upstream commit

Document "none" for PidFile XAuthLocation TrustedUserCAKeys and RevokedKeys. bz#2382, feedback from jmc@, ok djm@
author: dtucker@openbsd.org <dtucker@openbsd.org> 2015-04-16 23:25:50 +0000
committer: Damien Miller <djm@mindrot.org> 2015-04-29 18:13:34 +1000
commit: 6cc7cfa936afde2d829e56ee6528c7ea47a42441 (patch)
tree: c959220297fe981da4856d49154377f215765902
parent: 15fdfc9b1c6808b26bc54d4d61a38b54541763ed (diff)
1 files changed, 14 insertions, 6 deletions
diff --git a/sshd_config.5 b/sshd_config.5
index 6dce0c70c..2bc9360d0 100644
--- a/sshd_config.5
+++ b/sshd_config.5
@@ -33,8 +33,8 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: sshd_config.5,v 1.194 2015/02/20 23:46:01 djm Exp $
+.\" $OpenBSD: sshd_config.5,v 1.195 2015/04/16 23:25:50 dtucker Exp $
-.Dd $Mdocdate: February 20 2015 $
+.Dd $Mdocdate: April 16 2015 $
 .Dt SSHD_CONFIG 5
 .Os
 .Sh NAME
@@ -1163,7 +1163,9 @@ The default is
 .Dq yes .
 .It Cm PidFile
 Specifies the file that contains the process ID of the
-SSH daemon.
+SSH daemon, or
+.Dq none
+to not write one.
 The default is
 .Pa /var/run/sshd.pid .
 .It Cm Port
@@ -1253,7 +1255,9 @@ which means that rekeying is performed after the cipher's default amount
 of data has been sent or received and no time based rekeying is done.
 This option applies to protocol version 2 only.
 .It Cm RevokedKeys
-Specifies revoked public keys.
+Specifies revoked public keys file, or
+.Dq none
+to not use one.
 Keys listed in this file will be refused for public key authentication.
 Note that if this file is not readable, then public key authentication will
 be refused for all users.
@@ -1366,7 +1370,9 @@ To disable TCP keepalive messages, the value should be set to
 .Dq no .
 .It Cm TrustedUserCAKeys
 Specifies a file containing public keys of certificate authorities that are
-trusted to sign user certificates for authentication.
+trusted to sign user certificates for authentication, or
+.Dq none
+to not use one.
 Keys are listed one per line; empty lines and comments starting with
 .Ql #
 are allowed.
@@ -1519,7 +1525,9 @@ The default is
 .It Cm XAuthLocation
 Specifies the full pathname of the
 .Xr xauth 1
-program.
+program, or
+.Dq none
+to not use one.
 The default is
 .Pa /usr/X11R6/bin/xauth .
 .El
author	dtucker@openbsd.org <dtucker@openbsd.org>	2015-04-16 23:25:50 +0000
committer	Damien Miller <djm@mindrot.org>	2015-04-29 18:13:34 +1000
commit	6cc7cfa936afde2d829e56ee6528c7ea47a42441 (patch)
tree	c959220297fe981da4856d49154377f215765902
parent	15fdfc9b1c6808b26bc54d4d61a38b54541763ed (diff)

diff --git a/sshd_config.5 b/sshd_config.5 index 6dce0c70c..2bc9360d0 100644 --- a/sshd_config.5 +++ b/sshd_config.5
@@ -33,8 +33,8 @@
33	.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF	33	.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
34	.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.	34	.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
35	.\"	35	.\"
36	.\" $OpenBSD: sshd_config.5,v 1.194 2015/02/20 23:46:01 djm Exp $	36	.\" $OpenBSD: sshd_config.5,v 1.195 2015/04/16 23:25:50 dtucker Exp $
37	.Dd $Mdocdate: February 20 2015 $	37	.Dd $Mdocdate: April 16 2015 $
38	.Dt SSHD_CONFIG 5	38	.Dt SSHD_CONFIG 5
39	.Os	39	.Os
40	.Sh NAME	40	.Sh NAME
@@ -1163,7 +1163,9 @@ The default is
1163	.Dq yes .	1163	.Dq yes .
1164	.It Cm PidFile	1164	.It Cm PidFile
1165	Specifies the file that contains the process ID of the	1165	Specifies the file that contains the process ID of the
1166	SSH daemon.	1166	SSH daemon, or
		1167	.Dq none
		1168	to not write one.
1167	The default is	1169	The default is
1168	.Pa /var/run/sshd.pid .	1170	.Pa /var/run/sshd.pid .
1169	.It Cm Port	1171	.It Cm Port
@@ -1253,7 +1255,9 @@ which means that rekeying is performed after the cipher's default amount
1253	of data has been sent or received and no time based rekeying is done.	1255	of data has been sent or received and no time based rekeying is done.
1254	This option applies to protocol version 2 only.	1256	This option applies to protocol version 2 only.
1255	.It Cm RevokedKeys	1257	.It Cm RevokedKeys
1256	Specifies revoked public keys.	1258	Specifies revoked public keys file, or
		1259	.Dq none
		1260	to not use one.
1257	Keys listed in this file will be refused for public key authentication.	1261	Keys listed in this file will be refused for public key authentication.
1258	Note that if this file is not readable, then public key authentication will	1262	Note that if this file is not readable, then public key authentication will
1259	be refused for all users.	1263	be refused for all users.
@@ -1366,7 +1370,9 @@ To disable TCP keepalive messages, the value should be set to
1366	.Dq no .	1370	.Dq no .
1367	.It Cm TrustedUserCAKeys	1371	.It Cm TrustedUserCAKeys
1368	Specifies a file containing public keys of certificate authorities that are	1372	Specifies a file containing public keys of certificate authorities that are
1369	trusted to sign user certificates for authentication.	1373	trusted to sign user certificates for authentication, or
		1374	.Dq none
		1375	to not use one.
1370	Keys are listed one per line; empty lines and comments starting with	1376	Keys are listed one per line; empty lines and comments starting with
1371	.Ql #	1377	.Ql #
1372	are allowed.	1378	are allowed.
@@ -1519,7 +1525,9 @@ The default is
1519	.It Cm XAuthLocation	1525	.It Cm XAuthLocation
1520	Specifies the full pathname of the	1526	Specifies the full pathname of the
1521	.Xr xauth 1	1527	.Xr xauth 1
1522	program.	1528	program, or
		1529	.Dq none
		1530	to not use one.
1523	The default is	1531	The default is
1524	.Pa /usr/X11R6/bin/xauth .	1532	.Pa /usr/X11R6/bin/xauth .
1525	.El	1533	.El