=================================================================== RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/ssh/sshd_config.5,v retrieving revision 1.4.2.3 retrieving revision 1.5 diff -u -r1.4.2.3 -r1.5 --- src/usr.bin/ssh/sshd_config.5 2003/04/03 22:35:18 1.4.2.3 +++ src/usr.bin/ssh/sshd_config.5 2002/07/09 17:46:25 1.5 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd_config.5,v 1.4.2.3 2003/04/03 22:35:18 miod Exp $ +.\" $OpenBSD: sshd_config.5,v 1.5 2002/07/09 17:46:25 stevesk Exp $ .Dd September 25, 1999 .Dt SSHD_CONFIG 5 .Os @@ -89,7 +89,7 @@ .It Cm AllowUsers This keyword can be followed by a list of user name patterns, separated by spaces. -If specified, login is allowed only for user names that +If specified, login is allowed only for users names that match one of the patterns. .Ql \&* and @@ -211,8 +211,8 @@ forwarded for the client. By default, .Nm sshd -binds remote port forwardings to the loopback address. -This prevents other remote hosts from connecting to forwarded ports. +binds remote port forwardings to the loopback address. This +prevents other remote hosts from connecting to forwarded ports. .Cm GatewayPorts can be used to specify that .Nm sshd @@ -370,8 +370,7 @@ will listen on the address and all prior .Cm Port options specified. The default is to listen on all local -addresses. -Multiple +addresses. Multiple .Cm ListenAddress options are permitted. Additionally, any .Cm Port @@ -380,16 +379,16 @@ The server disconnects after this time if the user has not successfully logged in. If the value is 0, there is no time limit. -The default is 120 seconds. +The default is 600 (seconds). .It Cm LogLevel Gives the verbosity level that is used when logging messages from .Nm sshd . The possible values are: QUIET, FATAL, ERROR, INFO, VERBOSE, DEBUG, DEBUG1, DEBUG2 and DEBUG3. -The default is INFO. -DEBUG and DEBUG1 are equivalent. -DEBUG2 and DEBUG3 each specify higher levels of debugging output. -Logging with a DEBUG level violates the privacy of users and is not recommended. +The default is INFO. DEBUG and DEBUG1 are equivalent. DEBUG2 +and DEBUG3 each specify higher levels of debugging output. +Logging with a DEBUG level violates the privacy of users +and is not recommended. .It Cm MACs Specifies the available MAC (message authentication code) algorithms. The MAC algorithm is used in protocol version 2 @@ -460,20 +459,6 @@ If this option is set to .Dq no root is not allowed to login. -.It Cm PermitUserEnvironment -Specifies whether -.Pa ~/.ssh/environment -and -.Cm environment= -options in -.Pa ~/.ssh/authorized_keys -are processed by -.Nm sshd . -The default is -.Dq no . -Enabling environment processing may enable users to bypass access -restrictions in some configurations using mechanisms such as -.Ev LD_PRELOAD . .It Cm PidFile Specifies the file that contains the process ID of the .Nm sshd @@ -594,18 +579,16 @@ .Xr login 1 does not know how to handle .Xr xauth 1 -cookies. -If +cookies. If .Cm UsePrivilegeSeparation is specified, it will be disabled after authentication. .It Cm UsePrivilegeSeparation Specifies whether .Nm sshd separates privileges by creating an unprivileged child process -to deal with incoming network traffic. -After successful authentication, another process will be created that has -the privilege of the authenticated user. -The goal of privilege separation is to prevent privilege +to deal with incoming network traffic. After successful authentication, +another process will be created that has the privilege of the authenticated +user. The goal of privilege separation is to prevent privilege escalation by containing any corruption within the unprivileged processes. The default is .Dq yes . @@ -627,35 +610,10 @@ The default is 10. .It Cm X11Forwarding Specifies whether X11 forwarding is permitted. -The argument must be -.Dq yes -or -.Dq no . The default is .Dq no . -.Pp -When X11 forwarding is enabled, there may be additional exposure to -the server and to client displays if the -.Nm sshd -proxy display is configured to listen on the wildcard address (see -.Cm X11UseLocalhost -below), however this is not the default. -Additionally, the authentication spoofing and authentication data -verification and substitution occur on the client side. -The security risk of using X11 forwarding is that the client's X11 -display server may be exposed to attack when the ssh client requests -forwarding (see the warnings for -.Cm ForwardX11 -in -.Xr ssh_config 5 ). -A system administrator may have a stance in which they want to -protect clients that may expose themselves to attack by unwittingly -requesting X11 forwarding, which can warrant a -.Dq no -setting. -.Pp -Note that disabling X11 forwarding does not prevent users from -forwarding X11 traffic, as users can always install their own forwarders. +Note that disabling X11 forwarding does not improve security in any +way, as users can always install their own forwarders. X11 forwarding is automatically disabled if .Cm UseLogin is enabled. @@ -663,15 +621,14 @@ Specifies whether .Nm sshd should bind the X11 forwarding server to the loopback address or to -the wildcard address. -By default, +the wildcard address. By default, .Nm sshd binds the forwarding server to the loopback address and sets the hostname part of the .Ev DISPLAY environment variable to .Dq localhost . -This prevents remote hosts from connecting to the proxy display. +This prevents remote hosts from connecting to the fake display. However, some older X11 clients may not function with this configuration. .Cm X11UseLocalhost @@ -686,7 +643,7 @@ The default is .Dq yes . .It Cm XAuthLocation -Specifies the full pathname of the +Specifies the location of the .Xr xauth 1 program. The default is @@ -698,7 +655,7 @@ command-line arguments and configuration file options that specify time may be expressed using a sequence of the form: .Sm off -.Ar time Op Ar qualifier , +.Ar time Oo Ar qualifier Oc , .Sm on where .Ar time