diff options
Diffstat (limited to 'sshd_config.5')
-rw-r--r-- | sshd_config.5 | 41 |
1 files changed, 12 insertions, 29 deletions
diff --git a/sshd_config.5 b/sshd_config.5 index 18b1d81a0..3807c0f3c 100644 --- a/sshd_config.5 +++ b/sshd_config.5 | |||
@@ -33,8 +33,8 @@ | |||
33 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 33 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
34 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 34 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
35 | .\" | 35 | .\" |
36 | .\" $OpenBSD: sshd_config.5,v 1.160 2013/05/16 06:30:06 jmc Exp $ | 36 | .\" $OpenBSD: sshd_config.5,v 1.161 2013/06/27 14:05:37 jmc Exp $ |
37 | .Dd $Mdocdate: May 16 2013 $ | 37 | .Dd $Mdocdate: June 27 2013 $ |
38 | .Dt SSHD_CONFIG 5 | 38 | .Dt SSHD_CONFIG 5 |
39 | .Os | 39 | .Os |
40 | .Sh NAME | 40 | .Sh NAME |
@@ -117,9 +117,7 @@ The allow/deny directives are processed in the following order: | |||
117 | and finally | 117 | and finally |
118 | .Cm AllowGroups . | 118 | .Cm AllowGroups . |
119 | .Pp | 119 | .Pp |
120 | See | 120 | See PATTERNS in |
121 | .Sx PATTERNS | ||
122 | in | ||
123 | .Xr ssh_config 5 | 121 | .Xr ssh_config 5 |
124 | for more information on patterns. | 122 | for more information on patterns. |
125 | .It Cm AllowTcpForwarding | 123 | .It Cm AllowTcpForwarding |
@@ -159,9 +157,7 @@ The allow/deny directives are processed in the following order: | |||
159 | and finally | 157 | and finally |
160 | .Cm AllowGroups . | 158 | .Cm AllowGroups . |
161 | .Pp | 159 | .Pp |
162 | See | 160 | See PATTERNS in |
163 | .Sx PATTERNS | ||
164 | in | ||
165 | .Xr ssh_config 5 | 161 | .Xr ssh_config 5 |
166 | for more information on patterns. | 162 | for more information on patterns. |
167 | .It Cm AuthenticationMethods | 163 | .It Cm AuthenticationMethods |
@@ -205,9 +201,7 @@ Specifies a program to be used to look up the user's public keys. | |||
205 | The program must be owned by root and not writable by group or others. | 201 | The program must be owned by root and not writable by group or others. |
206 | It will be invoked with a single argument of the username | 202 | It will be invoked with a single argument of the username |
207 | being authenticated, and should produce on standard output zero or | 203 | being authenticated, and should produce on standard output zero or |
208 | more lines of authorized_keys output (see | 204 | more lines of authorized_keys output (see AUTHORIZED_KEYS in |
209 | .Sx AUTHORIZED_KEYS | ||
210 | in | ||
211 | .Xr sshd 8 ) . | 205 | .Xr sshd 8 ) . |
212 | If a key supplied by AuthorizedKeysCommand does not successfully authenticate | 206 | If a key supplied by AuthorizedKeysCommand does not successfully authenticate |
213 | and authorize the user then public key authentication continues using the usual | 207 | and authorize the user then public key authentication continues using the usual |
@@ -222,7 +216,7 @@ than running authorized keys commands. | |||
222 | Specifies the file that contains the public keys that can be used | 216 | Specifies the file that contains the public keys that can be used |
223 | for user authentication. | 217 | for user authentication. |
224 | The format is described in the | 218 | The format is described in the |
225 | .Sx AUTHORIZED_KEYS FILE FORMAT | 219 | AUTHORIZED_KEYS FILE FORMAT |
226 | section of | 220 | section of |
227 | .Xr sshd 8 . | 221 | .Xr sshd 8 . |
228 | .Cm AuthorizedKeysFile | 222 | .Cm AuthorizedKeysFile |
@@ -246,9 +240,7 @@ When using certificates signed by a key listed in | |||
246 | this file lists names, one of which must appear in the certificate for it | 240 | this file lists names, one of which must appear in the certificate for it |
247 | to be accepted for authentication. | 241 | to be accepted for authentication. |
248 | Names are listed one per line preceded by key options (as described | 242 | Names are listed one per line preceded by key options (as described |
249 | in | 243 | in AUTHORIZED_KEYS FILE FORMAT in |
250 | .Sx AUTHORIZED_KEYS FILE FORMAT | ||
251 | in | ||
252 | .Xr sshd 8 ) . | 244 | .Xr sshd 8 ) . |
253 | Empty lines and comments starting with | 245 | Empty lines and comments starting with |
254 | .Ql # | 246 | .Ql # |
@@ -426,9 +418,7 @@ The allow/deny directives are processed in the following order: | |||
426 | and finally | 418 | and finally |
427 | .Cm AllowGroups . | 419 | .Cm AllowGroups . |
428 | .Pp | 420 | .Pp |
429 | See | 421 | See PATTERNS in |
430 | .Sx PATTERNS | ||
431 | in | ||
432 | .Xr ssh_config 5 | 422 | .Xr ssh_config 5 |
433 | for more information on patterns. | 423 | for more information on patterns. |
434 | .It Cm DenyUsers | 424 | .It Cm DenyUsers |
@@ -447,9 +437,7 @@ The allow/deny directives are processed in the following order: | |||
447 | and finally | 437 | and finally |
448 | .Cm AllowGroups . | 438 | .Cm AllowGroups . |
449 | .Pp | 439 | .Pp |
450 | See | 440 | See PATTERNS in |
451 | .Sx PATTERNS | ||
452 | in | ||
453 | .Xr ssh_config 5 | 441 | .Xr ssh_config 5 |
454 | for more information on patterns. | 442 | for more information on patterns. |
455 | .It Cm ForceCommand | 443 | .It Cm ForceCommand |
@@ -761,8 +749,7 @@ and | |||
761 | .Cm Address . | 749 | .Cm Address . |
762 | The match patterns may consist of single entries or comma-separated | 750 | The match patterns may consist of single entries or comma-separated |
763 | lists and may use the wildcard and negation operators described in the | 751 | lists and may use the wildcard and negation operators described in the |
764 | .Sx PATTERNS | 752 | PATTERNS section of |
765 | section of | ||
766 | .Xr ssh_config 5 . | 753 | .Xr ssh_config 5 . |
767 | .Pp | 754 | .Pp |
768 | The patterns in an | 755 | The patterns in an |
@@ -1043,9 +1030,7 @@ be refused for all users. | |||
1043 | Keys may be specified as a text file, listing one public key per line, or as | 1030 | Keys may be specified as a text file, listing one public key per line, or as |
1044 | an OpenSSH Key Revocation List (KRL) as generated by | 1031 | an OpenSSH Key Revocation List (KRL) as generated by |
1045 | .Xr ssh-keygen 1 . | 1032 | .Xr ssh-keygen 1 . |
1046 | For more information on KRLs, see the | 1033 | For more information on KRLs, see the KEY REVOCATION LISTS section in |
1047 | .Sx KEY REVOCATION LISTS | ||
1048 | section in | ||
1049 | .Xr ssh-keygen 1 . | 1034 | .Xr ssh-keygen 1 . |
1050 | .It Cm RhostsRSAAuthentication | 1035 | .It Cm RhostsRSAAuthentication |
1051 | Specifies whether rhosts or /etc/hosts.equiv authentication together | 1036 | Specifies whether rhosts or /etc/hosts.equiv authentication together |
@@ -1134,9 +1119,7 @@ listed in the certificate's principals list. | |||
1134 | Note that certificates that lack a list of principals will not be permitted | 1119 | Note that certificates that lack a list of principals will not be permitted |
1135 | for authentication using | 1120 | for authentication using |
1136 | .Cm TrustedUserCAKeys . | 1121 | .Cm TrustedUserCAKeys . |
1137 | For more details on certificates, see the | 1122 | For more details on certificates, see the CERTIFICATES section in |
1138 | .Sx CERTIFICATES | ||
1139 | section in | ||
1140 | .Xr ssh-keygen 1 . | 1123 | .Xr ssh-keygen 1 . |
1141 | .It Cm UseDNS | 1124 | .It Cm UseDNS |
1142 | Specifies whether | 1125 | Specifies whether |