diff options
Diffstat (limited to 'sshd_config.0')
| -rw-r--r-- | sshd_config.0 | 19 |
1 files changed, 11 insertions, 8 deletions
diff --git a/sshd_config.0 b/sshd_config.0 index 067f757de..9e73c5906 100644 --- a/sshd_config.0 +++ b/sshd_config.0 | |||
| @@ -88,14 +88,16 @@ DESCRIPTION | |||
| 88 | protocol version 2. By default, no banner is displayed. | 88 | protocol version 2. By default, no banner is displayed. |
| 89 | 89 | ||
| 90 | ChallengeResponseAuthentication | 90 | ChallengeResponseAuthentication |
| 91 | Specifies whether challenge-response authentication is allowed. | 91 | Specifies whether challenge-response authentication is allowed |
| 92 | All authentication styles from login.conf(5) are supported. The | 92 | (e.g. via PAM or though authentication styles supported in |
| 93 | default is ``yes''. | 93 | login.conf(5)) The default is ``yes''. |
| 94 | 94 | ||
| 95 | ChrootDirectory | 95 | ChrootDirectory |
| 96 | Specifies a path to chroot(2) to after authentication. This | 96 | Specifies a path to chroot(2) to after authentication. This |
| 97 | path, and all its components, must be root-owned directories that | 97 | path, and all its components, must be root-owned directories that |
| 98 | are not writable by any other user or group. | 98 | are not writable by any other user or group. After the chroot, |
| 99 | sshd(8) changes the working directory to the user's home directo- | ||
| 100 | ry. | ||
| 99 | 101 | ||
| 100 | The path may contain the following tokens that are expanded at | 102 | The path may contain the following tokens that are expanded at |
| 101 | runtime once the connecting user has been authenticated: %% is | 103 | runtime once the connecting user has been authenticated: %% is |
| @@ -104,13 +106,14 @@ DESCRIPTION | |||
| 104 | name of that user. | 106 | name of that user. |
| 105 | 107 | ||
| 106 | The ChrootDirectory must contain the necessary files and directo- | 108 | The ChrootDirectory must contain the necessary files and directo- |
| 107 | ries to support the users' session. For an interactive session | 109 | ries to support the user's session. For an interactive session |
| 108 | this requires at least a shell, typically sh(1), and basic /dev | 110 | this requires at least a shell, typically sh(1), and basic /dev |
| 109 | nodes such as null(4), zero(4), stdin(4), stdout(4), stderr(4), | 111 | nodes such as null(4), zero(4), stdin(4), stdout(4), stderr(4), |
| 110 | arandom(4) and tty(4) devices. For file transfer sessions using | 112 | arandom(4) and tty(4) devices. For file transfer sessions using |
| 111 | ``sftp'', no additional configuration of the environment is nec- | 113 | ``sftp'', no additional configuration of the environment is nec- |
| 112 | essary if the in-process sftp server is used (see Subsystem for | 114 | essary if the in-process sftp server is used, though sessions |
| 113 | details). | 115 | which use logging do require /dev/log inside the chroot directory |
| 116 | (see sftp-server(8) for details). | ||
| 114 | 117 | ||
| 115 | The default is not to chroot(2). | 118 | The default is not to chroot(2). |
| 116 | 119 | ||
| @@ -628,4 +631,4 @@ AUTHORS | |||
| 628 | versions 1.5 and 2.0. Niels Provos and Markus Friedl contributed support | 631 | versions 1.5 and 2.0. Niels Provos and Markus Friedl contributed support |
| 629 | for privilege separation. | 632 | for privilege separation. |
| 630 | 633 | ||
| 631 | OpenBSD 4.5 February 22, 2009 10 | 634 | OpenBSD 4.6 April 21, 2009 10 |