diff options
Diffstat (limited to 'sshd_config.5')
-rw-r--r-- | sshd_config.5 | 28 |
1 files changed, 22 insertions, 6 deletions
diff --git a/sshd_config.5 b/sshd_config.5 index e96a4ad86..ef4164edd 100644 --- a/sshd_config.5 +++ b/sshd_config.5 | |||
@@ -33,8 +33,8 @@ | |||
33 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 33 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
34 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 34 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
35 | .\" | 35 | .\" |
36 | .\" $OpenBSD: sshd_config.5,v 1.136 2011/09/09 00:43:00 djm Exp $ | 36 | .\" $OpenBSD: sshd_config.5,v 1.144 2012/06/29 13:57:25 naddy Exp $ |
37 | .Dd $Mdocdate: September 9 2011 $ | 37 | .Dd $Mdocdate: June 29 2012 $ |
38 | .Dt SSHD_CONFIG 5 | 38 | .Dt SSHD_CONFIG 5 |
39 | .Os | 39 | .Os |
40 | .Sh NAME | 40 | .Sh NAME |
@@ -198,7 +198,9 @@ After expansion, | |||
198 | is taken to be an absolute path or one relative to the user's home | 198 | is taken to be an absolute path or one relative to the user's home |
199 | directory. | 199 | directory. |
200 | .Pp | 200 | .Pp |
201 | The default is not to use a principals file \(en in this case, the username | 201 | The default is |
202 | .Dq none , | ||
203 | i.e. not to use a principals file \(en in this case, the username | ||
202 | of the user must appear in a certificate's principals list for it to be | 204 | of the user must appear in a certificate's principals list for it to be |
203 | accepted. | 205 | accepted. |
204 | Note that | 206 | Note that |
@@ -683,9 +685,8 @@ Multiple algorithms must be comma-separated. | |||
683 | The default is: | 685 | The default is: |
684 | .Bd -literal -offset indent | 686 | .Bd -literal -offset indent |
685 | hmac-md5,hmac-sha1,umac-64@openssh.com, | 687 | hmac-md5,hmac-sha1,umac-64@openssh.com, |
686 | hmac-ripemd160,hmac-sha1-96,hmac-md5-96, | 688 | hmac-sha2-256,hmac-sha2-512,hmac-ripemd160, |
687 | hmac-sha2-256,hmac-sha256-96,hmac-sha2-512, | 689 | hmac-sha1-96,hmac-md5-96 |
688 | hmac-sha2-512-96 | ||
689 | .Ed | 690 | .Ed |
690 | .It Cm Match | 691 | .It Cm Match |
691 | Introduces a conditional block. | 692 | Introduces a conditional block. |
@@ -703,6 +704,8 @@ The available criteria are | |||
703 | .Cm User , | 704 | .Cm User , |
704 | .Cm Group , | 705 | .Cm Group , |
705 | .Cm Host , | 706 | .Cm Host , |
707 | .Cm LocalAddress , | ||
708 | .Cm LocalPort , | ||
706 | and | 709 | and |
707 | .Cm Address . | 710 | .Cm Address . |
708 | The match patterns may consist of single entries or comma-separated | 711 | The match patterns may consist of single entries or comma-separated |
@@ -731,12 +734,17 @@ Only a subset of keywords may be used on the lines following a | |||
731 | .Cm Match | 734 | .Cm Match |
732 | keyword. | 735 | keyword. |
733 | Available keywords are | 736 | Available keywords are |
737 | .Cm AcceptEnv , | ||
734 | .Cm AllowAgentForwarding , | 738 | .Cm AllowAgentForwarding , |
739 | .Cm AllowGroups , | ||
735 | .Cm AllowTcpForwarding , | 740 | .Cm AllowTcpForwarding , |
741 | .Cm AllowUsers , | ||
736 | .Cm AuthorizedKeysFile , | 742 | .Cm AuthorizedKeysFile , |
737 | .Cm AuthorizedPrincipalsFile , | 743 | .Cm AuthorizedPrincipalsFile , |
738 | .Cm Banner , | 744 | .Cm Banner , |
739 | .Cm ChrootDirectory , | 745 | .Cm ChrootDirectory , |
746 | .Cm DenyGroups , | ||
747 | .Cm DenyUsers , | ||
740 | .Cm ForceCommand , | 748 | .Cm ForceCommand , |
741 | .Cm GatewayPorts , | 749 | .Cm GatewayPorts , |
742 | .Cm GSSAPIAuthentication , | 750 | .Cm GSSAPIAuthentication , |
@@ -826,6 +834,9 @@ Multiple forwards may be specified by separating them with whitespace. | |||
826 | An argument of | 834 | An argument of |
827 | .Dq any | 835 | .Dq any |
828 | can be used to remove all restrictions and permit any forwarding requests. | 836 | can be used to remove all restrictions and permit any forwarding requests. |
837 | An argument of | ||
838 | .Dq none | ||
839 | can be used to prohibit all forwarding requests. | ||
829 | By default all port forwarding requests are permitted. | 840 | By default all port forwarding requests are permitted. |
830 | .It Cm PermitRootLogin | 841 | .It Cm PermitRootLogin |
831 | Specifies whether root can log in using | 842 | Specifies whether root can log in using |
@@ -1107,6 +1118,11 @@ is set to | |||
1107 | .Dq sandbox | 1118 | .Dq sandbox |
1108 | then the pre-authentication unprivileged process is subject to additional | 1119 | then the pre-authentication unprivileged process is subject to additional |
1109 | restrictions. | 1120 | restrictions. |
1121 | .It Cm VersionAddendum | ||
1122 | Optionally specifies additional text to append to the SSH protocol banner | ||
1123 | sent by the server upon connection. | ||
1124 | The default is | ||
1125 | .Dq none . | ||
1110 | .It Cm X11DisplayOffset | 1126 | .It Cm X11DisplayOffset |
1111 | Specifies the first display number available for | 1127 | Specifies the first display number available for |
1112 | .Xr sshd 8 Ns 's | 1128 | .Xr sshd 8 Ns 's |