| version 1.132, 2001/06/23 03:03:59 |
version 1.133, 2001/06/23 17:48:19 |
|
|
| .Dq aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour. |
.Dq aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour. |
| .It Cm ClientAliveInterval |
.It Cm ClientAliveInterval |
| Sets a timeout interval in seconds after which if no data has been received |
Sets a timeout interval in seconds after which if no data has been received |
| from the client, |
from the client, |
| .Nm |
.Nm |
| will send a message through the encrypted |
will send a message through the encrypted |
| channel to request a response from the client. |
channel to request a response from the client. |
|
|
| sent without |
sent without |
| .Nm |
.Nm |
| receiving any messages back from the client. If this threshold is |
receiving any messages back from the client. If this threshold is |
| reached while client alive messages are being sent, |
reached while client alive messages are being sent, |
| .Nm |
.Nm |
| will disconnect the client, terminating the session. It is important |
will disconnect the client, terminating the session. It is important |
| to note that the use of client alive messages is very different from |
to note that the use of client alive messages is very different from |
| .Cm Keepalive |
.Cm Keepalive |
| (below). The client alive messages are sent through the |
(below). The client alive messages are sent through the |
| encrypted channel and therefore will not be spoofable. The TCP keepalive |
encrypted channel and therefore will not be spoofable. The TCP keepalive |
|
|
| The default value is 3. If you set |
The default value is 3. If you set |
| .Cm ClientAliveInterval |
.Cm ClientAliveInterval |
| (above) to 15, and leave this value at the default, unresponsive ssh clients |
(above) to 15, and leave this value at the default, unresponsive ssh clients |
| will be disconnected after approximately 45 seconds. |
will be disconnected after approximately 45 seconds. |
| .It Cm DenyGroups |
.It Cm DenyGroups |
| This keyword can be followed by a number of group names, separated |
This keyword can be followed by a number of group names, separated |
| by spaces. |
by spaces. |
|
|
| Note that |
Note that |
| .Xr login 1 |
.Xr login 1 |
| is never used for remote command execution. |
is never used for remote command execution. |
| Note also, that if this is enabled, |
Note also, that if this is enabled, |
| .Cm X11Forwarding |
.Cm X11Forwarding |
| will be disabled because |
will be disabled because |
| .Xr login 1 |
.Xr login 1 |
| does not know how to handle |
does not know how to handle |
| .Xr xauth 1 |
.Xr xauth 1 |
| cookies. |
cookies. |
| .It Cm X11DisplayOffset |
.It Cm X11DisplayOffset |
| Specifies the first display number available for |
Specifies the first display number available for |
|
|
| .Dq no . |
.Dq no . |
| Note that disabling X11 forwarding does not improve security in any |
Note that disabling X11 forwarding does not improve security in any |
| way, as users can always install their own forwarders. |
way, as users can always install their own forwarders. |
| X11 forwarding is automatically disabled if |
X11 forwarding is automatically disabled if |
| .Cm UseLogin |
.Cm UseLogin |
| is enabled. |
is enabled. |
| .It Cm XAuthLocation |
.It Cm XAuthLocation |
| Specifies the location of the |
Specifies the location of the |
| .Xr xauth 1 |
.Xr xauth 1 |
|
|
| .It Cm no-pty |
.It Cm no-pty |
| Prevents tty allocation (a request to allocate a pty will fail). |
Prevents tty allocation (a request to allocate a pty will fail). |
| .It Cm permitopen="host:port" |
.It Cm permitopen="host:port" |
| Limit local |
Limit local |
| .Li ``ssh -L'' |
.Li ``ssh -L'' |
| port forwarding such that it may only connect to the specified host and |
port forwarding such that it may only connect to the specified host and |
| port. Multiple |
port. Multiple |
| .Cm permitopen |
.Cm permitopen |
| options may be applied separated by commas. No pattern matching is |
options may be applied separated by commas. No pattern matching is |
| performed on the specified hostnames, they must be literal domains or |
performed on the specified hostnames, they must be literal domains or |
| addresses. |
addresses. |
| .El |
.El |
| .Ss Examples |
.Ss Examples |
![[BACK]](/icons/back.gif){kind=icon}
Return to sshd.8 CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / src / usr.bin / ssh