version 1.132, 2001/06/23 03:03:59 |
version 1.133, 2001/06/23 17:48:19 |
|
|
.Dq aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour. |
.Dq aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour. |
.It Cm ClientAliveInterval |
.It Cm ClientAliveInterval |
Sets a timeout interval in seconds after which if no data has been received |
Sets a timeout interval in seconds after which if no data has been received |
from the client, |
from the client, |
.Nm |
.Nm |
will send a message through the encrypted |
will send a message through the encrypted |
channel to request a response from the client. |
channel to request a response from the client. |
|
|
sent without |
sent without |
.Nm |
.Nm |
receiving any messages back from the client. If this threshold is |
receiving any messages back from the client. If this threshold is |
reached while client alive messages are being sent, |
reached while client alive messages are being sent, |
.Nm |
.Nm |
will disconnect the client, terminating the session. It is important |
will disconnect the client, terminating the session. It is important |
to note that the use of client alive messages is very different from |
to note that the use of client alive messages is very different from |
.Cm Keepalive |
.Cm Keepalive |
(below). The client alive messages are sent through the |
(below). The client alive messages are sent through the |
encrypted channel and therefore will not be spoofable. The TCP keepalive |
encrypted channel and therefore will not be spoofable. The TCP keepalive |
|
|
The default value is 3. If you set |
The default value is 3. If you set |
.Cm ClientAliveInterval |
.Cm ClientAliveInterval |
(above) to 15, and leave this value at the default, unresponsive ssh clients |
(above) to 15, and leave this value at the default, unresponsive ssh clients |
will be disconnected after approximately 45 seconds. |
will be disconnected after approximately 45 seconds. |
.It Cm DenyGroups |
.It Cm DenyGroups |
This keyword can be followed by a number of group names, separated |
This keyword can be followed by a number of group names, separated |
by spaces. |
by spaces. |
|
|
Note that |
Note that |
.Xr login 1 |
.Xr login 1 |
is never used for remote command execution. |
is never used for remote command execution. |
Note also, that if this is enabled, |
Note also, that if this is enabled, |
.Cm X11Forwarding |
.Cm X11Forwarding |
will be disabled because |
will be disabled because |
.Xr login 1 |
.Xr login 1 |
does not know how to handle |
does not know how to handle |
.Xr xauth 1 |
.Xr xauth 1 |
cookies. |
cookies. |
.It Cm X11DisplayOffset |
.It Cm X11DisplayOffset |
Specifies the first display number available for |
Specifies the first display number available for |
|
|
.Dq no . |
.Dq no . |
Note that disabling X11 forwarding does not improve security in any |
Note that disabling X11 forwarding does not improve security in any |
way, as users can always install their own forwarders. |
way, as users can always install their own forwarders. |
X11 forwarding is automatically disabled if |
X11 forwarding is automatically disabled if |
.Cm UseLogin |
.Cm UseLogin |
is enabled. |
is enabled. |
.It Cm XAuthLocation |
.It Cm XAuthLocation |
Specifies the location of the |
Specifies the location of the |
.Xr xauth 1 |
.Xr xauth 1 |
|
|
.It Cm no-pty |
.It Cm no-pty |
Prevents tty allocation (a request to allocate a pty will fail). |
Prevents tty allocation (a request to allocate a pty will fail). |
.It Cm permitopen="host:port" |
.It Cm permitopen="host:port" |
Limit local |
Limit local |
.Li ``ssh -L'' |
.Li ``ssh -L'' |
port forwarding such that it may only connect to the specified host and |
port forwarding such that it may only connect to the specified host and |
port. Multiple |
port. Multiple |
.Cm permitopen |
.Cm permitopen |
options may be applied separated by commas. No pattern matching is |
options may be applied separated by commas. No pattern matching is |
performed on the specified hostnames, they must be literal domains or |
performed on the specified hostnames, they must be literal domains or |
addresses. |
addresses. |
.El |
.El |
.Ss Examples |
.Ss Examples |