| version 1.230, 2016/08/19 03:18:07 |
version 1.231, 2016/09/07 18:39:24 |
|
|
| See PATTERNS in |
See PATTERNS in |
| .Xr ssh_config 5 |
.Xr ssh_config 5 |
| for more information on patterns. |
for more information on patterns. |
| .It Cm AllowTcpForwarding |
.It Cm AllowStreamLocalForwarding |
| Specifies whether TCP forwarding is permitted. |
Specifies whether StreamLocal (Unix-domain socket) forwarding is permitted. |
| The available options are |
The available options are |
| .Dq yes |
.Dq yes |
| or |
or |
| .Dq all |
.Dq all |
| to allow TCP forwarding, |
to allow StreamLocal forwarding, |
| .Dq no |
.Dq no |
| to prevent all TCP forwarding, |
to prevent all StreamLocal forwarding, |
| .Dq local |
.Dq local |
| to allow local (from the perspective of |
to allow local (from the perspective of |
| .Xr ssh 1 ) |
.Xr ssh 1 ) |
|
|
| to allow remote forwarding only. |
to allow remote forwarding only. |
| The default is |
The default is |
| .Dq yes . |
.Dq yes . |
| Note that disabling TCP forwarding does not improve security unless |
Note that disabling StreamLocal forwarding does not improve security unless |
| users are also denied shell access, as they can always install their |
users are also denied shell access, as they can always install their |
| own forwarders. |
own forwarders. |
| .It Cm AllowStreamLocalForwarding |
.It Cm AllowTcpForwarding |
| Specifies whether StreamLocal (Unix-domain socket) forwarding is permitted. |
Specifies whether TCP forwarding is permitted. |
| The available options are |
The available options are |
| .Dq yes |
.Dq yes |
| or |
or |
| .Dq all |
.Dq all |
| to allow StreamLocal forwarding, |
to allow TCP forwarding, |
| .Dq no |
.Dq no |
| to prevent all StreamLocal forwarding, |
to prevent all TCP forwarding, |
| .Dq local |
.Dq local |
| to allow local (from the perspective of |
to allow local (from the perspective of |
| .Xr ssh 1 ) |
.Xr ssh 1 ) |
|
|
| to allow remote forwarding only. |
to allow remote forwarding only. |
| The default is |
The default is |
| .Dq yes . |
.Dq yes . |
| Note that disabling StreamLocal forwarding does not improve security unless |
Note that disabling TCP forwarding does not improve security unless |
| users are also denied shell access, as they can always install their |
users are also denied shell access, as they can always install their |
| own forwarders. |
own forwarders. |
| .It Cm AllowUsers |
.It Cm AllowUsers |
|
|
| If this option is set to |
If this option is set to |
| .Dq no , |
.Dq no , |
| root is not allowed to log in. |
root is not allowed to log in. |
| |
.It Cm PermitTTY |
| |
Specifies whether |
| |
.Xr pty 4 |
| |
allocation is permitted. |
| |
The default is |
| |
.Dq yes . |
| .It Cm PermitTunnel |
.It Cm PermitTunnel |
| Specifies whether |
Specifies whether |
| .Xr tun 4 |
.Xr tun 4 |
|
|
| Independent of this setting, the permissions of the selected |
Independent of this setting, the permissions of the selected |
| .Xr tun 4 |
.Xr tun 4 |
| device must allow access to the user. |
device must allow access to the user. |
| .It Cm PermitTTY |
|
| Specifies whether |
|
| .Xr pty 4 |
|
| allocation is permitted. |
|
| The default is |
|
| .Dq yes . |
|
| .It Cm PermitUserEnvironment |
.It Cm PermitUserEnvironment |
| Specifies whether |
Specifies whether |
| .Pa ~/.ssh/environment |
.Pa ~/.ssh/environment |
![[BACK]](/icons/back.gif){kind=icon}
Return to sshd_config.5 CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / src / usr.bin / ssh