| version 1.31, 2004/04/28 05:17:10 |
version 1.32, 2004/04/28 07:02:56 |
|
|
| user environments. |
user environments. |
| For this reason, care should be taken in the use of this directive. |
For this reason, care should be taken in the use of this directive. |
| The default is not to accept any environment variables. |
The default is not to accept any environment variables. |
| .Pp |
|
| .It Cm AllowGroups |
.It Cm AllowGroups |
| This keyword can be followed by a list of group name patterns, separated |
This keyword can be followed by a list of group name patterns, separated |
| by spaces. |
by spaces. |
|
|
| wildcards in the patterns. |
wildcards in the patterns. |
| Only group names are valid; a numerical group ID is not recognized. |
Only group names are valid; a numerical group ID is not recognized. |
| By default, login is allowed for all groups. |
By default, login is allowed for all groups. |
| .Pp |
|
| .It Cm AllowTcpForwarding |
.It Cm AllowTcpForwarding |
| Specifies whether TCP forwarding is permitted. |
Specifies whether TCP forwarding is permitted. |
| The default is |
The default is |
|
|
| Note that disabling TCP forwarding does not improve security unless |
Note that disabling TCP forwarding does not improve security unless |
| users are also denied shell access, as they can always install their |
users are also denied shell access, as they can always install their |
| own forwarders. |
own forwarders. |
| .Pp |
|
| .It Cm AllowUsers |
.It Cm AllowUsers |
| This keyword can be followed by a list of user name patterns, separated |
This keyword can be followed by a list of user name patterns, separated |
| by spaces. |
by spaces. |
|
|
| If the pattern takes the form USER@HOST then USER and HOST |
If the pattern takes the form USER@HOST then USER and HOST |
| are separately checked, restricting logins to particular |
are separately checked, restricting logins to particular |
| users from particular hosts. |
users from particular hosts. |
| .Pp |
|
| .It Cm AuthorizedKeysFile |
.It Cm AuthorizedKeysFile |
| Specifies the file that contains the public keys that can be used |
Specifies the file that contains the public keys that can be used |
| for user authentication. |
for user authentication. |
|
|
| authentication is allowed. |
authentication is allowed. |
| This option is only available for protocol version 2. |
This option is only available for protocol version 2. |
| By default, no banner is displayed. |
By default, no banner is displayed. |
| .Pp |
|
| .It Cm ChallengeResponseAuthentication |
.It Cm ChallengeResponseAuthentication |
| Specifies whether challenge response authentication is allowed. |
Specifies whether challenge response authentication is allowed. |
| All authentication styles from |
All authentication styles from |
|
|
| Specifies the ciphers allowed for protocol version 2. |
Specifies the ciphers allowed for protocol version 2. |
| Multiple ciphers must be comma-separated. |
Multiple ciphers must be comma-separated. |
| The default is |
The default is |
| .Pp |
|
| .Bd -literal |
.Bd -literal |
| ``aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour, |
``aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour, |
| aes192-cbc,aes256-cbc,aes128-ctr,aes192-ctr,aes256-ctr'' |
aes192-cbc,aes256-cbc,aes128-ctr,aes192-ctr,aes256-ctr'' |
|
|
| wildcards in the patterns. |
wildcards in the patterns. |
| Only group names are valid; a numerical group ID is not recognized. |
Only group names are valid; a numerical group ID is not recognized. |
| By default, login is allowed for all groups. |
By default, login is allowed for all groups. |
| .Pp |
|
| .It Cm DenyUsers |
.It Cm DenyUsers |
| This keyword can be followed by a list of user name patterns, separated |
This keyword can be followed by a list of user name patterns, separated |
| by spaces. |
by spaces. |
![[BACK]](/icons/back.gif){kind=icon}
Return to sshd_config.5 CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / src / usr.bin / ssh