diff options
Diffstat (limited to 'templates/man5/sshd_config.5.pot')
| -rw-r--r-- | templates/man5/sshd_config.5.pot | 3894 |
1 files changed, 3894 insertions, 0 deletions
diff --git a/templates/man5/sshd_config.5.pot b/templates/man5/sshd_config.5.pot new file mode 100644 index 00000000..8544c334 --- /dev/null +++ b/templates/man5/sshd_config.5.pot @@ -0,0 +1,3894 @@ +# SOME DESCRIPTIVE TITLE +# Copyright (C) YEAR Free Software Foundation, Inc. +# This file is distributed under the same license as the PACKAGE package. +# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR. +# +#, fuzzy +msgid "" +msgstr "" +"Project-Id-Version: PACKAGE VERSION\n" +"POT-Creation-Date: 2024-03-01 17:08+0100\n" +"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" +"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n" +"Language-Team: LANGUAGE <LL@li.org>\n" +"Language: \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" + +#. type: Dd +#: archlinux debian-unstable fedora-40 fedora-rawhide opensuse-tumbleweed +#, no-wrap +msgid "$Mdocdate: July 28 2023 $" +msgstr "" + +#. type: Dt +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +#, no-wrap +msgid "SSHD_CONFIG 5" +msgstr "" + +#. type: Sh +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +#, no-wrap +msgid "NAME" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +msgid "E<.Nm sshd_config>" +msgstr "" + +#. type: Nd +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +#, no-wrap +msgid "OpenSSH daemon configuration file" +msgstr "" + +#. type: Sh +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +#, no-wrap +msgid "DESCRIPTION" +msgstr "" + +#. type: Plain text +#: archlinux debian-unstable fedora-40 fedora-rawhide mageia-cauldron +msgid "" +"E<.Xr sshd 8> reads configuration data from E<.Pa /etc/ssh/sshd_config> (or " +"the file specified with E<.Fl f> on the command line). The file contains " +"keyword-argument pairs, one per line. Unless noted otherwise, for each " +"keyword, the first obtained value will be used. Lines starting with E<.Ql " +"#> and empty lines are interpreted as comments. Arguments may optionally be " +"enclosed in double quotes E<.Pq \\&\"> in order to represent arguments " +"containing spaces." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +msgid "" +"The possible keywords and their meanings are as follows (note that keywords " +"are case-insensitive and arguments are case-sensitive):" +msgstr "" + +#. type: It +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +#, no-wrap +msgid "Cm AcceptEnv" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +msgid "" +"Specifies what environment variables sent by the client will be copied into " +"the session's E<.Xr environ 7>. See E<.Cm SendEnv> and E<.Cm SetEnv> in E<." +"Xr ssh_config 5> for how to configure the client. The E<.Ev TERM> " +"environment variable is always accepted whenever the client requests a " +"pseudo-terminal as it is required by the protocol. Variables are specified " +"by name, which may contain the wildcard characters E<.Ql *> and E<.Ql \\&?" +">. Multiple environment variables may be separated by whitespace or spread " +"across multiple E<.Cm AcceptEnv> directives. Be warned that some " +"environment variables could be used to bypass restricted user environments. " +"For this reason, care should be taken in the use of this directive. The " +"default is not to accept any environment variables." +msgstr "" + +#. type: It +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +#, no-wrap +msgid "Cm AddressFamily" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +msgid "" +"Specifies which address family should be used by E<.Xr sshd 8>. Valid " +"arguments are E<.Cm any> (the default), E<.Cm inet> (use IPv4 only), or E<." +"Cm inet6> (use IPv6 only)." +msgstr "" + +#. type: It +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +#, no-wrap +msgid "Cm AllowAgentForwarding" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +msgid "" +"Specifies whether E<.Xr ssh-agent 1> forwarding is permitted. The default " +"is E<.Cm yes>. Note that disabling agent forwarding does not improve " +"security unless users are also denied shell access, as they can always " +"install their own forwarders." +msgstr "" + +#. type: It +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +#, no-wrap +msgid "Cm AllowGroups" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +msgid "" +"This keyword can be followed by a list of group name patterns, separated by " +"spaces. If specified, login is allowed only for users whose primary group " +"or supplementary group list matches one of the patterns. Only group names " +"are valid; a numerical group ID is not recognized. By default, login is " +"allowed for all groups. The allow/deny groups directives are processed in " +"the following order: E<.Cm DenyGroups>, E<.Cm AllowGroups>." +msgstr "" + +#. type: Plain text +#: archlinux debian-unstable fedora-40 fedora-rawhide mageia-cauldron +#: opensuse-tumbleweed +msgid "" +"See PATTERNS in E<.Xr ssh_config 5> for more information on patterns. This " +"keyword may appear multiple times in E<.Nm> with each instance appending to " +"the list." +msgstr "" + +#. type: It +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +#, no-wrap +msgid "Cm AllowStreamLocalForwarding" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +msgid "" +"Specifies whether StreamLocal (Unix-domain socket) forwarding is permitted. " +"The available options are E<.Cm yes> (the default) or E<.Cm all> to allow " +"StreamLocal forwarding, E<.Cm no> to prevent all StreamLocal forwarding, E<." +"Cm local> to allow local (from the perspective of E<.Xr ssh 1>) forwarding " +"only or E<.Cm remote> to allow remote forwarding only. Note that disabling " +"StreamLocal forwarding does not improve security unless users are also " +"denied shell access, as they can always install their own forwarders." +msgstr "" + +#. type: It +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +#, no-wrap +msgid "Cm AllowTcpForwarding" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +msgid "" +"Specifies whether TCP forwarding is permitted. The available options are E<." +"Cm yes> (the default) or E<.Cm all> to allow TCP forwarding, E<.Cm no> to " +"prevent all TCP forwarding, E<.Cm local> to allow local (from the " +"perspective of E<.Xr ssh 1>) forwarding only or E<.Cm remote> to allow " +"remote forwarding only. Note that disabling TCP forwarding does not improve " +"security unless users are also denied shell access, as they can always " +"install their own forwarders." +msgstr "" + +#. type: It +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +#, no-wrap +msgid "Cm AllowUsers" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +msgid "" +"This keyword can be followed by a list of user name patterns, separated by " +"spaces. If specified, login is allowed only for user names that match one " +"of the patterns. Only user names are valid; a numerical user ID is not " +"recognized. By default, login is allowed for all users. If the pattern " +"takes the form USER@HOST then USER and HOST are separately checked, " +"restricting logins to particular users from particular hosts. HOST criteria " +"may additionally contain addresses to match in CIDR address/masklen format. " +"The allow/deny users directives are processed in the following order: E<.Cm " +"DenyUsers>, E<.Cm AllowUsers>." +msgstr "" + +#. type: It +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +#, no-wrap +msgid "Cm AuthenticationMethods" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +msgid "" +"Specifies the authentication methods that must be successfully completed for " +"a user to be granted access. This option must be followed by one or more " +"lists of comma-separated authentication method names, or by the single " +"string E<.Cm any> to indicate the default behaviour of accepting any single " +"authentication method. If the default is overridden, then successful " +"authentication requires completion of every method in at least one of these " +"lists." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +msgid "" +"For example, E<.Qq publickey,password publickey,keyboard-interactive> would " +"require the user to complete public key authentication, followed by either " +"password or keyboard interactive authentication. Only methods that are next " +"in one or more lists are offered at each stage, so for this example it would " +"not be possible to attempt password or keyboard-interactive authentication " +"before public key." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +msgid "" +"For keyboard interactive authentication it is also possible to restrict " +"authentication to a specific device by appending a colon followed by the " +"device identifier E<.Cm bsdauth> or E<.Cm pam>. depending on the server " +"configuration. For example, E<.Qq keyboard-interactive:bsdauth> would " +"restrict keyboard interactive authentication to the E<.Cm bsdauth> device." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +msgid "" +"If the publickey method is listed more than once, E<.Xr sshd 8> verifies " +"that keys that have been used successfully are not reused for subsequent " +"authentications. For example, E<.Qq publickey,publickey> requires " +"successful authentication using two different public keys." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +msgid "" +"Note that each authentication method listed should also be explicitly " +"enabled in the configuration." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +msgid "" +"The available authentication methods are: E<.Qq gssapi-with-mic>, E<.Qq " +"hostbased>, E<.Qq keyboard-interactive>, E<.Qq none> (used for access to " +"password-less accounts when E<.Cm PermitEmptyPasswords> is enabled), E<.Qq " +"password> and E<.Qq publickey>." +msgstr "" + +#. type: It +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +#, no-wrap +msgid "Cm AuthorizedKeysCommand" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +msgid "" +"Specifies a program to be used to look up the user's public keys. The " +"program must be owned by root, not writable by group or others and specified " +"by an absolute path. Arguments to E<.Cm AuthorizedKeysCommand> accept the " +"tokens described in the E<.Sx TOKENS> section. If no arguments are " +"specified then the username of the target user is used." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +msgid "" +"The program should produce on standard output zero or more lines of " +"authorized_keys output (see E<.Sx AUTHORIZED_KEYS> in E<.Xr sshd 8>). E<.Cm " +"AuthorizedKeysCommand> is tried after the usual E<.Cm AuthorizedKeysFile> " +"files and will not be executed if a matching key is found there. By " +"default, no E<.Cm AuthorizedKeysCommand> is run." +msgstr "" + +#. type: It +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +#, no-wrap +msgid "Cm AuthorizedKeysCommandUser" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +msgid "" +"Specifies the user under whose account the E<.Cm AuthorizedKeysCommand> is " +"run. It is recommended to use a dedicated user that has no other role on " +"the host than running authorized keys commands. If E<.Cm " +"AuthorizedKeysCommand> is specified but E<.Cm AuthorizedKeysCommandUser> is " +"not, then E<.Xr sshd 8> will refuse to start." +msgstr "" + +#. type: It +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +#, no-wrap +msgid "Cm AuthorizedKeysFile" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +msgid "" +"Specifies the file that contains the public keys used for user " +"authentication. The format is described in the AUTHORIZED_KEYS FILE FORMAT " +"section of E<.Xr sshd 8>. Arguments to E<.Cm AuthorizedKeysFile> accept the " +"tokens described in the E<.Sx TOKENS> section. After expansion, E<.Cm " +"AuthorizedKeysFile> is taken to be an absolute path or one relative to the " +"user's home directory. Multiple files may be listed, separated by " +"whitespace. Alternately this option may be set to E<.Cm none> to skip " +"checking for user keys in files. The default is E<.Qq .ssh/authorized_keys ." +"ssh/authorized_keys2>." +msgstr "" + +#. type: It +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +#, no-wrap +msgid "Cm AuthorizedPrincipalsCommand" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +msgid "" +"Specifies a program to be used to generate the list of allowed certificate " +"principals as per E<.Cm AuthorizedPrincipalsFile>. The program must be " +"owned by root, not writable by group or others and specified by an absolute " +"path. Arguments to E<.Cm AuthorizedPrincipalsCommand> accept the tokens " +"described in the E<.Sx TOKENS> section. If no arguments are specified then " +"the username of the target user is used." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +msgid "" +"The program should produce on standard output zero or more lines of E<.Cm " +"AuthorizedPrincipalsFile> output. If either E<.Cm " +"AuthorizedPrincipalsCommand> or E<.Cm AuthorizedPrincipalsFile> is " +"specified, then certificates offered by the client for authentication must " +"contain a principal that is listed. By default, no E<.Cm " +"AuthorizedPrincipalsCommand> is run." +msgstr "" + +#. type: It +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +#, no-wrap +msgid "Cm AuthorizedPrincipalsCommandUser" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +msgid "" +"Specifies the user under whose account the E<.Cm " +"AuthorizedPrincipalsCommand> is run. It is recommended to use a dedicated " +"user that has no other role on the host than running authorized principals " +"commands. If E<.Cm AuthorizedPrincipalsCommand> is specified but E<.Cm " +"AuthorizedPrincipalsCommandUser> is not, then E<.Xr sshd 8> will refuse to " +"start." +msgstr "" + +#. type: It +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +#, no-wrap +msgid "Cm AuthorizedPrincipalsFile" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +msgid "" +"Specifies a file that lists principal names that are accepted for " +"certificate authentication. When using certificates signed by a key listed " +"in E<.Cm TrustedUserCAKeys>, this file lists names, one of which must appear " +"in the certificate for it to be accepted for authentication. Names are " +"listed one per line preceded by key options (as described in E<.Sx " +"AUTHORIZED_KEYS FILE FORMAT> in E<.Xr sshd 8>). Empty lines and comments " +"starting with E<.Ql #> are ignored." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +msgid "" +"Arguments to E<.Cm AuthorizedPrincipalsFile> accept the tokens described in " +"the E<.Sx TOKENS> section. After expansion, E<.Cm AuthorizedPrincipalsFile> " +"is taken to be an absolute path or one relative to the user's home " +"directory. The default is E<.Cm none>, i.e. not to use a principals file " +"\\(en in this case, the username of the user must appear in a certificate's " +"principals list for it to be accepted." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +msgid "" +"Note that E<.Cm AuthorizedPrincipalsFile> is only used when authentication " +"proceeds using a CA listed in E<.Cm TrustedUserCAKeys> and is not consulted " +"for certification authorities trusted via E<.Pa ~/.ssh/authorized_keys>, " +"though the E<.Cm principals=> key option offers a similar facility (see E<." +"Xr sshd 8> for details)." +msgstr "" + +#. type: It +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +#, no-wrap +msgid "Cm Banner" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +msgid "" +"The contents of the specified file are sent to the remote user before " +"authentication is allowed. If the argument is E<.Cm none> then no banner is " +"displayed. By default, no banner is displayed." +msgstr "" + +#. type: It +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +#, no-wrap +msgid "Cm CASignatureAlgorithms" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable opensuse-tumbleweed +msgid "" +"Specifies which algorithms are allowed for signing of certificates by " +"certificate authorities (CAs). The default is:" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable opensuse-tumbleweed +#, no-wrap +msgid "" +"ssh-ed25519,ecdsa-sha2-nistp256,\n" +"ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,\n" +"sk-ssh-ed25519@openssh.com,\n" +"sk-ecdsa-sha2-nistp256@openssh.com,\n" +"rsa-sha2-512,rsa-sha2-256\n" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable opensuse-tumbleweed +msgid "" +"If the specified list begins with a E<.Sq +> character, then the specified " +"algorithms will be appended to the default set instead of replacing them. " +"If the specified list begins with a E<.Sq -> character, then the specified " +"algorithms (including wildcards) will be removed from the default set " +"instead of replacing them." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +msgid "" +"Certificates signed using other algorithms will not be accepted for public " +"key or host-based authentication." +msgstr "" + +#. type: It +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +#, no-wrap +msgid "Cm ChannelTimeout" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +msgid "" +"Specifies whether and how quickly E<.Xr sshd 8> should close inactive " +"channels. Timeouts are specified as one or more E<.Dq type=interval> pairs " +"separated by whitespace, where the E<.Dq type> must be a channel type name " +"(as described in the table below), optionally containing wildcard characters." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +msgid "" +"The timeout value E<.Dq interval> is specified in seconds or may use any of " +"the units documented in the E<.Sx TIME FORMATS> section. For example, E<.Dq " +"session:*=5m> would cause all sessions to terminate after five minutes of " +"inactivity. Specifying a zero value disables the inactivity timeout." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +msgid "The available channel types include:" +msgstr "" + +#. type: It +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +#, no-wrap +msgid "Cm agent-connection" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +msgid "Open connections to E<.Xr ssh-agent 1>." +msgstr "" + +#. type: It +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +#, no-wrap +msgid "Cm direct-tcpip , Cm direct-streamlocal@openssh.com" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +msgid "" +"Open TCP or Unix socket (respectively) connections that have been " +"established from a E<.Xr ssh 1> local forwarding, i.e.\\& E<.Cm " +"LocalForward> or E<.Cm DynamicForward>." +msgstr "" + +#. type: It +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +#, no-wrap +msgid "Cm forwarded-tcpip , Cm forwarded-streamlocal@openssh.com" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +msgid "" +"Open TCP or Unix socket (respectively) connections that have been " +"established to a E<.Xr sshd 8> listening on behalf of a E<.Xr ssh 1> remote " +"forwarding, i.e.\\& E<.Cm RemoteForward>." +msgstr "" + +#. type: It +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +#, no-wrap +msgid "Cm session:command" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +msgid "Command execution sessions." +msgstr "" + +#. type: It +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +#, no-wrap +msgid "Cm session:shell" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +msgid "Interactive shell sessions." +msgstr "" + +#. type: It +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +#, no-wrap +msgid "Cm session:subsystem:..." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +msgid "" +"Subsystem sessions, e.g. for E<.Xr sftp 1>, which could be identified as E<." +"Cm session:subsystem:sftp>." +msgstr "" + +#. type: It +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +#, no-wrap +msgid "Cm x11-connection" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +msgid "Open X11 forwarding sessions." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +msgid "" +"Note that in all the above cases, terminating an inactive session does not " +"guarantee to remove all resources associated with the session, e.g. shell " +"processes or X11 clients relating to the session may continue to execute." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +msgid "" +"Moreover, terminating an inactive channel or session does not necessarily " +"close the SSH connection, nor does it prevent a client from requesting " +"another channel of the same type. In particular, expiring an inactive " +"forwarding session does not prevent another identical forwarding from being " +"subsequently created. See also E<.Cm UnusedConnectionTimeout>, which may be " +"used in conjunction with this option." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +msgid "The default is not to expire channels of any type for inactivity." +msgstr "" + +#. type: It +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +#, no-wrap +msgid "Cm ChrootDirectory" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +msgid "" +"Specifies the pathname of a directory to E<.Xr chroot 2> to after " +"authentication. At session startup E<.Xr sshd 8> checks that all components " +"of the pathname are root-owned directories which are not writable by any " +"other user or group. After the chroot, E<.Xr sshd 8> changes the working " +"directory to the user's home directory. Arguments to E<.Cm ChrootDirectory> " +"accept the tokens described in the E<.Sx TOKENS> section." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +msgid "" +"The E<.Cm ChrootDirectory> must contain the necessary files and directories " +"to support the user's session. For an interactive session this requires at " +"least a shell, typically E<.Xr sh 1>, and basic E<.Pa /dev> nodes such as E<." +"Xr null 4>, E<.Xr zero 4>, E<.Xr stdin 4>, E<.Xr stdout 4>, E<.Xr stderr 4>, " +"and E<.Xr tty 4> devices. For file transfer sessions using SFTP no " +"additional configuration of the environment is necessary if the in-process " +"sftp-server is used, though sessions which use logging may require E<.Pa /" +"dev/log> inside the chroot directory on some operating systems (see E<.Xr " +"sftp-server 8> for details)." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +msgid "" +"For safety, it is very important that the directory hierarchy be prevented " +"from modification by other processes on the system (especially those outside " +"the jail). Misconfiguration can lead to unsafe environments which E<.Xr " +"sshd 8> cannot detect." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +msgid "The default is E<.Cm none>, indicating not to E<.Xr chroot 2>." +msgstr "" + +#. type: It +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +#, no-wrap +msgid "Cm Ciphers" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable opensuse-tumbleweed +msgid "" +"Specifies the ciphers allowed. Multiple ciphers must be comma-separated. " +"If the specified list begins with a E<.Sq +> character, then the specified " +"ciphers will be appended to the default set instead of replacing them. If " +"the specified list begins with a E<.Sq -> character, then the specified " +"ciphers (including wildcards) will be removed from the default set instead " +"of replacing them. If the specified list begins with a E<.Sq ^> character, " +"then the specified ciphers will be placed at the head of the default set." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +msgid "The supported ciphers are:" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +msgid "3des-cbc" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +msgid "aes128-cbc" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +msgid "aes192-cbc" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +msgid "aes256-cbc" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +msgid "aes128-ctr" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +msgid "aes192-ctr" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +msgid "aes256-ctr" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +msgid "aes128-gcm@openssh.com" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +msgid "aes256-gcm@openssh.com" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +msgid "chacha20-poly1305@openssh.com" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable opensuse-tumbleweed +msgid "The default is:" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable opensuse-tumbleweed +#, no-wrap +msgid "" +"chacha20-poly1305@openssh.com,\n" +"aes128-ctr,aes192-ctr,aes256-ctr,\n" +"aes128-gcm@openssh.com,aes256-gcm@openssh.com\n" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +msgid "" +"The list of available ciphers may also be obtained using E<.Qq ssh -Q " +"cipher>." +msgstr "" + +#. type: It +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +#, no-wrap +msgid "Cm ClientAliveCountMax" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +msgid "" +"Sets the number of client alive messages which may be sent without E<.Xr " +"sshd 8> receiving any messages back from the client. If this threshold is " +"reached while client alive messages are being sent, sshd will disconnect the " +"client, terminating the session. It is important to note that the use of " +"client alive messages is very different from E<.Cm TCPKeepAlive>. The " +"client alive messages are sent through the encrypted channel and therefore " +"will not be spoofable. The TCP keepalive option enabled by E<.Cm " +"TCPKeepAlive> is spoofable. The client alive mechanism is valuable when the " +"client or server depend on knowing when a connection has become unresponsive." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +msgid "" +"The default value is 3. If E<.Cm ClientAliveInterval> is set to 15, and E<." +"Cm ClientAliveCountMax> is left at the default, unresponsive SSH clients " +"will be disconnected after approximately 45 seconds. Setting a zero E<.Cm " +"ClientAliveCountMax> disables connection termination." +msgstr "" + +#. type: It +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +#, no-wrap +msgid "Cm ClientAliveInterval" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +msgid "" +"Sets a timeout interval in seconds after which if no data has been received " +"from the client, E<.Xr sshd 8> will send a message through the encrypted " +"channel to request a response from the client. The default is 0, indicating " +"that these messages will not be sent to the client." +msgstr "" + +#. type: It +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +#, no-wrap +msgid "Cm Compression" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +msgid "" +"Specifies whether compression is enabled after the user has authenticated " +"successfully. The argument must be E<.Cm yes>, E<.Cm delayed> (a legacy " +"synonym for E<.Cm yes>) or E<.Cm no>. The default is E<.Cm yes>." +msgstr "" + +#. type: It +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +#, no-wrap +msgid "Cm DenyGroups" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +msgid "" +"This keyword can be followed by a list of group name patterns, separated by " +"spaces. Login is disallowed for users whose primary group or supplementary " +"group list matches one of the patterns. Only group names are valid; a " +"numerical group ID is not recognized. By default, login is allowed for all " +"groups. The allow/deny groups directives are processed in the following " +"order: E<.Cm DenyGroups>, E<.Cm AllowGroups>." +msgstr "" + +#. type: It +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +#, no-wrap +msgid "Cm DenyUsers" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +msgid "" +"This keyword can be followed by a list of user name patterns, separated by " +"spaces. Login is disallowed for user names that match one of the patterns. " +"Only user names are valid; a numerical user ID is not recognized. By " +"default, login is allowed for all users. If the pattern takes the form " +"USER@HOST then USER and HOST are separately checked, restricting logins to " +"particular users from particular hosts. HOST criteria may additionally " +"contain addresses to match in CIDR address/masklen format. The allow/deny " +"users directives are processed in the following order: E<.Cm DenyUsers>, E<." +"Cm AllowUsers>." +msgstr "" + +#. type: It +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +#, no-wrap +msgid "Cm DisableForwarding" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +msgid "" +"Disables all forwarding features, including X11, E<.Xr ssh-agent 1>, TCP and " +"StreamLocal. This option overrides all other forwarding-related options and " +"may simplify restricted configurations." +msgstr "" + +#. type: It +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +#, no-wrap +msgid "Cm ExposeAuthInfo" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +msgid "" +"Writes a temporary file containing a list of authentication methods and " +"public credentials (e.g. keys) used to authenticate the user. The location " +"of the file is exposed to the user session through the E<.Ev SSH_USER_AUTH> " +"environment variable. The default is E<.Cm no>." +msgstr "" + +#. type: It +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +#, no-wrap +msgid "Cm FingerprintHash" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +msgid "" +"Specifies the hash algorithm used when logging key fingerprints. Valid " +"options are: E<.Cm md5> and E<.Cm sha256>. The default is E<.Cm sha256>." +msgstr "" + +#. type: It +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +#, no-wrap +msgid "Cm ForceCommand" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +msgid "" +"Forces the execution of the command specified by E<.Cm ForceCommand>, " +"ignoring any command supplied by the client and E<.Pa ~/.ssh/rc> if " +"present. The command is invoked by using the user's login shell with the -c " +"option. This applies to shell, command, or subsystem execution. It is most " +"useful inside a E<.Cm Match> block. The command originally supplied by the " +"client is available in the E<.Ev SSH_ORIGINAL_COMMAND> environment " +"variable. Specifying a command of E<.Cm internal-sftp> will force the use " +"of an in-process SFTP server that requires no support files when used with " +"E<.Cm ChrootDirectory>. The default is E<.Cm none>." +msgstr "" + +#. type: It +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +#, no-wrap +msgid "Cm GatewayPorts" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +msgid "" +"Specifies whether remote hosts are allowed to connect to ports forwarded for " +"the client. By default, E<.Xr sshd 8> binds remote port forwardings to the " +"loopback address. This prevents other remote hosts from connecting to " +"forwarded ports. E<.Cm GatewayPorts> can be used to specify that sshd " +"should allow remote port forwardings to bind to non-loopback addresses, thus " +"allowing other hosts to connect. The argument may be E<.Cm no> to force " +"remote port forwardings to be available to the local host only, E<.Cm yes> " +"to force remote port forwardings to bind to the wildcard address, or E<.Cm " +"clientspecified> to allow the client to select the address to which the " +"forwarding is bound. The default is E<.Cm no>." +msgstr "" + +#. type: It +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +#, no-wrap +msgid "Cm GSSAPIAuthentication" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +msgid "" +"Specifies whether user authentication based on GSSAPI is allowed. The " +"default is E<.Cm no>." +msgstr "" + +#. type: It +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +#, no-wrap +msgid "Cm GSSAPICleanupCredentials" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +msgid "" +"Specifies whether to automatically destroy the user's credentials cache on " +"logout. The default is E<.Cm yes>." +msgstr "" + +#. type: It +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +#, no-wrap +msgid "Cm GSSAPIStrictAcceptorCheck" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +msgid "" +"Determines whether to be strict about the identity of the GSSAPI acceptor a " +"client authenticates against. If set to E<.Cm yes> then the client must " +"authenticate against the host service on the current hostname. If set to E<." +"Cm no> then the client may authenticate against any service key stored in " +"the machine's default store. This facility is provided to assist with " +"operation on multi homed machines. The default is E<.Cm yes>." +msgstr "" + +#. type: It +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +#, no-wrap +msgid "Cm HostbasedAcceptedAlgorithms" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable mageia-cauldron +#: opensuse-tumbleweed +msgid "" +"Specifies the signature algorithms that will be accepted for hostbased " +"authentication as a list of comma-separated patterns. Alternately if the " +"specified list begins with a E<.Sq +> character, then the specified " +"signature algorithms will be appended to the default set instead of " +"replacing them. If the specified list begins with a E<.Sq -> character, " +"then the specified signature algorithms (including wildcards) will be " +"removed from the default set instead of replacing them. If the specified " +"list begins with a E<.Sq ^> character, then the specified signature " +"algorithms will be placed at the head of the default set. The default for " +"this option is:" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable mageia-cauldron +#: opensuse-tumbleweed +#, no-wrap +msgid "" +"ssh-ed25519-cert-v01@openssh.com,\n" +"ecdsa-sha2-nistp256-cert-v01@openssh.com,\n" +"ecdsa-sha2-nistp384-cert-v01@openssh.com,\n" +"ecdsa-sha2-nistp521-cert-v01@openssh.com,\n" +"sk-ssh-ed25519-cert-v01@openssh.com,\n" +"sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,\n" +"rsa-sha2-512-cert-v01@openssh.com,\n" +"rsa-sha2-256-cert-v01@openssh.com,\n" +"ssh-ed25519,\n" +"ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,\n" +"sk-ssh-ed25519@openssh.com,\n" +"sk-ecdsa-sha2-nistp256@openssh.com,\n" +"rsa-sha2-512,rsa-sha2-256\n" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +msgid "" +"The list of available signature algorithms may also be obtained using E<.Qq " +"ssh -Q HostbasedAcceptedAlgorithms>. This was formerly named " +"HostbasedAcceptedKeyTypes." +msgstr "" + +#. type: It +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +#, no-wrap +msgid "Cm HostbasedAuthentication" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +msgid "" +"Specifies whether rhosts or /etc/hosts.equiv authentication together with " +"successful public key client host authentication is allowed (host-based " +"authentication). The default is E<.Cm no>." +msgstr "" + +#. type: It +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +#, no-wrap +msgid "Cm HostbasedUsesNameFromPacketOnly" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +msgid "" +"Specifies whether or not the server will attempt to perform a reverse name " +"lookup when matching the name in the E<.Pa ~/.shosts>, E<.Pa ~/.rhosts>, and " +"E<.Pa /etc/hosts.equiv> files during E<.Cm HostbasedAuthentication>. A " +"setting of E<.Cm yes> means that E<.Xr sshd 8> uses the name supplied by the " +"client rather than attempting to resolve the name from the TCP connection " +"itself. The default is E<.Cm no>." +msgstr "" + +#. type: It +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +#, no-wrap +msgid "Cm HostCertificate" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +msgid "" +"Specifies a file containing a public host certificate. The certificate's " +"public key must match a private host key already specified by E<.Cm " +"HostKey>. The default behaviour of E<.Xr sshd 8> is not to load any " +"certificates." +msgstr "" + +#. type: It +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +#, no-wrap +msgid "Cm HostKey" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +msgid "" +"Specifies a file containing a private host key used by SSH. The defaults " +"are E<.Pa /etc/ssh/ssh_host_ecdsa_key>, E<.Pa /etc/ssh/ssh_host_ed25519_key> " +"and E<.Pa /etc/ssh/ssh_host_rsa_key>." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +msgid "" +"Note that E<.Xr sshd 8> will refuse to use a file if it is group/world-" +"accessible and that the E<.Cm HostKeyAlgorithms> option restricts which of " +"the keys are actually used by E<.Xr sshd 8>." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +msgid "" +"It is possible to have multiple host key files. It is also possible to " +"specify public host key files instead. In this case operations on the " +"private key will be delegated to an E<.Xr ssh-agent 1>." +msgstr "" + +#. type: It +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +#, no-wrap +msgid "Cm HostKeyAgent" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +msgid "" +"Identifies the UNIX-domain socket used to communicate with an agent that has " +"access to the private host keys. If the string E<.Qq SSH_AUTH_SOCK> is " +"specified, the location of the socket will be read from the E<.Ev " +"SSH_AUTH_SOCK> environment variable." +msgstr "" + +#. type: It +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +#, no-wrap +msgid "Cm HostKeyAlgorithms" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable opensuse-tumbleweed +msgid "" +"Specifies the host key signature algorithms that the server offers. The " +"default for this option is:" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable opensuse-tumbleweed +msgid "" +"The list of available signature algorithms may also be obtained using E<.Qq " +"ssh -Q HostKeyAlgorithms>." +msgstr "" + +#. type: It +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +#, no-wrap +msgid "Cm IgnoreRhosts" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron +msgid "" +"Specifies whether to ignore per-user E<.Pa .rhosts> and E<.Pa .shosts> files " +"during E<.Cm HostbasedAuthentication>. The system-wide E<.Pa /etc/hosts." +"equiv> and E<.Pa /etc/ssh/shosts.equiv> are still used regardless of this " +"setting." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +msgid "" +"Accepted values are E<.Cm yes> (the default) to ignore all per-user files, " +"E<.Cm shosts-only> to allow the use of E<.Pa .shosts> but to ignore E<.Pa ." +"rhosts> or E<.Cm no> to allow both E<.Pa .shosts> and E<.Pa rhosts>." +msgstr "" + +#. type: It +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +#, no-wrap +msgid "Cm IgnoreUserKnownHosts" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +msgid "" +"Specifies whether E<.Xr sshd 8> should ignore the user's E<.Pa ~/.ssh/" +"known_hosts> during E<.Cm HostbasedAuthentication> and use only the system-" +"wide known hosts file E<.Pa /etc/ssh/ssh_known_hosts>. The default is E<.Dq " +"no>." +msgstr "" + +#. type: It +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +#, no-wrap +msgid "Cm Include" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +msgid "" +"Include the specified configuration file(s). Multiple pathnames may be " +"specified and each pathname may contain E<.Xr glob 7> wildcards that will be " +"expanded and processed in lexical order. Files without absolute paths are " +"assumed to be in E<.Pa /etc/ssh>. An E<.Cm Include> directive may appear " +"inside a E<.Cm Match> block to perform conditional inclusion." +msgstr "" + +#. type: It +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +#, no-wrap +msgid "Cm IPQoS" +msgstr "" + +#. type: Plain text +#: archlinux fedora-40 fedora-rawhide mageia-cauldron +msgid "" +"Specifies the IPv4 type-of-service or DSCP class for the connection. " +"Accepted values are E<.Cm af11>, E<.Cm af12>, E<.Cm af13>, E<.Cm af21>, E<." +"Cm af22>, E<.Cm af23>, E<.Cm af31>, E<.Cm af32>, E<.Cm af33>, E<.Cm af41>, " +"E<.Cm af42>, E<.Cm af43>, E<.Cm cs0>, E<.Cm cs1>, E<.Cm cs2>, E<.Cm cs3>, E<." +"Cm cs4>, E<.Cm cs5>, E<.Cm cs6>, E<.Cm cs7>, E<.Cm ef>, E<.Cm le>, E<.Cm " +"lowdelay>, E<.Cm throughput>, E<.Cm reliability>, a numeric value, or E<.Cm " +"none> to use the operating system default. This option may take one or two " +"arguments, separated by whitespace. If one argument is specified, it is " +"used as the packet class unconditionally. If two values are specified, the " +"first is automatically selected for interactive sessions and the second for " +"non-interactive sessions. The default is E<.Cm af21> (Low-Latency Data) " +"for interactive sessions and E<.Cm cs1> (Lower Effort) for non-interactive " +"sessions." +msgstr "" + +#. type: It +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +#, no-wrap +msgid "Cm KbdInteractiveAuthentication" +msgstr "" + +#. type: Plain text +#: archlinux fedora-40 fedora-rawhide mageia-cauldron +msgid "" +"Specifies whether to allow keyboard-interactive authentication. All " +"authentication styles from E<.Xr login.conf 5> are supported. The default " +"is E<.Cm yes>. The argument to this keyword must be E<.Cm yes> or E<.Cm " +"no>. E<.Cm ChallengeResponseAuthentication> is a deprecated alias for this." +msgstr "" + +#. type: It +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +#, no-wrap +msgid "Cm KerberosAuthentication" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +msgid "" +"Specifies whether the password provided by the user for E<.Cm " +"PasswordAuthentication> will be validated through the Kerberos KDC. To use " +"this option, the server needs a Kerberos servtab which allows the " +"verification of the KDC's identity. The default is E<.Cm no>." +msgstr "" + +#. type: It +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +#, no-wrap +msgid "Cm KerberosGetAFSToken" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +msgid "" +"If AFS is active and the user has a Kerberos 5 TGT, attempt to acquire an " +"AFS token before accessing the user's home directory. The default is E<.Cm " +"no>." +msgstr "" + +#. type: It +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +#, no-wrap +msgid "Cm KerberosOrLocalPasswd" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +msgid "" +"If password authentication through Kerberos fails then the password will be " +"validated via any additional local mechanism such as E<.Pa /etc/passwd>. " +"The default is E<.Cm yes>." +msgstr "" + +#. type: It +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +#, no-wrap +msgid "Cm KerberosTicketCleanup" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +msgid "" +"Specifies whether to automatically destroy the user's ticket cache file on " +"logout. The default is E<.Cm yes>." +msgstr "" + +#. type: It +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +#, no-wrap +msgid "Cm KexAlgorithms" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable opensuse-tumbleweed +msgid "" +"Specifies the available KEX (Key Exchange) algorithms. Multiple algorithms " +"must be comma-separated. Alternately if the specified list begins with a E<." +"Sq +> character, then the specified algorithms will be appended to the " +"default set instead of replacing them. If the specified list begins with a " +"E<.Sq -> character, then the specified algorithms (including wildcards) will " +"be removed from the default set instead of replacing them. If the specified " +"list begins with a E<.Sq ^> character, then the specified algorithms will be " +"placed at the head of the default set. The supported algorithms are:" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +msgid "curve25519-sha256" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +msgid "curve25519-sha256@libssh.org" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +msgid "diffie-hellman-group1-sha1" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +msgid "diffie-hellman-group14-sha1" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +msgid "diffie-hellman-group14-sha256" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +msgid "diffie-hellman-group16-sha512" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +msgid "diffie-hellman-group18-sha512" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +msgid "diffie-hellman-group-exchange-sha1" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +msgid "diffie-hellman-group-exchange-sha256" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +msgid "ecdh-sha2-nistp256" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +msgid "ecdh-sha2-nistp384" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +msgid "ecdh-sha2-nistp521" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +msgid "sntrup761x25519-sha512@openssh.com" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable +#, no-wrap +msgid "" +"sntrup761x25519-sha512@openssh.com,\n" +"curve25519-sha256,curve25519-sha256@libssh.org,\n" +"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,\n" +"diffie-hellman-group-exchange-sha256,\n" +"diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,\n" +"diffie-hellman-group14-sha256\n" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +msgid "" +"The list of available key exchange algorithms may also be obtained using E<." +"Qq ssh -Q KexAlgorithms>." +msgstr "" + +#. type: It +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +#, no-wrap +msgid "Cm ListenAddress" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +msgid "" +"Specifies the local addresses E<.Xr sshd 8> should listen on. The following " +"forms may be used:" +msgstr "" + +#. type: Plain text +#: archlinux fedora-40 fedora-rawhide mageia-cauldron opensuse-tumbleweed +msgid "" +"E<.Cm ListenAddress> E<.Sm off> E<.Ar hostname | address> E<.Sm on> E<.Op Cm " +"rdomain Ar domain>" +msgstr "" + +#. type: Plain text +#: archlinux fedora-40 fedora-rawhide mageia-cauldron opensuse-tumbleweed +msgid "" +"E<.Cm ListenAddress> E<.Sm off> E<.Ar hostname : port> E<.Sm on> E<.Op Cm " +"rdomain Ar domain>" +msgstr "" + +#. type: Plain text +#: archlinux fedora-40 fedora-rawhide mageia-cauldron opensuse-tumbleweed +msgid "" +"E<.Cm ListenAddress> E<.Sm off> E<.Ar IPv4_address : port> E<.Sm on> E<.Op " +"Cm rdomain Ar domain>" +msgstr "" + +#. type: Plain text +#: archlinux fedora-40 fedora-rawhide mageia-cauldron opensuse-tumbleweed +msgid "" +"E<.Cm ListenAddress> E<.Sm off> E<.Oo Ar hostname | address Oc : Ar port> E<." +"Sm on> E<.Op Cm rdomain Ar domain>" +msgstr "" + +#. type: Plain text +#: archlinux fedora-40 fedora-rawhide mageia-cauldron opensuse-tumbleweed +msgid "" +"The optional E<.Cm rdomain> qualifier requests E<.Xr sshd 8> listen in an " +"explicit routing domain. If E<.Ar port> is not specified, sshd will listen " +"on the address and all E<.Cm Port> options specified. The default is to " +"listen on all local addresses on the current default routing domain. " +"Multiple E<.Cm ListenAddress> options are permitted. For more information " +"on routing domains, see E<.Xr rdomain 4>." +msgstr "" + +#. type: It +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +#, no-wrap +msgid "Cm LoginGraceTime" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +msgid "" +"The server disconnects after this time if the user has not successfully " +"logged in. If the value is 0, there is no time limit. The default is 120 " +"seconds." +msgstr "" + +#. type: It +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +#, no-wrap +msgid "Cm LogLevel" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +msgid "" +"Gives the verbosity level that is used when logging messages from E<.Xr sshd " +"8>. The possible values are: QUIET, FATAL, ERROR, INFO, VERBOSE, DEBUG, " +"DEBUG1, DEBUG2, and DEBUG3. The default is INFO. DEBUG and DEBUG1 are " +"equivalent. DEBUG2 and DEBUG3 each specify higher levels of debugging " +"output. Logging with a DEBUG level violates the privacy of users and is not " +"recommended." +msgstr "" + +#. type: It +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +#, no-wrap +msgid "Cm LogVerbose" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +msgid "" +"Specify one or more overrides to LogLevel. An override consists of a " +"pattern lists that matches the source file, function and line number to " +"force detailed logging for. For example, an override pattern of:" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +#, no-wrap +msgid "kex.c:*:1000,*:kex_exchange_identification():*,packet.c:*\n" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +msgid "" +"would enable detailed logging for line 1000 of E<.Pa kex.c>, everything in " +"the E<.Fn kex_exchange_identification> function, and all code in the E<.Pa " +"packet.c> file. This option is intended for debugging and no overrides are " +"enabled by default." +msgstr "" + +#. type: It +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +#, no-wrap +msgid "Cm MACs" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable opensuse-tumbleweed +msgid "" +"Specifies the available MAC (message authentication code) algorithms. The " +"MAC algorithm is used for data integrity protection. Multiple algorithms " +"must be comma-separated. If the specified list begins with a E<.Sq +> " +"character, then the specified algorithms will be appended to the default set " +"instead of replacing them. If the specified list begins with a E<.Sq -> " +"character, then the specified algorithms (including wildcards) will be " +"removed from the default set instead of replacing them. If the specified " +"list begins with a E<.Sq ^> character, then the specified algorithms will be " +"placed at the head of the default set." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +msgid "" +"The algorithms that contain E<.Qq -etm> calculate the MAC after encryption " +"(encrypt-then-mac). These are considered safer and their use recommended. " +"The supported MACs are:" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +msgid "hmac-md5" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +msgid "hmac-md5-96" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +msgid "hmac-sha1" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +msgid "hmac-sha1-96" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +msgid "hmac-sha2-256" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +msgid "hmac-sha2-512" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +msgid "umac-64@openssh.com" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +msgid "umac-128@openssh.com" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +msgid "hmac-md5-etm@openssh.com" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +msgid "hmac-md5-96-etm@openssh.com" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +msgid "hmac-sha1-etm@openssh.com" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +msgid "hmac-sha1-96-etm@openssh.com" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +msgid "hmac-sha2-256-etm@openssh.com" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +msgid "hmac-sha2-512-etm@openssh.com" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +msgid "umac-64-etm@openssh.com" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +msgid "umac-128-etm@openssh.com" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable opensuse-tumbleweed +#, no-wrap +msgid "" +"umac-64-etm@openssh.com,umac-128-etm@openssh.com,\n" +"hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,\n" +"hmac-sha1-etm@openssh.com,\n" +"umac-64@openssh.com,umac-128@openssh.com,\n" +"hmac-sha2-256,hmac-sha2-512,hmac-sha1\n" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +msgid "" +"The list of available MAC algorithms may also be obtained using E<.Qq ssh -Q " +"mac>." +msgstr "" + +#. type: It +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +#, no-wrap +msgid "Cm Match" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +msgid "" +"Introduces a conditional block. If all of the criteria on the E<.Cm Match> " +"line are satisfied, the keywords on the following lines override those set " +"in the global section of the config file, until either another E<.Cm Match> " +"line or the end of the file. If a keyword appears in multiple E<.Cm Match> " +"blocks that are satisfied, only the first instance of the keyword is applied." +msgstr "" + +#. type: Plain text +#: archlinux fedora-40 fedora-rawhide mageia-cauldron opensuse-tumbleweed +msgid "" +"The arguments to E<.Cm Match> are one or more criteria-pattern pairs or the " +"single token E<.Cm All> which matches all criteria. The available criteria " +"are E<.Cm User>, E<.Cm Group>, E<.Cm Host>, E<.Cm LocalAddress>, E<.Cm " +"LocalPort>, E<.Cm RDomain>, and E<.Cm Address> (with E<.Cm RDomain> " +"representing the E<.Xr rdomain 4> on which the connection was received)." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +msgid "" +"The match patterns may consist of single entries or comma-separated lists " +"and may use the wildcard and negation operators described in the E<.Sx " +"PATTERNS> section of E<.Xr ssh_config 5>." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +msgid "" +"The patterns in an E<.Cm Address> criteria may additionally contain " +"addresses to match in CIDR address/masklen format, such as 192.0.2.0/24 or " +"2001:db8::/32. Note that the mask length provided must be consistent with " +"the address - it is an error to specify a mask length that is too long for " +"the address or one with bits set in this host portion of the address. For " +"example, 192.0.2.0/33 and 192.0.2.0/8, respectively." +msgstr "" + +#. type: Plain text +#: archlinux opensuse-tumbleweed +msgid "" +"Only a subset of keywords may be used on the lines following a E<.Cm Match> " +"keyword. Available keywords are E<.Cm AcceptEnv>, E<.Cm " +"AllowAgentForwarding>, E<.Cm AllowGroups>, E<.Cm " +"AllowStreamLocalForwarding>, E<.Cm AllowTcpForwarding>, E<.Cm AllowUsers>, " +"E<.Cm AuthenticationMethods>, E<.Cm AuthorizedKeysCommand>, E<.Cm " +"AuthorizedKeysCommandUser>, E<.Cm AuthorizedKeysFile>, E<.Cm " +"AuthorizedPrincipalsCommand>, E<.Cm AuthorizedPrincipalsCommandUser>, E<.Cm " +"AuthorizedPrincipalsFile>, E<.Cm Banner>, E<.Cm CASignatureAlgorithms>, E<." +"Cm ChannelTimeout>, E<.Cm ChrootDirectory>, E<.Cm ClientAliveCountMax>, E<." +"Cm ClientAliveInterval>, E<.Cm DenyGroups>, E<.Cm DenyUsers>, E<.Cm " +"DisableForwarding>, E<.Cm ExposeAuthInfo>, E<.Cm ForceCommand>, E<.Cm " +"GatewayPorts>, E<.Cm GSSAPIAuthentication>, E<.Cm " +"HostbasedAcceptedAlgorithms>, E<.Cm HostbasedAuthentication>, E<.Cm " +"HostbasedUsesNameFromPacketOnly>, E<.Cm IgnoreRhosts>, E<.Cm Include>, E<.Cm " +"IPQoS>, E<.Cm KbdInteractiveAuthentication>, E<.Cm KerberosAuthentication>, " +"E<.Cm LogLevel>, E<.Cm MaxAuthTries>, E<.Cm MaxSessions>, E<.Cm " +"PasswordAuthentication>, E<.Cm PermitEmptyPasswords>, E<.Cm PermitListen>, " +"E<.Cm PermitOpen>, E<.Cm PermitRootLogin>, E<.Cm PermitTTY>, E<.Cm " +"PermitTunnel>, E<.Cm PermitUserRC>, E<.Cm PubkeyAcceptedAlgorithms>, E<.Cm " +"PubkeyAuthentication>, E<.Cm PubkeyAuthOptions>, E<.Cm RekeyLimit>, E<.Cm " +"RevokedKeys>, E<.Cm RDomain>, E<.Cm SetEnv>, E<.Cm StreamLocalBindMask>, E<." +"Cm StreamLocalBindUnlink>, E<.Cm TrustedUserCAKeys>, E<.Cm " +"UnusedConnectionTimeout>, E<.Cm X11DisplayOffset>, E<.Cm X11Forwarding> and " +"E<.Cm X11UseLocalhost>." +msgstr "" + +#. type: It +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +#, no-wrap +msgid "Cm MaxAuthTries" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +msgid "" +"Specifies the maximum number of authentication attempts permitted per " +"connection. Once the number of failures reaches half this value, additional " +"failures are logged. The default is 6." +msgstr "" + +#. type: It +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +#, no-wrap +msgid "Cm MaxSessions" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +msgid "" +"Specifies the maximum number of open shell, login or subsystem (e.g. sftp) " +"sessions permitted per network connection. Multiple sessions may be " +"established by clients that support connection multiplexing. Setting E<.Cm " +"MaxSessions> to 1 will effectively disable session multiplexing, whereas " +"setting it to 0 will prevent all shell, login and subsystem sessions while " +"still permitting forwarding. The default is 10." +msgstr "" + +#. type: It +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +#, no-wrap +msgid "Cm MaxStartups" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +msgid "" +"Specifies the maximum number of concurrent unauthenticated connections to " +"the SSH daemon. Additional connections will be dropped until authentication " +"succeeds or the E<.Cm LoginGraceTime> expires for a connection. The default " +"is 10:30:100." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +msgid "" +"Alternatively, random early drop can be enabled by specifying the three " +"colon separated values start:rate:full (e.g. \"10:30:60\"). E<.Xr sshd 8> " +"will refuse connection attempts with a probability of rate/100 (30%) if " +"there are currently start (10) unauthenticated connections. The probability " +"increases linearly and all connection attempts are refused if the number of " +"unauthenticated connections reaches full (60)." +msgstr "" + +#. type: It +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +#, no-wrap +msgid "Cm ModuliFile" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +msgid "" +"Specifies the E<.Xr moduli 5> file that contains the Diffie-Hellman groups " +"used for the E<.Dq diffie-hellman-group-exchange-sha1> and E<.Dq diffie-" +"hellman-group-exchange-sha256> key exchange methods. The default is E<.Pa /" +"etc/ssh/moduli>." +msgstr "" + +#. type: It +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +#, no-wrap +msgid "Cm PasswordAuthentication" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +msgid "" +"Specifies whether password authentication is allowed. The default is E<.Cm " +"yes>." +msgstr "" + +#. type: It +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +#, no-wrap +msgid "Cm PermitEmptyPasswords" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +msgid "" +"When password authentication is allowed, it specifies whether the server " +"allows login to accounts with empty password strings. The default is E<.Cm " +"no>." +msgstr "" + +#. type: It +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +#, no-wrap +msgid "Cm PermitListen" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +msgid "" +"Specifies the addresses/ports on which a remote TCP port forwarding may " +"listen. The listen specification must be one of the following forms:" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +msgid "E<.Cm PermitListen> E<.Sm off> E<.Ar port> E<.Sm on>" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +msgid "E<.Cm PermitListen> E<.Sm off> E<.Ar host : port> E<.Sm on>" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +msgid "" +"Multiple permissions may be specified by separating them with whitespace. " +"An argument of E<.Cm any> can be used to remove all restrictions and permit " +"any listen requests. An argument of E<.Cm none> can be used to prohibit all " +"listen requests. The host name may contain wildcards as described in the " +"PATTERNS section in E<.Xr ssh_config 5>. The wildcard E<.Sq *> can also be " +"used in place of a port number to allow all ports. By default all port " +"forwarding listen requests are permitted. Note that the E<.Cm GatewayPorts> " +"option may further restrict which addresses may be listened on. Note also " +"that E<.Xr ssh 1> will request a listen host of E<.Dq localhost> if no " +"listen host was specifically requested, and this name is treated differently " +"to explicit localhost addresses of E<.Dq 127.0.0.1> and E<.Dq ::1>." +msgstr "" + +#. type: It +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +#, no-wrap +msgid "Cm PermitOpen" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +msgid "" +"Specifies the destinations to which TCP port forwarding is permitted. The " +"forwarding specification must be one of the following forms:" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +msgid "E<.Cm PermitOpen> E<.Sm off> E<.Ar host : port> E<.Sm on>" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +msgid "E<.Cm PermitOpen> E<.Sm off> E<.Ar IPv4_addr : port> E<.Sm on>" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +msgid "" +"E<.Cm PermitOpen> E<.Sm off> E<.Ar \\&[ IPv6_addr \\&] : port> E<.Sm on>" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +msgid "" +"Multiple forwards may be specified by separating them with whitespace. An " +"argument of E<.Cm any> can be used to remove all restrictions and permit any " +"forwarding requests. An argument of E<.Cm none> can be used to prohibit all " +"forwarding requests. The wildcard E<.Sq *> can be used for host or port to " +"allow all hosts or ports respectively. Otherwise, no pattern matching or " +"address lookups are performed on supplied names. By default all port " +"forwarding requests are permitted." +msgstr "" + +#. type: It +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +#, no-wrap +msgid "Cm PermitRootLogin" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +msgid "" +"Specifies whether root can log in using E<.Xr ssh 1>. The argument must be " +"E<.Cm yes>, E<.Cm prohibit-password>, E<.Cm forced-commands-only>, or E<.Cm " +"no>. The default is E<.Cm prohibit-password>." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +msgid "" +"If this option is set to E<.Cm prohibit-password> (or its deprecated alias, " +"E<.Cm without-password>), password and keyboard-interactive authentication " +"are disabled for root." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +msgid "" +"If this option is set to E<.Cm forced-commands-only>, root login with public " +"key authentication will be allowed, but only if the E<.Ar command> option " +"has been specified (which may be useful for taking remote backups even if " +"root login is normally not allowed). All other authentication methods are " +"disabled for root." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +msgid "If this option is set to E<.Cm no>, root is not allowed to log in." +msgstr "" + +#. type: It +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +#, no-wrap +msgid "Cm PermitTTY" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +msgid "" +"Specifies whether E<.Xr pty 4> allocation is permitted. The default is E<." +"Cm yes>." +msgstr "" + +#. type: It +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +#, no-wrap +msgid "Cm PermitTunnel" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +msgid "" +"Specifies whether E<.Xr tun 4> device forwarding is allowed. The argument " +"must be E<.Cm yes>, E<.Cm point-to-point> (layer 3), E<.Cm ethernet> (layer " +"2), or E<.Cm no>. Specifying E<.Cm yes> permits both E<.Cm point-to-point> " +"and E<.Cm ethernet>. The default is E<.Cm no>." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +msgid "" +"Independent of this setting, the permissions of the selected E<.Xr tun 4> " +"device must allow access to the user." +msgstr "" + +#. type: It +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +#, no-wrap +msgid "Cm PermitUserEnvironment" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +msgid "" +"Specifies whether E<.Pa ~/.ssh/environment> and E<.Cm environment=> options " +"in E<.Pa ~/.ssh/authorized_keys> are processed by E<.Xr sshd 8>. Valid " +"options are E<.Cm yes>, E<.Cm no> or a pattern-list specifying which " +"environment variable names to accept (for example E<.Qq LANG,LC_*>). The " +"default is E<.Cm no>. Enabling environment processing may enable users to " +"bypass access restrictions in some configurations using mechanisms such as " +"E<.Ev LD_PRELOAD>." +msgstr "" + +#. type: It +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +#, no-wrap +msgid "Cm PermitUserRC" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +msgid "" +"Specifies whether any E<.Pa ~/.ssh/rc> file is executed. The default is E<." +"Cm yes>." +msgstr "" + +#. type: It +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +#, no-wrap +msgid "Cm PerSourceMaxStartups" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +msgid "" +"Specifies the number of unauthenticated connections allowed from a given " +"source address, or E<.Dq none> if there is no limit. This limit is applied " +"in addition to E<.Cm MaxStartups>, whichever is lower. The default is E<.Cm " +"none>." +msgstr "" + +#. type: It +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +#, no-wrap +msgid "Cm PerSourceNetBlockSize" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +msgid "" +"Specifies the number of bits of source address that are grouped together for " +"the purposes of applying PerSourceMaxStartups limits. Values for IPv4 and " +"optionally IPv6 may be specified, separated by a colon. The default is E<." +"Cm 32:128>, which means each address is considered individually." +msgstr "" + +#. type: It +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +#, no-wrap +msgid "Cm PidFile" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable opensuse-tumbleweed +msgid "" +"Specifies the file that contains the process ID of the SSH daemon, or E<.Cm " +"none> to not write one. The default is E<.Pa /run/sshd.pid>." +msgstr "" + +#. type: It +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +#, no-wrap +msgid "Cm Port" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +msgid "" +"Specifies the port number that E<.Xr sshd 8> listens on. The default is " +"22. Multiple options of this type are permitted. See also E<.Cm " +"ListenAddress>." +msgstr "" + +#. type: It +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +#, no-wrap +msgid "Cm PrintLastLog" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +msgid "" +"Specifies whether E<.Xr sshd 8> should print the date and time of the last " +"user login when a user logs in interactively. The default is E<.Cm yes>." +msgstr "" + +#. type: It +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +#, no-wrap +msgid "Cm PrintMotd" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +msgid "" +"Specifies whether E<.Xr sshd 8> should print E<.Pa /etc/motd> when a user " +"logs in interactively. (On some systems it is also printed by the shell, E<." +"Pa /etc/profile>, or equivalent.) The default is E<.Cm yes>." +msgstr "" + +#. type: It +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +#, no-wrap +msgid "Cm PubkeyAcceptedAlgorithms" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable opensuse-tumbleweed +msgid "" +"Specifies the signature algorithms that will be accepted for public key " +"authentication as a list of comma-separated patterns. Alternately if the " +"specified list begins with a E<.Sq +> character, then the specified " +"algorithms will be appended to the default set instead of replacing them. " +"If the specified list begins with a E<.Sq -> character, then the specified " +"algorithms (including wildcards) will be removed from the default set " +"instead of replacing them. If the specified list begins with a E<.Sq ^> " +"character, then the specified algorithms will be placed at the head of the " +"default set. The default for this option is:" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +msgid "" +"The list of available signature algorithms may also be obtained using E<.Qq " +"ssh -Q PubkeyAcceptedAlgorithms>." +msgstr "" + +#. type: It +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +#, no-wrap +msgid "Cm PubkeyAuthOptions" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +msgid "" +"Sets one or more public key authentication options. The supported keywords " +"are: E<.Cm none> (the default; indicating no additional options are " +"enabled), E<.Cm touch-required> and E<.Cm verify-required>." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +msgid "" +"The E<.Cm touch-required> option causes public key authentication using a " +"FIDO authenticator algorithm (i.e.\\& E<.Cm ecdsa-sk> or E<.Cm ed25519-sk>) " +"to always require the signature to attest that a physically present user " +"explicitly confirmed the authentication (usually by touching the " +"authenticator). By default, E<.Xr sshd 8> requires user presence unless " +"overridden with an authorized_keys option. The E<.Cm touch-required> flag " +"disables this override." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +msgid "" +"The E<.Cm verify-required> option requires a FIDO key signature attest that " +"the user was verified, e.g. via a PIN." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +msgid "" +"Neither the E<.Cm touch-required> or E<.Cm verify-required> options have any " +"effect for other, non-FIDO, public key types." +msgstr "" + +#. type: It +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +#, no-wrap +msgid "Cm PubkeyAuthentication" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +msgid "" +"Specifies whether public key authentication is allowed. The default is E<." +"Cm yes>." +msgstr "" + +#. type: It +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +#, no-wrap +msgid "Cm RekeyLimit" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +msgid "" +"Specifies the maximum amount of data that may be transmitted or received " +"before the session key is renegotiated, optionally followed by a maximum " +"amount of time that may pass before the session key is renegotiated. The " +"first argument is specified in bytes and may have a suffix of E<.Sq K>, E<." +"Sq M>, or E<.Sq G> to indicate Kilobytes, Megabytes, or Gigabytes, " +"respectively. The default is between E<.Sq 1G> and E<.Sq 4G>, depending on " +"the cipher. The optional second value is specified in seconds and may use " +"any of the units documented in the E<.Sx TIME FORMATS> section. The default " +"value for E<.Cm RekeyLimit> is E<.Cm default none>, which means that " +"rekeying is performed after the cipher's default amount of data has been " +"sent or received and no time based rekeying is done." +msgstr "" + +#. type: It +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +#, no-wrap +msgid "Cm RequiredRSASize" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +msgid "" +"Specifies the minimum RSA key size (in bits) that E<.Xr sshd 8> will " +"accept. User and host-based authentication keys smaller than this limit " +"will be refused. The default is E<.Cm 1024> bits. Note that this limit may " +"only be raised from the default." +msgstr "" + +#. type: It +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +#, no-wrap +msgid "Cm RevokedKeys" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +msgid "" +"Specifies revoked public keys file, or E<.Cm none> to not use one. Keys " +"listed in this file will be refused for public key authentication. Note " +"that if this file is not readable, then public key authentication will be " +"refused for all users. Keys may be specified as a text file, listing one " +"public key per line, or as an OpenSSH Key Revocation List (KRL) as generated " +"by E<.Xr ssh-keygen 1>. For more information on KRLs, see the KEY " +"REVOCATION LISTS section in E<.Xr ssh-keygen 1>." +msgstr "" + +#. type: It +#: archlinux fedora-40 fedora-rawhide mageia-cauldron opensuse-tumbleweed +#, no-wrap +msgid "Cm RDomain" +msgstr "" + +#. type: Plain text +#: archlinux fedora-40 fedora-rawhide mageia-cauldron opensuse-tumbleweed +msgid "" +"Specifies an explicit routing domain that is applied after authentication " +"has completed. The user session, as well as any forwarded or listening IP " +"sockets, will be bound to this E<.Xr rdomain 4>. If the routing domain is " +"set to E<.Cm \\&%D>, then the domain in which the incoming connection was " +"received will be applied." +msgstr "" + +#. type: It +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +#, no-wrap +msgid "Cm SecurityKeyProvider" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +msgid "" +"Specifies a path to a library that will be used when loading FIDO " +"authenticator-hosted keys, overriding the default of using the built-in USB " +"HID support." +msgstr "" + +#. type: It +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +#, no-wrap +msgid "Cm SetEnv" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +msgid "" +"Specifies one or more environment variables to set in child sessions started " +"by E<.Xr sshd 8> as E<.Dq NAME=VALUE>. The environment value may be quoted " +"(e.g. if it contains whitespace characters). Environment variables set by " +"E<.Cm SetEnv> override the default environment and any variables specified " +"by the user via E<.Cm AcceptEnv> or E<.Cm PermitUserEnvironment>." +msgstr "" + +#. type: It +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +#, no-wrap +msgid "Cm StreamLocalBindMask" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +msgid "" +"Sets the octal file creation mode mask E<.Pq umask> used when creating a " +"Unix-domain socket file for local or remote port forwarding. This option is " +"only used for port forwarding to a Unix-domain socket file." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +msgid "" +"The default value is 0177, which creates a Unix-domain socket file that is " +"readable and writable only by the owner. Note that not all operating " +"systems honor the file mode on Unix-domain socket files." +msgstr "" + +#. type: It +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +#, no-wrap +msgid "Cm StreamLocalBindUnlink" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +msgid "" +"Specifies whether to remove an existing Unix-domain socket file for local or " +"remote port forwarding before creating a new one. If the socket file " +"already exists and E<.Cm StreamLocalBindUnlink> is not enabled, E<.Nm sshd> " +"will be unable to forward the port to the Unix-domain socket file. This " +"option is only used for port forwarding to a Unix-domain socket file." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +msgid "" +"The argument must be E<.Cm yes> or E<.Cm no>. The default is E<.Cm no>." +msgstr "" + +#. type: It +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +#, no-wrap +msgid "Cm StrictModes" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +msgid "" +"Specifies whether E<.Xr sshd 8> should check file modes and ownership of the " +"user's files and home directory before accepting login. This is normally " +"desirable because novices sometimes accidentally leave their directory or " +"files world-writable. The default is E<.Cm yes>. Note that this does not " +"apply to E<.Cm ChrootDirectory>, whose permissions and ownership are checked " +"unconditionally." +msgstr "" + +#. type: It +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +#, no-wrap +msgid "Cm Subsystem" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +msgid "" +"Configures an external subsystem (e.g. file transfer daemon). Arguments " +"should be a subsystem name and a command (with optional arguments) to " +"execute upon subsystem request." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +msgid "" +"The command E<.Cm sftp-server> implements the SFTP file transfer subsystem." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +msgid "" +"Alternately the name E<.Cm internal-sftp> implements an in-process SFTP " +"server. This may simplify configurations using E<.Cm ChrootDirectory> to " +"force a different filesystem root on clients." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +msgid "By default no subsystems are defined." +msgstr "" + +#. type: It +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +#, no-wrap +msgid "Cm SyslogFacility" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable opensuse-tumbleweed +msgid "" +"Gives the facility code that is used when logging messages from E<.Xr sshd " +"8>. The possible values are: DAEMON, USER, AUTH, LOCAL0, LOCAL1, LOCAL2, " +"LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7. The default is AUTH." +msgstr "" + +#. type: It +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +#, no-wrap +msgid "Cm TCPKeepAlive" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +msgid "" +"Specifies whether the system should send TCP keepalive messages to the other " +"side. If they are sent, death of the connection or crash of one of the " +"machines will be properly noticed. However, this means that connections " +"will die if the route is down temporarily, and some people find it " +"annoying. On the other hand, if TCP keepalives are not sent, sessions may " +"hang indefinitely on the server, leaving E<.Qq ghost> users and consuming " +"server resources." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +msgid "" +"The default is E<.Cm yes> (to send TCP keepalive messages), and the server " +"will notice if the network goes down or the client host crashes. This " +"avoids infinitely hanging sessions." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +msgid "" +"To disable TCP keepalive messages, the value should be set to E<.Cm no>." +msgstr "" + +#. type: It +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +#, no-wrap +msgid "Cm TrustedUserCAKeys" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +msgid "" +"Specifies a file containing public keys of certificate authorities that are " +"trusted to sign user certificates for authentication, or E<.Cm none> to not " +"use one. Keys are listed one per line; empty lines and comments starting " +"with E<.Ql #> are allowed. If a certificate is presented for authentication " +"and has its signing CA key listed in this file, then it may be used for " +"authentication for any user listed in the certificate's principals list. " +"Note that certificates that lack a list of principals will not be permitted " +"for authentication using E<.Cm TrustedUserCAKeys>. For more details on " +"certificates, see the CERTIFICATES section in E<.Xr ssh-keygen 1>." +msgstr "" + +#. type: It +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +#, no-wrap +msgid "Cm UnusedConnectionTimeout" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +msgid "" +"Specifies whether and how quickly E<.Xr sshd 8> should close client " +"connections with no open channels. Open channels include active shell, " +"command execution or subsystem sessions, connected network, socket, agent or " +"X11 forwardings. Forwarding listeners, such as those from the E<.Xr ssh 1> " +"E<.Fl R> flag, are not considered as open channels and do not prevent the " +"timeout. The timeout value is specified in seconds or may use any of the " +"units documented in the E<.Sx TIME FORMATS> section." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +msgid "" +"Note that this timeout starts when the client connection completes user " +"authentication but before the client has an opportunity to open any " +"channels. Caution should be used when using short timeout values, as they " +"may not provide sufficient time for the client to request and open its " +"channels before terminating the connection." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +msgid "" +"The default E<.Cm none> is to never expire connections for having no open " +"channels. This option may be useful in conjunction with E<.Cm " +"ChannelTimeout>." +msgstr "" + +#. type: It +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +#, no-wrap +msgid "Cm UseDNS" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +msgid "" +"Specifies whether E<.Xr sshd 8> should look up the remote host name, and to " +"check that the resolved host name for the remote IP address maps back to the " +"very same IP address." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +msgid "" +"If this option is set to E<.Cm no> (the default) then only addresses and not " +"host names may be used in E<.Pa ~/.ssh/authorized_keys> E<.Cm from> and E<." +"Nm> E<.Cm Match> E<.Cm Host> directives." +msgstr "" + +#. type: It +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +#, no-wrap +msgid "Cm UsePAM" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +msgid "" +"Enables the Pluggable Authentication Module interface. If set to E<.Cm yes> " +"this will enable PAM authentication using E<.Cm " +"KbdInteractiveAuthentication> and E<.Cm PasswordAuthentication> in addition " +"to PAM account and session module processing for all authentication types." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +msgid "" +"Because PAM keyboard-interactive authentication usually serves an equivalent " +"role to password authentication, you should disable either E<.Cm " +"PasswordAuthentication> or E<.Cm KbdInteractiveAuthentication>." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +msgid "" +"If E<.Cm UsePAM> is enabled, you will not be able to run E<.Xr sshd 8> as a " +"non-root user. The default is E<.Cm no>." +msgstr "" + +#. type: It +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +#, no-wrap +msgid "Cm VersionAddendum" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +msgid "" +"Optionally specifies additional text to append to the SSH protocol banner " +"sent by the server upon connection. The default is E<.Cm none>." +msgstr "" + +#. type: It +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +#, no-wrap +msgid "Cm X11DisplayOffset" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +msgid "" +"Specifies the first display number available for E<.Xr sshd 8 Ns 's> X11 " +"forwarding. This prevents sshd from interfering with real X11 servers. The " +"default is 10." +msgstr "" + +#. type: It +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +#, no-wrap +msgid "Cm X11Forwarding" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +msgid "" +"Specifies whether X11 forwarding is permitted. The argument must be E<.Cm " +"yes> or E<.Cm no>. The default is E<.Cm no>." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +msgid "" +"When X11 forwarding is enabled, there may be additional exposure to the " +"server and to client displays if the E<.Xr sshd 8> proxy display is " +"configured to listen on the wildcard address (see E<.Cm X11UseLocalhost>), " +"though this is not the default. Additionally, the authentication spoofing " +"and authentication data verification and substitution occur on the client " +"side. The security risk of using X11 forwarding is that the client's X11 " +"display server may be exposed to attack when the SSH client requests " +"forwarding (see the warnings for E<.Cm ForwardX11> in E<.Xr ssh_config 5>). " +"A system administrator may have a stance in which they want to protect " +"clients that may expose themselves to attack by unwittingly requesting X11 " +"forwarding, which can warrant a E<.Cm no> setting." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +msgid "" +"Note that disabling X11 forwarding does not prevent users from forwarding " +"X11 traffic, as users can always install their own forwarders." +msgstr "" + +#. type: It +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +#, no-wrap +msgid "Cm X11UseLocalhost" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +msgid "" +"Specifies whether E<.Xr sshd 8> should bind the X11 forwarding server to the " +"loopback address or to the wildcard address. By default, sshd binds the " +"forwarding server to the loopback address and sets the hostname part of the " +"E<.Ev DISPLAY> environment variable to E<.Cm localhost>. This prevents " +"remote hosts from connecting to the proxy display. However, some older X11 " +"clients may not function with this configuration. E<.Cm X11UseLocalhost> " +"may be set to E<.Cm no> to specify that the forwarding server should be " +"bound to the wildcard address. The argument must be E<.Cm yes> or E<.Cm " +"no>. The default is E<.Cm yes>." +msgstr "" + +#. type: It +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +#, no-wrap +msgid "Cm XAuthLocation" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +msgid "" +"Specifies the full pathname of the E<.Xr xauth 1> program, or E<.Cm none> to " +"not use one. The default is E<.Pa /usr/bin/xauth>." +msgstr "" + +#. type: Sh +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +#, no-wrap +msgid "TIME FORMATS" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +msgid "" +"E<.Xr sshd 8> command-line arguments and configuration file options that " +"specify time may be expressed using a sequence of the form: E<.Sm off> E<.Ar " +"time Op Ar qualifier>, E<.Sm on> where E<.Ar time> is a positive integer " +"value and E<.Ar qualifier> is one of the following:" +msgstr "" + +#. type: It +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +#, no-wrap +msgid "Aq Cm none" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +msgid "seconds" +msgstr "" + +#. type: It +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +#, no-wrap +msgid "Cm s | Cm S" +msgstr "" + +#. type: It +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +#, no-wrap +msgid "Cm m | Cm M" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +msgid "minutes" +msgstr "" + +#. type: It +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +#, no-wrap +msgid "Cm h | Cm H" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +msgid "hours" +msgstr "" + +#. type: It +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +#, no-wrap +msgid "Cm d | Cm D" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +msgid "days" +msgstr "" + +#. type: It +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +#, no-wrap +msgid "Cm w | Cm W" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +msgid "weeks" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +msgid "" +"Each member of the sequence is added together to calculate the total time " +"value." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +msgid "Time format examples:" +msgstr "" + +#. type: It +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +#, no-wrap +msgid "600" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +msgid "600 seconds (10 minutes)" +msgstr "" + +#. type: It +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +#, no-wrap +msgid "10m" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +msgid "10 minutes" +msgstr "" + +#. type: It +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +#, no-wrap +msgid "1h30m" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +msgid "1 hour 30 minutes (90 minutes)" +msgstr "" + +#. type: Sh +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +#, no-wrap +msgid "TOKENS" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +msgid "" +"Arguments to some keywords can make use of tokens, which are expanded at " +"runtime:" +msgstr "" + +#. type: It +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +#, no-wrap +msgid "%%" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +msgid "A literal E<.Sq %>." +msgstr "" + +#. type: It +#: archlinux debian-unstable fedora-40 fedora-rawhide opensuse-tumbleweed +#, no-wrap +msgid "\\&%C" +msgstr "" + +#. type: Plain text +#: archlinux debian-unstable fedora-40 fedora-rawhide opensuse-tumbleweed +msgid "" +"Identifies the connection endpoints, containing four space-separated values: " +"client address, client port number, server address, and server port number." +msgstr "" + +#. type: It +#: archlinux fedora-40 fedora-rawhide mageia-cauldron opensuse-tumbleweed +#, no-wrap +msgid "\\&%D" +msgstr "" + +#. type: Plain text +#: archlinux fedora-40 fedora-rawhide mageia-cauldron opensuse-tumbleweed +msgid "The routing domain in which the incoming connection was received." +msgstr "" + +#. type: It +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +#, no-wrap +msgid "%F" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +msgid "The fingerprint of the CA key." +msgstr "" + +#. type: It +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +#, no-wrap +msgid "%f" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +msgid "The fingerprint of the key or certificate." +msgstr "" + +#. type: It +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +#, no-wrap +msgid "%h" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +msgid "The home directory of the user." +msgstr "" + +#. type: It +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +#, no-wrap +msgid "%i" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +msgid "The key ID in the certificate." +msgstr "" + +#. type: It +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +#, no-wrap +msgid "%K" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +msgid "The base64-encoded CA key." +msgstr "" + +#. type: It +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +#, no-wrap +msgid "%k" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +msgid "The base64-encoded key or certificate for authentication." +msgstr "" + +#. type: It +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +#, no-wrap +msgid "%s" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +msgid "The serial number of the certificate." +msgstr "" + +#. type: It +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +#, no-wrap +msgid "\\&%T" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +msgid "The type of the CA key." +msgstr "" + +#. type: It +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +#, no-wrap +msgid "%t" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +msgid "The key or certificate type." +msgstr "" + +#. type: It +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +#, no-wrap +msgid "\\&%U" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +msgid "The numeric user ID of the target user." +msgstr "" + +#. type: It +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +#, no-wrap +msgid "%u" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +msgid "The username." +msgstr "" + +#. type: Plain text +#: archlinux debian-unstable fedora-40 fedora-rawhide opensuse-tumbleweed +msgid "" +"E<.Cm AuthorizedKeysCommand> accepts the tokens %%, %C, %D, %f, %h, %k, %t, " +"%U, and %u." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +msgid "E<.Cm AuthorizedKeysFile> accepts the tokens %%, %h, %U, and %u." +msgstr "" + +#. type: Plain text +#: archlinux debian-unstable fedora-40 fedora-rawhide opensuse-tumbleweed +msgid "" +"E<.Cm AuthorizedPrincipalsCommand> accepts the tokens %%, %C, %D, %F, %f, " +"%h, %i, %K, %k, %s, %T, %t, %U, and %u." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +msgid "E<.Cm AuthorizedPrincipalsFile> accepts the tokens %%, %h, %U, and %u." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +msgid "E<.Cm ChrootDirectory> accepts the tokens %%, %h, %U, and %u." +msgstr "" + +#. type: Plain text +#: archlinux fedora-40 fedora-rawhide mageia-cauldron opensuse-tumbleweed +msgid "E<.Cm RoutingDomain> accepts the token %D." +msgstr "" + +#. type: Sh +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +#, no-wrap +msgid "FILES" +msgstr "" + +#. type: It +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +#, no-wrap +msgid "Pa /etc/ssh/sshd_config" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +msgid "" +"Contains configuration data for E<.Xr sshd 8>. This file should be writable " +"by root only, but it is recommended (though not necessary) that it be world-" +"readable." +msgstr "" + +#. type: Sh +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +#, no-wrap +msgid "SEE ALSO" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable mageia-cauldron +#: opensuse-tumbleweed +msgid "E<.Xr sftp-server 8>, E<.Xr sshd 8>" +msgstr "" + +#. type: Sh +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +#, no-wrap +msgid "AUTHORS" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide +#: mageia-cauldron opensuse-tumbleweed +msgid "" +"E<.An -nosplit> OpenSSH is a derivative of the original and free ssh 1.2.12 " +"release by E<.An Tatu Ylonen>. E<.An Aaron Campbell , Bob Beck , Markus " +"Friedl , Niels Provos>, E<.An Theo de Raadt> and E<.An Dug Song> removed " +"many bugs, re-added newer features and created OpenSSH. E<.An Markus " +"Friedl> contributed the support for SSH protocol versions 1.5 and 2.0. E<." +"An Niels Provos> and E<.An Markus Friedl> contributed support for privilege " +"separation." +msgstr "" + +#. type: Dd +#: debian-bookworm +#, no-wrap +msgid "$Mdocdate: January 18 2023 $" +msgstr "" + +#. type: Plain text +#: debian-bookworm +msgid "" +"E<.Xr sshd 8> reads configuration data from E<.Pa /etc/ssh/sshd_config> (or " +"the file specified with E<.Fl f> on the command line). The file contains " +"keyword-argument pairs, one per line. For each keyword, the first obtained " +"value will be used. Lines starting with E<.Ql #> and empty lines are " +"interpreted as comments. Arguments may optionally be enclosed in double " +"quotes E<.Pq \\&\"> in order to represent arguments containing spaces." +msgstr "" + +#. type: Plain text +#: debian-bookworm debian-unstable +msgid "" +"Note that the Debian E<.Ic openssh-server> package sets several options as " +"standard in E<.Pa /etc/ssh/sshd_config> which are not the default in E<.Xr " +"sshd 8>:" +msgstr "" + +#. type: Plain text +#: debian-bookworm debian-unstable +msgid "E<.Cm Include /etc/ssh/sshd_config.d/*.conf>" +msgstr "" + +#. type: Plain text +#: debian-bookworm debian-unstable +msgid "E<.Cm KbdInteractiveAuthentication No no>" +msgstr "" + +#. type: Plain text +#: debian-bookworm debian-unstable +msgid "E<.Cm X11Forwarding No yes>" +msgstr "" + +#. type: Plain text +#: debian-bookworm debian-unstable +msgid "E<.Cm PrintMotd No no>" +msgstr "" + +#. type: Plain text +#: debian-bookworm debian-unstable +msgid "E<.Cm AcceptEnv No LANG LC_*>" +msgstr "" + +#. type: Plain text +#: debian-bookworm debian-unstable +msgid "E<.Cm Subsystem No sftp /usr/lib/openssh/sftp-server>" +msgstr "" + +#. type: Plain text +#: debian-bookworm debian-unstable +msgid "E<.Cm UsePAM No yes>" +msgstr "" + +#. type: Plain text +#: debian-bookworm debian-unstable +msgid "" +"E<.Pa /etc/ssh/sshd_config.d/*.conf> files are included at the start of the " +"configuration file, so options set there will override those in E<.Pa /etc/" +"ssh/sshd_config.>" +msgstr "" + +#. type: Plain text +#: debian-bookworm +msgid "See PATTERNS in E<.Xr ssh_config 5> for more information on patterns." +msgstr "" + +#. type: It +#: debian-bookworm debian-unstable +#, no-wrap +msgid "Cm DebianBanner" +msgstr "" + +#. type: Plain text +#: debian-bookworm debian-unstable +msgid "" +"Specifies whether the distribution-specified extra version suffix is " +"included during initial protocol handshake. The default is E<.Cm yes>." +msgstr "" + +#. type: It +#: debian-bookworm debian-unstable fedora-40 fedora-rawhide mageia-cauldron +#: opensuse-tumbleweed +#, no-wrap +msgid "Cm GSSAPIKeyExchange" +msgstr "" + +#. type: Plain text +#: debian-bookworm debian-unstable fedora-40 fedora-rawhide mageia-cauldron +#: opensuse-tumbleweed +msgid "" +"Specifies whether key exchange based on GSSAPI is allowed. GSSAPI key " +"exchange doesn't rely on ssh keys to verify host identity. The default is " +"E<.Cm no>." +msgstr "" + +#. type: It +#: debian-bookworm debian-unstable fedora-40 fedora-rawhide mageia-cauldron +#: opensuse-tumbleweed +#, no-wrap +msgid "Cm GSSAPIStoreCredentialsOnRekey" +msgstr "" + +#. type: Plain text +#: debian-bookworm debian-unstable fedora-40 fedora-rawhide mageia-cauldron +#: opensuse-tumbleweed +msgid "" +"Controls whether the user's GSSAPI credentials should be updated following a " +"successful connection rekeying. This option can be used to accepted renewed " +"or updated credentials from a compatible client. The default is E<.Dq no>." +msgstr "" + +#. type: Plain text +#: debian-bookworm debian-unstable fedora-40 fedora-rawhide mageia-cauldron +#: opensuse-tumbleweed +msgid "" +"For this to work E<.Cm GSSAPIKeyExchange> needs to be enabled in the server " +"and also used by the client." +msgstr "" + +#. type: It +#: debian-bookworm debian-unstable fedora-40 fedora-rawhide mageia-cauldron +#: opensuse-tumbleweed +#, no-wrap +msgid "Cm GSSAPIKexAlgorithms" +msgstr "" + +#. type: Plain text +#: debian-bookworm debian-unstable fedora-40 fedora-rawhide mageia-cauldron +#: opensuse-tumbleweed +msgid "" +"The list of key exchange algorithms that are accepted by GSSAPI key " +"exchange. Possible values are" +msgstr "" + +#. type: Plain text +#: debian-bookworm debian-unstable opensuse-tumbleweed +#, no-wrap +msgid "" +"gss-gex-sha1-,\n" +"gss-group1-sha1-,\n" +"gss-group14-sha1-,\n" +"gss-group14-sha256-,\n" +"gss-group16-sha512-,\n" +"gss-nistp256-sha256-,\n" +"gss-curve25519-sha256-\n" +msgstr "" + +#. type: Plain text +#: debian-bookworm debian-unstable +msgid "" +"The default is E<.Dq gss-group14-sha256-,gss-group16-sha512-,gss-nistp256-" +"sha256-,gss-curve25519-sha256-,gss-gex-sha1-,gss-group14-sha1->. This " +"option only applies to connections using GSSAPI." +msgstr "" + +#. type: Plain text +#: debian-bookworm debian-unstable opensuse-tumbleweed +msgid "" +"Specifies the IPv4 type-of-service or DSCP class for the connection. " +"Accepted values are E<.Cm af11>, E<.Cm af12>, E<.Cm af13>, E<.Cm af21>, E<." +"Cm af22>, E<.Cm af23>, E<.Cm af31>, E<.Cm af32>, E<.Cm af33>, E<.Cm af41>, " +"E<.Cm af42>, E<.Cm af43>, E<.Cm cs0>, E<.Cm cs1>, E<.Cm cs2>, E<.Cm cs3>, E<." +"Cm cs4>, E<.Cm cs5>, E<.Cm cs6>, E<.Cm cs7>, E<.Cm ef>, E<.Cm le>, E<.Cm " +"lowdelay>, E<.Cm throughput>, E<.Cm reliability>, a numeric value, or E<.Cm " +"none> to use the operating system default. This option may take one or two " +"arguments, separated by whitespace. If one argument is specified, it is " +"used as the packet class unconditionally. If two values are specified, the " +"first is automatically selected for interactive sessions and the second for " +"non-interactive sessions. The default is E<.Cm lowdelay> for interactive " +"sessions and E<.Cm throughput> for non-interactive sessions." +msgstr "" + +#. type: Plain text +#: debian-bookworm debian-unstable +msgid "" +"Specifies whether to allow keyboard-interactive authentication. The default " +"is E<.Cm yes>. The argument to this keyword must be E<.Cm yes> or E<.Cm " +"no>. E<.Cm ChallengeResponseAuthentication> is a deprecated alias for this." +msgstr "" + +#. type: Plain text +#: debian-bookworm debian-unstable +msgid "E<.Cm ListenAddress> E<.Sm off> E<.Ar hostname | address> E<.Sm on>" +msgstr "" + +#. type: Plain text +#: debian-bookworm debian-unstable +msgid "E<.Cm ListenAddress> E<.Sm off> E<.Ar hostname : port> E<.Sm on>" +msgstr "" + +#. type: Plain text +#: debian-bookworm debian-unstable +msgid "E<.Cm ListenAddress> E<.Sm off> E<.Ar IPv4_address : port> E<.Sm on>" +msgstr "" + +#. type: Plain text +#: debian-bookworm debian-unstable +msgid "" +"E<.Cm ListenAddress> E<.Sm off> E<.Oo Ar hostname | address Oc : Ar port> E<." +"Sm on>" +msgstr "" + +#. type: Plain text +#: debian-bookworm debian-unstable +msgid "" +"If E<.Ar port> is not specified, sshd will listen on the address and all E<." +"Cm Port> options specified. The default is to listen on all local " +"addresses. Multiple E<.Cm ListenAddress> options are permitted." +msgstr "" + +#. type: Plain text +#: debian-bookworm debian-unstable +msgid "" +"The arguments to E<.Cm Match> are one or more criteria-pattern pairs or the " +"single token E<.Cm All> which matches all criteria. The available criteria " +"are E<.Cm User>, E<.Cm Group>, E<.Cm Host>, E<.Cm LocalAddress>, E<.Cm " +"LocalPort>, and E<.Cm Address>." +msgstr "" + +#. type: Plain text +#: debian-bookworm debian-unstable +msgid "" +"Only a subset of keywords may be used on the lines following a E<.Cm Match> " +"keyword. Available keywords are E<.Cm AcceptEnv>, E<.Cm " +"AllowAgentForwarding>, E<.Cm AllowGroups>, E<.Cm " +"AllowStreamLocalForwarding>, E<.Cm AllowTcpForwarding>, E<.Cm AllowUsers>, " +"E<.Cm AuthenticationMethods>, E<.Cm AuthorizedKeysCommand>, E<.Cm " +"AuthorizedKeysCommandUser>, E<.Cm AuthorizedKeysFile>, E<.Cm " +"AuthorizedPrincipalsCommand>, E<.Cm AuthorizedPrincipalsCommandUser>, E<.Cm " +"AuthorizedPrincipalsFile>, E<.Cm Banner>, E<.Cm CASignatureAlgorithms>, E<." +"Cm ChannelTimeout>, E<.Cm ChrootDirectory>, E<.Cm ClientAliveCountMax>, E<." +"Cm ClientAliveInterval>, E<.Cm DenyGroups>, E<.Cm DenyUsers>, E<.Cm " +"DisableForwarding>, E<.Cm ExposeAuthInfo>, E<.Cm ForceCommand>, E<.Cm " +"GatewayPorts>, E<.Cm GSSAPIAuthentication>, E<.Cm " +"HostbasedAcceptedAlgorithms>, E<.Cm HostbasedAuthentication>, E<.Cm " +"HostbasedUsesNameFromPacketOnly>, E<.Cm IgnoreRhosts>, E<.Cm Include>, E<.Cm " +"IPQoS>, E<.Cm KbdInteractiveAuthentication>, E<.Cm KerberosAuthentication>, " +"E<.Cm LogLevel>, E<.Cm MaxAuthTries>, E<.Cm MaxSessions>, E<.Cm " +"PasswordAuthentication>, E<.Cm PermitEmptyPasswords>, E<.Cm PermitListen>, " +"E<.Cm PermitOpen>, E<.Cm PermitRootLogin>, E<.Cm PermitTTY>, E<.Cm " +"PermitTunnel>, E<.Cm PermitUserRC>, E<.Cm PubkeyAcceptedAlgorithms>, E<.Cm " +"PubkeyAuthentication>, E<.Cm PubkeyAuthOptions>, E<.Cm RekeyLimit>, E<.Cm " +"RevokedKeys>, E<.Cm SetEnv>, E<.Cm StreamLocalBindMask>, E<.Cm " +"StreamLocalBindUnlink>, E<.Cm TrustedUserCAKeys>, E<.Cm " +"UnusedConnectionTimeout>, E<.Cm X11DisplayOffset>, E<.Cm X11Forwarding> and " +"E<.Cm X11UseLocalhost>." +msgstr "" + +#. type: Plain text +#: debian-bookworm debian-unstable +msgid "This option was formerly called E<.Cm KeepAlive>." +msgstr "" + +#. type: Plain text +#: debian-bookworm mageia-cauldron +msgid "" +"E<.Cm AuthorizedKeysCommand> accepts the tokens %%, %f, %h, %k, %t, %U, and " +"%u." +msgstr "" + +#. type: Plain text +#: debian-bookworm mageia-cauldron +msgid "" +"E<.Cm AuthorizedPrincipalsCommand> accepts the tokens %%, %F, %f, %h, %i, " +"%K, %k, %s, %T, %t, %U, and %u." +msgstr "" + +#. type: Plain text +#: fedora-40 fedora-rawhide mageia-cauldron +msgid "" +"The default is handled system-wide by E<.Xr crypto-policies 7>. Information " +"about defaults, how to modify the defaults and how to customize existing " +"policies with sub-policies are present in manual page E<.Xr update-crypto-" +"policies 8>." +msgstr "" + +#. type: Plain text +#: fedora-40 fedora-rawhide mageia-cauldron +msgid "" +"Specifies which algorithms are allowed for signing of certificates by " +"certificate authorities (CAs). If the specified list begins with a E<.Sq +> " +"character, then the specified algorithms will be appended to the default set " +"instead of replacing them. If the specified list begins with a E<.Sq -> " +"character, then the specified algorithms (including wildcards) will be " +"removed from the default set instead of replacing them." +msgstr "" + +#. type: Plain text +#: fedora-40 fedora-rawhide mageia-cauldron +msgid "" +"Specifies the ciphers allowed. Multiple ciphers must be comma-separated. " +"If the specified list begins with a E<.Sq +> character, then the specified " +"ciphers will be appended to the built-in openssh default set instead of " +"replacing them. If the specified list begins with a E<.Sq -> character, " +"then the specified ciphers (including wildcards) will be removed from the " +"built-in openssh default set instead of replacing them. If the specified " +"list begins with a E<.Sq ^> character, then the specified ciphers will be " +"placed at the head of the built-in openssh default set." +msgstr "" + +#. type: It +#: fedora-40 fedora-rawhide mageia-cauldron +#, no-wrap +msgid "Cm GSSAPIEnablek5users" +msgstr "" + +#. type: Plain text +#: fedora-40 fedora-rawhide mageia-cauldron +msgid "" +"Specifies whether to look at .k5users file for GSSAPI authentication access " +"control. Further details are described in E<.Xr ksu 1>. The default is E<." +"Cm no>." +msgstr "" + +#. type: Plain text +#: fedora-40 fedora-rawhide mageia-cauldron +#, no-wrap +msgid "" +"gss-gex-sha1-\n" +"gss-group1-sha1-\n" +"gss-group14-sha1-\n" +"gss-group14-sha256-\n" +"gss-group16-sha512-\n" +"gss-nistp256-sha256-\n" +"gss-curve25519-sha256-\n" +msgstr "" + +#. type: Plain text +#: fedora-40 fedora-rawhide mageia-cauldron +msgid "This option only applies to connections using GSSAPI." +msgstr "" + +#. type: Plain text +#: fedora-40 fedora-rawhide +msgid "" +"Specifies the signature algorithms that will be accepted for hostbased " +"authentication as a list of comma-separated patterns. Alternately if the " +"specified list begins with a E<.Sq +> character, then the specified " +"signature algorithms will be appended to the built-in openssh default set " +"instead of replacing them. If the specified list begins with a E<.Sq -> " +"character, then the specified signature algorithms (including wildcards) " +"will be removed from the built-in openssh default set instead of replacing " +"them. If the specified list begins with a E<.Sq ^> character, then the " +"specified signature algorithms will be placed at the head of the built-in " +"openssh default set." +msgstr "" + +#. type: Plain text +#: fedora-40 fedora-rawhide mageia-cauldron +msgid "" +"Specifies the host key signature algorithms that the server offers. The " +"default for this option is: The list of available signature algorithms may " +"also be obtained using E<.Qq ssh -Q HostKeyAlgorithms>." +msgstr "" + +#. type: It +#: fedora-40 fedora-rawhide mageia-cauldron +#, no-wrap +msgid "Cm KerberosUniqueCCache" +msgstr "" + +#. type: Plain text +#: fedora-40 fedora-rawhide mageia-cauldron +msgid "" +"Specifies whether to store the acquired tickets in the per-session " +"credential cache under /tmp/ or whether to use per-user credential cache as " +"configured in E<.Pa /etc/krb5.conf>. The default value E<.Cm no> can lead " +"to overwriting previous tickets by subseqent connections to the same user " +"account." +msgstr "" + +#. type: It +#: fedora-40 fedora-rawhide mageia-cauldron +#, no-wrap +msgid "Cm KerberosUseKuserok" +msgstr "" + +#. type: Plain text +#: fedora-40 fedora-rawhide mageia-cauldron +msgid "" +"Specifies whether to look at .k5login file for user's aliases. The default " +"is E<.Cm yes>." +msgstr "" + +#. type: Plain text +#: fedora-40 fedora-rawhide mageia-cauldron +msgid "" +"Specifies the available KEX (Key Exchange) algorithms. Multiple algorithms " +"must be comma-separated. Alternately if the specified list begins with a E<." +"Sq +> character, then the specified methods will be appended to the built-in " +"openssh default set instead of replacing them. If the specified list begins " +"with a E<.Sq -> character, then the specified algorithms (including " +"wildcards) will be removed from the built-in openssh default set instead of " +"replacing them. If the specified list begins with a E<.Sq ^> character, " +"then the specified algorithms will be placed at the head of the built-in " +"openssh default set. The supported algorithms are:" +msgstr "" + +#. type: Plain text +#: fedora-40 fedora-rawhide mageia-cauldron +msgid "" +"Specifies the available MAC (message authentication code) algorithms. The " +"MAC algorithm is used for data integrity protection. Multiple algorithms " +"must be comma-separated. If the specified list begins with a E<.Sq +> " +"character, then the specified algorithms will be appended to the built-in " +"openssh default set instead of replacing them. If the specified list begins " +"with a E<.Sq -> character, then the specified algorithms (including " +"wildcards) will be removed from the built-in openssh default set instead of " +"replacing them. If the specified list begins with a E<.Sq ^> character, " +"then the specified algorithms will be placed at the head of the built-in " +"openssh default set." +msgstr "" + +#. type: Plain text +#: fedora-40 fedora-rawhide mageia-cauldron +msgid "" +"Only a subset of keywords may be used on the lines following a E<.Cm Match> " +"keyword. Available keywords are E<.Cm AcceptEnv>, E<.Cm " +"AllowAgentForwarding>, E<.Cm AllowGroups>, E<.Cm " +"AllowStreamLocalForwarding>, E<.Cm AllowTcpForwarding>, E<.Cm AllowUsers>, " +"E<.Cm AuthenticationMethods>, E<.Cm AuthorizedKeysCommand>, E<.Cm " +"AuthorizedKeysCommandUser>, E<.Cm AuthorizedKeysFile>, E<.Cm " +"AuthorizedPrincipalsCommand>, E<.Cm AuthorizedPrincipalsCommandUser>, E<.Cm " +"AuthorizedPrincipalsFile>, E<.Cm Banner>, E<.Cm CASignatureAlgorithms>, E<." +"Cm ChannelTimeout>, E<.Cm ChrootDirectory>, E<.Cm ClientAliveCountMax>, E<." +"Cm ClientAliveInterval>, E<.Cm DenyGroups>, E<.Cm DenyUsers>, E<.Cm " +"DisableForwarding>, E<.Cm ExposeAuthInfo>, E<.Cm ForceCommand>, E<.Cm " +"GatewayPorts>, E<.Cm GSSAPIAuthentication>, E<.Cm " +"HostbasedAcceptedAlgorithms>, E<.Cm HostbasedAuthentication>, E<.Cm " +"HostbasedUsesNameFromPacketOnly>, E<.Cm IgnoreRhosts>, E<.Cm Include>, E<.Cm " +"IPQoS>, E<.Cm KbdInteractiveAuthentication>, E<.Cm KerberosAuthentication>, " +"E<.Cm KerberosUseKuserok>, E<.Cm LogLevel>, E<.Cm MaxAuthTries>, E<.Cm " +"MaxSessions>, E<.Cm PasswordAuthentication>, E<.Cm PermitEmptyPasswords>, E<." +"Cm PermitListen>, E<.Cm PermitOpen>, E<.Cm PermitRootLogin>, E<.Cm " +"PermitTTY>, E<.Cm PermitTunnel>, E<.Cm PermitUserRC>, E<.Cm " +"PubkeyAcceptedAlgorithms>, E<.Cm PubkeyAuthentication>, E<.Cm " +"PubkeyAuthOptions>, E<.Cm RekeyLimit>, E<.Cm RevokedKeys>, E<.Cm RDomain>, " +"E<.Cm SetEnv>, E<.Cm StreamLocalBindMask>, E<.Cm StreamLocalBindUnlink>, E<." +"Cm TrustedUserCAKeys>, E<.Cm UnusedConnectionTimeout>, E<.Cm " +"X11DisplayOffset>, E<.Cm X11MaxDisplays>, E<.Cm X11Forwarding> and E<.Cm " +"X11UseLocalhost>." +msgstr "" + +#. type: Plain text +#: fedora-40 fedora-rawhide mageia-cauldron +msgid "" +"Specifies the file that contains the process ID of the SSH daemon, or E<.Cm " +"none> to not write one. The default is E<.Pa /var/run/sshd.pid>." +msgstr "" + +#. type: Plain text +#: fedora-40 fedora-rawhide mageia-cauldron +msgid "" +"Specifies the signature algorithms that will be accepted for public key " +"authentication as a list of comma-separated patterns. Alternately if the " +"specified list begins with a E<.Sq +> character, then the specified " +"algorithms will be appended to the built-in openssh default set instead of " +"replacing them. If the specified list begins with a E<.Sq -> character, " +"then the specified algorithms (including wildcards) will be removed from the " +"built-in openssh default set instead of replacing them. If the specified " +"list begins with a E<.Sq ^> character, then the specified algorithms will be " +"placed at the head of the built-in openssh default set." +msgstr "" + +#. type: Plain text +#: fedora-40 fedora-rawhide mageia-cauldron +msgid "" +"Gives the facility code that is used when logging messages from E<.Xr sshd " +"8>. The possible values are: DAEMON, USER, AUTH, AUTHPRIV, LOCAL0, LOCAL1, " +"LOCAL2, LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7. The default is AUTH." +msgstr "" + +#. type: It +#: fedora-40 fedora-rawhide mageia-cauldron +#, no-wrap +msgid "Cm X11MaxDisplays" +msgstr "" + +#. type: Plain text +#: fedora-40 fedora-rawhide mageia-cauldron +msgid "" +"Specifies the maximum number of displays available for E<.Xr sshd 8 Ns 's> " +"X11 forwarding. This prevents sshd from exhausting local ports. The " +"default is 1000." +msgstr "" + +#. type: Plain text +#: fedora-40 fedora-rawhide +msgid "" +"E<.Xr sftp-server 8>, E<.Xr sshd 8>, E<.Xr crypto-policies 7>, E<.Xr update-" +"crypto-policies 8>" +msgstr "" + +#. type: Dd +#: mageia-cauldron +#, no-wrap +msgid "$Mdocdate: March 3 2023 $" +msgstr "" + +#. type: Plain text +#: opensuse-tumbleweed +msgid "" +"E<.Xr sshd 8> reads configuration data from E<.Pa /etc/ssh/sshd_config> ( E<." +"Pa /usr/etc/ssh/sshd_config> if the file does not exist or the file " +"specified with E<.Fl f> on the command line). The file contains keyword-" +"argument pairs, one per line. Unless noted otherwise, for each keyword, the " +"first obtained value will be used. Lines starting with E<.Ql #> and empty " +"lines are interpreted as comments. Arguments may optionally be enclosed in " +"double quotes E<.Pq \\&\"> in order to represent arguments containing spaces." +msgstr "" + +#. type: Plain text +#: opensuse-tumbleweed +msgid "In the FIPS mode the minimum of SHA-1 is enforced (which means sha256)." +msgstr "" + +#. type: Plain text +#: opensuse-tumbleweed +msgid "" +"The default is E<.Dq gss-gex-sha1-,gss-group14-sha1->. This option only " +"applies to protocol version 2 connections using GSSAPI." +msgstr "" + +#. type: Plain text +#: opensuse-tumbleweed +msgid "" +"Specifies whether to ignore per-user E<.Pa .rhosts> and E<.Pa .shosts> files " +"during E<.Cm HostbasedAuthentication>. The system-wide E<.Pa /etc/hosts." +"equiv> and E<.Pa /etc/ssh/ssh/shosts.equiv> are still used regardless of " +"this setting." +msgstr "" + +#. type: Plain text +#: opensuse-tumbleweed +msgid "" +"Specifies whether to allow keyboard-interactive authentication. All " +"authentication styles from E<.Xr login.defs 5> are supported. The default " +"is E<.Cm yes>. The argument to this keyword must be E<.Cm yes> or E<.Cm " +"no>. E<.Cm ChallengeResponseAuthentication> is a deprecated alias for this." +msgstr "" + +#. type: Plain text +#: opensuse-tumbleweed +#, no-wrap +msgid "" +"sntrup761x25519-sha512@openssh.com,\n" +"curve25519-sha256,curve25519-sha256@libssh.org,\n" +"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,\n" +"diffie-hellman-group-exchange-sha256,\n" +"diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,\n" +"diffie-hellman-group14-sha256,diffie-hellman-group14-sha1\n" +msgstr "" + +#. type: It +#: opensuse-tumbleweed +#, no-wrap +msgid "Cm UsePAMCheckLocks" +msgstr "" + +#. type: Plain text +#: opensuse-tumbleweed +msgid "" +"When set to E<.Dq yes> , the checks whether the account has been locked with " +"E<.Pa passwd -l> are performed even when PAM authentication is enabled via " +"E<.Cm UsePAM>. This is to ensure that it is not possible to log in with e." +"g. a public key (in such a case PAM is used only to set up the session and " +"some PAM modules will not check whether the account is locked in this " +"scenario). The default is E<.Dq no>." +msgstr "" |