view release on metacpan or  search on metacpan

lib/Config/Model/models/Sshd.pod  view on Meta::CPAN

B<X11Forwarding>Specifies whether X11
forwarding is permitted. The argument must be B<yes> or
B<no>. The default is B<no>.When X11
forwarding is enabled, there may be additional exposure to
the server and to client displays if the L<sshd(8)> proxy
display is configured to listen on the wildcard address (see
B<X11UseLocalhost>), though this is not the default.
Additionally, the authentication spoofing and authentication
data verification and substitution occur on the client side.
The security risk of using X11 forwarding is that the
client’s X11 display server may be exposed to attack
when the SSH client requests forwarding (see the warnings
for B<ForwardX11> in L<ssh_config(5)>). A system
administrator may have a stance in which they want to
protect clients that may expose themselves to attack by
unwittingly requesting X11 forwarding, which can warrant a
B<no> setting.Note that
disabling X11 forwarding does not prevent users from
forwarding X11 traffic, as users can always install their
own forwarders. I< Optional. Type boolean.  > 

=over 4

=item upstream_default value :

no

=back



=head2 AuthorizedKeysFile2

This parameter is now ignored by Ssh. B<Deprecated> I< Optional. Type list of uniline.  > 

=head2 Protocol

B<Deprecated> I< Optional. Type uniline.  > 

=head2 RSAAuthentication

B<Deprecated> I< Optional. Type uniline.  > 

=head2 RhostsRSAAuthentication

B<Deprecated> I< Optional. Type uniline.  > 

=head2 UsePrivilegeSeparation

B<Deprecated> I< Optional. Type uniline.  > 

=head2 KeyRegenerationInterval

B<Deprecated> I< Optional. Type uniline.  > 

=head2 AddressFamily

B<AddressFamily>Specifies which address family
should be used by L<sshd(8)>. Valid arguments are B<any>
(the default), B<inet> (use IPv4 only), or B<inet6>
(use IPv6 only). I< Optional. Type enum. choice: 'any', 'inet', 'inet6'.  > 

=over 4

=item upstream_default value :

any

=back



=head2 CASignatureAlgorithms

B<CASignatureAlgorithms>Specifies which algorithms are
allowed for signing of certificates by certificate
authorities (CAs). The default is:ecdsa-sha2-nistp256.ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,

ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsaCertificates
signed using other algorithms will not be accepted for
public key or host-based authentication. I< Optional. Type uniline.  > 

=head2 ChallengeResponseAuthentication

B<ChallengeResponseAuthentication>Specifies whether
challenge-response authentication is allowed (e.g. via PAM).
The default is B<yes>. I< Optional. Type boolean.  > 

=over 4

=item upstream_default value :

yes

=back



=head2 Ciphers

B<Ciphers>Specifies the ciphers allowed.
Multiple ciphers must be comma-separated. If the specified
value begins with a ’+’ character, then the
specified ciphers will be appended to the default set
instead of replacing them. If the specified value begins
with a ’-’ character, then the specified ciphers
(including wildcards) will be removed from the default set
instead of replacing them.The supported
ciphers are:3des-cbc 
aes128-cbc 
aes192-cbc 
aes256-cbc 
aes128-ctr 
aes192-ctr 
aes256-ctr 
aes128-gcm@openssh.com 
aes256-gcm@openssh.com 
chacha20-poly1305@openssh.comThe default
is:chacha20-poly1305@openssh.com,

aes128-ctr,aes192-ctr,aes256-ctr,