sync with OpenBSD -current
This commit is contained in:
parent
9f8f4295e0
commit
51a5102224
GPG key ID:
F42C07F07E2E35B7
38 changed files with 2285 additions and 1213 deletions
|
|
@ -33,8 +33,8 @@
|
|||
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
|
||||
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
.\"
|
||||
.\" $OpenBSD: sshd_config.5,v 1.370 2024/09/09 14:41:21 naddy Exp $
|
||||
.Dd $Mdocdate: September 9 2024 $
|
||||
.\" $OpenBSD: sshd_config.5,v 1.374 2024/09/15 08:27:38 jmc Exp $
|
||||
.Dd $Mdocdate: September 15 2024 $
|
||||
.Dt SSHD_CONFIG 5
|
||||
.Os
|
||||
.Sh NAME
|
||||
|
|
@ -1238,9 +1238,11 @@ applied.
|
|||
.Pp
|
||||
The arguments to
|
||||
.Cm Match
|
||||
are one or more criteria-pattern pairs or the single token
|
||||
.Cm All
|
||||
which matches all criteria.
|
||||
are one or more criteria-pattern pairs or one of the single token criteria:
|
||||
.Cm All ,
|
||||
which matches all criteria, or
|
||||
.Cm Invalid-User ,
|
||||
which matches when the requested user-name does not match any known account.
|
||||
The available criteria are
|
||||
.Cm User ,
|
||||
.Cm Group ,
|
||||
|
|
@ -1324,6 +1326,7 @@ Available keywords are
|
|||
.Cm PubkeyAcceptedAlgorithms ,
|
||||
.Cm PubkeyAuthentication ,
|
||||
.Cm PubkeyAuthOptions ,
|
||||
.Cm RefuseConnection ,
|
||||
.Cm RekeyLimit ,
|
||||
.Cm RevokedKeys ,
|
||||
.Cm RDomain ,
|
||||
|
|
@ -1597,6 +1600,11 @@ Specifies how long to refuse clients that cause a crash of
|
|||
.It Cm authfail:duration
|
||||
Specifies how long to refuse clients that disconnect after making one or more
|
||||
unsuccessful authentication attempts (default: 5s).
|
||||
.It Cm refuseconnection:duration
|
||||
Specifies how long to refuse clients that were administratively prohibited
|
||||
connection via the
|
||||
.Cm RefuseConnection
|
||||
option (default: 10s).
|
||||
.It Cm noauth:duration
|
||||
Specifies how long to refuse clients that disconnect without attempting
|
||||
authentication (default: 1s).
|
||||
|
|
@ -1754,6 +1762,18 @@ options have any effect for other, non-FIDO, public key types.
|
|||
Specifies whether public key authentication is allowed.
|
||||
The default is
|
||||
.Cm yes .
|
||||
.It Cm RefuseConnection
|
||||
Indicates that
|
||||
.Xr sshd 8
|
||||
should unconditionally terminate the connection.
|
||||
Additionally, a
|
||||
.Cm refuseconnection
|
||||
penalty may be recorded against the source of the connection if
|
||||
.Cm PerSourcePenalties
|
||||
are enabled.
|
||||
This option is only really useful in a
|
||||
.Cm Match
|
||||
block.
|
||||
.It Cm RekeyLimit
|
||||
Specifies the maximum amount of data that may be transmitted or received
|
||||
before the session key is renegotiated, optionally followed by a maximum
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue