diff options
Diffstat (limited to 'sshd_config.5')
-rw-r--r-- | sshd_config.5 | 37 |
1 files changed, 25 insertions, 12 deletions
diff --git a/sshd_config.5 b/sshd_config.5 index 09532fb8d..8d291e61d 100644 --- a/sshd_config.5 +++ b/sshd_config.5 | |||
@@ -34,7 +34,7 @@ | |||
34 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 34 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
35 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 35 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
36 | .\" | 36 | .\" |
37 | .\" $OpenBSD: sshd_config.5,v 1.35 2004/06/26 09:14:40 jmc Exp $ | 37 | .\" $OpenBSD: sshd_config.5,v 1.39 2005/03/01 10:09:52 djm Exp $ |
38 | .Dd September 25, 1999 | 38 | .Dd September 25, 1999 |
39 | .Dt SSHD_CONFIG 5 | 39 | .Dt SSHD_CONFIG 5 |
40 | .Os | 40 | .Os |
@@ -83,6 +83,17 @@ Be warned that some environment variables could be used to bypass restricted | |||
83 | user environments. | 83 | user environments. |
84 | For this reason, care should be taken in the use of this directive. | 84 | For this reason, care should be taken in the use of this directive. |
85 | The default is not to accept any environment variables. | 85 | The default is not to accept any environment variables. |
86 | .It Cm AddressFamily | ||
87 | Specifies which address family should be used by | ||
88 | .Nm sshd . | ||
89 | Valid arguments are | ||
90 | .Dq any , | ||
91 | .Dq inet | ||
92 | (use IPv4 only) or | ||
93 | .Dq inet6 | ||
94 | (use IPv6 only). | ||
95 | The default is | ||
96 | .Dq any . | ||
86 | .It Cm AllowGroups | 97 | .It Cm AllowGroups |
87 | This keyword can be followed by a list of group name patterns, separated | 98 | This keyword can be followed by a list of group name patterns, separated |
88 | by spaces. | 99 | by spaces. |
@@ -245,12 +256,15 @@ This prevents other remote hosts from connecting to forwarded ports. | |||
245 | .Cm GatewayPorts | 256 | .Cm GatewayPorts |
246 | can be used to specify that | 257 | can be used to specify that |
247 | .Nm sshd | 258 | .Nm sshd |
248 | should bind remote port forwardings to the wildcard address, | 259 | should allow remote port forwardings to bind to non-loopback addresses, thus |
249 | thus allowing remote hosts to connect to forwarded ports. | 260 | allowing other hosts to connect. |
250 | The argument must be | 261 | The argument may be |
262 | .Dq no | ||
263 | to force remote port forwardings to be available to the local host only, | ||
251 | .Dq yes | 264 | .Dq yes |
252 | or | 265 | to force remote port forwardings to bind to the wildcard address, or |
253 | .Dq no . | 266 | .Dq clientspecified |
267 | to allow the client to select the address to which the forwarding is bound. | ||
254 | The default is | 268 | The default is |
255 | .Dq no . | 269 | .Dq no . |
256 | .It Cm GSSAPIAuthentication | 270 | .It Cm GSSAPIAuthentication |
@@ -455,7 +469,7 @@ server allows login to accounts with empty password strings. | |||
455 | The default is | 469 | The default is |
456 | .Dq no . | 470 | .Dq no . |
457 | .It Cm PermitRootLogin | 471 | .It Cm PermitRootLogin |
458 | Specifies whether root can login using | 472 | Specifies whether root can log in using |
459 | .Xr ssh 1 . | 473 | .Xr ssh 1 . |
460 | The argument must be | 474 | The argument must be |
461 | .Dq yes , | 475 | .Dq yes , |
@@ -468,9 +482,7 @@ The default is | |||
468 | .Pp | 482 | .Pp |
469 | If this option is set to | 483 | If this option is set to |
470 | .Dq without-password | 484 | .Dq without-password |
471 | password authentication is disabled for root. Note that other authentication | 485 | password authentication is disabled for root. |
472 | methods (e.g., keyboard-interactive/PAM) may still allow root to login using | ||
473 | a password. | ||
474 | .Pp | 486 | .Pp |
475 | If this option is set to | 487 | If this option is set to |
476 | .Dq forced-commands-only | 488 | .Dq forced-commands-only |
@@ -484,7 +496,7 @@ All other authentication methods are disabled for root. | |||
484 | .Pp | 496 | .Pp |
485 | If this option is set to | 497 | If this option is set to |
486 | .Dq no | 498 | .Dq no |
487 | root is not allowed to login. | 499 | root is not allowed to log in. |
488 | .It Cm PermitUserEnvironment | 500 | .It Cm PermitUserEnvironment |
489 | Specifies whether | 501 | Specifies whether |
490 | .Pa ~/.ssh/environment | 502 | .Pa ~/.ssh/environment |
@@ -516,7 +528,8 @@ See also | |||
516 | .It Cm PrintLastLog | 528 | .It Cm PrintLastLog |
517 | Specifies whether | 529 | Specifies whether |
518 | .Nm sshd | 530 | .Nm sshd |
519 | should print the date and time when the user last logged in. | 531 | should print the date and time of the last user login when a user logs |
532 | in interactively. | ||
520 | The default is | 533 | The default is |
521 | .Dq yes . | 534 | .Dq yes . |
522 | .It Cm PrintMotd | 535 | .It Cm PrintMotd |