X-Git-Url: http://andersk.mit.edu/gitweb/openssh.git/blobdiff_plain/d92c9eaad2e50f6e5fa35ebd1ed81a2a1e803827..d03186af8de9b660564ccc1804d2a9c2e93b2e58:/sshd_config.5 diff --git a/sshd_config.5 b/sshd_config.5 index 98eefd9a..b74ab5b8 100644 --- a/sshd_config.5 +++ b/sshd_config.5 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd_config.5,v 1.111 2009/10/28 21:45:08 jmc Exp $ +.\" $OpenBSD: sshd_config.5,v 1.115 2009/12/29 18:03:32 jmc Exp $ .Dd $Mdocdate$ .Dt SSHD_CONFIG 5 .Os @@ -182,16 +182,16 @@ PAM or though authentication styles supported in The default is .Dq yes . .It Cm ChrootDirectory -Specifies a path to +Specifies the pathname of a directory to .Xr chroot 2 to after authentication. -This path, and all its components, must be root-owned directories that are +All components of the pathname must be root-owned directories that are not writable by any other user or group. After the chroot, .Xr sshd 8 changes the working directory to the user's home directory. .Pp -The path may contain the following tokens that are expanded at runtime once +The pathname may contain the following tokens that are expanded at runtime once the connecting user has been authenticated: %% is replaced by a literal '%', %h is replaced by the home directory of the user being authenticated, and %u is replaced by the username of that user. @@ -806,15 +806,15 @@ Specifies whether public key authentication is allowed. The default is .Dq yes . Note that this option applies to protocol version 2 only. -.It Cm RDomain -Set the routing domain number. -The default routing domain is set by the system. .It Cm RhostsRSAAuthentication Specifies whether rhosts or /etc/hosts.equiv authentication together with successful RSA host authentication is allowed. The default is .Dq no . This option applies to protocol version 1 only. +.It Cm RoutingDomain +Set the routing domain number. +The default routing domain is set by the system. .It Cm RSAAuthentication Specifies whether pure RSA authentication is allowed. The default is @@ -832,6 +832,9 @@ This is normally desirable because novices sometimes accidentally leave their directory or files world-writable. The default is .Dq yes . +Note that this does not apply to +.Cm ChrootDirectory , +whose permissions and ownership are checked unconditionally. .It Cm Subsystem Configures an external subsystem (e.g. file transfer daemon). Arguments should be a subsystem name and a command (with optional arguments)