version 1.146, 2001/08/30 20:36:34 |
version 1.147, 2001/09/05 06:23:07 |
|
|
.Ql ? |
.Ql ? |
can be used as |
can be used as |
wildcards in the patterns. |
wildcards in the patterns. |
Only group names are valid; a numerical group ID isn't recognized. |
Only group names are valid; a numerical group ID is not recognized. |
By default login is allowed regardless of the group list. |
By default login is allowed regardless of the group list. |
.Pp |
.Pp |
.It Cm AllowTcpForwarding |
.It Cm AllowTcpForwarding |
|
|
.Ql ? |
.Ql ? |
can be used as |
can be used as |
wildcards in the patterns. |
wildcards in the patterns. |
Only user names are valid; a numerical user ID isn't recognized. |
Only user names are valid; a numerical user ID is not recognized. |
By default login is allowed regardless of the user name. |
By default login is allowed regardless of the user name. |
If the pattern takes the form USER@HOST then USER and HOST |
If the pattern takes the form USER@HOST then USER and HOST |
are separately checked, allowing you to restrict logins to particular |
are separately checked, restricting logins to particular |
users from particular hosts. |
users from particular hosts. |
.Pp |
.Pp |
.It Cm AuthorizedKeysFile |
.It Cm AuthorizedKeysFile |
|
|
encrypted channel and therefore will not be spoofable. The TCP keepalive |
encrypted channel and therefore will not be spoofable. The TCP keepalive |
option enabled by |
option enabled by |
.Cm Keepalive |
.Cm Keepalive |
is spoofable. You want to use the client |
is spoofable. The client alive mechanism is valuable when the client or |
alive mechanism when you are basing something important on |
server depend on knowing when a connection has become inactive. |
clients having an active connection to the server. |
|
.Pp |
.Pp |
The default value is 3. If you set |
The default value is 3. If |
.Cm ClientAliveInterval |
.Cm ClientAliveInterval |
(above) to 15, and leave this value at the default, unresponsive ssh clients |
(above) is set to 15, and |
|
.Cm Keepalive is left at the default, unresponsive ssh clients |
will be disconnected after approximately 45 seconds. |
will be disconnected after approximately 45 seconds. |
.It Cm DenyGroups |
.It Cm DenyGroups |
This keyword can be followed by a number of group names, separated |
This keyword can be followed by a number of group names, separated |
|
|
.Ql ? |
.Ql ? |
can be used as |
can be used as |
wildcards in the patterns. |
wildcards in the patterns. |
Only group names are valid; a numerical group ID isn't recognized. |
Only group names are valid; a numerical group ID is not recognized. |
By default login is allowed regardless of the group list. |
By default login is allowed regardless of the group list. |
.Pp |
.Pp |
.It Cm DenyUsers |
.It Cm DenyUsers |
|
|
and |
and |
.Ql ? |
.Ql ? |
can be used as wildcards in the patterns. |
can be used as wildcards in the patterns. |
Only user names are valid; a numerical user ID isn't recognized. |
Only user names are valid; a numerical user ID is not recognized. |
By default login is allowed regardless of the user name. |
By default login is allowed regardless of the user name. |
.It Cm GatewayPorts |
.It Cm GatewayPorts |
Specifies whether remote hosts are allowed to connect to ports |
Specifies whether remote hosts are allowed to connect to ports |
|
|
The command supplied by the user (if any) is ignored. |
The command supplied by the user (if any) is ignored. |
The command is run on a pty if the connection requests a pty; |
The command is run on a pty if the connection requests a pty; |
otherwise it is run without a tty. |
otherwise it is run without a tty. |
Note that if you want a 8-bit clean channel, |
If a 8-bit clean channel is required, |
you must not request a pty or should specify |
one must not request a pty or should specify |
.Cm no-pty . |
.Cm no-pty . |
A quote may be included in the command by quoting it with a backslash. |
A quote may be included in the command by quoting it with a backslash. |
This option might be useful |
This option might be useful |