summaryrefslogtreecommitdiff
path: root/sshd_config.5
diff options
context:
space:
mode:
Diffstat (limited to 'sshd_config.5')
-rw-r--r--sshd_config.545
1 files changed, 25 insertions, 20 deletions
diff --git a/sshd_config.5 b/sshd_config.5
index 6e2de10d7..e0768230e 100644
--- a/sshd_config.5
+++ b/sshd_config.5
@@ -34,7 +34,7 @@
34.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 34.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
35.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 35.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
36.\" 36.\"
37.\" $OpenBSD: sshd_config.5,v 1.48 2006/01/02 17:09:49 jmc Exp $ 37.\" $OpenBSD: sshd_config.5,v 1.49 2006/02/24 10:33:54 jmc Exp $
38.Dd September 25, 1999 38.Dd September 25, 1999
39.Dt SSHD_CONFIG 5 39.Dt SSHD_CONFIG 5
40.Os 40.Os
@@ -99,13 +99,14 @@ This keyword can be followed by a list of group name patterns, separated
99by spaces. 99by spaces.
100If specified, login is allowed only for users whose primary 100If specified, login is allowed only for users whose primary
101group or supplementary group list matches one of the patterns. 101group or supplementary group list matches one of the patterns.
102.Ql \&*
103and
104.Ql \&?
105can be used as
106wildcards in the patterns.
107Only group names are valid; a numerical group ID is not recognized. 102Only group names are valid; a numerical group ID is not recognized.
108By default, login is allowed for all groups. 103By default, login is allowed for all groups.
104.Pp
105See
106.Sx PATTERNS
107in
108.Xr ssh_config 5
109for more information on patterns.
109.It Cm AllowTcpForwarding 110.It Cm AllowTcpForwarding
110Specifies whether TCP forwarding is permitted. 111Specifies whether TCP forwarding is permitted.
111The default is 112The default is
@@ -118,16 +119,17 @@ This keyword can be followed by a list of user name patterns, separated
118by spaces. 119by spaces.
119If specified, login is allowed only for user names that 120If specified, login is allowed only for user names that
120match one of the patterns. 121match one of the patterns.
121.Ql \&*
122and
123.Ql \&?
124can be used as
125wildcards in the patterns.
126Only user names are valid; a numerical user ID is not recognized. 122Only user names are valid; a numerical user ID is not recognized.
127By default, login is allowed for all users. 123By default, login is allowed for all users.
128If the pattern takes the form USER@HOST then USER and HOST 124If the pattern takes the form USER@HOST then USER and HOST
129are separately checked, restricting logins to particular 125are separately checked, restricting logins to particular
130users from particular hosts. 126users from particular hosts.
127.Pp
128See
129.Sx PATTERNS
130in
131.Xr ssh_config 5
132for more information on patterns.
131.It Cm AuthorizedKeysFile 133.It Cm AuthorizedKeysFile
132Specifies the file that contains the public keys that can be used 134Specifies the file that contains the public keys that can be used
133for user authentication. 135for user authentication.
@@ -231,26 +233,29 @@ This keyword can be followed by a list of group name patterns, separated
231by spaces. 233by spaces.
232Login is disallowed for users whose primary group or supplementary 234Login is disallowed for users whose primary group or supplementary
233group list matches one of the patterns. 235group list matches one of the patterns.
234.Ql \&*
235and
236.Ql \&?
237can be used as
238wildcards in the patterns.
239Only group names are valid; a numerical group ID is not recognized. 236Only group names are valid; a numerical group ID is not recognized.
240By default, login is allowed for all groups. 237By default, login is allowed for all groups.
238.Pp
239See
240.Sx PATTERNS
241in
242.Xr ssh_config 5
243for more information on patterns.
241.It Cm DenyUsers 244.It Cm DenyUsers
242This keyword can be followed by a list of user name patterns, separated 245This keyword can be followed by a list of user name patterns, separated
243by spaces. 246by spaces.
244Login is disallowed for user names that match one of the patterns. 247Login is disallowed for user names that match one of the patterns.
245.Ql \&*
246and
247.Ql \&?
248can be used as wildcards in the patterns.
249Only user names are valid; a numerical user ID is not recognized. 248Only user names are valid; a numerical user ID is not recognized.
250By default, login is allowed for all users. 249By default, login is allowed for all users.
251If the pattern takes the form USER@HOST then USER and HOST 250If the pattern takes the form USER@HOST then USER and HOST
252are separately checked, restricting logins to particular 251are separately checked, restricting logins to particular
253users from particular hosts. 252users from particular hosts.
253.Pp
254See
255.Sx PATTERNS
256in
257.Xr ssh_config 5
258for more information on patterns.
254.It Cm GatewayPorts 259.It Cm GatewayPorts
255Specifies whether remote hosts are allowed to connect to ports 260Specifies whether remote hosts are allowed to connect to ports
256forwarded for the client. 261forwarded for the client.