diff options
Diffstat (limited to 'sshd_config.5')
-rw-r--r-- | sshd_config.5 | 61 |
1 files changed, 55 insertions, 6 deletions
diff --git a/sshd_config.5 b/sshd_config.5 index 55e8d8503..449afb302 100644 --- a/sshd_config.5 +++ b/sshd_config.5 | |||
@@ -1,4 +1,3 @@ | |||
1 | .\" -*- nroff -*- | ||
2 | .\" | 1 | .\" |
3 | .\" Author: Tatu Ylonen <ylo@cs.hut.fi> | 2 | .\" Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | .\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 3 | .\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -34,8 +33,8 @@ | |||
34 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 33 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
35 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 34 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
36 | .\" | 35 | .\" |
37 | .\" $OpenBSD: sshd_config.5,v 1.125 2010/06/30 07:28:34 jmc Exp $ | 36 | .\" $OpenBSD: sshd_config.5,v 1.131 2010/12/08 04:02:47 djm Exp $ |
38 | .Dd $Mdocdate: June 30 2010 $ | 37 | .Dd $Mdocdate: December 8 2010 $ |
39 | .Dt SSHD_CONFIG 5 | 38 | .Dt SSHD_CONFIG 5 |
40 | .Os | 39 | .Os |
41 | .Sh NAME | 40 | .Sh NAME |
@@ -498,9 +497,10 @@ used by SSH. | |||
498 | The default is | 497 | The default is |
499 | .Pa /etc/ssh/ssh_host_key | 498 | .Pa /etc/ssh/ssh_host_key |
500 | for protocol version 1, and | 499 | for protocol version 1, and |
501 | .Pa /etc/ssh/ssh_host_rsa_key | 500 | .Pa /etc/ssh/ssh_host_dsa_key , |
501 | .Pa /etc/ssh/ssh_host_ecdsa_key | ||
502 | and | 502 | and |
503 | .Pa /etc/ssh/ssh_host_dsa_key | 503 | .Pa /etc/ssh/ssh_host_rsa_key |
504 | for protocol version 2. | 504 | for protocol version 2. |
505 | Note that | 505 | Note that |
506 | .Xr sshd 8 | 506 | .Xr sshd 8 |
@@ -508,7 +508,8 @@ will refuse to use a file if it is group/world-accessible. | |||
508 | It is possible to have multiple host key files. | 508 | It is possible to have multiple host key files. |
509 | .Dq rsa1 | 509 | .Dq rsa1 |
510 | keys are used for version 1 and | 510 | keys are used for version 1 and |
511 | .Dq dsa | 511 | .Dq dsa , |
512 | .Dq ecdsa | ||
512 | or | 513 | or |
513 | .Dq rsa | 514 | .Dq rsa |
514 | are used for version 2 of the SSH protocol. | 515 | are used for version 2 of the SSH protocol. |
@@ -539,6 +540,43 @@ or | |||
539 | .Cm HostbasedAuthentication . | 540 | .Cm HostbasedAuthentication . |
540 | The default is | 541 | The default is |
541 | .Dq no . | 542 | .Dq no . |
543 | .It Cm IPQoS | ||
544 | Specifies the IPv4 type-of-service or DSCP class for the connection. | ||
545 | Accepted values are | ||
546 | .Dq af11 , | ||
547 | .Dq af12 , | ||
548 | .Dq af13 , | ||
549 | .Dq af14 , | ||
550 | .Dq af22 , | ||
551 | .Dq af23 , | ||
552 | .Dq af31 , | ||
553 | .Dq af32 , | ||
554 | .Dq af33 , | ||
555 | .Dq af41 , | ||
556 | .Dq af42 , | ||
557 | .Dq af43 , | ||
558 | .Dq cs0 , | ||
559 | .Dq cs1 , | ||
560 | .Dq cs2 , | ||
561 | .Dq cs3 , | ||
562 | .Dq cs4 , | ||
563 | .Dq cs5 , | ||
564 | .Dq cs6 , | ||
565 | .Dq cs7 , | ||
566 | .Dq ef , | ||
567 | .Dq lowdelay , | ||
568 | .Dq throughput , | ||
569 | .Dq reliability , | ||
570 | or a numeric value. | ||
571 | This option may take one or two arguments, separated by whitespace. | ||
572 | If one argument is specified, it is used as the packet class unconditionally. | ||
573 | If two values are specified, the first is automatically selected for | ||
574 | interactive sessions and the second for non-interactive sessions. | ||
575 | The default is | ||
576 | .Dq lowdelay | ||
577 | for interactive sessions and | ||
578 | .Dq throughput | ||
579 | for non-interactive sessions. | ||
542 | .It Cm KerberosAuthentication | 580 | .It Cm KerberosAuthentication |
543 | Specifies whether the password provided by the user for | 581 | Specifies whether the password provided by the user for |
544 | .Cm PasswordAuthentication | 582 | .Cm PasswordAuthentication |
@@ -564,6 +602,17 @@ Specifies whether to automatically destroy the user's ticket cache | |||
564 | file on logout. | 602 | file on logout. |
565 | The default is | 603 | The default is |
566 | .Dq yes . | 604 | .Dq yes . |
605 | .It Cm KexAlgorithms | ||
606 | Specifies the available KEX (Key Exchange) algorithms. | ||
607 | Multiple algorithms must be comma-separated. | ||
608 | The default is | ||
609 | .Dq ecdh-sha2-nistp256 , | ||
610 | .Dq ecdh-sha2-nistp384 , | ||
611 | .Dq ecdh-sha2-nistp521 , | ||
612 | .Dq diffie-hellman-group-exchange-sha256 , | ||
613 | .Dq diffie-hellman-group-exchange-sha1 , | ||
614 | .Dq diffie-hellman-group14-sha1 , | ||
615 | .Dq diffie-hellman-group1-sha1 . | ||
567 | .It Cm KeyRegenerationInterval | 616 | .It Cm KeyRegenerationInterval |
568 | In protocol version 1, the ephemeral server key is automatically regenerated | 617 | In protocol version 1, the ephemeral server key is automatically regenerated |
569 | after this many seconds (if it has been used). | 618 | after this many seconds (if it has been used). |