diff options
author | djm@openbsd.org <djm@openbsd.org> | 2016-06-17 05:03:40 +0000 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2016-06-24 13:35:28 +1000 |
commit | b64faeb5eda7eff8210c754d00464f9fe9d23de5 (patch) | |
tree | 71d280e30b29dc41cc1f46d7c688399e768622aa /sshd_config.5 | |
parent | 9816fc5daee5ca924dd5c4781825afbaab728877 (diff) |
upstream commit
ban AuthenticationMethods="" and accept
AuthenticationMethods=any for the default behaviour of not requiring multiple
authentication
bz#2398 from Jakub Jelen; ok dtucker@
Upstream-ID: fabd7f44d59e4518d241d0d01e226435cc23cf27
Diffstat (limited to 'sshd_config.5')
-rw-r--r-- | sshd_config.5 | 17 |
1 files changed, 11 insertions, 6 deletions
diff --git a/sshd_config.5 b/sshd_config.5 index 479fa38eb..690797958 100644 --- a/sshd_config.5 +++ b/sshd_config.5 | |||
@@ -33,8 +33,8 @@ | |||
33 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 33 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
34 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 34 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
35 | .\" | 35 | .\" |
36 | .\" $OpenBSD: sshd_config.5,v 1.223 2016/05/04 14:29:58 markus Exp $ | 36 | .\" $OpenBSD: sshd_config.5,v 1.224 2016/06/17 05:03:40 djm Exp $ |
37 | .Dd $Mdocdate: May 4 2016 $ | 37 | .Dd $Mdocdate: June 17 2016 $ |
38 | .Dt SSHD_CONFIG 5 | 38 | .Dt SSHD_CONFIG 5 |
39 | .Os | 39 | .Os |
40 | .Sh NAME | 40 | .Sh NAME |
@@ -189,9 +189,12 @@ for more information on patterns. | |||
189 | Specifies the authentication methods that must be successfully completed | 189 | Specifies the authentication methods that must be successfully completed |
190 | for a user to be granted access. | 190 | for a user to be granted access. |
191 | This option must be followed by one or more comma-separated lists of | 191 | This option must be followed by one or more comma-separated lists of |
192 | authentication method names. | 192 | authentication method names, or by the single string |
193 | Successful authentication requires completion of every method in at least | 193 | .Dq any |
194 | one of these lists. | 194 | to indicate the default behaviour of accepting any single authentication |
195 | methods. | ||
196 | if the default is overridden, then successful authentication requires | ||
197 | completion of every method in at least one of these lists. | ||
195 | .Pp | 198 | .Pp |
196 | For example, an argument of | 199 | For example, an argument of |
197 | .Dq publickey,password publickey,keyboard-interactive | 200 | .Dq publickey,password publickey,keyboard-interactive |
@@ -231,7 +234,9 @@ This option will yield a fatal | |||
231 | error if enabled if protocol 1 is also enabled. | 234 | error if enabled if protocol 1 is also enabled. |
232 | Note that each authentication method listed should also be explicitly enabled | 235 | Note that each authentication method listed should also be explicitly enabled |
233 | in the configuration. | 236 | in the configuration. |
234 | The default is not to require multiple authentication; successful completion | 237 | The default |
238 | .Dq any | ||
239 | is not to require multiple authentication; successful completion | ||
235 | of a single authentication method is sufficient. | 240 | of a single authentication method is sufficient. |
236 | .It Cm AuthorizedKeysCommand | 241 | .It Cm AuthorizedKeysCommand |
237 | Specifies a program to be used to look up the user's public keys. | 242 | Specifies a program to be used to look up the user's public keys. |