Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / openssh / f219fc8f03caca7ac82a38ed74bbd6432a1195e7^! / . / sshd_config.5
commitf219fc8f03caca7ac82a38ed74bbd6432a1195e7[log] [tgz]
authorjmc@openbsd.org <jmc@openbsd.org>Wed Sep 07 18:39:24 2016 +0000
committerDarren Tucker <dtucker@zip.com.au>Mon Sep 12 13:39:30 2016 +1000
treecec17bb8c141190c94a6c843b16c1cabf13c1244
parent06ce56b05def9460aecc7cdb40e861a346214793 [diff] [blame]
upstream commit

sort; from matthew martin

Upstream-ID: 73cec7f7ecc82d37a4adffad7745e4684de67ce7

diff --git a/sshd_config.5 b/sshd_config.5
index fe3b23d..a4d1ca0 100644
--- a/sshd_config.5
+++ b/sshd_config.5

@@ -33,8 +33,8 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: sshd_config.5,v 1.230 2016/08/19 03:18:07 djm Exp $
-.Dd $Mdocdate: August 19 2016 $
+.\" $OpenBSD: sshd_config.5,v 1.231 2016/09/07 18:39:24 jmc Exp $
+.Dd $Mdocdate: September 7 2016 $
 .Dt SSHD_CONFIG 5
 .Os
 .Sh NAME
@@ -123,26 +123,6 @@
 See PATTERNS in
 .Xr ssh_config 5
 for more information on patterns.
-.It Cm AllowTcpForwarding
-Specifies whether TCP forwarding is permitted.
-The available options are
-.Dq yes
-or
-.Dq all
-to allow TCP forwarding,
-.Dq no
-to prevent all TCP forwarding,
-.Dq local
-to allow local (from the perspective of
-.Xr ssh 1 )
-forwarding only or
-.Dq remote
-to allow remote forwarding only.
-The default is
-.Dq yes .
-Note that disabling TCP forwarding does not improve security unless
-users are also denied shell access, as they can always install their
-own forwarders.
 .It Cm AllowStreamLocalForwarding
 Specifies whether StreamLocal (Unix-domain socket) forwarding is permitted.
 The available options are
@@ -163,6 +143,26 @@
 Note that disabling StreamLocal forwarding does not improve security unless
 users are also denied shell access, as they can always install their
 own forwarders.
+.It Cm AllowTcpForwarding
+Specifies whether TCP forwarding is permitted.
+The available options are
+.Dq yes
+or
+.Dq all
+to allow TCP forwarding,
+.Dq no
+to prevent all TCP forwarding,
+.Dq local
+to allow local (from the perspective of
+.Xr ssh 1 )
+forwarding only or
+.Dq remote
+to allow remote forwarding only.
+The default is
+.Dq yes .
+Note that disabling TCP forwarding does not improve security unless
+users are also denied shell access, as they can always install their
+own forwarders.
 .It Cm AllowUsers
 This keyword can be followed by a list of user name patterns, separated
 by spaces.
@@ -1223,6 +1223,12 @@
 If this option is set to
 .Dq no ,
 root is not allowed to log in.
+.It Cm PermitTTY
+Specifies whether
+.Xr pty 4
+allocation is permitted.
+The default is
+.Dq yes .
 .It Cm PermitTunnel
 Specifies whether
 .Xr tun 4
@@ -1246,12 +1252,6 @@
 Independent of this setting, the permissions of the selected
 .Xr tun 4
 device must allow access to the user.
-.It Cm PermitTTY
-Specifies whether
-.Xr pty 4
-allocation is permitted.
-The default is
-.Dq yes .
 .It Cm PermitUserEnvironment
 Specifies whether
 .Pa ~/.ssh/environment