1 files changed, 39 insertions, 6 deletions
diff --git a/sshd_config.5 b/sshd_config.5
index 522ac103f..39ef781ff 100644
--- a/sshd_config.5
+++ b/sshd_config.5
@@ -34,8 +34,8 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: sshd_config.5,v 1.106 2009/04/21 15:13:17 stevesk Exp $
+.\" $OpenBSD: sshd_config.5,v 1.120 2010/03/04 23:17:25 djm Exp $
-.Dd $Mdocdate: April 21 2009 $
+.Dd $Mdocdate: March 4 2010 $
 .Dt SSHD_CONFIG 5
 .Os
 .Sh NAME
@@ -208,16 +208,16 @@ PAM).
 The default is
 .Dq yes .
 .It Cm ChrootDirectory
-Specifies a path to
+Specifies the pathname of a directory to
 .Xr chroot 2
 to after authentication.
-This path, and all its components, must be root-owned directories that are
+All components of the pathname must be root-owned directories that are
 not writable by any other user or group.
 After the chroot,
 .Xr sshd 8
 changes the working directory to the user's home directory.
 .Pp
-The path may contain the following tokens that are expanded at runtime once
+The pathname may contain the following tokens that are expanded at runtime once
 the connecting user has been authenticated: %% is replaced by a literal '%',
 %h is replaced by the home directory of the user being authenticated, and
 %u is replaced by the username of that user.
@@ -470,6 +470,14 @@ uses the name supplied by the client rather than
 attempting to resolve the name from the TCP connection itself.
 The default is
 .Dq no .
+.It Cm HostCertificate
+Specifies a file containing a public host certificate.
+The certificate's public key must match a private host key already specified
+by
+.Cm HostKey .
+The default behaviour of
+.Xr sshd 8
+is not to load any certificates.
 .It Cm HostKey
 Specifies a file containing a private host key
 used by SSH.
@@ -673,6 +681,7 @@ Available keywords are
 .Cm PermitEmptyPasswords ,
 .Cm PermitOpen ,
 .Cm PermitRootLogin ,
+.Cm PubkeyAuthentication ,
 .Cm RhostsRSAAuthentication ,
 .Cm RSAAuthentication ,
 .Cm X11DisplayOffset ,
@@ -865,7 +874,7 @@ and
 .Sq 2 .
 Multiple versions must be comma-separated.
 The default is
-.Dq 2,1 .
+.Sq 2 .
 Note that the order of the protocol list does not indicate preference,
 because the client selects among multiple protocol versions offered
 by the server.
@@ -878,6 +887,11 @@ Specifies whether public key authentication is allowed.
 The default is
 .Dq yes .
 Note that this option applies to protocol version 2 only.
+.It Cm RevokedKeys
+Specifies a list of revoked public keys.
+Keys listed in this file will be refused for public key authentication.
+Note that if this file is not readable, then public key authentication will
+be refused for all users.
 .It Cm RhostsRSAAuthentication
 Specifies whether rhosts or /etc/hosts.equiv authentication together
 with successful RSA host authentication is allowed.
@@ -901,6 +915,9 @@ This is normally desirable because novices sometimes accidentally leave their
 directory or files world-writable.
 The default is
 .Dq yes .
+Note that this does not apply to
+.Cm ChrootDirectory ,
+whose permissions and ownership are checked unconditionally.
 .It Cm Subsystem
 Configures an external subsystem (e.g. file transfer daemon).
 Arguments should be a subsystem name and a command (with optional arguments)
@@ -953,6 +970,22 @@ To disable TCP keepalive messages, the value should be set to
 .Pp
 This option was formerly called
 .Cm KeepAlive .
+.It Cm TrustedUserCAKeys
+Specifies a file containing public keys of certificate authorities that are
+trusted to sign user certificates for authentication.
+Keys are listed one per line; empty lines and comments starting with
+.Ql #
+are allowed.
+If a certificate is presented for authentication and has its signing CA key
+listed in this file, then it may be used for authentication for any user
+listed in the certificate's principals list.
+Note that certificates that lack a list of principals will not be permitted
+for authentication using
+.Cm TrustedUserCAKeys .
+For more details on certificates, see the
+.Sx CERTIFICATES
+section in
+.Xr ssh-keygen 1 .
 .It Cm UseDNS
 Specifies whether
 .Xr sshd 8

diff --git a/sshd_config.5 b/sshd_config.5 index 522ac103f..39ef781ff 100644 --- a/sshd_config.5 +++ b/sshd_config.5
@@ -34,8 +34,8 @@
34	.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF	34	.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
35	.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.	35	.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
36	.\"	36	.\"
37	.\" $OpenBSD: sshd_config.5,v 1.106 2009/04/21 15:13:17 stevesk Exp $	37	.\" $OpenBSD: sshd_config.5,v 1.120 2010/03/04 23:17:25 djm Exp $
38	.Dd $Mdocdate: April 21 2009 $	38	.Dd $Mdocdate: March 4 2010 $
39	.Dt SSHD_CONFIG 5	39	.Dt SSHD_CONFIG 5
40	.Os	40	.Os
41	.Sh NAME	41	.Sh NAME
@@ -208,16 +208,16 @@ PAM).
208	The default is	208	The default is
209	.Dq yes .	209	.Dq yes .
210	.It Cm ChrootDirectory	210	.It Cm ChrootDirectory
211	Specifies a path to	211	Specifies the pathname of a directory to
212	.Xr chroot 2	212	.Xr chroot 2
213	to after authentication.	213	to after authentication.
214	This path, and all its components, must be root-owned directories that are	214	All components of the pathname must be root-owned directories that are
215	not writable by any other user or group.	215	not writable by any other user or group.
216	After the chroot,	216	After the chroot,
217	.Xr sshd 8	217	.Xr sshd 8
218	changes the working directory to the user's home directory.	218	changes the working directory to the user's home directory.
219	.Pp	219	.Pp
220	The path may contain the following tokens that are expanded at runtime once	220	The pathname may contain the following tokens that are expanded at runtime once
221	the connecting user has been authenticated: %% is replaced by a literal '%',	221	the connecting user has been authenticated: %% is replaced by a literal '%',
222	%h is replaced by the home directory of the user being authenticated, and	222	%h is replaced by the home directory of the user being authenticated, and
223	%u is replaced by the username of that user.	223	%u is replaced by the username of that user.
@@ -470,6 +470,14 @@ uses the name supplied by the client rather than
470	attempting to resolve the name from the TCP connection itself.	470	attempting to resolve the name from the TCP connection itself.
471	The default is	471	The default is
472	.Dq no .	472	.Dq no .
		473	.It Cm HostCertificate
		474	Specifies a file containing a public host certificate.
		475	The certificate's public key must match a private host key already specified
		476	by
		477	.Cm HostKey .
		478	The default behaviour of
		479	.Xr sshd 8
		480	is not to load any certificates.
473	.It Cm HostKey	481	.It Cm HostKey
474	Specifies a file containing a private host key	482	Specifies a file containing a private host key
475	used by SSH.	483	used by SSH.
@@ -673,6 +681,7 @@ Available keywords are
673	.Cm PermitEmptyPasswords ,	681	.Cm PermitEmptyPasswords ,
674	.Cm PermitOpen ,	682	.Cm PermitOpen ,
675	.Cm PermitRootLogin ,	683	.Cm PermitRootLogin ,
		684	.Cm PubkeyAuthentication ,
676	.Cm RhostsRSAAuthentication ,	685	.Cm RhostsRSAAuthentication ,
677	.Cm RSAAuthentication ,	686	.Cm RSAAuthentication ,
678	.Cm X11DisplayOffset ,	687	.Cm X11DisplayOffset ,
@@ -865,7 +874,7 @@ and
865	.Sq 2 .	874	.Sq 2 .
866	Multiple versions must be comma-separated.	875	Multiple versions must be comma-separated.
867	The default is	876	The default is
868	.Dq 2,1 .	877	.Sq 2 .
869	Note that the order of the protocol list does not indicate preference,	878	Note that the order of the protocol list does not indicate preference,
870	because the client selects among multiple protocol versions offered	879	because the client selects among multiple protocol versions offered
871	by the server.	880	by the server.
@@ -878,6 +887,11 @@ Specifies whether public key authentication is allowed.
878	The default is	887	The default is
879	.Dq yes .	888	.Dq yes .
880	Note that this option applies to protocol version 2 only.	889	Note that this option applies to protocol version 2 only.
		890	.It Cm RevokedKeys
		891	Specifies a list of revoked public keys.
		892	Keys listed in this file will be refused for public key authentication.
		893	Note that if this file is not readable, then public key authentication will
		894	be refused for all users.
881	.It Cm RhostsRSAAuthentication	895	.It Cm RhostsRSAAuthentication
882	Specifies whether rhosts or /etc/hosts.equiv authentication together	896	Specifies whether rhosts or /etc/hosts.equiv authentication together
883	with successful RSA host authentication is allowed.	897	with successful RSA host authentication is allowed.
@@ -901,6 +915,9 @@ This is normally desirable because novices sometimes accidentally leave their
901	directory or files world-writable.	915	directory or files world-writable.
902	The default is	916	The default is
903	.Dq yes .	917	.Dq yes .
		918	Note that this does not apply to
		919	.Cm ChrootDirectory ,
		920	whose permissions and ownership are checked unconditionally.
904	.It Cm Subsystem	921	.It Cm Subsystem
905	Configures an external subsystem (e.g. file transfer daemon).	922	Configures an external subsystem (e.g. file transfer daemon).
906	Arguments should be a subsystem name and a command (with optional arguments)	923	Arguments should be a subsystem name and a command (with optional arguments)
@@ -953,6 +970,22 @@ To disable TCP keepalive messages, the value should be set to
953	.Pp	970	.Pp
954	This option was formerly called	971	This option was formerly called
955	.Cm KeepAlive .	972	.Cm KeepAlive .
		973	.It Cm TrustedUserCAKeys
		974	Specifies a file containing public keys of certificate authorities that are
		975	trusted to sign user certificates for authentication.
		976	Keys are listed one per line; empty lines and comments starting with
		977	.Ql #
		978	are allowed.
		979	If a certificate is presented for authentication and has its signing CA key
		980	listed in this file, then it may be used for authentication for any user
		981	listed in the certificate's principals list.
		982	Note that certificates that lack a list of principals will not be permitted
		983	for authentication using
		984	.Cm TrustedUserCAKeys .
		985	For more details on certificates, see the
		986	.Sx CERTIFICATES
		987	section in
		988	.Xr ssh-keygen 1 .
956	.It Cm UseDNS	989	.It Cm UseDNS
957	Specifies whether	990	Specifies whether
958	.Xr sshd 8	991	.Xr sshd 8