diff options
author | djm@openbsd.org <djm@openbsd.org> | 2020-04-17 04:27:03 +0000 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2020-04-17 17:17:47 +1000 |
commit | 44ae009a0112081d0d541aeaa90088bedb6f21ce (patch) | |
tree | edb664fcec28db5427d24523ff97bbf5e13ff96e /sshd_config.5 | |
parent | f96f17f920f38ceea6f3c5cb0b075c46b8929fdc (diff) |
upstream: auth2-pubkey r1.89 changed the order of operations to
checking AuthorizedKeysFile first and falling back to AuthorizedKeysCommand
if no key was found in a file. Document this order here; bz3134
OpenBSD-Commit-ID: afce0872cbfcfc1d4910ad7722e50f792a1dce12
Diffstat (limited to 'sshd_config.5')
-rw-r--r-- | sshd_config.5 | 8 |
1 files changed, 3 insertions, 5 deletions
diff --git a/sshd_config.5 b/sshd_config.5 index 5648337a6..b2fda8d52 100644 --- a/sshd_config.5 +++ b/sshd_config.5 | |||
@@ -33,7 +33,7 @@ | |||
33 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 33 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
34 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 34 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
35 | .\" | 35 | .\" |
36 | .\" $OpenBSD: sshd_config.5,v 1.309 2020/04/17 03:30:05 djm Exp $ | 36 | .\" $OpenBSD: sshd_config.5,v 1.310 2020/04/17 04:27:03 djm Exp $ |
37 | .Dd $Mdocdate: April 17 2020 $ | 37 | .Dd $Mdocdate: April 17 2020 $ |
38 | .Dt SSHD_CONFIG 5 | 38 | .Dt SSHD_CONFIG 5 |
39 | .Os | 39 | .Os |
@@ -247,12 +247,10 @@ more lines of authorized_keys output (see | |||
247 | .Sx AUTHORIZED_KEYS | 247 | .Sx AUTHORIZED_KEYS |
248 | in | 248 | in |
249 | .Xr sshd 8 ) . | 249 | .Xr sshd 8 ) . |
250 | If a key supplied by | ||
251 | .Cm AuthorizedKeysCommand | 250 | .Cm AuthorizedKeysCommand |
252 | does not successfully authenticate | 251 | is tried after the usual |
253 | and authorize the user then public key authentication continues using the usual | ||
254 | .Cm AuthorizedKeysFile | 252 | .Cm AuthorizedKeysFile |
255 | files. | 253 | files and will not be executed if a matching key is found there. |
256 | By default, no | 254 | By default, no |
257 | .Cm AuthorizedKeysCommand | 255 | .Cm AuthorizedKeysCommand |
258 | is run. | 256 | is run. |