|
|
sshd2_subconfig(4)
Contents
|
sshd2_subconfig - Describes the subconfiguration that can
be used for the sshd2 daemon
You can specify configuration options in subconfiguration
files that have the same format as the main configuration
file. They are read after the daemon forks a new process
to handle the connection. If they are modified, it is not
necessary to restart the server process.
If parsing of the subconfiguration files fails, the server
terminates the connection for the host-specific subconfiguration
or denies access for the user-specific subconfiguration.
Most of the configuration options that work in the main
file work in the subconfiguration files.
The value for {Host,User}SpecificConfig keywords is a pattern-filename
pair. The pattern user is matched with the
user name and user ID. Group is matched with the user's
primary and secondary groups, both group name and group
ID, and host is matched as described for AllowHosts.
With HostSpecificConfig, the pattern is host. Unlike
sshd2_config, the sshd2_subconfig files can have configuration
blocks, or stanzas. With the UserSpecificConfig
subconfiguration, the format is user[%group][@host], and
with HostSpecificConfig the format is host.
The subconfiguration files are divided into two categories:
user-specific host-specific
The user-specific subconfiguration files are read when the
client enters a user name. At this point, the server
obtains additional information about the user, such as the
user's ID and user groups. With this information, the
server can read the user-specific configuration files in
the main sshd2 configuration file.
The host-specific configuration files are configured with
the HostSpecificConfig variable. They are read after the
daemon forks a new process to handle the connection. Most
configuration options can be set here.
It is possible to mix the configuration files, but not
recommended. Mixing the files might cause unexpected
behavior because the global settings in these files would
be set multiple times.
Subconfigurations are very flexible. You can specify different
authentication methods for different users, different
banner messages for people coming from certain hosts,
and set log messages of certain groups to go to different
files.
The following configuration variables work in the main
file, the user-specific file, and the host-specific configuration
files: AllowShosts AllowTcpForwarding
AllowedAuthentications AuthInteractiveFailureTimeout
AuthKbdInt.NumOptional AuthKbdInt.Optional AuthKbdInt.Plugin
AuthKbdInt.Required AuthKbdInt.Retries AuthorizationFile
AuthPublicKey.MaxSize AuthPublicKey.MinSize CheckMail
DenyShosts FascistLogging ForwardAgent ForwardX11 HostbasedAuthForceClientHostnameDNSMatch
IdleTimeout IgnoreRhosts
IgnoreRootRhosts PasswdPath PasswordGuesses PermitEmptyPasswords
PrintMOTD QuietMode RekeyIntervalSeconds
RequiredAuthentications SecurIdGuesses SettableEnvironmentVars
SftpSysLogFacility StrictModes SysLogFacility
UserConfigDirectory UserKnownHosts VerboseMode
The following variables work in the host-specific configuration
file and in the main file: AllowGroups AllowTcpForwardingForGroups
AllowTcpForwardingForUsers AllowUsers
BannerMessageFile ChrootGroups ChrootUsers Ciphers DenyGroups
DenyTcpForwardingForGroups DenyTcpForwardingForUsers
DenyUsers ExternalAuthorizationProgram ForwardACL
LoginGraceTime MACs PermitRootLogin SSH1Compatibility
Sshd1ConfigFile Sshd1Path
SSH is a registered trademark of SSH Communication Security
Ltd.
Commands: sshd2(8), sshd-check-conf(8)
Files: sshd2_config(4)
Other: sshregex(5)
sshd2_subconfig(4)
[ Back ] |
