diff options
Diffstat (limited to 'sshd_config.0')
-rw-r--r-- | sshd_config.0 | 42 |
1 files changed, 22 insertions, 20 deletions
diff --git a/sshd_config.0 b/sshd_config.0 index b0160aa87..678ee14b4 100644 --- a/sshd_config.0 +++ b/sshd_config.0 | |||
@@ -3,9 +3,6 @@ SSHD_CONFIG(5) File Formats Manual SSHD_CONFIG(5) | |||
3 | NAME | 3 | NAME |
4 | sshd_config M-bM-^@M-^S OpenSSH SSH daemon configuration file | 4 | sshd_config M-bM-^@M-^S OpenSSH SSH daemon configuration file |
5 | 5 | ||
6 | SYNOPSIS | ||
7 | /etc/ssh/sshd_config | ||
8 | |||
9 | DESCRIPTION | 6 | DESCRIPTION |
10 | sshd(8) reads configuration data from /etc/ssh/sshd_config (or the file | 7 | sshd(8) reads configuration data from /etc/ssh/sshd_config (or the file |
11 | specified with -f on the command line). The file contains keyword- | 8 | specified with -f on the command line). The file contains keyword- |
@@ -120,6 +117,11 @@ DESCRIPTION | |||
120 | Note that each authentication method listed should also be | 117 | Note that each authentication method listed should also be |
121 | explicitly enabled in the configuration. | 118 | explicitly enabled in the configuration. |
122 | 119 | ||
120 | The available authentication methods are: "gssapi-with-mic", | ||
121 | "hostbased", "keyboard-interactive", "none" (used for access to | ||
122 | password-less accounts when PermitEmptyPassword is enabled), | ||
123 | "password" and "publickey". | ||
124 | |||
123 | AuthorizedKeysCommand | 125 | AuthorizedKeysCommand |
124 | Specifies a program to be used to look up the user's public keys. | 126 | Specifies a program to be used to look up the user's public keys. |
125 | The program must be owned by root, not writable by group or | 127 | The program must be owned by root, not writable by group or |
@@ -253,11 +255,6 @@ DESCRIPTION | |||
253 | aes256-ctr | 255 | aes256-ctr |
254 | aes128-gcm@openssh.com | 256 | aes128-gcm@openssh.com |
255 | aes256-gcm@openssh.com | 257 | aes256-gcm@openssh.com |
256 | arcfour | ||
257 | arcfour128 | ||
258 | arcfour256 | ||
259 | blowfish-cbc | ||
260 | cast128-cbc | ||
261 | chacha20-poly1305@openssh.com | 258 | chacha20-poly1305@openssh.com |
262 | 259 | ||
263 | The default is: | 260 | The default is: |
@@ -329,6 +326,13 @@ DESCRIPTION | |||
329 | TCP and StreamLocal. This option overrides all other forwarding- | 326 | TCP and StreamLocal. This option overrides all other forwarding- |
330 | related options and may simplify restricted configurations. | 327 | related options and may simplify restricted configurations. |
331 | 328 | ||
329 | ExposeAuthInfo | ||
330 | Writes a temporary file containing a list of authentication | ||
331 | methods and public credentials (e.g. keys) used to authenticate | ||
332 | the user. The location of the file is exposed to the user | ||
333 | session through the SSH_USER_AUTH environment variable. The | ||
334 | default is no. | ||
335 | |||
332 | FingerprintHash | 336 | FingerprintHash |
333 | Specifies the hash algorithm used when logging key fingerprints. | 337 | Specifies the hash algorithm used when logging key fingerprints. |
334 | Valid options are: md5 and sha256. The default is sha256. | 338 | Valid options are: md5 and sha256. The default is sha256. |
@@ -467,14 +471,14 @@ DESCRIPTION | |||
467 | IPQoS Specifies the IPv4 type-of-service or DSCP class for the | 471 | IPQoS Specifies the IPv4 type-of-service or DSCP class for the |
468 | connection. Accepted values are af11, af12, af13, af21, af22, | 472 | connection. Accepted values are af11, af12, af13, af21, af22, |
469 | af23, af31, af32, af33, af41, af42, af43, cs0, cs1, cs2, cs3, | 473 | af23, af31, af32, af33, af41, af42, af43, cs0, cs1, cs2, cs3, |
470 | cs4, cs5, cs6, cs7, ef, lowdelay, throughput, reliability, or a | 474 | cs4, cs5, cs6, cs7, ef, lowdelay, throughput, reliability, a |
471 | numeric value. This option may take one or two arguments, | 475 | numeric value, or none to use the operating system default. This |
472 | separated by whitespace. If one argument is specified, it is | 476 | option may take one or two arguments, separated by whitespace. |
473 | used as the packet class unconditionally. If two values are | 477 | If one argument is specified, it is used as the packet class |
474 | specified, the first is automatically selected for interactive | 478 | unconditionally. If two values are specified, the first is |
475 | sessions and the second for non-interactive sessions. The | 479 | automatically selected for interactive sessions and the second |
476 | default is lowdelay for interactive sessions and throughput for | 480 | for non-interactive sessions. The default is lowdelay for |
477 | non-interactive sessions. | 481 | interactive sessions and throughput for non-interactive sessions. |
478 | 482 | ||
479 | KbdInteractiveAuthentication | 483 | KbdInteractiveAuthentication |
480 | Specifies whether to allow keyboard-interactive authentication. | 484 | Specifies whether to allow keyboard-interactive authentication. |
@@ -573,7 +577,6 @@ DESCRIPTION | |||
573 | 577 | ||
574 | hmac-md5 | 578 | hmac-md5 |
575 | hmac-md5-96 | 579 | hmac-md5-96 |
576 | hmac-ripemd160 | ||
577 | hmac-sha1 | 580 | hmac-sha1 |
578 | hmac-sha1-96 | 581 | hmac-sha1-96 |
579 | hmac-sha2-256 | 582 | hmac-sha2-256 |
@@ -582,7 +585,6 @@ DESCRIPTION | |||
582 | umac-128@openssh.com | 585 | umac-128@openssh.com |
583 | hmac-md5-etm@openssh.com | 586 | hmac-md5-etm@openssh.com |
584 | hmac-md5-96-etm@openssh.com | 587 | hmac-md5-96-etm@openssh.com |
585 | hmac-ripemd160-etm@openssh.com | ||
586 | hmac-sha1-etm@openssh.com | 588 | hmac-sha1-etm@openssh.com |
587 | hmac-sha1-96-etm@openssh.com | 589 | hmac-sha1-96-etm@openssh.com |
588 | hmac-sha2-256-etm@openssh.com | 590 | hmac-sha2-256-etm@openssh.com |
@@ -634,7 +636,7 @@ DESCRIPTION | |||
634 | ClientAliveInterval, DenyGroups, DenyUsers, ForceCommand, | 636 | ClientAliveInterval, DenyGroups, DenyUsers, ForceCommand, |
635 | GatewayPorts, GSSAPIAuthentication, HostbasedAcceptedKeyTypes, | 637 | GatewayPorts, GSSAPIAuthentication, HostbasedAcceptedKeyTypes, |
636 | HostbasedAuthentication, HostbasedUsesNameFromPacketOnly, IPQoS, | 638 | HostbasedAuthentication, HostbasedUsesNameFromPacketOnly, IPQoS, |
637 | KbdInteractiveAuthentication, KerberosAuthentication, | 639 | KbdInteractiveAuthentication, KerberosAuthentication, LogLevel, |
638 | MaxAuthTries, MaxSessions, PasswordAuthentication, | 640 | MaxAuthTries, MaxSessions, PasswordAuthentication, |
639 | PermitEmptyPasswords, PermitOpen, PermitRootLogin, PermitTTY, | 641 | PermitEmptyPasswords, PermitOpen, PermitRootLogin, PermitTTY, |
640 | PermitTunnel, PermitUserRC, PubkeyAcceptedKeyTypes, | 642 | PermitTunnel, PermitUserRC, PubkeyAcceptedKeyTypes, |
@@ -1017,4 +1019,4 @@ AUTHORS | |||
1017 | versions 1.5 and 2.0. Niels Provos and Markus Friedl contributed support | 1019 | versions 1.5 and 2.0. Niels Provos and Markus Friedl contributed support |
1018 | for privilege separation. | 1020 | for privilege separation. |
1019 | 1021 | ||
1020 | OpenBSD 6.0 March 14, 2017 OpenBSD 6.0 | 1022 | OpenBSD 6.2 September 27, 2017 OpenBSD 6.2 |