=================================================================== RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/ssh/sshd_config.5,v retrieving revision 1.35.2.2 retrieving revision 1.36 diff -u -r1.35.2.2 -r1.36 --- src/usr.bin/ssh/sshd_config.5 2005/09/02 03:45:01 1.35.2.2 +++ src/usr.bin/ssh/sshd_config.5 2004/09/15 03:25:41 1.36 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd_config.5,v 1.35.2.2 2005/09/02 03:45:01 brad Exp $ +.\" $OpenBSD: sshd_config.5,v 1.36 2004/09/15 03:25:41 jaredy Exp $ .Dd September 25, 1999 .Dt SSHD_CONFIG 5 .Os @@ -83,17 +83,6 @@ user environments. For this reason, care should be taken in the use of this directive. The default is not to accept any environment variables. -.It Cm AddressFamily -Specifies which address family should be used by -.Nm sshd . -Valid arguments are -.Dq any , -.Dq inet -(use IPv4 only) or -.Dq inet6 -(use IPv6 only). -The default is -.Dq any . .It Cm AllowGroups This keyword can be followed by a list of group name patterns, separated by spaces. @@ -168,18 +157,24 @@ .Dq aes128-ctr , .Dq aes192-ctr , .Dq aes256-ctr , -.Dq arcfour128 , -.Dq arcfour256 , .Dq arcfour , .Dq blowfish-cbc , and .Dq cast128-cbc . The default is .Bd -literal - ``aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128, - arcfour256,arcfour,aes192-cbc,aes256-cbc,aes128-ctr, - aes192-ctr,aes256-ctr'' + ``aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour, + aes192-cbc,aes256-cbc,aes128-ctr,aes192-ctr,aes256-ctr'' .Ed +.It Cm ClientAliveInterval +Sets a timeout interval in seconds after which if no data has been received +from the client, +.Nm sshd +will send a message through the encrypted +channel to request a response from the client. +The default +is 0, indicating that these messages will not be sent to the client. +This option applies to protocol version 2 only. .It Cm ClientAliveCountMax Sets the number of client alive messages (see above) which may be sent without @@ -207,25 +202,14 @@ .Cm ClientAliveCountMax is left at the default, unresponsive ssh clients will be disconnected after approximately 45 seconds. -.It Cm ClientAliveInterval -Sets a timeout interval in seconds after which if no data has been received -from the client, -.Nm sshd -will send a message through the encrypted -channel to request a response from the client. -The default -is 0, indicating that these messages will not be sent to the client. -This option applies to protocol version 2 only. .It Cm Compression -Specifies whether compression is allowed, or delayed until -the user has authenticated successfully. +Specifies whether compression is allowed. The argument must be -.Dq yes , -.Dq delayed , +.Dq yes or .Dq no . The default is -.Dq delayed . +.Dq yes . .It Cm DenyGroups This keyword can be followed by a list of group name patterns, separated by spaces. @@ -261,15 +245,12 @@ .Cm GatewayPorts can be used to specify that .Nm sshd -should allow remote port forwardings to bind to non-loopback addresses, thus -allowing other hosts to connect. -The argument may be -.Dq no -to force remote port forwardings to be available to the local host only, +should bind remote port forwardings to the wildcard address, +thus allowing remote hosts to connect to forwarded ports. +The argument must be .Dq yes -to force remote port forwardings to bind to the wildcard address, or -.Dq clientspecified -to allow the client to select the address to which the forwarding is bound. +or +.Dq no . The default is .Dq no . .It Cm GSSAPIAuthentication @@ -332,7 +313,7 @@ Specifies whether .Nm sshd should ignore the user's -.Pa ~/.ssh/known_hosts +.Pa $HOME/.ssh/known_hosts during .Cm RhostsRSAAuthentication or @@ -474,7 +455,7 @@ The default is .Dq no . .It Cm PermitRootLogin -Specifies whether root can log in using +Specifies whether root can login using .Xr ssh 1 . The argument must be .Dq yes , @@ -501,7 +482,7 @@ .Pp If this option is set to .Dq no -root is not allowed to log in. +root is not allowed to login. .It Cm PermitUserEnvironment Specifies whether .Pa ~/.ssh/environment @@ -635,7 +616,7 @@ .It Cm UseDNS Specifies whether .Nm sshd -should look up the remote host name and check that +should lookup the remote host name and check that the resolved host name for the remote IP address maps back to the very same IP address. The default is