diff options
Diffstat (limited to 'sshd_config.0')
| -rw-r--r-- | sshd_config.0 | 27 |
1 files changed, 17 insertions, 10 deletions
diff --git a/sshd_config.0 b/sshd_config.0 index e75ed1b32..8132c3f15 100644 --- a/sshd_config.0 +++ b/sshd_config.0 | |||
| @@ -497,10 +497,11 @@ DESCRIPTION | |||
| 497 | 497 | ||
| 498 | Include | 498 | Include |
| 499 | Include the specified configuration file(s). Multiple pathnames | 499 | Include the specified configuration file(s). Multiple pathnames |
| 500 | may be specified and each pathname may contain glob(7) wildcards. | 500 | may be specified and each pathname may contain glob(7) wildcards |
| 501 | Files without absolute paths are assumed to be in /etc/ssh. An | 501 | that will be expanded and processed in lexical order. Files |
| 502 | Include directive may appear inside a Match block to perform | 502 | without absolute paths are assumed to be in /etc/ssh. An Include |
| 503 | conditional inclusion. | 503 | directive may appear inside a Match block to perform conditional |
| 504 | inclusion. | ||
| 504 | 505 | ||
| 505 | IPQoS Specifies the IPv4 type-of-service or DSCP class for the | 506 | IPQoS Specifies the IPv4 type-of-service or DSCP class for the |
| 506 | connection. Accepted values are af11, af12, af13, af21, af22, | 507 | connection. Accepted values are af11, af12, af13, af21, af22, |
| @@ -866,9 +867,10 @@ DESCRIPTION | |||
| 866 | -Q PubkeyAcceptedKeyTypes". | 867 | -Q PubkeyAcceptedKeyTypes". |
| 867 | 868 | ||
| 868 | PubkeyAuthOptions | 869 | PubkeyAuthOptions |
| 869 | Sets one or more public key authentication options. Two option | 870 | Sets one or more public key authentication options. The |
| 870 | keywords are currently supported: none (the default; indicating | 871 | supported keywords are: none (the default; indicating no |
| 871 | no additional options are enabled) and touch-required. | 872 | additional options are enabled), touch-required and |
| 873 | verify-required. | ||
| 872 | 874 | ||
| 873 | The touch-required option causes public key authentication using | 875 | The touch-required option causes public key authentication using |
| 874 | a FIDO authenticator algorithm (i.e. ecdsa-sk or ed25519-sk) to | 876 | a FIDO authenticator algorithm (i.e. ecdsa-sk or ed25519-sk) to |
| @@ -876,8 +878,13 @@ DESCRIPTION | |||
| 876 | user explicitly confirmed the authentication (usually by touching | 878 | user explicitly confirmed the authentication (usually by touching |
| 877 | the authenticator). By default, sshd(8) requires user presence | 879 | the authenticator). By default, sshd(8) requires user presence |
| 878 | unless overridden with an authorized_keys option. The | 880 | unless overridden with an authorized_keys option. The |
| 879 | touch-required flag disables this override. This option has no | 881 | touch-required flag disables this override. |
| 880 | effect for other, non-authenticator public key types. | 882 | |
| 883 | The verify-required option requires a FIDO key signature attest | ||
| 884 | that the user was verified, e.g. via a PIN. | ||
| 885 | |||
| 886 | Neither the touch-required or verify-required options have any | ||
| 887 | effect for other, non-FIDO, public key types. | ||
| 881 | 888 | ||
| 882 | PubkeyAuthentication | 889 | PubkeyAuthentication |
| 883 | Specifies whether public key authentication is allowed. The | 890 | Specifies whether public key authentication is allowed. The |
| @@ -1143,4 +1150,4 @@ AUTHORS | |||
| 1143 | versions 1.5 and 2.0. Niels Provos and Markus Friedl contributed support | 1150 | versions 1.5 and 2.0. Niels Provos and Markus Friedl contributed support |
| 1144 | for privilege separation. | 1151 | for privilege separation. |
| 1145 | 1152 | ||
| 1146 | OpenBSD 6.7 April 17, 2020 OpenBSD 6.7 | 1153 | OpenBSD 6.8 August 27, 2020 OpenBSD 6.8 |