| version 1.176, 2002/04/05 20:56:21 |
version 1.176.2.3, 2002/06/22 04:33:15 |
|
|
| because it is fundamentally insecure, but can be enabled in the server |
because it is fundamentally insecure, but can be enabled in the server |
| configuration file if desired. |
configuration file if desired. |
| System security is not improved unless |
System security is not improved unless |
| .Xr rshd 8 , |
.Nm rshd , |
| .Xr rlogind 8 , |
.Nm rlogind , |
| and |
and |
| .Xr rexecd 8 |
.Xr rexecd |
| are disabled (thus completely disabling |
are disabled (thus completely disabling |
| .Xr rlogin 1 |
.Xr rlogin |
| and |
and |
| .Xr rsh 1 |
.Xr rsh |
| into the machine). |
into the machine). |
| .Pp |
.Pp |
| .Ss SSH protocol version 2 |
.Ss SSH protocol version 2 |
|
|
| .It Cm AFSTokenPassing |
.It Cm AFSTokenPassing |
| Specifies whether an AFS token may be forwarded to the server. |
Specifies whether an AFS token may be forwarded to the server. |
| Default is |
Default is |
| .Dq yes . |
.Dq no . |
| .It Cm AllowGroups |
.It Cm AllowGroups |
| This keyword can be followed by a list of group name patterns, separated |
This keyword can be followed by a list of group name patterns, separated |
| by spaces. |
by spaces. |
|
|
| To use this option, the server needs a |
To use this option, the server needs a |
| Kerberos servtab which allows the verification of the KDC's identity. |
Kerberos servtab which allows the verification of the KDC's identity. |
| Default is |
Default is |
| .Dq yes . |
.Dq no . |
| .It Cm KerberosOrLocalPasswd |
.It Cm KerberosOrLocalPasswd |
| If set then if password authentication through Kerberos fails then |
If set then if password authentication through Kerberos fails then |
| the password will be validated via any additional local mechanism |
the password will be validated via any additional local mechanism |
|
|
| user. The goal of privilege separation is to prevent privilege |
user. The goal of privilege separation is to prevent privilege |
| escalation by containing any corruption within the unprivileged processes. |
escalation by containing any corruption within the unprivileged processes. |
| The default is |
The default is |
| .Dq no . |
.Dq yes . |
| .It Cm VerifyReverseMapping |
.It Cm VerifyReverseMapping |
| Specifies whether |
Specifies whether |
| .Nm |
.Nm |
![[BACK]](/icons/back.gif){kind=icon}
Return to sshd.8 CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / src / usr.bin / ssh