version 1.16, 2003/04/30 01:16:20 |
version 1.17, 2003/05/20 12:09:32 |
|
|
for user authentication. |
for user authentication. |
.Cm AuthorizedKeysFile |
.Cm AuthorizedKeysFile |
may contain tokens of the form %T which are substituted during connection |
may contain tokens of the form %T which are substituted during connection |
set-up. The following tokens are defined: %% is replaced by a literal '%', |
set-up. |
|
The following tokens are defined: %% is replaced by a literal '%', |
%h is replaced by the home directory of the user being authenticated and |
%h is replaced by the home directory of the user being authenticated and |
%u is replaced by the username of that user. |
%u is replaced by the username of that user. |
After expansion, |
After expansion, |
|
|
Sets the number of client alive messages (see above) which may be |
Sets the number of client alive messages (see above) which may be |
sent without |
sent without |
.Nm sshd |
.Nm sshd |
receiving any messages back from the client. If this threshold is |
receiving any messages back from the client. |
reached while client alive messages are being sent, |
If this threshold is reached while client alive messages are being sent, |
.Nm sshd |
.Nm sshd |
will disconnect the client, terminating the session. It is important |
will disconnect the client, terminating the session. |
to note that the use of client alive messages is very different from |
It is important to note that the use of client alive messages is very |
|
different from |
.Cm KeepAlive |
.Cm KeepAlive |
(below). The client alive messages are sent through the |
(below). |
encrypted channel and therefore will not be spoofable. The TCP keepalive |
The client alive messages are sent through the encrypted channel |
option enabled by |
and therefore will not be spoofable. |
|
The TCP keepalive option enabled by |
.Cm KeepAlive |
.Cm KeepAlive |
is spoofable. The client alive mechanism is valuable when the client or |
is spoofable. |
|
The client alive mechanism is valuable when the client or |
server depend on knowing when a connection has become inactive. |
server depend on knowing when a connection has become inactive. |
.Pp |
.Pp |
The default value is 3. If |
The default value is 3. |
|
If |
.Cm ClientAliveInterval |
.Cm ClientAliveInterval |
(above) is set to 15, and |
(above) is set to 15, and |
.Cm ClientAliveCountMax |
.Cm ClientAliveCountMax |
|
|
.Nm sshd |
.Nm sshd |
will listen on the address and all prior |
will listen on the address and all prior |
.Cm Port |
.Cm Port |
options specified. The default is to listen on all local |
options specified. |
addresses. |
The default is to listen on all local addresses. |
Multiple |
Multiple |
.Cm ListenAddress |
.Cm ListenAddress |
options are permitted. Additionally, any |
options are permitted. |
|
Additionally, any |
.Cm Port |
.Cm Port |
options must precede this option for non port qualified addresses. |
options must precede this option for non port qualified addresses. |
.It Cm LoginGraceTime |
.It Cm LoginGraceTime |
|
|
.Ar command |
.Ar command |
option has been specified |
option has been specified |
(which may be useful for taking remote backups even if root login is |
(which may be useful for taking remote backups even if root login is |
normally not allowed). All other authentication methods are disabled |
normally not allowed). |
for root. |
All other authentication methods are disabled for root. |
.Pp |
.Pp |
If this option is set to |
If this option is set to |
.Dq no |
.Dq no |