diff options
Diffstat (limited to 'sshd_config.5')
-rw-r--r-- | sshd_config.5 | 38 |
1 files changed, 22 insertions, 16 deletions
diff --git a/sshd_config.5 b/sshd_config.5 index 8250be8d6..86b3289a1 100644 --- a/sshd_config.5 +++ b/sshd_config.5 | |||
@@ -34,7 +34,7 @@ | |||
34 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 34 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
35 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 35 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
36 | .\" | 36 | .\" |
37 | .\" $OpenBSD: sshd_config.5,v 1.16 2003/04/30 01:16:20 mouring Exp $ | 37 | .\" $OpenBSD: sshd_config.5,v 1.17 2003/05/20 12:09:32 jmc Exp $ |
38 | .Dd September 25, 1999 | 38 | .Dd September 25, 1999 |
39 | .Dt SSHD_CONFIG 5 | 39 | .Dt SSHD_CONFIG 5 |
40 | .Os | 40 | .Os |
@@ -107,7 +107,8 @@ Specifies the file that contains the public keys that can be used | |||
107 | for user authentication. | 107 | for user authentication. |
108 | .Cm AuthorizedKeysFile | 108 | .Cm AuthorizedKeysFile |
109 | may contain tokens of the form %T which are substituted during connection | 109 | may contain tokens of the form %T which are substituted during connection |
110 | set-up. The following tokens are defined: %% is replaced by a literal '%', | 110 | set-up. |
111 | The following tokens are defined: %% is replaced by a literal '%', | ||
111 | %h is replaced by the home directory of the user being authenticated and | 112 | %h is replaced by the home directory of the user being authenticated and |
112 | %u is replaced by the username of that user. | 113 | %u is replaced by the username of that user. |
113 | After expansion, | 114 | After expansion, |
@@ -153,20 +154,24 @@ This option applies to protocol version 2 only. | |||
153 | Sets the number of client alive messages (see above) which may be | 154 | Sets the number of client alive messages (see above) which may be |
154 | sent without | 155 | sent without |
155 | .Nm sshd | 156 | .Nm sshd |
156 | receiving any messages back from the client. If this threshold is | 157 | receiving any messages back from the client. |
157 | reached while client alive messages are being sent, | 158 | If this threshold is reached while client alive messages are being sent, |
158 | .Nm sshd | 159 | .Nm sshd |
159 | will disconnect the client, terminating the session. It is important | 160 | will disconnect the client, terminating the session. |
160 | to note that the use of client alive messages is very different from | 161 | It is important to note that the use of client alive messages is very |
162 | different from | ||
161 | .Cm KeepAlive | 163 | .Cm KeepAlive |
162 | (below). The client alive messages are sent through the | 164 | (below). |
163 | encrypted channel and therefore will not be spoofable. The TCP keepalive | 165 | The client alive messages are sent through the encrypted channel |
164 | option enabled by | 166 | and therefore will not be spoofable. |
167 | The TCP keepalive option enabled by | ||
165 | .Cm KeepAlive | 168 | .Cm KeepAlive |
166 | is spoofable. The client alive mechanism is valuable when the client or | 169 | is spoofable. |
170 | The client alive mechanism is valuable when the client or | ||
167 | server depend on knowing when a connection has become inactive. | 171 | server depend on knowing when a connection has become inactive. |
168 | .Pp | 172 | .Pp |
169 | The default value is 3. If | 173 | The default value is 3. |
174 | If | ||
170 | .Cm ClientAliveInterval | 175 | .Cm ClientAliveInterval |
171 | (above) is set to 15, and | 176 | (above) is set to 15, and |
172 | .Cm ClientAliveCountMax | 177 | .Cm ClientAliveCountMax |
@@ -369,11 +374,12 @@ is not specified, | |||
369 | .Nm sshd | 374 | .Nm sshd |
370 | will listen on the address and all prior | 375 | will listen on the address and all prior |
371 | .Cm Port | 376 | .Cm Port |
372 | options specified. The default is to listen on all local | 377 | options specified. |
373 | addresses. | 378 | The default is to listen on all local addresses. |
374 | Multiple | 379 | Multiple |
375 | .Cm ListenAddress | 380 | .Cm ListenAddress |
376 | options are permitted. Additionally, any | 381 | options are permitted. |
382 | Additionally, any | ||
377 | .Cm Port | 383 | .Cm Port |
378 | options must precede this option for non port qualified addresses. | 384 | options must precede this option for non port qualified addresses. |
379 | .It Cm LoginGraceTime | 385 | .It Cm LoginGraceTime |
@@ -454,8 +460,8 @@ but only if the | |||
454 | .Ar command | 460 | .Ar command |
455 | option has been specified | 461 | option has been specified |
456 | (which may be useful for taking remote backups even if root login is | 462 | (which may be useful for taking remote backups even if root login is |
457 | normally not allowed). All other authentication methods are disabled | 463 | normally not allowed). |
458 | for root. | 464 | All other authentication methods are disabled for root. |
459 | .Pp | 465 | .Pp |
460 | If this option is set to | 466 | If this option is set to |
461 | .Dq no | 467 | .Dq no |