diff options
Diffstat (limited to 'sshd_config.5')
-rw-r--r-- | sshd_config.5 | 36 |
1 files changed, 33 insertions, 3 deletions
diff --git a/sshd_config.5 b/sshd_config.5 index 4db92814c..c9515234d 100644 --- a/sshd_config.5 +++ b/sshd_config.5 | |||
@@ -34,7 +34,7 @@ | |||
34 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 34 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
35 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 35 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
36 | .\" | 36 | .\" |
37 | .\" $OpenBSD: sshd_config.5,v 1.61 2006/07/12 13:39:55 jmc Exp $ | 37 | .\" $OpenBSD: sshd_config.5,v 1.62 2006/07/17 12:06:00 dtucker Exp $ |
38 | .Dd September 25, 1999 | 38 | .Dd September 25, 1999 |
39 | .Dt SSHD_CONFIG 5 | 39 | .Dt SSHD_CONFIG 5 |
40 | .Os | 40 | .Os |
@@ -482,9 +482,10 @@ Only a subset of keywords may be used on the lines following a | |||
482 | .Cm Match | 482 | .Cm Match |
483 | keyword. | 483 | keyword. |
484 | Available keywords are | 484 | Available keywords are |
485 | .Cm AllowTcpForwarding | 485 | .Cm AllowTcpForwarding , |
486 | .Cm GatewayPorts , | ||
486 | and | 487 | and |
487 | .Cm GatewayPorts . | 488 | .Cm PermitOpen . |
488 | .It Cm MaxAuthTries | 489 | .It Cm MaxAuthTries |
489 | Specifies the maximum number of authentication attempts permitted per | 490 | Specifies the maximum number of authentication attempts permitted per |
490 | connection. | 491 | connection. |
@@ -524,6 +525,35 @@ When password authentication is allowed, it specifies whether the | |||
524 | server allows login to accounts with empty password strings. | 525 | server allows login to accounts with empty password strings. |
525 | The default is | 526 | The default is |
526 | .Dq no . | 527 | .Dq no . |
528 | .It Cm PermitOpen | ||
529 | Specifies the destinations to which TCP port forwarding is permitted. | ||
530 | The forwarding specification must be one of the following forms: | ||
531 | .Pp | ||
532 | .Bl -item -offset indent -compact | ||
533 | .It | ||
534 | .Cm PermitOpen | ||
535 | .Sm off | ||
536 | .Ar host : port | ||
537 | .Sm on | ||
538 | .It | ||
539 | .Cm PermitOpen | ||
540 | .Sm off | ||
541 | .Ar IPv4_addr : port | ||
542 | .Sm on | ||
543 | .It | ||
544 | .Cm PermitOpen | ||
545 | .Sm off | ||
546 | .Ar \&[ IPv6_addr \&] : port | ||
547 | .Sm on | ||
548 | .El | ||
549 | .Pp | ||
550 | Multiple instances of | ||
551 | .Cm PermitOpen | ||
552 | are permitted. | ||
553 | An argument of | ||
554 | .Dq any | ||
555 | can be used to remove all restrictions and permit any forwarding requests. | ||
556 | By default all port forward requests are permitted. | ||
527 | .It Cm PermitRootLogin | 557 | .It Cm PermitRootLogin |
528 | Specifies whether root can log in using | 558 | Specifies whether root can log in using |
529 | .Xr ssh 1 . | 559 | .Xr ssh 1 . |