| version 1.55, 2006/02/26 18:01:13 |
version 1.55.2.1, 2006/09/30 04:06:51 |
|
|
| Lines starting with |
Lines starting with |
| .Ql # |
.Ql # |
| and empty lines are interpreted as comments. |
and empty lines are interpreted as comments. |
| |
Arguments may optionally be enclosed in double quotes |
| |
.Pq \&" |
| |
in order to represent arguments containing spaces. |
| .Pp |
.Pp |
| The possible |
The possible |
| keywords and their meanings are as follows (note that |
keywords and their meanings are as follows (note that |
|
|
| .Cm ClientAliveCountMax |
.Cm ClientAliveCountMax |
| is left at the default, unresponsive SSH clients |
is left at the default, unresponsive SSH clients |
| will be disconnected after approximately 45 seconds. |
will be disconnected after approximately 45 seconds. |
| |
This option applies to protocol version 2 only. |
| .It Cm ClientAliveInterval |
.It Cm ClientAliveInterval |
| Sets a timeout interval in seconds after which if no data has been received |
Sets a timeout interval in seconds after which if no data has been received |
| from the client, |
from the client, |
|
|
| in |
in |
| .Xr ssh_config 5 |
.Xr ssh_config 5 |
| for more information on patterns. |
for more information on patterns. |
| |
.It Cm ForceCommand |
| |
Forces the execution of the command specified by |
| |
.Cm ForceCommand , |
| |
ignoring any command supplied by the client. |
| |
The command is invoked by using the user's login shell with the -c option. |
| |
This applies to shell, command, or subsystem execution. |
| |
It is most useful inside a |
| |
.Cm Match |
| |
block. |
| |
The command originally supplied by the client is available in the |
| |
.Ev SSH_ORIGINAL_COMMAND |
| |
environment variable. |
| .It Cm GatewayPorts |
.It Cm GatewayPorts |
| Specifies whether remote hosts are allowed to connect to ports |
Specifies whether remote hosts are allowed to connect to ports |
| forwarded for the client. |
forwarded for the client. |
|
|
| and applies to protocol version 2 only. |
and applies to protocol version 2 only. |
| The default is |
The default is |
| .Dq no . |
.Dq no . |
| |
.It Cm HostbasedUsesNameFromPacketOnly |
| |
Specifies whether or not the server will attempt to perform a reverse |
| |
name lookup when matching the name in the |
| |
.Pa ~/.shosts , |
| |
.Pa ~/.rhosts , |
| |
and |
| |
.Pa /etc/hosts.equiv |
| |
files during |
| |
.Cm HostbasedAuthentication . |
| |
A setting of |
| |
.Dq yes |
| |
means that |
| |
.Xr sshd 8 |
| |
uses the name supplied by the client rather than |
| |
attempting to resolve the name from the TCP connection itself. |
| |
The default is |
| |
.Dq no . |
| .It Cm HostKey |
.It Cm HostKey |
| Specifies a file containing a private host key |
Specifies a file containing a private host key |
| used by SSH. |
used by SSH. |
|
|
| Multiple algorithms must be comma-separated. |
Multiple algorithms must be comma-separated. |
| The default is: |
The default is: |
| .Dq hmac-md5,hmac-sha1,hmac-ripemd160,hmac-sha1-96,hmac-md5-96 . |
.Dq hmac-md5,hmac-sha1,hmac-ripemd160,hmac-sha1-96,hmac-md5-96 . |
| |
.It Cm Match |
| |
Introduces a conditional block. |
| |
If all of the criteria on the |
| |
.Cm Match |
| |
line are satisfied, the keywords on the following lines override those |
| |
set in the global section of the config file, until either another |
| |
.Cm Match |
| |
line or the end of the file. |
| |
The arguments to |
| |
.Cm Match |
| |
are one or more criteria-pattern pairs. |
| |
The available criteria are |
| |
.Cm User , |
| |
.Cm Group , |
| |
.Cm Host , |
| |
and |
| |
.Cm Address . |
| |
Only a subset of keywords may be used on the lines following a |
| |
.Cm Match |
| |
keyword. |
| |
Available keywords are |
| |
.Cm AllowTcpForwarding , |
| |
.Cm ForceCommand , |
| |
.Cm GatewayPorts , |
| |
.Cm PermitOpen , |
| |
.Cm X11DisplayOffset , |
| |
.Cm X11Forwarding , |
| |
and |
| |
.Cm X11UseLocalHost . |
| .It Cm MaxAuthTries |
.It Cm MaxAuthTries |
| Specifies the maximum number of authentication attempts permitted per |
Specifies the maximum number of authentication attempts permitted per |
| connection. |
connection. |
|
|
| server allows login to accounts with empty password strings. |
server allows login to accounts with empty password strings. |
| The default is |
The default is |
| .Dq no . |
.Dq no . |
| |
.It Cm PermitOpen |
| |
Specifies the destinations to which TCP port forwarding is permitted. |
| |
The forwarding specification must be one of the following forms: |
| |
.Pp |
| |
.Bl -item -offset indent -compact |
| |
.It |
| |
.Cm PermitOpen |
| |
.Sm off |
| |
.Ar host : port |
| |
.Sm on |
| |
.It |
| |
.Cm PermitOpen |
| |
.Sm off |
| |
.Ar IPv4_addr : port |
| |
.Sm on |
| |
.It |
| |
.Cm PermitOpen |
| |
.Sm off |
| |
.Ar \&[ IPv6_addr \&] : port |
| |
.Sm on |
| |
.El |
| |
.Pp |
| |
Multiple forwards may be specified by separating them with whitespace. |
| |
An argument of |
| |
.Dq any |
| |
can be used to remove all restrictions and permit any forwarding requests. |
| |
By default all port forwarding requests are permitted. |
| .It Cm PermitRootLogin |
.It Cm PermitRootLogin |
| Specifies whether root can log in using |
Specifies whether root can log in using |
| .Xr ssh 1 . |
.Xr ssh 1 . |
|
|
| device forwarding is allowed. |
device forwarding is allowed. |
| The argument must be |
The argument must be |
| .Dq yes , |
.Dq yes , |
| .Dq point-to-point , |
.Dq point-to-point |
| .Dq ethernet , |
(layer 3), |
| or |
.Dq ethernet |
| |
(layer 2), or |
| .Dq no . |
.Dq no . |
| |
Specifying |
| |
.Dq yes |
| |
permits both |
| |
.Dq point-to-point |
| |
and |
| |
.Dq ethernet . |
| The default is |
The default is |
| .Dq no . |
.Dq no . |
| .It Cm PermitUserEnvironment |
.It Cm PermitUserEnvironment |
|
|
| .Dq yes . |
.Dq yes . |
| .It Cm Subsystem |
.It Cm Subsystem |
| Configures an external subsystem (e.g. file transfer daemon). |
Configures an external subsystem (e.g. file transfer daemon). |
| Arguments should be a subsystem name and a command to execute upon subsystem |
Arguments should be a subsystem name and a command (with optional arguments) |
| request. |
to execute upon subsystem request. |
| The command |
The command |
| .Xr sftp-server 8 |
.Xr sftp-server 8 |
| implements the |
implements the |
|
|
| is one of the following: |
is one of the following: |
| .Pp |
.Pp |
| .Bl -tag -width Ds -compact -offset indent |
.Bl -tag -width Ds -compact -offset indent |
| .It Cm <none> |
.It Aq Cm none |
| seconds |
seconds |
| .It Cm s | Cm S |
.It Cm s | Cm S |
| seconds |
seconds |
![[BACK]](/icons/back.gif){kind=icon}
Return to sshd_config.5 CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / src / usr.bin / ssh