.\"  -*- nroff -*-
.\"
.\" sshd-check-conf.5
.\"
.\" Author: Sami Lehtinen <sjl@ssh.com>
.\"
.\" Copyright (C) 2001, 2002 SSH Communications Security, Finland
.\" All rights reserved
.\"
.TH SSHD-CHECK-CONF 5 "May 16, 2002" "SSH2" "SSH2"

.SH NAME
sshd-check-conf \- check what your configuration allows or denies
based on incoming user and/or host name.

.SH SYNOPSIS
.B sshd-check-conf
[\c
.BI \-d \ debug_level\fR\c
]
[\c
.BI \-v
]
[\c
.BI \-V
]
[\c
.BI \-h
]
[\c
.BI \-f \ config_file\fR\c
]
[\c
.B [user@]host ...\fR\c
]

.SH DESCRIPTION 
.LP
.B Sshd-check-conf
checks how 
.B sshd2
will react to an incoming user, based on the user name and the remote
host name given as parameters.  Currently, the parameters
.BR AllowHosts ,
.BR DenyHosts ,
.BR AllowSHosts ,
.BR DenySHosts ,
.BR AllowUsers ,
.BR DenyUsers ,
.BR AllowGroups ,
.BR DenyGroups ,
.BR ChrootUsers ,
.BR ChrootGroups ,
.BR AllowTcpForwardingForUsers ,
.BR DenyTcpForwardingForUsers ,
.B AllowTcpForwardingForGroups 
, and
.BR DenyTcpForwardingForGroups
are checked.

.SH OPTIONS
.TP
.BI \-d \ debug_level_spec
Debug mode.  The debugging level is either a number or a
comma-separated list of assignments "ModulePattern=debug_level".
.ne 3
.TP
.BI \-v
Enable verbose mode.  Display verbose debugging messages.  Equal to
\'-d 2'.
.ne 3
.TP
.BI \-V
Display version string.
.ne 3
.TP
.BI \-h
Display a short help on command-line options.
.ne 3
.TP
.BI \-f \ configuration_file
Specifies the name of the configuration file.  The default is
.I /etc/ssh2/sshd2_config
or 
.IR $HOME/.ssh2/sshd2_config ,
depending on who is running the program, root or normal user.
.ne 3

.SH BEHAVIOUR

Any non-options presented on the command line will be regarded as
.B [user@]host
patterns (that is, the user part is optional).  If the host part is a
valid IP address, it is looked up from DNS.  Otherwise, it is
interpreted as a host name and the corresponding IP addresses will be
queried from DNS.

You can specify multiple patterns on the command line.

If no patterns are specified on the command line,
.B sshd-check-conf
will go into interactive mode, where the patterns can be given one at
a time, and they will be checked.

You may also specify one command in interactive mode, "\fIdump\fR". This
command dumps the configuration (with subconfigs amended) for the
previous pattern given.

.SH EXAMPLES
.LP
% sshd-check-conf -f /etc/ssh2/sshd2_config sjl@ssh.com

% sshd-check-conf -f /etc/ssh2/sshd2_config luser1@evil.org luser2@aol.com

% sshd-check-conf

.SH AUTHORS
.LP

SSH Communications Security Corp.

For more information, see http://www.ssh.com.

.SH SEE ALSO
.BR sshd2 (8),
.BR sshd2_config (5),
.BR sshd2_subconfig (5)