summaryrefslogtreecommitdiff
path: root/sshd.8
diff options
context:
space:
mode:
Diffstat (limited to 'sshd.8')
-rw-r--r--sshd.825
1 files changed, 23 insertions, 2 deletions
diff --git a/sshd.8 b/sshd.8
index 76b7e2987..fcd5195db 100644
--- a/sshd.8
+++ b/sshd.8
@@ -34,8 +34,8 @@
34.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 34.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
35.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 35.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
36.\" 36.\"
37.\" $OpenBSD: sshd.8,v 1.250 2010/01/30 21:08:33 djm Exp $ 37.\" $OpenBSD: sshd.8,v 1.251 2010/02/26 20:29:54 djm Exp $
38.Dd $Mdocdate: January 30 2010 $ 38.Dd $Mdocdate: February 26 2010 $
39.Dt SSHD 8 39.Dt SSHD 8
40.Os 40.Os
41.Sh NAME 41.Sh NAME
@@ -47,6 +47,7 @@
47.Op Fl 46DdeiqTt 47.Op Fl 46DdeiqTt
48.Op Fl b Ar bits 48.Op Fl b Ar bits
49.Op Fl C Ar connection_spec 49.Op Fl C Ar connection_spec
50.Op Fl c Ar host_certificate_file
50.Op Fl f Ar config_file 51.Op Fl f Ar config_file
51.Op Fl g Ar login_grace_time 52.Op Fl g Ar login_grace_time
52.Op Fl h Ar host_key_file 53.Op Fl h Ar host_key_file
@@ -101,6 +102,15 @@ to use IPv6 addresses only.
101.It Fl b Ar bits 102.It Fl b Ar bits
102Specifies the number of bits in the ephemeral protocol version 1 103Specifies the number of bits in the ephemeral protocol version 1
103server key (default 1024). 104server key (default 1024).
105.It Fl c Ar host_certificate_file
106Specifies a path to a certificate file to identify
107.Nm
108during key exchange.
109The certificate file must match a host key file specified using the
110.Fl -h
111option or the
112.Cm HostKey
113configuration directive.
104.It Fl C Ar connection_spec 114.It Fl C Ar connection_spec
105Specify the connection parameters to use for the 115Specify the connection parameters to use for the
106.Fl T 116.Fl T
@@ -498,6 +508,13 @@ No spaces are permitted, except within double quotes.
498The following option specifications are supported (note 508The following option specifications are supported (note
499that option keywords are case-insensitive): 509that option keywords are case-insensitive):
500.Bl -tag -width Ds 510.Bl -tag -width Ds
511.It Cm from="cert-authority"
512Specifies that the listed key is a certification authority (CA) that is
513trusted to validate signed certificates for user authentication.
514.Pp
515Certificates may encode access restrictions similar to these key options.
516If both certificate restrictions and key options are present, the most
517restrictive union of the two is applied.
501.It Cm command="command" 518.It Cm command="command"
502Specifies that the command is executed whenever this key is used for 519Specifies that the command is executed whenever this key is used for
503authentication. 520authentication.
@@ -517,6 +534,10 @@ The command originally supplied by the client is available in the
517.Ev SSH_ORIGINAL_COMMAND 534.Ev SSH_ORIGINAL_COMMAND
518environment variable. 535environment variable.
519Note that this option applies to shell, command or subsystem execution. 536Note that this option applies to shell, command or subsystem execution.
537Also note that this command may be superseded by either a
538.Xr sshd_config 5
539.Cm ForceCommand
540directive or a command embedded in a certificate.
520.It Cm environment="NAME=value" 541.It Cm environment="NAME=value"
521Specifies that the string is to be added to the environment when 542Specifies that the string is to be added to the environment when
522logging in using this key. 543logging in using this key.
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-05 02:33:14 +0000