diff options
Diffstat (limited to 'sshd_config.5')
-rw-r--r-- | sshd_config.5 | 28 |
1 files changed, 22 insertions, 6 deletions
diff --git a/sshd_config.5 b/sshd_config.5 index 3e364cf00..22e7edc94 100644 --- a/sshd_config.5 +++ b/sshd_config.5 | |||
@@ -33,8 +33,8 @@ | |||
33 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 33 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
34 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 34 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
35 | .\" | 35 | .\" |
36 | .\" $OpenBSD: sshd_config.5,v 1.136 2011/09/09 00:43:00 djm Exp $ | 36 | .\" $OpenBSD: sshd_config.5,v 1.144 2012/06/29 13:57:25 naddy Exp $ |
37 | .Dd $Mdocdate: September 9 2011 $ | 37 | .Dd $Mdocdate: June 29 2012 $ |
38 | .Dt SSHD_CONFIG 5 | 38 | .Dt SSHD_CONFIG 5 |
39 | .Os | 39 | .Os |
40 | .Sh NAME | 40 | .Sh NAME |
@@ -225,7 +225,9 @@ After expansion, | |||
225 | is taken to be an absolute path or one relative to the user's home | 225 | is taken to be an absolute path or one relative to the user's home |
226 | directory. | 226 | directory. |
227 | .Pp | 227 | .Pp |
228 | The default is not to use a principals file \(en in this case, the username | 228 | The default is |
229 | .Dq none , | ||
230 | i.e. not to use a principals file \(en in this case, the username | ||
229 | of the user must appear in a certificate's principals list for it to be | 231 | of the user must appear in a certificate's principals list for it to be |
230 | accepted. | 232 | accepted. |
231 | Note that | 233 | Note that |
@@ -714,9 +716,8 @@ Multiple algorithms must be comma-separated. | |||
714 | The default is: | 716 | The default is: |
715 | .Bd -literal -offset indent | 717 | .Bd -literal -offset indent |
716 | hmac-md5,hmac-sha1,umac-64@openssh.com, | 718 | hmac-md5,hmac-sha1,umac-64@openssh.com, |
717 | hmac-ripemd160,hmac-sha1-96,hmac-md5-96, | 719 | hmac-sha2-256,hmac-sha2-512,hmac-ripemd160, |
718 | hmac-sha2-256,hmac-sha256-96,hmac-sha2-512, | 720 | hmac-sha1-96,hmac-md5-96 |
719 | hmac-sha2-512-96 | ||
720 | .Ed | 721 | .Ed |
721 | .It Cm Match | 722 | .It Cm Match |
722 | Introduces a conditional block. | 723 | Introduces a conditional block. |
@@ -734,6 +735,8 @@ The available criteria are | |||
734 | .Cm User , | 735 | .Cm User , |
735 | .Cm Group , | 736 | .Cm Group , |
736 | .Cm Host , | 737 | .Cm Host , |
738 | .Cm LocalAddress , | ||
739 | .Cm LocalPort , | ||
737 | and | 740 | and |
738 | .Cm Address . | 741 | .Cm Address . |
739 | The match patterns may consist of single entries or comma-separated | 742 | The match patterns may consist of single entries or comma-separated |
@@ -762,12 +765,17 @@ Only a subset of keywords may be used on the lines following a | |||
762 | .Cm Match | 765 | .Cm Match |
763 | keyword. | 766 | keyword. |
764 | Available keywords are | 767 | Available keywords are |
768 | .Cm AcceptEnv , | ||
765 | .Cm AllowAgentForwarding , | 769 | .Cm AllowAgentForwarding , |
770 | .Cm AllowGroups , | ||
766 | .Cm AllowTcpForwarding , | 771 | .Cm AllowTcpForwarding , |
772 | .Cm AllowUsers , | ||
767 | .Cm AuthorizedKeysFile , | 773 | .Cm AuthorizedKeysFile , |
768 | .Cm AuthorizedPrincipalsFile , | 774 | .Cm AuthorizedPrincipalsFile , |
769 | .Cm Banner , | 775 | .Cm Banner , |
770 | .Cm ChrootDirectory , | 776 | .Cm ChrootDirectory , |
777 | .Cm DenyGroups , | ||
778 | .Cm DenyUsers , | ||
771 | .Cm ForceCommand , | 779 | .Cm ForceCommand , |
772 | .Cm GatewayPorts , | 780 | .Cm GatewayPorts , |
773 | .Cm GSSAPIAuthentication , | 781 | .Cm GSSAPIAuthentication , |
@@ -871,6 +879,9 @@ Multiple forwards may be specified by separating them with whitespace. | |||
871 | An argument of | 879 | An argument of |
872 | .Dq any | 880 | .Dq any |
873 | can be used to remove all restrictions and permit any forwarding requests. | 881 | can be used to remove all restrictions and permit any forwarding requests. |
882 | An argument of | ||
883 | .Dq none | ||
884 | can be used to prohibit all forwarding requests. | ||
874 | By default all port forwarding requests are permitted. | 885 | By default all port forwarding requests are permitted. |
875 | .It Cm PermitRootLogin | 886 | .It Cm PermitRootLogin |
876 | Specifies whether root can log in using | 887 | Specifies whether root can log in using |
@@ -1155,6 +1166,11 @@ is set to | |||
1155 | .Dq sandbox | 1166 | .Dq sandbox |
1156 | then the pre-authentication unprivileged process is subject to additional | 1167 | then the pre-authentication unprivileged process is subject to additional |
1157 | restrictions. | 1168 | restrictions. |
1169 | .It Cm VersionAddendum | ||
1170 | Optionally specifies additional text to append to the SSH protocol banner | ||
1171 | sent by the server upon connection. | ||
1172 | The default is | ||
1173 | .Dq none . | ||
1158 | .It Cm X11DisplayOffset | 1174 | .It Cm X11DisplayOffset |
1159 | Specifies the first display number available for | 1175 | Specifies the first display number available for |
1160 | .Xr sshd 8 Ns 's | 1176 | .Xr sshd 8 Ns 's |