diff options
Diffstat (limited to 'sshd_config.5')
-rw-r--r-- | sshd_config.5 | 30 |
1 files changed, 17 insertions, 13 deletions
diff --git a/sshd_config.5 b/sshd_config.5 index 23ac0e96d..6f38a260a 100644 --- a/sshd_config.5 +++ b/sshd_config.5 | |||
@@ -34,7 +34,7 @@ | |||
34 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 34 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
35 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 35 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
36 | .\" | 36 | .\" |
37 | .\" $OpenBSD: sshd_config.5,v 1.14 2003/01/23 08:58:47 jmc Exp $ | 37 | .\" $OpenBSD: sshd_config.5,v 1.15 2003/03/28 10:11:43 jmc Exp $ |
38 | .Dd September 25, 1999 | 38 | .Dd September 25, 1999 |
39 | .Dt SSHD_CONFIG 5 | 39 | .Dt SSHD_CONFIG 5 |
40 | .Os | 40 | .Os |
@@ -211,8 +211,8 @@ Specifies whether remote hosts are allowed to connect to ports | |||
211 | forwarded for the client. | 211 | forwarded for the client. |
212 | By default, | 212 | By default, |
213 | .Nm sshd | 213 | .Nm sshd |
214 | binds remote port forwardings to the loopback address. This | 214 | binds remote port forwardings to the loopback address. |
215 | prevents other remote hosts from connecting to forwarded ports. | 215 | This prevents other remote hosts from connecting to forwarded ports. |
216 | .Cm GatewayPorts | 216 | .Cm GatewayPorts |
217 | can be used to specify that | 217 | can be used to specify that |
218 | .Nm sshd | 218 | .Nm sshd |
@@ -370,7 +370,8 @@ is not specified, | |||
370 | will listen on the address and all prior | 370 | will listen on the address and all prior |
371 | .Cm Port | 371 | .Cm Port |
372 | options specified. The default is to listen on all local | 372 | options specified. The default is to listen on all local |
373 | addresses. Multiple | 373 | addresses. |
374 | Multiple | ||
374 | .Cm ListenAddress | 375 | .Cm ListenAddress |
375 | options are permitted. Additionally, any | 376 | options are permitted. Additionally, any |
376 | .Cm Port | 377 | .Cm Port |
@@ -385,10 +386,10 @@ Gives the verbosity level that is used when logging messages from | |||
385 | .Nm sshd . | 386 | .Nm sshd . |
386 | The possible values are: | 387 | The possible values are: |
387 | QUIET, FATAL, ERROR, INFO, VERBOSE, DEBUG, DEBUG1, DEBUG2 and DEBUG3. | 388 | QUIET, FATAL, ERROR, INFO, VERBOSE, DEBUG, DEBUG1, DEBUG2 and DEBUG3. |
388 | The default is INFO. DEBUG and DEBUG1 are equivalent. DEBUG2 | 389 | The default is INFO. |
389 | and DEBUG3 each specify higher levels of debugging output. | 390 | DEBUG and DEBUG1 are equivalent. |
390 | Logging with a DEBUG level violates the privacy of users | 391 | DEBUG2 and DEBUG3 each specify higher levels of debugging output. |
391 | and is not recommended. | 392 | Logging with a DEBUG level violates the privacy of users and is not recommended. |
392 | .It Cm MACs | 393 | .It Cm MACs |
393 | Specifies the available MAC (message authentication code) algorithms. | 394 | Specifies the available MAC (message authentication code) algorithms. |
394 | The MAC algorithm is used in protocol version 2 | 395 | The MAC algorithm is used in protocol version 2 |
@@ -599,16 +600,18 @@ will be disabled because | |||
599 | .Xr login 1 | 600 | .Xr login 1 |
600 | does not know how to handle | 601 | does not know how to handle |
601 | .Xr xauth 1 | 602 | .Xr xauth 1 |
602 | cookies. If | 603 | cookies. |
604 | If | ||
603 | .Cm UsePrivilegeSeparation | 605 | .Cm UsePrivilegeSeparation |
604 | is specified, it will be disabled after authentication. | 606 | is specified, it will be disabled after authentication. |
605 | .It Cm UsePrivilegeSeparation | 607 | .It Cm UsePrivilegeSeparation |
606 | Specifies whether | 608 | Specifies whether |
607 | .Nm sshd | 609 | .Nm sshd |
608 | separates privileges by creating an unprivileged child process | 610 | separates privileges by creating an unprivileged child process |
609 | to deal with incoming network traffic. After successful authentication, | 611 | to deal with incoming network traffic. |
610 | another process will be created that has the privilege of the authenticated | 612 | After successful authentication, another process will be created that has |
611 | user. The goal of privilege separation is to prevent privilege | 613 | the privilege of the authenticated user. |
614 | The goal of privilege separation is to prevent privilege | ||
612 | escalation by containing any corruption within the unprivileged processes. | 615 | escalation by containing any corruption within the unprivileged processes. |
613 | The default is | 616 | The default is |
614 | .Dq yes . | 617 | .Dq yes . |
@@ -666,7 +669,8 @@ is enabled. | |||
666 | Specifies whether | 669 | Specifies whether |
667 | .Nm sshd | 670 | .Nm sshd |
668 | should bind the X11 forwarding server to the loopback address or to | 671 | should bind the X11 forwarding server to the loopback address or to |
669 | the wildcard address. By default, | 672 | the wildcard address. |
673 | By default, | ||
670 | .Nm sshd | 674 | .Nm sshd |
671 | binds the forwarding server to the loopback address and sets the | 675 | binds the forwarding server to the loopback address and sets the |
672 | hostname part of the | 676 | hostname part of the |