diff options
Diffstat (limited to 'sshd.8')
-rw-r--r-- | sshd.8 | 30 |
1 files changed, 15 insertions, 15 deletions
@@ -34,7 +34,7 @@ | |||
34 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 34 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
35 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 35 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
36 | .\" | 36 | .\" |
37 | .\" $OpenBSD: sshd.8,v 1.132 2001/06/23 03:03:59 markus Exp $ | 37 | .\" $OpenBSD: sshd.8,v 1.133 2001/06/23 17:48:19 itojun Exp $ |
38 | .Dd September 25, 1999 | 38 | .Dd September 25, 1999 |
39 | .Dt SSHD 8 | 39 | .Dt SSHD 8 |
40 | .Os | 40 | .Os |
@@ -374,7 +374,7 @@ The default is | |||
374 | .Dq aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour. | 374 | .Dq aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour. |
375 | .It Cm ClientAliveInterval | 375 | .It Cm ClientAliveInterval |
376 | Sets a timeout interval in seconds after which if no data has been received | 376 | Sets a timeout interval in seconds after which if no data has been received |
377 | from the client, | 377 | from the client, |
378 | .Nm | 378 | .Nm |
379 | will send a message through the encrypted | 379 | will send a message through the encrypted |
380 | channel to request a response from the client. | 380 | channel to request a response from the client. |
@@ -386,10 +386,10 @@ Sets the number of client alive messages (see above) which may be | |||
386 | sent without | 386 | sent without |
387 | .Nm | 387 | .Nm |
388 | receiving any messages back from the client. If this threshold is | 388 | receiving any messages back from the client. If this threshold is |
389 | reached while client alive messages are being sent, | 389 | reached while client alive messages are being sent, |
390 | .Nm | 390 | .Nm |
391 | will disconnect the client, terminating the session. It is important | 391 | will disconnect the client, terminating the session. It is important |
392 | to note that the use of client alive messages is very different from | 392 | to note that the use of client alive messages is very different from |
393 | .Cm Keepalive | 393 | .Cm Keepalive |
394 | (below). The client alive messages are sent through the | 394 | (below). The client alive messages are sent through the |
395 | encrypted channel and therefore will not be spoofable. The TCP keepalive | 395 | encrypted channel and therefore will not be spoofable. The TCP keepalive |
@@ -402,7 +402,7 @@ clients having an active connection to the server. | |||
402 | The default value is 3. If you set | 402 | The default value is 3. If you set |
403 | .Cm ClientAliveInterval | 403 | .Cm ClientAliveInterval |
404 | (above) to 15, and leave this value at the default, unresponsive ssh clients | 404 | (above) to 15, and leave this value at the default, unresponsive ssh clients |
405 | will be disconnected after approximately 45 seconds. | 405 | will be disconnected after approximately 45 seconds. |
406 | .It Cm DenyGroups | 406 | .It Cm DenyGroups |
407 | This keyword can be followed by a number of group names, separated | 407 | This keyword can be followed by a number of group names, separated |
408 | by spaces. | 408 | by spaces. |
@@ -787,12 +787,12 @@ The default is | |||
787 | Note that | 787 | Note that |
788 | .Xr login 1 | 788 | .Xr login 1 |
789 | is never used for remote command execution. | 789 | is never used for remote command execution. |
790 | Note also, that if this is enabled, | 790 | Note also, that if this is enabled, |
791 | .Cm X11Forwarding | 791 | .Cm X11Forwarding |
792 | will be disabled because | 792 | will be disabled because |
793 | .Xr login 1 | 793 | .Xr login 1 |
794 | does not know how to handle | 794 | does not know how to handle |
795 | .Xr xauth 1 | 795 | .Xr xauth 1 |
796 | cookies. | 796 | cookies. |
797 | .It Cm X11DisplayOffset | 797 | .It Cm X11DisplayOffset |
798 | Specifies the first display number available for | 798 | Specifies the first display number available for |
@@ -808,9 +808,9 @@ The default is | |||
808 | .Dq no . | 808 | .Dq no . |
809 | Note that disabling X11 forwarding does not improve security in any | 809 | Note that disabling X11 forwarding does not improve security in any |
810 | way, as users can always install their own forwarders. | 810 | way, as users can always install their own forwarders. |
811 | X11 forwarding is automatically disabled if | 811 | X11 forwarding is automatically disabled if |
812 | .Cm UseLogin | 812 | .Cm UseLogin |
813 | is enabled. | 813 | is enabled. |
814 | .It Cm XAuthLocation | 814 | .It Cm XAuthLocation |
815 | Specifies the location of the | 815 | Specifies the location of the |
816 | .Xr xauth 1 | 816 | .Xr xauth 1 |
@@ -1005,13 +1005,13 @@ authentication. | |||
1005 | .It Cm no-pty | 1005 | .It Cm no-pty |
1006 | Prevents tty allocation (a request to allocate a pty will fail). | 1006 | Prevents tty allocation (a request to allocate a pty will fail). |
1007 | .It Cm permitopen="host:port" | 1007 | .It Cm permitopen="host:port" |
1008 | Limit local | 1008 | Limit local |
1009 | .Li ``ssh -L'' | 1009 | .Li ``ssh -L'' |
1010 | port forwarding such that it may only connect to the specified host and | 1010 | port forwarding such that it may only connect to the specified host and |
1011 | port. Multiple | 1011 | port. Multiple |
1012 | .Cm permitopen | 1012 | .Cm permitopen |
1013 | options may be applied separated by commas. No pattern matching is | 1013 | options may be applied separated by commas. No pattern matching is |
1014 | performed on the specified hostnames, they must be literal domains or | 1014 | performed on the specified hostnames, they must be literal domains or |
1015 | addresses. | 1015 | addresses. |
1016 | .El | 1016 | .El |
1017 | .Ss Examples | 1017 | .Ss Examples |