| version 1.35.2.2, 2005/09/02 03:45:01 |
version 1.36, 2004/09/15 03:25:41 |
|
|
| user environments. |
user environments. |
| For this reason, care should be taken in the use of this directive. |
For this reason, care should be taken in the use of this directive. |
| The default is not to accept any environment variables. |
The default is not to accept any environment variables. |
| .It Cm AddressFamily |
|
| Specifies which address family should be used by |
|
| .Nm sshd . |
|
| Valid arguments are |
|
| .Dq any , |
|
| .Dq inet |
|
| (use IPv4 only) or |
|
| .Dq inet6 |
|
| (use IPv6 only). |
|
| The default is |
|
| .Dq any . |
|
| .It Cm AllowGroups |
.It Cm AllowGroups |
| This keyword can be followed by a list of group name patterns, separated |
This keyword can be followed by a list of group name patterns, separated |
| by spaces. |
by spaces. |
|
|
| .Dq aes128-ctr , |
.Dq aes128-ctr , |
| .Dq aes192-ctr , |
.Dq aes192-ctr , |
| .Dq aes256-ctr , |
.Dq aes256-ctr , |
| .Dq arcfour128 , |
|
| .Dq arcfour256 , |
|
| .Dq arcfour , |
.Dq arcfour , |
| .Dq blowfish-cbc , |
.Dq blowfish-cbc , |
| and |
and |
| .Dq cast128-cbc . |
.Dq cast128-cbc . |
| The default is |
The default is |
| .Bd -literal |
.Bd -literal |
| ``aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128, |
``aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour, |
| arcfour256,arcfour,aes192-cbc,aes256-cbc,aes128-ctr, |
aes192-cbc,aes256-cbc,aes128-ctr,aes192-ctr,aes256-ctr'' |
| aes192-ctr,aes256-ctr'' |
|
| .Ed |
.Ed |
| |
.It Cm ClientAliveInterval |
| |
Sets a timeout interval in seconds after which if no data has been received |
| |
from the client, |
| |
.Nm sshd |
| |
will send a message through the encrypted |
| |
channel to request a response from the client. |
| |
The default |
| |
is 0, indicating that these messages will not be sent to the client. |
| |
This option applies to protocol version 2 only. |
| .It Cm ClientAliveCountMax |
.It Cm ClientAliveCountMax |
| Sets the number of client alive messages (see above) which may be |
Sets the number of client alive messages (see above) which may be |
| sent without |
sent without |
|
|
| .Cm ClientAliveCountMax |
.Cm ClientAliveCountMax |
| is left at the default, unresponsive ssh clients |
is left at the default, unresponsive ssh clients |
| will be disconnected after approximately 45 seconds. |
will be disconnected after approximately 45 seconds. |
| .It Cm ClientAliveInterval |
|
| Sets a timeout interval in seconds after which if no data has been received |
|
| from the client, |
|
| .Nm sshd |
|
| will send a message through the encrypted |
|
| channel to request a response from the client. |
|
| The default |
|
| is 0, indicating that these messages will not be sent to the client. |
|
| This option applies to protocol version 2 only. |
|
| .It Cm Compression |
.It Cm Compression |
| Specifies whether compression is allowed, or delayed until |
Specifies whether compression is allowed. |
| the user has authenticated successfully. |
|
| The argument must be |
The argument must be |
| .Dq yes , |
.Dq yes |
| .Dq delayed , |
|
| or |
or |
| .Dq no . |
.Dq no . |
| The default is |
The default is |
| .Dq delayed . |
.Dq yes . |
| .It Cm DenyGroups |
.It Cm DenyGroups |
| This keyword can be followed by a list of group name patterns, separated |
This keyword can be followed by a list of group name patterns, separated |
| by spaces. |
by spaces. |
|
|
| .Cm GatewayPorts |
.Cm GatewayPorts |
| can be used to specify that |
can be used to specify that |
| .Nm sshd |
.Nm sshd |
| should allow remote port forwardings to bind to non-loopback addresses, thus |
should bind remote port forwardings to the wildcard address, |
| allowing other hosts to connect. |
thus allowing remote hosts to connect to forwarded ports. |
| The argument may be |
The argument must be |
| .Dq no |
|
| to force remote port forwardings to be available to the local host only, |
|
| .Dq yes |
.Dq yes |
| to force remote port forwardings to bind to the wildcard address, or |
or |
| .Dq clientspecified |
.Dq no . |
| to allow the client to select the address to which the forwarding is bound. |
|
| The default is |
The default is |
| .Dq no . |
.Dq no . |
| .It Cm GSSAPIAuthentication |
.It Cm GSSAPIAuthentication |
|
|
| Specifies whether |
Specifies whether |
| .Nm sshd |
.Nm sshd |
| should ignore the user's |
should ignore the user's |
| .Pa ~/.ssh/known_hosts |
.Pa $HOME/.ssh/known_hosts |
| during |
during |
| .Cm RhostsRSAAuthentication |
.Cm RhostsRSAAuthentication |
| or |
or |
|
|
| The default is |
The default is |
| .Dq no . |
.Dq no . |
| .It Cm PermitRootLogin |
.It Cm PermitRootLogin |
| Specifies whether root can log in using |
Specifies whether root can login using |
| .Xr ssh 1 . |
.Xr ssh 1 . |
| The argument must be |
The argument must be |
| .Dq yes , |
.Dq yes , |
|
|
| .Pp |
.Pp |
| If this option is set to |
If this option is set to |
| .Dq no |
.Dq no |
| root is not allowed to log in. |
root is not allowed to login. |
| .It Cm PermitUserEnvironment |
.It Cm PermitUserEnvironment |
| Specifies whether |
Specifies whether |
| .Pa ~/.ssh/environment |
.Pa ~/.ssh/environment |
|
|
| .It Cm UseDNS |
.It Cm UseDNS |
| Specifies whether |
Specifies whether |
| .Nm sshd |
.Nm sshd |
| should look up the remote host name and check that |
should lookup the remote host name and check that |
| the resolved host name for the remote IP address maps back to the |
the resolved host name for the remote IP address maps back to the |
| very same IP address. |
very same IP address. |
| The default is |
The default is |
![[BACK]](/icons/back.gif){kind=icon}
Return to sshd_config.5 CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / src / usr.bin / ssh