diff options
Diffstat (limited to 'sshd_config.5')
-rw-r--r-- | sshd_config.5 | 45 |
1 files changed, 26 insertions, 19 deletions
diff --git a/sshd_config.5 b/sshd_config.5 index 0747cc8b5..ef520680f 100644 --- a/sshd_config.5 +++ b/sshd_config.5 | |||
@@ -33,15 +33,13 @@ | |||
33 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 33 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
34 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 34 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
35 | .\" | 35 | .\" |
36 | .\" $OpenBSD: sshd_config.5,v 1.243 2017/03/14 07:19:07 djm Exp $ | 36 | .\" $OpenBSD: sshd_config.5,v 1.253 2017/09/27 06:45:53 jmc Exp $ |
37 | .Dd $Mdocdate: March 14 2017 $ | 37 | .Dd $Mdocdate: September 27 2017 $ |
38 | .Dt SSHD_CONFIG 5 | 38 | .Dt SSHD_CONFIG 5 |
39 | .Os | 39 | .Os |
40 | .Sh NAME | 40 | .Sh NAME |
41 | .Nm sshd_config | 41 | .Nm sshd_config |
42 | .Nd OpenSSH SSH daemon configuration file | 42 | .Nd OpenSSH SSH daemon configuration file |
43 | .Sh SYNOPSIS | ||
44 | .Nm /etc/ssh/sshd_config | ||
45 | .Sh DESCRIPTION | 43 | .Sh DESCRIPTION |
46 | .Xr sshd 8 | 44 | .Xr sshd 8 |
47 | reads configuration data from | 45 | reads configuration data from |
@@ -247,6 +245,18 @@ requires successful authentication using two different public keys. | |||
247 | .Pp | 245 | .Pp |
248 | Note that each authentication method listed should also be explicitly enabled | 246 | Note that each authentication method listed should also be explicitly enabled |
249 | in the configuration. | 247 | in the configuration. |
248 | .Pp | ||
249 | The available authentication methods are: | ||
250 | .Qq gssapi-with-mic , | ||
251 | .Qq hostbased , | ||
252 | .Qq keyboard-interactive , | ||
253 | .Qq none | ||
254 | (used for access to password-less accounts when | ||
255 | .Cm PermitEmptyPassword | ||
256 | is enabled), | ||
257 | .Qq password | ||
258 | and | ||
259 | .Qq publickey . | ||
250 | .It Cm AuthorizedKeysCommand | 260 | .It Cm AuthorizedKeysCommand |
251 | Specifies a program to be used to look up the user's public keys. | 261 | Specifies a program to be used to look up the user's public keys. |
252 | The program must be owned by root, not writable by group or others and | 262 | The program must be owned by root, not writable by group or others and |
@@ -485,16 +495,6 @@ aes128-gcm@openssh.com | |||
485 | .It | 495 | .It |
486 | aes256-gcm@openssh.com | 496 | aes256-gcm@openssh.com |
487 | .It | 497 | .It |
488 | arcfour | ||
489 | .It | ||
490 | arcfour128 | ||
491 | .It | ||
492 | arcfour256 | ||
493 | .It | ||
494 | blowfish-cbc | ||
495 | .It | ||
496 | cast128-cbc | ||
497 | .It | ||
498 | chacha20-poly1305@openssh.com | 498 | chacha20-poly1305@openssh.com |
499 | .El | 499 | .El |
500 | .Pp | 500 | .Pp |
@@ -600,6 +600,14 @@ Disables all forwarding features, including X11, | |||
600 | TCP and StreamLocal. | 600 | TCP and StreamLocal. |
601 | This option overrides all other forwarding-related options and may | 601 | This option overrides all other forwarding-related options and may |
602 | simplify restricted configurations. | 602 | simplify restricted configurations. |
603 | .It Cm ExposeAuthInfo | ||
604 | Writes a temporary file containing a list of authentication methods and | ||
605 | public credentials (e.g. keys) used to authenticate the user. | ||
606 | The location of the file is exposed to the user session through the | ||
607 | .Ev SSH_USER_AUTH | ||
608 | environment variable. | ||
609 | The default is | ||
610 | .Cm no . | ||
603 | .It Cm FingerprintHash | 611 | .It Cm FingerprintHash |
604 | Specifies the hash algorithm used when logging key fingerprints. | 612 | Specifies the hash algorithm used when logging key fingerprints. |
605 | Valid options are: | 613 | Valid options are: |
@@ -833,7 +841,9 @@ Accepted values are | |||
833 | .Cm lowdelay , | 841 | .Cm lowdelay , |
834 | .Cm throughput , | 842 | .Cm throughput , |
835 | .Cm reliability , | 843 | .Cm reliability , |
836 | or a numeric value. | 844 | a numeric value, or |
845 | .Cm none | ||
846 | to use the operating system default. | ||
837 | This option may take one or two arguments, separated by whitespace. | 847 | This option may take one or two arguments, separated by whitespace. |
838 | If one argument is specified, it is used as the packet class unconditionally. | 848 | If one argument is specified, it is used as the packet class unconditionally. |
839 | If two values are specified, the first is automatically selected for | 849 | If two values are specified, the first is automatically selected for |
@@ -997,8 +1007,6 @@ hmac-md5 | |||
997 | .It | 1007 | .It |
998 | hmac-md5-96 | 1008 | hmac-md5-96 |
999 | .It | 1009 | .It |
1000 | hmac-ripemd160 | ||
1001 | .It | ||
1002 | hmac-sha1 | 1010 | hmac-sha1 |
1003 | .It | 1011 | .It |
1004 | hmac-sha1-96 | 1012 | hmac-sha1-96 |
@@ -1015,8 +1023,6 @@ hmac-md5-etm@openssh.com | |||
1015 | .It | 1023 | .It |
1016 | hmac-md5-96-etm@openssh.com | 1024 | hmac-md5-96-etm@openssh.com |
1017 | .It | 1025 | .It |
1018 | hmac-ripemd160-etm@openssh.com | ||
1019 | .It | ||
1020 | hmac-sha1-etm@openssh.com | 1026 | hmac-sha1-etm@openssh.com |
1021 | .It | 1027 | .It |
1022 | hmac-sha1-96-etm@openssh.com | 1028 | hmac-sha1-96-etm@openssh.com |
@@ -1115,6 +1121,7 @@ Available keywords are | |||
1115 | .Cm IPQoS , | 1121 | .Cm IPQoS , |
1116 | .Cm KbdInteractiveAuthentication , | 1122 | .Cm KbdInteractiveAuthentication , |
1117 | .Cm KerberosAuthentication , | 1123 | .Cm KerberosAuthentication , |
1124 | .Cm LogLevel , | ||
1118 | .Cm MaxAuthTries , | 1125 | .Cm MaxAuthTries , |
1119 | .Cm MaxSessions , | 1126 | .Cm MaxSessions , |
1120 | .Cm PasswordAuthentication , | 1127 | .Cm PasswordAuthentication , |