mirror of git://anongit.mindrot.org/openssh.git
upstream commit
sort; from matthew martin Upstream-ID: 73cec7f7ecc82d37a4adffad7745e4684de67ce7
This commit is contained in:
parent
06ce56b05d
commit
f219fc8f03
|
@ -33,8 +33,8 @@
|
|||
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
|
||||
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
.\"
|
||||
.\" $OpenBSD: sshd_config.5,v 1.230 2016/08/19 03:18:07 djm Exp $
|
||||
.Dd $Mdocdate: August 19 2016 $
|
||||
.\" $OpenBSD: sshd_config.5,v 1.231 2016/09/07 18:39:24 jmc Exp $
|
||||
.Dd $Mdocdate: September 7 2016 $
|
||||
.Dt SSHD_CONFIG 5
|
||||
.Os
|
||||
.Sh NAME
|
||||
|
@ -123,26 +123,6 @@ and finally
|
|||
See PATTERNS in
|
||||
.Xr ssh_config 5
|
||||
for more information on patterns.
|
||||
.It Cm AllowTcpForwarding
|
||||
Specifies whether TCP forwarding is permitted.
|
||||
The available options are
|
||||
.Dq yes
|
||||
or
|
||||
.Dq all
|
||||
to allow TCP forwarding,
|
||||
.Dq no
|
||||
to prevent all TCP forwarding,
|
||||
.Dq local
|
||||
to allow local (from the perspective of
|
||||
.Xr ssh 1 )
|
||||
forwarding only or
|
||||
.Dq remote
|
||||
to allow remote forwarding only.
|
||||
The default is
|
||||
.Dq yes .
|
||||
Note that disabling TCP forwarding does not improve security unless
|
||||
users are also denied shell access, as they can always install their
|
||||
own forwarders.
|
||||
.It Cm AllowStreamLocalForwarding
|
||||
Specifies whether StreamLocal (Unix-domain socket) forwarding is permitted.
|
||||
The available options are
|
||||
|
@ -163,6 +143,26 @@ The default is
|
|||
Note that disabling StreamLocal forwarding does not improve security unless
|
||||
users are also denied shell access, as they can always install their
|
||||
own forwarders.
|
||||
.It Cm AllowTcpForwarding
|
||||
Specifies whether TCP forwarding is permitted.
|
||||
The available options are
|
||||
.Dq yes
|
||||
or
|
||||
.Dq all
|
||||
to allow TCP forwarding,
|
||||
.Dq no
|
||||
to prevent all TCP forwarding,
|
||||
.Dq local
|
||||
to allow local (from the perspective of
|
||||
.Xr ssh 1 )
|
||||
forwarding only or
|
||||
.Dq remote
|
||||
to allow remote forwarding only.
|
||||
The default is
|
||||
.Dq yes .
|
||||
Note that disabling TCP forwarding does not improve security unless
|
||||
users are also denied shell access, as they can always install their
|
||||
own forwarders.
|
||||
.It Cm AllowUsers
|
||||
This keyword can be followed by a list of user name patterns, separated
|
||||
by spaces.
|
||||
|
@ -1223,6 +1223,12 @@ All other authentication methods are disabled for root.
|
|||
If this option is set to
|
||||
.Dq no ,
|
||||
root is not allowed to log in.
|
||||
.It Cm PermitTTY
|
||||
Specifies whether
|
||||
.Xr pty 4
|
||||
allocation is permitted.
|
||||
The default is
|
||||
.Dq yes .
|
||||
.It Cm PermitTunnel
|
||||
Specifies whether
|
||||
.Xr tun 4
|
||||
|
@ -1246,12 +1252,6 @@ The default is
|
|||
Independent of this setting, the permissions of the selected
|
||||
.Xr tun 4
|
||||
device must allow access to the user.
|
||||
.It Cm PermitTTY
|
||||
Specifies whether
|
||||
.Xr pty 4
|
||||
allocation is permitted.
|
||||
The default is
|
||||
.Dq yes .
|
||||
.It Cm PermitUserEnvironment
|
||||
Specifies whether
|
||||
.Pa ~/.ssh/environment
|
||||
|
|
Loading…
Reference in New Issue