| version 1.16, 2003/04/30 01:16:20 |
version 1.17, 2003/05/20 12:09:32 |
|
|
| for user authentication. |
for user authentication. |
| .Cm AuthorizedKeysFile |
.Cm AuthorizedKeysFile |
| may contain tokens of the form %T which are substituted during connection |
may contain tokens of the form %T which are substituted during connection |
| set-up. The following tokens are defined: %% is replaced by a literal '%', |
set-up. |
| |
The following tokens are defined: %% is replaced by a literal '%', |
| %h is replaced by the home directory of the user being authenticated and |
%h is replaced by the home directory of the user being authenticated and |
| %u is replaced by the username of that user. |
%u is replaced by the username of that user. |
| After expansion, |
After expansion, |
|
|
| Sets the number of client alive messages (see above) which may be |
Sets the number of client alive messages (see above) which may be |
| sent without |
sent without |
| .Nm sshd |
.Nm sshd |
| receiving any messages back from the client. If this threshold is |
receiving any messages back from the client. |
| reached while client alive messages are being sent, |
If this threshold is reached while client alive messages are being sent, |
| .Nm sshd |
.Nm sshd |
| will disconnect the client, terminating the session. It is important |
will disconnect the client, terminating the session. |
| to note that the use of client alive messages is very different from |
It is important to note that the use of client alive messages is very |
| |
different from |
| .Cm KeepAlive |
.Cm KeepAlive |
| (below). The client alive messages are sent through the |
(below). |
| encrypted channel and therefore will not be spoofable. The TCP keepalive |
The client alive messages are sent through the encrypted channel |
| option enabled by |
and therefore will not be spoofable. |
| |
The TCP keepalive option enabled by |
| .Cm KeepAlive |
.Cm KeepAlive |
| is spoofable. The client alive mechanism is valuable when the client or |
is spoofable. |
| |
The client alive mechanism is valuable when the client or |
| server depend on knowing when a connection has become inactive. |
server depend on knowing when a connection has become inactive. |
| .Pp |
.Pp |
| The default value is 3. If |
The default value is 3. |
| |
If |
| .Cm ClientAliveInterval |
.Cm ClientAliveInterval |
| (above) is set to 15, and |
(above) is set to 15, and |
| .Cm ClientAliveCountMax |
.Cm ClientAliveCountMax |
|
|
| .Nm sshd |
.Nm sshd |
| will listen on the address and all prior |
will listen on the address and all prior |
| .Cm Port |
.Cm Port |
| options specified. The default is to listen on all local |
options specified. |
| addresses. |
The default is to listen on all local addresses. |
| Multiple |
Multiple |
| .Cm ListenAddress |
.Cm ListenAddress |
| options are permitted. Additionally, any |
options are permitted. |
| |
Additionally, any |
| .Cm Port |
.Cm Port |
| options must precede this option for non port qualified addresses. |
options must precede this option for non port qualified addresses. |
| .It Cm LoginGraceTime |
.It Cm LoginGraceTime |
|
|
| .Ar command |
.Ar command |
| option has been specified |
option has been specified |
| (which may be useful for taking remote backups even if root login is |
(which may be useful for taking remote backups even if root login is |
| normally not allowed). All other authentication methods are disabled |
normally not allowed). |
| for root. |
All other authentication methods are disabled for root. |
| .Pp |
.Pp |
| If this option is set to |
If this option is set to |
| .Dq no |
.Dq no |
![[BACK]](/icons/back.gif){kind=icon}
Return to sshd_config.5 CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / src / usr.bin / ssh