summaryrefslogtreecommitdiff
path: root/sshd_config.0
diff options
context:
space:
mode:
Diffstat (limited to 'sshd_config.0')
-rw-r--r--sshd_config.047
1 files changed, 35 insertions, 12 deletions
diff --git a/sshd_config.0 b/sshd_config.0
index a49953851..669d29a06 100644
--- a/sshd_config.0
+++ b/sshd_config.0
@@ -272,11 +272,12 @@ DESCRIPTION
272 HostKey 272 HostKey
273 Specifies a file containing a private host key used by SSH. The 273 Specifies a file containing a private host key used by SSH. The
274 default is /etc/ssh/ssh_host_key for protocol version 1, and 274 default is /etc/ssh/ssh_host_key for protocol version 1, and
275 /etc/ssh/ssh_host_rsa_key and /etc/ssh/ssh_host_dsa_key for 275 /etc/ssh/ssh_host_dsa_key, /etc/ssh/ssh_host_ecdsa_key and
276 protocol version 2. Note that sshd(8) will refuse to use a file 276 /etc/ssh/ssh_host_rsa_key for protocol version 2. Note that
277 if it is group/world-accessible. It is possible to have multiple 277 sshd(8) will refuse to use a file if it is group/world-
278 host key files. ``rsa1'' keys are used for version 1 and ``dsa'' 278 accessible. It is possible to have multiple host key files.
279 or ``rsa'' are used for version 2 of the SSH protocol. 279 ``rsa1'' keys are used for version 1 and ``dsa'', ``ecdsa'' or
280 ``rsa'' are used for version 2 of the SSH protocol.
280 281
281 IgnoreRhosts 282 IgnoreRhosts
282 Specifies that .rhosts and .shosts files will not be used in 283 Specifies that .rhosts and .shosts files will not be used in
@@ -290,6 +291,20 @@ DESCRIPTION
290 ~/.ssh/known_hosts during RhostsRSAAuthentication or 291 ~/.ssh/known_hosts during RhostsRSAAuthentication or
291 HostbasedAuthentication. The default is ``no''. 292 HostbasedAuthentication. The default is ``no''.
292 293
294 IPQoS Specifies the IPv4 type-of-service or DSCP class for the
295 connection. Accepted values are ``af11'', ``af12'', ``af13'',
296 ``af14'', ``af22'', ``af23'', ``af31'', ``af32'', ``af33'',
297 ``af41'', ``af42'', ``af43'', ``cs0'', ``cs1'', ``cs2'', ``cs3'',
298 ``cs4'', ``cs5'', ``cs6'', ``cs7'', ``ef'', ``lowdelay'',
299 ``throughput'', ``reliability'', or a numeric value. This option
300 may take one or two arguments, separated by whitespace. If one
301 argument is specified, it is used as the packet class
302 unconditionally. If two values are specified, the first is
303 automatically selected for interactive sessions and the second
304 for non-interactive sessions. The default is ``lowdelay'' for
305 interactive sessions and ``throughput'' for non-interactive
306 sessions.
307
293 KerberosAuthentication 308 KerberosAuthentication
294 Specifies whether the password provided by the user for 309 Specifies whether the password provided by the user for
295 PasswordAuthentication will be validated through the Kerberos 310 PasswordAuthentication will be validated through the Kerberos
@@ -311,6 +326,14 @@ DESCRIPTION
311 Specifies whether to automatically destroy the user's ticket 326 Specifies whether to automatically destroy the user's ticket
312 cache file on logout. The default is ``yes''. 327 cache file on logout. The default is ``yes''.
313 328
329 KexAlgorithms
330 Specifies the available KEX (Key Exchange) algorithms. Multiple
331 algorithms must be comma-separated. The default is
332 ``ecdh-sha2-nistp256'', ``ecdh-sha2-nistp384'',
333 ``ecdh-sha2-nistp521'', ``diffie-hellman-group-exchange-sha256'',
334 ``diffie-hellman-group-exchange-sha1'',
335 ``diffie-hellman-group14-sha1'', ``diffie-hellman-group1-sha1''.
336
314 KeyRegenerationInterval 337 KeyRegenerationInterval
315 In protocol version 1, the ephemeral server key is automatically 338 In protocol version 1, the ephemeral server key is automatically
316 regenerated after this many seconds (if it has been used). The 339 regenerated after this many seconds (if it has been used). The
@@ -323,8 +346,8 @@ DESCRIPTION
323 Specifies the local addresses sshd(8) should listen on. The 346 Specifies the local addresses sshd(8) should listen on. The
324 following forms may be used: 347 following forms may be used:
325 348
326 ListenAddress host | IPv4_addr | IPv6_addr 349 ListenAddress host|IPv4_addr|IPv6_addr
327 ListenAddress host | IPv4_addr:port 350 ListenAddress host|IPv4_addr:port
328 ListenAddress [host|IPv6_addr]:port 351 ListenAddress [host|IPv6_addr]:port
329 352
330 If port is not specified, sshd will listen on the address and all 353 If port is not specified, sshd will listen on the address and all
@@ -424,7 +447,7 @@ DESCRIPTION
424 447
425 PermitOpen host:port 448 PermitOpen host:port
426 PermitOpen IPv4_addr:port 449 PermitOpen IPv4_addr:port
427 PermitOpen [ IPv6_addr ]:port 450 PermitOpen [IPv6_addr]:port
428 451
429 Multiple forwards may be specified by separating them with 452 Multiple forwards may be specified by separating them with
430 whitespace. An argument of ``any'' can be used to remove all 453 whitespace. An argument of ``any'' can be used to remove all
@@ -650,9 +673,9 @@ DESCRIPTION
650 673
651TIME FORMATS 674TIME FORMATS
652 sshd(8) command-line arguments and configuration file options that 675 sshd(8) command-line arguments and configuration file options that
653 specify time may be expressed using a sequence of the form: time 676 specify time may be expressed using a sequence of the form:
654 [qualifier], where time is a positive integer value and qualifier is one 677 time[qualifier], where time is a positive integer value and qualifier is
655 of the following: 678 one of the following:
656 679
657 <none> seconds 680 <none> seconds
658 s | S seconds 681 s | S seconds
@@ -687,4 +710,4 @@ AUTHORS
687 versions 1.5 and 2.0. Niels Provos and Markus Friedl contributed support 710 versions 1.5 and 2.0. Niels Provos and Markus Friedl contributed support
688 for privilege separation. 711 for privilege separation.
689 712
690OpenBSD 4.8 June 30, 2010 OpenBSD 4.8 713OpenBSD 4.8 December 8, 2010 OpenBSD 4.8
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-10 23:08:11 +0000