Config-Model-OpenSsh
view release on metacpan or search on metacpan
lib/Config/Model/models/Sshd.pl view on Meta::CPAN
normally desirable because novices sometimes accidentally
leave their directory or files world-writable. The default
is B<yes>. Note that this does not apply to
B<ChrootDirectory>, whose permissions and ownership are
checked unconditionally.",
'type' => 'leaf',
'upstream_default' => 'yes',
'value_type' => 'boolean',
'write_as' => [
'no',
'yes'
]
},
'Subsystem',
{
'cargo' => {
'mandatory' => '1',
'type' => 'leaf',
'value_type' => 'uniline'
},
'description' => 'B<Subsystem>Configures an external
subsystem (e.g. file transfer daemon). Arguments should be a
subsystem name and a command (with optional arguments) to
execute upon subsystem request.The command
B<sftp-server> implements the SFTP file transfer
subsystem.Alternately the
name B<internal-sftp> implements an in-process SFTP
server. This may simplify configurations using
B<ChrootDirectory> to force a different filesystem root
on clients.By default no
subsystems are defined.',
'index_type' => 'string',
'type' => 'hash'
},
'SyslogFacility',
{
'choice' => [
'DAEMON',
'USER',
'AUTH',
'LOCAL0',
'LOCAL1',
'LOCAL2',
'LOCAL3',
'LOCAL4',
'LOCAL5',
'LOCAL6',
'LOCAL7'
],
'description' => 'B<SyslogFacility>Gives the facility code that is
used when logging messages from L<sshd(8)>. The possible values
are: DAEMON, USER, AUTH, LOCAL0, LOCAL1, LOCAL2, LOCAL3,
LOCAL4, LOCAL5, LOCAL6, LOCAL7. The default is AUTH.',
'type' => 'leaf',
'upstream_default' => 'AUTH',
'value_type' => 'enum'
},
'TCPKeepAlive',
{
'description' => 'B<TCPKeepAlive>Specifies whether the system
should send TCP keepalive messages to the other side. If
they are sent, death of the connection or crash of one of
the machines will be properly noticed. However, this means
that connections will die if the route is down temporarily,
and some people find it annoying. On the other hand, if TCP
keepalives are not sent, sessions may hang indefinitely on
the server, leaving "ghost" users and consuming
server resources.The default is
B<yes> (to send TCP keepalive messages), and the server
will notice if the network goes down or the client host
crashes. This avoids infinitely hanging sessions.To disable TCP
keepalive messages, the value should be set to
B<no>.This option was
formerly called B<KeepAlive>.',
'type' => 'leaf',
'upstream_default' => 'yes',
'value_type' => 'boolean',
'write_as' => [
'no',
'yes'
]
},
'UseDNS',
{
'description' => 'B<UseDNS>Specifies
whether L<sshd(8)> should look up the remote host name, and to
check that the resolved host name for the remote IP address
maps back to the very same IP address.If this option
is set to B<no> (the default) then only addresses and
not host names may be used in I<~/.ssh/authorized_keys>B<from> and B<sshd_config Match Host>
directives.',
'type' => 'leaf',
'upstream_default' => 'no',
'value_type' => 'boolean',
'write_as' => [
'no',
'yes'
]
},
'UsePAM',
{
'description' => 'B<UsePAM>Enables the
Pluggable Authentication Module interface. If set to
B<yes> this will enable PAM authentication using
B<ChallengeResponseAuthentication> and
B<PasswordAuthentication> in addition to PAM account and
session module processing for all authentication types.Because PAM
challenge-response authentication usually serves an
equivalent role to password authentication, you should
disable either B<PasswordAuthentication> or
B<ChallengeResponseAuthentication.>If
B<UsePAM> is enabled, you will not be able to run
L<sshd(8)> as a non-root user. The default is B<no>.',
'type' => 'leaf',
'upstream_default' => 'no',
'value_type' => 'boolean',
'write_as' => [
'no',
'yes'
]
},
'VersionAddendum',
{
'description' => 'B<VersionAddendum>Optionally specifies additional
text to append to the SSH protocol banner sent by the server
upon connection. The default is B<none>.',
'type' => 'leaf',
'value_type' => 'uniline'
},
'X11UseLocalhost',
{
'description' => 'B<X11UseLocalhost>Specifies whether L<sshd(8)>
( run in 2.440 seconds using v1.01-cache-2.11-cpan-39bf76dae61 )