summaryrefslogtreecommitdiff
path: root/sshd_config.5
diff options
context:
space:
mode:
Diffstat (limited to 'sshd_config.5')
-rw-r--r--sshd_config.545
1 files changed, 28 insertions, 17 deletions
diff --git a/sshd_config.5 b/sshd_config.5
index 8d291e61d..5af4b1b27 100644
--- a/sshd_config.5
+++ b/sshd_config.5
@@ -34,7 +34,7 @@
34.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 34.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
35.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 35.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
36.\" 36.\"
37.\" $OpenBSD: sshd_config.5,v 1.39 2005/03/01 10:09:52 djm Exp $ 37.\" $OpenBSD: sshd_config.5,v 1.44 2005/07/25 11:59:40 markus Exp $
38.Dd September 25, 1999 38.Dd September 25, 1999
39.Dt SSHD_CONFIG 5 39.Dt SSHD_CONFIG 5
40.Os 40.Os
@@ -168,24 +168,18 @@ The supported ciphers are
168.Dq aes128-ctr , 168.Dq aes128-ctr ,
169.Dq aes192-ctr , 169.Dq aes192-ctr ,
170.Dq aes256-ctr , 170.Dq aes256-ctr ,
171.Dq arcfour128 ,
172.Dq arcfour256 ,
171.Dq arcfour , 173.Dq arcfour ,
172.Dq blowfish-cbc , 174.Dq blowfish-cbc ,
173and 175and
174.Dq cast128-cbc . 176.Dq cast128-cbc .
175The default is 177The default is
176.Bd -literal 178.Bd -literal
177 ``aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour, 179 ``aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,
178 aes192-cbc,aes256-cbc,aes128-ctr,aes192-ctr,aes256-ctr'' 180 arcfour256,arcfour,aes192-cbc,aes256-cbc,aes128-ctr,
181 aes192-ctr,aes256-ctr''
179.Ed 182.Ed
180.It Cm ClientAliveInterval
181Sets a timeout interval in seconds after which if no data has been received
182from the client,
183.Nm sshd
184will send a message through the encrypted
185channel to request a response from the client.
186The default
187is 0, indicating that these messages will not be sent to the client.
188This option applies to protocol version 2 only.
189.It Cm ClientAliveCountMax 183.It Cm ClientAliveCountMax
190Sets the number of client alive messages (see above) which may be 184Sets the number of client alive messages (see above) which may be
191sent without 185sent without
@@ -213,14 +207,25 @@ If
213.Cm ClientAliveCountMax 207.Cm ClientAliveCountMax
214is left at the default, unresponsive ssh clients 208is left at the default, unresponsive ssh clients
215will be disconnected after approximately 45 seconds. 209will be disconnected after approximately 45 seconds.
210.It Cm ClientAliveInterval
211Sets a timeout interval in seconds after which if no data has been received
212from the client,
213.Nm sshd
214will send a message through the encrypted
215channel to request a response from the client.
216The default
217is 0, indicating that these messages will not be sent to the client.
218This option applies to protocol version 2 only.
216.It Cm Compression 219.It Cm Compression
217Specifies whether compression is allowed. 220Specifies whether compression is allowed, or delayed until
221the user has authenticated successfully.
218The argument must be 222The argument must be
219.Dq yes 223.Dq yes ,
224.Dq delayed ,
220or 225or
221.Dq no . 226.Dq no .
222The default is 227The default is
223.Dq yes . 228.Dq delayed .
224.It Cm DenyGroups 229.It Cm DenyGroups
225This keyword can be followed by a list of group name patterns, separated 230This keyword can be followed by a list of group name patterns, separated
226by spaces. 231by spaces.
@@ -272,6 +277,12 @@ Specifies whether user authentication based on GSSAPI is allowed.
272The default is 277The default is
273.Dq no . 278.Dq no .
274Note that this option applies to protocol version 2 only. 279Note that this option applies to protocol version 2 only.
280.It Cm GSSAPIKeyExchange
281Specifies whether key exchange based on GSSAPI is allowed. GSSAPI key exchange
282doesn't rely on ssh keys to verify host identity.
283The default is
284.Dq no .
285Note that this option applies to protocol version 2 only.
275.It Cm GSSAPICleanupCredentials 286.It Cm GSSAPICleanupCredentials
276Specifies whether to automatically destroy the user's credentials cache 287Specifies whether to automatically destroy the user's credentials cache
277on logout. 288on logout.
@@ -327,7 +338,7 @@ The default is
327Specifies whether 338Specifies whether
328.Nm sshd 339.Nm sshd
329should ignore the user's 340should ignore the user's
330.Pa $HOME/.ssh/known_hosts 341.Pa ~/.ssh/known_hosts
331during 342during
332.Cm RhostsRSAAuthentication 343.Cm RhostsRSAAuthentication
333or 344or
@@ -630,7 +641,7 @@ To disable TCP keepalive messages, the value should be set to
630.It Cm UseDNS 641.It Cm UseDNS
631Specifies whether 642Specifies whether
632.Nm sshd 643.Nm sshd
633should lookup the remote host name and check that 644should look up the remote host name and check that
634the resolved host name for the remote IP address maps back to the 645the resolved host name for the remote IP address maps back to the
635very same IP address. 646very same IP address.
636The default is 647The default is