summaryrefslogtreecommitdiff
path: root/sshd.8
diff options
context:
space:
mode:
Diffstat (limited to 'sshd.8')
-rw-r--r--sshd.836
1 files changed, 34 insertions, 2 deletions
diff --git a/sshd.8 b/sshd.8
index 3b20d9f32..9bf3d5bb2 100644
--- a/sshd.8
+++ b/sshd.8
@@ -33,8 +33,8 @@
33.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 33.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
34.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 34.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
35.\" 35.\"
36.\" $OpenBSD: sshd.8,v 1.281 2015/09/11 03:13:36 djm Exp $ 36.\" $OpenBSD: sshd.8,v 1.282 2015/11/16 00:30:02 djm Exp $
37.Dd $Mdocdate: September 11 2015 $ 37.Dd $Mdocdate: November 16 2015 $
38.Dt SSHD 8 38.Dt SSHD 8
39.Os 39.Os
40.Sh NAME 40.Sh NAME
@@ -522,6 +522,10 @@ No spaces are permitted, except within double quotes.
522The following option specifications are supported (note 522The following option specifications are supported (note
523that option keywords are case-insensitive): 523that option keywords are case-insensitive):
524.Bl -tag -width Ds 524.Bl -tag -width Ds
525.It Cm agent-forwarding
526Enable authentication agent forwarding previously disabled by the
527.Cm restrict
528option.
525.It Cm cert-authority 529.It Cm cert-authority
526Specifies that the listed key is a certification authority (CA) that is 530Specifies that the listed key is a certification authority (CA) that is
527trusted to validate signed certificates for user authentication. 531trusted to validate signed certificates for user authentication.
@@ -616,6 +620,9 @@ they must be literal domains or addresses.
616A port specification of 620A port specification of
617.Cm * 621.Cm *
618matches any port. 622matches any port.
623.It Cm port-forwarding
624Enable port forwarding previously disabled by the
625.Cm restrict
619.It Cm principals="principals" 626.It Cm principals="principals"
620On a 627On a
621.Cm cert-authority 628.Cm cert-authority
@@ -627,12 +634,33 @@ This option is ignored for keys that are not marked as trusted certificate
627signers using the 634signers using the
628.Cm cert-authority 635.Cm cert-authority
629option. 636option.
637.It Cm pty
638Permits tty allocation previously disabled by the
639.Cm restrict
640option.
641.It Cm restrict
642Enable all restrictions, i.e. disable port, agent and X11 forwarding,
643as well as disabling PTY allocation
644and execution of
645.Pa ~/.ssh/rc .
646If any future restriction capabilities are added to authorized_keys files
647they will be included in this set.
630.It Cm tunnel="n" 648.It Cm tunnel="n"
631Force a 649Force a
632.Xr tun 4 650.Xr tun 4
633device on the server. 651device on the server.
634Without this option, the next available device will be used if 652Without this option, the next available device will be used if
635the client requests a tunnel. 653the client requests a tunnel.
654.It Cm user-rc
655Enables execution of
656.Pa ~/.ssh/rc
657previously disabled by the
658.Cm restrict
659option.
660.It Cm X11-forwarding
661Permits X11 forwarding previously disabled by the
662.Cm restrict
663option.
636.El 664.El
637.Pp 665.Pp
638An example authorized_keys file: 666An example authorized_keys file:
@@ -647,6 +675,10 @@ permitopen="192.0.2.1:80",permitopen="192.0.2.2:25" ssh-dss
647AAAAB5...21S== 675AAAAB5...21S==
648tunnel="0",command="sh /etc/netstart tun0" ssh-rsa AAAA...== 676tunnel="0",command="sh /etc/netstart tun0" ssh-rsa AAAA...==
649jane@example.net 677jane@example.net
678restrict,command="uptime" ssh-rsa AAAA1C8...32Tv==
679user@example.net
680restrict,pty,command="nethack" ssh-rsa AAAA1f8...IrrC5==
681user@example.net
650.Ed 682.Ed
651.Sh SSH_KNOWN_HOSTS FILE FORMAT 683.Sh SSH_KNOWN_HOSTS FILE FORMAT
652The 684The
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-10 13:32:42 +0000