.TH gtlsshd 8 01/02/19 "Server for shell over TLS" .SH NAME gtlsshd \- Server for shell over TLS .SH SYNOPSIS .B gtlsshd [options] .SH DESCRIPTION The .BR gtlsshd program receives connections from gtlssh, authenticates the connections, and connects them to a shell or a program as requested. .BR gtlsshd will listen on both SCTP and TCP sockets unless told otherwise. .BR gtlsshd uses openssl public key certificate authentication both directions. When something connections, it uses standard SSL handling to validate itself to the user with the given key and certificate files. On SSL does its job, it then runs an authentication protocol for the user on top of the SSL connection. The user sends the username, and gtlsshd will use the $HOME/.gtlssh/allowed_certs directory to authenticate a certificate the user presents. If the user doesn't have a certificate that matches the presented certificate, .BR gtlsshd will attempt a normal password login if that is enabled. .SH OPTIONS .TP .I \-p|\-\-port port Use the given port instead of the default port. .TP .I \-h|\-\-keyfile file Use the given file for the key instead of the default. Defaults to /etc/gtlssh/gtlsshd.key. .TP .I \-c|\-\-certfile file Set the certificate to use. Defaults to /etc/gtlssh/gtlsshd.crt. .TP .I \-\-permit-root Allow root logins. Otherwise root or uid=0 is denied. .TP .I \-\-allow-password Allow password logins. By default only certificate-based logins are allowed. Passwords are much less secure than certificate logins, so their use is discouraged. .TP .I \-\-oneshot Do not fork the program at the beginning or when a connection is received. This allows easier debugging of the program. .TP .I \-\-nodaemon Do not daemonize (double fork) the program. .TP .I \-\-nosctp Disable SCTP support. .TP .I \-\-notcp Disable TCP support .TP .I \-\-other_acc Enable the given accepter to receive connections for gtlsshd. This does not disable TCP or SCTP. .TP .I \-P|\-\-pidfile file Create a standard pidfile using the given filename. .TP .TP .I \-4 Do IPv4 only. .TP .I \-6 Do IPv6 only. .I \-d|\-\-debug Generate debugging output. Specifying more than once increases the output. This also causes syslog output to go to standard error. .TP .I \-h|\-\-help Help output .SH "SEE ALSO" gensio(5), gtlssh(1), gtlssh-keygen(1) .SH "KNOWN PROBLEMS" None. .SH AUTHOR .PP Corey Minyard