diff options
author | djm@openbsd.org <djm@openbsd.org> | 2015-11-16 00:30:02 +0000 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2015-11-16 11:31:41 +1100 |
commit | 383f10fb84a0fee3c01f9d97594f3e22aa3cd5e0 (patch) | |
tree | 5204277775a7cbd10a88c9645024958f4a120665 /auth-krb5.c | |
parent | e41a071f7bda6af1fb3f081bed0151235fa61f15 (diff) |
upstream commit
Add a new authorized_keys option "restrict" that
includes all current and future key restrictions (no-*-forwarding, etc). Also
add permissive versions of the existing restrictions, e.g. "no-pty" -> "pty".
This simplifies the task of setting up restricted keys and ensures they are
maximally-restricted, regardless of any permissions we might implement in the
future.
Example:
restrict,pty,command="nethack" ssh-ed25519 AAAAC3NzaC1lZDI1...
Idea from Jann Horn; ok markus@
Upstream-ID: 04ceb9d448e46e67e13887a7ae5ea45b4f1719d0
Diffstat (limited to 'auth-krb5.c')
0 files changed, 0 insertions, 0 deletions