 |
Index for
Section 4 |
|
 |
Alphabetical
listing for S |
|
 |
Bottom of
page |
|
sshd2_subconfig(4)
NAME
sshd2_subconfig - Describes the subconfiguration that can be used for the
sshd2 daemon
DESCRIPTION
You can specify configuration options in subconfiguration files that have
the same format as the main configuration file. They are read after the
daemon forks a new process to handle the connection. If they are modified,
it is not necessary to restart the server process.
If parsing of the subconfiguration files fails, the server terminates the
connection for the host-specific subconfiguration or denies access for the
user-specific subconfiguration.
Most of the configuration options that work in the main file work in the
subconfiguration files.
The value for {Host,User}SpecificConfig keywords is a pattern-filename
pair. The pattern user is matched with the user name and user ID. Group is
matched with the user's primary and secondary groups, both group name and
group ID, and host is matched as described for AllowHosts.
With HostSpecificConfig, the pattern is host. Unlike sshd2_config, the
sshd2_subconfig files can have configuration blocks, or stanzas. With the
UserSpecificConfig subconfiguration, the format is user[%group][@host], and
with HostSpecificConfig the format is host.
The subconfiguration files are divided into two categories:
· user-specific
· host-specific
The user-specific subconfiguration files are read when the client enters a
user name. At this point, the server obtains additional information about
the user, such as the user's ID and user groups. With this information, the
server can read the user-specific configuration files in the main sshd2
configuration file.
The host-specific configuration files are configured with the
HostSpecificConfig variable. They are read after the daemon forks a new
process to handle the connection. Most configuration options can be set
here.
It is possible to mix the configuration files, but not recommended. Mixing
the files might cause unexpected behavior because the global settings in
these files would be set multiple times.
Subconfigurations are very flexible. You can specify different
authentication methods for different users, different banner messages for
people coming from certain hosts, and set log messages of certain groups to
go to different files.
NOTES
The following configuration variables work in the main file, the user-
specific file, and the host-specific configuration files:
· AllowShosts
· AllowTcpForwarding
· AllowedAuthentications
· AuthInteractiveFailureTimeout
· AuthKbdInt.NumOptional
· AuthKbdInt.Optional
· AuthKbdInt.Plugin
· AuthKbdInt.Required
· AuthKbdInt.Retries
· AuthorizationFile
· AuthPublicKey.MaxSize
· AuthPublicKey.MinSize
· CheckMail
· DenyShosts
· FascistLogging
· ForwardAgent
· ForwardX11
· HostbasedAuthForceClientHostnameDNSMatch
· IdleTimeout
· IgnoreRhosts
· IgnoreRootRhosts
· PasswdPath
· PasswordGuesses
· PermitEmptyPasswords
· PrintMOTD
· QuietMode
· RekeyIntervalSeconds
· RequiredAuthentications
· SecurIdGuesses
· SettableEnvironmentVars
· SftpSysLogFacility
· StrictModes
· SysLogFacility
· UserConfigDirectory
· UserKnownHosts
· VerboseMode
The following variables work in the host-specific configuration file and in
the main file:
· AllowGroups
· AllowTcpForwardingForGroups
· AllowTcpForwardingForUsers
· AllowUsers
· BannerMessageFile
· ChrootGroups
· ChrootUsers
· Ciphers
· DenyGroups
· DenyTcpForwardingForGroups
· DenyTcpForwardingForUsers
· DenyUsers
· ExternalAuthorizationProgram
· ForwardACL
· LoginGraceTime
· MACs
· PermitRootLogin
· SSH1Compatibility
· Sshd1ConfigFile
· Sshd1Path
LEGAL NOTICES
SSH is a registered trademark of SSH Communication Security Ltd.
SEE ALSO
Commands: sshd2(8), sshd-check-conf(8)
Files: sshd2_config(4)
Other: sshregex(5)
|
Index for
Section 4 |
|
|
Alphabetical
listing for S |
|
 |
Top of
page |
|