RepoMirrors
/
openssh
mirror of git://anongit.mindrot.org/openssh.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

upstream commit 

sort; from matthew martin

Upstream-ID: 73cec7f7ecc82d37a4adffad7745e4684de67ce7
This commit is contained in:
jmc@openbsd.org 2016-09-07 18:39:24 +00:00 committed by Darren Tucker
parent 06ce56b05d
commit f219fc8f03
1 changed files with 28 additions and 28 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

56
sshd_config.5
View File

@ -33,8 +33,8 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\" .\"
.\" $OpenBSD: sshd_config.5,v 1.230 2016/08/19 03:18:07 djm Exp $ .\" $OpenBSD: sshd_config.5,v 1.231 2016/09/07 18:39:24 jmc Exp $
.Dd $Mdocdate: August 19 2016 $ .Dd $Mdocdate: September 7 2016 $
.Dt SSHD_CONFIG 5 .Dt SSHD_CONFIG 5
.Os .Os
.Sh NAME .Sh NAME
@ -123,26 +123,6 @@ and finally
See PATTERNS in See PATTERNS in
.Xr ssh_config 5 .Xr ssh_config 5
for more information on patterns. for more information on patterns.
.It Cm AllowTcpForwarding
Specifies whether TCP forwarding is permitted.
The available options are
.Dq yes
or
.Dq all
to allow TCP forwarding,
.Dq no
to prevent all TCP forwarding,
.Dq local
to allow local (from the perspective of
.Xr ssh 1 )
forwarding only or
.Dq remote
to allow remote forwarding only.
The default is
.Dq yes .
Note that disabling TCP forwarding does not improve security unless
users are also denied shell access, as they can always install their
own forwarders.
.It Cm AllowStreamLocalForwarding .It Cm AllowStreamLocalForwarding
Specifies whether StreamLocal (Unix-domain socket) forwarding is permitted. Specifies whether StreamLocal (Unix-domain socket) forwarding is permitted.
The available options are The available options are
@ -163,6 +143,26 @@ The default is
Note that disabling StreamLocal forwarding does not improve security unless Note that disabling StreamLocal forwarding does not improve security unless
users are also denied shell access, as they can always install their users are also denied shell access, as they can always install their
own forwarders. own forwarders.
.It Cm AllowTcpForwarding
Specifies whether TCP forwarding is permitted.
The available options are
.Dq yes
or
.Dq all
to allow TCP forwarding,
.Dq no
to prevent all TCP forwarding,
.Dq local
to allow local (from the perspective of
.Xr ssh 1 )
forwarding only or
.Dq remote
to allow remote forwarding only.
The default is
.Dq yes .
Note that disabling TCP forwarding does not improve security unless
users are also denied shell access, as they can always install their
own forwarders.
.It Cm AllowUsers .It Cm AllowUsers
This keyword can be followed by a list of user name patterns, separated This keyword can be followed by a list of user name patterns, separated
by spaces. by spaces.
@ -1223,6 +1223,12 @@ All other authentication methods are disabled for root.
If this option is set to If this option is set to
.Dq no , .Dq no ,
root is not allowed to log in. root is not allowed to log in.
.It Cm PermitTTY
Specifies whether
.Xr pty 4
allocation is permitted.
The default is
.Dq yes .
.It Cm PermitTunnel .It Cm PermitTunnel
Specifies whether Specifies whether
.Xr tun 4 .Xr tun 4
@ -1246,12 +1252,6 @@ The default is
Independent of this setting, the permissions of the selected Independent of this setting, the permissions of the selected
.Xr tun 4 .Xr tun 4
device must allow access to the user. device must allow access to the user.
.It Cm PermitTTY
Specifies whether
.Xr pty 4
allocation is permitted.
The default is
.Dq yes .
.It Cm PermitUserEnvironment .It Cm PermitUserEnvironment
Specifies whether Specifies whether
.Pa ~/.ssh/environment .Pa ~/.ssh/environment