summaryrefslogtreecommitdiff
path: root/sshd_config.5
diff options
context:
space:
mode:
Diffstat (limited to 'sshd_config.5')
-rw-r--r--sshd_config.523
1 files changed, 14 insertions, 9 deletions
diff --git a/sshd_config.5 b/sshd_config.5
index a3357d445..6c3ef6947 100644
--- a/sshd_config.5
+++ b/sshd_config.5
@@ -34,8 +34,8 @@
34.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 34.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
35.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 35.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
36.\" 36.\"
37.\" $OpenBSD: sshd_config.5,v 1.102 2009/02/22 23:59:25 djm Exp $ 37.\" $OpenBSD: sshd_config.5,v 1.106 2009/04/21 15:13:17 stevesk Exp $
38.Dd $Mdocdate: February 22 2009 $ 38.Dd $Mdocdate: April 21 2009 $
39.Dt SSHD_CONFIG 5 39.Dt SSHD_CONFIG 5
40.Os 40.Os
41.Sh NAME 41.Sh NAME
@@ -176,10 +176,9 @@ then no banner is displayed.
176This option is only available for protocol version 2. 176This option is only available for protocol version 2.
177By default, no banner is displayed. 177By default, no banner is displayed.
178.It Cm ChallengeResponseAuthentication 178.It Cm ChallengeResponseAuthentication
179Specifies whether challenge-response authentication is allowed. 179Specifies whether challenge-response authentication is allowed (e.g. via
180All authentication styles from 180PAM or though authentication styles supported in
181.Xr login.conf 5 181.Xr login.conf 5 )
182are supported.
183The default is 182The default is
184.Dq yes . 183.Dq yes .
185.It Cm ChrootDirectory 184.It Cm ChrootDirectory
@@ -188,6 +187,9 @@ Specifies a path to
188to after authentication. 187to after authentication.
189This path, and all its components, must be root-owned directories that are 188This path, and all its components, must be root-owned directories that are
190not writable by any other user or group. 189not writable by any other user or group.
190After the chroot,
191.Xr sshd 8
192changes the working directory to the user's home directory.
191.Pp 193.Pp
192The path may contain the following tokens that are expanded at runtime once 194The path may contain the following tokens that are expanded at runtime once
193the connecting user has been authenticated: %% is replaced by a literal '%', 195the connecting user has been authenticated: %% is replaced by a literal '%',
@@ -197,7 +199,7 @@ the connecting user has been authenticated: %% is replaced by a literal '%',
197The 199The
198.Cm ChrootDirectory 200.Cm ChrootDirectory
199must contain the necessary files and directories to support the 201must contain the necessary files and directories to support the
200users' session. 202user's session.
201For an interactive session this requires at least a shell, typically 203For an interactive session this requires at least a shell, typically
202.Xr sh 1 , 204.Xr sh 1 ,
203and basic 205and basic
@@ -215,8 +217,11 @@ devices.
215For file transfer sessions using 217For file transfer sessions using
216.Dq sftp , 218.Dq sftp ,
217no additional configuration of the environment is necessary if the 219no additional configuration of the environment is necessary if the
218in-process sftp server is used (see 220in-process sftp server is used,
219.Cm Subsystem 221though sessions which use logging do require
222.Pa /dev/log
223inside the chroot directory (see
224.Xr sftp-server 8
220for details). 225for details).
221.Pp 226.Pp
222The default is not to 227The default is not to