version 1.14, 2003/01/23 08:58:47 |
version 1.15, 2003/03/28 10:11:43 |
|
|
forwarded for the client. |
forwarded for the client. |
By default, |
By default, |
.Nm sshd |
.Nm sshd |
binds remote port forwardings to the loopback address. This |
binds remote port forwardings to the loopback address. |
prevents other remote hosts from connecting to forwarded ports. |
This prevents other remote hosts from connecting to forwarded ports. |
.Cm GatewayPorts |
.Cm GatewayPorts |
can be used to specify that |
can be used to specify that |
.Nm sshd |
.Nm sshd |
|
|
will listen on the address and all prior |
will listen on the address and all prior |
.Cm Port |
.Cm Port |
options specified. The default is to listen on all local |
options specified. The default is to listen on all local |
addresses. Multiple |
addresses. |
|
Multiple |
.Cm ListenAddress |
.Cm ListenAddress |
options are permitted. Additionally, any |
options are permitted. Additionally, any |
.Cm Port |
.Cm Port |
|
|
.Nm sshd . |
.Nm sshd . |
The possible values are: |
The possible values are: |
QUIET, FATAL, ERROR, INFO, VERBOSE, DEBUG, DEBUG1, DEBUG2 and DEBUG3. |
QUIET, FATAL, ERROR, INFO, VERBOSE, DEBUG, DEBUG1, DEBUG2 and DEBUG3. |
The default is INFO. DEBUG and DEBUG1 are equivalent. DEBUG2 |
The default is INFO. |
and DEBUG3 each specify higher levels of debugging output. |
DEBUG and DEBUG1 are equivalent. |
Logging with a DEBUG level violates the privacy of users |
DEBUG2 and DEBUG3 each specify higher levels of debugging output. |
and is not recommended. |
Logging with a DEBUG level violates the privacy of users and is not recommended. |
.It Cm MACs |
.It Cm MACs |
Specifies the available MAC (message authentication code) algorithms. |
Specifies the available MAC (message authentication code) algorithms. |
The MAC algorithm is used in protocol version 2 |
The MAC algorithm is used in protocol version 2 |
|
|
.Xr login 1 |
.Xr login 1 |
does not know how to handle |
does not know how to handle |
.Xr xauth 1 |
.Xr xauth 1 |
cookies. If |
cookies. |
|
If |
.Cm UsePrivilegeSeparation |
.Cm UsePrivilegeSeparation |
is specified, it will be disabled after authentication. |
is specified, it will be disabled after authentication. |
.It Cm UsePrivilegeSeparation |
.It Cm UsePrivilegeSeparation |
Specifies whether |
Specifies whether |
.Nm sshd |
.Nm sshd |
separates privileges by creating an unprivileged child process |
separates privileges by creating an unprivileged child process |
to deal with incoming network traffic. After successful authentication, |
to deal with incoming network traffic. |
another process will be created that has the privilege of the authenticated |
After successful authentication, another process will be created that has |
user. The goal of privilege separation is to prevent privilege |
the privilege of the authenticated user. |
|
The goal of privilege separation is to prevent privilege |
escalation by containing any corruption within the unprivileged processes. |
escalation by containing any corruption within the unprivileged processes. |
The default is |
The default is |
.Dq yes . |
.Dq yes . |
|
|
Specifies whether |
Specifies whether |
.Nm sshd |
.Nm sshd |
should bind the X11 forwarding server to the loopback address or to |
should bind the X11 forwarding server to the loopback address or to |
the wildcard address. By default, |
the wildcard address. |
|
By default, |
.Nm sshd |
.Nm sshd |
binds the forwarding server to the loopback address and sets the |
binds the forwarding server to the loopback address and sets the |
hostname part of the |
hostname part of the |