Config-Model-OpenSsh
4 results

 view release on metacpan or  search on metacpan

xt/sshd_config.html  view on Meta::CPAN 


<p style="margin-left:24%; margin-top: 1em"><b>PermitListen</b>
<i>port</i> <b><br>
PermitListen</b> <i>host</i>:<i>port</i></p>

<p style="margin-left:17%; margin-top: 1em">Multiple
permissions may be specified by separating them with
whitespace. An argument of <b>any</b> can be used to remove
all restrictions and permit any listen requests. An argument
of <b>none</b> can be used to prohibit all listen requests.
The host name may contain wildcards as described in the
PATTERNS section in ssh_config(5). The wildcard
&rsquo;*&rsquo; can also be used in place of a port number
to allow all ports. By default all port forwarding listen
requests are permitted. Note that the <b>GatewayPorts</b>
option may further restrict which addresses may be listened
on. Note also that ssh(1) will request a listen host of
&ldquo;localhost&rdquo; if no listen host was specifically
requested, and this this name is treated differently to
explicit localhost addresses of &ldquo;127.0.0.1&rdquo; and
&ldquo;::1&rdquo;.</p>

<p style="margin-top: 1em"><b>PermitOpen</b></p>

<p style="margin-left:17%;">Specifies the destinations to
which TCP port forwarding is permitted. The forwarding
specification must be one of the following forms:</p>


<p style="margin-left:24%; margin-top: 1em"><b>PermitOpen</b>
<i>host</i>:<i>port</i> <b><br>
PermitOpen</b> <i>IPv4_addr</i>:<i>port</i> <b><br>
PermitOpen</b> <i>[IPv6_addr]</i>:<i>port</i></p>

<p style="margin-left:17%; margin-top: 1em">Multiple
forwards may be specified by separating them with
whitespace. An argument of <b>any</b> can be used to remove
all restrictions and permit any forwarding requests. An
argument of <b>none</b> can be used to prohibit all
forwarding requests. The wildcard &rsquo;*&rsquo; can be
used for host or port to allow all hosts or ports,
respectively. By default all port forwarding requests are
permitted.</p>

<p style="margin-top: 1em"><b>PermitRootLogin</b></p>

<p style="margin-left:17%;">Specifies whether root can log
in using ssh(1). The argument must be <b>yes</b>,
<b>prohibit-password</b>, <b>forced-commands-only</b>, or
<b>no</b>. The default is <b>prohibit-password</b>.</p>

<p style="margin-left:17%; margin-top: 1em">If this option
is set to <b>prohibit-password</b> (or its deprecated alias,
<b>without-password</b>), password and keyboard-interactive
authentication are disabled for root.</p>

<p style="margin-left:17%; margin-top: 1em">If this option
is set to <b>forced-commands-only</b>, root login with
public key authentication will be allowed, but only if the
<i>command</i> option has been specified (which may be
useful for taking remote backups even if root login is
normally not allowed). All other authentication methods are
disabled for root.</p>

<p style="margin-left:17%; margin-top: 1em">If this option
is set to <b>no</b>, root is not allowed to log in.</p>

<p style="margin-top: 1em"><b>PermitTTY</b></p>

<p style="margin-left:17%;">Specifies whether pty(4)
allocation is permitted. The default is <b>yes</b>.</p>

<p style="margin-top: 1em"><b>PermitTunnel</b></p>

<p style="margin-left:17%;">Specifies whether tun(4) device
forwarding is allowed. The argument must be <b>yes</b>,
<b>point-to-point</b> (layer 3), <b>ethernet</b> (layer 2),
or <b>no</b>. Specifying <b>yes</b> permits both
<b>point-to-point</b> and <b>ethernet</b>. The default is
<b>no</b>.</p>

<p style="margin-left:17%; margin-top: 1em">Independent of
this setting, the permissions of the selected tun(4) device
must allow access to the user.</p>


<p style="margin-top: 1em"><b>PermitUserEnvironment</b></p>

<p style="margin-left:17%;">Specifies whether
<i>~/.ssh/environment</i> and <b>environment=</b> options in
<i>~/.ssh/authorized_keys</i> are processed by sshd(8).
Valid options are <b>yes</b>, <b>no</b> or a pattern-list
specifying which environment variable names to accept (for
example &quot;LANG,LC_*&quot;). The default is <b>no</b>.
Enabling environment processing may enable users to bypass
access restrictions in some configurations using mechanisms
such as LD_PRELOAD.</p>

<p style="margin-top: 1em"><b>PermitUserRC</b></p>

<p style="margin-left:17%;">Specifies whether any
<i>~/.ssh/rc</i> file is executed. The default is
<b>yes</b>.</p>

<p style="margin-top: 1em"><b>PidFile</b></p>

<p style="margin-left:17%;">Specifies the file that
contains the process ID of the SSH daemon, or <b>none</b> to
not write one. The default is <i>/run/sshd.pid</i>.</p>

<p style="margin-top: 1em"><b>Port</b></p>

<p style="margin-left:17%; margin-top: 1em">Specifies the
port number that sshd(8) listens on. The default is 22.
Multiple options of this type are permitted. See also
<b>ListenAddress</b>.</p>

<p style="margin-top: 1em"><b>PrintLastLog</b></p>

<p style="margin-left:17%;">Specifies whether sshd(8)
should print the date and time of the last user login when a



( run in 1.168 second using v1.01-cache-2.11-cpan-39bf76dae61 )