Lines Matching full:be

7 .\" can be used freely for any purpose.  Any derived versions of this
8 .\" software must be clearly marked as such, and if the derived work is
9 .\" incompatible with the protocol description in the RFC file, it must be
28 .\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
51 Unless noted otherwise, for each keyword, the first obtained value will be used.
55 Arguments may optionally be enclosed in double quotes
64 Specifies what environment variables sent by the client will be copied into
82 Multiple environment variables may be separated by whitespace or spread
86 Be warned that some environment variables could be used to bypass restricted
88 For this reason, care should be taken in the use of this directive.
91 Specifies which address family should be used by
110 This keyword can be followed by a list of group name patterns, separated
165 This keyword can be followed by a list of user name patterns, separated
187 Specifies the authentication methods that must be successfully completed
188 for a user to be granted access.
189 This option must be followed by one or more lists of comma-separated
202 so for this example it would not be possible to attempt password or
227 Note that each authentication method listed should also be explicitly enabled
242 Specifies a program to be used to look up the user's public keys.
243 The program must be owned by root, not writable by group or others and
260 files and will not be executed if a matching key is found there.
288 is taken to be an absolute path or one relative to the user's home
290 Multiple files may be listed, separated by whitespace.
291 Alternately this option may be set to
297 Specifies a program to be used to generate the list of allowed
300 The program must be owned by root, not writable by group or others and
341 to be accepted for authentication.
357 is taken to be an absolute path or one relative to the user's home directory.
361 of the user must appear in a certificate's principals list for it to be
396 character, then the specified algorithms will be appended to the default set
400 character, then the specified algorithms (including wildcards) will be removed
403 Certificates signed using other algorithms will not be accepted for
413 must be the special keyword
433 expires then all open channels will be closed.
434 Note that this global timeout is not matched by wildcards and must be
525 For safety, it is very important that the directory hierarchy be
538 Multiple ciphers must be comma-separated.
541 character, then the specified ciphers will be appended to the default set
545 character, then the specified ciphers (including wildcards) will be removed
549 character, then the specified ciphers will be placed at the head of the
584 The list of available ciphers may also be obtained using
587 Sets the number of client alive messages which may be sent without
596 and therefore will not be spoofable.
609 will be disconnected after approximately 45 seconds.
620 is 0, indicating that these messages will not be sent to the client.
624 The argument must be
634 This keyword can be followed by a list of group name patterns, separated
651 This keyword can be followed by a list of user name patterns, separated
722 can be used to specify that sshd
725 The argument may be
727 to force remote port forwardings to be available to the local host only,
744 Determines whether to be strict about the identity of the GSSAPI acceptor
758 Specifies the signature algorithms that will be accepted for hostbased
762 character, then the specified signature algorithms will be appended to
767 will be removed from the default set instead of replacing them.
770 character, then the specified signature algorithms will be placed at
789 The list of available signature algorithms may also be obtained using
842 In this case operations on the private key will be delegated
850 is specified, the location of the socket will be read from the
873 The list of available signature algorithms may also be obtained using
915 Multiple pathnames may be specified and each pathname may contain
917 wildcards that will be expanded and processed in lexical order.
918 Files without absolute paths are assumed to be in
975 The argument to this keyword must be
984 will be validated through the Kerberos KDC.
996 the password will be validated via any additional local mechanism
1011 Multiple algorithms must be comma-separated.
1015 character, then the specified algorithms will be appended to the default set
1019 character, then the specified algorithms (including wildcards) will be removed
1023 character, then the specified algorithms will be placed at the head of the
1069 The list of supported key exchange algorithms may also be obtained using
1075 The following forms may be used:
1157 Multiple algorithms must be comma-separated.
1160 character, then the specified algorithms will be appended to the default set
1164 character, then the specified algorithms (including wildcards) will be removed
1168 character, then the specified algorithms will be placed at the head of the
1221 The list of available MAC algorithms may also be obtained using
1269 Note that the mask length provided must be consistent with the address -
1274 Only a subset of keywords may be used on the lines following a
1348 Multiple sessions may be established by clients that support connection
1359 Additional connections will be dropped until authentication succeeds or the
1364 Alternatively, random early drop can be enabled by specifying
1393 The listen specification must be one of the following forms:
1408 Multiple permissions may be specified by separating them with whitespace.
1411 can be used to remove all restrictions and permit any listen requests.
1414 can be used to prohibit all listen requests.
1419 can also be used in place of a port number to allow all ports.
1423 option may further restrict which addresses may be listened on.
1435 The forwarding specification must be one of the following forms:
1455 Multiple forwards may be specified by separating them with whitespace.
1458 can be used to remove all restrictions and permit any forwarding requests.
1461 can be used to prohibit all forwarding requests.
1464 can be used for host or port to allow all hosts or ports respectively.
1471 The argument must be
1488 root login with public key authentication will be allowed,
1492 (which may be useful for taking remote backups even if root login is
1509 The argument must be
1567 Values for IPv4 and optionally IPv6 may be specified, separated by a colon.
1577 will be refused connection for a period.
1589 The defaults may be overridden by specifying one or more of the keywords below,
1608 This timeout should be used cautiously otherwise it may penalise legitimate
1616 Specifies the maximum time a particular source address range will be refused
1651 Note that the mask length provided must be consistent with the address -
1690 Specifies the signature algorithms that will be accepted for public key
1694 character, then the specified algorithms will be appended to the default set
1698 character, then the specified algorithms (including wildcards) will be removed
1702 character, then the specified algorithms will be placed at the head of the
1721 The list of available signature algorithms may also be obtained using
1768 penalty may be recorded against the source of the connection if
1775 Specifies the maximum amount of data that may be transmitted or received
1803 User and host-based authentication keys smaller than this limit will be
1808 Note that this limit may only be raised from the default.
1813 Keys listed in this file will be refused for public key authentication.
1815 be refused for all users.
1816 Keys may be specified as a text file, listing one public key per line, or as
1825 will be bound to this
1829 then the domain in which the incoming connection was received will be applied.
1831 Specifies a path to a library that will be used when loading
1840 The environment value may be quoted (e.g. if it contains whitespace
1881 will be unable to forward the port to the Unix-domain socket file.
1884 The argument must be
1904 Arguments should be a subsystem name and a command (with optional arguments)
1923 do not apply to it and must be set explicitly via
1937 of the machines will be properly noticed.
1952 To disable TCP keepalive messages, the value should be set to
1963 listed in this file, then it may be used for authentication for any user
1965 Note that certificates that lack a list of principals will not be permitted
1988 Caution should be used when using short timeout values, as they may not
1995 This option may be useful in conjunction with
2006 (the default) then only addresses and not host names may be used in
2027 The argument must be
2034 When X11 forwarding is enabled, there may be additional exposure to
2043 display server may be exposed to attack when the SSH client requests
2071 may be set to
2073 to specify that the forwarding server should be bound to the wildcard
2075 The argument must be
2093 may be expressed using a sequence of the form:
2191 This file should be writable by root only, but it is recommended
2192 (though not necessary) that it be world-readable.