tyler.durden
/
openssh-portable
mirror of https://github.com/PowerShell/openssh-portable.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

- djm@cvs.openbsd.org 2008/04/04 06:44:26 

[sshd_config.5]
     oops, some unrelated stuff crept into that commit - backout.
     spotted by jmc@
This commit is contained in:
Damien Miller 2008-05-19 14:28:19 +10:00
parent 797e3d117f
commit 56f41ddc54
2 changed files with 7 additions and 36 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
ChangeLog
View File

@ -4,6 +4,10 @@
[sshd_config.5] [sshd_config.5]
ChrootDirectory is supported in Match blocks (in fact, it is most useful ChrootDirectory is supported in Match blocks (in fact, it is most useful
there). Spotted by Minstrel AT minstrel.org.uk there). Spotted by Minstrel AT minstrel.org.uk
- djm@cvs.openbsd.org 2008/04/04 06:44:26
[sshd_config.5]
oops, some unrelated stuff crept into that commit - backout.
spotted by jmc@
20080403 20080403
- (djm) [openbsd-compat/bsd-poll.c] Include stdlib.h to avoid compile- - (djm) [openbsd-compat/bsd-poll.c] Include stdlib.h to avoid compile-
@ -3864,4 +3868,4 @@
OpenServer 6 and add osr5bigcrypt support so when someone migrates OpenServer 6 and add osr5bigcrypt support so when someone migrates
passwords between UnixWare and OpenServer they will still work. OK dtucker@ passwords between UnixWare and OpenServer they will still work. OK dtucker@
$Id: ChangeLog,v 1.4906 2008/05/19 04:27:42 djm Exp $ $Id: ChangeLog,v 1.4907 2008/05/19 04:28:19 djm Exp $

37
sshd_config.5
View File

@ -34,8 +34,8 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\" .\"
.\" $OpenBSD: sshd_config.5,v 1.85 2008/04/04 05:14:38 djm Exp $ .\" $OpenBSD: sshd_config.5,v 1.86 2008/04/04 06:44:26 djm Exp $
.Dd $Mdocdate: April 4 2008 $ .Dd $Mdocdate: May 19 2008 $
.Dt SSHD_CONFIG 5 .Dt SSHD_CONFIG 5
.Os .Os
.Sh NAME .Sh NAME
@ -210,29 +210,6 @@ in-process sftp server is used (see
.Cm Subsystem .Cm Subsystem
for details). for details).
.Pp .Pp
Please note that there are many ways to misconfigure a chroot environment
in ways that compromise security.
These include:
.Pp
.Bl -dash -offset indent -compact
.It
Making unsafe setuid binaries available;
.It
Having missing or incorrect configuration files in the chroot's
.Pa /etc
directory;
.It
Hard-linking files between the chroot and outside;
.It
Leaving unnecessary
.Pa /dev
nodes accessible inside the chroot (especially those for physical drives);
.It
Executing scripts or binaries inside the chroot from outside, either
directly or through facilities such as
.Xr cron 8 .
.El
.Pp
The default is not to The default is not to
.Xr chroot 2 . .Xr chroot 2 .
.It Cm Ciphers .It Cm Ciphers
@ -363,11 +340,6 @@ Specifying a command of
will force the use of an in-process sftp server that requires no support will force the use of an in-process sftp server that requires no support
files when used with files when used with
.Cm ChrootDirectory . .Cm ChrootDirectory .
Note that
.Dq internal-sftp
is only supported when
.Cm UsePrivilegeSeparation
is enabled.
.It Cm GatewayPorts .It Cm GatewayPorts
Specifies whether remote hosts are allowed to connect to ports Specifies whether remote hosts are allowed to connect to ports
forwarded for the client. forwarded for the client.
@ -830,11 +802,6 @@ server.
This may simplify configurations using This may simplify configurations using
.Cm ChrootDirectory .Cm ChrootDirectory
to force a different filesystem root on clients. to force a different filesystem root on clients.
Note that
.Dq internal-sftp
is only supported when
.Cm UsePrivilegeSeparation
is enabled.
.Pp .Pp
By default no subsystems are defined. By default no subsystems are defined.
Note that this option applies to protocol version 2 only. Note that this option applies to protocol version 2 only.