| sshd.8 (42f71286cde4107ce6327244cc3c6442c5dc66a6) | sshd.8 (fe5fd0173b1983e53ba8dbafb3229b37444e7986) |
|---|---|
| 1.\" -*- nroff -*- 2.\" 3.\" sshd.8.in 4.\" 5.\" Author: Tatu Ylonen <ylo@cs.hut.fi> 6.\" 7.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 8.\" All rights reserved 9.\" 10.\" Created: Sat Apr 22 21:55:14 1995 ylo 11.\" | 1.\" -*- nroff -*- 2.\" 3.\" sshd.8.in 4.\" 5.\" Author: Tatu Ylonen <ylo@cs.hut.fi> 6.\" 7.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 8.\" All rights reserved 9.\" 10.\" Created: Sat Apr 22 21:55:14 1995 ylo 11.\" |
| 12.\" $Id: sshd.8,v 1.33 2000/02/21 14:19:09 deraadt Exp $ | 12.\" $Id: sshd.8,v 1.34 2000/02/24 18:22:16 markus Exp $ |
| 13.\" $FreeBSD$ 14.\" 15.Dd September 25, 1999 16.Dt SSHD 8 17.Os 18.Sh NAME 19.Nm sshd 20.Nd secure shell daemon --- 258 unchanged lines hidden (view full) --- 279the user name. 280.It Cm HostKey 281Specifies the file containing the private host key (default 282.Pa /etc/ssh_host_key ) . 283Note that 284.Nm 285does not start if this file is group/world-accessible. 286.It Cm IgnoreRhosts | 13.\" $FreeBSD$ 14.\" 15.Dd September 25, 1999 16.Dt SSHD 8 17.Os 18.Sh NAME 19.Nm sshd 20.Nd secure shell daemon --- 258 unchanged lines hidden (view full) --- 279the user name. 280.It Cm HostKey 281Specifies the file containing the private host key (default 282.Pa /etc/ssh_host_key ) . 283Note that 284.Nm 285does not start if this file is group/world-accessible. 286.It Cm IgnoreRhosts |
| 287Specifies that rhosts and shosts files will not be used in 288authentication. | 287Specifies that 288.Pa .rhosts 289and 290.Pa .shosts 291files will not be used in authentication. |
| 289.Pa /etc/hosts.equiv 290and 291.Pa /etc/shosts.equiv 292are still used. The default is | 292.Pa /etc/hosts.equiv 293and 294.Pa /etc/shosts.equiv 295are still used. The default is |
| 293.Dq no . | 296.Dq yes . |
| 294.It Cm IgnoreUserKnownHosts 295Specifies whether 296.Nm 297should ignore the user's 298.Pa $HOME/.ssh/known_hosts 299during 300.Cm RhostsRSAAuthentication . 301The default is --- 71 unchanged lines hidden (view full) --- 373.It Cm PasswordAuthentication 374Specifies whether password authentication is allowed. 375The default is 376.Dq yes . 377.It Cm PermitEmptyPasswords 378When password authentication is allowed, it specifies whether the 379server allows login to accounts with empty password strings. The default 380is | 297.It Cm IgnoreUserKnownHosts 298Specifies whether 299.Nm 300should ignore the user's 301.Pa $HOME/.ssh/known_hosts 302during 303.Cm RhostsRSAAuthentication . 304The default is --- 71 unchanged lines hidden (view full) --- 376.It Cm PasswordAuthentication 377Specifies whether password authentication is allowed. 378The default is 379.Dq yes . 380.It Cm PermitEmptyPasswords 381When password authentication is allowed, it specifies whether the 382server allows login to accounts with empty password strings. The default 383is |
| 381.Dq yes . | 384.Dq no . |
| 382.It Cm PermitRootLogin 383Specifies whether the root can log in using 384.Xr ssh 1 . 385The argument must be 386.Dq yes , 387.Dq without-password 388or 389.Dq no . --- 34 unchanged lines hidden (view full) --- 424should be used 425instead, because it performs RSA-based host authentication in addition 426to normal rhosts or /etc/hosts.equiv authentication. 427The default is 428.Dq no . 429.It Cm RhostsRSAAuthentication 430Specifies whether rhosts or /etc/hosts.equiv authentication together 431with successful RSA host authentication is allowed. The default is | 385.It Cm PermitRootLogin 386Specifies whether the root can log in using 387.Xr ssh 1 . 388The argument must be 389.Dq yes , 390.Dq without-password 391or 392.Dq no . --- 34 unchanged lines hidden (view full) --- 427should be used 428instead, because it performs RSA-based host authentication in addition 429to normal rhosts or /etc/hosts.equiv authentication. 430The default is 431.Dq no . 432.It Cm RhostsRSAAuthentication 433Specifies whether rhosts or /etc/hosts.equiv authentication together 434with successful RSA host authentication is allowed. The default is |
| 432.Dq yes . | 435.Dq no . |
| 433.It Cm RSAAuthentication 434Specifies whether pure RSA authentication is allowed. The default is 435.Dq yes . 436.It Cm ServerKeyBits 437Defines the number of bits in the server key. The minimum value is 438512, and the default is 768. 439.It Cm SkeyAuthentication 440Specifies whether --- 22 unchanged lines hidden (view full) --- 463is used. The default is 464.Dq no . 465.It Cm X11DisplayOffset 466Specifies the first display number available for 467.Nm sshd Ns 's 468X11 forwarding. This prevents 469.Nm 470from interfering with real X11 servers. | 436.It Cm RSAAuthentication 437Specifies whether pure RSA authentication is allowed. The default is 438.Dq yes . 439.It Cm ServerKeyBits 440Defines the number of bits in the server key. The minimum value is 441512, and the default is 768. 442.It Cm SkeyAuthentication 443Specifies whether --- 22 unchanged lines hidden (view full) --- 466is used. The default is 467.Dq no . 468.It Cm X11DisplayOffset 469Specifies the first display number available for 470.Nm sshd Ns 's 471X11 forwarding. This prevents 472.Nm 473from interfering with real X11 servers. |
| 474The default is 10. |
|
| 471.It Cm X11Forwarding 472Specifies whether X11 forwarding is permitted. The default is 473.Dq yes . 474Note that disabling X11 forwarding does not improve security in any 475way, as users can always install their own forwarders. 476.El 477.Sh LOGIN PROCESS 478When a user successfully logs in, --- 350 unchanged lines hidden --- | 475.It Cm X11Forwarding 476Specifies whether X11 forwarding is permitted. The default is 477.Dq yes . 478Note that disabling X11 forwarding does not improve security in any 479way, as users can always install their own forwarders. 480.El 481.Sh LOGIN PROCESS 482When a user successfully logs in, --- 350 unchanged lines hidden --- |