Config-Model-OpenSsh
view release on metacpan or search on metacpan
lib/Config/Model/models/Sshd.pl view on Meta::CPAN
aes192-cbc
aes256-cbc
aes128-ctr
aes192-ctr
aes256-ctr
aes128-gcm\@openssh.com
aes256-gcm\@openssh.com
chacha20-poly1305\@openssh.comThe default
is:chacha20-poly1305\@openssh.com,
aes128-ctr,aes192-ctr,aes256-ctr,
aes128-gcm\@openssh.com,aes256-gcm\@openssh.comThe list of
available ciphers may also be obtained using \"ssh -Q
cipher\".",
'type' => 'leaf',
'value_type' => 'uniline'
},
'Compression',
{
'choice' => [
'yes',
'delayed',
'no'
],
'description' => 'B<Compression>Specifies whether compression
is enabled after the user has authenticated successfully.
The argument must be B<yes>, B<delayed> (a legacy
synonym for B<yes>) or B<no>. The default is
B<yes>.',
'type' => 'leaf',
'upstream_default' => 'yes',
'value_type' => 'enum'
},
'DebianBanner',
{
'description' => 'B<DebianBanner>Specifies whether the
distribution-specified extra version suffix is included
during initial protocol handshake. The default is
B<yes>.',
'type' => 'leaf',
'upstream_default' => 'yes',
'value_type' => 'boolean',
'write_as' => [
'no',
'yes'
]
},
'DisableForwarding',
{
'description' => 'B<DisableForwarding>Disables all forwarding
features, including X11, L<ssh-agent(1)>, TCP and StreamLocal.
This option overrides all other forwarding-related options
and may simplify restricted configurations.',
'type' => 'leaf',
'value_type' => 'uniline'
},
'ExposeAuthInfo',
{
'description' => 'B<ExposeAuthInfo>Writes a temporary file
containing a list of authentication methods and public
credentials (e.g. keys) used to authenticate the user. The
location of the file is exposed to the user session through
the SSH_USER_AUTH environment variable. The default is
B<no>.',
'type' => 'leaf',
'upstream_default' => 'no',
'value_type' => 'boolean',
'write_as' => [
'no',
'yes'
]
},
'FingerprintHash',
{
'choice' => [
'md5',
'sha256'
],
'description' => 'B<FingerprintHash>Specifies the hash algorithm
used when logging key fingerprints. Valid options are:
B<md5> and B<sha256>. The default is
B<sha256>.',
'type' => 'leaf',
'upstream_default' => 'sha256',
'value_type' => 'enum'
},
'GSSAPIKeyExchange',
{
'description' => "B<GSSAPIKeyExchange>Specifies whether key exchange
based on GSSAPI is allowed. GSSAPI key exchange
doesn\x{2019}t rely on ssh keys to verify host identity. The
default is B<no>.",
'type' => 'leaf',
'upstream_default' => 'no',
'value_type' => 'boolean',
'write_as' => [
'no',
'yes'
]
},
'GSSAPICleanupCredentials',
{
'description' => "B<GSSAPICleanupCredentials>Specifies whether to
automatically destroy the user\x{2019}s credentials cache on
logout. The default is B<yes>.",
'type' => 'leaf',
'upstream_default' => 'yes',
'value_type' => 'boolean',
'write_as' => [
'no',
'yes'
]
},
'GSSAPIStrictAcceptorCheck',
{
'description' => "B<GSSAPIStrictAcceptorCheck>Determines whether to be strict
about the identity of the GSSAPI acceptor a client
authenticates against. If set to B<yes> then the client
must authenticate against the host service on the current
hostname. If set to B<no> then the client may
authenticate against any service key stored in the
machine\x{2019}s default store. This facility is provided to
assist with operation on multi homed machines. The default
is B<yes>.",
'type' => 'leaf',
'upstream_default' => 'yes',
'value_type' => 'boolean',
'write_as' => [
'no',
'yes'
]
},
'GSSAPIStoreCredentialsOnRekey',
{
'description' => "B<GSSAPIStoreCredentialsOnRekey>Controls whether the
user\x{2019}s GSSAPI credentials should be updated following
a successful connection rekeying. This option can be used to
accepted renewed or updated credentials from a compatible
client. The default is B<no>.",
'type' => 'leaf',
'upstream_default' => 'no',
'value_type' => 'boolean',
'write_as' => [
'no',
'yes'
]
},
'HostCertificate',
{
'description' => "B<HostCertificate>Specifies a file containing a
public host certificate. The certificate\x{2019}s public key
must match a private host key already specified by
B<HostKey>. The default behaviour of L<sshd(8)> is not to
load any certificates.",
'type' => 'leaf',
'value_type' => 'uniline'
},
'HostKey',
{
'description' => 'B<HostKey>Specifies a file containing a
private host key used by SSH. The defaults are
I</etc/ssh/ssh_host_ecdsa_key>,
I</etc/ssh/ssh_host_ed25519_key> and
I</etc/ssh/ssh_host_rsa_key>.Note that
L<sshd(8)> will refuse to use a file if it is
group/world-accessible and that the B<HostKeyAlgorithms>
option restricts which of the keys are actually used by
L<sshd(8)>.It is possible
to have multiple host key files. It is also possible to
specify public host key files instead. In this case
operations on the private key will be delegated to an
L<ssh-agent(1)>.',
'type' => 'leaf',
'value_type' => 'uniline'
},
'HostKeyAgent',
{
'description' => 'B<HostKeyAgent>Identifies the UNIX-domain
socket used to communicate with an agent that has access to
the private host keys. If the string
"SSH_AUTH_SOCK" is specified, the location of the
socket will be read from the SSH_AUTH_SOCK environment
variable.',
'type' => 'leaf',
'value_type' => 'uniline'
},
'HostKeyAlgorithms',
{
'description' => 'B<HostKeyAlgorithms>Specifies the host key
algorithms that the server offers. The default for this
option is:ecdsa-sha2-nistp256-cert-v01@openssh.com,
ecdsa-sha2-nistp384-cert-v01@openssh.com,
ecdsa-sha2-nistp521-cert-v01@openssh.com,
ssh-ed25519-cert-v01@openssh.com,
rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com,
( run in 1.074 second using v1.01-cache-2.11-cpan-d7f47b0818f )