version 1.55.2.1, 2006/09/30 04:06:51 |
version 1.56, 2006/03/13 10:14:29 |
|
|
.Cm ClientAliveCountMax |
.Cm ClientAliveCountMax |
is left at the default, unresponsive SSH clients |
is left at the default, unresponsive SSH clients |
will be disconnected after approximately 45 seconds. |
will be disconnected after approximately 45 seconds. |
This option applies to protocol version 2 only. |
|
.It Cm ClientAliveInterval |
.It Cm ClientAliveInterval |
Sets a timeout interval in seconds after which if no data has been received |
Sets a timeout interval in seconds after which if no data has been received |
from the client, |
from the client, |
|
|
in |
in |
.Xr ssh_config 5 |
.Xr ssh_config 5 |
for more information on patterns. |
for more information on patterns. |
.It Cm ForceCommand |
|
Forces the execution of the command specified by |
|
.Cm ForceCommand , |
|
ignoring any command supplied by the client. |
|
The command is invoked by using the user's login shell with the -c option. |
|
This applies to shell, command, or subsystem execution. |
|
It is most useful inside a |
|
.Cm Match |
|
block. |
|
The command originally supplied by the client is available in the |
|
.Ev SSH_ORIGINAL_COMMAND |
|
environment variable. |
|
.It Cm GatewayPorts |
.It Cm GatewayPorts |
Specifies whether remote hosts are allowed to connect to ports |
Specifies whether remote hosts are allowed to connect to ports |
forwarded for the client. |
forwarded for the client. |
|
|
and applies to protocol version 2 only. |
and applies to protocol version 2 only. |
The default is |
The default is |
.Dq no . |
.Dq no . |
.It Cm HostbasedUsesNameFromPacketOnly |
|
Specifies whether or not the server will attempt to perform a reverse |
|
name lookup when matching the name in the |
|
.Pa ~/.shosts , |
|
.Pa ~/.rhosts , |
|
and |
|
.Pa /etc/hosts.equiv |
|
files during |
|
.Cm HostbasedAuthentication . |
|
A setting of |
|
.Dq yes |
|
means that |
|
.Xr sshd 8 |
|
uses the name supplied by the client rather than |
|
attempting to resolve the name from the TCP connection itself. |
|
The default is |
|
.Dq no . |
|
.It Cm HostKey |
.It Cm HostKey |
Specifies a file containing a private host key |
Specifies a file containing a private host key |
used by SSH. |
used by SSH. |
|
|
Multiple algorithms must be comma-separated. |
Multiple algorithms must be comma-separated. |
The default is: |
The default is: |
.Dq hmac-md5,hmac-sha1,hmac-ripemd160,hmac-sha1-96,hmac-md5-96 . |
.Dq hmac-md5,hmac-sha1,hmac-ripemd160,hmac-sha1-96,hmac-md5-96 . |
.It Cm Match |
|
Introduces a conditional block. |
|
If all of the criteria on the |
|
.Cm Match |
|
line are satisfied, the keywords on the following lines override those |
|
set in the global section of the config file, until either another |
|
.Cm Match |
|
line or the end of the file. |
|
The arguments to |
|
.Cm Match |
|
are one or more criteria-pattern pairs. |
|
The available criteria are |
|
.Cm User , |
|
.Cm Group , |
|
.Cm Host , |
|
and |
|
.Cm Address . |
|
Only a subset of keywords may be used on the lines following a |
|
.Cm Match |
|
keyword. |
|
Available keywords are |
|
.Cm AllowTcpForwarding , |
|
.Cm ForceCommand , |
|
.Cm GatewayPorts , |
|
.Cm PermitOpen , |
|
.Cm X11DisplayOffset , |
|
.Cm X11Forwarding , |
|
and |
|
.Cm X11UseLocalHost . |
|
.It Cm MaxAuthTries |
.It Cm MaxAuthTries |
Specifies the maximum number of authentication attempts permitted per |
Specifies the maximum number of authentication attempts permitted per |
connection. |
connection. |
|
|
server allows login to accounts with empty password strings. |
server allows login to accounts with empty password strings. |
The default is |
The default is |
.Dq no . |
.Dq no . |
.It Cm PermitOpen |
|
Specifies the destinations to which TCP port forwarding is permitted. |
|
The forwarding specification must be one of the following forms: |
|
.Pp |
|
.Bl -item -offset indent -compact |
|
.It |
|
.Cm PermitOpen |
|
.Sm off |
|
.Ar host : port |
|
.Sm on |
|
.It |
|
.Cm PermitOpen |
|
.Sm off |
|
.Ar IPv4_addr : port |
|
.Sm on |
|
.It |
|
.Cm PermitOpen |
|
.Sm off |
|
.Ar \&[ IPv6_addr \&] : port |
|
.Sm on |
|
.El |
|
.Pp |
|
Multiple forwards may be specified by separating them with whitespace. |
|
An argument of |
|
.Dq any |
|
can be used to remove all restrictions and permit any forwarding requests. |
|
By default all port forwarding requests are permitted. |
|
.It Cm PermitRootLogin |
.It Cm PermitRootLogin |
Specifies whether root can log in using |
Specifies whether root can log in using |
.Xr ssh 1 . |
.Xr ssh 1 . |
|
|
device forwarding is allowed. |
device forwarding is allowed. |
The argument must be |
The argument must be |
.Dq yes , |
.Dq yes , |
.Dq point-to-point |
.Dq point-to-point , |
(layer 3), |
.Dq ethernet , |
.Dq ethernet |
or |
(layer 2), or |
|
.Dq no . |
.Dq no . |
Specifying |
|
.Dq yes |
|
permits both |
|
.Dq point-to-point |
|
and |
|
.Dq ethernet . |
|
The default is |
The default is |
.Dq no . |
.Dq no . |
.It Cm PermitUserEnvironment |
.It Cm PermitUserEnvironment |
|
|
.Dq yes . |
.Dq yes . |
.It Cm Subsystem |
.It Cm Subsystem |
Configures an external subsystem (e.g. file transfer daemon). |
Configures an external subsystem (e.g. file transfer daemon). |
Arguments should be a subsystem name and a command (with optional arguments) |
Arguments should be a subsystem name and a command to execute upon subsystem |
to execute upon subsystem request. |
request. |
The command |
The command |
.Xr sftp-server 8 |
.Xr sftp-server 8 |
implements the |
implements the |
|
|
is one of the following: |
is one of the following: |
.Pp |
.Pp |
.Bl -tag -width Ds -compact -offset indent |
.Bl -tag -width Ds -compact -offset indent |
.It Aq Cm none |
.It Cm <none> |
seconds |
seconds |
.It Cm s | Cm S |
.It Cm s | Cm S |
seconds |
seconds |