version 1.343, 2022/09/17 10:34:29 |
version 1.344, 2023/01/06 02:47:19 |
|
|
.Pp |
.Pp |
Certificates signed using other algorithms will not be accepted for |
Certificates signed using other algorithms will not be accepted for |
public key or host-based authentication. |
public key or host-based authentication. |
|
.It Cm ChannelTimeout |
|
Specifies whether and how quickly |
|
.Xr sshd 8 |
|
should close inactive channels. |
|
Timeouts for specified as one or more |
|
.Dq type=interval |
|
pairs separated by whitespace, where the |
|
.Dq type |
|
must be a channel type name (as described in the table below), optionally |
|
containing wildcard characters. |
|
.Pp |
|
The timeout value |
|
.Dq interval |
|
is specified in seconds or may use any of the units documented in the |
|
.Sx TIME FORMATS |
|
section. |
|
For example, |
|
.Dq session:*=5m |
|
would cause all sessions to terminate after five minutes of inactivity. |
|
Specifying a zero value disables the inactivity timeout. |
|
.Pp |
|
The available channel types include: |
|
.Bl -tag -width Ds |
|
.It Cm agent-connection |
|
Open connections to |
|
.Xr ssh-agent 1 . |
|
.It Cm direct-tcpip Cm direct-streamlocal@openssh.com |
|
Open TCP or Unix socket (respectively) connections that have |
|
been established from a |
|
.Xr ssh 1 |
|
local forwarding, i.e. |
|
.Cm LocalForward or |
|
.Cm DynamicForward . |
|
.It Cm forwarded-tcpip Cm forwarded-streamlocal@openssh.com |
|
Open TCP or Unix socket (respectively) connections that have been |
|
established to a |
|
.Xr sshd 8 |
|
listening on behalf of a |
|
.Xr ssh 1 |
|
remote forwarding, i.e. |
|
.Cm RemoteForward . |
|
.It Cm session:command |
|
Command execution sessions. |
|
.It Cm session:shell |
|
Interactive shell sessions. |
|
.It Cm session:subsystem:... |
|
Subsystem sessions, e.g. for |
|
.Xr sftp 1 , |
|
which could be identified as |
|
.Cm session:subsystem:sftp . |
|
.It Cm x11-connection |
|
Open X11 forwarding sessions. |
|
.El |
|
.Pp |
|
Note that, in all the above cases, terminating an inactive session does not |
|
guarantee to remove all resources associated with the session, e.g. shell |
|
processes or X11 clients relating to the session may continue to execute. |
|
.Pp |
|
Moreover, terminating an inactive channel or session does necessarily |
|
close the SSH connection, nor does it prevent a client from |
|
requesting another channel of the same type. |
|
In particular, expiring an inactive forwarding session does not prevent |
|
another identical forwarding from being subsequently created. |
|
.Pp |
|
The default is not to expire channels of any type for inactivity. |
.It Cm ChrootDirectory |
.It Cm ChrootDirectory |
Specifies the pathname of a directory to |
Specifies the pathname of a directory to |
.Xr chroot 2 |
.Xr chroot 2 |