| version 1.29.2.2, 2005/03/10 17:15:05 |
version 1.30, 2004/04/27 09:46:37 |
|
|
| in |
in |
| .Xr ssh_config 5 |
.Xr ssh_config 5 |
| for how to configure the client. |
for how to configure the client. |
| Note that environment passing is only supported for protocol 2. |
Note that environment passingis only supported for protocol 2. |
| Variables are specified by name, which may contain the wildcard characters |
Variables are specified by name, which may contain the wildcard characters |
| .Ql \&* |
.Ql \&* |
| and |
and |
| .Ql \&? . |
.Ql \&? . |
| Multiple environment variables may be separated by whitespace or spread |
Multiple environment variables may be seperated by whitespace or spread |
| across multiple |
across multiple |
| .Cm AcceptEnv |
.Cm AcceptEnv |
| directives. |
directives. |
| Be warned that some environment variables could be used to bypass restricted |
Be warned that some enviornment variables could be used to bypass restricted |
| user environments. |
user environments. |
| For this reason, care should be taken in the use of this directive. |
For this reason, care should be taken in the use of this directive. |
| The default is not to accept any environment variables. |
The default is not to accept any environment variables. |
| .It Cm AddressFamily |
.Pp |
| Specifies which address family should be used by |
|
| .Nm sshd . |
|
| Valid arguments are |
|
| .Dq any , |
|
| .Dq inet |
|
| (use IPv4 only) or |
|
| .Dq inet6 |
|
| (use IPv6 only). |
|
| The default is |
|
| .Dq any . |
|
| .It Cm AllowGroups |
.It Cm AllowGroups |
| This keyword can be followed by a list of group name patterns, separated |
This keyword can be followed by a list of group name patterns, separated |
| by spaces. |
by spaces. |
|
|
| wildcards in the patterns. |
wildcards in the patterns. |
| Only group names are valid; a numerical group ID is not recognized. |
Only group names are valid; a numerical group ID is not recognized. |
| By default, login is allowed for all groups. |
By default, login is allowed for all groups. |
| |
.Pp |
| .It Cm AllowTcpForwarding |
.It Cm AllowTcpForwarding |
| Specifies whether TCP forwarding is permitted. |
Specifies whether TCP forwarding is permitted. |
| The default is |
The default is |
|
|
| Note that disabling TCP forwarding does not improve security unless |
Note that disabling TCP forwarding does not improve security unless |
| users are also denied shell access, as they can always install their |
users are also denied shell access, as they can always install their |
| own forwarders. |
own forwarders. |
| |
.Pp |
| .It Cm AllowUsers |
.It Cm AllowUsers |
| This keyword can be followed by a list of user name patterns, separated |
This keyword can be followed by a list of user name patterns, separated |
| by spaces. |
by spaces. |
|
|
| If the pattern takes the form USER@HOST then USER and HOST |
If the pattern takes the form USER@HOST then USER and HOST |
| are separately checked, restricting logins to particular |
are separately checked, restricting logins to particular |
| users from particular hosts. |
users from particular hosts. |
| |
.Pp |
| .It Cm AuthorizedKeysFile |
.It Cm AuthorizedKeysFile |
| Specifies the file that contains the public keys that can be used |
Specifies the file that contains the public keys that can be used |
| for user authentication. |
for user authentication. |
|
|
| authentication is allowed. |
authentication is allowed. |
| This option is only available for protocol version 2. |
This option is only available for protocol version 2. |
| By default, no banner is displayed. |
By default, no banner is displayed. |
| |
.Pp |
| .It Cm ChallengeResponseAuthentication |
.It Cm ChallengeResponseAuthentication |
| Specifies whether challenge response authentication is allowed. |
Specifies whether challenge response authentication is allowed. |
| All authentication styles from |
All authentication styles from |
|
|
| .It Cm Ciphers |
.It Cm Ciphers |
| Specifies the ciphers allowed for protocol version 2. |
Specifies the ciphers allowed for protocol version 2. |
| Multiple ciphers must be comma-separated. |
Multiple ciphers must be comma-separated. |
| The supported ciphers are |
|
| .Dq 3des-cbc , |
|
| .Dq aes128-cbc , |
|
| .Dq aes192-cbc , |
|
| .Dq aes256-cbc , |
|
| .Dq aes128-ctr , |
|
| .Dq aes192-ctr , |
|
| .Dq aes256-ctr , |
|
| .Dq arcfour , |
|
| .Dq blowfish-cbc , |
|
| and |
|
| .Dq cast128-cbc . |
|
| The default is |
The default is |
| |
.Pp |
| .Bd -literal |
.Bd -literal |
| ``aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour, |
``aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour, |
| aes192-cbc,aes256-cbc,aes128-ctr,aes192-ctr,aes256-ctr'' |
aes192-cbc,aes256-cbc,aes128-ctr,aes192-ctr,aes256-ctr'' |
|
|
| wildcards in the patterns. |
wildcards in the patterns. |
| Only group names are valid; a numerical group ID is not recognized. |
Only group names are valid; a numerical group ID is not recognized. |
| By default, login is allowed for all groups. |
By default, login is allowed for all groups. |
| |
.Pp |
| .It Cm DenyUsers |
.It Cm DenyUsers |
| This keyword can be followed by a list of user name patterns, separated |
This keyword can be followed by a list of user name patterns, separated |
| by spaces. |
by spaces. |
|
|
| .Cm GatewayPorts |
.Cm GatewayPorts |
| can be used to specify that |
can be used to specify that |
| .Nm sshd |
.Nm sshd |
| should allow remote port forwardings to bind to non-loopback addresses, thus |
should bind remote port forwardings to the wildcard address, |
| allowing other hosts to connect. |
thus allowing remote hosts to connect to forwarded ports. |
| The argument may be |
The argument must be |
| .Dq no |
|
| to force remote port forwardings to be available to the local host only, |
|
| .Dq yes |
.Dq yes |
| to force remote port forwardings to bind to the wildcard address, or |
or |
| .Dq clientspecified |
.Dq no . |
| to allow the client to select the address to which the forwarding is bound. |
|
| The default is |
The default is |
| .Dq no . |
.Dq no . |
| .It Cm GSSAPIAuthentication |
.It Cm GSSAPIAuthentication |
|
|
| Multiple algorithms must be comma-separated. |
Multiple algorithms must be comma-separated. |
| The default is |
The default is |
| .Dq hmac-md5,hmac-sha1,hmac-ripemd160,hmac-sha1-96,hmac-md5-96 . |
.Dq hmac-md5,hmac-sha1,hmac-ripemd160,hmac-sha1-96,hmac-md5-96 . |
| .It Cm MaxAuthTries |
|
| Specifies the maximum number of authentication attempts permitted per |
|
| connection. |
|
| Once the number of failures reaches half this value, |
|
| additional failures are logged. |
|
| The default is 6. |
|
| .It Cm MaxStartups |
.It Cm MaxStartups |
| Specifies the maximum number of concurrent unauthenticated connections to the |
Specifies the maximum number of concurrent unauthenticated connections to the |
| .Nm sshd |
.Nm sshd |
|
|
| The default is |
The default is |
| .Dq no . |
.Dq no . |
| .It Cm PermitRootLogin |
.It Cm PermitRootLogin |
| Specifies whether root can log in using |
Specifies whether root can login using |
| .Xr ssh 1 . |
.Xr ssh 1 . |
| The argument must be |
The argument must be |
| .Dq yes , |
.Dq yes , |
|
|
| .Pp |
.Pp |
| If this option is set to |
If this option is set to |
| .Dq no |
.Dq no |
| root is not allowed to log in. |
root is not allowed to login. |
| .It Cm PermitUserEnvironment |
.It Cm PermitUserEnvironment |
| Specifies whether |
Specifies whether |
| .Pa ~/.ssh/environment |
.Pa ~/.ssh/environment |
|
|
| .It Cm PrintLastLog |
.It Cm PrintLastLog |
| Specifies whether |
Specifies whether |
| .Nm sshd |
.Nm sshd |
| should print the date and time of the last user login when a user logs |
should print the date and time when the user last logged in. |
| in interactively. |
|
| The default is |
The default is |
| .Dq yes . |
.Dq yes . |
| .It Cm PrintMotd |
.It Cm PrintMotd |
![[BACK]](/icons/back.gif){kind=icon}
Return to sshd_config.5 CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / src / usr.bin / ssh