diff options
author | Colin Watson <cjwatson@debian.org> | 2008-06-02 13:04:55 +0000 |
---|---|---|
committer | Colin Watson <cjwatson@debian.org> | 2008-06-02 13:04:55 +0000 |
commit | da162da0416abb367ea8a415eb90d072a01fa020 (patch) | |
tree | a6a649302f33b74be5052b54c66f074f2b788b11 /ssh_config.5 | |
parent | 15d091acca07091e7f196168bdf08788f1ae8367 (diff) |
Check compromised key blacklist in ssh or ssh-add, as well as in the
server (LP: #232391). To override the blacklist check in ssh
temporarily, use 'ssh -o UseBlacklistedKeys=yes'; there is no override
for the blacklist check in ssh-add.
Diffstat (limited to 'ssh_config.5')
-rw-r--r-- | ssh_config.5 | 17 |
1 files changed, 17 insertions, 0 deletions
diff --git a/ssh_config.5 b/ssh_config.5 index b048a54f5..411e9fd34 100644 --- a/ssh_config.5 +++ b/ssh_config.5 | |||
@@ -1056,6 +1056,23 @@ is not specified, it defaults to | |||
1056 | .Dq any . | 1056 | .Dq any . |
1057 | The default is | 1057 | The default is |
1058 | .Dq any:any . | 1058 | .Dq any:any . |
1059 | .It Cm UseBlacklistedKeys | ||
1060 | Specifies whether | ||
1061 | .Xr ssh 1 | ||
1062 | should use keys recorded in its blacklist of known-compromised keys (see | ||
1063 | .Xr ssh-vulnkey 1 ) | ||
1064 | for authentication. | ||
1065 | If | ||
1066 | .Dq yes , | ||
1067 | then attempts to use compromised keys for authentication will be logged but | ||
1068 | accepted. | ||
1069 | It is strongly recommended that this be used only to install new authorized | ||
1070 | keys on the remote system, and even then only with the utmost care. | ||
1071 | If | ||
1072 | .Dq no , | ||
1073 | then attempts to use compromised keys for authentication will be prevented. | ||
1074 | The default is | ||
1075 | .Dq no . | ||
1059 | .It Cm UsePrivilegedPort | 1076 | .It Cm UsePrivilegedPort |
1060 | Specifies whether to use a privileged port for outgoing connections. | 1077 | Specifies whether to use a privileged port for outgoing connections. |
1061 | The argument must be | 1078 | The argument must be |