_config.5
parent07d905b406c4ab64ea2f10a22f4f8f0d595269f6 (diff)
parent964476f91b66c475d5b8fa1e8b28d39a97a1b56e (diff)
* New upstream release.
* Update to GSSAPI patch from http://www.sxw.org.uk/computing/patches/openssh-5.3p1-gsskex-all-20100124.patch.
Diffstat (limited to 'sshd_config.5')
-rw-r--r--sshd_config.519
1 files changed, 13 insertions, 6 deletions
diff --git a/sshd_config.5 b/sshd_config.5
index 0d2e0c3da..522ac103f 100644
--- a/sshd_config.5
+++ b/sshd_config.5
@@ -34,8 +34,8 @@
34.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 34.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
35.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 35.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
36.\" 36.\"
37.\" $OpenBSD: sshd_config.5,v 1.102 2009/02/22 23:59:25 djm Exp $ 37.\" $OpenBSD: sshd_config.5,v 1.106 2009/04/21 15:13:17 stevesk Exp $
38.Dd $Mdocdate: February 22 2009 $ 38.Dd $Mdocdate: April 21 2009 $
39.Dt SSHD_CONFIG 5 39.Dt SSHD_CONFIG 5
40.Os 40.Os
41.Sh NAME 41.Sh NAME
@@ -203,7 +203,8 @@ then no banner is displayed.
203This option is only available for protocol version 2. 203This option is only available for protocol version 2.
204By default, no banner is displayed. 204By default, no banner is displayed.
205.It Cm ChallengeResponseAuthentication 205.It Cm ChallengeResponseAuthentication
206Specifies whether challenge-response authentication is allowed. 206Specifies whether challenge-response authentication is allowed (e.g. via
207PAM).
207The default is 208The default is
208.Dq yes . 209.Dq yes .
209.It Cm ChrootDirectory 210.It Cm ChrootDirectory
@@ -212,6 +213,9 @@ Specifies a path to
212to after authentication. 213to after authentication.
213This path, and all its components, must be root-owned directories that are 214This path, and all its components, must be root-owned directories that are
214not writable by any other user or group. 215not writable by any other user or group.
216After the chroot,
217.Xr sshd 8
218changes the working directory to the user's home directory.
215.Pp 219.Pp
216The path may contain the following tokens that are expanded at runtime once 220The path may contain the following tokens that are expanded at runtime once
217the connecting user has been authenticated: %% is replaced by a literal '%', 221the connecting user has been authenticated: %% is replaced by a literal '%',
@@ -221,7 +225,7 @@ the connecting user has been authenticated: %% is replaced by a literal '%',
221The 225The
222.Cm ChrootDirectory 226.Cm ChrootDirectory
223must contain the necessary files and directories to support the 227must contain the necessary files and directories to support the
224users' session. 228user's session.
225For an interactive session this requires at least a shell, typically 229For an interactive session this requires at least a shell, typically
226.Xr sh 1 , 230.Xr sh 1 ,
227and basic 231and basic
@@ -239,8 +243,11 @@ devices.
239For file transfer sessions using 243For file transfer sessions using
240.Dq sftp , 244.Dq sftp ,
241no additional configuration of the environment is necessary if the 245no additional configuration of the environment is necessary if the
242in-process sftp server is used (see 246in-process sftp server is used,
243.Cm Subsystem 247though sessions which use logging do require
248.Pa /dev/log
249inside the chroot directory (see
250.Xr sftp-server 8
244for details). 251for details).
245.Pp 252.Pp
246The default is not to 253The default is not to
generated by cgit v1.2.3 (git 2.39.1) at 2024-07-20 13:46:20 +0000