version 1.230, 2016/08/19 03:18:07 |
version 1.231, 2016/09/07 18:39:24 |
|
|
See PATTERNS in |
See PATTERNS in |
.Xr ssh_config 5 |
.Xr ssh_config 5 |
for more information on patterns. |
for more information on patterns. |
.It Cm AllowTcpForwarding |
.It Cm AllowStreamLocalForwarding |
Specifies whether TCP forwarding is permitted. |
Specifies whether StreamLocal (Unix-domain socket) forwarding is permitted. |
The available options are |
The available options are |
.Dq yes |
.Dq yes |
or |
or |
.Dq all |
.Dq all |
to allow TCP forwarding, |
to allow StreamLocal forwarding, |
.Dq no |
.Dq no |
to prevent all TCP forwarding, |
to prevent all StreamLocal forwarding, |
.Dq local |
.Dq local |
to allow local (from the perspective of |
to allow local (from the perspective of |
.Xr ssh 1 ) |
.Xr ssh 1 ) |
|
|
to allow remote forwarding only. |
to allow remote forwarding only. |
The default is |
The default is |
.Dq yes . |
.Dq yes . |
Note that disabling TCP forwarding does not improve security unless |
Note that disabling StreamLocal forwarding does not improve security unless |
users are also denied shell access, as they can always install their |
users are also denied shell access, as they can always install their |
own forwarders. |
own forwarders. |
.It Cm AllowStreamLocalForwarding |
.It Cm AllowTcpForwarding |
Specifies whether StreamLocal (Unix-domain socket) forwarding is permitted. |
Specifies whether TCP forwarding is permitted. |
The available options are |
The available options are |
.Dq yes |
.Dq yes |
or |
or |
.Dq all |
.Dq all |
to allow StreamLocal forwarding, |
to allow TCP forwarding, |
.Dq no |
.Dq no |
to prevent all StreamLocal forwarding, |
to prevent all TCP forwarding, |
.Dq local |
.Dq local |
to allow local (from the perspective of |
to allow local (from the perspective of |
.Xr ssh 1 ) |
.Xr ssh 1 ) |
|
|
to allow remote forwarding only. |
to allow remote forwarding only. |
The default is |
The default is |
.Dq yes . |
.Dq yes . |
Note that disabling StreamLocal forwarding does not improve security unless |
Note that disabling TCP forwarding does not improve security unless |
users are also denied shell access, as they can always install their |
users are also denied shell access, as they can always install their |
own forwarders. |
own forwarders. |
.It Cm AllowUsers |
.It Cm AllowUsers |
|
|
If this option is set to |
If this option is set to |
.Dq no , |
.Dq no , |
root is not allowed to log in. |
root is not allowed to log in. |
|
.It Cm PermitTTY |
|
Specifies whether |
|
.Xr pty 4 |
|
allocation is permitted. |
|
The default is |
|
.Dq yes . |
.It Cm PermitTunnel |
.It Cm PermitTunnel |
Specifies whether |
Specifies whether |
.Xr tun 4 |
.Xr tun 4 |
|
|
Independent of this setting, the permissions of the selected |
Independent of this setting, the permissions of the selected |
.Xr tun 4 |
.Xr tun 4 |
device must allow access to the user. |
device must allow access to the user. |
.It Cm PermitTTY |
|
Specifies whether |
|
.Xr pty 4 |
|
allocation is permitted. |
|
The default is |
|
.Dq yes . |
|
.It Cm PermitUserEnvironment |
.It Cm PermitUserEnvironment |
Specifies whether |
Specifies whether |
.Pa ~/.ssh/environment |
.Pa ~/.ssh/environment |