version 1.40.2.2, 2006/02/03 02:53:46 |
version 1.41, 2005/04/21 06:17:50 |
|
|
.Dq aes128-ctr , |
.Dq aes128-ctr , |
.Dq aes192-ctr , |
.Dq aes192-ctr , |
.Dq aes256-ctr , |
.Dq aes256-ctr , |
.Dq arcfour128 , |
|
.Dq arcfour256 , |
|
.Dq arcfour , |
.Dq arcfour , |
.Dq blowfish-cbc , |
.Dq blowfish-cbc , |
and |
and |
.Dq cast128-cbc . |
.Dq cast128-cbc . |
The default is |
The default is |
.Bd -literal |
.Bd -literal |
``aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128, |
``aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour, |
arcfour256,arcfour,aes192-cbc,aes256-cbc,aes128-ctr, |
aes192-cbc,aes256-cbc,aes128-ctr,aes192-ctr,aes256-ctr'' |
aes192-ctr,aes256-ctr'' |
|
.Ed |
.Ed |
|
.It Cm ClientAliveInterval |
|
Sets a timeout interval in seconds after which if no data has been received |
|
from the client, |
|
.Nm sshd |
|
will send a message through the encrypted |
|
channel to request a response from the client. |
|
The default |
|
is 0, indicating that these messages will not be sent to the client. |
|
This option applies to protocol version 2 only. |
.It Cm ClientAliveCountMax |
.It Cm ClientAliveCountMax |
Sets the number of client alive messages (see below) which may be |
Sets the number of client alive messages (see above) which may be |
sent without |
sent without |
.Nm sshd |
.Nm sshd |
receiving any messages back from the client. |
receiving any messages back from the client. |
|
|
The default value is 3. |
The default value is 3. |
If |
If |
.Cm ClientAliveInterval |
.Cm ClientAliveInterval |
(see below) is set to 15, and |
(above) is set to 15, and |
.Cm ClientAliveCountMax |
.Cm ClientAliveCountMax |
is left at the default, unresponsive ssh clients |
is left at the default, unresponsive ssh clients |
will be disconnected after approximately 45 seconds. |
will be disconnected after approximately 45 seconds. |
.It Cm ClientAliveInterval |
|
Sets a timeout interval in seconds after which if no data has been received |
|
from the client, |
|
.Nm sshd |
|
will send a message through the encrypted |
|
channel to request a response from the client. |
|
The default |
|
is 0, indicating that these messages will not be sent to the client. |
|
This option applies to protocol version 2 only. |
|
.It Cm Compression |
.It Cm Compression |
Specifies whether compression is allowed, or delayed until |
Specifies whether compression is allowed. |
the user has authenticated successfully. |
|
The argument must be |
The argument must be |
.Dq yes , |
.Dq yes |
.Dq delayed , |
|
or |
or |
.Dq no . |
.Dq no . |
The default is |
The default is |
.Dq delayed . |
.Dq yes . |
.It Cm DenyGroups |
.It Cm DenyGroups |
This keyword can be followed by a list of group name patterns, separated |
This keyword can be followed by a list of group name patterns, separated |
by spaces. |
by spaces. |
|
|
Default is |
Default is |
.Dq no . |
.Dq no . |
.It Cm KerberosGetAFSToken |
.It Cm KerberosGetAFSToken |
If AFS is active and the user has a Kerberos 5 TGT, attempt to acquire |
If AFS is active and the user has a Kerberos 5 TGT, attempt to aquire |
an AFS token before accessing the user's home directory. |
an AFS token before accessing the user's home directory. |
Default is |
Default is |
.Dq no . |
.Dq no . |
|
|
If this option is set to |
If this option is set to |
.Dq no |
.Dq no |
root is not allowed to log in. |
root is not allowed to log in. |
.It Cm PermitTunnel |
|
Specifies whether |
|
.Xr tun 4 |
|
device forwarding is allowed. |
|
The argument must be |
|
.Dq yes , |
|
.Dq point-to-point , |
|
.Dq ethernet |
|
or |
|
.Dq no . |
|
The default is |
|
.Dq no . |
|
.It Cm PermitUserEnvironment |
.It Cm PermitUserEnvironment |
Specifies whether |
Specifies whether |
.Pa ~/.ssh/environment |
.Pa ~/.ssh/environment |