[BACK]Return to sshd_config.5 CVS log [TXT][DIR] Up to [local] / src / usr.bin / ssh

Diff for /src/usr.bin/ssh/sshd_config.5 between version 1.55.2.1 and 1.56

version 1.55.2.1, 2006/09/30 04:06:51 version 1.56, 2006/03/13 10:14:29
Line 223 
Line 223 
 .Cm ClientAliveCountMax  .Cm ClientAliveCountMax
 is left at the default, unresponsive SSH clients  is left at the default, unresponsive SSH clients
 will be disconnected after approximately 45 seconds.  will be disconnected after approximately 45 seconds.
 This option applies to protocol version 2 only.  
 .It Cm ClientAliveInterval  .It Cm ClientAliveInterval
 Sets a timeout interval in seconds after which if no data has been received  Sets a timeout interval in seconds after which if no data has been received
 from the client,  from the client,
Line 283 
Line 282 
 in  in
 .Xr ssh_config 5  .Xr ssh_config 5
 for more information on patterns.  for more information on patterns.
 .It Cm ForceCommand  
 Forces the execution of the command specified by  
 .Cm ForceCommand ,  
 ignoring any command supplied by the client.  
 The command is invoked by using the user's login shell with the -c option.  
 This applies to shell, command, or subsystem execution.  
 It is most useful inside a  
 .Cm Match  
 block.  
 The command originally supplied by the client is available in the  
 .Ev SSH_ORIGINAL_COMMAND  
 environment variable.  
 .It Cm GatewayPorts  .It Cm GatewayPorts
 Specifies whether remote hosts are allowed to connect to ports  Specifies whether remote hosts are allowed to connect to ports
 forwarded for the client.  forwarded for the client.
Line 335 
Line 322 
 and applies to protocol version 2 only.  and applies to protocol version 2 only.
 The default is  The default is
 .Dq no .  .Dq no .
 .It Cm HostbasedUsesNameFromPacketOnly  
 Specifies whether or not the server will attempt to perform a reverse  
 name lookup when matching the name in the  
 .Pa ~/.shosts ,  
 .Pa ~/.rhosts ,  
 and  
 .Pa /etc/hosts.equiv  
 files during  
 .Cm HostbasedAuthentication .  
 A setting of  
 .Dq yes  
 means that  
 .Xr sshd 8  
 uses the name supplied by the client rather than  
 attempting to resolve the name from the TCP connection itself.  
 The default is  
 .Dq no .  
 .It Cm HostKey  .It Cm HostKey
 Specifies a file containing a private host key  Specifies a file containing a private host key
 used by SSH.  used by SSH.
Line 492 
Line 462 
 Multiple algorithms must be comma-separated.  Multiple algorithms must be comma-separated.
 The default is:  The default is:
 .Dq hmac-md5,hmac-sha1,hmac-ripemd160,hmac-sha1-96,hmac-md5-96 .  .Dq hmac-md5,hmac-sha1,hmac-ripemd160,hmac-sha1-96,hmac-md5-96 .
 .It Cm Match  
 Introduces a conditional block.  
 If all of the criteria on the  
 .Cm Match  
 line are satisfied, the keywords on the following lines override those  
 set in the global section of the config file, until either another  
 .Cm Match  
 line or the end of the file.  
 The arguments to  
 .Cm Match  
 are one or more criteria-pattern pairs.  
 The available criteria are  
 .Cm User ,  
 .Cm Group ,  
 .Cm Host ,  
 and  
 .Cm Address .  
 Only a subset of keywords may be used on the lines following a  
 .Cm Match  
 keyword.  
 Available keywords are  
 .Cm AllowTcpForwarding ,  
 .Cm ForceCommand ,  
 .Cm GatewayPorts ,  
 .Cm PermitOpen ,  
 .Cm X11DisplayOffset ,  
 .Cm X11Forwarding ,  
 and  
 .Cm X11UseLocalHost .  
 .It Cm MaxAuthTries  .It Cm MaxAuthTries
 Specifies the maximum number of authentication attempts permitted per  Specifies the maximum number of authentication attempts permitted per
 connection.  connection.
Line 560 
Line 501 
 server allows login to accounts with empty password strings.  server allows login to accounts with empty password strings.
 The default is  The default is
 .Dq no .  .Dq no .
 .It Cm PermitOpen  
 Specifies the destinations to which TCP port forwarding is permitted.  
 The forwarding specification must be one of the following forms:  
 .Pp  
 .Bl -item -offset indent -compact  
 .It  
 .Cm PermitOpen  
 .Sm off  
 .Ar host : port  
 .Sm on  
 .It  
 .Cm PermitOpen  
 .Sm off  
 .Ar IPv4_addr : port  
 .Sm on  
 .It  
 .Cm PermitOpen  
 .Sm off  
 .Ar \&[ IPv6_addr \&] : port  
 .Sm on  
 .El  
 .Pp  
 Multiple forwards may be specified by separating them with whitespace.  
 An argument of  
 .Dq any  
 can be used to remove all restrictions and permit any forwarding requests.  
 By default all port forwarding requests are permitted.  
 .It Cm PermitRootLogin  .It Cm PermitRootLogin
 Specifies whether root can log in using  Specifies whether root can log in using
 .Xr ssh 1 .  .Xr ssh 1 .
Line 622 
Line 536 
 device forwarding is allowed.  device forwarding is allowed.
 The argument must be  The argument must be
 .Dq yes ,  .Dq yes ,
 .Dq point-to-point  .Dq point-to-point ,
 (layer 3),  .Dq ethernet ,
 .Dq ethernet  or
 (layer 2), or  
 .Dq no .  .Dq no .
 Specifying  
 .Dq yes  
 permits both  
 .Dq point-to-point  
 and  
 .Dq ethernet .  
 The default is  The default is
 .Dq no .  .Dq no .
 .It Cm PermitUserEnvironment  .It Cm PermitUserEnvironment
Line 728 
Line 635 
 .Dq yes .  .Dq yes .
 .It Cm Subsystem  .It Cm Subsystem
 Configures an external subsystem (e.g. file transfer daemon).  Configures an external subsystem (e.g. file transfer daemon).
 Arguments should be a subsystem name and a command (with optional arguments)  Arguments should be a subsystem name and a command to execute upon subsystem
 to execute upon subsystem request.  request.
 The command  The command
 .Xr sftp-server 8  .Xr sftp-server 8
 implements the  implements the
Line 888 
Line 795 
 is one of the following:  is one of the following:
 .Pp  .Pp
 .Bl -tag -width Ds -compact -offset indent  .Bl -tag -width Ds -compact -offset indent
 .It Aq Cm none  .It Cm <none>
 seconds  seconds
 .It Cm s | Cm S  .It Cm s | Cm S
 seconds  seconds
Legend:
Removed from v.1.55.2.1  
changed lines
  Added in v.1.56