| version 1.35, 2004/06/26 09:14:40 |
version 1.35.2.2, 2005/09/02 03:45:01 |
|
|
| user environments. |
user environments. |
| For this reason, care should be taken in the use of this directive. |
For this reason, care should be taken in the use of this directive. |
| The default is not to accept any environment variables. |
The default is not to accept any environment variables. |
| |
.It Cm AddressFamily |
| |
Specifies which address family should be used by |
| |
.Nm sshd . |
| |
Valid arguments are |
| |
.Dq any , |
| |
.Dq inet |
| |
(use IPv4 only) or |
| |
.Dq inet6 |
| |
(use IPv6 only). |
| |
The default is |
| |
.Dq any . |
| .It Cm AllowGroups |
.It Cm AllowGroups |
| This keyword can be followed by a list of group name patterns, separated |
This keyword can be followed by a list of group name patterns, separated |
| by spaces. |
by spaces. |
|
|
| .Dq aes128-ctr , |
.Dq aes128-ctr , |
| .Dq aes192-ctr , |
.Dq aes192-ctr , |
| .Dq aes256-ctr , |
.Dq aes256-ctr , |
| |
.Dq arcfour128 , |
| |
.Dq arcfour256 , |
| .Dq arcfour , |
.Dq arcfour , |
| .Dq blowfish-cbc , |
.Dq blowfish-cbc , |
| and |
and |
| .Dq cast128-cbc . |
.Dq cast128-cbc . |
| The default is |
The default is |
| .Bd -literal |
.Bd -literal |
| ``aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour, |
``aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128, |
| aes192-cbc,aes256-cbc,aes128-ctr,aes192-ctr,aes256-ctr'' |
arcfour256,arcfour,aes192-cbc,aes256-cbc,aes128-ctr, |
| |
aes192-ctr,aes256-ctr'' |
| .Ed |
.Ed |
| .It Cm ClientAliveInterval |
|
| Sets a timeout interval in seconds after which if no data has been received |
|
| from the client, |
|
| .Nm sshd |
|
| will send a message through the encrypted |
|
| channel to request a response from the client. |
|
| The default |
|
| is 0, indicating that these messages will not be sent to the client. |
|
| This option applies to protocol version 2 only. |
|
| .It Cm ClientAliveCountMax |
.It Cm ClientAliveCountMax |
| Sets the number of client alive messages (see above) which may be |
Sets the number of client alive messages (see above) which may be |
| sent without |
sent without |
|
|
| .Cm ClientAliveCountMax |
.Cm ClientAliveCountMax |
| is left at the default, unresponsive ssh clients |
is left at the default, unresponsive ssh clients |
| will be disconnected after approximately 45 seconds. |
will be disconnected after approximately 45 seconds. |
| |
.It Cm ClientAliveInterval |
| |
Sets a timeout interval in seconds after which if no data has been received |
| |
from the client, |
| |
.Nm sshd |
| |
will send a message through the encrypted |
| |
channel to request a response from the client. |
| |
The default |
| |
is 0, indicating that these messages will not be sent to the client. |
| |
This option applies to protocol version 2 only. |
| .It Cm Compression |
.It Cm Compression |
| Specifies whether compression is allowed. |
Specifies whether compression is allowed, or delayed until |
| |
the user has authenticated successfully. |
| The argument must be |
The argument must be |
| .Dq yes |
.Dq yes , |
| |
.Dq delayed , |
| or |
or |
| .Dq no . |
.Dq no . |
| The default is |
The default is |
| .Dq yes . |
.Dq delayed . |
| .It Cm DenyGroups |
.It Cm DenyGroups |
| This keyword can be followed by a list of group name patterns, separated |
This keyword can be followed by a list of group name patterns, separated |
| by spaces. |
by spaces. |
|
|
| .Cm GatewayPorts |
.Cm GatewayPorts |
| can be used to specify that |
can be used to specify that |
| .Nm sshd |
.Nm sshd |
| should bind remote port forwardings to the wildcard address, |
should allow remote port forwardings to bind to non-loopback addresses, thus |
| thus allowing remote hosts to connect to forwarded ports. |
allowing other hosts to connect. |
| The argument must be |
The argument may be |
| |
.Dq no |
| |
to force remote port forwardings to be available to the local host only, |
| .Dq yes |
.Dq yes |
| or |
to force remote port forwardings to bind to the wildcard address, or |
| .Dq no . |
.Dq clientspecified |
| |
to allow the client to select the address to which the forwarding is bound. |
| The default is |
The default is |
| .Dq no . |
.Dq no . |
| .It Cm GSSAPIAuthentication |
.It Cm GSSAPIAuthentication |
|
|
| Specifies whether |
Specifies whether |
| .Nm sshd |
.Nm sshd |
| should ignore the user's |
should ignore the user's |
| .Pa $HOME/.ssh/known_hosts |
.Pa ~/.ssh/known_hosts |
| during |
during |
| .Cm RhostsRSAAuthentication |
.Cm RhostsRSAAuthentication |
| or |
or |
|
|
| The default is |
The default is |
| .Dq no . |
.Dq no . |
| .It Cm PermitRootLogin |
.It Cm PermitRootLogin |
| Specifies whether root can login using |
Specifies whether root can log in using |
| .Xr ssh 1 . |
.Xr ssh 1 . |
| The argument must be |
The argument must be |
| .Dq yes , |
.Dq yes , |
|
|
| .Pp |
.Pp |
| If this option is set to |
If this option is set to |
| .Dq no |
.Dq no |
| root is not allowed to login. |
root is not allowed to log in. |
| .It Cm PermitUserEnvironment |
.It Cm PermitUserEnvironment |
| Specifies whether |
Specifies whether |
| .Pa ~/.ssh/environment |
.Pa ~/.ssh/environment |
|
|
| .It Cm PrintLastLog |
.It Cm PrintLastLog |
| Specifies whether |
Specifies whether |
| .Nm sshd |
.Nm sshd |
| should print the date and time when the user last logged in. |
should print the date and time of the last user login when a user logs |
| |
in interactively. |
| The default is |
The default is |
| .Dq yes . |
.Dq yes . |
| .It Cm PrintMotd |
.It Cm PrintMotd |
|
|
| .It Cm UseDNS |
.It Cm UseDNS |
| Specifies whether |
Specifies whether |
| .Nm sshd |
.Nm sshd |
| should lookup the remote host name and check that |
should look up the remote host name and check that |
| the resolved host name for the remote IP address maps back to the |
the resolved host name for the remote IP address maps back to the |
| very same IP address. |
very same IP address. |
| The default is |
The default is |
![[BACK]](/icons/back.gif){kind=icon}
Return to sshd_config.5 CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / src / usr.bin / ssh