# SOME DESCRIPTIVE TITLE # Copyright (C) YEAR Free Software Foundation, Inc. # This file is distributed under the same license as the PACKAGE package. # FIRST AUTHOR , YEAR. # #, fuzzy msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "POT-Creation-Date: 2024-05-01 15:54+0200\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "Last-Translator: FULL NAME \n" "Language-Team: LANGUAGE \n" "Language: \n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" #. type: Dd #: archlinux debian-unstable #, no-wrap msgid "$Mdocdate: February 21 2024 $" msgstr "" #. type: Dt #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed #, no-wrap msgid "SSHD_CONFIG 5" msgstr "" #. type: Sh #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed #, no-wrap msgid "NAME" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "E<.Nm sshd_config>" msgstr "" #. type: Nd #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed #, no-wrap msgid "OpenSSH daemon configuration file" msgstr "" #. type: Sh #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed #, no-wrap msgid "DESCRIPTION" msgstr "" #. type: Plain text #: archlinux debian-unstable fedora-40 fedora-rawhide mageia-cauldron msgid "" "E<.Xr sshd 8> reads configuration data from E<.Pa /etc/ssh/sshd_config> (or " "the file specified with E<.Fl f> on the command line). The file contains " "keyword-argument pairs, one per line. Unless noted otherwise, for each " "keyword, the first obtained value will be used. Lines starting with E<.Ql " "#> and empty lines are interpreted as comments. Arguments may optionally be " "enclosed in double quotes E<.Pq \\&\"> in order to represent arguments " "containing spaces." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "" "The possible keywords and their meanings are as follows (note that keywords " "are case-insensitive and arguments are case-sensitive):" msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed #, no-wrap msgid "Cm AcceptEnv" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "" "Specifies what environment variables sent by the client will be copied into " "the session's E<.Xr environ 7>. See E<.Cm SendEnv> and E<.Cm SetEnv> in E<." "Xr ssh_config 5> for how to configure the client. The E<.Ev TERM> " "environment variable is always accepted whenever the client requests a " "pseudo-terminal as it is required by the protocol. Variables are specified " "by name, which may contain the wildcard characters E<.Ql *> and E<.Ql \\&?" ">. Multiple environment variables may be separated by whitespace or spread " "across multiple E<.Cm AcceptEnv> directives. Be warned that some " "environment variables could be used to bypass restricted user environments. " "For this reason, care should be taken in the use of this directive. The " "default is not to accept any environment variables." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed #, no-wrap msgid "Cm AddressFamily" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "" "Specifies which address family should be used by E<.Xr sshd 8>. Valid " "arguments are E<.Cm any> (the default), E<.Cm inet> (use IPv4 only), or E<." "Cm inet6> (use IPv6 only)." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed #, no-wrap msgid "Cm AllowAgentForwarding" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "" "Specifies whether E<.Xr ssh-agent 1> forwarding is permitted. The default " "is E<.Cm yes>. Note that disabling agent forwarding does not improve " "security unless users are also denied shell access, as they can always " "install their own forwarders." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed #, no-wrap msgid "Cm AllowGroups" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "" "This keyword can be followed by a list of group name patterns, separated by " "spaces. If specified, login is allowed only for users whose primary group " "or supplementary group list matches one of the patterns. Only group names " "are valid; a numerical group ID is not recognized. By default, login is " "allowed for all groups. The allow/deny groups directives are processed in " "the following order: E<.Cm DenyGroups>, E<.Cm AllowGroups>." msgstr "" #. type: Plain text #: archlinux debian-unstable fedora-40 fedora-rawhide mageia-cauldron #: opensuse-tumbleweed msgid "" "See PATTERNS in E<.Xr ssh_config 5> for more information on patterns. This " "keyword may appear multiple times in E<.Nm> with each instance appending to " "the list." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed #, no-wrap msgid "Cm AllowStreamLocalForwarding" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "" "Specifies whether StreamLocal (Unix-domain socket) forwarding is permitted. " "The available options are E<.Cm yes> (the default) or E<.Cm all> to allow " "StreamLocal forwarding, E<.Cm no> to prevent all StreamLocal forwarding, E<." "Cm local> to allow local (from the perspective of E<.Xr ssh 1>) forwarding " "only or E<.Cm remote> to allow remote forwarding only. Note that disabling " "StreamLocal forwarding does not improve security unless users are also " "denied shell access, as they can always install their own forwarders." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed #, no-wrap msgid "Cm AllowTcpForwarding" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "" "Specifies whether TCP forwarding is permitted. The available options are E<." "Cm yes> (the default) or E<.Cm all> to allow TCP forwarding, E<.Cm no> to " "prevent all TCP forwarding, E<.Cm local> to allow local (from the " "perspective of E<.Xr ssh 1>) forwarding only or E<.Cm remote> to allow " "remote forwarding only. Note that disabling TCP forwarding does not improve " "security unless users are also denied shell access, as they can always " "install their own forwarders." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed #, no-wrap msgid "Cm AllowUsers" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "" "This keyword can be followed by a list of user name patterns, separated by " "spaces. If specified, login is allowed only for user names that match one " "of the patterns. Only user names are valid; a numerical user ID is not " "recognized. By default, login is allowed for all users. If the pattern " "takes the form USER@HOST then USER and HOST are separately checked, " "restricting logins to particular users from particular hosts. HOST criteria " "may additionally contain addresses to match in CIDR address/masklen format. " "The allow/deny users directives are processed in the following order: E<.Cm " "DenyUsers>, E<.Cm AllowUsers>." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed #, no-wrap msgid "Cm AuthenticationMethods" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "" "Specifies the authentication methods that must be successfully completed for " "a user to be granted access. This option must be followed by one or more " "lists of comma-separated authentication method names, or by the single " "string E<.Cm any> to indicate the default behaviour of accepting any single " "authentication method. If the default is overridden, then successful " "authentication requires completion of every method in at least one of these " "lists." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "" "For example, E<.Qq publickey,password publickey,keyboard-interactive> would " "require the user to complete public key authentication, followed by either " "password or keyboard interactive authentication. Only methods that are next " "in one or more lists are offered at each stage, so for this example it would " "not be possible to attempt password or keyboard-interactive authentication " "before public key." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "" "For keyboard interactive authentication it is also possible to restrict " "authentication to a specific device by appending a colon followed by the " "device identifier E<.Cm bsdauth> or E<.Cm pam>. depending on the server " "configuration. For example, E<.Qq keyboard-interactive:bsdauth> would " "restrict keyboard interactive authentication to the E<.Cm bsdauth> device." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "" "If the publickey method is listed more than once, E<.Xr sshd 8> verifies " "that keys that have been used successfully are not reused for subsequent " "authentications. For example, E<.Qq publickey,publickey> requires " "successful authentication using two different public keys." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "" "Note that each authentication method listed should also be explicitly " "enabled in the configuration." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "" "The available authentication methods are: E<.Qq gssapi-with-mic>, E<.Qq " "hostbased>, E<.Qq keyboard-interactive>, E<.Qq none> (used for access to " "password-less accounts when E<.Cm PermitEmptyPasswords> is enabled), E<.Qq " "password> and E<.Qq publickey>." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed #, no-wrap msgid "Cm AuthorizedKeysCommand" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "" "Specifies a program to be used to look up the user's public keys. The " "program must be owned by root, not writable by group or others and specified " "by an absolute path. Arguments to E<.Cm AuthorizedKeysCommand> accept the " "tokens described in the E<.Sx TOKENS> section. If no arguments are " "specified then the username of the target user is used." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "" "The program should produce on standard output zero or more lines of " "authorized_keys output (see E<.Sx AUTHORIZED_KEYS> in E<.Xr sshd 8>). E<.Cm " "AuthorizedKeysCommand> is tried after the usual E<.Cm AuthorizedKeysFile> " "files and will not be executed if a matching key is found there. By " "default, no E<.Cm AuthorizedKeysCommand> is run." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed #, no-wrap msgid "Cm AuthorizedKeysCommandUser" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "" "Specifies the user under whose account the E<.Cm AuthorizedKeysCommand> is " "run. It is recommended to use a dedicated user that has no other role on " "the host than running authorized keys commands. If E<.Cm " "AuthorizedKeysCommand> is specified but E<.Cm AuthorizedKeysCommandUser> is " "not, then E<.Xr sshd 8> will refuse to start." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed #, no-wrap msgid "Cm AuthorizedKeysFile" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "" "Specifies the file that contains the public keys used for user " "authentication. The format is described in the AUTHORIZED_KEYS FILE FORMAT " "section of E<.Xr sshd 8>. Arguments to E<.Cm AuthorizedKeysFile> accept the " "tokens described in the E<.Sx TOKENS> section. After expansion, E<.Cm " "AuthorizedKeysFile> is taken to be an absolute path or one relative to the " "user's home directory. Multiple files may be listed, separated by " "whitespace. Alternately this option may be set to E<.Cm none> to skip " "checking for user keys in files. The default is E<.Qq .ssh/authorized_keys ." "ssh/authorized_keys2>." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed #, no-wrap msgid "Cm AuthorizedPrincipalsCommand" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "" "Specifies a program to be used to generate the list of allowed certificate " "principals as per E<.Cm AuthorizedPrincipalsFile>. The program must be " "owned by root, not writable by group or others and specified by an absolute " "path. Arguments to E<.Cm AuthorizedPrincipalsCommand> accept the tokens " "described in the E<.Sx TOKENS> section. If no arguments are specified then " "the username of the target user is used." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "" "The program should produce on standard output zero or more lines of E<.Cm " "AuthorizedPrincipalsFile> output. If either E<.Cm " "AuthorizedPrincipalsCommand> or E<.Cm AuthorizedPrincipalsFile> is " "specified, then certificates offered by the client for authentication must " "contain a principal that is listed. By default, no E<.Cm " "AuthorizedPrincipalsCommand> is run." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed #, no-wrap msgid "Cm AuthorizedPrincipalsCommandUser" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "" "Specifies the user under whose account the E<.Cm " "AuthorizedPrincipalsCommand> is run. It is recommended to use a dedicated " "user that has no other role on the host than running authorized principals " "commands. If E<.Cm AuthorizedPrincipalsCommand> is specified but E<.Cm " "AuthorizedPrincipalsCommandUser> is not, then E<.Xr sshd 8> will refuse to " "start." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed #, no-wrap msgid "Cm AuthorizedPrincipalsFile" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "" "Specifies a file that lists principal names that are accepted for " "certificate authentication. When using certificates signed by a key listed " "in E<.Cm TrustedUserCAKeys>, this file lists names, one of which must appear " "in the certificate for it to be accepted for authentication. Names are " "listed one per line preceded by key options (as described in E<.Sx " "AUTHORIZED_KEYS FILE FORMAT> in E<.Xr sshd 8>). Empty lines and comments " "starting with E<.Ql #> are ignored." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "" "Arguments to E<.Cm AuthorizedPrincipalsFile> accept the tokens described in " "the E<.Sx TOKENS> section. After expansion, E<.Cm AuthorizedPrincipalsFile> " "is taken to be an absolute path or one relative to the user's home " "directory. The default is E<.Cm none>, i.e. not to use a principals file " "\\(en in this case, the username of the user must appear in a certificate's " "principals list for it to be accepted." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "" "Note that E<.Cm AuthorizedPrincipalsFile> is only used when authentication " "proceeds using a CA listed in E<.Cm TrustedUserCAKeys> and is not consulted " "for certification authorities trusted via E<.Pa ~/.ssh/authorized_keys>, " "though the E<.Cm principals=> key option offers a similar facility (see E<." "Xr sshd 8> for details)." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed #, no-wrap msgid "Cm Banner" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "" "The contents of the specified file are sent to the remote user before " "authentication is allowed. If the argument is E<.Cm none> then no banner is " "displayed. By default, no banner is displayed." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed #, no-wrap msgid "Cm CASignatureAlgorithms" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable msgid "" "Specifies which algorithms are allowed for signing of certificates by " "certificate authorities (CAs). The default is:" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable #, no-wrap msgid "" "ssh-ed25519,ecdsa-sha2-nistp256,\n" "ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,\n" "sk-ssh-ed25519@openssh.com,\n" "sk-ecdsa-sha2-nistp256@openssh.com,\n" "rsa-sha2-512,rsa-sha2-256\n" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable msgid "" "If the specified list begins with a E<.Sq +> character, then the specified " "algorithms will be appended to the default set instead of replacing them. " "If the specified list begins with a E<.Sq -> character, then the specified " "algorithms (including wildcards) will be removed from the default set " "instead of replacing them." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "" "Certificates signed using other algorithms will not be accepted for public " "key or host-based authentication." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed #, no-wrap msgid "Cm ChannelTimeout" msgstr "" #. type: Plain text #: archlinux debian-unstable msgid "" "Specifies whether and how quickly E<.Xr sshd 8> should close inactive " "channels. Timeouts are specified as one or more E<.Dq type=interval> pairs " "separated by whitespace, where the E<.Dq type> must be the special keyword " "E<.Dq global> or a channel type name from the list below, optionally " "containing wildcard characters." msgstr "" #. type: Plain text #: archlinux debian-unstable msgid "" "The timeout value E<.Dq interval> is specified in seconds or may use any of " "the units documented in the E<.Sx TIME FORMATS> section. For example, E<.Dq " "session=5m> would cause interactive sessions to terminate after five minutes " "of inactivity. Specifying a zero value disables the inactivity timeout." msgstr "" #. type: Plain text #: archlinux debian-unstable msgid "" "The special timeout E<.Dq global> applies to all active channels, taken " "together. Traffic on any active channel will reset the timeout, but when " "the timeout expires then all open channels will be closed. Note that this " "global timeout is not matched by wildcards and must be specified explicitly." msgstr "" #. type: Plain text #: archlinux debian-unstable msgid "The available channel type names include:" msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed #, no-wrap msgid "Cm agent-connection" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "Open connections to E<.Xr ssh-agent 1>." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed #, no-wrap msgid "Cm direct-tcpip , Cm direct-streamlocal@openssh.com" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "" "Open TCP or Unix socket (respectively) connections that have been " "established from a E<.Xr ssh 1> local forwarding, i.e.\\& E<.Cm " "LocalForward> or E<.Cm DynamicForward>." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed #, no-wrap msgid "Cm forwarded-tcpip , Cm forwarded-streamlocal@openssh.com" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "" "Open TCP or Unix socket (respectively) connections that have been " "established to a E<.Xr sshd 8> listening on behalf of a E<.Xr ssh 1> remote " "forwarding, i.e.\\& E<.Cm RemoteForward>." msgstr "" #. type: It #: archlinux debian-unstable #, no-wrap msgid "Cm session" msgstr "" #. type: Plain text #: archlinux debian-unstable msgid "" "The interactive main session, including shell session, command execution, E<." "Xr scp 1>, E<.Xr sftp 1>, etc." msgstr "" #. type: It #: archlinux debian-unstable #, no-wrap msgid "Cm tun-connection" msgstr "" #. type: Plain text #: archlinux debian-unstable msgid "Open E<.Cm TunnelForward> connections." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed #, no-wrap msgid "Cm x11-connection" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "Open X11 forwarding sessions." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "" "Note that in all the above cases, terminating an inactive session does not " "guarantee to remove all resources associated with the session, e.g. shell " "processes or X11 clients relating to the session may continue to execute." msgstr "" #. type: Plain text #: archlinux debian-unstable msgid "" "Moreover, terminating an inactive channel or session does not necessarily " "close the SSH connection, nor does it prevent a client from requesting " "another channel of the same type. In particular, expiring an inactive " "forwarding session does not prevent another identical forwarding from being " "subsequently created." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "The default is not to expire channels of any type for inactivity." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed #, no-wrap msgid "Cm ChrootDirectory" msgstr "" #. type: Plain text #: archlinux debian-unstable msgid "" "Specifies the pathname of a directory to E<.Xr chroot 2> to after " "authentication. At session startup E<.Xr sshd 8> checks that all components " "of the pathname are root-owned directories which are not writable by group " "or others. After the chroot, E<.Xr sshd 8> changes the working directory to " "the user's home directory. Arguments to E<.Cm ChrootDirectory> accept the " "tokens described in the E<.Sx TOKENS> section." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "" "The E<.Cm ChrootDirectory> must contain the necessary files and directories " "to support the user's session. For an interactive session this requires at " "least a shell, typically E<.Xr sh 1>, and basic E<.Pa /dev> nodes such as E<." "Xr null 4>, E<.Xr zero 4>, E<.Xr stdin 4>, E<.Xr stdout 4>, E<.Xr stderr 4>, " "and E<.Xr tty 4> devices. For file transfer sessions using SFTP no " "additional configuration of the environment is necessary if the in-process " "sftp-server is used, though sessions which use logging may require E<.Pa /" "dev/log> inside the chroot directory on some operating systems (see E<.Xr " "sftp-server 8> for details)." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "" "For safety, it is very important that the directory hierarchy be prevented " "from modification by other processes on the system (especially those outside " "the jail). Misconfiguration can lead to unsafe environments which E<.Xr " "sshd 8> cannot detect." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "The default is E<.Cm none>, indicating not to E<.Xr chroot 2>." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed #, no-wrap msgid "Cm Ciphers" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable msgid "" "Specifies the ciphers allowed. Multiple ciphers must be comma-separated. " "If the specified list begins with a E<.Sq +> character, then the specified " "ciphers will be appended to the default set instead of replacing them. If " "the specified list begins with a E<.Sq -> character, then the specified " "ciphers (including wildcards) will be removed from the default set instead " "of replacing them. If the specified list begins with a E<.Sq ^> character, " "then the specified ciphers will be placed at the head of the default set." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "The supported ciphers are:" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "3des-cbc" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "aes128-cbc" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "aes192-cbc" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "aes256-cbc" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "aes128-ctr" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "aes192-ctr" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "aes256-ctr" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "aes128-gcm@openssh.com" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "aes256-gcm@openssh.com" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "chacha20-poly1305@openssh.com" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable msgid "The default is:" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable #, no-wrap msgid "" "chacha20-poly1305@openssh.com,\n" "aes128-ctr,aes192-ctr,aes256-ctr,\n" "aes128-gcm@openssh.com,aes256-gcm@openssh.com\n" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "" "The list of available ciphers may also be obtained using E<.Qq ssh -Q " "cipher>." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed #, no-wrap msgid "Cm ClientAliveCountMax" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "" "Sets the number of client alive messages which may be sent without E<.Xr " "sshd 8> receiving any messages back from the client. If this threshold is " "reached while client alive messages are being sent, sshd will disconnect the " "client, terminating the session. It is important to note that the use of " "client alive messages is very different from E<.Cm TCPKeepAlive>. The " "client alive messages are sent through the encrypted channel and therefore " "will not be spoofable. The TCP keepalive option enabled by E<.Cm " "TCPKeepAlive> is spoofable. The client alive mechanism is valuable when the " "client or server depend on knowing when a connection has become unresponsive." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "" "The default value is 3. If E<.Cm ClientAliveInterval> is set to 15, and E<." "Cm ClientAliveCountMax> is left at the default, unresponsive SSH clients " "will be disconnected after approximately 45 seconds. Setting a zero E<.Cm " "ClientAliveCountMax> disables connection termination." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed #, no-wrap msgid "Cm ClientAliveInterval" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "" "Sets a timeout interval in seconds after which if no data has been received " "from the client, E<.Xr sshd 8> will send a message through the encrypted " "channel to request a response from the client. The default is 0, indicating " "that these messages will not be sent to the client." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed #, no-wrap msgid "Cm Compression" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "" "Specifies whether compression is enabled after the user has authenticated " "successfully. The argument must be E<.Cm yes>, E<.Cm delayed> (a legacy " "synonym for E<.Cm yes>) or E<.Cm no>. The default is E<.Cm yes>." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed #, no-wrap msgid "Cm DenyGroups" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "" "This keyword can be followed by a list of group name patterns, separated by " "spaces. Login is disallowed for users whose primary group or supplementary " "group list matches one of the patterns. Only group names are valid; a " "numerical group ID is not recognized. By default, login is allowed for all " "groups. The allow/deny groups directives are processed in the following " "order: E<.Cm DenyGroups>, E<.Cm AllowGroups>." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed #, no-wrap msgid "Cm DenyUsers" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "" "This keyword can be followed by a list of user name patterns, separated by " "spaces. Login is disallowed for user names that match one of the patterns. " "Only user names are valid; a numerical user ID is not recognized. By " "default, login is allowed for all users. If the pattern takes the form " "USER@HOST then USER and HOST are separately checked, restricting logins to " "particular users from particular hosts. HOST criteria may additionally " "contain addresses to match in CIDR address/masklen format. The allow/deny " "users directives are processed in the following order: E<.Cm DenyUsers>, E<." "Cm AllowUsers>." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed #, no-wrap msgid "Cm DisableForwarding" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "" "Disables all forwarding features, including X11, E<.Xr ssh-agent 1>, TCP and " "StreamLocal. This option overrides all other forwarding-related options and " "may simplify restricted configurations." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed #, no-wrap msgid "Cm ExposeAuthInfo" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "" "Writes a temporary file containing a list of authentication methods and " "public credentials (e.g. keys) used to authenticate the user. The location " "of the file is exposed to the user session through the E<.Ev SSH_USER_AUTH> " "environment variable. The default is E<.Cm no>." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed #, no-wrap msgid "Cm FingerprintHash" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "" "Specifies the hash algorithm used when logging key fingerprints. Valid " "options are: E<.Cm md5> and E<.Cm sha256>. The default is E<.Cm sha256>." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed #, no-wrap msgid "Cm ForceCommand" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "" "Forces the execution of the command specified by E<.Cm ForceCommand>, " "ignoring any command supplied by the client and E<.Pa ~/.ssh/rc> if " "present. The command is invoked by using the user's login shell with the -c " "option. This applies to shell, command, or subsystem execution. It is most " "useful inside a E<.Cm Match> block. The command originally supplied by the " "client is available in the E<.Ev SSH_ORIGINAL_COMMAND> environment " "variable. Specifying a command of E<.Cm internal-sftp> will force the use " "of an in-process SFTP server that requires no support files when used with " "E<.Cm ChrootDirectory>. The default is E<.Cm none>." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed #, no-wrap msgid "Cm GatewayPorts" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "" "Specifies whether remote hosts are allowed to connect to ports forwarded for " "the client. By default, E<.Xr sshd 8> binds remote port forwardings to the " "loopback address. This prevents other remote hosts from connecting to " "forwarded ports. E<.Cm GatewayPorts> can be used to specify that sshd " "should allow remote port forwardings to bind to non-loopback addresses, thus " "allowing other hosts to connect. The argument may be E<.Cm no> to force " "remote port forwardings to be available to the local host only, E<.Cm yes> " "to force remote port forwardings to bind to the wildcard address, or E<.Cm " "clientspecified> to allow the client to select the address to which the " "forwarding is bound. The default is E<.Cm no>." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed #, no-wrap msgid "Cm GSSAPIAuthentication" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "" "Specifies whether user authentication based on GSSAPI is allowed. The " "default is E<.Cm no>." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed #, no-wrap msgid "Cm GSSAPICleanupCredentials" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "" "Specifies whether to automatically destroy the user's credentials cache on " "logout. The default is E<.Cm yes>." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed #, no-wrap msgid "Cm GSSAPIStrictAcceptorCheck" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "" "Determines whether to be strict about the identity of the GSSAPI acceptor a " "client authenticates against. If set to E<.Cm yes> then the client must " "authenticate against the host service on the current hostname. If set to E<." "Cm no> then the client may authenticate against any service key stored in " "the machine's default store. This facility is provided to assist with " "operation on multi homed machines. The default is E<.Cm yes>." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed #, no-wrap msgid "Cm HostbasedAcceptedAlgorithms" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable mageia-cauldron msgid "" "Specifies the signature algorithms that will be accepted for hostbased " "authentication as a list of comma-separated patterns. Alternately if the " "specified list begins with a E<.Sq +> character, then the specified " "signature algorithms will be appended to the default set instead of " "replacing them. If the specified list begins with a E<.Sq -> character, " "then the specified signature algorithms (including wildcards) will be " "removed from the default set instead of replacing them. If the specified " "list begins with a E<.Sq ^> character, then the specified signature " "algorithms will be placed at the head of the default set. The default for " "this option is:" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable mageia-cauldron #, no-wrap msgid "" "ssh-ed25519-cert-v01@openssh.com,\n" "ecdsa-sha2-nistp256-cert-v01@openssh.com,\n" "ecdsa-sha2-nistp384-cert-v01@openssh.com,\n" "ecdsa-sha2-nistp521-cert-v01@openssh.com,\n" "sk-ssh-ed25519-cert-v01@openssh.com,\n" "sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,\n" "rsa-sha2-512-cert-v01@openssh.com,\n" "rsa-sha2-256-cert-v01@openssh.com,\n" "ssh-ed25519,\n" "ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,\n" "sk-ssh-ed25519@openssh.com,\n" "sk-ecdsa-sha2-nistp256@openssh.com,\n" "rsa-sha2-512,rsa-sha2-256\n" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "" "The list of available signature algorithms may also be obtained using E<.Qq " "ssh -Q HostbasedAcceptedAlgorithms>. This was formerly named " "HostbasedAcceptedKeyTypes." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed #, no-wrap msgid "Cm HostbasedAuthentication" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "" "Specifies whether rhosts or /etc/hosts.equiv authentication together with " "successful public key client host authentication is allowed (host-based " "authentication). The default is E<.Cm no>." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed #, no-wrap msgid "Cm HostbasedUsesNameFromPacketOnly" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "" "Specifies whether or not the server will attempt to perform a reverse name " "lookup when matching the name in the E<.Pa ~/.shosts>, E<.Pa ~/.rhosts>, and " "E<.Pa /etc/hosts.equiv> files during E<.Cm HostbasedAuthentication>. A " "setting of E<.Cm yes> means that E<.Xr sshd 8> uses the name supplied by the " "client rather than attempting to resolve the name from the TCP connection " "itself. The default is E<.Cm no>." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed #, no-wrap msgid "Cm HostCertificate" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "" "Specifies a file containing a public host certificate. The certificate's " "public key must match a private host key already specified by E<.Cm " "HostKey>. The default behaviour of E<.Xr sshd 8> is not to load any " "certificates." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed #, no-wrap msgid "Cm HostKey" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "" "Specifies a file containing a private host key used by SSH. The defaults " "are E<.Pa /etc/ssh/ssh_host_ecdsa_key>, E<.Pa /etc/ssh/ssh_host_ed25519_key> " "and E<.Pa /etc/ssh/ssh_host_rsa_key>." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "" "Note that E<.Xr sshd 8> will refuse to use a file if it is group/world-" "accessible and that the E<.Cm HostKeyAlgorithms> option restricts which of " "the keys are actually used by E<.Xr sshd 8>." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "" "It is possible to have multiple host key files. It is also possible to " "specify public host key files instead. In this case operations on the " "private key will be delegated to an E<.Xr ssh-agent 1>." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed #, no-wrap msgid "Cm HostKeyAgent" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "" "Identifies the UNIX-domain socket used to communicate with an agent that has " "access to the private host keys. If the string E<.Qq SSH_AUTH_SOCK> is " "specified, the location of the socket will be read from the E<.Ev " "SSH_AUTH_SOCK> environment variable." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed #, no-wrap msgid "Cm HostKeyAlgorithms" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable msgid "" "Specifies the host key signature algorithms that the server offers. The " "default for this option is:" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable msgid "" "The list of available signature algorithms may also be obtained using E<.Qq " "ssh -Q HostKeyAlgorithms>." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed #, no-wrap msgid "Cm IgnoreRhosts" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "Specifies whether to ignore per-user E<.Pa .rhosts> and E<.Pa .shosts> files " "during E<.Cm HostbasedAuthentication>. The system-wide E<.Pa /etc/hosts." "equiv> and E<.Pa /etc/ssh/shosts.equiv> are still used regardless of this " "setting." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "" "Accepted values are E<.Cm yes> (the default) to ignore all per-user files, " "E<.Cm shosts-only> to allow the use of E<.Pa .shosts> but to ignore E<.Pa ." "rhosts> or E<.Cm no> to allow both E<.Pa .shosts> and E<.Pa rhosts>." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed #, no-wrap msgid "Cm IgnoreUserKnownHosts" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "" "Specifies whether E<.Xr sshd 8> should ignore the user's E<.Pa ~/.ssh/" "known_hosts> during E<.Cm HostbasedAuthentication> and use only the system-" "wide known hosts file E<.Pa /etc/ssh/ssh_known_hosts>. The default is E<.Dq " "no>." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed #, no-wrap msgid "Cm Include" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "" "Include the specified configuration file(s). Multiple pathnames may be " "specified and each pathname may contain E<.Xr glob 7> wildcards that will be " "expanded and processed in lexical order. Files without absolute paths are " "assumed to be in E<.Pa /etc/ssh>. An E<.Cm Include> directive may appear " "inside a E<.Cm Match> block to perform conditional inclusion." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed #, no-wrap msgid "Cm IPQoS" msgstr "" #. type: Plain text #: archlinux fedora-40 fedora-rawhide mageia-cauldron msgid "" "Specifies the IPv4 type-of-service or DSCP class for the connection. " "Accepted values are E<.Cm af11>, E<.Cm af12>, E<.Cm af13>, E<.Cm af21>, E<." "Cm af22>, E<.Cm af23>, E<.Cm af31>, E<.Cm af32>, E<.Cm af33>, E<.Cm af41>, " "E<.Cm af42>, E<.Cm af43>, E<.Cm cs0>, E<.Cm cs1>, E<.Cm cs2>, E<.Cm cs3>, E<." "Cm cs4>, E<.Cm cs5>, E<.Cm cs6>, E<.Cm cs7>, E<.Cm ef>, E<.Cm le>, E<.Cm " "lowdelay>, E<.Cm throughput>, E<.Cm reliability>, a numeric value, or E<.Cm " "none> to use the operating system default. This option may take one or two " "arguments, separated by whitespace. If one argument is specified, it is " "used as the packet class unconditionally. If two values are specified, the " "first is automatically selected for interactive sessions and the second for " "non-interactive sessions. The default is E<.Cm af21> (Low-Latency Data) " "for interactive sessions and E<.Cm cs1> (Lower Effort) for non-interactive " "sessions." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed #, no-wrap msgid "Cm KbdInteractiveAuthentication" msgstr "" #. type: Plain text #: archlinux fedora-40 fedora-rawhide mageia-cauldron msgid "" "Specifies whether to allow keyboard-interactive authentication. All " "authentication styles from E<.Xr login.conf 5> are supported. The default " "is E<.Cm yes>. The argument to this keyword must be E<.Cm yes> or E<.Cm " "no>. E<.Cm ChallengeResponseAuthentication> is a deprecated alias for this." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed #, no-wrap msgid "Cm KerberosAuthentication" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "" "Specifies whether the password provided by the user for E<.Cm " "PasswordAuthentication> will be validated through the Kerberos KDC. To use " "this option, the server needs a Kerberos servtab which allows the " "verification of the KDC's identity. The default is E<.Cm no>." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed #, no-wrap msgid "Cm KerberosGetAFSToken" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "" "If AFS is active and the user has a Kerberos 5 TGT, attempt to acquire an " "AFS token before accessing the user's home directory. The default is E<.Cm " "no>." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed #, no-wrap msgid "Cm KerberosOrLocalPasswd" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "" "If password authentication through Kerberos fails then the password will be " "validated via any additional local mechanism such as E<.Pa /etc/passwd>. " "The default is E<.Cm yes>." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed #, no-wrap msgid "Cm KerberosTicketCleanup" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "" "Specifies whether to automatically destroy the user's ticket cache file on " "logout. The default is E<.Cm yes>." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed #, no-wrap msgid "Cm KexAlgorithms" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable msgid "" "Specifies the available KEX (Key Exchange) algorithms. Multiple algorithms " "must be comma-separated. Alternately if the specified list begins with a E<." "Sq +> character, then the specified algorithms will be appended to the " "default set instead of replacing them. If the specified list begins with a " "E<.Sq -> character, then the specified algorithms (including wildcards) will " "be removed from the default set instead of replacing them. If the specified " "list begins with a E<.Sq ^> character, then the specified algorithms will be " "placed at the head of the default set. The supported algorithms are:" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "curve25519-sha256" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "curve25519-sha256@libssh.org" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "diffie-hellman-group1-sha1" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "diffie-hellman-group14-sha1" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "diffie-hellman-group14-sha256" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "diffie-hellman-group16-sha512" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "diffie-hellman-group18-sha512" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "diffie-hellman-group-exchange-sha1" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "diffie-hellman-group-exchange-sha256" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "ecdh-sha2-nistp256" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "ecdh-sha2-nistp384" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "ecdh-sha2-nistp521" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "sntrup761x25519-sha512@openssh.com" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable #, no-wrap msgid "" "sntrup761x25519-sha512@openssh.com,\n" "curve25519-sha256,curve25519-sha256@libssh.org,\n" "ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,\n" "diffie-hellman-group-exchange-sha256,\n" "diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,\n" "diffie-hellman-group14-sha256\n" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "" "The list of available key exchange algorithms may also be obtained using E<." "Qq ssh -Q KexAlgorithms>." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed #, no-wrap msgid "Cm ListenAddress" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "" "Specifies the local addresses E<.Xr sshd 8> should listen on. The following " "forms may be used:" msgstr "" #. type: Plain text #: archlinux fedora-40 fedora-rawhide mageia-cauldron opensuse-tumbleweed msgid "" "E<.Cm ListenAddress> E<.Sm off> E<.Ar hostname | address> E<.Sm on> E<.Op Cm " "rdomain Ar domain>" msgstr "" #. type: Plain text #: archlinux fedora-40 fedora-rawhide mageia-cauldron opensuse-tumbleweed msgid "" "E<.Cm ListenAddress> E<.Sm off> E<.Ar hostname : port> E<.Sm on> E<.Op Cm " "rdomain Ar domain>" msgstr "" #. type: Plain text #: archlinux fedora-40 fedora-rawhide mageia-cauldron opensuse-tumbleweed msgid "" "E<.Cm ListenAddress> E<.Sm off> E<.Ar IPv4_address : port> E<.Sm on> E<.Op " "Cm rdomain Ar domain>" msgstr "" #. type: Plain text #: archlinux fedora-40 fedora-rawhide mageia-cauldron opensuse-tumbleweed msgid "" "E<.Cm ListenAddress> E<.Sm off> E<.Oo Ar hostname | address Oc : Ar port> E<." "Sm on> E<.Op Cm rdomain Ar domain>" msgstr "" #. type: Plain text #: archlinux fedora-40 fedora-rawhide mageia-cauldron opensuse-tumbleweed msgid "" "The optional E<.Cm rdomain> qualifier requests E<.Xr sshd 8> listen in an " "explicit routing domain. If E<.Ar port> is not specified, sshd will listen " "on the address and all E<.Cm Port> options specified. The default is to " "listen on all local addresses on the current default routing domain. " "Multiple E<.Cm ListenAddress> options are permitted. For more information " "on routing domains, see E<.Xr rdomain 4>." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed #, no-wrap msgid "Cm LoginGraceTime" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "" "The server disconnects after this time if the user has not successfully " "logged in. If the value is 0, there is no time limit. The default is 120 " "seconds." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed #, no-wrap msgid "Cm LogLevel" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "" "Gives the verbosity level that is used when logging messages from E<.Xr sshd " "8>. The possible values are: QUIET, FATAL, ERROR, INFO, VERBOSE, DEBUG, " "DEBUG1, DEBUG2, and DEBUG3. The default is INFO. DEBUG and DEBUG1 are " "equivalent. DEBUG2 and DEBUG3 each specify higher levels of debugging " "output. Logging with a DEBUG level violates the privacy of users and is not " "recommended." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed #, no-wrap msgid "Cm LogVerbose" msgstr "" #. type: Plain text #: archlinux debian-unstable msgid "" "Specify one or more overrides to E<.Cm LogLevel>. An override consists of a " "pattern lists that matches the source file, function and line number to " "force detailed logging for. For example, an override pattern of:" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed #, no-wrap msgid "kex.c:*:1000,*:kex_exchange_identification():*,packet.c:*\n" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "" "would enable detailed logging for line 1000 of E<.Pa kex.c>, everything in " "the E<.Fn kex_exchange_identification> function, and all code in the E<.Pa " "packet.c> file. This option is intended for debugging and no overrides are " "enabled by default." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed #, no-wrap msgid "Cm MACs" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable msgid "" "Specifies the available MAC (message authentication code) algorithms. The " "MAC algorithm is used for data integrity protection. Multiple algorithms " "must be comma-separated. If the specified list begins with a E<.Sq +> " "character, then the specified algorithms will be appended to the default set " "instead of replacing them. If the specified list begins with a E<.Sq -> " "character, then the specified algorithms (including wildcards) will be " "removed from the default set instead of replacing them. If the specified " "list begins with a E<.Sq ^> character, then the specified algorithms will be " "placed at the head of the default set." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "" "The algorithms that contain E<.Qq -etm> calculate the MAC after encryption " "(encrypt-then-mac). These are considered safer and their use recommended. " "The supported MACs are:" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "hmac-md5" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "hmac-md5-96" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "hmac-sha1" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "hmac-sha1-96" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "hmac-sha2-256" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "hmac-sha2-512" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "umac-64@openssh.com" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "umac-128@openssh.com" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "hmac-md5-etm@openssh.com" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "hmac-md5-96-etm@openssh.com" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "hmac-sha1-etm@openssh.com" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "hmac-sha1-96-etm@openssh.com" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "hmac-sha2-256-etm@openssh.com" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "hmac-sha2-512-etm@openssh.com" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "umac-64-etm@openssh.com" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "umac-128-etm@openssh.com" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable #, no-wrap msgid "" "umac-64-etm@openssh.com,umac-128-etm@openssh.com,\n" "hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,\n" "hmac-sha1-etm@openssh.com,\n" "umac-64@openssh.com,umac-128@openssh.com,\n" "hmac-sha2-256,hmac-sha2-512,hmac-sha1\n" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "" "The list of available MAC algorithms may also be obtained using E<.Qq ssh -Q " "mac>." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed #, no-wrap msgid "Cm Match" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "" "Introduces a conditional block. If all of the criteria on the E<.Cm Match> " "line are satisfied, the keywords on the following lines override those set " "in the global section of the config file, until either another E<.Cm Match> " "line or the end of the file. If a keyword appears in multiple E<.Cm Match> " "blocks that are satisfied, only the first instance of the keyword is applied." msgstr "" #. type: Plain text #: archlinux fedora-40 fedora-rawhide mageia-cauldron opensuse-tumbleweed msgid "" "The arguments to E<.Cm Match> are one or more criteria-pattern pairs or the " "single token E<.Cm All> which matches all criteria. The available criteria " "are E<.Cm User>, E<.Cm Group>, E<.Cm Host>, E<.Cm LocalAddress>, E<.Cm " "LocalPort>, E<.Cm RDomain>, and E<.Cm Address> (with E<.Cm RDomain> " "representing the E<.Xr rdomain 4> on which the connection was received)." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "" "The match patterns may consist of single entries or comma-separated lists " "and may use the wildcard and negation operators described in the E<.Sx " "PATTERNS> section of E<.Xr ssh_config 5>." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "" "The patterns in an E<.Cm Address> criteria may additionally contain " "addresses to match in CIDR address/masklen format, such as 192.0.2.0/24 or " "2001:db8::/32. Note that the mask length provided must be consistent with " "the address - it is an error to specify a mask length that is too long for " "the address or one with bits set in this host portion of the address. For " "example, 192.0.2.0/33 and 192.0.2.0/8, respectively." msgstr "" #. type: Plain text #: archlinux opensuse-tumbleweed msgid "" "Only a subset of keywords may be used on the lines following a E<.Cm Match> " "keyword. Available keywords are E<.Cm AcceptEnv>, E<.Cm " "AllowAgentForwarding>, E<.Cm AllowGroups>, E<.Cm " "AllowStreamLocalForwarding>, E<.Cm AllowTcpForwarding>, E<.Cm AllowUsers>, " "E<.Cm AuthenticationMethods>, E<.Cm AuthorizedKeysCommand>, E<.Cm " "AuthorizedKeysCommandUser>, E<.Cm AuthorizedKeysFile>, E<.Cm " "AuthorizedPrincipalsCommand>, E<.Cm AuthorizedPrincipalsCommandUser>, E<.Cm " "AuthorizedPrincipalsFile>, E<.Cm Banner>, E<.Cm CASignatureAlgorithms>, E<." "Cm ChannelTimeout>, E<.Cm ChrootDirectory>, E<.Cm ClientAliveCountMax>, E<." "Cm ClientAliveInterval>, E<.Cm DenyGroups>, E<.Cm DenyUsers>, E<.Cm " "DisableForwarding>, E<.Cm ExposeAuthInfo>, E<.Cm ForceCommand>, E<.Cm " "GatewayPorts>, E<.Cm GSSAPIAuthentication>, E<.Cm " "HostbasedAcceptedAlgorithms>, E<.Cm HostbasedAuthentication>, E<.Cm " "HostbasedUsesNameFromPacketOnly>, E<.Cm IgnoreRhosts>, E<.Cm Include>, E<.Cm " "IPQoS>, E<.Cm KbdInteractiveAuthentication>, E<.Cm KerberosAuthentication>, " "E<.Cm LogLevel>, E<.Cm MaxAuthTries>, E<.Cm MaxSessions>, E<.Cm " "PasswordAuthentication>, E<.Cm PermitEmptyPasswords>, E<.Cm PermitListen>, " "E<.Cm PermitOpen>, E<.Cm PermitRootLogin>, E<.Cm PermitTTY>, E<.Cm " "PermitTunnel>, E<.Cm PermitUserRC>, E<.Cm PubkeyAcceptedAlgorithms>, E<.Cm " "PubkeyAuthentication>, E<.Cm PubkeyAuthOptions>, E<.Cm RekeyLimit>, E<.Cm " "RevokedKeys>, E<.Cm RDomain>, E<.Cm SetEnv>, E<.Cm StreamLocalBindMask>, E<." "Cm StreamLocalBindUnlink>, E<.Cm TrustedUserCAKeys>, E<.Cm " "UnusedConnectionTimeout>, E<.Cm X11DisplayOffset>, E<.Cm X11Forwarding> and " "E<.Cm X11UseLocalhost>." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed #, no-wrap msgid "Cm MaxAuthTries" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "" "Specifies the maximum number of authentication attempts permitted per " "connection. Once the number of failures reaches half this value, additional " "failures are logged. The default is 6." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed #, no-wrap msgid "Cm MaxSessions" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "" "Specifies the maximum number of open shell, login or subsystem (e.g. sftp) " "sessions permitted per network connection. Multiple sessions may be " "established by clients that support connection multiplexing. Setting E<.Cm " "MaxSessions> to 1 will effectively disable session multiplexing, whereas " "setting it to 0 will prevent all shell, login and subsystem sessions while " "still permitting forwarding. The default is 10." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed #, no-wrap msgid "Cm MaxStartups" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "" "Specifies the maximum number of concurrent unauthenticated connections to " "the SSH daemon. Additional connections will be dropped until authentication " "succeeds or the E<.Cm LoginGraceTime> expires for a connection. The default " "is 10:30:100." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "" "Alternatively, random early drop can be enabled by specifying the three " "colon separated values start:rate:full (e.g. \"10:30:60\"). E<.Xr sshd 8> " "will refuse connection attempts with a probability of rate/100 (30%) if " "there are currently start (10) unauthenticated connections. The probability " "increases linearly and all connection attempts are refused if the number of " "unauthenticated connections reaches full (60)." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed #, no-wrap msgid "Cm ModuliFile" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "" "Specifies the E<.Xr moduli 5> file that contains the Diffie-Hellman groups " "used for the E<.Dq diffie-hellman-group-exchange-sha1> and E<.Dq diffie-" "hellman-group-exchange-sha256> key exchange methods. The default is E<.Pa /" "etc/ssh/moduli>." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed #, no-wrap msgid "Cm PasswordAuthentication" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "" "Specifies whether password authentication is allowed. The default is E<.Cm " "yes>." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed #, no-wrap msgid "Cm PermitEmptyPasswords" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "" "When password authentication is allowed, it specifies whether the server " "allows login to accounts with empty password strings. The default is E<.Cm " "no>." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed #, no-wrap msgid "Cm PermitListen" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "" "Specifies the addresses/ports on which a remote TCP port forwarding may " "listen. The listen specification must be one of the following forms:" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "E<.Cm PermitListen> E<.Sm off> E<.Ar port> E<.Sm on>" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "E<.Cm PermitListen> E<.Sm off> E<.Ar host : port> E<.Sm on>" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "" "Multiple permissions may be specified by separating them with whitespace. " "An argument of E<.Cm any> can be used to remove all restrictions and permit " "any listen requests. An argument of E<.Cm none> can be used to prohibit all " "listen requests. The host name may contain wildcards as described in the " "PATTERNS section in E<.Xr ssh_config 5>. The wildcard E<.Sq *> can also be " "used in place of a port number to allow all ports. By default all port " "forwarding listen requests are permitted. Note that the E<.Cm GatewayPorts> " "option may further restrict which addresses may be listened on. Note also " "that E<.Xr ssh 1> will request a listen host of E<.Dq localhost> if no " "listen host was specifically requested, and this name is treated differently " "to explicit localhost addresses of E<.Dq 127.0.0.1> and E<.Dq ::1>." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed #, no-wrap msgid "Cm PermitOpen" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "" "Specifies the destinations to which TCP port forwarding is permitted. The " "forwarding specification must be one of the following forms:" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "E<.Cm PermitOpen> E<.Sm off> E<.Ar host : port> E<.Sm on>" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "E<.Cm PermitOpen> E<.Sm off> E<.Ar IPv4_addr : port> E<.Sm on>" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "" "E<.Cm PermitOpen> E<.Sm off> E<.Ar \\&[ IPv6_addr \\&] : port> E<.Sm on>" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "" "Multiple forwards may be specified by separating them with whitespace. An " "argument of E<.Cm any> can be used to remove all restrictions and permit any " "forwarding requests. An argument of E<.Cm none> can be used to prohibit all " "forwarding requests. The wildcard E<.Sq *> can be used for host or port to " "allow all hosts or ports respectively. Otherwise, no pattern matching or " "address lookups are performed on supplied names. By default all port " "forwarding requests are permitted." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed #, no-wrap msgid "Cm PermitRootLogin" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "" "Specifies whether root can log in using E<.Xr ssh 1>. The argument must be " "E<.Cm yes>, E<.Cm prohibit-password>, E<.Cm forced-commands-only>, or E<.Cm " "no>. The default is E<.Cm prohibit-password>." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "" "If this option is set to E<.Cm prohibit-password> (or its deprecated alias, " "E<.Cm without-password>), password and keyboard-interactive authentication " "are disabled for root." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "" "If this option is set to E<.Cm forced-commands-only>, root login with public " "key authentication will be allowed, but only if the E<.Ar command> option " "has been specified (which may be useful for taking remote backups even if " "root login is normally not allowed). All other authentication methods are " "disabled for root." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "If this option is set to E<.Cm no>, root is not allowed to log in." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed #, no-wrap msgid "Cm PermitTTY" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "" "Specifies whether E<.Xr pty 4> allocation is permitted. The default is E<." "Cm yes>." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed #, no-wrap msgid "Cm PermitTunnel" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "" "Specifies whether E<.Xr tun 4> device forwarding is allowed. The argument " "must be E<.Cm yes>, E<.Cm point-to-point> (layer 3), E<.Cm ethernet> (layer " "2), or E<.Cm no>. Specifying E<.Cm yes> permits both E<.Cm point-to-point> " "and E<.Cm ethernet>. The default is E<.Cm no>." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "" "Independent of this setting, the permissions of the selected E<.Xr tun 4> " "device must allow access to the user." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed #, no-wrap msgid "Cm PermitUserEnvironment" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "" "Specifies whether E<.Pa ~/.ssh/environment> and E<.Cm environment=> options " "in E<.Pa ~/.ssh/authorized_keys> are processed by E<.Xr sshd 8>. Valid " "options are E<.Cm yes>, E<.Cm no> or a pattern-list specifying which " "environment variable names to accept (for example E<.Qq LANG,LC_*>). The " "default is E<.Cm no>. Enabling environment processing may enable users to " "bypass access restrictions in some configurations using mechanisms such as " "E<.Ev LD_PRELOAD>." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed #, no-wrap msgid "Cm PermitUserRC" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "" "Specifies whether any E<.Pa ~/.ssh/rc> file is executed. The default is E<." "Cm yes>." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed #, no-wrap msgid "Cm PerSourceMaxStartups" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "" "Specifies the number of unauthenticated connections allowed from a given " "source address, or E<.Dq none> if there is no limit. This limit is applied " "in addition to E<.Cm MaxStartups>, whichever is lower. The default is E<.Cm " "none>." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed #, no-wrap msgid "Cm PerSourceNetBlockSize" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "" "Specifies the number of bits of source address that are grouped together for " "the purposes of applying PerSourceMaxStartups limits. Values for IPv4 and " "optionally IPv6 may be specified, separated by a colon. The default is E<." "Cm 32:128>, which means each address is considered individually." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed #, no-wrap msgid "Cm PidFile" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable opensuse-tumbleweed msgid "" "Specifies the file that contains the process ID of the SSH daemon, or E<.Cm " "none> to not write one. The default is E<.Pa /run/sshd.pid>." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed #, no-wrap msgid "Cm Port" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "" "Specifies the port number that E<.Xr sshd 8> listens on. The default is " "22. Multiple options of this type are permitted. See also E<.Cm " "ListenAddress>." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed #, no-wrap msgid "Cm PrintLastLog" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "" "Specifies whether E<.Xr sshd 8> should print the date and time of the last " "user login when a user logs in interactively. The default is E<.Cm yes>." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed #, no-wrap msgid "Cm PrintMotd" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "" "Specifies whether E<.Xr sshd 8> should print E<.Pa /etc/motd> when a user " "logs in interactively. (On some systems it is also printed by the shell, E<." "Pa /etc/profile>, or equivalent.) The default is E<.Cm yes>." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed #, no-wrap msgid "Cm PubkeyAcceptedAlgorithms" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable msgid "" "Specifies the signature algorithms that will be accepted for public key " "authentication as a list of comma-separated patterns. Alternately if the " "specified list begins with a E<.Sq +> character, then the specified " "algorithms will be appended to the default set instead of replacing them. " "If the specified list begins with a E<.Sq -> character, then the specified " "algorithms (including wildcards) will be removed from the default set " "instead of replacing them. If the specified list begins with a E<.Sq ^> " "character, then the specified algorithms will be placed at the head of the " "default set. The default for this option is:" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "" "The list of available signature algorithms may also be obtained using E<.Qq " "ssh -Q PubkeyAcceptedAlgorithms>." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed #, no-wrap msgid "Cm PubkeyAuthOptions" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "" "Sets one or more public key authentication options. The supported keywords " "are: E<.Cm none> (the default; indicating no additional options are " "enabled), E<.Cm touch-required> and E<.Cm verify-required>." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "" "The E<.Cm touch-required> option causes public key authentication using a " "FIDO authenticator algorithm (i.e.\\& E<.Cm ecdsa-sk> or E<.Cm ed25519-sk>) " "to always require the signature to attest that a physically present user " "explicitly confirmed the authentication (usually by touching the " "authenticator). By default, E<.Xr sshd 8> requires user presence unless " "overridden with an authorized_keys option. The E<.Cm touch-required> flag " "disables this override." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "" "The E<.Cm verify-required> option requires a FIDO key signature attest that " "the user was verified, e.g. via a PIN." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "" "Neither the E<.Cm touch-required> or E<.Cm verify-required> options have any " "effect for other, non-FIDO, public key types." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed #, no-wrap msgid "Cm PubkeyAuthentication" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "" "Specifies whether public key authentication is allowed. The default is E<." "Cm yes>." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed #, no-wrap msgid "Cm RekeyLimit" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "" "Specifies the maximum amount of data that may be transmitted or received " "before the session key is renegotiated, optionally followed by a maximum " "amount of time that may pass before the session key is renegotiated. The " "first argument is specified in bytes and may have a suffix of E<.Sq K>, E<." "Sq M>, or E<.Sq G> to indicate Kilobytes, Megabytes, or Gigabytes, " "respectively. The default is between E<.Sq 1G> and E<.Sq 4G>, depending on " "the cipher. The optional second value is specified in seconds and may use " "any of the units documented in the E<.Sx TIME FORMATS> section. The default " "value for E<.Cm RekeyLimit> is E<.Cm default none>, which means that " "rekeying is performed after the cipher's default amount of data has been " "sent or received and no time based rekeying is done." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed #, no-wrap msgid "Cm RequiredRSASize" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "" "Specifies the minimum RSA key size (in bits) that E<.Xr sshd 8> will " "accept. User and host-based authentication keys smaller than this limit " "will be refused. The default is E<.Cm 1024> bits. Note that this limit may " "only be raised from the default." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed #, no-wrap msgid "Cm RevokedKeys" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "" "Specifies revoked public keys file, or E<.Cm none> to not use one. Keys " "listed in this file will be refused for public key authentication. Note " "that if this file is not readable, then public key authentication will be " "refused for all users. Keys may be specified as a text file, listing one " "public key per line, or as an OpenSSH Key Revocation List (KRL) as generated " "by E<.Xr ssh-keygen 1>. For more information on KRLs, see the KEY " "REVOCATION LISTS section in E<.Xr ssh-keygen 1>." msgstr "" #. type: It #: archlinux fedora-40 fedora-rawhide mageia-cauldron opensuse-tumbleweed #, no-wrap msgid "Cm RDomain" msgstr "" #. type: Plain text #: archlinux fedora-40 fedora-rawhide mageia-cauldron opensuse-tumbleweed msgid "" "Specifies an explicit routing domain that is applied after authentication " "has completed. The user session, as well as any forwarded or listening IP " "sockets, will be bound to this E<.Xr rdomain 4>. If the routing domain is " "set to E<.Cm \\&%D>, then the domain in which the incoming connection was " "received will be applied." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed #, no-wrap msgid "Cm SecurityKeyProvider" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "" "Specifies a path to a library that will be used when loading FIDO " "authenticator-hosted keys, overriding the default of using the built-in USB " "HID support." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed #, no-wrap msgid "Cm SetEnv" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "" "Specifies one or more environment variables to set in child sessions started " "by E<.Xr sshd 8> as E<.Dq NAME=VALUE>. The environment value may be quoted " "(e.g. if it contains whitespace characters). Environment variables set by " "E<.Cm SetEnv> override the default environment and any variables specified " "by the user via E<.Cm AcceptEnv> or E<.Cm PermitUserEnvironment>." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed #, no-wrap msgid "Cm StreamLocalBindMask" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "" "Sets the octal file creation mode mask E<.Pq umask> used when creating a " "Unix-domain socket file for local or remote port forwarding. This option is " "only used for port forwarding to a Unix-domain socket file." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "" "The default value is 0177, which creates a Unix-domain socket file that is " "readable and writable only by the owner. Note that not all operating " "systems honor the file mode on Unix-domain socket files." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed #, no-wrap msgid "Cm StreamLocalBindUnlink" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "" "Specifies whether to remove an existing Unix-domain socket file for local or " "remote port forwarding before creating a new one. If the socket file " "already exists and E<.Cm StreamLocalBindUnlink> is not enabled, E<.Nm sshd> " "will be unable to forward the port to the Unix-domain socket file. This " "option is only used for port forwarding to a Unix-domain socket file." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "" "The argument must be E<.Cm yes> or E<.Cm no>. The default is E<.Cm no>." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed #, no-wrap msgid "Cm StrictModes" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "" "Specifies whether E<.Xr sshd 8> should check file modes and ownership of the " "user's files and home directory before accepting login. This is normally " "desirable because novices sometimes accidentally leave their directory or " "files world-writable. The default is E<.Cm yes>. Note that this does not " "apply to E<.Cm ChrootDirectory>, whose permissions and ownership are checked " "unconditionally." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed #, no-wrap msgid "Cm Subsystem" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "" "Configures an external subsystem (e.g. file transfer daemon). Arguments " "should be a subsystem name and a command (with optional arguments) to " "execute upon subsystem request." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "" "The command E<.Cm sftp-server> implements the SFTP file transfer subsystem." msgstr "" #. type: Plain text #: archlinux debian-unstable msgid "" "Alternately the name E<.Cm internal-sftp> implements an in-process SFTP " "server. This may simplify configurations using E<.Cm ChrootDirectory> to " "force a different filesystem root on clients. It accepts the same command " "line arguments as E<.Cm sftp-server> and even though it is in-process, " "settings such as E<.Cm LogLevel> or E<.Cm SyslogFacility> do not apply to it " "and must be set explicitly via command line arguments." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "By default no subsystems are defined." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed #, no-wrap msgid "Cm SyslogFacility" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable opensuse-tumbleweed msgid "" "Gives the facility code that is used when logging messages from E<.Xr sshd " "8>. The possible values are: DAEMON, USER, AUTH, LOCAL0, LOCAL1, LOCAL2, " "LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7. The default is AUTH." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed #, no-wrap msgid "Cm TCPKeepAlive" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "" "Specifies whether the system should send TCP keepalive messages to the other " "side. If they are sent, death of the connection or crash of one of the " "machines will be properly noticed. However, this means that connections " "will die if the route is down temporarily, and some people find it " "annoying. On the other hand, if TCP keepalives are not sent, sessions may " "hang indefinitely on the server, leaving E<.Qq ghost> users and consuming " "server resources." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "" "The default is E<.Cm yes> (to send TCP keepalive messages), and the server " "will notice if the network goes down or the client host crashes. This " "avoids infinitely hanging sessions." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "" "To disable TCP keepalive messages, the value should be set to E<.Cm no>." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed #, no-wrap msgid "Cm TrustedUserCAKeys" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "" "Specifies a file containing public keys of certificate authorities that are " "trusted to sign user certificates for authentication, or E<.Cm none> to not " "use one. Keys are listed one per line; empty lines and comments starting " "with E<.Ql #> are allowed. If a certificate is presented for authentication " "and has its signing CA key listed in this file, then it may be used for " "authentication for any user listed in the certificate's principals list. " "Note that certificates that lack a list of principals will not be permitted " "for authentication using E<.Cm TrustedUserCAKeys>. For more details on " "certificates, see the CERTIFICATES section in E<.Xr ssh-keygen 1>." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed #, no-wrap msgid "Cm UnusedConnectionTimeout" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "" "Specifies whether and how quickly E<.Xr sshd 8> should close client " "connections with no open channels. Open channels include active shell, " "command execution or subsystem sessions, connected network, socket, agent or " "X11 forwardings. Forwarding listeners, such as those from the E<.Xr ssh 1> " "E<.Fl R> flag, are not considered as open channels and do not prevent the " "timeout. The timeout value is specified in seconds or may use any of the " "units documented in the E<.Sx TIME FORMATS> section." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "" "Note that this timeout starts when the client connection completes user " "authentication but before the client has an opportunity to open any " "channels. Caution should be used when using short timeout values, as they " "may not provide sufficient time for the client to request and open its " "channels before terminating the connection." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "" "The default E<.Cm none> is to never expire connections for having no open " "channels. This option may be useful in conjunction with E<.Cm " "ChannelTimeout>." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed #, no-wrap msgid "Cm UseDNS" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "" "Specifies whether E<.Xr sshd 8> should look up the remote host name, and to " "check that the resolved host name for the remote IP address maps back to the " "very same IP address." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "" "If this option is set to E<.Cm no> (the default) then only addresses and not " "host names may be used in E<.Pa ~/.ssh/authorized_keys> E<.Cm from> and E<." "Nm> E<.Cm Match> E<.Cm Host> directives." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed #, no-wrap msgid "Cm UsePAM" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "" "Enables the Pluggable Authentication Module interface. If set to E<.Cm yes> " "this will enable PAM authentication using E<.Cm " "KbdInteractiveAuthentication> and E<.Cm PasswordAuthentication> in addition " "to PAM account and session module processing for all authentication types." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "" "Because PAM keyboard-interactive authentication usually serves an equivalent " "role to password authentication, you should disable either E<.Cm " "PasswordAuthentication> or E<.Cm KbdInteractiveAuthentication>." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "" "If E<.Cm UsePAM> is enabled, you will not be able to run E<.Xr sshd 8> as a " "non-root user. The default is E<.Cm no>." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed #, no-wrap msgid "Cm VersionAddendum" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "" "Optionally specifies additional text to append to the SSH protocol banner " "sent by the server upon connection. The default is E<.Cm none>." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed #, no-wrap msgid "Cm X11DisplayOffset" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "" "Specifies the first display number available for E<.Xr sshd 8 Ns 's> X11 " "forwarding. This prevents sshd from interfering with real X11 servers. The " "default is 10." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed #, no-wrap msgid "Cm X11Forwarding" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "" "Specifies whether X11 forwarding is permitted. The argument must be E<.Cm " "yes> or E<.Cm no>. The default is E<.Cm no>." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "" "When X11 forwarding is enabled, there may be additional exposure to the " "server and to client displays if the E<.Xr sshd 8> proxy display is " "configured to listen on the wildcard address (see E<.Cm X11UseLocalhost>), " "though this is not the default. Additionally, the authentication spoofing " "and authentication data verification and substitution occur on the client " "side. The security risk of using X11 forwarding is that the client's X11 " "display server may be exposed to attack when the SSH client requests " "forwarding (see the warnings for E<.Cm ForwardX11> in E<.Xr ssh_config 5>). " "A system administrator may have a stance in which they want to protect " "clients that may expose themselves to attack by unwittingly requesting X11 " "forwarding, which can warrant a E<.Cm no> setting." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "" "Note that disabling X11 forwarding does not prevent users from forwarding " "X11 traffic, as users can always install their own forwarders." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed #, no-wrap msgid "Cm X11UseLocalhost" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "" "Specifies whether E<.Xr sshd 8> should bind the X11 forwarding server to the " "loopback address or to the wildcard address. By default, sshd binds the " "forwarding server to the loopback address and sets the hostname part of the " "E<.Ev DISPLAY> environment variable to E<.Cm localhost>. This prevents " "remote hosts from connecting to the proxy display. However, some older X11 " "clients may not function with this configuration. E<.Cm X11UseLocalhost> " "may be set to E<.Cm no> to specify that the forwarding server should be " "bound to the wildcard address. The argument must be E<.Cm yes> or E<.Cm " "no>. The default is E<.Cm yes>." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed #, no-wrap msgid "Cm XAuthLocation" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "" "Specifies the full pathname of the E<.Xr xauth 1> program, or E<.Cm none> to " "not use one. The default is E<.Pa /usr/bin/xauth>." msgstr "" #. type: Sh #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed #, no-wrap msgid "TIME FORMATS" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "" "E<.Xr sshd 8> command-line arguments and configuration file options that " "specify time may be expressed using a sequence of the form: E<.Sm off> E<.Ar " "time Op Ar qualifier>, E<.Sm on> where E<.Ar time> is a positive integer " "value and E<.Ar qualifier> is one of the following:" msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed #, no-wrap msgid "Aq Cm none" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "seconds" msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed #, no-wrap msgid "Cm s | Cm S" msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed #, no-wrap msgid "Cm m | Cm M" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "minutes" msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed #, no-wrap msgid "Cm h | Cm H" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "hours" msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed #, no-wrap msgid "Cm d | Cm D" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "days" msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed #, no-wrap msgid "Cm w | Cm W" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "weeks" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "" "Each member of the sequence is added together to calculate the total time " "value." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "Time format examples:" msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed #, no-wrap msgid "600" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "600 seconds (10 minutes)" msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed #, no-wrap msgid "10m" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "10 minutes" msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed #, no-wrap msgid "1h30m" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "1 hour 30 minutes (90 minutes)" msgstr "" #. type: Sh #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed #, no-wrap msgid "TOKENS" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "" "Arguments to some keywords can make use of tokens, which are expanded at " "runtime:" msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed #, no-wrap msgid "%%" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "A literal E<.Sq %>." msgstr "" #. type: It #: archlinux debian-unstable fedora-40 fedora-rawhide opensuse-tumbleweed #, no-wrap msgid "\\&%C" msgstr "" #. type: Plain text #: archlinux debian-unstable fedora-40 fedora-rawhide opensuse-tumbleweed msgid "" "Identifies the connection endpoints, containing four space-separated values: " "client address, client port number, server address, and server port number." msgstr "" #. type: It #: archlinux fedora-40 fedora-rawhide mageia-cauldron opensuse-tumbleweed #, no-wrap msgid "\\&%D" msgstr "" #. type: Plain text #: archlinux fedora-40 fedora-rawhide mageia-cauldron opensuse-tumbleweed msgid "The routing domain in which the incoming connection was received." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed #, no-wrap msgid "%F" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "The fingerprint of the CA key." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed #, no-wrap msgid "%f" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "The fingerprint of the key or certificate." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed #, no-wrap msgid "%h" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "The home directory of the user." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed #, no-wrap msgid "%i" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "The key ID in the certificate." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed #, no-wrap msgid "%K" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "The base64-encoded CA key." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed #, no-wrap msgid "%k" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "The base64-encoded key or certificate for authentication." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed #, no-wrap msgid "%s" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "The serial number of the certificate." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed #, no-wrap msgid "\\&%T" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "The type of the CA key." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed #, no-wrap msgid "%t" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "The key or certificate type." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed #, no-wrap msgid "\\&%U" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "The numeric user ID of the target user." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed #, no-wrap msgid "%u" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "The username." msgstr "" #. type: Plain text #: archlinux debian-unstable fedora-40 fedora-rawhide opensuse-tumbleweed msgid "" "E<.Cm AuthorizedKeysCommand> accepts the tokens %%, %C, %D, %f, %h, %k, %t, " "%U, and %u." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "E<.Cm AuthorizedKeysFile> accepts the tokens %%, %h, %U, and %u." msgstr "" #. type: Plain text #: archlinux debian-unstable fedora-40 fedora-rawhide opensuse-tumbleweed msgid "" "E<.Cm AuthorizedPrincipalsCommand> accepts the tokens %%, %C, %D, %F, %f, " "%h, %i, %K, %k, %s, %T, %t, %U, and %u." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "E<.Cm AuthorizedPrincipalsFile> accepts the tokens %%, %h, %U, and %u." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "E<.Cm ChrootDirectory> accepts the tokens %%, %h, %U, and %u." msgstr "" #. type: Plain text #: archlinux fedora-40 fedora-rawhide mageia-cauldron opensuse-tumbleweed msgid "E<.Cm RoutingDomain> accepts the token %D." msgstr "" #. type: Sh #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed #, no-wrap msgid "FILES" msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed #, no-wrap msgid "Pa /etc/ssh/sshd_config" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "" "Contains configuration data for E<.Xr sshd 8>. This file should be writable " "by root only, but it is recommended (though not necessary) that it be world-" "readable." msgstr "" #. type: Sh #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed #, no-wrap msgid "SEE ALSO" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable mageia-cauldron msgid "E<.Xr sftp-server 8>, E<.Xr sshd 8>" msgstr "" #. type: Sh #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed #, no-wrap msgid "AUTHORS" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "" "E<.An -nosplit> OpenSSH is a derivative of the original and free ssh 1.2.12 " "release by E<.An Tatu Ylonen>. E<.An Aaron Campbell , Bob Beck , Markus " "Friedl , Niels Provos>, E<.An Theo de Raadt> and E<.An Dug Song> removed " "many bugs, re-added newer features and created OpenSSH. E<.An Markus " "Friedl> contributed the support for SSH protocol versions 1.5 and 2.0. E<." "An Niels Provos> and E<.An Markus Friedl> contributed support for privilege " "separation." msgstr "" #. type: Dd #: debian-bookworm #, no-wrap msgid "$Mdocdate: January 18 2023 $" msgstr "" #. type: Plain text #: debian-bookworm msgid "" "E<.Xr sshd 8> reads configuration data from E<.Pa /etc/ssh/sshd_config> (or " "the file specified with E<.Fl f> on the command line). The file contains " "keyword-argument pairs, one per line. For each keyword, the first obtained " "value will be used. Lines starting with E<.Ql #> and empty lines are " "interpreted as comments. Arguments may optionally be enclosed in double " "quotes E<.Pq \\&\"> in order to represent arguments containing spaces." msgstr "" #. type: Plain text #: debian-bookworm debian-unstable msgid "" "Note that the Debian E<.Ic openssh-server> package sets several options as " "standard in E<.Pa /etc/ssh/sshd_config> which are not the default in E<.Xr " "sshd 8>:" msgstr "" #. type: Plain text #: debian-bookworm debian-unstable msgid "E<.Cm Include /etc/ssh/sshd_config.d/*.conf>" msgstr "" #. type: Plain text #: debian-bookworm debian-unstable msgid "E<.Cm KbdInteractiveAuthentication No no>" msgstr "" #. type: Plain text #: debian-bookworm debian-unstable msgid "E<.Cm X11Forwarding No yes>" msgstr "" #. type: Plain text #: debian-bookworm debian-unstable msgid "E<.Cm PrintMotd No no>" msgstr "" #. type: Plain text #: debian-bookworm debian-unstable msgid "E<.Cm AcceptEnv No LANG LC_*>" msgstr "" #. type: Plain text #: debian-bookworm debian-unstable msgid "E<.Cm Subsystem No sftp /usr/lib/openssh/sftp-server>" msgstr "" #. type: Plain text #: debian-bookworm debian-unstable msgid "E<.Cm UsePAM No yes>" msgstr "" #. type: Plain text #: debian-bookworm debian-unstable msgid "" "E<.Pa /etc/ssh/sshd_config.d/*.conf> files are included at the start of the " "configuration file, so options set there will override those in E<.Pa /etc/" "ssh/sshd_config.>" msgstr "" #. type: Plain text #: debian-bookworm msgid "See PATTERNS in E<.Xr ssh_config 5> for more information on patterns." msgstr "" #. type: Plain text #: debian-bookworm fedora-40 fedora-rawhide mageia-cauldron opensuse-tumbleweed msgid "" "Specifies whether and how quickly E<.Xr sshd 8> should close inactive " "channels. Timeouts are specified as one or more E<.Dq type=interval> pairs " "separated by whitespace, where the E<.Dq type> must be a channel type name " "(as described in the table below), optionally containing wildcard characters." msgstr "" #. type: Plain text #: debian-bookworm fedora-40 fedora-rawhide mageia-cauldron opensuse-tumbleweed msgid "" "The timeout value E<.Dq interval> is specified in seconds or may use any of " "the units documented in the E<.Sx TIME FORMATS> section. For example, E<.Dq " "session:*=5m> would cause all sessions to terminate after five minutes of " "inactivity. Specifying a zero value disables the inactivity timeout." msgstr "" #. type: Plain text #: debian-bookworm fedora-40 fedora-rawhide mageia-cauldron opensuse-tumbleweed msgid "The available channel types include:" msgstr "" #. type: It #: debian-bookworm fedora-40 fedora-rawhide mageia-cauldron opensuse-tumbleweed #, no-wrap msgid "Cm session:command" msgstr "" #. type: Plain text #: debian-bookworm fedora-40 fedora-rawhide mageia-cauldron opensuse-tumbleweed msgid "Command execution sessions." msgstr "" #. type: It #: debian-bookworm fedora-40 fedora-rawhide mageia-cauldron opensuse-tumbleweed #, no-wrap msgid "Cm session:shell" msgstr "" #. type: Plain text #: debian-bookworm fedora-40 fedora-rawhide mageia-cauldron opensuse-tumbleweed msgid "Interactive shell sessions." msgstr "" #. type: It #: debian-bookworm fedora-40 fedora-rawhide mageia-cauldron opensuse-tumbleweed #, no-wrap msgid "Cm session:subsystem:..." msgstr "" #. type: Plain text #: debian-bookworm fedora-40 fedora-rawhide mageia-cauldron opensuse-tumbleweed msgid "" "Subsystem sessions, e.g. for E<.Xr sftp 1>, which could be identified as E<." "Cm session:subsystem:sftp>." msgstr "" #. type: Plain text #: debian-bookworm fedora-40 fedora-rawhide mageia-cauldron opensuse-tumbleweed msgid "" "Moreover, terminating an inactive channel or session does not necessarily " "close the SSH connection, nor does it prevent a client from requesting " "another channel of the same type. In particular, expiring an inactive " "forwarding session does not prevent another identical forwarding from being " "subsequently created. See also E<.Cm UnusedConnectionTimeout>, which may be " "used in conjunction with this option." msgstr "" #. type: Plain text #: debian-bookworm fedora-40 fedora-rawhide mageia-cauldron opensuse-tumbleweed msgid "" "Specifies the pathname of a directory to E<.Xr chroot 2> to after " "authentication. At session startup E<.Xr sshd 8> checks that all components " "of the pathname are root-owned directories which are not writable by any " "other user or group. After the chroot, E<.Xr sshd 8> changes the working " "directory to the user's home directory. Arguments to E<.Cm ChrootDirectory> " "accept the tokens described in the E<.Sx TOKENS> section." msgstr "" #. type: It #: debian-bookworm debian-unstable #, no-wrap msgid "Cm DebianBanner" msgstr "" #. type: Plain text #: debian-bookworm debian-unstable msgid "" "Specifies whether the distribution-specified extra version suffix is " "included during initial protocol handshake. The default is E<.Cm yes>." msgstr "" #. type: It #: debian-bookworm debian-unstable fedora-40 fedora-rawhide mageia-cauldron #: opensuse-tumbleweed #, no-wrap msgid "Cm GSSAPIKeyExchange" msgstr "" #. type: Plain text #: debian-bookworm debian-unstable fedora-40 fedora-rawhide mageia-cauldron #: opensuse-tumbleweed msgid "" "Specifies whether key exchange based on GSSAPI is allowed. GSSAPI key " "exchange doesn't rely on ssh keys to verify host identity. The default is " "E<.Cm no>." msgstr "" #. type: It #: debian-bookworm debian-unstable fedora-40 fedora-rawhide mageia-cauldron #: opensuse-tumbleweed #, no-wrap msgid "Cm GSSAPIStoreCredentialsOnRekey" msgstr "" #. type: Plain text #: debian-bookworm debian-unstable fedora-40 fedora-rawhide mageia-cauldron #: opensuse-tumbleweed msgid "" "Controls whether the user's GSSAPI credentials should be updated following a " "successful connection rekeying. This option can be used to accepted renewed " "or updated credentials from a compatible client. The default is E<.Dq no>." msgstr "" #. type: Plain text #: debian-bookworm debian-unstable fedora-40 fedora-rawhide mageia-cauldron #: opensuse-tumbleweed msgid "" "For this to work E<.Cm GSSAPIKeyExchange> needs to be enabled in the server " "and also used by the client." msgstr "" #. type: It #: debian-bookworm debian-unstable fedora-40 fedora-rawhide mageia-cauldron #: opensuse-tumbleweed #, no-wrap msgid "Cm GSSAPIKexAlgorithms" msgstr "" #. type: Plain text #: debian-bookworm debian-unstable fedora-40 fedora-rawhide mageia-cauldron #: opensuse-tumbleweed msgid "" "The list of key exchange algorithms that are accepted by GSSAPI key " "exchange. Possible values are" msgstr "" #. type: Plain text #: debian-bookworm debian-unstable #, no-wrap msgid "" "gss-gex-sha1-,\n" "gss-group1-sha1-,\n" "gss-group14-sha1-,\n" "gss-group14-sha256-,\n" "gss-group16-sha512-,\n" "gss-nistp256-sha256-,\n" "gss-curve25519-sha256-\n" msgstr "" #. type: Plain text #: debian-bookworm debian-unstable msgid "" "The default is E<.Dq gss-group14-sha256-,gss-group16-sha512-,gss-nistp256-" "sha256-,gss-curve25519-sha256-,gss-gex-sha1-,gss-group14-sha1->. This " "option only applies to connections using GSSAPI." msgstr "" #. type: Plain text #: debian-bookworm debian-unstable opensuse-tumbleweed msgid "" "Specifies the IPv4 type-of-service or DSCP class for the connection. " "Accepted values are E<.Cm af11>, E<.Cm af12>, E<.Cm af13>, E<.Cm af21>, E<." "Cm af22>, E<.Cm af23>, E<.Cm af31>, E<.Cm af32>, E<.Cm af33>, E<.Cm af41>, " "E<.Cm af42>, E<.Cm af43>, E<.Cm cs0>, E<.Cm cs1>, E<.Cm cs2>, E<.Cm cs3>, E<." "Cm cs4>, E<.Cm cs5>, E<.Cm cs6>, E<.Cm cs7>, E<.Cm ef>, E<.Cm le>, E<.Cm " "lowdelay>, E<.Cm throughput>, E<.Cm reliability>, a numeric value, or E<.Cm " "none> to use the operating system default. This option may take one or two " "arguments, separated by whitespace. If one argument is specified, it is " "used as the packet class unconditionally. If two values are specified, the " "first is automatically selected for interactive sessions and the second for " "non-interactive sessions. The default is E<.Cm lowdelay> for interactive " "sessions and E<.Cm throughput> for non-interactive sessions." msgstr "" #. type: Plain text #: debian-bookworm debian-unstable msgid "" "Specifies whether to allow keyboard-interactive authentication. The default " "is E<.Cm yes>. The argument to this keyword must be E<.Cm yes> or E<.Cm " "no>. E<.Cm ChallengeResponseAuthentication> is a deprecated alias for this." msgstr "" #. type: Plain text #: debian-bookworm debian-unstable msgid "E<.Cm ListenAddress> E<.Sm off> E<.Ar hostname | address> E<.Sm on>" msgstr "" #. type: Plain text #: debian-bookworm debian-unstable msgid "E<.Cm ListenAddress> E<.Sm off> E<.Ar hostname : port> E<.Sm on>" msgstr "" #. type: Plain text #: debian-bookworm debian-unstable msgid "E<.Cm ListenAddress> E<.Sm off> E<.Ar IPv4_address : port> E<.Sm on>" msgstr "" #. type: Plain text #: debian-bookworm debian-unstable msgid "" "E<.Cm ListenAddress> E<.Sm off> E<.Oo Ar hostname | address Oc : Ar port> E<." "Sm on>" msgstr "" #. type: Plain text #: debian-bookworm debian-unstable msgid "" "If E<.Ar port> is not specified, sshd will listen on the address and all E<." "Cm Port> options specified. The default is to listen on all local " "addresses. Multiple E<.Cm ListenAddress> options are permitted." msgstr "" #. type: Plain text #: debian-bookworm fedora-40 fedora-rawhide mageia-cauldron opensuse-tumbleweed msgid "" "Specify one or more overrides to LogLevel. An override consists of a " "pattern lists that matches the source file, function and line number to " "force detailed logging for. For example, an override pattern of:" msgstr "" #. type: Plain text #: debian-bookworm debian-unstable msgid "" "The arguments to E<.Cm Match> are one or more criteria-pattern pairs or the " "single token E<.Cm All> which matches all criteria. The available criteria " "are E<.Cm User>, E<.Cm Group>, E<.Cm Host>, E<.Cm LocalAddress>, E<.Cm " "LocalPort>, and E<.Cm Address>." msgstr "" #. type: Plain text #: debian-bookworm debian-unstable msgid "" "Only a subset of keywords may be used on the lines following a E<.Cm Match> " "keyword. Available keywords are E<.Cm AcceptEnv>, E<.Cm " "AllowAgentForwarding>, E<.Cm AllowGroups>, E<.Cm " "AllowStreamLocalForwarding>, E<.Cm AllowTcpForwarding>, E<.Cm AllowUsers>, " "E<.Cm AuthenticationMethods>, E<.Cm AuthorizedKeysCommand>, E<.Cm " "AuthorizedKeysCommandUser>, E<.Cm AuthorizedKeysFile>, E<.Cm " "AuthorizedPrincipalsCommand>, E<.Cm AuthorizedPrincipalsCommandUser>, E<.Cm " "AuthorizedPrincipalsFile>, E<.Cm Banner>, E<.Cm CASignatureAlgorithms>, E<." "Cm ChannelTimeout>, E<.Cm ChrootDirectory>, E<.Cm ClientAliveCountMax>, E<." "Cm ClientAliveInterval>, E<.Cm DenyGroups>, E<.Cm DenyUsers>, E<.Cm " "DisableForwarding>, E<.Cm ExposeAuthInfo>, E<.Cm ForceCommand>, E<.Cm " "GatewayPorts>, E<.Cm GSSAPIAuthentication>, E<.Cm " "HostbasedAcceptedAlgorithms>, E<.Cm HostbasedAuthentication>, E<.Cm " "HostbasedUsesNameFromPacketOnly>, E<.Cm IgnoreRhosts>, E<.Cm Include>, E<.Cm " "IPQoS>, E<.Cm KbdInteractiveAuthentication>, E<.Cm KerberosAuthentication>, " "E<.Cm LogLevel>, E<.Cm MaxAuthTries>, E<.Cm MaxSessions>, E<.Cm " "PasswordAuthentication>, E<.Cm PermitEmptyPasswords>, E<.Cm PermitListen>, " "E<.Cm PermitOpen>, E<.Cm PermitRootLogin>, E<.Cm PermitTTY>, E<.Cm " "PermitTunnel>, E<.Cm PermitUserRC>, E<.Cm PubkeyAcceptedAlgorithms>, E<.Cm " "PubkeyAuthentication>, E<.Cm PubkeyAuthOptions>, E<.Cm RekeyLimit>, E<.Cm " "RevokedKeys>, E<.Cm SetEnv>, E<.Cm StreamLocalBindMask>, E<.Cm " "StreamLocalBindUnlink>, E<.Cm TrustedUserCAKeys>, E<.Cm " "UnusedConnectionTimeout>, E<.Cm X11DisplayOffset>, E<.Cm X11Forwarding> and " "E<.Cm X11UseLocalhost>." msgstr "" #. type: Plain text #: debian-bookworm fedora-40 fedora-rawhide mageia-cauldron opensuse-tumbleweed msgid "" "Alternately the name E<.Cm internal-sftp> implements an in-process SFTP " "server. This may simplify configurations using E<.Cm ChrootDirectory> to " "force a different filesystem root on clients." msgstr "" #. type: Plain text #: debian-bookworm debian-unstable msgid "This option was formerly called E<.Cm KeepAlive>." msgstr "" #. type: Plain text #: debian-bookworm mageia-cauldron msgid "" "E<.Cm AuthorizedKeysCommand> accepts the tokens %%, %f, %h, %k, %t, %U, and " "%u." msgstr "" #. type: Plain text #: debian-bookworm mageia-cauldron msgid "" "E<.Cm AuthorizedPrincipalsCommand> accepts the tokens %%, %F, %f, %h, %i, " "%K, %k, %s, %T, %t, %U, and %u." msgstr "" #. type: Dd #: fedora-40 fedora-rawhide opensuse-tumbleweed #, no-wrap msgid "$Mdocdate: July 28 2023 $" msgstr "" #. type: Plain text #: fedora-40 fedora-rawhide mageia-cauldron opensuse-tumbleweed msgid "" "The default is handled system-wide by E<.Xr crypto-policies 7>. Information " "about defaults, how to modify the defaults and how to customize existing " "policies with sub-policies are present in manual page E<.Xr update-crypto-" "policies 8>." msgstr "" #. type: Plain text #: fedora-40 fedora-rawhide mageia-cauldron opensuse-tumbleweed msgid "" "Specifies which algorithms are allowed for signing of certificates by " "certificate authorities (CAs). If the specified list begins with a E<.Sq +> " "character, then the specified algorithms will be appended to the default set " "instead of replacing them. If the specified list begins with a E<.Sq -> " "character, then the specified algorithms (including wildcards) will be " "removed from the default set instead of replacing them." msgstr "" #. type: Plain text #: fedora-40 fedora-rawhide mageia-cauldron opensuse-tumbleweed msgid "" "Specifies the ciphers allowed. Multiple ciphers must be comma-separated. " "If the specified list begins with a E<.Sq +> character, then the specified " "ciphers will be appended to the built-in openssh default set instead of " "replacing them. If the specified list begins with a E<.Sq -> character, " "then the specified ciphers (including wildcards) will be removed from the " "built-in openssh default set instead of replacing them. If the specified " "list begins with a E<.Sq ^> character, then the specified ciphers will be " "placed at the head of the built-in openssh default set." msgstr "" #. type: It #: fedora-40 fedora-rawhide mageia-cauldron #, no-wrap msgid "Cm GSSAPIEnablek5users" msgstr "" #. type: Plain text #: fedora-40 fedora-rawhide mageia-cauldron msgid "" "Specifies whether to look at .k5users file for GSSAPI authentication access " "control. Further details are described in E<.Xr ksu 1>. The default is E<." "Cm no>." msgstr "" #. type: Plain text #: fedora-40 fedora-rawhide mageia-cauldron opensuse-tumbleweed #, no-wrap msgid "" "gss-gex-sha1-\n" "gss-group1-sha1-\n" "gss-group14-sha1-\n" "gss-group14-sha256-\n" "gss-group16-sha512-\n" "gss-nistp256-sha256-\n" "gss-curve25519-sha256-\n" msgstr "" #. type: Plain text #: fedora-40 fedora-rawhide mageia-cauldron msgid "This option only applies to connections using GSSAPI." msgstr "" #. type: Plain text #: fedora-40 fedora-rawhide msgid "" "Specifies the signature algorithms that will be accepted for hostbased " "authentication as a list of comma-separated patterns. Alternately if the " "specified list begins with a E<.Sq +> character, then the specified " "signature algorithms will be appended to the built-in openssh default set " "instead of replacing them. If the specified list begins with a E<.Sq -> " "character, then the specified signature algorithms (including wildcards) " "will be removed from the built-in openssh default set instead of replacing " "them. If the specified list begins with a E<.Sq ^> character, then the " "specified signature algorithms will be placed at the head of the built-in " "openssh default set." msgstr "" #. type: Plain text #: fedora-40 fedora-rawhide mageia-cauldron opensuse-tumbleweed msgid "" "Specifies the host key signature algorithms that the server offers. The " "default for this option is: The list of available signature algorithms may " "also be obtained using E<.Qq ssh -Q HostKeyAlgorithms>." msgstr "" #. type: It #: fedora-40 fedora-rawhide mageia-cauldron #, no-wrap msgid "Cm KerberosUniqueCCache" msgstr "" #. type: Plain text #: fedora-40 fedora-rawhide mageia-cauldron msgid "" "Specifies whether to store the acquired tickets in the per-session " "credential cache under /tmp/ or whether to use per-user credential cache as " "configured in E<.Pa /etc/krb5.conf>. The default value E<.Cm no> can lead " "to overwriting previous tickets by subseqent connections to the same user " "account." msgstr "" #. type: It #: fedora-40 fedora-rawhide mageia-cauldron #, no-wrap msgid "Cm KerberosUseKuserok" msgstr "" #. type: Plain text #: fedora-40 fedora-rawhide mageia-cauldron msgid "" "Specifies whether to look at .k5login file for user's aliases. The default " "is E<.Cm yes>." msgstr "" #. type: Plain text #: fedora-40 fedora-rawhide mageia-cauldron opensuse-tumbleweed msgid "" "Specifies the available KEX (Key Exchange) algorithms. Multiple algorithms " "must be comma-separated. Alternately if the specified list begins with a E<." "Sq +> character, then the specified methods will be appended to the built-in " "openssh default set instead of replacing them. If the specified list begins " "with a E<.Sq -> character, then the specified algorithms (including " "wildcards) will be removed from the built-in openssh default set instead of " "replacing them. If the specified list begins with a E<.Sq ^> character, " "then the specified algorithms will be placed at the head of the built-in " "openssh default set. The supported algorithms are:" msgstr "" #. type: Plain text #: fedora-40 fedora-rawhide mageia-cauldron opensuse-tumbleweed msgid "" "Specifies the available MAC (message authentication code) algorithms. The " "MAC algorithm is used for data integrity protection. Multiple algorithms " "must be comma-separated. If the specified list begins with a E<.Sq +> " "character, then the specified algorithms will be appended to the built-in " "openssh default set instead of replacing them. If the specified list begins " "with a E<.Sq -> character, then the specified algorithms (including " "wildcards) will be removed from the built-in openssh default set instead of " "replacing them. If the specified list begins with a E<.Sq ^> character, " "then the specified algorithms will be placed at the head of the built-in " "openssh default set." msgstr "" #. type: Plain text #: fedora-40 fedora-rawhide mageia-cauldron msgid "" "Only a subset of keywords may be used on the lines following a E<.Cm Match> " "keyword. Available keywords are E<.Cm AcceptEnv>, E<.Cm " "AllowAgentForwarding>, E<.Cm AllowGroups>, E<.Cm " "AllowStreamLocalForwarding>, E<.Cm AllowTcpForwarding>, E<.Cm AllowUsers>, " "E<.Cm AuthenticationMethods>, E<.Cm AuthorizedKeysCommand>, E<.Cm " "AuthorizedKeysCommandUser>, E<.Cm AuthorizedKeysFile>, E<.Cm " "AuthorizedPrincipalsCommand>, E<.Cm AuthorizedPrincipalsCommandUser>, E<.Cm " "AuthorizedPrincipalsFile>, E<.Cm Banner>, E<.Cm CASignatureAlgorithms>, E<." "Cm ChannelTimeout>, E<.Cm ChrootDirectory>, E<.Cm ClientAliveCountMax>, E<." "Cm ClientAliveInterval>, E<.Cm DenyGroups>, E<.Cm DenyUsers>, E<.Cm " "DisableForwarding>, E<.Cm ExposeAuthInfo>, E<.Cm ForceCommand>, E<.Cm " "GatewayPorts>, E<.Cm GSSAPIAuthentication>, E<.Cm " "HostbasedAcceptedAlgorithms>, E<.Cm HostbasedAuthentication>, E<.Cm " "HostbasedUsesNameFromPacketOnly>, E<.Cm IgnoreRhosts>, E<.Cm Include>, E<.Cm " "IPQoS>, E<.Cm KbdInteractiveAuthentication>, E<.Cm KerberosAuthentication>, " "E<.Cm KerberosUseKuserok>, E<.Cm LogLevel>, E<.Cm MaxAuthTries>, E<.Cm " "MaxSessions>, E<.Cm PasswordAuthentication>, E<.Cm PermitEmptyPasswords>, E<." "Cm PermitListen>, E<.Cm PermitOpen>, E<.Cm PermitRootLogin>, E<.Cm " "PermitTTY>, E<.Cm PermitTunnel>, E<.Cm PermitUserRC>, E<.Cm " "PubkeyAcceptedAlgorithms>, E<.Cm PubkeyAuthentication>, E<.Cm " "PubkeyAuthOptions>, E<.Cm RekeyLimit>, E<.Cm RevokedKeys>, E<.Cm RDomain>, " "E<.Cm SetEnv>, E<.Cm StreamLocalBindMask>, E<.Cm StreamLocalBindUnlink>, E<." "Cm TrustedUserCAKeys>, E<.Cm UnusedConnectionTimeout>, E<.Cm " "X11DisplayOffset>, E<.Cm X11MaxDisplays>, E<.Cm X11Forwarding> and E<.Cm " "X11UseLocalhost>." msgstr "" #. type: Plain text #: fedora-40 fedora-rawhide mageia-cauldron msgid "" "Specifies the file that contains the process ID of the SSH daemon, or E<.Cm " "none> to not write one. The default is E<.Pa /var/run/sshd.pid>." msgstr "" #. type: Plain text #: fedora-40 fedora-rawhide mageia-cauldron opensuse-tumbleweed msgid "" "Specifies the signature algorithms that will be accepted for public key " "authentication as a list of comma-separated patterns. Alternately if the " "specified list begins with a E<.Sq +> character, then the specified " "algorithms will be appended to the built-in openssh default set instead of " "replacing them. If the specified list begins with a E<.Sq -> character, " "then the specified algorithms (including wildcards) will be removed from the " "built-in openssh default set instead of replacing them. If the specified " "list begins with a E<.Sq ^> character, then the specified algorithms will be " "placed at the head of the built-in openssh default set." msgstr "" #. type: Plain text #: fedora-40 fedora-rawhide mageia-cauldron msgid "" "Gives the facility code that is used when logging messages from E<.Xr sshd " "8>. The possible values are: DAEMON, USER, AUTH, AUTHPRIV, LOCAL0, LOCAL1, " "LOCAL2, LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7. The default is AUTH." msgstr "" #. type: It #: fedora-40 fedora-rawhide mageia-cauldron #, no-wrap msgid "Cm X11MaxDisplays" msgstr "" #. type: Plain text #: fedora-40 fedora-rawhide mageia-cauldron msgid "" "Specifies the maximum number of displays available for E<.Xr sshd 8 Ns 's> " "X11 forwarding. This prevents sshd from exhausting local ports. The " "default is 1000." msgstr "" #. type: Plain text #: fedora-40 fedora-rawhide opensuse-tumbleweed msgid "" "E<.Xr sftp-server 8>, E<.Xr sshd 8>, E<.Xr crypto-policies 7>, E<.Xr update-" "crypto-policies 8>" msgstr "" #. type: Dd #: mageia-cauldron #, no-wrap msgid "$Mdocdate: March 3 2023 $" msgstr "" #. type: Plain text #: opensuse-tumbleweed msgid "" "E<.Xr sshd 8> reads configuration data from E<.Pa /etc/ssh/sshd_config> ( E<." "Pa /usr/etc/ssh/sshd_config> if the file does not exist or the file " "specified with E<.Fl f> on the command line). The file contains keyword-" "argument pairs, one per line. Unless noted otherwise, for each keyword, the " "first obtained value will be used. Lines starting with E<.Ql #> and empty " "lines are interpreted as comments. Arguments may optionally be enclosed in " "double quotes E<.Pq \\&\"> in order to represent arguments containing spaces." msgstr "" #. type: Plain text #: opensuse-tumbleweed msgid "In the FIPS mode the minimum of SHA-1 is enforced (which means sha256)." msgstr "" #. type: Plain text #: opensuse-tumbleweed msgid "" "This option only applies to protocol version 2 connections using GSSAPI." msgstr "" #. type: Plain text #: opensuse-tumbleweed msgid "" "Specifies the signature algorithms that will be accepted for hostbased " "authentication as a list of comma-separated patterns. Alternately if the " "specified list begins with a E<.Sq +> character, then the specified " "signature algorithms will be appended to the built-in openssh set instead of " "replacing them. If the specified list begins with a E<.Sq -> character, " "then the specified signature algorithms (including wildcards) will be " "removed from the built-in openssh set instead of replacing them. If the " "specified list begins with a E<.Sq ^> character, then the specified " "signature algorithms will be placed at the head of the built-in openssh " "default set." msgstr "" #. type: Plain text #: opensuse-tumbleweed msgid "" "Specifies whether to ignore per-user E<.Pa .rhosts> and E<.Pa .shosts> files " "during E<.Cm HostbasedAuthentication>. The system-wide E<.Pa /etc/hosts." "equiv> and E<.Pa /etc/ssh/ssh/shosts.equiv> are still used regardless of " "this setting." msgstr "" #. type: Plain text #: opensuse-tumbleweed msgid "" "Specifies whether to allow keyboard-interactive authentication. All " "authentication styles from E<.Xr login.defs 5> are supported. The default " "is E<.Cm yes>. The argument to this keyword must be E<.Cm yes> or E<.Cm " "no>. E<.Cm ChallengeResponseAuthentication> is a deprecated alias for this." msgstr "" #. type: It #: opensuse-tumbleweed #, no-wrap msgid "Cm UsePAMCheckLocks" msgstr "" #. type: Plain text #: opensuse-tumbleweed msgid "" "When set to E<.Dq yes> , the checks whether the account has been locked with " "E<.Pa passwd -l> are performed even when PAM authentication is enabled via " "E<.Cm UsePAM>. This is to ensure that it is not possible to log in with e." "g. a public key (in such a case PAM is used only to set up the session and " "some PAM modules will not check whether the account is locked in this " "scenario). The default is E<.Dq no>." msgstr ""