diff options
author | des <des@FreeBSD.org> | 2011-10-05 22:08:17 +0000 |
---|---|---|
committer | des <des@FreeBSD.org> | 2011-10-05 22:08:17 +0000 |
commit | 038442ad80c21a07c19532a176030e2ca51fdd9d (patch) | |
tree | 654e40360db9b6bb67928b3a5c1b5dbd84925000 /crypto/openssh/sshd_config.5 | |
parent | 2276ee273397e0ccd5c7911848e3de9bd91fb1c2 (diff) | |
parent | a9c7316f0b012b7e85d1a1c4d8b6ce36b9fd9604 (diff) | |
download | FreeBSD-src-038442ad80c21a07c19532a176030e2ca51fdd9d.zip FreeBSD-src-038442ad80c21a07c19532a176030e2ca51fdd9d.tar.gz |
Upgrade to OpenSSH 5.9p1.
MFC after: 3 months
Diffstat (limited to 'crypto/openssh/sshd_config.5')
-rw-r--r-- | crypto/openssh/sshd_config.5 | 19 |
1 files changed, 14 insertions, 5 deletions
diff --git a/crypto/openssh/sshd_config.5 b/crypto/openssh/sshd_config.5 index 1f8f7d2..894ad3a 100644 --- a/crypto/openssh/sshd_config.5 +++ b/crypto/openssh/sshd_config.5 @@ -33,9 +33,9 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd_config.5,v 1.131 2010/12/08 04:02:47 djm Exp $ +.\" $OpenBSD: sshd_config.5,v 1.135 2011/08/02 01:22:11 djm Exp $ .\" $FreeBSD$ -.Dd December 8, 2010 +.Dd August 2, 2011 .Dt SSHD_CONFIG 5 .Os .Sh NAME @@ -169,8 +169,9 @@ After expansion, .Cm AuthorizedKeysFile is taken to be an absolute path or one relative to the user's home directory. +Multiple files may be listed, separated by whitespace. The default is -.Dq .ssh/authorized_keys . +.Dq .ssh/authorized_keys .ssh/authorized_keys2 . .It Cm AuthorizedPrincipalsFile Specifies a file that lists principal names that are accepted for certificate authentication. @@ -655,7 +656,9 @@ Multiple algorithms must be comma-separated. The default is: .Bd -literal -offset indent hmac-md5,hmac-sha1,umac-64@openssh.com, -hmac-ripemd160,hmac-sha1-96,hmac-md5-96 +hmac-ripemd160,hmac-sha1-96,hmac-md5-96, +hmac-sha2-256,hmac-sha256-96,hmac-sha2-512, +hmac-sha2-512-96 .Ed .It Cm Match Introduces a conditional block. @@ -1082,11 +1085,17 @@ The goal of privilege separation is to prevent privilege escalation by containing any corruption within the unprivileged processes. The default is .Dq yes . +If +.Cm UsePrivilegeSeparation +is set to +.Dq sandbox +then the pre-authentication unprivileged process is subject to additional +restrictions. .It Cm VersionAddendum Specifies a string to append to the regular version string to identify OS- or site-specific modifications. The default is -.Dq FreeBSD-20110503 . +.Dq FreeBSD-20111001 . .It Cm X11DisplayOffset Specifies the first display number available for .Xr sshd 8 Ns 's |