diff options
-rw-r--r-- | sshd_config.5 | 19 |
1 files changed, 17 insertions, 2 deletions
diff --git a/sshd_config.5 b/sshd_config.5 index 78a8d00be..9f52cf441 100644 --- a/sshd_config.5 +++ b/sshd_config.5 | |||
@@ -33,8 +33,8 @@ | |||
33 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 33 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
34 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 34 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
35 | .\" | 35 | .\" |
36 | .\" $OpenBSD: sshd_config.5,v 1.180 2014/11/22 19:21:03 jmc Exp $ | 36 | .\" $OpenBSD: sshd_config.5,v 1.181 2014/12/11 05:25:06 djm Exp $ |
37 | .Dd $Mdocdate: November 22 2014 $ | 37 | .Dd $Mdocdate: December 11 2014 $ |
38 | .Dt SSHD_CONFIG 5 | 38 | .Dt SSHD_CONFIG 5 |
39 | .Os | 39 | .Os |
40 | .Sh NAME | 40 | .Sh NAME |
@@ -210,6 +210,18 @@ would restrict keyboard interactive authentication to the | |||
210 | .Dq bsdauth | 210 | .Dq bsdauth |
211 | device. | 211 | device. |
212 | .Pp | 212 | .Pp |
213 | If the | ||
214 | .Dq publickey | ||
215 | method is listed more than one, | ||
216 | .Xr sshd 8 | ||
217 | verifies that keys that have been successfully are not reused for subsequent | ||
218 | authentications. | ||
219 | For example, an | ||
220 | .Cm AuthenticationMethods | ||
221 | of | ||
222 | .Dq publickey,publickey | ||
223 | will require successful authentication using two different public keys. | ||
224 | .Pp | ||
213 | This option is only available for SSH protocol 2 and will yield a fatal | 225 | This option is only available for SSH protocol 2 and will yield a fatal |
214 | error if enabled if protocol 1 is also enabled. | 226 | error if enabled if protocol 1 is also enabled. |
215 | Note that each authentication method listed should also be explicitly enabled | 227 | Note that each authentication method listed should also be explicitly enabled |
@@ -232,6 +244,9 @@ By default, no AuthorizedKeysCommand is run. | |||
232 | Specifies the user under whose account the AuthorizedKeysCommand is run. | 244 | Specifies the user under whose account the AuthorizedKeysCommand is run. |
233 | It is recommended to use a dedicated user that has no other role on the host | 245 | It is recommended to use a dedicated user that has no other role on the host |
234 | than running authorized keys commands. | 246 | than running authorized keys commands. |
247 | If no user is specified then | ||
248 | .Cm AuthorizedKeysCommand | ||
249 | is ignored. | ||
235 | .It Cm AuthorizedKeysFile | 250 | .It Cm AuthorizedKeysFile |
236 | Specifies the file that contains the public keys that can be used | 251 | Specifies the file that contains the public keys that can be used |
237 | for user authentication. | 252 | for user authentication. |