| version 1.79, 2008/01/01 09:27:33 |
version 1.80, 2008/02/08 23:24:07 |
|
|
| are supported. |
are supported. |
| The default is |
The default is |
| .Dq yes . |
.Dq yes . |
| |
.It Cm ChrootDirectory |
| |
Specifies a path to |
| |
.Xr chroot 2 |
| |
to after authentication. |
| |
This path, and all its components, must be root-owned directories that are |
| |
not writable by any other user or group. |
| |
.Pp |
| |
The path may contain the following tokens that are expanded at runtime once |
| |
the connecting user has been authenticated: %% is replaced by a literal '%', |
| |
%h is replaced by the home directory of the user being authenticated, and |
| |
%u is replaced by the username of that user. |
| |
.Pp |
| |
The |
| |
.Cm ChrootDirectory |
| |
must contain the necessary files and directories to support the |
| |
users' session. |
| |
For an interactive session this requires at least a shell, typically |
| |
.Xr sh 1 , |
| |
and basic |
| |
.Pa /dev |
| |
nodes such as |
| |
.Xr null 4 , |
| |
.Xr zero 4 , |
| |
.Xr stdin 4 , |
| |
.Xr stdout 4 , |
| |
.Xr stderr 4 , |
| |
.Xr arandom 4 |
| |
and |
| |
.Xr tty 4 |
| |
devices. |
| |
For file transfer sessions using |
| |
.Dq sftp , |
| |
no additional configuration of the environment is necessary if the |
| |
in-process sftp server is used (see |
| |
.Cm Subsystem |
| |
for details. |
| |
.Pp |
| |
The default is not to |
| |
.Xr chroot 2 . |
| .It Cm Ciphers |
.It Cm Ciphers |
| Specifies the ciphers allowed for protocol version 2. |
Specifies the ciphers allowed for protocol version 2. |
| Multiple ciphers must be comma-separated. |
Multiple ciphers must be comma-separated. |
|
|
| Configures an external subsystem (e.g. file transfer daemon). |
Configures an external subsystem (e.g. file transfer daemon). |
| Arguments should be a subsystem name and a command (with optional arguments) |
Arguments should be a subsystem name and a command (with optional arguments) |
| to execute upon subsystem request. |
to execute upon subsystem request. |
| |
.Pp |
| The command |
The command |
| .Xr sftp-server 8 |
.Xr sftp-server 8 |
| implements the |
implements the |
| .Dq sftp |
.Dq sftp |
| file transfer subsystem. |
file transfer subsystem. |
| |
.Pp |
| |
Alternately the name |
| |
.Dq internal-sftp |
| |
implements an in-process |
| |
.Dq sftp |
| |
server. |
| |
This may simplify configurations using |
| |
.Cm ChrootDirectory |
| |
to force a different filesystem root on clients. |
| |
.Pp |
| By default no subsystems are defined. |
By default no subsystems are defined. |
| Note that this option applies to protocol version 2 only. |
Note that this option applies to protocol version 2 only. |
| .It Cm SyslogFacility |
.It Cm SyslogFacility |
![[BACK]](/icons/back.gif){kind=icon}
Return to sshd_config.5 CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / src / usr.bin / ssh