version 1.1.1.28, 2021/04/19 14:38:30 |
version 1.1.1.29, 2021/09/02 11:22:30 |
|
|
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
.\" |
.\" |
.\" $OpenBSD: sshd_config.5,v 1.331 2021/04/04 11:36:56 jmc Exp $ |
.\" $OpenBSD: sshd_config.5,v 1.334 2021/08/12 23:59:25 djm Exp $ |
.Dd $Mdocdate: April 4 2021 $ |
.Dd $Mdocdate: August 12 2021 $ |
.Dt SSHD_CONFIG 5 |
.Dt SSHD_CONFIG 5 |
.Os |
.Os |
.Sh NAME |
.Sh NAME |
Line 378 Specifies which algorithms are allowed f |
|
Line 378 Specifies which algorithms are allowed f |
|
by certificate authorities (CAs). |
by certificate authorities (CAs). |
The default is: |
The default is: |
.Bd -literal -offset indent |
.Bd -literal -offset indent |
ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, |
ssh-ed25519,ecdsa-sha2-nistp256, |
sk-ssh-ed25519@openssh.com,sk-ecdsa-sha2-nistp256@openssh.com, |
ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, |
|
sk-ssh-ed25519@openssh.com, |
|
sk-ecdsa-sha2-nistp256@openssh.com, |
rsa-sha2-512,rsa-sha2-256 |
rsa-sha2-512,rsa-sha2-256 |
.Ed |
.Ed |
.Pp |
.Pp |
|
If the specified list begins with a |
|
.Sq + |
|
character, then the specified algorithms will be appended to the default set |
|
instead of replacing them. |
|
If the specified list begins with a |
|
.Sq - |
|
character, then the specified algorithms (including wildcards) will be removed |
|
from the default set instead of replacing them. |
|
.Pp |
Certificates signed using other algorithms will not be accepted for |
Certificates signed using other algorithms will not be accepted for |
public key or host-based authentication. |
public key or host-based authentication. |
.It Cm ChallengeResponseAuthentication |
|
Specifies whether challenge-response authentication is allowed. |
|
All authentication styles from |
|
.Xr login.conf 5 |
|
are supported. |
|
The default is |
|
.Cm yes . |
|
.It Cm ChrootDirectory |
.It Cm ChrootDirectory |
Specifies the pathname of a directory to |
Specifies the pathname of a directory to |
.Xr chroot 2 |
.Xr chroot 2 |
Line 876 for interactive sessions and |
|
Line 880 for interactive sessions and |
|
for non-interactive sessions. |
for non-interactive sessions. |
.It Cm KbdInteractiveAuthentication |
.It Cm KbdInteractiveAuthentication |
Specifies whether to allow keyboard-interactive authentication. |
Specifies whether to allow keyboard-interactive authentication. |
|
All authentication styles from |
|
.Xr login.conf 5 |
|
are supported. |
|
The default is |
|
.Cm yes . |
The argument to this keyword must be |
The argument to this keyword must be |
.Cm yes |
.Cm yes |
or |
or |
.Cm no . |
.Cm no . |
The default is to use whatever value |
|
.Cm ChallengeResponseAuthentication |
.Cm ChallengeResponseAuthentication |
is set to |
is a deprecated alias for this. |
(by default |
|
.Cm yes ) . |
|
.It Cm KerberosAuthentication |
.It Cm KerberosAuthentication |
Specifies whether the password provided by the user for |
Specifies whether the password provided by the user for |
.Cm PasswordAuthentication |
.Cm PasswordAuthentication |
Line 1605 For more information on KRLs, see the KE |
|
Line 1611 For more information on KRLs, see the KE |
|
.It Cm RDomain |
.It Cm RDomain |
Specifies an explicit routing domain that is applied after authentication |
Specifies an explicit routing domain that is applied after authentication |
has completed. |
has completed. |
The user session, as well and any forwarded or listening IP sockets, |
The user session, as well as any forwarded or listening IP sockets, |
will be bound to this |
will be bound to this |
.Xr rdomain 4 . |
.Xr rdomain 4 . |
If the routing domain is set to |
If the routing domain is set to |