From: jmc@openbsd.org Date: Wed, 7 Sep 2016 18:39:24 +0000 (+0000) Subject: upstream commit X-Git-Tag: V_7_4_P1~123 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=f219fc8f03caca7ac82a38ed74bbd6432a1195e7;p=thirdparty%2Fopenssh-portable.git upstream commit sort; from matthew martin Upstream-ID: 73cec7f7ecc82d37a4adffad7745e4684de67ce7 --- diff --git a/sshd_config.5 b/sshd_config.5 index fe3b23d6e..a4d1ca000 100644 --- a/sshd_config.5 +++ b/sshd_config.5 @@ -33,8 +33,8 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd_config.5,v 1.230 2016/08/19 03:18:07 djm Exp $ -.Dd $Mdocdate: August 19 2016 $ +.\" $OpenBSD: sshd_config.5,v 1.231 2016/09/07 18:39:24 jmc Exp $ +.Dd $Mdocdate: September 7 2016 $ .Dt SSHD_CONFIG 5 .Os .Sh NAME @@ -123,15 +123,15 @@ and finally See PATTERNS in .Xr ssh_config 5 for more information on patterns. -.It Cm AllowTcpForwarding -Specifies whether TCP forwarding is permitted. +.It Cm AllowStreamLocalForwarding +Specifies whether StreamLocal (Unix-domain socket) forwarding is permitted. The available options are .Dq yes or .Dq all -to allow TCP forwarding, +to allow StreamLocal forwarding, .Dq no -to prevent all TCP forwarding, +to prevent all StreamLocal forwarding, .Dq local to allow local (from the perspective of .Xr ssh 1 ) @@ -140,18 +140,18 @@ forwarding only or to allow remote forwarding only. The default is .Dq yes . -Note that disabling TCP forwarding does not improve security unless +Note that disabling StreamLocal forwarding does not improve security unless users are also denied shell access, as they can always install their own forwarders. -.It Cm AllowStreamLocalForwarding -Specifies whether StreamLocal (Unix-domain socket) forwarding is permitted. +.It Cm AllowTcpForwarding +Specifies whether TCP forwarding is permitted. The available options are .Dq yes or .Dq all -to allow StreamLocal forwarding, +to allow TCP forwarding, .Dq no -to prevent all StreamLocal forwarding, +to prevent all TCP forwarding, .Dq local to allow local (from the perspective of .Xr ssh 1 ) @@ -160,7 +160,7 @@ forwarding only or to allow remote forwarding only. The default is .Dq yes . -Note that disabling StreamLocal forwarding does not improve security unless +Note that disabling TCP forwarding does not improve security unless users are also denied shell access, as they can always install their own forwarders. .It Cm AllowUsers @@ -1223,6 +1223,12 @@ All other authentication methods are disabled for root. If this option is set to .Dq no , root is not allowed to log in. +.It Cm PermitTTY +Specifies whether +.Xr pty 4 +allocation is permitted. +The default is +.Dq yes . .It Cm PermitTunnel Specifies whether .Xr tun 4 @@ -1246,12 +1252,6 @@ The default is Independent of this setting, the permissions of the selected .Xr tun 4 device must allow access to the user. -.It Cm PermitTTY -Specifies whether -.Xr pty 4 -allocation is permitted. -The default is -.Dq yes . .It Cm PermitUserEnvironment Specifies whether .Pa ~/.ssh/environment