diff options
Diffstat (limited to 'sshd_config.5')
-rw-r--r-- | sshd_config.5 | 40 |
1 files changed, 26 insertions, 14 deletions
diff --git a/sshd_config.5 b/sshd_config.5 index d25b2f3d5..88db4db07 100644 --- a/sshd_config.5 +++ b/sshd_config.5 | |||
@@ -33,8 +33,8 @@ | |||
33 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 33 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
34 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 34 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
35 | .\" | 35 | .\" |
36 | .\" $OpenBSD: sshd_config.5,v 1.307 2020/02/07 03:54:44 dtucker Exp $ | 36 | .\" $OpenBSD: sshd_config.5,v 1.311 2020/04/17 06:12:41 jmc Exp $ |
37 | .Dd $Mdocdate: February 7 2020 $ | 37 | .Dd $Mdocdate: April 17 2020 $ |
38 | .Dt SSHD_CONFIG 5 | 38 | .Dt SSHD_CONFIG 5 |
39 | .Os | 39 | .Os |
40 | .Sh NAME | 40 | .Sh NAME |
@@ -276,12 +276,10 @@ more lines of authorized_keys output (see | |||
276 | .Sx AUTHORIZED_KEYS | 276 | .Sx AUTHORIZED_KEYS |
277 | in | 277 | in |
278 | .Xr sshd 8 ) . | 278 | .Xr sshd 8 ) . |
279 | If a key supplied by | ||
280 | .Cm AuthorizedKeysCommand | 279 | .Cm AuthorizedKeysCommand |
281 | does not successfully authenticate | 280 | is tried after the usual |
282 | and authorize the user then public key authentication continues using the usual | ||
283 | .Cm AuthorizedKeysFile | 281 | .Cm AuthorizedKeysFile |
284 | files. | 282 | files and will not be executed if a matching key is found there. |
285 | By default, no | 283 | By default, no |
286 | .Cm AuthorizedKeysCommand | 284 | .Cm AuthorizedKeysCommand |
287 | is run. | 285 | is run. |
@@ -721,8 +719,8 @@ gss-curve25519-sha256- | |||
721 | .Ed | 719 | .Ed |
722 | .Pp | 720 | .Pp |
723 | The default is | 721 | The default is |
724 | .Dq gss-gex-sha1-,gss-group14-sha1- . | 722 | .Dq gss-group14-sha256-,gss-group16-sha512-,gss-nistp256-sha256-,gss-curve25519-sha256-,gss-gex-sha1-,gss-group14-sha1- . |
725 | This option only applies to protocol version 2 connections using GSSAPI. | 723 | This option only applies to connections using GSSAPI. |
726 | .It Cm HostbasedAcceptedKeyTypes | 724 | .It Cm HostbasedAcceptedKeyTypes |
727 | Specifies the key types that will be accepted for hostbased authentication | 725 | Specifies the key types that will be accepted for hostbased authentication |
728 | as a list of comma-separated patterns. | 726 | as a list of comma-separated patterns. |
@@ -841,19 +839,32 @@ rsa-sha2-512,rsa-sha2-256,ssh-rsa | |||
841 | The list of available key types may also be obtained using | 839 | The list of available key types may also be obtained using |
842 | .Qq ssh -Q HostKeyAlgorithms . | 840 | .Qq ssh -Q HostKeyAlgorithms . |
843 | .It Cm IgnoreRhosts | 841 | .It Cm IgnoreRhosts |
844 | Specifies that | 842 | Specifies whether to ignore per-user |
845 | .Pa .rhosts | 843 | .Pa .rhosts |
846 | and | 844 | and |
847 | .Pa .shosts | 845 | .Pa .shosts |
848 | files will not be used in | 846 | files during |
849 | .Cm HostbasedAuthentication . | 847 | .Cm HostbasedAuthentication . |
850 | .Pp | 848 | The system-wide |
851 | .Pa /etc/hosts.equiv | 849 | .Pa /etc/hosts.equiv |
852 | and | 850 | and |
853 | .Pa /etc/shosts.equiv | 851 | .Pa /etc/shosts.equiv |
854 | are still used. | 852 | are still used regardless of this setting. |
855 | The default is | 853 | .Pp |
856 | .Cm yes . | 854 | Accepted values are |
855 | .Cm yes | ||
856 | (the default) to ignore all per-user files, | ||
857 | .Cm shosts-only | ||
858 | to allow the use of | ||
859 | .Pa .shosts | ||
860 | but to ignore | ||
861 | .Pa .rhosts | ||
862 | or | ||
863 | .Cm no | ||
864 | to allow both | ||
865 | .Pa .shosts | ||
866 | and | ||
867 | .Pa rhosts . | ||
857 | .It Cm IgnoreUserKnownHosts | 868 | .It Cm IgnoreUserKnownHosts |
858 | Specifies whether | 869 | Specifies whether |
859 | .Xr sshd 8 | 870 | .Xr sshd 8 |
@@ -1223,6 +1234,7 @@ Available keywords are | |||
1223 | .Cm HostbasedAcceptedKeyTypes , | 1234 | .Cm HostbasedAcceptedKeyTypes , |
1224 | .Cm HostbasedAuthentication , | 1235 | .Cm HostbasedAuthentication , |
1225 | .Cm HostbasedUsesNameFromPacketOnly , | 1236 | .Cm HostbasedUsesNameFromPacketOnly , |
1237 | .Cm IgnoreRhosts , | ||
1226 | .Cm Include , | 1238 | .Cm Include , |
1227 | .Cm IPQoS , | 1239 | .Cm IPQoS , |
1228 | .Cm KbdInteractiveAuthentication , | 1240 | .Cm KbdInteractiveAuthentication , |