=================================================================== RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/ssh/sshd_config.5,v retrieving revision 1.40 retrieving revision 1.40.2.2 diff -u -r1.40 -r1.40.2.2 --- src/usr.bin/ssh/sshd_config.5 2005/03/18 17:05:00 1.40 +++ src/usr.bin/ssh/sshd_config.5 2006/02/03 02:53:46 1.40.2.2 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd_config.5,v 1.40 2005/03/18 17:05:00 jmc Exp $ +.\" $OpenBSD: sshd_config.5,v 1.40.2.2 2006/02/03 02:53:46 brad Exp $ .Dd September 25, 1999 .Dt SSHD_CONFIG 5 .Os @@ -168,26 +168,20 @@ .Dq aes128-ctr , .Dq aes192-ctr , .Dq aes256-ctr , +.Dq arcfour128 , +.Dq arcfour256 , .Dq arcfour , .Dq blowfish-cbc , and .Dq cast128-cbc . The default is .Bd -literal - ``aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour, - aes192-cbc,aes256-cbc,aes128-ctr,aes192-ctr,aes256-ctr'' + ``aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128, + arcfour256,arcfour,aes192-cbc,aes256-cbc,aes128-ctr, + aes192-ctr,aes256-ctr'' .Ed -.It Cm ClientAliveInterval -Sets a timeout interval in seconds after which if no data has been received -from the client, -.Nm sshd -will send a message through the encrypted -channel to request a response from the client. -The default -is 0, indicating that these messages will not be sent to the client. -This option applies to protocol version 2 only. .It Cm ClientAliveCountMax -Sets the number of client alive messages (see above) which may be +Sets the number of client alive messages (see below) which may be sent without .Nm sshd receiving any messages back from the client. @@ -209,18 +203,29 @@ The default value is 3. If .Cm ClientAliveInterval -(above) is set to 15, and +(see below) is set to 15, and .Cm ClientAliveCountMax is left at the default, unresponsive ssh clients will be disconnected after approximately 45 seconds. +.It Cm ClientAliveInterval +Sets a timeout interval in seconds after which if no data has been received +from the client, +.Nm sshd +will send a message through the encrypted +channel to request a response from the client. +The default +is 0, indicating that these messages will not be sent to the client. +This option applies to protocol version 2 only. .It Cm Compression -Specifies whether compression is allowed. +Specifies whether compression is allowed, or delayed until +the user has authenticated successfully. The argument must be -.Dq yes +.Dq yes , +.Dq delayed , or .Dq no . The default is -.Dq yes . +.Dq delayed . .It Cm DenyGroups This keyword can be followed by a list of group name patterns, separated by spaces. @@ -327,7 +332,7 @@ Specifies whether .Nm sshd should ignore the user's -.Pa $HOME/.ssh/known_hosts +.Pa ~/.ssh/known_hosts during .Cm RhostsRSAAuthentication or @@ -343,7 +348,7 @@ Default is .Dq no . .It Cm KerberosGetAFSToken -If AFS is active and the user has a Kerberos 5 TGT, attempt to aquire +If AFS is active and the user has a Kerberos 5 TGT, attempt to acquire an AFS token before accessing the user's home directory. Default is .Dq no . @@ -497,6 +502,18 @@ If this option is set to .Dq no root is not allowed to log in. +.It Cm PermitTunnel +Specifies whether +.Xr tun 4 +device forwarding is allowed. +The argument must be +.Dq yes , +.Dq point-to-point , +.Dq ethernet +or +.Dq no . +The default is +.Dq no . .It Cm PermitUserEnvironment Specifies whether .Pa ~/.ssh/environment