diff options
Diffstat (limited to 'sshd_config.5')
-rw-r--r-- | sshd_config.5 | 30 |
1 files changed, 30 insertions, 0 deletions
diff --git a/sshd_config.5 b/sshd_config.5 index b294efc2d..360e5fb1a 100644 --- a/sshd_config.5 +++ b/sshd_config.5 | |||
@@ -644,6 +644,11 @@ Specifies whether to automatically destroy the user's credentials cache | |||
644 | on logout. | 644 | on logout. |
645 | The default is | 645 | The default is |
646 | .Cm yes . | 646 | .Cm yes . |
647 | .It Cm GSSAPIKeyExchange | ||
648 | Specifies whether key exchange based on GSSAPI is allowed. GSSAPI key exchange | ||
649 | doesn't rely on ssh keys to verify host identity. | ||
650 | The default is | ||
651 | .Cm no . | ||
647 | .It Cm GSSAPIStrictAcceptorCheck | 652 | .It Cm GSSAPIStrictAcceptorCheck |
648 | Determines whether to be strict about the identity of the GSSAPI acceptor | 653 | Determines whether to be strict about the identity of the GSSAPI acceptor |
649 | a client authenticates against. | 654 | a client authenticates against. |
@@ -658,6 +663,31 @@ machine's default store. | |||
658 | This facility is provided to assist with operation on multi homed machines. | 663 | This facility is provided to assist with operation on multi homed machines. |
659 | The default is | 664 | The default is |
660 | .Cm yes . | 665 | .Cm yes . |
666 | .It Cm GSSAPIStoreCredentialsOnRekey | ||
667 | Controls whether the user's GSSAPI credentials should be updated following a | ||
668 | successful connection rekeying. This option can be used to accepted renewed | ||
669 | or updated credentials from a compatible client. The default is | ||
670 | .Dq no . | ||
671 | .Pp | ||
672 | For this to work | ||
673 | .Cm GSSAPIKeyExchange | ||
674 | needs to be enabled in the server and also used by the client. | ||
675 | .It Cm GSSAPIKexAlgorithms | ||
676 | The list of key exchange algorithms that are accepted by GSSAPI | ||
677 | key exchange. Possible values are | ||
678 | .Bd -literal -offset 3n | ||
679 | gss-gex-sha1-, | ||
680 | gss-group1-sha1-, | ||
681 | gss-group14-sha1-, | ||
682 | gss-group14-sha256-, | ||
683 | gss-group16-sha512-, | ||
684 | gss-nistp256-sha256-, | ||
685 | gss-curve25519-sha256- | ||
686 | .Ed | ||
687 | .Pp | ||
688 | The default is | ||
689 | .Dq gss-group14-sha256-,gss-group16-sha512-,gss-nistp256-sha256-,gss-curve25519-sha256-,gss-gex-sha1-,gss-group14-sha1- . | ||
690 | This option only applies to connections using GSSAPI. | ||
661 | .It Cm HostbasedAcceptedKeyTypes | 691 | .It Cm HostbasedAcceptedKeyTypes |
662 | Specifies the key types that will be accepted for hostbased authentication | 692 | Specifies the key types that will be accepted for hostbased authentication |
663 | as a list of comma-separated patterns. | 693 | as a list of comma-separated patterns. |