upstream: make IgnoreRhosts a tri-state option: "yes" ignore

rhosts/shosts, "no" allow rhosts/shosts or (new) "shosts-only" to allow .shosts files but not .rhosts. ok dtucker@ OpenBSD-Commit-ID: d08d6930ed06377a80cf53923c1955e9589342e9
author: djm@openbsd.org <djm@openbsd.org> 2020-04-17 03:30:05 +0000
committer: Damien Miller <djm@mindrot.org> 2020-04-17 14:03:36 +1000
commit: c90f72d29e84b4a2709078bf5546a72c29a65177 (patch)
tree: 58f38f99566d13f7e142c3181878f54e4cd2af21 /sshd_config.5
parent: 321c7147079270f3a154f91b59e66219aac3d514 (diff)
1 files changed, 20 insertions, 7 deletions
diff --git a/sshd_config.5 b/sshd_config.5
index a60be383d..5648337a6 100644
--- a/sshd_config.5
+++ b/sshd_config.5
@@ -33,7 +33,7 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: sshd_config.5,v 1.308 2020/04/17 03:23:13 djm Exp $
+.\" $OpenBSD: sshd_config.5,v 1.309 2020/04/17 03:30:05 djm Exp $
 .Dd $Mdocdate: April 17 2020 $
 .Dt SSHD_CONFIG 5
 .Os
@@ -778,19 +778,32 @@ rsa-sha2-512,rsa-sha2-256,ssh-rsa
 The list of available key types may also be obtained using
 .Qq ssh -Q HostKeyAlgorithms .
 .It Cm IgnoreRhosts
-Specifies that
+Specifies whether to ignore per-user
 .Pa .rhosts
 and
 .Pa .shosts
-files will not be used in
+files during
 .Cm HostbasedAuthentication .
-.Pp
+The system-wide
 .Pa /etc/hosts.equiv
 and
 .Pa /etc/shosts.equiv
-are still used.
+are still used regardless of this setting.
-The default is
+.Pp
-.Cm yes .
+Accepted values are
+.Cm yes
+(the default) to ignore all per-user files,
+.Cm shosts-only
+to allow the use of
+.Pa .shosts
+but to ignore
+.Pa .rhosts
+or
+.Cm no
+to allow both
+.Pa .shosts
+and
+.Pa rhosts.
 .It Cm IgnoreUserKnownHosts
 Specifies whether
 .Xr sshd 8
author	djm@openbsd.org <djm@openbsd.org>	2020-04-17 03:30:05 +0000
committer	Damien Miller <djm@mindrot.org>	2020-04-17 14:03:36 +1000
commit	c90f72d29e84b4a2709078bf5546a72c29a65177 (patch)
tree	58f38f99566d13f7e142c3181878f54e4cd2af21 /sshd_config.5
parent	321c7147079270f3a154f91b59e66219aac3d514 (diff)

diff --git a/sshd_config.5 b/sshd_config.5 index a60be383d..5648337a6 100644 --- a/sshd_config.5 +++ b/sshd_config.5
@@ -33,7 +33,7 @@
33	.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF	33	.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
34	.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.	34	.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
35	.\"	35	.\"
36	.\" $OpenBSD: sshd_config.5,v 1.308 2020/04/17 03:23:13 djm Exp $	36	.\" $OpenBSD: sshd_config.5,v 1.309 2020/04/17 03:30:05 djm Exp $
37	.Dd $Mdocdate: April 17 2020 $	37	.Dd $Mdocdate: April 17 2020 $
38	.Dt SSHD_CONFIG 5	38	.Dt SSHD_CONFIG 5
39	.Os	39	.Os
@@ -778,19 +778,32 @@ rsa-sha2-512,rsa-sha2-256,ssh-rsa
778	The list of available key types may also be obtained using	778	The list of available key types may also be obtained using
779	.Qq ssh -Q HostKeyAlgorithms .	779	.Qq ssh -Q HostKeyAlgorithms .
780	.It Cm IgnoreRhosts	780	.It Cm IgnoreRhosts
781	Specifies that	781	Specifies whether to ignore per-user
782	.Pa .rhosts	782	.Pa .rhosts
783	and	783	and
784	.Pa .shosts	784	.Pa .shosts
785	files will not be used in	785	files during
786	.Cm HostbasedAuthentication .	786	.Cm HostbasedAuthentication .
787	.Pp	787	The system-wide
788	.Pa /etc/hosts.equiv	788	.Pa /etc/hosts.equiv
789	and	789	and
790	.Pa /etc/shosts.equiv	790	.Pa /etc/shosts.equiv
791	are still used.	791	are still used regardless of this setting.
792	The default is	792	.Pp
793	.Cm yes .	793	Accepted values are
		794	.Cm yes
		795	(the default) to ignore all per-user files,
		796	.Cm shosts-only
		797	to allow the use of
		798	.Pa .shosts
		799	but to ignore
		800	.Pa .rhosts
		801	or
		802	.Cm no
		803	to allow both
		804	.Pa .shosts
		805	and
		806	.Pa rhosts.
794	.It Cm IgnoreUserKnownHosts	807	.It Cm IgnoreUserKnownHosts
795	Specifies whether	808	Specifies whether
796	.Xr sshd 8	809	.Xr sshd 8