diff options
Diffstat (limited to 'sshd_config.5')
| -rw-r--r-- | sshd_config.5 | 17 |
1 files changed, 13 insertions, 4 deletions
diff --git a/sshd_config.5 b/sshd_config.5 index 449afb302..76c95aa19 100644 --- a/sshd_config.5 +++ b/sshd_config.5 | |||
| @@ -33,8 +33,8 @@ | |||
| 33 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 33 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
| 34 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 34 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
| 35 | .\" | 35 | .\" |
| 36 | .\" $OpenBSD: sshd_config.5,v 1.131 2010/12/08 04:02:47 djm Exp $ | 36 | .\" $OpenBSD: sshd_config.5,v 1.135 2011/08/02 01:22:11 djm Exp $ |
| 37 | .Dd $Mdocdate: December 8 2010 $ | 37 | .Dd $Mdocdate: August 2 2011 $ |
| 38 | .Dt SSHD_CONFIG 5 | 38 | .Dt SSHD_CONFIG 5 |
| 39 | .Os | 39 | .Os |
| 40 | .Sh NAME | 40 | .Sh NAME |
| @@ -168,8 +168,9 @@ After expansion, | |||
| 168 | .Cm AuthorizedKeysFile | 168 | .Cm AuthorizedKeysFile |
| 169 | is taken to be an absolute path or one relative to the user's home | 169 | is taken to be an absolute path or one relative to the user's home |
| 170 | directory. | 170 | directory. |
| 171 | Multiple files may be listed, separated by whitespace. | ||
| 171 | The default is | 172 | The default is |
| 172 | .Dq .ssh/authorized_keys . | 173 | .Dq .ssh/authorized_keys .ssh/authorized_keys2 . |
| 173 | .It Cm AuthorizedPrincipalsFile | 174 | .It Cm AuthorizedPrincipalsFile |
| 174 | Specifies a file that lists principal names that are accepted for | 175 | Specifies a file that lists principal names that are accepted for |
| 175 | certificate authentication. | 176 | certificate authentication. |
| @@ -682,7 +683,9 @@ Multiple algorithms must be comma-separated. | |||
| 682 | The default is: | 683 | The default is: |
| 683 | .Bd -literal -offset indent | 684 | .Bd -literal -offset indent |
| 684 | hmac-md5,hmac-sha1,umac-64@openssh.com, | 685 | hmac-md5,hmac-sha1,umac-64@openssh.com, |
| 685 | hmac-ripemd160,hmac-sha1-96,hmac-md5-96 | 686 | hmac-ripemd160,hmac-sha1-96,hmac-md5-96, |
| 687 | hmac-sha2-256,hmac-sha256-96,hmac-sha2-512, | ||
| 688 | hmac-sha2-512-96 | ||
| 686 | .Ed | 689 | .Ed |
| 687 | .It Cm Match | 690 | .It Cm Match |
| 688 | Introduces a conditional block. | 691 | Introduces a conditional block. |
| @@ -1098,6 +1101,12 @@ The goal of privilege separation is to prevent privilege | |||
| 1098 | escalation by containing any corruption within the unprivileged processes. | 1101 | escalation by containing any corruption within the unprivileged processes. |
| 1099 | The default is | 1102 | The default is |
| 1100 | .Dq yes . | 1103 | .Dq yes . |
| 1104 | If | ||
| 1105 | .Cm UsePrivilegeSeparation | ||
| 1106 | is set to | ||
| 1107 | .Dq sandbox | ||
| 1108 | then the pre-authentication unprivileged process is subject to additional | ||
| 1109 | restrictions. | ||
| 1101 | .It Cm X11DisplayOffset | 1110 | .It Cm X11DisplayOffset |
| 1102 | Specifies the first display number available for | 1111 | Specifies the first display number available for |
| 1103 | .Xr sshd 8 Ns 's | 1112 | .Xr sshd 8 Ns 's |