[BACK]Return to sshd.8 CVS log [TXT][DIR] Up to [cvs.NetBSD.org] / src / crypto / external / bsd / openssh / dist

Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.

Diff for /src/crypto/external/bsd/openssh/dist/sshd.8 between version 1.11 and 1.11.4.1

version 1.11, 2013/11/08 19:18:25 version 1.11.4.1, 2015/04/30 06:07:31
Line 35 
Line 35 
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF  .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.  .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"  .\"
 .\" $OpenBSD: sshd.8,v 1.270 2013/06/27 14:05:37 jmc Exp $  .\" $OpenBSD: sshd.8,v 1.278 2014/11/15 14:41:03 bentley Exp $
 .Dd June 27 2013  .Dd November 15 2014
 .Dt SSHD 8  .Dt SSHD 8
 .Os  .Os
 .Sh NAME  .Sh NAME
Line 62 
Line 62 
 .Nm  .Nm
 (OpenSSH Daemon) is the daemon program for  (OpenSSH Daemon) is the daemon program for
 .Xr ssh 1 .  .Xr ssh 1 .
 Together these programs replace  Together these programs replace rlogin and rsh,
 .Xr rlogin 1  
 and  
 .Xr rsh 1 ,  
 and provide secure encrypted communications between two untrusted hosts  and provide secure encrypted communications between two untrusted hosts
 over an insecure network.  over an insecure network.
 .Pp  .Pp
Line 177  The default is
Line 174  The default is
 .Pa /etc/ssh/ssh_host_key  .Pa /etc/ssh/ssh_host_key
 for protocol version 1, and  for protocol version 1, and
 .Pa /etc/ssh/ssh_host_dsa_key ,  .Pa /etc/ssh/ssh_host_dsa_key ,
 .Pa /etc/ssh/ssh_host_ecdsa_key  .Pa /etc/ssh/ssh_host_ecdsa_key .
   .Pa /etc/ssh/ssh_host_ed25519_key
 and  and
 .Pa /etc/ssh/ssh_host_rsa_key  .Pa /etc/ssh/ssh_host_rsa_key
 for protocol version 2.  for protocol version 2.
Line 282  though this can be changed via the
Line 280  though this can be changed via the
 .Cm Protocol  .Cm Protocol
 option in  option in
 .Xr sshd_config 5 .  .Xr sshd_config 5 .
 Protocol 2 supports DSA, ECDSA and RSA keys;  Protocol 2 supports DSA, ECDSA, Ed25519 and RSA keys;
 protocol 1 only supports RSA keys.  protocol 1 only supports RSA keys.
 For both protocols,  For both protocols,
 each host has a host-specific key,  each host has a host-specific key,
Line 385  Changes to user's home directory.
Line 383  Changes to user's home directory.
 .It  .It
 If  If
 .Pa ~/.ssh/rc  .Pa ~/.ssh/rc
 exists, runs it; else if  exists and the
   .Xr sshd_config 5
   .Cm PermitUserRC
   option is set, runs it; else if
 .Pa /etc/ssh/sshrc  .Pa /etc/ssh/sshrc
 exists, runs  exists, runs
 it; otherwise runs xauth.  it; otherwise runs xauth.
Line 469  For protocol version 2 the keytype is
Line 470  For protocol version 2 the keytype is
 .Dq ecdsa-sha2-nistp256 ,  .Dq ecdsa-sha2-nistp256 ,
 .Dq ecdsa-sha2-nistp384 ,  .Dq ecdsa-sha2-nistp384 ,
 .Dq ecdsa-sha2-nistp521 ,  .Dq ecdsa-sha2-nistp521 ,
   .Dq ssh-ed25519 ,
 .Dq ssh-dss  .Dq ssh-dss
 or  or
 .Dq ssh-rsa .  .Dq ssh-rsa .
Line 481  You don't want to type them in; instead,
Line 483  You don't want to type them in; instead,
 .Pa identity.pub ,  .Pa identity.pub ,
 .Pa id_dsa.pub ,  .Pa id_dsa.pub ,
 .Pa id_ecdsa.pub ,  .Pa id_ecdsa.pub ,
   .Pa id_ed25519.pub ,
 or the  or the
 .Pa id_rsa.pub  .Pa id_rsa.pub
 file and edit it.  file and edit it.
Line 576  Disables execution of
Line 579  Disables execution of
 Forbids X11 forwarding when this key is used for authentication.  Forbids X11 forwarding when this key is used for authentication.
 Any X11 forward requests by the client will return an error.  Any X11 forward requests by the client will return an error.
 .It Cm permitopen="host:port"  .It Cm permitopen="host:port"
 Limit local  Limit local port forwarding with
 .Li ``ssh -L''  .Xr ssh 1
 port forwarding such that it may only connect to the specified host and  .Fl L
 port.  such that it may only connect to the specified host and port.
 IPv6 addresses can be specified by enclosing the address in square brackets.  IPv6 addresses can be specified by enclosing the address in square brackets.
 Multiple  Multiple
 .Cm permitopen  .Cm permitopen
Line 780  secret, but the recommended permissions 
Line 783  secret, but the recommended permissions 
 and not accessible by others.  and not accessible by others.
 .Pp  .Pp
 .It Pa ~/.ssh/authorized_keys  .It Pa ~/.ssh/authorized_keys
 Lists the public keys (DSA/ECDSA/RSA) that can be used for logging in  Lists the public keys (DSA, ECDSA, Ed25519, RSA)
 as this user.  that can be used for logging in as this user.
 The format of this file is described above.  The format of this file is described above.
 The content of the file is not highly sensitive, but the recommended  The content of the file is not highly sensitive, but the recommended
 permissions are read/write for the user, and not accessible by others.  permissions are read/write for the user, and not accessible by others.
Line 823  the user's home directory becomes access
Line 826  the user's home directory becomes access
 This file should be writable only by the user, and need not be  This file should be writable only by the user, and need not be
 readable by anyone else.  readable by anyone else.
 .Pp  .Pp
 .It Pa /etc/hosts.allow  
 .It Pa /etc/hosts.deny  
 Access controls that should be enforced by tcp-wrappers are defined here.  
 Further details are described in  
 .Xr hosts_access 5 .  
 .Pp  
 .It Pa /etc/hosts.equiv  .It Pa /etc/hosts.equiv
 This file is for host-based authentication (see  This file is for host-based authentication (see
 .Xr ssh 1 ) .  .Xr ssh 1 ) .
Line 861  rlogin/rsh.
Line 858  rlogin/rsh.
 .It Pa /etc/ssh/ssh_host_key  .It Pa /etc/ssh/ssh_host_key
 .It Pa /etc/ssh/ssh_host_dsa_key  .It Pa /etc/ssh/ssh_host_dsa_key
 .It Pa /etc/ssh/ssh_host_ecdsa_key  .It Pa /etc/ssh/ssh_host_ecdsa_key
   .It Pa /etc/ssh/ssh_host_ed25519_key
 .It Pa /etc/ssh/ssh_host_rsa_key  .It Pa /etc/ssh/ssh_host_rsa_key
 These files contain the private parts of the host keys.  These files contain the private parts of the host keys.
 These files should only be owned by root, readable only by root, and not  These files should only be owned by root, readable only by root, and not
Line 872  does not start if these files are group/
Line 870  does not start if these files are group/
 .It Pa /etc/ssh/ssh_host_key.pub  .It Pa /etc/ssh/ssh_host_key.pub
 .It Pa /etc/ssh/ssh_host_dsa_key.pub  .It Pa /etc/ssh/ssh_host_dsa_key.pub
 .It Pa /etc/ssh/ssh_host_ecdsa_key.pub  .It Pa /etc/ssh/ssh_host_ecdsa_key.pub
   .It Pa /etc/ssh/ssh_host_ed25519_key.pub
 .It Pa /etc/ssh/ssh_host_rsa_key.pub  .It Pa /etc/ssh/ssh_host_rsa_key.pub
 These files contain the public parts of the host keys.  These files contain the public parts of the host keys.
 These files should be world-readable but writable only by  These files should be world-readable but writable only by
Line 930  The content of this file is not sensitiv
Line 929  The content of this file is not sensitiv
 .Xr ssh-keygen 1 ,  .Xr ssh-keygen 1 ,
 .Xr ssh-keyscan 1 ,  .Xr ssh-keyscan 1 ,
 .Xr chroot 2 ,  .Xr chroot 2 ,
 .Xr hosts_access 5 ,  
 .Xr login.conf 5 ,  .Xr login.conf 5 ,
 .Xr moduli 5 ,  .Xr moduli 5 ,
 .Xr sshd_config 5 ,  .Xr sshd_config 5 ,
Line 947  Markus Friedl contributed the support fo
Line 945  Markus Friedl contributed the support fo
 protocol versions 1.5 and 2.0.  protocol versions 1.5 and 2.0.
 Niels Provos and Markus Friedl contributed support  Niels Provos and Markus Friedl contributed support
 for privilege separation.  for privilege separation.
 .Sh CAVEATS  
 System security is not improved unless  
 .Nm rshd ,  
 .Nm rlogind ,  
 and  
 .Nm rexecd  
 are disabled (thus completely disabling  
 .Xr rlogin  
 and  
 .Xr rsh  
 into the machine).  

Legend:
Removed from v.1.11  
changed lines
  Added in v.1.11.4.1

CVSweb <webmaster@jp.NetBSD.org>