diff options
-rw-r--r-- | ChangeLog | 6 | ||||
-rw-r--r-- | sshd.8 | 22 |
2 files changed, 16 insertions, 12 deletions
@@ -207,6 +207,10 @@ | |||
207 | - stevesk@cvs.openbsd.org 2002/01/18 18:14:17 | 207 | - stevesk@cvs.openbsd.org 2002/01/18 18:14:17 |
208 | [authfd.c bufaux.c buffer.c cipher.c packet.c ssh-agent.c ssh-keygen.c] | 208 | [authfd.c bufaux.c buffer.c cipher.c packet.c ssh-agent.c ssh-keygen.c] |
209 | unneeded cast cleanup; ok markus@ | 209 | unneeded cast cleanup; ok markus@ |
210 | - stevesk@cvs.openbsd.org 2002/01/18 20:46:34 | ||
211 | [sshd.8] | ||
212 | clarify Allow(Groups|Users) and Deny(Groups|Users); suggestion from | ||
213 | allard@oceanpark.com; ok markus@ | ||
210 | 214 | ||
211 | 20020121 | 215 | 20020121 |
212 | - (djm) Rework ssh-rand-helper: | 216 | - (djm) Rework ssh-rand-helper: |
@@ -7354,4 +7358,4 @@ | |||
7354 | - Wrote replacements for strlcpy and mkdtemp | 7358 | - Wrote replacements for strlcpy and mkdtemp |
7355 | - Released 1.0pre1 | 7359 | - Released 1.0pre1 |
7356 | 7360 | ||
7357 | $Id: ChangeLog,v 1.1781 2002/01/22 12:33:31 djm Exp $ | 7361 | $Id: ChangeLog,v 1.1782 2002/01/22 12:33:45 djm Exp $ |
@@ -34,7 +34,7 @@ | |||
34 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 34 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
35 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 35 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
36 | .\" | 36 | .\" |
37 | .\" $OpenBSD: sshd.8,v 1.162 2002/01/18 17:14:16 stevesk Exp $ | 37 | .\" $OpenBSD: sshd.8,v 1.163 2002/01/18 20:46:34 stevesk Exp $ |
38 | .Dd September 25, 1999 | 38 | .Dd September 25, 1999 |
39 | .Dt SSHD 8 | 39 | .Dt SSHD 8 |
40 | .Os | 40 | .Os |
@@ -329,7 +329,7 @@ Specifies whether an AFS token may be forwarded to the server. | |||
329 | Default is | 329 | Default is |
330 | .Dq yes . | 330 | .Dq yes . |
331 | .It Cm AllowGroups | 331 | .It Cm AllowGroups |
332 | This keyword can be followed by a list of group names, separated | 332 | This keyword can be followed by a list of group name patterns, separated |
333 | by spaces. | 333 | by spaces. |
334 | If specified, login is allowed only for users whose primary | 334 | If specified, login is allowed only for users whose primary |
335 | group or supplementary group list matches one of the patterns. | 335 | group or supplementary group list matches one of the patterns. |
@@ -339,7 +339,7 @@ and | |||
339 | can be used as | 339 | can be used as |
340 | wildcards in the patterns. | 340 | wildcards in the patterns. |
341 | Only group names are valid; a numerical group ID is not recognized. | 341 | Only group names are valid; a numerical group ID is not recognized. |
342 | By default login is allowed regardless of the group list. | 342 | By default, login is allowed for all groups. |
343 | .Pp | 343 | .Pp |
344 | .It Cm AllowTcpForwarding | 344 | .It Cm AllowTcpForwarding |
345 | Specifies whether TCP forwarding is permitted. | 345 | Specifies whether TCP forwarding is permitted. |
@@ -350,7 +350,7 @@ users are also denied shell access, as they can always install their | |||
350 | own forwarders. | 350 | own forwarders. |
351 | .Pp | 351 | .Pp |
352 | .It Cm AllowUsers | 352 | .It Cm AllowUsers |
353 | This keyword can be followed by a list of user names, separated | 353 | This keyword can be followed by a list of user name patterns, separated |
354 | by spaces. | 354 | by spaces. |
355 | If specified, login is allowed only for users names that | 355 | If specified, login is allowed only for users names that |
356 | match one of the patterns. | 356 | match one of the patterns. |
@@ -360,7 +360,7 @@ and | |||
360 | can be used as | 360 | can be used as |
361 | wildcards in the patterns. | 361 | wildcards in the patterns. |
362 | Only user names are valid; a numerical user ID is not recognized. | 362 | Only user names are valid; a numerical user ID is not recognized. |
363 | By default login is allowed regardless of the user name. | 363 | By default, login is allowed for all users. |
364 | If the pattern takes the form USER@HOST then USER and HOST | 364 | If the pattern takes the form USER@HOST then USER and HOST |
365 | are separately checked, restricting logins to particular | 365 | are separately checked, restricting logins to particular |
366 | users from particular hosts. | 366 | users from particular hosts. |
@@ -435,20 +435,20 @@ The default value is 3. If | |||
435 | is left at the default, unresponsive ssh clients | 435 | is left at the default, unresponsive ssh clients |
436 | will be disconnected after approximately 45 seconds. | 436 | will be disconnected after approximately 45 seconds. |
437 | .It Cm DenyGroups | 437 | .It Cm DenyGroups |
438 | This keyword can be followed by a number of group names, separated | 438 | This keyword can be followed by a list of group name patterns, separated |
439 | by spaces. | 439 | by spaces. |
440 | Users whose primary group or supplementary group list matches | 440 | Login is disallowed for users whose primary group or supplementary |
441 | one of the patterns aren't allowed to log in. | 441 | group list matches one of the patterns. |
442 | .Ql \&* | 442 | .Ql \&* |
443 | and | 443 | and |
444 | .Ql ? | 444 | .Ql ? |
445 | can be used as | 445 | can be used as |
446 | wildcards in the patterns. | 446 | wildcards in the patterns. |
447 | Only group names are valid; a numerical group ID is not recognized. | 447 | Only group names are valid; a numerical group ID is not recognized. |
448 | By default login is allowed regardless of the group list. | 448 | By default, login is allowed for all groups. |
449 | .Pp | 449 | .Pp |
450 | .It Cm DenyUsers | 450 | .It Cm DenyUsers |
451 | This keyword can be followed by a number of user names, separated | 451 | This keyword can be followed by a list of user name patterns, separated |
452 | by spaces. | 452 | by spaces. |
453 | Login is disallowed for user names that match one of the patterns. | 453 | Login is disallowed for user names that match one of the patterns. |
454 | .Ql \&* | 454 | .Ql \&* |
@@ -456,7 +456,7 @@ and | |||
456 | .Ql ? | 456 | .Ql ? |
457 | can be used as wildcards in the patterns. | 457 | can be used as wildcards in the patterns. |
458 | Only user names are valid; a numerical user ID is not recognized. | 458 | Only user names are valid; a numerical user ID is not recognized. |
459 | By default login is allowed regardless of the user name. | 459 | By default, login is allowed for all users. |
460 | .It Cm GatewayPorts | 460 | .It Cm GatewayPorts |
461 | Specifies whether remote hosts are allowed to connect to ports | 461 | Specifies whether remote hosts are allowed to connect to ports |
462 | forwarded for the client. | 462 | forwarded for the client. |