diff options
Diffstat (limited to 'sshd.0')
-rw-r--r-- | sshd.0 | 31 |
1 files changed, 18 insertions, 13 deletions
@@ -33,12 +33,14 @@ DESCRIPTION | |||
33 | -C connection_spec | 33 | -C connection_spec |
34 | Specify the connection parameters to use for the -T extended test | 34 | Specify the connection parameters to use for the -T extended test |
35 | mode. If provided, any Match directives in the configuration | 35 | mode. If provided, any Match directives in the configuration |
36 | file that would apply to the specified user, host, and address | 36 | file that would apply are applied before the configuration is |
37 | will be set before the configuration is written to standard | 37 | written to standard output. The connection parameters are |
38 | output. The connection parameters are supplied as keyword=value | 38 | supplied as keyword=value pairs and may be supplied in any order, |
39 | pairs. The keywords are M-bM-^@M-^\userM-bM-^@M-^], M-bM-^@M-^\hostM-bM-^@M-^], M-bM-^@M-^\laddrM-bM-^@M-^], M-bM-^@M-^\lportM-bM-^@M-^], and | ||
40 | M-bM-^@M-^\addrM-bM-^@M-^]. All are required and may be supplied in any order, | ||
41 | either with multiple -C options or as a comma-separated list. | 39 | either with multiple -C options or as a comma-separated list. |
40 | The keywords are M-bM-^@M-^\addr,M-bM-^@M-^] M-bM-^@M-^\userM-bM-^@M-^], M-bM-^@M-^\hostM-bM-^@M-^], M-bM-^@M-^\laddrM-bM-^@M-^], M-bM-^@M-^\lportM-bM-^@M-^], and | ||
41 | M-bM-^@M-^\rdomainM-bM-^@M-^] and correspond to source address, user, resolved source | ||
42 | host name, local address, local port number and routing domain | ||
43 | respectively. | ||
42 | 44 | ||
43 | -c host_certificate_file | 45 | -c host_certificate_file |
44 | Specifies a path to a certificate file to identify sshd during | 46 | Specifies a path to a certificate file to identify sshd during |
@@ -75,10 +77,9 @@ DESCRIPTION | |||
75 | Specifies a file from which a host key is read. This option must | 77 | Specifies a file from which a host key is read. This option must |
76 | be given if sshd is not run as root (as the normal host key files | 78 | be given if sshd is not run as root (as the normal host key files |
77 | are normally not readable by anyone but root). The default is | 79 | are normally not readable by anyone but root). The default is |
78 | /etc/ssh/ssh_host_dsa_key, /etc/ssh/ssh_host_ecdsa_key, | 80 | /etc/ssh/ssh_host_ecdsa_key, /etc/ssh/ssh_host_ed25519_key and |
79 | /etc/ssh/ssh_host_ed25519_key and /etc/ssh/ssh_host_rsa_key. It | 81 | /etc/ssh/ssh_host_rsa_key. It is possible to have multiple host |
80 | is possible to have multiple host key files for the different | 82 | key files for the different host key algorithms. |
81 | host key algorithms. | ||
82 | 83 | ||
83 | -i Specifies that sshd is being run from inetd(8). | 84 | -i Specifies that sshd is being run from inetd(8). |
84 | 85 | ||
@@ -247,7 +248,7 @@ AUTHORIZED_KEYS FILE FORMAT | |||
247 | You don't want to type them in; instead, copy the id_dsa.pub, | 248 | You don't want to type them in; instead, copy the id_dsa.pub, |
248 | id_ecdsa.pub, id_ed25519.pub, or the id_rsa.pub file and edit it. | 249 | id_ecdsa.pub, id_ed25519.pub, or the id_rsa.pub file and edit it. |
249 | 250 | ||
250 | sshd enforces a minimum RSA key modulus size of 768 bits. | 251 | sshd enforces a minimum RSA key modulus size of 1024 bits. |
251 | 252 | ||
252 | The options (if present) consist of comma-separated option | 253 | The options (if present) consist of comma-separated option |
253 | specifications. No spaces are permitted, except within double quotes. | 254 | specifications. No spaces are permitted, except within double quotes. |
@@ -299,6 +300,11 @@ AUTHORIZED_KEYS FILE FORMAT | |||
299 | this type are permitted. Environment processing is disabled by | 300 | this type are permitted. Environment processing is disabled by |
300 | default and is controlled via the PermitUserEnvironment option. | 301 | default and is controlled via the PermitUserEnvironment option. |
301 | 302 | ||
303 | expiry-time="timespec" | ||
304 | Specifies a time after which the key will not be accepted. The | ||
305 | time may be specified as a YYYYMMDD date or a YYYYMMDDHHMM[SS] | ||
306 | time in the system time-zone. | ||
307 | |||
302 | from="pattern-list" | 308 | from="pattern-list" |
303 | Specifies that in addition to public key authentication, either | 309 | Specifies that in addition to public key authentication, either |
304 | the canonical name of the remote host or its IP address must be | 310 | the canonical name of the remote host or its IP address must be |
@@ -346,6 +352,7 @@ AUTHORIZED_KEYS FILE FORMAT | |||
346 | 352 | ||
347 | port-forwarding | 353 | port-forwarding |
348 | Enable port forwarding previously disabled by the restrict | 354 | Enable port forwarding previously disabled by the restrict |
355 | option. | ||
349 | 356 | ||
350 | principals="principals" | 357 | principals="principals" |
351 | On a cert-authority line, specifies allowed principals for | 358 | On a cert-authority line, specifies allowed principals for |
@@ -567,7 +574,6 @@ FILES | |||
567 | allows host-based authentication without permitting login with | 574 | allows host-based authentication without permitting login with |
568 | rlogin/rsh. | 575 | rlogin/rsh. |
569 | 576 | ||
570 | /etc/ssh/ssh_host_dsa_key | ||
571 | /etc/ssh/ssh_host_ecdsa_key | 577 | /etc/ssh/ssh_host_ecdsa_key |
572 | /etc/ssh/ssh_host_ed25519_key | 578 | /etc/ssh/ssh_host_ed25519_key |
573 | /etc/ssh/ssh_host_rsa_key | 579 | /etc/ssh/ssh_host_rsa_key |
@@ -576,7 +582,6 @@ FILES | |||
576 | not accessible to others. Note that sshd does not start if these | 582 | not accessible to others. Note that sshd does not start if these |
577 | files are group/world-accessible. | 583 | files are group/world-accessible. |
578 | 584 | ||
579 | /etc/ssh/ssh_host_dsa_key.pub | ||
580 | /etc/ssh/ssh_host_ecdsa_key.pub | 585 | /etc/ssh/ssh_host_ecdsa_key.pub |
581 | /etc/ssh/ssh_host_ed25519_key.pub | 586 | /etc/ssh/ssh_host_ed25519_key.pub |
582 | /etc/ssh/ssh_host_rsa_key.pub | 587 | /etc/ssh/ssh_host_rsa_key.pub |
@@ -629,4 +634,4 @@ AUTHORS | |||
629 | versions 1.5 and 2.0. Niels Provos and Markus Friedl contributed support | 634 | versions 1.5 and 2.0. Niels Provos and Markus Friedl contributed support |
630 | for privilege separation. | 635 | for privilege separation. |
631 | 636 | ||
632 | OpenBSD 6.2 June 24, 2017 OpenBSD 6.2 | 637 | OpenBSD 6.2 March 14, 2018 OpenBSD 6.2 |