diff options
Diffstat (limited to 'sshd_config.0')
-rw-r--r-- | sshd_config.0 | 40 |
1 files changed, 34 insertions, 6 deletions
diff --git a/sshd_config.0 b/sshd_config.0 index 8a922666e..0528a8c44 100644 --- a/sshd_config.0 +++ b/sshd_config.0 | |||
@@ -15,6 +15,19 @@ DESCRIPTION | |||
15 | The possible keywords and their meanings are as follows (note that key- | 15 | The possible keywords and their meanings are as follows (note that key- |
16 | words are case-insensitive and arguments are case-sensitive): | 16 | words are case-insensitive and arguments are case-sensitive): |
17 | 17 | ||
18 | AcceptEnv | ||
19 | Specifies what environment variables sent by the client will be | ||
20 | copied into the session's environ(7). See SendEnv in | ||
21 | ssh_config(5) for how to configure the client. Note that envi- | ||
22 | ronment passing is only supported for protocol 2. Variables are | ||
23 | specified by name, which may contain the wildcard characters `*' | ||
24 | and `?'. Multiple environment variables may be separated by | ||
25 | whitespace or spread across multiple AcceptEnv directives. Be | ||
26 | warned that some environment variables could be used to bypass | ||
27 | restricted user environments. For this reason, care should be | ||
28 | taken in the use of this directive. The default is not to accept | ||
29 | any environment variables. | ||
30 | |||
18 | AllowGroups | 31 | AllowGroups |
19 | This keyword can be followed by a list of group name patterns, | 32 | This keyword can be followed by a list of group name patterns, |
20 | separated by spaces. If specified, login is allowed only for | 33 | separated by spaces. If specified, login is allowed only for |
@@ -63,7 +76,10 @@ DESCRIPTION | |||
63 | 76 | ||
64 | Ciphers | 77 | Ciphers |
65 | Specifies the ciphers allowed for protocol version 2. Multiple | 78 | Specifies the ciphers allowed for protocol version 2. Multiple |
66 | ciphers must be comma-separated. The default is | 79 | ciphers must be comma-separated. The supported ciphers are |
80 | ``3des-cbc'', ``aes128-cbc'', ``aes192-cbc'', ``aes256-cbc'', | ||
81 | ``aes128-ctr'', ``aes192-ctr'', ``aes256-ctr'', ``arcfour'', | ||
82 | ``blowfish-cbc'', and ``cast128-cbc''. The default is | ||
67 | 83 | ||
68 | ``aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour, | 84 | ``aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour, |
69 | aes192-cbc,aes256-cbc,aes128-ctr,aes192-ctr,aes256-ctr'' | 85 | aes192-cbc,aes256-cbc,aes128-ctr,aes192-ctr,aes256-ctr'' |
@@ -224,6 +240,11 @@ DESCRIPTION | |||
224 | ed. The default is ``hmac-md5,hmac-sha1,hmac-ripemd160,hmac- | 240 | ed. The default is ``hmac-md5,hmac-sha1,hmac-ripemd160,hmac- |
225 | sha1-96,hmac-md5-96''. | 241 | sha1-96,hmac-md5-96''. |
226 | 242 | ||
243 | MaxAuthTries | ||
244 | Specifies the maximum number of authentication attempts permitted | ||
245 | per connection. Once the number of failures reaches half this | ||
246 | value, additional failures are logged. The default is 6. | ||
247 | |||
227 | MaxStartups | 248 | MaxStartups |
228 | Specifies the maximum number of concurrent unauthenticated con- | 249 | Specifies the maximum number of concurrent unauthenticated con- |
229 | nections to the sshd daemon. Additional connections will be | 250 | nections to the sshd daemon. Additional connections will be |
@@ -367,10 +388,17 @@ DESCRIPTION | |||
367 | know how to handle xauth(1) cookies. If UsePrivilegeSeparation | 388 | know how to handle xauth(1) cookies. If UsePrivilegeSeparation |
368 | is specified, it will be disabled after authentication. | 389 | is specified, it will be disabled after authentication. |
369 | 390 | ||
370 | UsePAM Enables PAM authentication (via challenge-response) and session | 391 | UsePAM Enables the Pluggable Authentication Module interface. If set to |
371 | set up. If you enable this, you should probably disable | 392 | ``yes'' this will enable PAM authentication using |
372 | PasswordAuthentication. If you enable then you will not be able | 393 | ChallengeResponseAuthentication and PAM account and session mod- |
373 | to run sshd as a non-root user. The default is ``no''. | 394 | ule processing for all authentication types. |
395 | |||
396 | Because PAM challenge-response authentication usually serves an | ||
397 | equivalent role to password authentication, you should disable | ||
398 | either PasswordAuthentication or ChallengeResponseAuthentication. | ||
399 | |||
400 | If UsePAM is enabled, you will not be able to run sshd(8) as a | ||
401 | non-root user. The default is ``no''. | ||
374 | 402 | ||
375 | UsePrivilegeSeparation | 403 | UsePrivilegeSeparation |
376 | Specifies whether sshd separates privileges by creating an un- | 404 | Specifies whether sshd separates privileges by creating an un- |
@@ -463,4 +491,4 @@ AUTHORS | |||
463 | versions 1.5 and 2.0. Niels Provos and Markus Friedl contributed support | 491 | versions 1.5 and 2.0. Niels Provos and Markus Friedl contributed support |
464 | for privilege separation. | 492 | for privilege separation. |
465 | 493 | ||
466 | OpenBSD 3.5 September 25, 1999 8 | 494 | OpenBSD 3.6 September 25, 1999 8 |