diff options
author | Damien Miller <djm@mindrot.org> | 2010-03-04 21:53:35 +1100 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2010-03-04 21:53:35 +1100 |
commit | 1aed65eb27feec505997c98621bdf158f9ab8b99 (patch) | |
tree | 81c2d0b9aff3c2211388ba00cde544e0618750d2 /ssh.1 | |
parent | 2befbad9b3c8fc6e4e564c062870229bc722734c (diff) |
- djm@cvs.openbsd.org 2010/03/04 10:36:03
[auth-rh-rsa.c auth-rsa.c auth.c auth.h auth2-hostbased.c auth2-pubkey.c]
[authfile.c authfile.h hostfile.c hostfile.h servconf.c servconf.h]
[ssh-keygen.c ssh.1 sshconnect.c sshd_config.5]
Add a TrustedUserCAKeys option to sshd_config to specify CA keys that
are trusted to authenticate users (in addition than doing it per-user
in authorized_keys).
Add a RevokedKeys option to sshd_config and a @revoked marker to
known_hosts to allow keys to me revoked and banned for user or host
authentication.
feedback and ok markus@
Diffstat (limited to 'ssh.1')
-rw-r--r-- | ssh.1 | 20 |
1 files changed, 18 insertions, 2 deletions
@@ -34,8 +34,8 @@ | |||
34 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 34 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
35 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 35 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
36 | .\" | 36 | .\" |
37 | .\" $OpenBSD: ssh.1,v 1.296 2010/02/26 22:09:28 jmc Exp $ | 37 | .\" $OpenBSD: ssh.1,v 1.297 2010/03/04 10:36:03 djm Exp $ |
38 | .Dd $Mdocdate: February 26 2010 $ | 38 | .Dd $Mdocdate: March 4 2010 $ |
39 | .Dt SSH 1 | 39 | .Dt SSH 1 |
40 | .Os | 40 | .Os |
41 | .Sh NAME | 41 | .Sh NAME |
@@ -1121,6 +1121,22 @@ See the | |||
1121 | section of | 1121 | section of |
1122 | .Xr ssh-keygen 1 | 1122 | .Xr ssh-keygen 1 |
1123 | for more details. | 1123 | for more details. |
1124 | .Pp | ||
1125 | Keys may be also be marked as revoked using the | ||
1126 | .Dq @revoked | ||
1127 | marker. | ||
1128 | Revoked keys will always trigger a warning when encountered and the host | ||
1129 | that presented them will be treated as untrusted. | ||
1130 | For example: | ||
1131 | .Pp | ||
1132 | .Dl @revoked * ssh-rsa AAAAB5W... | ||
1133 | .Pp | ||
1134 | Revoking a key revokes it for direct use and as a certification authority. | ||
1135 | Do not use both the | ||
1136 | .Dq @cert-authority and | ||
1137 | .Dq @revoked | ||
1138 | markers on the same line. | ||
1139 | .Pp | ||
1124 | .Sh SSH-BASED VIRTUAL PRIVATE NETWORKS | 1140 | .Sh SSH-BASED VIRTUAL PRIVATE NETWORKS |
1125 | .Nm | 1141 | .Nm |
1126 | contains support for Virtual Private Network (VPN) tunnelling | 1142 | contains support for Virtual Private Network (VPN) tunnelling |