diff options
Diffstat (limited to 'sshd_config.5')
| -rw-r--r-- | sshd_config.5 | 45 |
1 files changed, 26 insertions, 19 deletions
diff --git a/sshd_config.5 b/sshd_config.5 index ac6ccc793fbe..251b7467fd28 100644 --- a/sshd_config.5 +++ b/sshd_config.5 @@ -33,15 +33,13 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd_config.5,v 1.243 2017/03/14 07:19:07 djm Exp $ -.Dd $Mdocdate: March 14 2017 $ +.\" $OpenBSD: sshd_config.5,v 1.253 2017/09/27 06:45:53 jmc Exp $ +.Dd $Mdocdate: September 27 2017 $ .Dt SSHD_CONFIG 5 .Os .Sh NAME .Nm sshd_config .Nd OpenSSH SSH daemon configuration file -.Sh SYNOPSIS -.Nm /etc/ssh/sshd_config .Sh DESCRIPTION .Xr sshd 8 reads configuration data from @@ -225,6 +223,18 @@ requires successful authentication using two different public keys. .Pp Note that each authentication method listed should also be explicitly enabled in the configuration. +.Pp +The available authentication methods are: +.Qq gssapi-with-mic , +.Qq hostbased , +.Qq keyboard-interactive , +.Qq none +(used for access to password-less accounts when +.Cm PermitEmptyPassword +is enabled), +.Qq password +and +.Qq publickey . .It Cm AuthorizedKeysCommand Specifies a program to be used to look up the user's public keys. The program must be owned by root, not writable by group or others and @@ -464,16 +474,6 @@ aes128-gcm@openssh.com .It aes256-gcm@openssh.com .It -arcfour -.It -arcfour128 -.It -arcfour256 -.It -blowfish-cbc -.It -cast128-cbc -.It chacha20-poly1305@openssh.com .El .Pp @@ -574,6 +574,14 @@ Disables all forwarding features, including X11, TCP and StreamLocal. This option overrides all other forwarding-related options and may simplify restricted configurations. +.It Cm ExposeAuthInfo +Writes a temporary file containing a list of authentication methods and +public credentials (e.g. keys) used to authenticate the user. +The location of the file is exposed to the user session through the +.Ev SSH_USER_AUTH +environment variable. +The default is +.Cm no . .It Cm FingerprintHash Specifies the hash algorithm used when logging key fingerprints. Valid options are: @@ -798,7 +806,9 @@ Accepted values are .Cm lowdelay , .Cm throughput , .Cm reliability , -or a numeric value. +a numeric value, or +.Cm none +to use the operating system default. This option may take one or two arguments, separated by whitespace. If one argument is specified, it is used as the packet class unconditionally. If two values are specified, the first is automatically selected for @@ -962,8 +972,6 @@ hmac-md5 .It hmac-md5-96 .It -hmac-ripemd160 -.It hmac-sha1 .It hmac-sha1-96 @@ -980,8 +988,6 @@ hmac-md5-etm@openssh.com .It hmac-md5-96-etm@openssh.com .It -hmac-ripemd160-etm@openssh.com -.It hmac-sha1-etm@openssh.com .It hmac-sha1-96-etm@openssh.com @@ -1080,6 +1086,7 @@ Available keywords are .Cm IPQoS , .Cm KbdInteractiveAuthentication , .Cm KerberosAuthentication , +.Cm LogLevel , .Cm MaxAuthTries , .Cm MaxSessions , .Cm PasswordAuthentication , |