summaryrefslogtreecommitdiffstats
path: root/crypto/openssh/sshd_config.5
diff options
context:
space:
mode:
Diffstat (limited to 'crypto/openssh/sshd_config.5')
-rw-r--r--crypto/openssh/sshd_config.533
1 files changed, 22 insertions, 11 deletions
diff --git a/crypto/openssh/sshd_config.5 b/crypto/openssh/sshd_config.5
index 19c615e..ae551ec 100644
--- a/crypto/openssh/sshd_config.5
+++ b/crypto/openssh/sshd_config.5
@@ -33,9 +33,9 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.\" $OpenBSD: sshd_config.5,v 1.135 2011/08/02 01:22:11 djm Exp $
+.\" $OpenBSD: sshd_config.5,v 1.144 2012/06/29 13:57:25 naddy Exp $
.\" $FreeBSD$
-.Dd August 2, 2011
+.Dd June 29 2012
.Dt SSHD_CONFIG 5
.Os
.Sh NAME
@@ -199,7 +199,9 @@ After expansion,
is taken to be an absolute path or one relative to the user's home
directory.
.Pp
-The default is not to use a principals file \(en in this case, the username
+The default is
+.Dq none ,
+i.e. not to use a principals file \(en in this case, the username
of the user must appear in a certificate's principals list for it to be
accepted.
Note that
@@ -520,7 +522,7 @@ Accepted values are
.Dq af11 ,
.Dq af12 ,
.Dq af13 ,
-.Dq af14 ,
+.Dq af21 ,
.Dq af22 ,
.Dq af23 ,
.Dq af31 ,
@@ -656,9 +658,8 @@ Multiple algorithms must be comma-separated.
The default is:
.Bd -literal -offset indent
hmac-md5,hmac-sha1,umac-64@openssh.com,
-hmac-ripemd160,hmac-sha1-96,hmac-md5-96,
-hmac-sha2-256,hmac-sha256-96,hmac-sha2-512,
-hmac-sha2-512-96
+hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,
+hmac-sha1-96,hmac-md5-96
.Ed
.It Cm Match
Introduces a conditional block.
@@ -676,6 +677,8 @@ The available criteria are
.Cm User ,
.Cm Group ,
.Cm Host ,
+.Cm LocalAddress ,
+.Cm LocalPort ,
and
.Cm Address .
The match patterns may consist of single entries or comma-separated
@@ -704,12 +707,17 @@ Only a subset of keywords may be used on the lines following a
.Cm Match
keyword.
Available keywords are
+.Cm AcceptEnv ,
.Cm AllowAgentForwarding ,
+.Cm AllowGroups ,
.Cm AllowTcpForwarding ,
+.Cm AllowUsers ,
.Cm AuthorizedKeysFile ,
.Cm AuthorizedPrincipalsFile ,
.Cm Banner ,
.Cm ChrootDirectory ,
+.Cm DenyGroups ,
+.Cm DenyUsers ,
.Cm ForceCommand ,
.Cm GatewayPorts ,
.Cm GSSAPIAuthentication ,
@@ -801,6 +809,9 @@ Multiple forwards may be specified by separating them with whitespace.
An argument of
.Dq any
can be used to remove all restrictions and permit any forwarding requests.
+An argument of
+.Dq none
+can be used to prohibit all forwarding requests.
By default all port forwarding requests are permitted.
.It Cm PermitRootLogin
Specifies whether root can log in using
@@ -1084,7 +1095,7 @@ the privilege of the authenticated user.
The goal of privilege separation is to prevent privilege
escalation by containing any corruption within the unprivileged processes.
The default is
-.Dq yes .
+.Dq sandbox .
If
.Cm UsePrivilegeSeparation
is set to
@@ -1092,10 +1103,10 @@ is set to
then the pre-authentication unprivileged process is subject to additional
restrictions.
.It Cm VersionAddendum
-Specifies a string to append to the regular version string to identify
-OS- or site-specific modifications.
+Optionally specifies additional text to append to the SSH protocol banner
+sent by the server upon connection.
The default is
-.Dq FreeBSD-20111001 .
+.Dq FreeBSD-20120901 .
.It Cm X11DisplayOffset
Specifies the first display number available for
.Xr sshd 8 Ns 's
OpenPOWER on IntegriCloud