diff options
Diffstat (limited to 'sshd.0')
-rw-r--r-- | sshd.0 | 38 |
1 files changed, 27 insertions, 11 deletions
@@ -145,7 +145,7 @@ AUTHENTICATION | |||
145 | Regardless of the authentication type, the account is checked to ensure | 145 | Regardless of the authentication type, the account is checked to ensure |
146 | that it is accessible. An account is not accessible if it is locked, | 146 | that it is accessible. An account is not accessible if it is locked, |
147 | listed in DenyUsers or its group is listed in DenyGroups . The | 147 | listed in DenyUsers or its group is listed in DenyGroups . The |
148 | definition of a locked account is system dependant. Some platforms have | 148 | definition of a locked account is system dependent. Some platforms have |
149 | their own account database (eg AIX) and some modify the passwd field ( | 149 | their own account database (eg AIX) and some modify the passwd field ( |
150 | M-bM-^@M-^X*LK*M-bM-^@M-^Y on Solaris and UnixWare, M-bM-^@M-^X*M-bM-^@M-^Y on HP-UX, containing M-bM-^@M-^XNologinM-bM-^@M-^Y on | 150 | M-bM-^@M-^X*LK*M-bM-^@M-^Y on Solaris and UnixWare, M-bM-^@M-^X*M-bM-^@M-^Y on HP-UX, containing M-bM-^@M-^XNologinM-bM-^@M-^Y on |
151 | Tru64, a leading M-bM-^@M-^X*LOCKED*M-bM-^@M-^Y on FreeBSD and a leading M-bM-^@M-^X!M-bM-^@M-^Y on most | 151 | Tru64, a leading M-bM-^@M-^X*LOCKED*M-bM-^@M-^Y on FreeBSD and a leading M-bM-^@M-^X!M-bM-^@M-^Y on most |
@@ -341,14 +341,28 @@ AUTHORIZED_KEYS FILE FORMAT | |||
341 | Forbids X11 forwarding when this key is used for authentication. | 341 | Forbids X11 forwarding when this key is used for authentication. |
342 | Any X11 forward requests by the client will return an error. | 342 | Any X11 forward requests by the client will return an error. |
343 | 343 | ||
344 | permitlisten="[host:]port" | ||
345 | Limit remote port forwarding with the ssh(1) -R option such that | ||
346 | it may only listen on the specified host (optional) and port. | ||
347 | IPv6 addresses can be specified by enclosing the address in | ||
348 | square brackets. Multiple permitlisten options may be applied | ||
349 | separated by commas. Hostnames may include wildcards as | ||
350 | described in the PATTERNS section in ssh_config(5). A port | ||
351 | specification of * matches any port. Note that the setting of | ||
352 | GatewayPorts may further restrict listen addresses. Note that | ||
353 | ssh(1) will send a hostname of M-bM-^@M-^\localhostM-bM-^@M-^] if a listen host was | ||
354 | not specified when the forwarding was requested, and that this | ||
355 | name is treated differently to the explicit localhost addresses | ||
356 | M-bM-^@M-^\127.0.0.1M-bM-^@M-^] and M-bM-^@M-^\::1M-bM-^@M-^]. | ||
357 | |||
344 | permitopen="host:port" | 358 | permitopen="host:port" |
345 | Limit local port forwarding with ssh(1) -L such that it may only | 359 | Limit local port forwarding with the ssh(1) -L option such that |
346 | connect to the specified host and port. IPv6 addresses can be | 360 | it may only connect to the specified host and port. IPv6 |
347 | specified by enclosing the address in square brackets. Multiple | 361 | addresses can be specified by enclosing the address in square |
348 | permitopen options may be applied separated by commas. No | 362 | brackets. Multiple permitopen options may be applied separated |
349 | pattern matching is performed on the specified hostnames, they | 363 | by commas. No pattern matching is performed on the specified |
350 | must be literal domains or addresses. A port specification of * | 364 | hostnames, they must be literal domains or addresses. A port |
351 | matches any port. | 365 | specification of * matches any port. |
352 | 366 | ||
353 | port-forwarding | 367 | port-forwarding |
354 | Enable port forwarding previously disabled by the restrict | 368 | Enable port forwarding previously disabled by the restrict |
@@ -390,9 +404,11 @@ AUTHORIZED_KEYS FILE FORMAT | |||
390 | ssh-rsa AAAAB3Nza...LiPk== user@example.net | 404 | ssh-rsa AAAAB3Nza...LiPk== user@example.net |
391 | from="*.sales.example.net,!pc.sales.example.net" ssh-rsa | 405 | from="*.sales.example.net,!pc.sales.example.net" ssh-rsa |
392 | AAAAB2...19Q== john@example.net | 406 | AAAAB2...19Q== john@example.net |
393 | command="dump /home",no-pty,no-port-forwarding ssh-dss | 407 | command="dump /home",no-pty,no-port-forwarding ssh-rsa |
394 | AAAAC3...51R== example.net | 408 | AAAAC3...51R== example.net |
395 | permitopen="192.0.2.1:80",permitopen="192.0.2.2:25" ssh-dss | 409 | permitopen="192.0.2.1:80",permitopen="192.0.2.2:25" ssh-rsa |
410 | AAAAB5...21S== | ||
411 | permitlisten="localhost:8080",permitopen="localhost:22000" ssh-rsa | ||
396 | AAAAB5...21S== | 412 | AAAAB5...21S== |
397 | tunnel="0",command="sh /etc/netstart tun0" ssh-rsa AAAA...== | 413 | tunnel="0",command="sh /etc/netstart tun0" ssh-rsa AAAA...== |
398 | jane@example.net | 414 | jane@example.net |
@@ -634,4 +650,4 @@ AUTHORS | |||
634 | versions 1.5 and 2.0. Niels Provos and Markus Friedl contributed support | 650 | versions 1.5 and 2.0. Niels Provos and Markus Friedl contributed support |
635 | for privilege separation. | 651 | for privilege separation. |
636 | 652 | ||
637 | OpenBSD 6.2 March 14, 2018 OpenBSD 6.2 | 653 | OpenBSD 6.4 July 22, 2018 OpenBSD 6.4 |