summaryrefslogtreecommitdiff
path: root/sshd_config.0
diff options
context:
space:
mode:
Diffstat (limited to 'sshd_config.0')
-rw-r--r--sshd_config.051
1 files changed, 25 insertions, 26 deletions
diff --git a/sshd_config.0 b/sshd_config.0
index 643db2640..981e91042 100644
--- a/sshd_config.0
+++ b/sshd_config.0
@@ -81,12 +81,12 @@ DESCRIPTION
81 If this threshold is reached while client alive messages are be- 81 If this threshold is reached while client alive messages are be-
82 ing sent, sshd will disconnect the client, terminating the ses- 82 ing sent, sshd will disconnect the client, terminating the ses-
83 sion. It is important to note that the use of client alive mes- 83 sion. It is important to note that the use of client alive mes-
84 sages is very different from KeepAlive (below). The client alive 84 sages is very different from TCPKeepAlive (below). The client
85 messages are sent through the encrypted channel and therefore 85 alive messages are sent through the encrypted channel and there-
86 will not be spoofable. The TCP keepalive option enabled by 86 fore will not be spoofable. The TCP keepalive option enabled by
87 KeepAlive is spoofable. The client alive mechanism is valuable 87 TCPKeepAlive is spoofable. The client alive mechanism is valu-
88 when the client or server depend on knowing when a connection has 88 able when the client or server depend on knowing when a connec-
89 become inactive. 89 tion has become inactive.
90 90
91 The default value is 3. If ClientAliveInterval (above) is set to 91 The default value is 3. If ClientAliveInterval (above) is set to
92 15, and ClientAliveCountMax is left at the default, unresponsive 92 15, and ClientAliveCountMax is left at the default, unresponsive
@@ -162,21 +162,6 @@ DESCRIPTION
162 $HOME/.ssh/known_hosts during RhostsRSAAuthentication or 162 $HOME/.ssh/known_hosts during RhostsRSAAuthentication or
163 HostbasedAuthentication. The default is ``no''. 163 HostbasedAuthentication. The default is ``no''.
164 164
165 KeepAlive
166 Specifies whether the system should send TCP keepalive messages
167 to the other side. If they are sent, death of the connection or
168 crash of one of the machines will be properly noticed. However,
169 this means that connections will die if the route is down tem-
170 porarily, and some people find it annoying. On the other hand,
171 if keepalives are not sent, sessions may hang indefinitely on the
172 server, leaving ``ghost'' users and consuming server resources.
173
174 The default is ``yes'' (to send keepalives), and the server will
175 notice if the network goes down or the client host crashes. This
176 avoids infinitely hanging sessions.
177
178 To disable keepalives, the value should be set to ``no''.
179
180 KerberosAuthentication 165 KerberosAuthentication
181 Specifies whether the password provided by the user for 166 Specifies whether the password provided by the user for
182 PasswordAuthentication will be validated through the Kerberos 167 PasswordAuthentication will be validated through the Kerberos
@@ -308,10 +293,7 @@ DESCRIPTION
308 PubkeyAuthentication 293 PubkeyAuthentication
309 Specifies whether public key authentication is allowed. The de- 294 Specifies whether public key authentication is allowed. The de-
310 fault is ``yes''. Note that this option applies to protocol ver- 295 fault is ``yes''. Note that this option applies to protocol ver-
311 sion 2 only. RhostsRSAAuthentication should be used instead, be- 296 sion 2 only.
312 cause it performs RSA-based host authentication in addition to
313 normal rhosts or /etc/hosts.equiv authentication. The default is
314 ``no''. This option applies to protocol version 1 only.
315 297
316 RhostsRSAAuthentication 298 RhostsRSAAuthentication
317 Specifies whether rhosts or /etc/hosts.equiv authentication to- 299 Specifies whether rhosts or /etc/hosts.equiv authentication to-
@@ -349,6 +331,23 @@ DESCRIPTION
349 CAL1, LOCAL2, LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7. The de- 331 CAL1, LOCAL2, LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7. The de-
350 fault is AUTH. 332 fault is AUTH.
351 333
334 TCPKeepAlive
335 Specifies whether the system should send TCP keepalive messages
336 to the other side. If they are sent, death of the connection or
337 crash of one of the machines will be properly noticed. However,
338 this means that connections will die if the route is down tem-
339 porarily, and some people find it annoying. On the other hand,
340 if TCP keepalives are not sent, sessions may hang indefinitely on
341 the server, leaving ``ghost'' users and consuming server re-
342 sources.
343
344 The default is ``yes'' (to send TCP keepalive messages), and the
345 server will notice if the network goes down or the client host
346 crashes. This avoids infinitely hanging sessions.
347
348 To disable TCP keepalive messages, the value should be set to
349 ``no''.
350
352 UseDNS Specifies whether sshd should lookup the remote host name and 351 UseDNS Specifies whether sshd should lookup the remote host name and
353 check that the resolved host name for the remote IP address maps 352 check that the resolved host name for the remote IP address maps
354 back to the very same IP address. The default is ``yes''. 353 back to the very same IP address. The default is ``yes''.
@@ -364,7 +363,7 @@ DESCRIPTION
364 UsePAM Enables PAM authentication (via challenge-response) and session 363 UsePAM Enables PAM authentication (via challenge-response) and session
365 set up. If you enable this, you should probably disable 364 set up. If you enable this, you should probably disable
366 PasswordAuthentication. If you enable then you will not be able 365 PasswordAuthentication. If you enable then you will not be able
367 to run sshd as a non-root user. 366 to run sshd as a non-root user. The default is ``no''.
368 367
369 UsePrivilegeSeparation 368 UsePrivilegeSeparation
370 Specifies whether sshd separates privileges by creating an un- 369 Specifies whether sshd separates privileges by creating an un-
generated by cgit v1.2.3 (git 2.39.1) at 2024-06-27 09:29:00 +0000