summaryrefslogtreecommitdiff
path: root/sshd_config.0
diff options
context:
space:
mode:
Diffstat (limited to 'sshd_config.0')
-rw-r--r--sshd_config.042
1 files changed, 22 insertions, 20 deletions
diff --git a/sshd_config.0 b/sshd_config.0
index b0160aa87..678ee14b4 100644
--- a/sshd_config.0
+++ b/sshd_config.0
@@ -3,9 +3,6 @@ SSHD_CONFIG(5) File Formats Manual SSHD_CONFIG(5)
3NAME 3NAME
4 sshd_config M-bM-^@M-^S OpenSSH SSH daemon configuration file 4 sshd_config M-bM-^@M-^S OpenSSH SSH daemon configuration file
5 5
6SYNOPSIS
7 /etc/ssh/sshd_config
8
9DESCRIPTION 6DESCRIPTION
10 sshd(8) reads configuration data from /etc/ssh/sshd_config (or the file 7 sshd(8) reads configuration data from /etc/ssh/sshd_config (or the file
11 specified with -f on the command line). The file contains keyword- 8 specified with -f on the command line). The file contains keyword-
@@ -120,6 +117,11 @@ DESCRIPTION
120 Note that each authentication method listed should also be 117 Note that each authentication method listed should also be
121 explicitly enabled in the configuration. 118 explicitly enabled in the configuration.
122 119
120 The available authentication methods are: "gssapi-with-mic",
121 "hostbased", "keyboard-interactive", "none" (used for access to
122 password-less accounts when PermitEmptyPassword is enabled),
123 "password" and "publickey".
124
123 AuthorizedKeysCommand 125 AuthorizedKeysCommand
124 Specifies a program to be used to look up the user's public keys. 126 Specifies a program to be used to look up the user's public keys.
125 The program must be owned by root, not writable by group or 127 The program must be owned by root, not writable by group or
@@ -253,11 +255,6 @@ DESCRIPTION
253 aes256-ctr 255 aes256-ctr
254 aes128-gcm@openssh.com 256 aes128-gcm@openssh.com
255 aes256-gcm@openssh.com 257 aes256-gcm@openssh.com
256 arcfour
257 arcfour128
258 arcfour256
259 blowfish-cbc
260 cast128-cbc
261 chacha20-poly1305@openssh.com 258 chacha20-poly1305@openssh.com
262 259
263 The default is: 260 The default is:
@@ -329,6 +326,13 @@ DESCRIPTION
329 TCP and StreamLocal. This option overrides all other forwarding- 326 TCP and StreamLocal. This option overrides all other forwarding-
330 related options and may simplify restricted configurations. 327 related options and may simplify restricted configurations.
331 328
329 ExposeAuthInfo
330 Writes a temporary file containing a list of authentication
331 methods and public credentials (e.g. keys) used to authenticate
332 the user. The location of the file is exposed to the user
333 session through the SSH_USER_AUTH environment variable. The
334 default is no.
335
332 FingerprintHash 336 FingerprintHash
333 Specifies the hash algorithm used when logging key fingerprints. 337 Specifies the hash algorithm used when logging key fingerprints.
334 Valid options are: md5 and sha256. The default is sha256. 338 Valid options are: md5 and sha256. The default is sha256.
@@ -467,14 +471,14 @@ DESCRIPTION
467 IPQoS Specifies the IPv4 type-of-service or DSCP class for the 471 IPQoS Specifies the IPv4 type-of-service or DSCP class for the
468 connection. Accepted values are af11, af12, af13, af21, af22, 472 connection. Accepted values are af11, af12, af13, af21, af22,
469 af23, af31, af32, af33, af41, af42, af43, cs0, cs1, cs2, cs3, 473 af23, af31, af32, af33, af41, af42, af43, cs0, cs1, cs2, cs3,
470 cs4, cs5, cs6, cs7, ef, lowdelay, throughput, reliability, or a 474 cs4, cs5, cs6, cs7, ef, lowdelay, throughput, reliability, a
471 numeric value. This option may take one or two arguments, 475 numeric value, or none to use the operating system default. This
472 separated by whitespace. If one argument is specified, it is 476 option may take one or two arguments, separated by whitespace.
473 used as the packet class unconditionally. If two values are 477 If one argument is specified, it is used as the packet class
474 specified, the first is automatically selected for interactive 478 unconditionally. If two values are specified, the first is
475 sessions and the second for non-interactive sessions. The 479 automatically selected for interactive sessions and the second
476 default is lowdelay for interactive sessions and throughput for 480 for non-interactive sessions. The default is lowdelay for
477 non-interactive sessions. 481 interactive sessions and throughput for non-interactive sessions.
478 482
479 KbdInteractiveAuthentication 483 KbdInteractiveAuthentication
480 Specifies whether to allow keyboard-interactive authentication. 484 Specifies whether to allow keyboard-interactive authentication.
@@ -573,7 +577,6 @@ DESCRIPTION
573 577
574 hmac-md5 578 hmac-md5
575 hmac-md5-96 579 hmac-md5-96
576 hmac-ripemd160
577 hmac-sha1 580 hmac-sha1
578 hmac-sha1-96 581 hmac-sha1-96
579 hmac-sha2-256 582 hmac-sha2-256
@@ -582,7 +585,6 @@ DESCRIPTION
582 umac-128@openssh.com 585 umac-128@openssh.com
583 hmac-md5-etm@openssh.com 586 hmac-md5-etm@openssh.com
584 hmac-md5-96-etm@openssh.com 587 hmac-md5-96-etm@openssh.com
585 hmac-ripemd160-etm@openssh.com
586 hmac-sha1-etm@openssh.com 588 hmac-sha1-etm@openssh.com
587 hmac-sha1-96-etm@openssh.com 589 hmac-sha1-96-etm@openssh.com
588 hmac-sha2-256-etm@openssh.com 590 hmac-sha2-256-etm@openssh.com
@@ -634,7 +636,7 @@ DESCRIPTION
634 ClientAliveInterval, DenyGroups, DenyUsers, ForceCommand, 636 ClientAliveInterval, DenyGroups, DenyUsers, ForceCommand,
635 GatewayPorts, GSSAPIAuthentication, HostbasedAcceptedKeyTypes, 637 GatewayPorts, GSSAPIAuthentication, HostbasedAcceptedKeyTypes,
636 HostbasedAuthentication, HostbasedUsesNameFromPacketOnly, IPQoS, 638 HostbasedAuthentication, HostbasedUsesNameFromPacketOnly, IPQoS,
637 KbdInteractiveAuthentication, KerberosAuthentication, 639 KbdInteractiveAuthentication, KerberosAuthentication, LogLevel,
638 MaxAuthTries, MaxSessions, PasswordAuthentication, 640 MaxAuthTries, MaxSessions, PasswordAuthentication,
639 PermitEmptyPasswords, PermitOpen, PermitRootLogin, PermitTTY, 641 PermitEmptyPasswords, PermitOpen, PermitRootLogin, PermitTTY,
640 PermitTunnel, PermitUserRC, PubkeyAcceptedKeyTypes, 642 PermitTunnel, PermitUserRC, PubkeyAcceptedKeyTypes,
@@ -1017,4 +1019,4 @@ AUTHORS
1017 versions 1.5 and 2.0. Niels Provos and Markus Friedl contributed support 1019 versions 1.5 and 2.0. Niels Provos and Markus Friedl contributed support
1018 for privilege separation. 1020 for privilege separation.
1019 1021
1020OpenBSD 6.0 March 14, 2017 OpenBSD 6.0 1022OpenBSD 6.2 September 27, 2017 OpenBSD 6.2