Config-Model-OpenSsh
view release on metacpan - search on metacpan
view release on metacpan or search on metacpan
lib/Config/Model/models/Sshd.pod view on Meta::CPAN
B<X11Forwarding>Specifies whether X11
forwarding is permitted. The argument must be B<yes> or
B<no>. The default is B<no>.When X11
forwarding is enabled, there may be additional exposure to
the server and to client displays if the L<sshd(8)> proxy
display is configured to listen on the wildcard address (see
B<X11UseLocalhost>), though this is not the default.
Additionally, the authentication spoofing and authentication
data verification and substitution occur on the client side.
The security risk of using X11 forwarding is that the
clientâs X11 display server may be exposed to attack
when the SSH client requests forwarding (see the warnings
for B<ForwardX11> in L<ssh_config(5)>). A system
administrator may have a stance in which they want to
protect clients that may expose themselves to attack by
unwittingly requesting X11 forwarding, which can warrant a
B<no> setting.Note that
disabling X11 forwarding does not prevent users from
forwarding X11 traffic, as users can always install their
own forwarders. I< Optional. Type boolean. >
=over 4
=item upstream_default value :
no
=back
=head2 AuthorizedKeysFile2
This parameter is now ignored by Ssh. B<Deprecated> I< Optional. Type list of uniline. >
=head2 Protocol
B<Deprecated> I< Optional. Type uniline. >
=head2 RSAAuthentication
B<Deprecated> I< Optional. Type uniline. >
=head2 RhostsRSAAuthentication
B<Deprecated> I< Optional. Type uniline. >
=head2 UsePrivilegeSeparation
B<Deprecated> I< Optional. Type uniline. >
=head2 KeyRegenerationInterval
B<Deprecated> I< Optional. Type uniline. >
=head2 AddressFamily
B<AddressFamily>Specifies which address family
should be used by L<sshd(8)>. Valid arguments are B<any>
(the default), B<inet> (use IPv4 only), or B<inet6>
(use IPv6 only). I< Optional. Type enum. choice: 'any', 'inet', 'inet6'. >
=over 4
=item upstream_default value :
any
=back
=head2 CASignatureAlgorithms
B<CASignatureAlgorithms>Specifies which algorithms are
allowed for signing of certificates by certificate
authorities (CAs). The default is:ecdsa-sha2-nistp256.ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsaCertificates
signed using other algorithms will not be accepted for
public key or host-based authentication. I< Optional. Type uniline. >
=head2 ChallengeResponseAuthentication
B<ChallengeResponseAuthentication>Specifies whether
challenge-response authentication is allowed (e.g. via PAM).
The default is B<yes>. I< Optional. Type boolean. >
=over 4
=item upstream_default value :
yes
=back
=head2 Ciphers
B<Ciphers>Specifies the ciphers allowed.
Multiple ciphers must be comma-separated. If the specified
value begins with a â+â character, then the
specified ciphers will be appended to the default set
instead of replacing them. If the specified value begins
with a â-â character, then the specified ciphers
(including wildcards) will be removed from the default set
instead of replacing them.The supported
ciphers are:3des-cbc
aes128-cbc
aes192-cbc
aes256-cbc
aes128-ctr
aes192-ctr
aes256-ctr
aes128-gcm@openssh.com
aes256-gcm@openssh.com
chacha20-poly1305@openssh.comThe default
is:chacha20-poly1305@openssh.com,
aes128-ctr,aes192-ctr,aes256-ctr,
view all matches for this distributionview release on metacpan - search on metacpan
( run in 0.547 second using v1.00-cache-2.02-grep-82fe00e-cpan-2c419f77a38b )