.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.\" $OpenBSD: sshd_config.5,v 1.66 2006/07/19 08:56:41 dtucker Exp $
+.\" $OpenBSD: sshd_config.5,v 1.72 2007/02/19 10:45:58 dtucker Exp $
.Dd September 25, 1999
.Dt SSHD_CONFIG 5
.Os
.Nm sshd_config
.Nd OpenSSH SSH daemon configuration file
.Sh SYNOPSIS
-.Bl -tag -width Ds -compact
-.It Pa /etc/ssh/sshd_config
-.El
+.Nm /etc/ssh/sshd_config
.Sh DESCRIPTION
.Xr sshd 8
reads configuration data from
in
.Xr ssh_config 5
for more information on patterns.
+.It Cm ForceCommand
+Forces the execution of the command specified by
+.Cm ForceCommand ,
+ignoring any command supplied by the client.
+The command is invoked by using the user's login shell with the -c option.
+This applies to shell, command, or subsystem execution.
+It is most useful inside a
+.Cm Match
+block.
+The command originally supplied by the client is available in the
+.Ev SSH_ORIGINAL_COMMAND
+environment variable.
.It Cm GatewayPorts
Specifies whether remote hosts are allowed to connect to ports
forwarded for the client.
and applies to protocol version 2 only.
The default is
.Dq no .
+.It Cm HostbasedUsesNameFromPacketOnly
+Specifies whether or not the server will attempt to perform a reverse
+name lookup when matching the name in the
+.Pa ~/.shosts ,
+.Pa ~/.rhosts ,
+and
+.Pa /etc/hosts.equiv
+files during
+.Cm HostbasedAuthentication .
+A setting of
+.Dq yes
+means that
+.Xr sshd 8
+uses the name supplied by the client rather than
+attempting to resolve the name from the TCP connection itself.
+The default is
+.Dq no .
.It Cm HostKey
Specifies a file containing a private host key
used by SSH.
are one or more criteria-pattern pairs.
The available criteria are
.Cm User ,
+.Cm Group ,
.Cm Host ,
and
.Cm Address .
keyword.
Available keywords are
.Cm AllowTcpForwarding ,
+.Cm Banner ,
+.Cm ChallengeResponseAuthentication ,
+.Cm ForceCommand ,
.Cm GatewayPorts ,
+.Cm GSSApiAuthentication ,
+.Cm KerberosAuthentication ,
+.Cm KeyboardInteractiveAuthentication ,
+.Cm PasswordAuthentication ,
.Cm PermitOpen ,
+.Cm RhostsRSAAuthentication ,
+.Cm RSAAuthentication ,
.Cm X11DisplayOffset ,
.Cm X11Forwarding ,
and
.Sm on
.El
.Pp
-Multiple instances of
-.Cm PermitOpen
-are permitted.
+Multiple forwards may be specified by separating them with whitespace.
An argument of
.Dq any
can be used to remove all restrictions and permit any forwarding requests.