diff options
| -rw-r--r-- | ChangeLog | 5 | ||||
| -rw-r--r-- | sshd.8 | 18 |
2 files changed, 12 insertions, 11 deletions
| @@ -160,6 +160,9 @@ | |||
| 160 | - jmc@cvs.openbsd.org 2006/02/24 10:37:07 | 160 | - jmc@cvs.openbsd.org 2006/02/24 10:37:07 |
| 161 | [ssh_config.5] | 161 | [ssh_config.5] |
| 162 | tidy up the refs to PATTERNS; | 162 | tidy up the refs to PATTERNS; |
| 163 | - jmc@cvs.openbsd.org 2006/02/24 10:39:52 | ||
| 164 | [sshd.8] | ||
| 165 | signpost to PATTERNS section; | ||
| 163 | 166 | ||
| 164 | 20060313 | 167 | 20060313 |
| 165 | - (dtucker) [configure.ac] Bug #1171: Don't use printf("%lld", longlong) | 168 | - (dtucker) [configure.ac] Bug #1171: Don't use printf("%lld", longlong) |
| @@ -4061,4 +4064,4 @@ | |||
| 4061 | - (djm) Trim deprecated options from INSTALL. Mention UsePAM | 4064 | - (djm) Trim deprecated options from INSTALL. Mention UsePAM |
| 4062 | - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu | 4065 | - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu |
| 4063 | 4066 | ||
| 4064 | $Id: ChangeLog,v 1.4184 2006/03/15 00:54:36 djm Exp $ | 4067 | $Id: ChangeLog,v 1.4185 2006/03/15 00:55:08 djm Exp $ |
| @@ -34,7 +34,7 @@ | |||
| 34 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 34 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
| 35 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 35 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
| 36 | .\" | 36 | .\" |
| 37 | .\" $OpenBSD: sshd.8,v 1.228 2006/02/19 20:05:00 jmc Exp $ | 37 | .\" $OpenBSD: sshd.8,v 1.229 2006/02/24 10:39:52 jmc Exp $ |
| 38 | .Dd September 25, 1999 | 38 | .Dd September 25, 1999 |
| 39 | .Dt SSHD 8 | 39 | .Dt SSHD 8 |
| 40 | .Os | 40 | .Os |
| @@ -498,15 +498,7 @@ is enabled. | |||
| 498 | .It Cm from="pattern-list" | 498 | .It Cm from="pattern-list" |
| 499 | Specifies that in addition to public key authentication, the canonical name | 499 | Specifies that in addition to public key authentication, the canonical name |
| 500 | of the remote host must be present in the comma-separated list of | 500 | of the remote host must be present in the comma-separated list of |
| 501 | patterns | 501 | patterns. |
| 502 | .Pf ( Ql * | ||
| 503 | and | ||
| 504 | .Ql \&? | ||
| 505 | serve as wildcards). | ||
| 506 | The list may also contain | ||
| 507 | patterns negated by prefixing them with | ||
| 508 | .Ql \&! ; | ||
| 509 | if the canonical host name matches a negated pattern, the key is not accepted. | ||
| 510 | The purpose | 502 | The purpose |
| 511 | of this option is to optionally increase security: public key authentication | 503 | of this option is to optionally increase security: public key authentication |
| 512 | by itself does not trust the network or name servers or anything (but | 504 | by itself does not trust the network or name servers or anything (but |
| @@ -515,6 +507,12 @@ permits an intruder to log in from anywhere in the world. | |||
| 515 | This additional option makes using a stolen key more difficult (name | 507 | This additional option makes using a stolen key more difficult (name |
| 516 | servers and/or routers would have to be compromised in addition to | 508 | servers and/or routers would have to be compromised in addition to |
| 517 | just the key). | 509 | just the key). |
| 510 | .Pp | ||
| 511 | See | ||
| 512 | .Sx PATTERNS | ||
| 513 | in | ||
| 514 | .Xr ssh_config 5 | ||
| 515 | for more information on patterns. | ||
| 518 | .It Cm no-agent-forwarding | 516 | .It Cm no-agent-forwarding |
| 519 | Forbids authentication agent forwarding when this key is used for | 517 | Forbids authentication agent forwarding when this key is used for |
| 520 | authentication. | 518 | authentication. |