diff options
Diffstat (limited to 'crypto/openssh/sshd_config.5')
| -rw-r--r-- | crypto/openssh/sshd_config.5 | 40 |
1 files changed, 26 insertions, 14 deletions
diff --git a/crypto/openssh/sshd_config.5 b/crypto/openssh/sshd_config.5 index 790a6cb495be..ff1be7ba6ccf 100644 --- a/crypto/openssh/sshd_config.5 +++ b/crypto/openssh/sshd_config.5 @@ -33,8 +33,8 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd_config.5,v 1.374 2024/09/15 08:27:38 jmc Exp $ -.Dd $Mdocdate: September 15 2024 $ +.\" $OpenBSD: sshd_config.5,v 1.381 2025/02/15 01:52:07 djm Exp $ +.Dd $Mdocdate: February 15 2025 $ .Dt SSHD_CONFIG 5 .Os .Sh NAME @@ -250,7 +250,7 @@ If no arguments are specified then the username of the target user is used. .Pp The program should produce on standard output zero or more lines of authorized_keys output (see -.Sx AUTHORIZED_KEYS +.Cm AUTHORIZED_KEYS in .Xr sshd 8 ) . .Cm AuthorizedKeysCommand @@ -279,7 +279,7 @@ The format is described in the AUTHORIZED_KEYS FILE FORMAT section of .Xr sshd 8 . Arguments to .Cm AuthorizedKeysFile -accept the tokens described in the +may include wildcards and accept the tokens described in the .Sx TOKENS section. After expansion, @@ -339,7 +339,7 @@ When using certificates signed by a key listed in this file lists names, one of which must appear in the certificate for it to be accepted for authentication. Names are listed one per line preceded by key options (as described in -.Sx AUTHORIZED_KEYS FILE FORMAT +.Cm AUTHORIZED_KEYS FILE FORMAT in .Xr sshd 8 ) . Empty lines and comments starting with @@ -348,7 +348,7 @@ are ignored. .Pp Arguments to .Cm AuthorizedPrincipalsFile -accept the tokens described in the +may include wildcards and accept the tokens described in the .Sx TOKENS section. After expansion, @@ -576,8 +576,8 @@ chacha20-poly1305@openssh.com The default is: .Bd -literal -offset indent chacha20-poly1305@openssh.com, -aes128-ctr,aes192-ctr,aes256-ctr, -aes128-gcm@openssh.com,aes256-gcm@openssh.com +aes128-gcm@openssh.com,aes256-gcm@openssh.com, +aes128-ctr,aes192-ctr,aes256-ctr .Ed .Pp The list of available ciphers may also be obtained using @@ -1059,13 +1059,10 @@ sntrup761x25519-sha512@openssh.com .Pp The default is: .Bd -literal -offset indent -sntrup761x25519-sha512,sntrup761x25519-sha512@openssh.com, mlkem768x25519-sha256, +sntrup761x25519-sha512,sntrup761x25519-sha512@openssh.com, curve25519-sha256,curve25519-sha256@libssh.org, -ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521, -diffie-hellman-group-exchange-sha256, -diffie-hellman-group16-sha512,diffie-hellman-group18-sha512, -diffie-hellman-group14-sha256 +ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521 .Ed .Pp The list of supported key exchange algorithms may also be obtained using @@ -1248,6 +1245,7 @@ The available criteria are .Cm Host , .Cm LocalAddress , .Cm LocalPort , +.Cm Version , .Cm RDomain , and .Cm Address @@ -1273,6 +1271,13 @@ it is an error to specify a mask length that is too long for the address or one with bits set in this host portion of the address. For example, 192.0.2.0/33 and 192.0.2.0/8, respectively. .Pp +The +.Cm Version +keyword matches against the version string of +.Xr sshd 8 , +for example +.Dq OpenSSH_10.0 . +.Pp Only a subset of keywords may be used on the lines following a .Cm Match keyword. @@ -1867,6 +1872,13 @@ via .Cm AcceptEnv or .Cm PermitUserEnvironment . +.It Cm SshdAuthPath +Overrides the default path to the +.Cm sshd-auth +binary that is invoked to complete user authentication. +The default is +.Pa /usr/libexec/sshd-auth . +This option is intended for use by tests. .It Cm SshdSessionPath Overrides the default path to the .Cm sshd-session @@ -2069,7 +2081,7 @@ The default is Optionally specifies additional text to append to the SSH protocol banner sent by the server upon connection. The default is -.Qq FreeBSD-20250219 . +.Qq FreeBSD-20250801 . The value .Cm none may be used to disable this. |