diff options
Diffstat (limited to 'sshd_config.0')
-rw-r--r-- | sshd_config.0 | 66 |
1 files changed, 40 insertions, 26 deletions
diff --git a/sshd_config.0 b/sshd_config.0 index 5f1df7b58..5962b02b9 100644 --- a/sshd_config.0 +++ b/sshd_config.0 | |||
@@ -198,18 +198,25 @@ DESCRIPTION | |||
198 | 198 | ||
199 | Ciphers | 199 | Ciphers |
200 | Specifies the ciphers allowed for protocol version 2. Multiple | 200 | Specifies the ciphers allowed for protocol version 2. Multiple |
201 | ciphers must be comma-separated. The supported ciphers are | 201 | ciphers must be comma-separated. The supported ciphers are: |
202 | |||
202 | ``3des-cbc'', ``aes128-cbc'', ``aes192-cbc'', ``aes256-cbc'', | 203 | ``3des-cbc'', ``aes128-cbc'', ``aes192-cbc'', ``aes256-cbc'', |
203 | ``aes128-ctr'', ``aes192-ctr'', ``aes256-ctr'', | 204 | ``aes128-ctr'', ``aes192-ctr'', ``aes256-ctr'', |
204 | ``aes128-gcm@openssh.com'', ``aes256-gcm@openssh.com'', | 205 | ``aes128-gcm@openssh.com'', ``aes256-gcm@openssh.com'', |
205 | ``arcfour128'', ``arcfour256'', ``arcfour'', ``blowfish-cbc'', | 206 | ``arcfour128'', ``arcfour256'', ``arcfour'', ``blowfish-cbc'', |
206 | and ``cast128-cbc''. The default is: | 207 | ``cast128-cbc'', and ``chacha20-poly1305@openssh.com''. |
208 | |||
209 | The default is: | ||
207 | 210 | ||
208 | aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128, | 211 | aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128, |
209 | aes128-gcm@openssh.com,aes256-gcm@openssh.com, | 212 | aes128-gcm@openssh.com,aes256-gcm@openssh.com, |
213 | chacha20-poly1305@openssh.com, | ||
210 | aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc, | 214 | aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc, |
211 | aes256-cbc,arcfour | 215 | aes256-cbc,arcfour |
212 | 216 | ||
217 | The list of available ciphers may also be obtained using the -Q | ||
218 | option of ssh(1). | ||
219 | |||
213 | ClientAliveCountMax | 220 | ClientAliveCountMax |
214 | Sets the number of client alive messages (see below) which may be | 221 | Sets the number of client alive messages (see below) which may be |
215 | sent without sshd(8) receiving any messages back from the client. | 222 | sent without sshd(8) receiving any messages back from the client. |
@@ -325,15 +332,15 @@ DESCRIPTION | |||
325 | HostKey | 332 | HostKey |
326 | Specifies a file containing a private host key used by SSH. The | 333 | Specifies a file containing a private host key used by SSH. The |
327 | default is /etc/ssh/ssh_host_key for protocol version 1, and | 334 | default is /etc/ssh/ssh_host_key for protocol version 1, and |
328 | /etc/ssh/ssh_host_dsa_key, /etc/ssh/ssh_host_ecdsa_key and | 335 | /etc/ssh/ssh_host_dsa_key, /etc/ssh/ssh_host_ecdsa_key, |
329 | /etc/ssh/ssh_host_rsa_key for protocol version 2. Note that | 336 | /etc/ssh/ssh_host_ed25519_key and /etc/ssh/ssh_host_rsa_key for |
330 | sshd(8) will refuse to use a file if it is group/world- | 337 | protocol version 2. Note that sshd(8) will refuse to use a file |
331 | accessible. It is possible to have multiple host key files. | 338 | if it is group/world-accessible. It is possible to have multiple |
332 | ``rsa1'' keys are used for version 1 and ``dsa'', ``ecdsa'' or | 339 | host key files. ``rsa1'' keys are used for version 1 and |
333 | ``rsa'' are used for version 2 of the SSH protocol. It is also | 340 | ``dsa'', ``ecdsa'', ``ed25519'' or ``rsa'' are used for version 2 |
334 | possible to specify public host key files instead. In this case | 341 | of the SSH protocol. It is also possible to specify public host |
335 | operations on the private key will be delegated to an | 342 | key files instead. In this case operations on the private key |
336 | ssh-agent(1). | 343 | will be delegated to an ssh-agent(1). |
337 | 344 | ||
338 | HostKeyAgent | 345 | HostKeyAgent |
339 | Identifies the UNIX-domain socket used to communicate with an | 346 | Identifies the UNIX-domain socket used to communicate with an |
@@ -391,10 +398,13 @@ DESCRIPTION | |||
391 | KexAlgorithms | 398 | KexAlgorithms |
392 | Specifies the available KEX (Key Exchange) algorithms. Multiple | 399 | Specifies the available KEX (Key Exchange) algorithms. Multiple |
393 | algorithms must be comma-separated. The default is | 400 | algorithms must be comma-separated. The default is |
394 | ``ecdh-sha2-nistp256'', ``ecdh-sha2-nistp384'', | 401 | |
395 | ``ecdh-sha2-nistp521'', ``diffie-hellman-group-exchange-sha256'', | 402 | curve25519-sha256@libssh.org, |
396 | ``diffie-hellman-group-exchange-sha1'', | 403 | ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521, |
397 | ``diffie-hellman-group14-sha1'', ``diffie-hellman-group1-sha1''. | 404 | diffie-hellman-group-exchange-sha256, |
405 | diffie-hellman-group-exchange-sha1, | ||
406 | diffie-hellman-group14-sha1, | ||
407 | diffie-hellman-group1-sha1 | ||
398 | 408 | ||
399 | KeyRegenerationInterval | 409 | KeyRegenerationInterval |
400 | In protocol version 1, the ephemeral server key is automatically | 410 | In protocol version 1, the ephemeral server key is automatically |
@@ -452,12 +462,12 @@ DESCRIPTION | |||
452 | override those set in the global section of the config file, | 462 | override those set in the global section of the config file, |
453 | until either another Match line or the end of the file. | 463 | until either another Match line or the end of the file. |
454 | 464 | ||
455 | The arguments to Match are one or more criteria-pattern pairs. | 465 | The arguments to Match are one or more criteria-pattern pairs or |
456 | The available criteria are User, Group, Host, LocalAddress, | 466 | the single token All which matches all criteria. The available |
457 | LocalPort, and Address. The match patterns may consist of single | 467 | criteria are User, Group, Host, LocalAddress, LocalPort, and |
458 | entries or comma-separated lists and may use the wildcard and | 468 | Address. The match patterns may consist of single entries or |
459 | negation operators described in the PATTERNS section of | 469 | comma-separated lists and may use the wildcard and negation |
460 | ssh_config(5). | 470 | operators described in the PATTERNS section of ssh_config(5). |
461 | 471 | ||
462 | The patterns in an Address criteria may additionally contain | 472 | The patterns in an Address criteria may additionally contain |
463 | addresses to match in CIDR address/masklen format, e.g. | 473 | addresses to match in CIDR address/masklen format, e.g. |
@@ -477,10 +487,10 @@ DESCRIPTION | |||
477 | HostbasedAuthentication, HostbasedUsesNameFromPacketOnly, | 487 | HostbasedAuthentication, HostbasedUsesNameFromPacketOnly, |
478 | KbdInteractiveAuthentication, KerberosAuthentication, | 488 | KbdInteractiveAuthentication, KerberosAuthentication, |
479 | MaxAuthTries, MaxSessions, PasswordAuthentication, | 489 | MaxAuthTries, MaxSessions, PasswordAuthentication, |
480 | PermitEmptyPasswords, PermitOpen, PermitRootLogin, PermitTunnel, | 490 | PermitEmptyPasswords, PermitOpen, PermitRootLogin, PermitTTY, |
481 | PubkeyAuthentication, RekeyLimit, RhostsRSAAuthentication, | 491 | PermitTunnel, PubkeyAuthentication, RekeyLimit, |
482 | RSAAuthentication, X11DisplayOffset, X11Forwarding and | 492 | RhostsRSAAuthentication, RSAAuthentication, X11DisplayOffset, |
483 | X11UseLocalHost. | 493 | X11Forwarding and X11UseLocalHost. |
484 | 494 | ||
485 | MaxAuthTries | 495 | MaxAuthTries |
486 | Specifies the maximum number of authentication attempts permitted | 496 | Specifies the maximum number of authentication attempts permitted |
@@ -551,6 +561,10 @@ DESCRIPTION | |||
551 | ``ethernet'' (layer 2), or ``no''. Specifying ``yes'' permits | 561 | ``ethernet'' (layer 2), or ``no''. Specifying ``yes'' permits |
552 | both ``point-to-point'' and ``ethernet''. The default is ``no''. | 562 | both ``point-to-point'' and ``ethernet''. The default is ``no''. |
553 | 563 | ||
564 | PermitTTY | ||
565 | Specifies whether pty(4) allocation is permitted. The default is | ||
566 | ``yes''. | ||
567 | |||
554 | PermitUserEnvironment | 568 | PermitUserEnvironment |
555 | Specifies whether ~/.ssh/environment and environment= options in | 569 | Specifies whether ~/.ssh/environment and environment= options in |
556 | ~/.ssh/authorized_keys are processed by sshd(8). The default is | 570 | ~/.ssh/authorized_keys are processed by sshd(8). The default is |
@@ -810,4 +824,4 @@ AUTHORS | |||
810 | versions 1.5 and 2.0. Niels Provos and Markus Friedl contributed support | 824 | versions 1.5 and 2.0. Niels Provos and Markus Friedl contributed support |
811 | for privilege separation. | 825 | for privilege separation. |
812 | 826 | ||
813 | OpenBSD 5.4 July 19, 2013 OpenBSD 5.4 | 827 | OpenBSD 5.4 December 8, 2013 OpenBSD 5.4 |