upstream commit

correct description of what will happen when a AuthorizedKeysCommand is specified but AuthorizedKeysCommandUser is not (sshd will refuse to start)
author: djm@openbsd.org <djm@openbsd.org> 2014-12-22 08:04:23 +0000
committer: Damien Miller <djm@mindrot.org> 2014-12-22 19:08:12 +1100
commit: f1c4d8ec52158b6f57834b8cd839605b0a33e7f2 (patch)
tree: 2982f8a7d1e00a47a4c9cf325702a477c98529b4
parent: 161cf419f412446635013ac49e8c660cadc36080 (diff)
1 files changed, 7 insertions, 3 deletions
diff --git a/sshd_config.5 b/sshd_config.5
index d2ab28136..40a1dbdea 100644
--- a/sshd_config.5
+++ b/sshd_config.5
@@ -33,7 +33,7 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: sshd_config.5,v 1.185 2014/12/22 07:51:30 djm Exp $
+.\" $OpenBSD: sshd_config.5,v 1.186 2014/12/22 08:04:23 djm Exp $
 .Dd $Mdocdate: December 22 2014 $
 .Dt SSHD_CONFIG 5
 .Os
@@ -244,9 +244,13 @@ By default, no AuthorizedKeysCommand is run.
 Specifies the user under whose account the AuthorizedKeysCommand is run.
 It is recommended to use a dedicated user that has no other role on the host
 than running authorized keys commands.
-If no user is specified then
+If
 .Cm AuthorizedKeysCommand
-is ignored.
+is specified but
+.Cm AuthorizedKeysCommandUser
+is not, then
+.Xr sshd 8
+will refuse to start.
 .It Cm AuthorizedKeysFile
 Specifies the file that contains the public keys that can be used
 for user authentication.
author	djm@openbsd.org <djm@openbsd.org>	2014-12-22 08:04:23 +0000
committer	Damien Miller <djm@mindrot.org>	2014-12-22 19:08:12 +1100
commit	f1c4d8ec52158b6f57834b8cd839605b0a33e7f2 (patch)
tree	2982f8a7d1e00a47a4c9cf325702a477c98529b4
parent	161cf419f412446635013ac49e8c660cadc36080 (diff)

diff --git a/sshd_config.5 b/sshd_config.5 index d2ab28136..40a1dbdea 100644 --- a/sshd_config.5 +++ b/sshd_config.5
@@ -33,7 +33,7 @@
33	.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF	33	.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
34	.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.	34	.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
35	.\"	35	.\"
36	.\" $OpenBSD: sshd_config.5,v 1.185 2014/12/22 07:51:30 djm Exp $	36	.\" $OpenBSD: sshd_config.5,v 1.186 2014/12/22 08:04:23 djm Exp $
37	.Dd $Mdocdate: December 22 2014 $	37	.Dd $Mdocdate: December 22 2014 $
38	.Dt SSHD_CONFIG 5	38	.Dt SSHD_CONFIG 5
39	.Os	39	.Os
@@ -244,9 +244,13 @@ By default, no AuthorizedKeysCommand is run.
244	Specifies the user under whose account the AuthorizedKeysCommand is run.	244	Specifies the user under whose account the AuthorizedKeysCommand is run.
245	It is recommended to use a dedicated user that has no other role on the host	245	It is recommended to use a dedicated user that has no other role on the host
246	than running authorized keys commands.	246	than running authorized keys commands.
247	If no user is specified then	247	If
248	.Cm AuthorizedKeysCommand	248	.Cm AuthorizedKeysCommand
249	is ignored.	249	is specified but
		250	.Cm AuthorizedKeysCommandUser
		251	is not, then
		252	.Xr sshd 8
		253	will refuse to start.
250	.It Cm AuthorizedKeysFile	254	.It Cm AuthorizedKeysFile
251	Specifies the file that contains the public keys that can be used	255	Specifies the file that contains the public keys that can be used
252	for user authentication.	256	for user authentication.