-p|--portport
Use the given port instead of the default port.
-h|--keyfilefile
Use the given file for the key instead of the default. Defaults to sysconfidr/gtlssh/gtlsshd.key.
On unix sysconfdir is generally /etc. On Windows it is one directory up from the executable with
/etc appended.
-c|--certfilefile
Set the certificate to use. Defaults to sysconfdir/gtlssh/gtlsshd.crt. On unix sysconfdir is
generally /etc. On Windows it is one directory up from the executable with /etc appended.
--permit-root
Allow root logins. Otherwise root or uid=0 is denied.
--allow-password
Allow password logins. By default only certificate-based logins are allowed. Passwords are much
less secure than certificate logins, so their use is discouraged.
--do-2fa
Enable 2-factor authentication. This means that 2-factor authentication is enabled in PAM for
gtlssh. This will cause the client end to request 2-factor data and transmit it over along with
the password. During authentication, it is expected that PAM will request two authentication
tokens and the first will be the password (if certificate failed). Note that this is not required
to do 2-factor auth, but is useful to allow gtlssh to read the 2-factor data and transfer it as
part of the login data.
--pam-cert-auth<name>
If the connection is authorized with a certificate, still do a PAM authentication, but use the
given name as the program name for PAM to use to find the rules. This will allow 2-factor auth to
be done on a certificate login, as the given set of rules can be written to only do the second
factor authentication part.
--pam-service<name>
Use the given name for the pam service, instead of using the program's name.
--use-login,--no-use-login
Use or do not use the login program to log the user in. Some systems work better with login,
others work fine to directly execute the shell. The default depends on the system and should be
best.
--oneshot
Do not fork the program at the beginning or when a connection is received. This allows easier
debugging of the program.
--nodaemon
Do not daemonize (double fork) the program.
--nointeractive
Disable interactive logins. All authentication information must be passed in via the protocol.
This is different than gtlssh's view of interactive, which affects how I/O is done. This only
affects prompting for credentials interactively.
--nosctp
Disable SCTP support.
--notcp
Disable TCP support
--other_acc<accepter>
Enable the given accepter to receive connections for gtlsshd. This does not disable TCP or SCTP.
-P|--pidfilefile
Create a standard pidfile using the given filename.
-4 Do IPv4 only.
-6 Do IPv6 only.
--startup-retries
The number of times gtlsshd will retry creating the accepter. It retries once a second.
Generally, if creating the accepter fails, that means the nameserver is not yet operational and
converting the local name to an address fails, so this can help with the resolver not being ready
when gtlsshd starts. Default is 30.
-d|--debug
Generate debugging output. Specifying more than once increases the output. This also causes
syslog output to go to standard error.
--version
Print the version number and exit.
-h|--help
Help output
Install Now
PNG Icons
