unixdev.net


Switch to SpeakEasy.net DSL

The Modular Manual Browser

Home Page
Manual: (OSF1-V5.1-alpha)
Page:
Section:
Apropos / Subsearch:
optional field



sshd2_subconfig(4)					   sshd2_subconfig(4)



NAME

  sshd2_subconfig - Describes the subconfiguration that	can be used for	the
  sshd2	daemon

DESCRIPTION

  You can specify configuration	options	in subconfiguration files that have
  the same format as the main configuration file. They are read	after the
  daemon forks a new process to	handle the connection. If they are modified,
  it is	not necessary to restart the server process.

  If parsing of	the subconfiguration files fails, the server terminates	the
  connection for the host-specific subconfiguration or denies access for the
  user-specific	subconfiguration.

  Most of the configuration options that work in the main file work in the
  subconfiguration files.

  The value for	{Host,User}SpecificConfig keywords is a	pattern-filename
  pair.	 The pattern user is matched with the user name	and user ID. Group is
  matched with the user's primary and secondary	groups,	both group name	and
  group	ID, and	host is	matched	as described for AllowHosts.

  With HostSpecificConfig, the pattern is host.	 Unlike	sshd2_config, the
  sshd2_subconfig files	can have configuration blocks, or stanzas.  With the
  UserSpecificConfig subconfiguration, the format is user[%group][@host], and
  with HostSpecificConfig the format is	host.

  The subconfiguration files are divided into two categories:

    +  user-specific

    +  host-specific

  The user-specific subconfiguration files are read when the client enters a
  user name. At	this point, the	server obtains additional information about
  the user, such as the	user's ID and user groups. With	this information, the
  server can read the user-specific configuration files	in the main sshd2
  configuration	file.

  The host-specific configuration files	are configured with the	HostSpeci-
  ficConfig variable. They are read after the daemon forks a new process to
  handle the connection. Most configuration options can	be set here.

  It is	possible to mix	the configuration files, but not recommended.  Mixing
  the files might cause	unexpected behavior because the	global settings	in
  these	files would be set multiple times.

  Subconfigurations are	very flexible. You can specify different authentica-
  tion methods for different users, different banner messages for people com-
  ing from certain hosts, and set log messages of certain groups to go to
  different files.







NOTES

  The following	configuration variables	work in	the main file, the user-
  specific file, and the host-specific configuration files:

    +  AllowShosts

    +  AllowTcpForwarding

    +  AllowedAuthentications

    +  AuthInteractiveFailureTimeout

    +  AuthKbdInt.NumOptional

    +  AuthKbdInt.Optional

    +  AuthKbdInt.Plugin

    +  AuthKbdInt.Required

    +  AuthKbdInt.Retries

    +  AuthorizationFile

    +  AuthPublicKey.MaxSize

    +  AuthPublicKey.MinSize

    +  CheckMail

    +  DenyShosts

    +  FascistLogging

    +  ForwardAgent

    +  ForwardX11

    +  HostbasedAuthForceClientHostnameDNSMatch

    +  IdleTimeout

    +  IgnoreRhosts

    +  IgnoreRootRhosts

    +  PasswdPath

    +  PasswordGuesses

    +  PermitEmptyPasswords

    +  PrintMOTD

    +  QuietMode

    +  RekeyIntervalSeconds

    +  RequiredAuthentications

    +  SecurIdGuesses

    +  SettableEnvironmentVars

    +  SftpSysLogFacility

    +  StrictModes

    +  SysLogFacility

    +  UserConfigDirectory

    +  UserKnownHosts

    +  VerboseMode

  The following	variables work in the host-specific configuration file and in
  the main file:

    +  AllowGroups

    +  AllowTcpForwardingForGroups

    +  AllowTcpForwardingForUsers

    +  AllowUsers

    +  BannerMessageFile

    +  ChrootGroups

    +  ChrootUsers

    +  Ciphers

    +  DenyGroups

    +  DenyTcpForwardingForGroups

    +  DenyTcpForwardingForUsers

    +  DenyUsers

    +  ExternalAuthorizationProgram

    +  ForwardACL

    +  LoginGraceTime

    +  MACs

    +  PermitRootLogin

    +  SSH1Compatibility

    +  Sshd1ConfigFile

    +  Sshd1Path







LEGAL NOTICES

  SSH is a registered trademark	of SSH Communication Security Ltd.



SEE ALSO

  Commands: sshd2(8), sshd-check-conf(8)

  Files: sshd2_config(4)

  Other: sshregex(5)