File Coverage

blib/lib/Config/Model/models/Sshd/MatchElement.pl

Criterion	Covered	Total	%
statement	6	6	100.0
branch			n/a
condition			n/a
subroutine	2	2	100.0
pod			n/a
total	8	8	100.0

line	stmt	sub	time	code
1				#
2				# This file is part of Config-Model-OpenSsh
3				#
4				# This software is Copyright (c) 2008-2022 by Dominique Dumont.
5				#
6				# This is free software, licensed under:
7				#
8				# The GNU Lesser General Public License, Version 2.1, February 1999
9				#
10	3	3	24308	use strict;
	3		9
	3		103
11	3	3	18	use warnings;
	3		15
	3		3719
12
13				return [
14				{
15				'accept' => [
16				'.*',
17				{
18				'summary' => 'boilerplate parameter that may hide a typo',
19				'type' => 'leaf',
20				'value_type' => 'uniline',
21				'warn' => 'Unknown parameter. Please make sure there\'s no typo and contact the author'
22				}
23				],
24				'class_description' => 'This configuration class was generated from sshd_system documentation.
25				by L<parse-man.pl\|https://github.com/dod38fr/config-model-openssh/contrib/parse-man.pl>
26				',
27				'element' => [
28				'AcceptEnv',
29				{
30				'cargo' => {
31				'type' => 'leaf',
32				'value_type' => 'uniline'
33				},
34				'description' => 'Specifies what environment variables sent by the client will be copied into the
35				session\'s L<environ(7)>. See B<SendEnv> and B<SetEnv> in ssh_config5 for how to
36				configure the client. The B<TERM> environment variable is always accepted
37				whenever the client requests a pseudo-terminal as it is required by the
38				protocol. Variables are specified by name, which may contain the wildcard
39				characters \'*\' and \'?\' Multiple environment variables may be separated by
40				whitespace or spread across multiple B<AcceptEnv> directives. Be warned that
41				some environment variables could be used to bypass restricted user
42				environments. For this reason, care should be taken in the use of this
43				directive. The default is not to accept any environment variables.',
44				'type' => 'list'
45				},
46				'AllowAgentForwarding',
47				{
48				'description' => 'Specifies whether ssh-agent1 forwarding is permitted. The default is B<yes>
49				Note that disabling agent forwarding does not improve security unless users are
50				also denied shell access, as they can always install their own forwarders.',
51				'type' => 'leaf',
52				'upstream_default' => 'yes',
53				'value_type' => 'boolean',
54				'write_as' => [
55				'no',
56				'yes'
57				]
58				},
59				'AllowGroups',
60				{
61				'cargo' => {
62				'type' => 'leaf',
63				'value_type' => 'uniline'
64				},
65				'description' => 'This keyword can be followed by a list of group name patterns, separated by
66				spaces. If specified, login is allowed only for users whose primary group or
67				supplementary group list matches one of the patterns. Only group names are
68				valid; a numerical group ID is not recognized. By default, login is allowed for
69				all groups. The allow/deny groups directives are processed in the following
70				order: B<DenyGroups> B<AllowGroups>
71
72				See PATTERNS in ssh_config5 for more information on patterns. This keyword may
73				appear multiple times in B<sshd_config> with each instance appending to the
74				list.',
75				'type' => 'list'
76				},
77				'AllowStreamLocalForwarding',
78				{
79				'choice' => [
80				'all',
81				'local',
82				'no',
83				'remote',
84				'yes'
85				],
86				'description' => 'Specifies whether StreamLocal (Unix-domain socket) forwarding is permitted. The
87				available options are B<yes> (the default) or B<all> to allow StreamLocal
88				forwarding, B<no> to prevent all StreamLocal forwarding, B<local> to allow
89				local (from the perspective of L<ssh(1)>) forwarding only or B<remote> to allow
90				remote forwarding only. Note that disabling StreamLocal forwarding does not
91				improve security unless users are also denied shell access, as they can always
92				install their own forwarders.',
93				'type' => 'leaf',
94				'upstream_default' => 'yes',
95				'value_type' => 'enum'
96				},
97				'AllowTcpForwarding',
98				{
99				'choice' => [
100				'all',
101				'local',
102				'no',
103				'remote',
104				'yes'
105				],
106				'description' => 'Specifies whether TCP forwarding is permitted. The available options are B<yes>
107				(the default) or B<all> to allow TCP forwarding, B<no> to prevent all TCP
108				forwarding, B<local> to allow local (from the perspective of L<ssh(1)>)
109				forwarding only or B<remote> to allow remote forwarding only. Note that
110				disabling TCP forwarding does not improve security unless users are also denied
111				shell access, as they can always install their own forwarders.',
112				'type' => 'leaf',
113				'upstream_default' => 'yes',
114				'value_type' => 'enum'
115				},
116				'AllowUsers',
117				{
118				'cargo' => {
119				'type' => 'leaf',
120				'value_type' => 'uniline'
121				},
122				'description' => 'This keyword can be followed by a list of user name patterns, separated by
123				spaces. If specified, login is allowed only for user names that match one of
124				the patterns. Only user names are valid; a numerical user ID is not recognized.
125				By default, login is allowed for all users. If the pattern takes the form
126				USER@HOST then USER and HOST are separately checked, restricting logins to
127				particular users from particular hosts. HOST criteria may additionally contain
128				addresses to match in CIDR address/masklen format. The allow/deny users
129				directives are processed in the following order: B<DenyUsers> B<AllowUsers>
130
131				See PATTERNS in ssh_config5 for more information on patterns. This keyword may
132				appear multiple times in B<sshd_config> with each instance appending to the
133				list.',
134				'type' => 'list'
135				},
136				'AuthenticationMethods',
137				{
138				'description' => 'Specifies the authentication methods that must be successfully completed for a
139				user to be granted access. This option must be followed by one or more lists of
140				comma-separated authentication method names, or by the single string B<any> to
141				indicate the default behaviour of accepting any single authentication method.
142				If the default is overridden, then successful authentication requires
143				completion of every method in at least one of these lists.
144
145				For example, Qq publickey, password publickey, keyboard-interactive would
146				require the user to complete public key authentication, followed by either
147				password or keyboard interactive authentication. Only methods that are next in
148				one or more lists are offered at each stage, so for this example it would not
149				be possible to attempt password or keyboard-interactive authentication before
150				public key.
151
152				For keyboard interactive authentication it is also possible to restrict
153				authentication to a specific device by appending a colon followed by the device
154				identifier B<bsdauth> or B<pam> depending on the server configuration. For
155				example, Qq keyboard-interactive:bsdauth would restrict keyboard interactive
156				authentication to the B<bsdauth> device.
157
158				If the publickey method is listed more than once, L<sshd(8)> verifies that keys
159				that have been used successfully are not reused for subsequent authentications.
160				For example, Qq publickey, publickey requires successful authentication using
161				two different public keys.
162
163				Note that each authentication method listed should also be explicitly enabled
164				in the configuration.
165
166				The available authentication methods are: Qq gssapi-with-mic , Qq hostbased ,
167				Qq keyboard-interactive , Qq none (used for access to password-less accounts
168				when B<PermitEmptyPasswords> is enabled), Qq password and Qq publickey .',
169				'type' => 'leaf',
170				'value_type' => 'uniline'
171				},
172				'AuthorizedKeysCommand',
173				{
174				'description' => 'Specifies a program to be used to look up the user\'s public keys. The program
175				must be owned by root, not writable by group or others and specified by an
176				absolute path. Arguments to B<AuthorizedKeysCommand> accept the tokens
177				described in the I<TOKENS> section. If no arguments are specified then the
178				username of the target user is used.
179
180				The program should produce on standard output zero or more lines of
181				authorized_keys output (see I<AUTHORIZED_KEYS> in L<sshd(8)>).
182				B<AuthorizedKeysCommand> is tried after the usual B<AuthorizedKeysFile> files
183				and will not be executed if a matching key is found there. By default, no
184				B<AuthorizedKeysCommand> is run.',
185				'type' => 'leaf',
186				'value_type' => 'uniline'
187				},
188				'AuthorizedKeysCommandUser',
189				{
190				'description' => 'Specifies the user under whose account the B<AuthorizedKeysCommand> is run. It
191				is recommended to use a dedicated user that has no other role on the host than
192				running authorized keys commands. If B<AuthorizedKeysCommand> is specified but
193				B<AuthorizedKeysCommandUser> is not, then L<sshd(8)> will refuse to start.',
194				'type' => 'leaf',
195				'value_type' => 'uniline'
196				},
197				'AuthorizedKeysFile',
198				{
199				'cargo' => {
200				'type' => 'leaf',
201				'value_type' => 'uniline'
202				},
203				'description' => 'Specifies the file that contains the public keys used for user authentication.
204				The format is described in the AUTHORIZED_KEYS FILE FORMAT section of
205				L<sshd(8)>. Arguments to B<AuthorizedKeysFile> accept the tokens described in
206				the I<TOKENS> section. After expansion, B<AuthorizedKeysFile> is taken to be an
207				absolute path or one relative to the user\'s home directory. Multiple files may
208				be listed, separated by whitespace. Alternately this option may be set to
209				B<none> to skip checking for user keys in files. The default is Qq
210				.ssh/authorized_keys .ssh/authorized_keys2 .',
211				'migrate_values_from' => '- AuthorizedKeysFile2',
212				'type' => 'list'
213				},
214				'AuthorizedPrincipalsCommand',
215				{
216				'description' => 'Specifies a program to be used to generate the list of allowed certificate
217				principals as per B<AuthorizedPrincipalsFile> The program must be owned by
218				root, not writable by group or others and specified by an absolute path.
219				Arguments to B<AuthorizedPrincipalsCommand> accept the tokens described in the
220				I<TOKENS> section. If no arguments are specified then the username of the
221				target user is used.
222
223				The program should produce on standard output zero or more lines of
224				B<AuthorizedPrincipalsFile> output. If either B<AuthorizedPrincipalsCommand> or
225				B<AuthorizedPrincipalsFile> is specified, then certificates offered by the
226				client for authentication must contain a principal that is listed. By default,
227				no B<AuthorizedPrincipalsCommand> is run.',
228				'type' => 'leaf',
229				'value_type' => 'uniline'
230				},
231				'AuthorizedPrincipalsCommandUser',
232				{
233				'description' => 'Specifies the user under whose account the B<AuthorizedPrincipalsCommand> is
234				run. It is recommended to use a dedicated user that has no other role on the
235				host than running authorized principals commands. If
236				B<AuthorizedPrincipalsCommand> is specified but
237				B<AuthorizedPrincipalsCommandUser> is not, then L<sshd(8)> will refuse to
238				start.',
239				'type' => 'leaf',
240				'value_type' => 'uniline'
241				},
242				'AuthorizedPrincipalsFile',
243				{
244				'description' => 'Specifies a file that lists principal names that are accepted for certificate
245				authentication. When using certificates signed by a key listed in
246				B<TrustedUserCAKeys> this file lists names, one of which must appear in the
247				certificate for it to be accepted for authentication. Names are listed one per
248				line preceded by key options (as described in I<AUTHORIZED_KEYS FILE FORMAT> in
249				L<sshd(8)>). Empty lines and comments starting with \'#\' are ignored.
250
251				Arguments to B<AuthorizedPrincipalsFile> accept the tokens described in the
252				I<TOKENS> section. After expansion, B<AuthorizedPrincipalsFile> is taken to be
253				an absolute path or one relative to the user\'s home directory. The default is
254				B<none> i.e. not to use a principals file - in this case, the username of the
255				user must appear in a certificate\'s principals list for it to be accepted.
256
257				Note that B<AuthorizedPrincipalsFile> is only used when authentication proceeds
258				using a CA listed in B<TrustedUserCAKeys> and is not consulted for
259				certification authorities trusted via ~/.ssh/authorized_keys though the
260				B<principals=> key option offers a similar facility (see L<sshd(8)> for
261				details).',
262				'type' => 'leaf',
263				'upstream_default' => 'none',
264				'value_type' => 'uniline'
265				},
266				'Banner',
267				{
268				'description' => 'The contents of the specified file are sent to the remote user before
269				authentication is allowed. If the argument is B<none> then no banner is
270				displayed. By default, no banner is displayed.',
271				'type' => 'leaf',
272				'value_type' => 'uniline'
273				},
274				'CASignatureAlgorithms',
275				{
276				'description' => 'Specifies which algorithms are allowed for signing of certificates by
277				certificate authorities (CAs). The default is: ssh-ed25519,
278				ecdsa-sha2-nistp256, ecdsa-sha2-nistp384, ecdsa-sha2-nistp521,
279				sk-ssh-ed25519@openssh.com, sk-ecdsa-sha2-nistp256@openssh.com, rsa-sha2-512,
280				rsa-sha2-256
281
282				If the specified list begins with a \'+\' character, then the specified
283				algorithms will be appended to the default set instead of replacing them. If
284				the specified list begins with a \'-\' character, then the specified algorithms
285				(including wildcards) will be removed from the default set instead of replacing
286				them.
287
288				Certificates signed using other algorithms will not be accepted for public key
289				or host-based authentication.',
290				'type' => 'leaf',
291				'value_type' => 'uniline'
292				},
293				'ChannelTimeout',
294				{
295				'description' => 'Specifies whether and how quickly L<sshd(8)> should close inactive channels.
296				Timeouts are specified as one or more \'\'type=interval\'\' pairs separated by
297				whitespace, where the \'\'type\'\' must be a channel type name (as described in the
298				table below), optionally containing wildcard characters.
299
300				The timeout value \'\'interval\'\' is specified in seconds or may use any of the
301				units documented in the I<TIME FORMATS> section. For example, \'\'session:*=5m\'\'
302				would cause all sessions to terminate after five minutes of inactivity.
303				Specifying a zero value disables the inactivity timeout.
304
305				The available channel types include:
306
307				B<agent-connection> Open connections to ssh-agent1. B<direct-tcpip ,
308				direct-streamlocal@openssh.com> Open TCP or Unix socket (respectively)
309				connections that have been established from a L<ssh(1)> local forwarding, i.e.
310				B<LocalForward> or B<DynamicForward> B<forwarded-tcpip ,
311				forwarded-streamlocal@openssh.com> Open TCP or Unix socket (respectively)
312				connections that have been established to a L<sshd(8)> listening on behalf of a
313				L<ssh(1)> remote forwarding, i.e. B<RemoteForward> B<session:command> Command
314				execution sessions. B<session:shell> Interactive shell sessions.
315				B<session:subsystem:...> Subsystem sessions, e.g. for L<sftp(1)>, which could
316				be identified as B<session:subsystem:sftp> B<x11-connection> Open X11
317				forwarding sessions.
318
319				Note that in all the above cases, terminating an inactive session does not
320				guarantee to remove all resources associated with the session, e.g. shell
321				processes or X11 clients relating to the session may continue to execute.
322
323				Moreover, terminating an inactive channel or session does not necessarily close
324				the SSH connection, nor does it prevent a client from requesting another
325				channel of the same type. In particular, expiring an inactive forwarding
326				session does not prevent another identical forwarding from being subsequently
327				created. See also B<UnusedConnectionTimeout> which may be used in conjunction
328				with this option.
329
330				The default is not to expire channels of any type for inactivity.',
331				'type' => 'leaf',
332				'value_type' => 'uniline'
333				},
334				'ChrootDirectory',
335				{
336				'description' => 'Specifies the pathname of a directory to L<chroot(2)> to after authentication.
337				At session startup L<sshd(8)> checks that all components of the pathname are
338				root-owned directories which are not writable by any other user or group. After
339				the chroot, L<sshd(8)> changes the working directory to the user\'s home
340				directory. Arguments to B<ChrootDirectory> accept the tokens described in the
341				I<TOKENS> section.
342
343				The B<ChrootDirectory> must contain the necessary files and directories to
344				support the user\'s session. For an interactive session this requires at least a
345				shell, typically L<sh(1)>, and basic /dev nodes such as L<null(4)>, L<zero(4)>,
346				L<stdin(4)>, L<stdout(4)>, L<stderr(4)>, and L<tty(4)> devices. For file
347				transfer sessions using SFTP no additional configuration of the environment is
348				necessary if the in-process sftp-server is used, though sessions which use
349				logging may require /dev/log inside the chroot directory on some operating
350				systems (see sftp-server8 for details).
351
352				For safety, it is very important that the directory hierarchy be prevented from
353				modification by other processes on the system (especially those outside the
354				jail). Misconfiguration can lead to unsafe environments which L<sshd(8)> cannot
355				detect.
356
357				The default is B<none> indicating not to L<chroot(2)>.',
358				'type' => 'leaf',
359				'upstream_default' => 'none',
360				'value_type' => 'uniline'
361				},
362				'ClientAliveCountMax',
363				{
364				'description' => 'Sets the number of client alive messages which may be sent without L<sshd(8)>
365				receiving any messages back from the client. If this threshold is reached while
366				client alive messages are being sent, sshd will disconnect the client,
367				terminating the session. It is important to note that the use of client alive
368				messages is very different from B<TCPKeepAlive> The client alive messages are
369				sent through the encrypted channel and therefore will not be spoofable. The TCP
370				keepalive option enabled by B<TCPKeepAlive> is spoofable. The client alive
371				mechanism is valuable when the client or server depend on knowing when a
372				connection has become unresponsive.
373
374				The default value is 3. If B<ClientAliveInterval> is set to 15, and
375				B<ClientAliveCountMax> is left at the default, unresponsive SSH clients will be
376				disconnected after approximately 45 seconds. Setting a zero
377				B<ClientAliveCountMax> disables connection termination.',
378				'type' => 'leaf',
379				'upstream_default' => '3',
380				'value_type' => 'integer'
381				},
382				'ClientAliveInterval',
383				{
384				'description' => 'Sets a timeout interval in seconds after which if no data has been received
385				from the client, L<sshd(8)> will send a message through the encrypted channel
386				to request a response from the client. The default is 0, indicating that these
387				messages will not be sent to the client.',
388				'type' => 'leaf',
389				'upstream_default' => '0',
390				'value_type' => 'integer'
391				},
392				'DenyGroups',
393				{
394				'cargo' => {
395				'type' => 'leaf',
396				'value_type' => 'uniline'
397				},
398				'description' => 'This keyword can be followed by a list of group name patterns, separated by
399				spaces. Login is disallowed for users whose primary group or supplementary
400				group list matches one of the patterns. Only group names are valid; a numerical
401				group ID is not recognized. By default, login is allowed for all groups. The
402				allow/deny groups directives are processed in the following order:
403				B<DenyGroups> B<AllowGroups>
404
405				See PATTERNS in ssh_config5 for more information on patterns. This keyword may
406				appear multiple times in B<sshd_config> with each instance appending to the
407				list.',
408				'type' => 'list'
409				},
410				'DenyUsers',
411				{
412				'cargo' => {
413				'type' => 'leaf',
414				'value_type' => 'uniline'
415				},
416				'description' => 'This keyword can be followed by a list of user name patterns, separated by
417				spaces. Login is disallowed for user names that match one of the patterns. Only
418				user names are valid; a numerical user ID is not recognized. By default, login
419				is allowed for all users. If the pattern takes the form USER@HOST then USER and
420				HOST are separately checked, restricting logins to particular users from
421				particular hosts. HOST criteria may additionally contain addresses to match in
422				CIDR address/masklen format. The allow/deny users directives are processed in
423				the following order: B<DenyUsers> B<AllowUsers>
424
425				See PATTERNS in ssh_config5 for more information on patterns. This keyword may
426				appear multiple times in B<sshd_config> with each instance appending to the
427				list.',
428				'type' => 'list'
429				},
430				'DisableForwarding',
431				{
432				'description' => 'Disables all forwarding features, including X11, ssh-agent1, TCP and
433				StreamLocal. This option overrides all other forwarding-related options and may
434				simplify restricted configurations.',
435				'type' => 'leaf',
436				'value_type' => 'uniline'
437				},
438				'ExposeAuthInfo',
439				{
440				'description' => 'Writes a temporary file containing a list of authentication methods and public
441				credentials (e.g. keys) used to authenticate the user. The location of the file
442				is exposed to the user session through the B<SSH_USER_AUTH> environment
443				variable. The default is B<no>',
444				'type' => 'leaf',
445				'upstream_default' => 'no',
446				'value_type' => 'boolean',
447				'write_as' => [
448				'no',
449				'yes'
450				]
451				},
452				'ForceCommand',
453				{
454				'description' => 'Forces the execution of the command specified by B<ForceCommand> ignoring any
455				command supplied by the client and ~/.ssh/rc if present. The command is invoked
456				by using the user\'s login shell with the -c option. This applies to shell,
457				command, or subsystem execution. It is most useful inside a B<Match> block. The
458				command originally supplied by the client is available in the
459				B<SSH_ORIGINAL_COMMAND> environment variable. Specifying a command of
460				B<internal-sftp> will force the use of an in-process SFTP server that requires
461				no support files when used with B<ChrootDirectory> The default is B<none>',
462				'type' => 'leaf',
463				'upstream_default' => 'none',
464				'value_type' => 'uniline'
465				},
466				'GatewayPorts',
467				{
468				'choice' => [
469				'clientspecified',
470				'no',
471				'yes'
472				],
473				'description' => 'Specifies whether remote hosts are allowed to connect to ports forwarded for
474				the client. By default, L<sshd(8)> binds remote port forwardings to the
475				loopback address. This prevents other remote hosts from connecting to forwarded
476				ports. B<GatewayPorts> can be used to specify that sshd should allow remote
477				port forwardings to bind to non-loopback addresses, thus allowing other hosts
478				to connect. The argument may be B<no> to force remote port forwardings to be
479				available to the local host only, B<yes> to force remote port forwardings to
480				bind to the wildcard address, or B<clientspecified> to allow the client to
481				select the address to which the forwarding is bound. The default is B<no>',
482				'type' => 'leaf',
483				'upstream_default' => 'no',
484				'value_type' => 'enum'
485				},
486				'GSSAPIAuthentication',
487				{
488				'description' => 'Specifies whether user authentication based on GSSAPI is allowed. The default
489				is B<no>',
490				'type' => 'leaf',
491				'upstream_default' => 'no',
492				'value_type' => 'boolean',
493				'write_as' => [
494				'no',
495				'yes'
496				]
497				},
498				'HostbasedAcceptedAlgorithms',
499				{
500				'description' => 'Specifies the signature algorithms that will be accepted for hostbased
501				authentication as a list of comma-separated patterns. Alternately if the
502				specified list begins with a \'+\' character, then the specified signature
503				algorithms will be appended to the default set instead of replacing them. If
504				the specified list begins with a \'-\' character, then the specified signature
505				algorithms (including wildcards) will be removed from the default set instead
506				of replacing them. If the specified list begins with a \'^\' character, then the
507				specified signature algorithms will be placed at the head of the default set.
508				The default for this option is: ssh-ed25519-cert-v01@openssh.com,
509				ecdsa-sha2-nistp256-cert-v01@openssh.com,
510				ecdsa-sha2-nistp384-cert-v01@openssh.com,
511				ecdsa-sha2-nistp521-cert-v01@openssh.com, sk-ssh-ed25519-cert-v01@openssh.com,
512				sk-ecdsa-sha2-nistp256-cert-v01@openssh.com, rsa-sha2-512-cert-v01@openssh.com,
513				rsa-sha2-256-cert-v01@openssh.com, ssh-ed25519, ecdsa-sha2-nistp256,
514				ecdsa-sha2-nistp384, ecdsa-sha2-nistp521, sk-ssh-ed25519@openssh.com,
515				sk-ecdsa-sha2-nistp256@openssh.com, rsa-sha2-512, rsa-sha2-256
516
517				The list of available signature algorithms may also be obtained using Qq ssh -Q
518				HostbasedAcceptedAlgorithms . This was formerly named
519				HostbasedAcceptedKeyTypes.',
520				'type' => 'leaf',
521				'value_type' => 'uniline'
522				},
523				'HostbasedAuthentication',
524				{
525				'description' => 'Specifies whether rhosts or /etc/hosts.equiv authentication together with
526				successful public key client host authentication is allowed (host-based
527				authentication). The default is B<no>',
528				'type' => 'leaf',
529				'upstream_default' => 'no',
530				'value_type' => 'boolean',
531				'write_as' => [
532				'no',
533				'yes'
534				]
535				},
536				'HostbasedUsesNameFromPacketOnly',
537				{
538				'description' => 'Specifies whether or not the server will attempt to perform a reverse name
539				lookup when matching the name in the ~/.shosts ~/.rhosts and /etc/hosts.equiv
540				files during B<HostbasedAuthentication> A setting of B<yes> means that
541				L<sshd(8)> uses the name supplied by the client rather than attempting to
542				resolve the name from the TCP connection itself. The default is B<no>',
543				'type' => 'leaf',
544				'upstream_default' => 'no',
545				'value_type' => 'boolean',
546				'write_as' => [
547				'no',
548				'yes'
549				]
550				},
551				'IgnoreRhosts',
552				{
553				'description' => 'Specifies whether to ignore per-user .rhosts and .shosts files during
554				B<HostbasedAuthentication> The system-wide /etc/hosts.equiv and
555				/etc/ssh/shosts.equiv are still used regardless of this setting.
556
557				Accepted values are B<yes> (the default) to ignore all per-user files,
558				B<shosts-only> to allow the use of .shosts but to ignore .rhosts or B<no> to
559				allow both .shosts and rhosts',
560				'type' => 'leaf',
561				'upstream_default' => 'yes',
562				'value_type' => 'boolean',
563				'write_as' => [
564				'no',
565				'yes'
566				]
567				},
568				'Include',
569				{
570				'cargo' => {
571				'type' => 'leaf',
572				'value_type' => 'uniline'
573				},
574				'description' => 'Include the specified configuration file(s). Multiple pathnames may be
575				specified and each pathname may contain L<glob(7)> wildcards that will be
576				expanded and processed in lexical order. Files without absolute paths are
577				assumed to be in /etc/ssh An B<Include> directive may appear inside a B<Match>
578				block to perform conditional inclusion.',
579				'type' => 'list'
580				},
581				'IPQoS',
582				{
583				'assert' => {
584				'1_or_2' => {
585				'code' => 'return 1 unless defined $_;
586				my @v = (/(\\w+)/g);
587				return (@v < 3) ? 1 : 0;
588				',
589				'msg' => 'value must not have more than 2 fields.'
590				},
591				'accepted_values' => {
592				'code' => 'return 1 unless defined $_;
593				my @v = (/(\\S+)/g);
594				my @good = grep {/^(af[1-4][1-3]\|cs[0-7]\|ef\|lowdelay\|throughput\|reliability\|\\d+)/} @v ;
595				return @good == @v ? 1 : 0;
596				',
597				'msg' => 'Unexpected value "$_". Expected 1 or 2 occurences of: "af11", "af12", "af13", "af21", "af22",
598				"af23", "af31", "af32", "af33", "af41", "af42", "af43", "cs0", "cs1",
599				"cs2", "cs3", "cs4", "cs5", "cs6", "cs7", "ef", "lowdelay",
600				"throughput", "reliability", or numeric value.
601				'
602				}
603				},
604				'description' => 'Specifies the IPv4 type-of-service or DSCP class for the connection. Accepted
605				values are B<af11> B<af12> B<af13> B<af21> B<af22> B<af23> B<af31> B<af32>
606				B<af33> B<af41> B<af42> B<af43> B<cs0> B<cs1> B<cs2> B<cs3> B<cs4> B<cs5>
607				B<cs6> B<cs7> B<ef> B<le> B<lowdelay> B<throughput> B<reliability> a numeric
608				value, or B<none> to use the operating system default. This option may take one
609				or two arguments, separated by whitespace. If one argument is specified, it is
610				used as the packet class unconditionally. If two values are specified, the
611				first is automatically selected for interactive sessions and the second for
612				non-interactive sessions. The default is B<lowdelay> for interactive sessions
613				and B<throughput> for non-interactive sessions.',
614				'type' => 'leaf',
615				'upstream_default' => 'af21 cs1',
616				'value_type' => 'uniline'
617				},
618				'KbdInteractiveAuthentication',
619				{
620				'description' => 'Specifies whether to allow keyboard-interactive authentication. The default is
621				B<yes> The argument to this keyword must be B<yes> or B<no>
622				B<ChallengeResponseAuthentication> is a deprecated alias for this.',
623				'migrate_from' => {
624				'formula' => '$old',
625				'variables' => {
626				'old' => '- ChallengeResponseAuthentication'
627				}
628				},
629				'type' => 'leaf',
630				'upstream_default' => 'yes',
631				'value_type' => 'boolean',
632				'write_as' => [
633				'no',
634				'yes'
635				]
636				},
637				'KerberosAuthentication',
638				{
639				'description' => 'Specifies whether the password provided by the user for
640				B<PasswordAuthentication> will be validated through the Kerberos KDC. To use
641				this option, the server needs a Kerberos servtab which allows the verification
642				of the KDC\'s identity. The default is B<no>',
643				'type' => 'leaf',
644				'upstream_default' => 'no',
645				'value_type' => 'boolean',
646				'write_as' => [
647				'no',
648				'yes'
649				]
650				},
651				'LogLevel',
652				{
653				'choice' => [
654				'DEBUG',
655				'DEBUG1',
656				'DEBUG2',
657				'DEBUG3',
658				'ERROR',
659				'FATAL',
660				'INFO',
661				'QUIET',
662				'VERBOSE'
663				],
664				'description' => 'Gives the verbosity level that is used when logging messages from L<sshd(8)>.
665				The possible values are: QUIET, FATAL, ERROR, INFO, VERBOSE, DEBUG, DEBUG1,
666				DEBUG2, and DEBUG3. The default is INFO. DEBUG and DEBUG1 are equivalent.
667				DEBUG2 and DEBUG3 each specify higher levels of debugging output. Logging with
668				a DEBUG level violates the privacy of users and is not recommended.',
669				'type' => 'leaf',
670				'upstream_default' => 'INFO',
671				'value_type' => 'enum'
672				},
673				'MaxAuthTries',
674				{
675				'description' => 'Specifies the maximum number of authentication attempts permitted per
676				connection. Once the number of failures reaches half this value, additional
677				failures are logged. The default is 6.',
678				'type' => 'leaf',
679				'upstream_default' => '6',
680				'value_type' => 'integer'
681				},
682				'MaxSessions',
683				{
684				'description' => 'Specifies the maximum number of open shell, login or subsystem (e.g. sftp)
685				sessions permitted per network connection. Multiple sessions may be established
686				by clients that support connection multiplexing. Setting B<MaxSessions> to 1
687				will effectively disable session multiplexing, whereas setting it to 0 will
688				prevent all shell, login and subsystem sessions while still permitting
689				forwarding. The default is 10.',
690				'type' => 'leaf',
691				'upstream_default' => '10',
692				'value_type' => 'integer'
693				},
694				'PasswordAuthentication',
695				{
696				'description' => 'Specifies whether password authentication is allowed. The default is B<yes>',
697				'type' => 'leaf',
698				'upstream_default' => 'yes',
699				'value_type' => 'boolean',
700				'write_as' => [
701				'no',
702				'yes'
703				]
704				},
705				'PermitEmptyPasswords',
706				{
707				'description' => 'When password authentication is allowed, it specifies whether the server allows
708				login to accounts with empty password strings. The default is B<no>',
709				'type' => 'leaf',
710				'upstream_default' => 'no',
711				'value_type' => 'boolean',
712				'write_as' => [
713				'no',
714				'yes'
715				]
716				},
717				'PermitListen',
718				{
719				'cargo' => {
720				'type' => 'leaf',
721				'value_type' => 'uniline'
722				},
723				'description' => 'Specifies the addresses/ports on which a remote TCP port forwarding may listen.
724				The listen specification must be one of the following forms:
725
726				B<PermitListen> I<port> B<PermitListen> I<host : port>
727
728				Multiple permissions may be specified by separating them with whitespace. An
729				argument of B<any> can be used to remove all restrictions and permit any listen
730				requests. An argument of B<none> can be used to prohibit all listen requests.
731				The host name may contain wildcards as described in the PATTERNS section in
732				ssh_config5. The wildcard \'*\' can also be used in place of a port number to
733				allow all ports. By default all port forwarding listen requests are permitted.
734				Note that the B<GatewayPorts> option may further restrict which addresses may
735				be listened on. Note also that L<ssh(1)> will request a listen host of
736				\'\'localhost\'\' if no listen host was specifically requested, and this name is
737				treated differently to explicit localhost addresses of \'\'127.0.0.1\'\' and
738				\'\'::1\'\'',
739				'type' => 'list'
740				},
741				'PermitOpen',
742				{
743				'cargo' => {
744				'type' => 'leaf',
745				'value_type' => 'uniline'
746				},
747				'description' => 'Specifies the destinations to which TCP port forwarding is permitted. The
748				forwarding specification must be one of the following forms:
749
750				B<PermitOpen> I<host : port> B<PermitOpen> I<IPv4_addr : port> B<PermitOpen>
751				I<[ IPv6_addr ] : port>
752
753				Multiple forwards may be specified by separating them with whitespace. An
754				argument of B<any> can be used to remove all restrictions and permit any
755				forwarding requests. An argument of B<none> can be used to prohibit all
756				forwarding requests. The wildcard \'*\' can be used for host or port to allow all
757				hosts or ports respectively. Otherwise, no pattern matching or address lookups
758				are performed on supplied names. By default all port forwarding requests are
759				permitted.',
760				'type' => 'list'
761				},
762				'PermitRootLogin',
763				{
764				'choice' => [
765				'forced-commands-only',
766				'no',
767				'prohibit-password',
768				'yes'
769				],
770				'description' => 'Specifies whether root can log in using L<ssh(1)>. The argument must be B<yes>
771				B<prohibit-password> B<forced-commands-only> or B<no> The default is
772				B<prohibit-password>
773
774				If this option is set to B<prohibit-password> (or its deprecated alias,
775				B<without-password )> password and keyboard-interactive authentication are
776				disabled for root.
777
778				If this option is set to B<forced-commands-only> root login with public key
779				authentication will be allowed, but only if the I<command> option has been
780				specified (which may be useful for taking remote backups even if root login is
781				normally not allowed). All other authentication methods are disabled for root.
782
783				If this option is set to B<no> root is not allowed to log in.',
784				'type' => 'leaf',
785				'value_type' => 'enum'
786				},
787				'PermitTTY',
788				{
789				'description' => 'Specifies whether L<pty(4)> allocation is permitted. The default is B<yes>',
790				'type' => 'leaf',
791				'upstream_default' => 'yes',
792				'value_type' => 'boolean',
793				'write_as' => [
794				'no',
795				'yes'
796				]
797				},
798				'PermitTunnel',
799				{
800				'choice' => [
801				'ethernet',
802				'no',
803				'point-to-point',
804				'yes'
805				],
806				'description' => 'Specifies whether L<tun(4)> device forwarding is allowed. The argument must be
807				B<yes> B<point-to-point> (layer 3), B<ethernet> (layer 2), or B<no> Specifying
808				B<yes> permits both B<point-to-point> and B<ethernet> The default is B<no>
809
810				Independent of this setting, the permissions of the selected L<tun(4)> device
811				must allow access to the user.',
812				'type' => 'leaf',
813				'upstream_default' => 'no',
814				'value_type' => 'enum'
815				},
816				'PermitUserRC',
817				{
818				'description' => 'Specifies whether any ~/.ssh/rc file is executed. The default is B<yes>',
819				'type' => 'leaf',
820				'upstream_default' => 'yes',
821				'value_type' => 'boolean',
822				'write_as' => [
823				'no',
824				'yes'
825				]
826				},
827				'PubkeyAcceptedAlgorithms',
828				{
829				'description' => 'Specifies the signature algorithms that will be accepted for public key
830				authentication as a list of comma-separated patterns. Alternately if the
831				specified list begins with a \'+\' character, then the specified algorithms will
832				be appended to the default set instead of replacing them. If the specified list
833				begins with a \'-\' character, then the specified algorithms (including
834				wildcards) will be removed from the default set instead of replacing them. If
835				the specified list begins with a \'^\' character, then the specified algorithms
836				will be placed at the head of the default set. The default for this option is:
837				ssh-ed25519-cert-v01@openssh.com, ecdsa-sha2-nistp256-cert-v01@openssh.com,
838				ecdsa-sha2-nistp384-cert-v01@openssh.com,
839				ecdsa-sha2-nistp521-cert-v01@openssh.com, sk-ssh-ed25519-cert-v01@openssh.com,
840				sk-ecdsa-sha2-nistp256-cert-v01@openssh.com, rsa-sha2-512-cert-v01@openssh.com,
841				rsa-sha2-256-cert-v01@openssh.com, ssh-ed25519, ecdsa-sha2-nistp256,
842				ecdsa-sha2-nistp384, ecdsa-sha2-nistp521, sk-ssh-ed25519@openssh.com,
843				sk-ecdsa-sha2-nistp256@openssh.com, rsa-sha2-512, rsa-sha2-256
844
845				The list of available signature algorithms may also be obtained using Qq ssh -Q
846				PubkeyAcceptedAlgorithms .',
847				'type' => 'leaf',
848				'value_type' => 'uniline'
849				},
850				'PubkeyAuthOptions',
851				{
852				'choice' => [
853				'none',
854				'touch-required',
855				'verify-required'
856				],
857				'description' => 'Sets one or more public key authentication options. The supported keywords are:
858				B<none> (the default; indicating no additional options are enabled),
859				B<touch-required> and B<verify-required>
860
861				The B<touch-required> option causes public key authentication using a FIDO
862				authenticator algorithm (i.e. B<ecdsa-sk> or B<ed25519-sk> to always require
863				the signature to attest that a physically present user explicitly confirmed the
864				authentication (usually by touching the authenticator). By default, L<sshd(8)>
865				requires user presence unless overridden with an authorized_keys option. The
866				B<touch-required> flag disables this override.
867
868				The B<verify-required> option requires a FIDO key signature attest that the
869				user was verified, e.g. via a PIN.
870
871				Neither the B<touch-required> or B<verify-required> options have any effect for
872				other, non-FIDO, public key types.',
873				'type' => 'leaf',
874				'value_type' => 'enum'
875				},
876				'PubkeyAuthentication',
877				{
878				'description' => 'Specifies whether public key authentication is allowed. The default is B<yes>',
879				'type' => 'leaf',
880				'upstream_default' => 'yes',
881				'value_type' => 'boolean',
882				'write_as' => [
883				'no',
884				'yes'
885				]
886				},
887				'RekeyLimit',
888				{
889				'description' => 'Specifies the maximum amount of data that may be transmitted or received before
890				the session key is renegotiated, optionally followed by a maximum amount of
891				time that may pass before the session key is renegotiated. The first argument
892				is specified in bytes and may have a suffix of \'K\' \'M\' or \'G\' to indicate
893				Kilobytes, Megabytes, or Gigabytes, respectively. The default is between \'1G\'
894				and \'4G\' depending on the cipher. The optional second value is specified in
895				seconds and may use any of the units documented in the I<TIME FORMATS> section.
896				The default value for B<RekeyLimit> is B<default none> which means that
897				rekeying is performed after the cipher\'s default amount of data has been sent
898				or received and no time based rekeying is done.',
899				'type' => 'leaf',
900				'value_type' => 'uniline'
901				},
902				'RevokedKeys',
903				{
904				'description' => 'Specifies revoked public keys file, or B<none> to not use one. Keys listed in
905				this file will be refused for public key authentication. Note that if this file
906				is not readable, then public key authentication will be refused for all users.
907				Keys may be specified as a text file, listing one public key per line, or as an
908				OpenSSH Key Revocation List (KRL) as generated by ssh-keygen1. For more
909				information on KRLs, see the KEY REVOCATION LISTS section in ssh-keygen1.',
910				'type' => 'leaf',
911				'value_type' => 'uniline'
912				},
913				'SetEnv',
914				{
915				'description' => 'Specifies one or more environment variables to set in child sessions started by
916				L<sshd(8)> as \'\'NAME=VALUE\'\' The environment value may be quoted (e.g. if it
917				contains whitespace characters). Environment variables set by B<SetEnv>
918				override the default environment and any variables specified by the user via
919				B<AcceptEnv> or B<PermitUserEnvironment>',
920				'type' => 'leaf',
921				'value_type' => 'uniline'
922				},
923				'StreamLocalBindMask',
924				{
925				'description' => 'Sets the octal file creation mode mask (umask) used when creating a Unix-domain
926				socket file for local or remote port forwarding. This option is only used for
927				port forwarding to a Unix-domain socket file.
928
929				The default value is 0177, which creates a Unix-domain socket file that is
930				readable and writable only by the owner. Note that not all operating systems
931				honor the file mode on Unix-domain socket files.',
932				'type' => 'leaf',
933				'value_type' => 'uniline'
934				},
935				'StreamLocalBindUnlink',
936				{
937				'description' => 'Specifies whether to remove an existing Unix-domain socket file for local or
938				remote port forwarding before creating a new one. If the socket file already
939				exists and B<StreamLocalBindUnlink> is not enabled, B<sshd> will be unable to
940				forward the port to the Unix-domain socket file. This option is only used for
941				port forwarding to a Unix-domain socket file.
942
943				The argument must be B<yes> or B<no> The default is B<no>',
944				'type' => 'leaf',
945				'upstream_default' => 'no',
946				'value_type' => 'boolean',
947				'write_as' => [
948				'no',
949				'yes'
950				]
951				},
952				'TrustedUserCAKeys',
953				{
954				'description' => 'Specifies a file containing public keys of certificate authorities that are
955				trusted to sign user certificates for authentication, or B<none> to not use
956				one. Keys are listed one per line; empty lines and comments starting with \'#\'
957				are allowed. If a certificate is presented for authentication and has its
958				signing CA key listed in this file, then it may be used for authentication for
959				any user listed in the certificate\'s principals list. Note that certificates
960				that lack a list of principals will not be permitted for authentication using
961				B<TrustedUserCAKeys> For more details on certificates, see the CERTIFICATES
962				section in ssh-keygen1.',
963				'type' => 'leaf',
964				'value_type' => 'uniline'
965				},
966				'UnusedConnectionTimeout',
967				{
968				'description' => 'Specifies whether and how quickly L<sshd(8)> should close client connections
969				with no open channels. Open channels include active shell, command execution or
970				subsystem sessions, connected network, socket, agent or X11 forwardings.
971				Forwarding listeners, such as those from the L<ssh(1)> -B<R> flag, are not
972				considered as open channels and do not prevent the timeout. The timeout value
973				is specified in seconds or may use any of the units documented in the I<TIME
974				FORMATS> section.
975
976				Note that this timeout starts when the client connection completes user
977				authentication but before the client has an opportunity to open any channels.
978				Caution should be used when using short timeout values, as they may not provide
979				sufficient time for the client to request and open its channels before
980				terminating the connection.
981
982				The default B<none> is to never expire connections for having no open channels.
983				This option may be useful in conjunction with B<ChannelTimeout>',
984				'type' => 'leaf',
985				'value_type' => 'uniline'
986				},
987				'X11DisplayOffset',
988				{
989				'description' => 'Specifies the first display number available for L<sshd(8)>Ns\'s X11 forwarding.
990				This prevents sshd from interfering with real X11 servers. The default is 10.',
991				'type' => 'leaf',
992				'value_type' => 'uniline'
993				},
994				'X11Forwarding',
995				{
996				'description' => 'Specifies whether X11 forwarding is permitted. The argument must be B<yes> or
997				B<no> The default is B<no>
998
999				When X11 forwarding is enabled, there may be additional exposure to the server
1000				and to client displays if the L<sshd(8)> proxy display is configured to listen
1001				on the wildcard address (see B<X11UseLocalhost )> though this is not the
1002				default. Additionally, the authentication spoofing and authentication data
1003				verification and substitution occur on the client side. The security risk of
1004				using X11 forwarding is that the client\'s X11 display server may be exposed to
1005				attack when the SSH client requests forwarding (see the warnings for
1006				B<ForwardX11> in ssh_config5). A system administrator may have a stance in
1007				which they want to protect clients that may expose themselves to attack by
1008				unwittingly requesting X11 forwarding, which can warrant a B<no> setting.
1009
1010				Note that disabling X11 forwarding does not prevent users from forwarding X11
1011				traffic, as users can always install their own forwarders.',
1012				'type' => 'leaf',
1013				'upstream_default' => 'no',
1014				'value_type' => 'boolean',
1015				'write_as' => [
1016				'no',
1017				'yes'
1018				]
1019				},
1020				'X11UseLocalhost',
1021				{
1022				'description' => 'Specifies whether L<sshd(8)> should bind the X11 forwarding server to the
1023				loopback address or to the wildcard address. By default, sshd binds the
1024				forwarding server to the loopback address and sets the hostname part of the
1025				B<DISPLAY> environment variable to B<localhost> This prevents remote hosts from
1026				connecting to the proxy display. However, some older X11 clients may not
1027				function with this configuration. B<X11UseLocalhost> may be set to B<no> to
1028				specify that the forwarding server should be bound to the wildcard address. The
1029				argument must be B<yes> or B<no> The default is B<yes>',
1030				'type' => 'leaf',
1031				'upstream_default' => 'yes',
1032				'value_type' => 'boolean',
1033				'write_as' => [
1034				'no',
1035				'yes'
1036				]
1037				},
1038				'AuthorizedKeysFile2',
1039				{
1040				'cargo' => {
1041				'type' => 'leaf',
1042				'value_type' => 'uniline'
1043				},
1044				'description' => 'This parameter is now ignored by Ssh',
1045				'status' => 'deprecated',
1046				'type' => 'list'
1047				},
1048				'ChallengeResponseAuthentication',
1049				{
1050				'status' => 'deprecated',
1051				'type' => 'leaf',
1052				'value_type' => 'boolean'
1053				},
1054				'KeyRegenerationInterval',
1055				{
1056				'status' => 'deprecated',
1057				'type' => 'leaf',
1058				'value_type' => 'uniline'
1059				},
1060				'Protocol',
1061				{
1062				'status' => 'deprecated',
1063				'type' => 'leaf',
1064				'value_type' => 'uniline'
1065				},
1066				'RDomain',
1067				{
1068				'status' => 'deprecated',
1069				'type' => 'leaf',
1070				'value_type' => 'uniline'
1071				},
1072				'RSAAuthentication',
1073				{
1074				'status' => 'deprecated',
1075				'type' => 'leaf',
1076				'value_type' => 'uniline'
1077				},
1078				'RhostsRSAAuthentication',
1079				{
1080				'status' => 'deprecated',
1081				'type' => 'leaf',
1082				'value_type' => 'uniline'
1083				},
1084				'UsePrivilegeSeparation',
1085				{
1086				'status' => 'deprecated',
1087				'type' => 'leaf',
1088				'value_type' => 'uniline'
1089				}
1090				],
1091				'generated_by' => 'parse-man.pl from sshd_system 9.4p1 doc',
1092				'license' => 'LGPL2',
1093				'name' => 'Sshd::MatchElement'
1094				}
1095				]
1096				;
1097