diff options
Diffstat (limited to 'sshd.8')
-rw-r--r-- | sshd.8 | 18 |
1 files changed, 13 insertions, 5 deletions
@@ -33,8 +33,8 @@ | |||
33 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 33 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
34 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 34 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
35 | .\" | 35 | .\" |
36 | .\" $OpenBSD: sshd.8,v 1.286 2016/08/19 03:18:06 djm Exp $ | 36 | .\" $OpenBSD: sshd.8,v 1.287 2016/11/30 02:57:40 djm Exp $ |
37 | .Dd $Mdocdate: August 19 2016 $ | 37 | .Dd $Mdocdate: November 30 2016 $ |
38 | .Dt SSHD 8 | 38 | .Dt SSHD 8 |
39 | .Os | 39 | .Os |
40 | .Sh NAME | 40 | .Sh NAME |
@@ -481,19 +481,27 @@ If an 8-bit clean channel is required, | |||
481 | one must not request a pty or should specify | 481 | one must not request a pty or should specify |
482 | .Cm no-pty . | 482 | .Cm no-pty . |
483 | A quote may be included in the command by quoting it with a backslash. | 483 | A quote may be included in the command by quoting it with a backslash. |
484 | .Pp | ||
484 | This option might be useful | 485 | This option might be useful |
485 | to restrict certain public keys to perform just a specific operation. | 486 | to restrict certain public keys to perform just a specific operation. |
486 | An example might be a key that permits remote backups but nothing else. | 487 | An example might be a key that permits remote backups but nothing else. |
487 | Note that the client may specify TCP and/or X11 | 488 | Note that the client may specify TCP and/or X11 |
488 | forwarding unless they are explicitly prohibited. | 489 | forwarding unless they are explicitly prohibited, e.g. using the |
490 | .Cm restrict | ||
491 | key option. | ||
492 | .Pp | ||
489 | The command originally supplied by the client is available in the | 493 | The command originally supplied by the client is available in the |
490 | .Ev SSH_ORIGINAL_COMMAND | 494 | .Ev SSH_ORIGINAL_COMMAND |
491 | environment variable. | 495 | environment variable. |
492 | Note that this option applies to shell, command or subsystem execution. | 496 | Note that this option applies to shell, command or subsystem execution. |
493 | Also note that this command may be superseded by either a | 497 | Also note that this command may be superseded by a |
494 | .Xr sshd_config 5 | 498 | .Xr sshd_config 5 |
495 | .Cm ForceCommand | 499 | .Cm ForceCommand |
496 | directive or a command embedded in a certificate. | 500 | directive. |
501 | .Pp | ||
502 | If a command is specified and a forced-command is embedded in a certificate | ||
503 | used for authentication, then the certificate will be accepted only if the | ||
504 | two commands are identical. | ||
497 | .It Cm environment="NAME=value" | 505 | .It Cm environment="NAME=value" |
498 | Specifies that the string is to be added to the environment when | 506 | Specifies that the string is to be added to the environment when |
499 | logging in using this key. | 507 | logging in using this key. |