diff options
Diffstat (limited to 'sshd.8')
| -rw-r--r-- | sshd.8 | 32 |
1 files changed, 18 insertions, 14 deletions
| @@ -33,8 +33,8 @@ | |||
| 33 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 33 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
| 34 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 34 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
| 35 | .\" | 35 | .\" |
| 36 | .\" $OpenBSD: sshd.8,v 1.291 2017/06/24 06:28:50 jmc Exp $ | 36 | .\" $OpenBSD: sshd.8,v 1.299 2018/03/14 06:56:20 jmc Exp $ |
| 37 | .Dd $Mdocdate: June 24 2017 $ | 37 | .Dd $Mdocdate: March 14 2018 $ |
| 38 | .Dt SSHD 8 | 38 | .Dt SSHD 8 |
| 39 | .Os | 39 | .Os |
| 40 | .Sh NAME | 40 | .Sh NAME |
| @@ -100,20 +100,22 @@ Specify the connection parameters to use for the | |||
| 100 | extended test mode. | 100 | extended test mode. |
| 101 | If provided, any | 101 | If provided, any |
| 102 | .Cm Match | 102 | .Cm Match |
| 103 | directives in the configuration file | 103 | directives in the configuration file that would apply are applied before the |
| 104 | that would apply to the specified user, host, and address will be set before | 104 | configuration is written to standard output. |
| 105 | the configuration is written to standard output. | 105 | The connection parameters are supplied as keyword=value pairs and may be |
| 106 | The connection parameters are supplied as keyword=value pairs. | 106 | supplied in any order, either with multiple |
| 107 | .Fl C | ||
| 108 | options or as a comma-separated list. | ||
| 107 | The keywords are | 109 | The keywords are |
| 110 | .Dq addr, | ||
| 108 | .Dq user , | 111 | .Dq user , |
| 109 | .Dq host , | 112 | .Dq host , |
| 110 | .Dq laddr , | 113 | .Dq laddr , |
| 111 | .Dq lport , | 114 | .Dq lport , |
| 112 | and | 115 | and |
| 113 | .Dq addr . | 116 | .Dq rdomain |
| 114 | All are required and may be supplied in any order, either with multiple | 117 | and correspond to source address, user, resolved source host name, |
| 115 | .Fl C | 118 | local address, local port number and routing domain respectively. |
| 116 | options or as a comma-separated list. | ||
| 117 | .It Fl c Ar host_certificate_file | 119 | .It Fl c Ar host_certificate_file |
| 118 | Specifies a path to a certificate file to identify | 120 | Specifies a path to a certificate file to identify |
| 119 | .Nm | 121 | .Nm |
| @@ -164,7 +166,6 @@ This option must be given if | |||
| 164 | is not run as root (as the normal | 166 | is not run as root (as the normal |
| 165 | host key files are normally not readable by anyone but root). | 167 | host key files are normally not readable by anyone but root). |
| 166 | The default is | 168 | The default is |
| 167 | .Pa /etc/ssh/ssh_host_dsa_key , | ||
| 168 | .Pa /etc/ssh/ssh_host_ecdsa_key , | 169 | .Pa /etc/ssh/ssh_host_ecdsa_key , |
| 169 | .Pa /etc/ssh/ssh_host_ed25519_key | 170 | .Pa /etc/ssh/ssh_host_ed25519_key |
| 170 | and | 171 | and |
| @@ -452,7 +453,7 @@ or the | |||
| 452 | file and edit it. | 453 | file and edit it. |
| 453 | .Pp | 454 | .Pp |
| 454 | .Nm | 455 | .Nm |
| 455 | enforces a minimum RSA key modulus size of 768 bits. | 456 | enforces a minimum RSA key modulus size of 1024 bits. |
| 456 | .Pp | 457 | .Pp |
| 457 | The options (if present) consist of comma-separated option | 458 | The options (if present) consist of comma-separated option |
| 458 | specifications. | 459 | specifications. |
| @@ -512,6 +513,10 @@ Environment processing is disabled by default and is | |||
| 512 | controlled via the | 513 | controlled via the |
| 513 | .Cm PermitUserEnvironment | 514 | .Cm PermitUserEnvironment |
| 514 | option. | 515 | option. |
| 516 | .It Cm expiry-time="timespec" | ||
| 517 | Specifies a time after which the key will not be accepted. | ||
| 518 | The time may be specified as a YYYYMMDD date or a YYYYMMDDHHMM[SS] time | ||
| 519 | in the system time-zone. | ||
| 515 | .It Cm from="pattern-list" | 520 | .It Cm from="pattern-list" |
| 516 | Specifies that in addition to public key authentication, either the canonical | 521 | Specifies that in addition to public key authentication, either the canonical |
| 517 | name of the remote host or its IP address must be present in the | 522 | name of the remote host or its IP address must be present in the |
| @@ -566,6 +571,7 @@ matches any port. | |||
| 566 | .It Cm port-forwarding | 571 | .It Cm port-forwarding |
| 567 | Enable port forwarding previously disabled by the | 572 | Enable port forwarding previously disabled by the |
| 568 | .Cm restrict | 573 | .Cm restrict |
| 574 | option. | ||
| 569 | .It Cm principals="principals" | 575 | .It Cm principals="principals" |
| 570 | On a | 576 | On a |
| 571 | .Cm cert-authority | 577 | .Cm cert-authority |
| @@ -871,7 +877,6 @@ This file is used in exactly the same way as | |||
| 871 | but allows host-based authentication without permitting login with | 877 | but allows host-based authentication without permitting login with |
| 872 | rlogin/rsh. | 878 | rlogin/rsh. |
| 873 | .Pp | 879 | .Pp |
| 874 | .It Pa /etc/ssh/ssh_host_dsa_key | ||
| 875 | .It Pa /etc/ssh/ssh_host_ecdsa_key | 880 | .It Pa /etc/ssh/ssh_host_ecdsa_key |
| 876 | .It Pa /etc/ssh/ssh_host_ed25519_key | 881 | .It Pa /etc/ssh/ssh_host_ed25519_key |
| 877 | .It Pa /etc/ssh/ssh_host_rsa_key | 882 | .It Pa /etc/ssh/ssh_host_rsa_key |
| @@ -882,7 +887,6 @@ Note that | |||
| 882 | .Nm | 887 | .Nm |
| 883 | does not start if these files are group/world-accessible. | 888 | does not start if these files are group/world-accessible. |
| 884 | .Pp | 889 | .Pp |
| 885 | .It Pa /etc/ssh/ssh_host_dsa_key.pub | ||
| 886 | .It Pa /etc/ssh/ssh_host_ecdsa_key.pub | 890 | .It Pa /etc/ssh/ssh_host_ecdsa_key.pub |
| 887 | .It Pa /etc/ssh/ssh_host_ed25519_key.pub | 891 | .It Pa /etc/ssh/ssh_host_ed25519_key.pub |
| 888 | .It Pa /etc/ssh/ssh_host_rsa_key.pub | 892 | .It Pa /etc/ssh/ssh_host_rsa_key.pub |