external/openssh: update to 6.8p1.
In preparation for some updates to external/openssh to make it work with
BoringSSL, this change updates the code to a recent version. The current
version (5.9p1) is coming up on four years old now.
* Confirmed that f5c67b478bef9992de9e9ec91ce10af4f6205e0d matches
OpenSSH 5.9p1 exactly (save for the removal of the scard
subdirectory).
* Downloaded openssh-6.8p1.tar.gz (SHA256:
3ff64ce73ee124480b5bf767b9830d7d3c03bbcb6abe716b78f0192c37ce160e)
and verified with PGP signature. (I've verified Damien's key in
person previously.)
* Applied changes between f5c67b478bef9992de9e9ec91ce10af4f6205e0d and
OpenSSH 5.9p1 to 6.8p1 and updated the build as best I can. The
ugliest change is probably the duplication of umac.c to umac128.c
because Android conditionally compiles that file twice. See the
comment in those files.
Change-Id: I63cb07a8118afb5a377f116087a0882914cea486
diff --git a/sshd_config.5 b/sshd_config.5
index a6c3787..6dce0c7 100644
--- a/sshd_config.5
+++ b/sshd_config.5
@@ -33,8 +33,8 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.\" $OpenBSD: sshd_config.5,v 1.135 2011/08/02 01:22:11 djm Exp $
-.Dd $Mdocdate: August 2 2011 $
+.\" $OpenBSD: sshd_config.5,v 1.194 2015/02/20 23:46:01 djm Exp $
+.Dd $Mdocdate: February 20 2015 $
.Dt SSHD_CONFIG 5
.Os
.Sh NAME
@@ -117,18 +117,49 @@
and finally
.Cm AllowGroups .
.Pp
-See
-.Sx PATTERNS
-in
+See PATTERNS in
.Xr ssh_config 5
for more information on patterns.
.It Cm AllowTcpForwarding
Specifies whether TCP forwarding is permitted.
+The available options are
+.Dq yes
+or
+.Dq all
+to allow TCP forwarding,
+.Dq no
+to prevent all TCP forwarding,
+.Dq local
+to allow local (from the perspective of
+.Xr ssh 1 )
+forwarding only or
+.Dq remote
+to allow remote forwarding only.
The default is
.Dq yes .
Note that disabling TCP forwarding does not improve security unless
users are also denied shell access, as they can always install their
own forwarders.
+.It Cm AllowStreamLocalForwarding
+Specifies whether StreamLocal (Unix-domain socket) forwarding is permitted.
+The available options are
+.Dq yes
+or
+.Dq all
+to allow StreamLocal forwarding,
+.Dq no
+to prevent all StreamLocal forwarding,
+.Dq local
+to allow local (from the perspective of
+.Xr ssh 1 )
+forwarding only or
+.Dq remote
+to allow remote forwarding only.
+The default is
+.Dq yes .
+Note that disabling StreamLocal forwarding does not improve security unless
+users are also denied shell access, as they can always install their
+own forwarders.
.It Cm AllowUsers
This keyword can be followed by a list of user name patterns, separated
by spaces.
@@ -146,16 +177,85 @@
and finally
.Cm AllowGroups .
.Pp
-See
-.Sx PATTERNS
-in
+See PATTERNS in
.Xr ssh_config 5
for more information on patterns.
+.It Cm AuthenticationMethods
+Specifies the authentication methods that must be successfully completed
+for a user to be granted access.
+This option must be followed by one or more comma-separated lists of
+authentication method names.
+Successful authentication requires completion of every method in at least
+one of these lists.
+.Pp
+For example, an argument of
+.Dq publickey,password publickey,keyboard-interactive
+would require the user to complete public key authentication, followed by
+either password or keyboard interactive authentication.
+Only methods that are next in one or more lists are offered at each stage,
+so for this example, it would not be possible to attempt password or
+keyboard-interactive authentication before public key.
+.Pp
+For keyboard interactive authentication it is also possible to
+restrict authentication to a specific device by appending a
+colon followed by the device identifier
+.Dq bsdauth ,
+.Dq pam ,
+or
+.Dq skey ,
+depending on the server configuration.
+For example,
+.Dq keyboard-interactive:bsdauth
+would restrict keyboard interactive authentication to the
+.Dq bsdauth
+device.
+.Pp
+If the
+.Dq publickey
+method is listed more than once,
+.Xr sshd 8
+verifies that keys that have been used successfully are not reused for
+subsequent authentications.
+For example, an
+.Cm AuthenticationMethods
+of
+.Dq publickey,publickey
+will require successful authentication using two different public keys.
+.Pp
+This option is only available for SSH protocol 2 and will yield a fatal
+error if enabled if protocol 1 is also enabled.
+Note that each authentication method listed should also be explicitly enabled
+in the configuration.
+The default is not to require multiple authentication; successful completion
+of a single authentication method is sufficient.
+.It Cm AuthorizedKeysCommand
+Specifies a program to be used to look up the user's public keys.
+The program must be owned by root and not writable by group or others.
+It will be invoked with a single argument of the username
+being authenticated, and should produce on standard output zero or
+more lines of authorized_keys output (see AUTHORIZED_KEYS in
+.Xr sshd 8 ) .
+If a key supplied by AuthorizedKeysCommand does not successfully authenticate
+and authorize the user then public key authentication continues using the usual
+.Cm AuthorizedKeysFile
+files.
+By default, no AuthorizedKeysCommand is run.
+.It Cm AuthorizedKeysCommandUser
+Specifies the user under whose account the AuthorizedKeysCommand is run.
+It is recommended to use a dedicated user that has no other role on the host
+than running authorized keys commands.
+If
+.Cm AuthorizedKeysCommand
+is specified but
+.Cm AuthorizedKeysCommandUser
+is not, then
+.Xr sshd 8
+will refuse to start.
.It Cm AuthorizedKeysFile
Specifies the file that contains the public keys that can be used
for user authentication.
The format is described in the
-.Sx AUTHORIZED_KEYS FILE FORMAT
+AUTHORIZED_KEYS FILE FORMAT
section of
.Xr sshd 8 .
.Cm AuthorizedKeysFile
@@ -179,9 +279,7 @@
this file lists names, one of which must appear in the certificate for it
to be accepted for authentication.
Names are listed one per line preceded by key options (as described
-in
-.Sx AUTHORIZED_KEYS FILE FORMAT
-in
+in AUTHORIZED_KEYS FILE FORMAT in
.Xr sshd 8 ) .
Empty lines and comments starting with
.Ql #
@@ -198,7 +296,9 @@
is taken to be an absolute path or one relative to the user's home
directory.
.Pp
-The default is not to use a principals file \(en in this case, the username
+The default is
+.Dq none ,
+i.e. not to use a principals file \(en in this case, the username
of the user must appear in a certificate's principals list for it to be
accepted.
Note that
@@ -222,7 +322,7 @@
By default, no banner is displayed.
.It Cm ChallengeResponseAuthentication
Specifies whether challenge-response authentication is allowed (e.g. via
-PAM or though authentication styles supported in
+PAM or through authentication styles supported in
.Xr login.conf 5 )
The default is
.Dq yes .
@@ -230,8 +330,10 @@
Specifies the pathname of a directory to
.Xr chroot 2
to after authentication.
-All components of the pathname must be root-owned directories that are
-not writable by any other user or group.
+At session startup
+.Xr sshd 8
+checks that all components of the pathname are root-owned directories
+which are not writable by any other user or group.
After the chroot,
.Xr sshd 8
changes the working directory to the user's home directory.
@@ -255,7 +357,6 @@
.Xr stdin 4 ,
.Xr stdout 4 ,
.Xr stderr 4 ,
-.Xr arandom 4
and
.Xr tty 4
devices.
@@ -263,37 +364,72 @@
.Dq sftp ,
no additional configuration of the environment is necessary if the
in-process sftp server is used,
-though sessions which use logging do require
+though sessions which use logging may require
.Pa /dev/log
-inside the chroot directory (see
+inside the chroot directory on some operating systems (see
.Xr sftp-server 8
for details).
.Pp
+For safety, it is very important that the directory hierarchy be
+prevented from modification by other processes on the system (especially
+those outside the jail).
+Misconfiguration can lead to unsafe environments which
+.Xr sshd 8
+cannot detect.
+.Pp
The default is not to
.Xr chroot 2 .
.It Cm Ciphers
Specifies the ciphers allowed for protocol version 2.
Multiple ciphers must be comma-separated.
-The supported ciphers are
-.Dq 3des-cbc ,
-.Dq aes128-cbc ,
-.Dq aes192-cbc ,
-.Dq aes256-cbc ,
-.Dq aes128-ctr ,
-.Dq aes192-ctr ,
-.Dq aes256-ctr ,
-.Dq arcfour128 ,
-.Dq arcfour256 ,
-.Dq arcfour ,
-.Dq blowfish-cbc ,
-and
-.Dq cast128-cbc .
+The supported ciphers are:
+.Pp
+.Bl -item -compact -offset indent
+.It
+3des-cbc
+.It
+aes128-cbc
+.It
+aes192-cbc
+.It
+aes256-cbc
+.It
+aes128-ctr
+.It
+aes192-ctr
+.It
+aes256-ctr
+.It
+aes128-gcm@openssh.com
+.It
+aes256-gcm@openssh.com
+.It
+arcfour
+.It
+arcfour128
+.It
+arcfour256
+.It
+blowfish-cbc
+.It
+cast128-cbc
+.It
+chacha20-poly1305@openssh.com
+.El
+.Pp
The default is:
-.Bd -literal -offset 3n
-aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,
-aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,
-aes256-cbc,arcfour
+.Bd -literal -offset indent
+aes128-ctr,aes192-ctr,aes256-ctr,
+aes128-gcm@openssh.com,aes256-gcm@openssh.com,
+chacha20-poly1305@openssh.com
.Ed
+.Pp
+The list of available ciphers may also be obtained using the
+.Fl Q
+option of
+.Xr ssh 1
+with an argument of
+.Dq cipher .
.It Cm ClientAliveCountMax
Sets the number of client alive messages (see below) which may be
sent without
@@ -354,9 +490,7 @@
and finally
.Cm AllowGroups .
.Pp
-See
-.Sx PATTERNS
-in
+See PATTERNS in
.Xr ssh_config 5
for more information on patterns.
.It Cm DenyUsers
@@ -375,11 +509,17 @@
and finally
.Cm AllowGroups .
.Pp
-See
-.Sx PATTERNS
-in
+See PATTERNS in
.Xr ssh_config 5
for more information on patterns.
+.It Cm FingerprintHash
+Specifies the hash algorithm used when logging key fingerprints.
+Valid options are:
+.Dq md5
+and
+.Dq sha256 .
+The default is
+.Dq sha256 .
.It Cm ForceCommand
Forces the execution of the command specified by
.Cm ForceCommand ,
@@ -430,6 +570,17 @@
The default is
.Dq yes .
Note that this option applies to protocol version 2 only.
+.It Cm HostbasedAcceptedKeyTypes
+Specifies the key types that will be accepted for hostbased authentication
+as a comma-separated pattern list.
+The default
+.Dq *
+will allow all key types.
+The
+.Fl Q
+option of
+.Xr ssh 1
+may be used to list supported key types.
.It Cm HostbasedAuthentication
Specifies whether rhosts or /etc/hosts.equiv authentication together
with successful public key client host authentication is allowed
@@ -471,7 +622,8 @@
.Pa /etc/ssh/ssh_host_key
for protocol version 1, and
.Pa /etc/ssh/ssh_host_dsa_key ,
-.Pa /etc/ssh/ssh_host_ecdsa_key
+.Pa /etc/ssh/ssh_host_ecdsa_key ,
+.Pa /etc/ssh/ssh_host_ed25519_key
and
.Pa /etc/ssh/ssh_host_rsa_key
for protocol version 2.
@@ -482,10 +634,23 @@
.Dq rsa1
keys are used for version 1 and
.Dq dsa ,
-.Dq ecdsa
+.Dq ecdsa ,
+.Dq ed25519
or
.Dq rsa
are used for version 2 of the SSH protocol.
+It is also possible to specify public host key files instead.
+In this case operations on the private key will be delegated
+to an
+.Xr ssh-agent 1 .
+.It Cm HostKeyAgent
+Identifies the UNIX-domain socket used to communicate
+with an agent that has access to the private host keys.
+If
+.Dq SSH_AUTH_SOCK
+is specified, the location of the socket will be read from the
+.Ev SSH_AUTH_SOCK
+environment variable.
.It Cm IgnoreRhosts
Specifies that
.Pa .rhosts
@@ -519,7 +684,7 @@
.Dq af11 ,
.Dq af12 ,
.Dq af13 ,
-.Dq af14 ,
+.Dq af21 ,
.Dq af22 ,
.Dq af23 ,
.Dq af31 ,
@@ -550,6 +715,17 @@
for interactive sessions and
.Dq throughput
for non-interactive sessions.
+.It Cm KbdInteractiveAuthentication
+Specifies whether to allow keyboard-interactive authentication.
+The argument to this keyword must be
+.Dq yes
+or
+.Dq no .
+The default is to use whatever value
+.Cm ChallengeResponseAuthentication
+is set to
+(by default
+.Dq yes ) .
.It Cm KerberosAuthentication
Specifies whether the password provided by the user for
.Cm PasswordAuthentication
@@ -578,14 +754,41 @@
.It Cm KexAlgorithms
Specifies the available KEX (Key Exchange) algorithms.
Multiple algorithms must be comma-separated.
-The default is
-.Dq ecdh-sha2-nistp256 ,
-.Dq ecdh-sha2-nistp384 ,
-.Dq ecdh-sha2-nistp521 ,
-.Dq diffie-hellman-group-exchange-sha256 ,
-.Dq diffie-hellman-group-exchange-sha1 ,
-.Dq diffie-hellman-group14-sha1 ,
-.Dq diffie-hellman-group1-sha1 .
+The supported algorithms are:
+.Pp
+.Bl -item -compact -offset indent
+.It
+curve25519-sha256@libssh.org
+.It
+diffie-hellman-group1-sha1
+.It
+diffie-hellman-group14-sha1
+.It
+diffie-hellman-group-exchange-sha1
+.It
+diffie-hellman-group-exchange-sha256
+.It
+ecdh-sha2-nistp256
+.It
+ecdh-sha2-nistp384
+.It
+ecdh-sha2-nistp521
+.El
+.Pp
+The default is:
+.Bd -literal -offset indent
+curve25519-sha256@libssh.org,
+ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,
+diffie-hellman-group-exchange-sha256,
+diffie-hellman-group14-sha1
+.Ed
+.Pp
+The list of available key exchange algorithms may also be obtained using the
+.Fl Q
+option of
+.Xr ssh 1
+with an argument of
+.Dq kex .
.It Cm KeyRegenerationInterval
In protocol version 1, the ephemeral server key is automatically regenerated
after this many seconds (if it has been used).
@@ -605,18 +808,18 @@
.It
.Cm ListenAddress
.Sm off
-.Ar host No | Ar IPv4_addr No | Ar IPv6_addr
+.Ar host | Ar IPv4_addr | Ar IPv6_addr
.Sm on
.It
.Cm ListenAddress
.Sm off
-.Ar host No | Ar IPv4_addr No : Ar port
+.Ar host | Ar IPv4_addr : Ar port
.Sm on
.It
.Cm ListenAddress
.Sm off
.Oo
-.Ar host No | Ar IPv6_addr Oc : Ar port
+.Ar host | Ar IPv6_addr Oc : Ar port
.Sm on
.El
.Pp
@@ -652,13 +855,65 @@
The MAC algorithm is used in protocol version 2
for data integrity protection.
Multiple algorithms must be comma-separated.
+The algorithms that contain
+.Dq -etm
+calculate the MAC after encryption (encrypt-then-mac).
+These are considered safer and their use recommended.
+The supported MACs are:
+.Pp
+.Bl -item -compact -offset indent
+.It
+hmac-md5
+.It
+hmac-md5-96
+.It
+hmac-ripemd160
+.It
+hmac-sha1
+.It
+hmac-sha1-96
+.It
+hmac-sha2-256
+.It
+hmac-sha2-512
+.It
+umac-64@openssh.com
+.It
+umac-128@openssh.com
+.It
+hmac-md5-etm@openssh.com
+.It
+hmac-md5-96-etm@openssh.com
+.It
+hmac-ripemd160-etm@openssh.com
+.It
+hmac-sha1-etm@openssh.com
+.It
+hmac-sha1-96-etm@openssh.com
+.It
+hmac-sha2-256-etm@openssh.com
+.It
+hmac-sha2-512-etm@openssh.com
+.It
+umac-64-etm@openssh.com
+.It
+umac-128-etm@openssh.com
+.El
+.Pp
The default is:
.Bd -literal -offset indent
-hmac-md5,hmac-sha1,umac-64@openssh.com,
-hmac-ripemd160,hmac-sha1-96,hmac-md5-96,
-hmac-sha2-256,hmac-sha256-96,hmac-sha2-512,
-hmac-sha2-512-96
+umac-64-etm@openssh.com,umac-128-etm@openssh.com,
+hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,
+umac-64@openssh.com,umac-128@openssh.com,
+hmac-sha2-256,hmac-sha2-512
.Ed
+.Pp
+The list of available MAC algorithms may also be obtained using the
+.Fl Q
+option of
+.Xr ssh 1
+with an argument of
+.Dq mac .
.It Cm Match
Introduces a conditional block.
If all of the criteria on the
@@ -667,20 +922,27 @@
set in the global section of the config file, until either another
.Cm Match
line or the end of the file.
+If a keyword appears in multiple
+.Cm Match
+blocks that are satisfied, only the first instance of the keyword is
+applied.
.Pp
The arguments to
.Cm Match
-are one or more criteria-pattern pairs.
+are one or more criteria-pattern pairs or the single token
+.Cm All
+which matches all criteria.
The available criteria are
.Cm User ,
.Cm Group ,
.Cm Host ,
+.Cm LocalAddress ,
+.Cm LocalPort ,
and
.Cm Address .
The match patterns may consist of single entries or comma-separated
lists and may use the wildcard and negation operators described in the
-.Sx PATTERNS
-section of
+PATTERNS section of
.Xr ssh_config 5 .
.Pp
The patterns in an
@@ -703,17 +965,28 @@
.Cm Match
keyword.
Available keywords are
+.Cm AcceptEnv ,
.Cm AllowAgentForwarding ,
+.Cm AllowGroups ,
+.Cm AllowStreamLocalForwarding ,
.Cm AllowTcpForwarding ,
+.Cm AllowUsers ,
+.Cm AuthenticationMethods ,
+.Cm AuthorizedKeysCommand ,
+.Cm AuthorizedKeysCommandUser ,
.Cm AuthorizedKeysFile ,
.Cm AuthorizedPrincipalsFile ,
.Cm Banner ,
.Cm ChrootDirectory ,
+.Cm DenyGroups ,
+.Cm DenyUsers ,
.Cm ForceCommand ,
.Cm GatewayPorts ,
.Cm GSSAPIAuthentication ,
+.Cm HostbasedAcceptedKeyTypes ,
.Cm HostbasedAuthentication ,
.Cm HostbasedUsesNameFromPacketOnly ,
+.Cm IPQoS ,
.Cm KbdInteractiveAuthentication ,
.Cm KerberosAuthentication ,
.Cm MaxAuthTries ,
@@ -722,10 +995,18 @@
.Cm PermitEmptyPasswords ,
.Cm PermitOpen ,
.Cm PermitRootLogin ,
+.Cm PermitTTY ,
.Cm PermitTunnel ,
+.Cm PermitUserRC ,
+.Cm PubkeyAcceptedKeyTypes ,
.Cm PubkeyAuthentication ,
+.Cm RekeyLimit ,
+.Cm RevokedKeys ,
.Cm RhostsRSAAuthentication ,
.Cm RSAAuthentication ,
+.Cm StreamLocalBindMask ,
+.Cm StreamLocalBindUnlink ,
+.Cm TrustedUserCAKeys ,
.Cm X11DisplayOffset ,
.Cm X11Forwarding
and
@@ -745,7 +1026,7 @@
Additional connections will be dropped until authentication succeeds or the
.Cm LoginGraceTime
expires for a connection.
-The default is 10.
+The default is 10:30:100.
.Pp
Alternatively, random early drop can be enabled by specifying
the three colon separated values
@@ -798,6 +1079,9 @@
An argument of
.Dq any
can be used to remove all restrictions and permit any forwarding requests.
+An argument of
+.Dq none
+can be used to prohibit all forwarding requests.
By default all port forwarding requests are permitted.
.It Cm PermitRootLogin
Specifies whether root can log in using
@@ -847,6 +1131,16 @@
.Dq ethernet .
The default is
.Dq no .
+.Pp
+Independent of this setting, the permissions of the selected
+.Xr tun 4
+device must allow access to the user.
+.It Cm PermitTTY
+Specifies whether
+.Xr pty 4
+allocation is permitted.
+The default is
+.Dq yes .
.It Cm PermitUserEnvironment
Specifies whether
.Pa ~/.ssh/environment
@@ -861,6 +1155,12 @@
Enabling environment processing may enable users to bypass access
restrictions in some configurations using mechanisms such as
.Ev LD_PRELOAD .
+.It Cm PermitUserRC
+Specifies whether any
+.Pa ~/.ssh/rc
+file is executed.
+The default is
+.Dq yes .
.It Cm PidFile
Specifies the file that contains the process ID of the
SSH daemon.
@@ -910,16 +1210,58 @@
.Dq 2,1
is identical to
.Dq 1,2 .
+.It Cm PubkeyAcceptedKeyTypes
+Specifies the key types that will be accepted for public key authentication
+as a comma-separated pattern list.
+The default
+.Dq *
+will allow all key types.
+The
+.Fl Q
+option of
+.Xr ssh 1
+may be used to list supported key types.
.It Cm PubkeyAuthentication
Specifies whether public key authentication is allowed.
The default is
.Dq yes .
Note that this option applies to protocol version 2 only.
+.It Cm RekeyLimit
+Specifies the maximum amount of data that may be transmitted before the
+session key is renegotiated, optionally followed a maximum amount of
+time that may pass before the session key is renegotiated.
+The first argument is specified in bytes and may have a suffix of
+.Sq K ,
+.Sq M ,
+or
+.Sq G
+to indicate Kilobytes, Megabytes, or Gigabytes, respectively.
+The default is between
+.Sq 1G
+and
+.Sq 4G ,
+depending on the cipher.
+The optional second value is specified in seconds and may use any of the
+units documented in the
+.Sx TIME FORMATS
+section.
+The default value for
+.Cm RekeyLimit
+is
+.Dq default none ,
+which means that rekeying is performed after the cipher's default amount
+of data has been sent or received and no time based rekeying is done.
+This option applies to protocol version 2 only.
.It Cm RevokedKeys
-Specifies a list of revoked public keys.
+Specifies revoked public keys.
Keys listed in this file will be refused for public key authentication.
Note that if this file is not readable, then public key authentication will
be refused for all users.
+Keys may be specified as a text file, listing one public key per line, or as
+an OpenSSH Key Revocation List (KRL) as generated by
+.Xr ssh-keygen 1 .
+For more information on KRLs, see the KEY REVOCATION LISTS section in
+.Xr ssh-keygen 1 .
.It Cm RhostsRSAAuthentication
Specifies whether rhosts or /etc/hosts.equiv authentication together
with successful RSA host authentication is allowed.
@@ -934,6 +1276,33 @@
.It Cm ServerKeyBits
Defines the number of bits in the ephemeral protocol version 1 server key.
The minimum value is 512, and the default is 1024.
+.It Cm StreamLocalBindMask
+Sets the octal file creation mode mask
+.Pq umask
+used when creating a Unix-domain socket file for local or remote
+port forwarding.
+This option is only used for port forwarding to a Unix-domain socket file.
+.Pp
+The default value is 0177, which creates a Unix-domain socket file that is
+readable and writable only by the owner.
+Note that not all operating systems honor the file mode on Unix-domain
+socket files.
+.It Cm StreamLocalBindUnlink
+Specifies whether to remove an existing Unix-domain socket file for local
+or remote port forwarding before creating a new one.
+If the socket file already exists and
+.Cm StreamLocalBindUnlink
+is not enabled,
+.Nm sshd
+will be unable to forward the port to the Unix-domain socket file.
+This option is only used for port forwarding to a Unix-domain socket file.
+.Pp
+The argument must be
+.Dq yes
+or
+.Dq no .
+The default is
+.Dq no .
.It Cm StrictModes
Specifies whether
.Xr sshd 8
@@ -1007,9 +1376,7 @@
Note that certificates that lack a list of principals will not be permitted
for authentication using
.Cm TrustedUserCAKeys .
-For more details on certificates, see the
-.Sx CERTIFICATES
-section in
+For more details on certificates, see the CERTIFICATES section in
.Xr ssh-keygen 1 .
.It Cm UseDNS
Specifies whether
@@ -1018,7 +1385,7 @@
the resolved host name for the remote IP address maps back to the
very same IP address.
The default is
-.Dq yes .
+.Dq no .
.It Cm UseLogin
Specifies whether
.Xr login 1
@@ -1079,6 +1446,11 @@
.Dq sandbox
then the pre-authentication unprivileged process is subject to additional
restrictions.
+.It Cm VersionAddendum
+Optionally specifies additional text to append to the SSH protocol banner
+sent by the server upon connection.
+The default is
+.Dq none .
.It Cm X11DisplayOffset
Specifies the first display number available for
.Xr sshd 8 Ns 's