| version 1.176.2.4, 2002/06/26 15:30:39 |
version 1.176.2.5, 2002/10/11 14:51:53 |
|
|
| refuses to start if there is no configuration file. |
refuses to start if there is no configuration file. |
| .It Fl g Ar login_grace_time |
.It Fl g Ar login_grace_time |
| Gives the grace time for clients to authenticate themselves (default |
Gives the grace time for clients to authenticate themselves (default |
| 600 seconds). |
120 seconds). |
| If the client fails to authenticate the user within |
If the client fails to authenticate the user within |
| this many seconds, the server disconnects and exits. |
this many seconds, the server disconnects and exits. |
| A value of zero indicates no limit. |
A value of zero indicates no limit. |
|
|
| .It |
.It |
| Reads |
Reads |
| .Pa $HOME/.ssh/environment |
.Pa $HOME/.ssh/environment |
| if it exists. |
if it exists and users are allowed to change their environment. |
| |
See the |
| |
.Cm PermitUserEnvironment |
| |
option in |
| |
.Xr sshd_config 5 . |
| .It |
.It |
| Changes to user's home directory. |
Changes to user's home directory. |
| .It |
.It |
|
|
| spaces: options, bits, exponent, modulus, comment. |
spaces: options, bits, exponent, modulus, comment. |
| Each protocol version 2 public key consists of: |
Each protocol version 2 public key consists of: |
| options, keytype, base64 encoded key, comment. |
options, keytype, base64 encoded key, comment. |
| The options fields |
The options field |
| are optional; its presence is determined by whether the line starts |
is optional; its presence is determined by whether the line starts |
| with a number or not (the option field never starts with a number). |
with a number or not (the options field never starts with a number). |
| The bits, exponent, modulus and comment fields give the RSA key for |
The bits, exponent, modulus and comment fields give the RSA key for |
| protocol version 1; the |
protocol version 1; the |
| comment field is not used for anything (but may be convenient for the |
comment field is not used for anything (but may be convenient for the |
|
|
| .Dq ssh-rsa . |
.Dq ssh-rsa . |
| .Pp |
.Pp |
| Note that lines in this file are usually several hundred bytes long |
Note that lines in this file are usually several hundred bytes long |
| (because of the size of the RSA key modulus). |
(because of the size of the public key encoding). |
| You don't want to type them in; instead, copy the |
You don't want to type them in; instead, copy the |
| .Pa identity.pub , |
.Pa identity.pub , |
| .Pa id_dsa.pub |
.Pa id_dsa.pub |
|
|
| that option keywords are case-insensitive): |
that option keywords are case-insensitive): |
| .Bl -tag -width Ds |
.Bl -tag -width Ds |
| .It Cm from="pattern-list" |
.It Cm from="pattern-list" |
| Specifies that in addition to RSA authentication, the canonical name |
Specifies that in addition to public key authentication, the canonical name |
| of the remote host must be present in the comma-separated list of |
of the remote host must be present in the comma-separated list of |
| patterns |
patterns |
| .Pf ( Ql * |
.Pf ( Ql * |
|
|
| .Ql ! ; |
.Ql ! ; |
| if the canonical host name matches a negated pattern, the key is not accepted. |
if the canonical host name matches a negated pattern, the key is not accepted. |
| The purpose |
The purpose |
| of this option is to optionally increase security: RSA authentication |
of this option is to optionally increase security: public key authentication |
| by itself does not trust the network or name servers or anything (but |
by itself does not trust the network or name servers or anything (but |
| the key); however, if somebody somehow steals the key, the key |
the key); however, if somebody somehow steals the key, the key |
| permits an intruder to log in from anywhere in the world. |
permits an intruder to log in from anywhere in the world. |
|
|
| .Cm no-pty . |
.Cm no-pty . |
| A quote may be included in the command by quoting it with a backslash. |
A quote may be included in the command by quoting it with a backslash. |
| This option might be useful |
This option might be useful |
| to restrict certain RSA keys to perform just a specific operation. |
to restrict certain public keys to perform just a specific operation. |
| An example might be a key that permits remote backups but nothing else. |
An example might be a key that permits remote backups but nothing else. |
| Note that the client may specify TCP/IP and/or X11 |
Note that the client may specify TCP/IP and/or X11 |
| forwarding unless they are explicitly prohibited. |
forwarding unless they are explicitly prohibited. |
|
|
| Environment variables set this way |
Environment variables set this way |
| override other default environment values. |
override other default environment values. |
| Multiple options of this type are permitted. |
Multiple options of this type are permitted. |
| |
Environment processing is disabled by default and is |
| |
controlled via the |
| |
.Cm PermitUserEnvironment |
| |
option. |
| This option is automatically disabled if |
This option is automatically disabled if |
| .Cm UseLogin |
.Cm UseLogin |
| is enabled. |
is enabled. |
|
|
| .Xr ssh-keygen 1 . |
.Xr ssh-keygen 1 . |
| .It Pa /etc/moduli |
.It Pa /etc/moduli |
| Contains Diffie-Hellman groups used for the "Diffie-Hellman Group Exchange". |
Contains Diffie-Hellman groups used for the "Diffie-Hellman Group Exchange". |
| |
The file format is described in |
| |
.Xr moduli 5 . |
| .It Pa /var/empty |
.It Pa /var/empty |
| .Xr chroot 2 |
.Xr chroot 2 |
| directory used by |
directory used by |
|
|
| and assignment lines of the form name=value. |
and assignment lines of the form name=value. |
| The file should be writable |
The file should be writable |
| only by the user; it need not be readable by anyone else. |
only by the user; it need not be readable by anyone else. |
| |
Environment processing is disabled by default and is |
| |
controlled via the |
| |
.Cm PermitUserEnvironment |
| |
option. |
| .It Pa $HOME/.ssh/rc |
.It Pa $HOME/.ssh/rc |
| If this file exists, it is run with /bin/sh after reading the |
If this file exists, it is run with /bin/sh after reading the |
| environment files but before starting the user's shell or command. |
environment files but before starting the user's shell or command. |
|
|
| if read proto cookie && [ -n "$DISPLAY" ]; then |
if read proto cookie && [ -n "$DISPLAY" ]; then |
| if [ `echo $DISPLAY | cut -c1-10` = 'localhost:' ]; then |
if [ `echo $DISPLAY | cut -c1-10` = 'localhost:' ]; then |
| # X11UseLocalhost=yes |
# X11UseLocalhost=yes |
| xauth add unix:`echo $DISPLAY | |
echo add unix:`echo $DISPLAY | |
| cut -c11-` $proto $cookie |
cut -c11-` $proto $cookie |
| else |
else |
| # X11UseLocalhost=no |
# X11UseLocalhost=no |
| xauth add $DISPLAY $proto $cookie |
echo add $DISPLAY $proto $cookie |
| fi |
fi | xauth -q - |
| fi |
fi |
| .Ed |
.Ed |
| .Pp |
.Pp |
![[BACK]](/icons/back.gif){kind=icon}
Return to sshd.8 CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / src / usr.bin / ssh