diff options
Diffstat (limited to 'sshd_config.5')
-rw-r--r-- | sshd_config.5 | 21 |
1 files changed, 14 insertions, 7 deletions
diff --git a/sshd_config.5 b/sshd_config.5 index e58b7cfc7..a3357d445 100644 --- a/sshd_config.5 +++ b/sshd_config.5 | |||
@@ -34,8 +34,8 @@ | |||
34 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 34 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
35 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 35 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
36 | .\" | 36 | .\" |
37 | .\" $OpenBSD: sshd_config.5,v 1.96 2008/07/02 02:24:18 djm Exp $ | 37 | .\" $OpenBSD: sshd_config.5,v 1.102 2009/02/22 23:59:25 djm Exp $ |
38 | .Dd $Mdocdate: July 2 2008 $ | 38 | .Dd $Mdocdate: February 22 2009 $ |
39 | .Dt SSHD_CONFIG 5 | 39 | .Dt SSHD_CONFIG 5 |
40 | .Os | 40 | .Os |
41 | .Sh NAME | 41 | .Sh NAME |
@@ -240,9 +240,9 @@ and | |||
240 | .Dq cast128-cbc . | 240 | .Dq cast128-cbc . |
241 | The default is: | 241 | The default is: |
242 | .Bd -literal -offset 3n | 242 | .Bd -literal -offset 3n |
243 | aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128, | 243 | aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128, |
244 | arcfour256,arcfour,aes192-cbc,aes256-cbc,aes128-ctr, | 244 | aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc, |
245 | aes192-ctr,aes256-ctr | 245 | aes256-cbc,arcfour |
246 | .Ed | 246 | .Ed |
247 | .It Cm ClientAliveCountMax | 247 | .It Cm ClientAliveCountMax |
248 | Sets the number of client alive messages (see below) which may be | 248 | Sets the number of client alive messages (see below) which may be |
@@ -375,7 +375,7 @@ The default is | |||
375 | .Dq no . | 375 | .Dq no . |
376 | Note that this option applies to protocol version 2 only. | 376 | Note that this option applies to protocol version 2 only. |
377 | .It Cm GSSAPIKeyExchange | 377 | .It Cm GSSAPIKeyExchange |
378 | Specifies whether key exchange based on GSSAPI is allowed. GSSAPI key exchange | 378 | Specifies whether key exchange based on GSSAPI is allowed. GSSAPI key exchange |
379 | doesn't rely on ssh keys to verify host identity. | 379 | doesn't rely on ssh keys to verify host identity. |
380 | The default is | 380 | The default is |
381 | .Dq no . | 381 | .Dq no . |
@@ -403,6 +403,11 @@ Note that this option applies only to protocol version 2 GSSAPI connections, | |||
403 | and setting it to | 403 | and setting it to |
404 | .Dq no | 404 | .Dq no |
405 | may only work with recent Kerberos GSSAPI libraries. | 405 | may only work with recent Kerberos GSSAPI libraries. |
406 | .It Cm GSSAPIStoreCredentialsOnRekey | ||
407 | Controls whether the user's GSSAPI credentials should be updated following a | ||
408 | successful connection rekeying. This option can be used to accepted renewed | ||
409 | or updated credentials from a compatible client. The default is | ||
410 | .Dq no . | ||
406 | .It Cm HostbasedAuthentication | 411 | .It Cm HostbasedAuthentication |
407 | Specifies whether rhosts or /etc/hosts.equiv authentication together | 412 | Specifies whether rhosts or /etc/hosts.equiv authentication together |
408 | with successful public key client host authentication is allowed | 413 | with successful public key client host authentication is allowed |
@@ -616,6 +621,7 @@ Only a subset of keywords may be used on the lines following a | |||
616 | .Cm Match | 621 | .Cm Match |
617 | keyword. | 622 | keyword. |
618 | Available keywords are | 623 | Available keywords are |
624 | .Cm AllowAgentForwarding , | ||
619 | .Cm AllowTcpForwarding , | 625 | .Cm AllowTcpForwarding , |
620 | .Cm Banner , | 626 | .Cm Banner , |
621 | .Cm ChrootDirectory , | 627 | .Cm ChrootDirectory , |
@@ -628,12 +634,13 @@ Available keywords are | |||
628 | .Cm MaxAuthTries , | 634 | .Cm MaxAuthTries , |
629 | .Cm MaxSessions , | 635 | .Cm MaxSessions , |
630 | .Cm PasswordAuthentication , | 636 | .Cm PasswordAuthentication , |
637 | .Cm PermitEmptyPasswords , | ||
631 | .Cm PermitOpen , | 638 | .Cm PermitOpen , |
632 | .Cm PermitRootLogin , | 639 | .Cm PermitRootLogin , |
633 | .Cm RhostsRSAAuthentication , | 640 | .Cm RhostsRSAAuthentication , |
634 | .Cm RSAAuthentication , | 641 | .Cm RSAAuthentication , |
635 | .Cm X11DisplayOffset , | 642 | .Cm X11DisplayOffset , |
636 | .Cm X11Forwarding , | 643 | .Cm X11Forwarding |
637 | and | 644 | and |
638 | .Cm X11UseLocalHost . | 645 | .Cm X11UseLocalHost . |
639 | .It Cm MaxAuthTries | 646 | .It Cm MaxAuthTries |