diff options
Diffstat (limited to 'sshd_config.5')
| -rw-r--r-- | sshd_config.5 | 17 |
1 files changed, 13 insertions, 4 deletions
diff --git a/sshd_config.5 b/sshd_config.5 index e7a5f0a08..e73624154 100644 --- a/sshd_config.5 +++ b/sshd_config.5 | |||
| @@ -33,8 +33,8 @@ | |||
| 33 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 33 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
| 34 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 34 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
| 35 | .\" | 35 | .\" |
| 36 | .\" $OpenBSD: sshd_config.5,v 1.131 2010/12/08 04:02:47 djm Exp $ | 36 | .\" $OpenBSD: sshd_config.5,v 1.135 2011/08/02 01:22:11 djm Exp $ |
| 37 | .Dd $Mdocdate: December 8 2010 $ | 37 | .Dd $Mdocdate: August 2 2011 $ |
| 38 | .Dt SSHD_CONFIG 5 | 38 | .Dt SSHD_CONFIG 5 |
| 39 | .Os | 39 | .Os |
| 40 | .Sh NAME | 40 | .Sh NAME |
| @@ -195,8 +195,9 @@ After expansion, | |||
| 195 | .Cm AuthorizedKeysFile | 195 | .Cm AuthorizedKeysFile |
| 196 | is taken to be an absolute path or one relative to the user's home | 196 | is taken to be an absolute path or one relative to the user's home |
| 197 | directory. | 197 | directory. |
| 198 | Multiple files may be listed, separated by whitespace. | ||
| 198 | The default is | 199 | The default is |
| 199 | .Dq .ssh/authorized_keys . | 200 | .Dq .ssh/authorized_keys .ssh/authorized_keys2 . |
| 200 | .It Cm AuthorizedPrincipalsFile | 201 | .It Cm AuthorizedPrincipalsFile |
| 201 | Specifies a file that lists principal names that are accepted for | 202 | Specifies a file that lists principal names that are accepted for |
| 202 | certificate authentication. | 203 | certificate authentication. |
| @@ -713,7 +714,9 @@ Multiple algorithms must be comma-separated. | |||
| 713 | The default is: | 714 | The default is: |
| 714 | .Bd -literal -offset indent | 715 | .Bd -literal -offset indent |
| 715 | hmac-md5,hmac-sha1,umac-64@openssh.com, | 716 | hmac-md5,hmac-sha1,umac-64@openssh.com, |
| 716 | hmac-ripemd160,hmac-sha1-96,hmac-md5-96 | 717 | hmac-ripemd160,hmac-sha1-96,hmac-md5-96, |
| 718 | hmac-sha2-256,hmac-sha256-96,hmac-sha2-512, | ||
| 719 | hmac-sha2-512-96 | ||
| 717 | .Ed | 720 | .Ed |
| 718 | .It Cm Match | 721 | .It Cm Match |
| 719 | Introduces a conditional block. | 722 | Introduces a conditional block. |
| @@ -1146,6 +1149,12 @@ The goal of privilege separation is to prevent privilege | |||
| 1146 | escalation by containing any corruption within the unprivileged processes. | 1149 | escalation by containing any corruption within the unprivileged processes. |
| 1147 | The default is | 1150 | The default is |
| 1148 | .Dq yes . | 1151 | .Dq yes . |
| 1152 | If | ||
| 1153 | .Cm UsePrivilegeSeparation | ||
| 1154 | is set to | ||
| 1155 | .Dq sandbox | ||
| 1156 | then the pre-authentication unprivileged process is subject to additional | ||
| 1157 | restrictions. | ||
| 1149 | .It Cm X11DisplayOffset | 1158 | .It Cm X11DisplayOffset |
| 1150 | Specifies the first display number available for | 1159 | Specifies the first display number available for |
| 1151 | .Xr sshd 8 Ns 's | 1160 | .Xr sshd 8 Ns 's |