diff options
Diffstat (limited to 'sshd_config.5')
| -rw-r--r-- | sshd_config.5 | 45 |
1 files changed, 28 insertions, 17 deletions
diff --git a/sshd_config.5 b/sshd_config.5 index 8d291e61d..5af4b1b27 100644 --- a/sshd_config.5 +++ b/sshd_config.5 | |||
| @@ -34,7 +34,7 @@ | |||
| 34 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 34 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
| 35 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 35 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
| 36 | .\" | 36 | .\" |
| 37 | .\" $OpenBSD: sshd_config.5,v 1.39 2005/03/01 10:09:52 djm Exp $ | 37 | .\" $OpenBSD: sshd_config.5,v 1.44 2005/07/25 11:59:40 markus Exp $ |
| 38 | .Dd September 25, 1999 | 38 | .Dd September 25, 1999 |
| 39 | .Dt SSHD_CONFIG 5 | 39 | .Dt SSHD_CONFIG 5 |
| 40 | .Os | 40 | .Os |
| @@ -168,24 +168,18 @@ The supported ciphers are | |||
| 168 | .Dq aes128-ctr , | 168 | .Dq aes128-ctr , |
| 169 | .Dq aes192-ctr , | 169 | .Dq aes192-ctr , |
| 170 | .Dq aes256-ctr , | 170 | .Dq aes256-ctr , |
| 171 | .Dq arcfour128 , | ||
| 172 | .Dq arcfour256 , | ||
| 171 | .Dq arcfour , | 173 | .Dq arcfour , |
| 172 | .Dq blowfish-cbc , | 174 | .Dq blowfish-cbc , |
| 173 | and | 175 | and |
| 174 | .Dq cast128-cbc . | 176 | .Dq cast128-cbc . |
| 175 | The default is | 177 | The default is |
| 176 | .Bd -literal | 178 | .Bd -literal |
| 177 | ``aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour, | 179 | ``aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128, |
| 178 | aes192-cbc,aes256-cbc,aes128-ctr,aes192-ctr,aes256-ctr'' | 180 | arcfour256,arcfour,aes192-cbc,aes256-cbc,aes128-ctr, |
| 181 | aes192-ctr,aes256-ctr'' | ||
| 179 | .Ed | 182 | .Ed |
| 180 | .It Cm ClientAliveInterval | ||
| 181 | Sets a timeout interval in seconds after which if no data has been received | ||
| 182 | from the client, | ||
| 183 | .Nm sshd | ||
| 184 | will send a message through the encrypted | ||
| 185 | channel to request a response from the client. | ||
| 186 | The default | ||
| 187 | is 0, indicating that these messages will not be sent to the client. | ||
| 188 | This option applies to protocol version 2 only. | ||
| 189 | .It Cm ClientAliveCountMax | 183 | .It Cm ClientAliveCountMax |
| 190 | Sets the number of client alive messages (see above) which may be | 184 | Sets the number of client alive messages (see above) which may be |
| 191 | sent without | 185 | sent without |
| @@ -213,14 +207,25 @@ If | |||
| 213 | .Cm ClientAliveCountMax | 207 | .Cm ClientAliveCountMax |
| 214 | is left at the default, unresponsive ssh clients | 208 | is left at the default, unresponsive ssh clients |
| 215 | will be disconnected after approximately 45 seconds. | 209 | will be disconnected after approximately 45 seconds. |
| 210 | .It Cm ClientAliveInterval | ||
| 211 | Sets a timeout interval in seconds after which if no data has been received | ||
| 212 | from the client, | ||
| 213 | .Nm sshd | ||
| 214 | will send a message through the encrypted | ||
| 215 | channel to request a response from the client. | ||
| 216 | The default | ||
| 217 | is 0, indicating that these messages will not be sent to the client. | ||
| 218 | This option applies to protocol version 2 only. | ||
| 216 | .It Cm Compression | 219 | .It Cm Compression |
| 217 | Specifies whether compression is allowed. | 220 | Specifies whether compression is allowed, or delayed until |
| 221 | the user has authenticated successfully. | ||
| 218 | The argument must be | 222 | The argument must be |
| 219 | .Dq yes | 223 | .Dq yes , |
| 224 | .Dq delayed , | ||
| 220 | or | 225 | or |
| 221 | .Dq no . | 226 | .Dq no . |
| 222 | The default is | 227 | The default is |
| 223 | .Dq yes . | 228 | .Dq delayed . |
| 224 | .It Cm DenyGroups | 229 | .It Cm DenyGroups |
| 225 | This keyword can be followed by a list of group name patterns, separated | 230 | This keyword can be followed by a list of group name patterns, separated |
| 226 | by spaces. | 231 | by spaces. |
| @@ -272,6 +277,12 @@ Specifies whether user authentication based on GSSAPI is allowed. | |||
| 272 | The default is | 277 | The default is |
| 273 | .Dq no . | 278 | .Dq no . |
| 274 | Note that this option applies to protocol version 2 only. | 279 | Note that this option applies to protocol version 2 only. |
| 280 | .It Cm GSSAPIKeyExchange | ||
| 281 | Specifies whether key exchange based on GSSAPI is allowed. GSSAPI key exchange | ||
| 282 | doesn't rely on ssh keys to verify host identity. | ||
| 283 | The default is | ||
| 284 | .Dq no . | ||
| 285 | Note that this option applies to protocol version 2 only. | ||
| 275 | .It Cm GSSAPICleanupCredentials | 286 | .It Cm GSSAPICleanupCredentials |
| 276 | Specifies whether to automatically destroy the user's credentials cache | 287 | Specifies whether to automatically destroy the user's credentials cache |
| 277 | on logout. | 288 | on logout. |
| @@ -327,7 +338,7 @@ The default is | |||
| 327 | Specifies whether | 338 | Specifies whether |
| 328 | .Nm sshd | 339 | .Nm sshd |
| 329 | should ignore the user's | 340 | should ignore the user's |
| 330 | .Pa $HOME/.ssh/known_hosts | 341 | .Pa ~/.ssh/known_hosts |
| 331 | during | 342 | during |
| 332 | .Cm RhostsRSAAuthentication | 343 | .Cm RhostsRSAAuthentication |
| 333 | or | 344 | or |
| @@ -630,7 +641,7 @@ To disable TCP keepalive messages, the value should be set to | |||
| 630 | .It Cm UseDNS | 641 | .It Cm UseDNS |
| 631 | Specifies whether | 642 | Specifies whether |
| 632 | .Nm sshd | 643 | .Nm sshd |
| 633 | should lookup the remote host name and check that | 644 | should look up the remote host name and check that |
| 634 | the resolved host name for the remote IP address maps back to the | 645 | the resolved host name for the remote IP address maps back to the |
| 635 | very same IP address. | 646 | very same IP address. |
| 636 | The default is | 647 | The default is |