summaryrefslogtreecommitdiff
path: root/sshd.8
diff options
context:
space:
mode:
Diffstat (limited to 'sshd.8')
-rw-r--r--sshd.852
1 files changed, 26 insertions, 26 deletions
diff --git a/sshd.8 b/sshd.8
index 909339f07..58bf9062a 100644
--- a/sshd.8
+++ b/sshd.8
@@ -34,7 +34,7 @@
34.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 34.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
35.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 35.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
36.\" 36.\"
37.\" $OpenBSD: sshd.8,v 1.217 2006/02/12 10:52:41 jmc Exp $ 37.\" $OpenBSD: sshd.8,v 1.218 2006/02/12 17:57:19 jmc Exp $
38.Dd September 25, 1999 38.Dd September 25, 1999
39.Dt SSHD 8 39.Dt SSHD 8
40.Os 40.Os
@@ -421,26 +421,6 @@ No spaces are permitted, except within double quotes.
421The following option specifications are supported (note 421The following option specifications are supported (note
422that option keywords are case-insensitive): 422that option keywords are case-insensitive):
423.Bl -tag -width Ds 423.Bl -tag -width Ds
424.It Cm from="pattern-list"
425Specifies that in addition to public key authentication, the canonical name
426of the remote host must be present in the comma-separated list of
427patterns
428.Pf ( Ql \&*
429and
430.Ql \&?
431serve as wildcards).
432The list may also contain
433patterns negated by prefixing them with
434.Ql \&! ;
435if the canonical host name matches a negated pattern, the key is not accepted.
436The purpose
437of this option is to optionally increase security: public key authentication
438by itself does not trust the network or name servers or anything (but
439the key); however, if somebody somehow steals the key, the key
440permits an intruder to log in from anywhere in the world.
441This additional option makes using a stolen key more difficult (name
442servers and/or routers would have to be compromised in addition to
443just the key).
444.It Cm command="command" 424.It Cm command="command"
445Specifies that the command is executed whenever this key is used for 425Specifies that the command is executed whenever this key is used for
446authentication. 426authentication.
@@ -470,20 +450,40 @@ option.
470This option is automatically disabled if 450This option is automatically disabled if
471.Cm UseLogin 451.Cm UseLogin
472is enabled. 452is enabled.
453.It Cm from="pattern-list"
454Specifies that in addition to public key authentication, the canonical name
455of the remote host must be present in the comma-separated list of
456patterns
457.Pf ( Ql \&*
458and
459.Ql \&?
460serve as wildcards).
461The list may also contain
462patterns negated by prefixing them with
463.Ql \&! ;
464if the canonical host name matches a negated pattern, the key is not accepted.
465The purpose
466of this option is to optionally increase security: public key authentication
467by itself does not trust the network or name servers or anything (but
468the key); however, if somebody somehow steals the key, the key
469permits an intruder to log in from anywhere in the world.
470This additional option makes using a stolen key more difficult (name
471servers and/or routers would have to be compromised in addition to
472just the key).
473.It Cm no-agent-forwarding
474Forbids authentication agent forwarding when this key is used for
475authentication.
473.It Cm no-port-forwarding 476.It Cm no-port-forwarding
474Forbids TCP forwarding when this key is used for authentication. 477Forbids TCP forwarding when this key is used for authentication.
475Any port forward requests by the client will return an error. 478Any port forward requests by the client will return an error.
476This might be used, e.g., in connection with the 479This might be used, e.g., in connection with the
477.Cm command 480.Cm command
478option. 481option.
482.It Cm no-pty
483Prevents tty allocation (a request to allocate a pty will fail).
479.It Cm no-X11-forwarding 484.It Cm no-X11-forwarding
480Forbids X11 forwarding when this key is used for authentication. 485Forbids X11 forwarding when this key is used for authentication.
481Any X11 forward requests by the client will return an error. 486Any X11 forward requests by the client will return an error.
482.It Cm no-agent-forwarding
483Forbids authentication agent forwarding when this key is used for
484authentication.
485.It Cm no-pty
486Prevents tty allocation (a request to allocate a pty will fail).
487.It Cm permitopen="host:port" 487.It Cm permitopen="host:port"
488Limit local 488Limit local
489.Li ``ssh -L'' 489.Li ``ssh -L''