diff options
Diffstat (limited to 'sshd_config.5')
-rw-r--r-- | sshd_config.5 | 25 |
1 files changed, 18 insertions, 7 deletions
diff --git a/sshd_config.5 b/sshd_config.5 index 88db4db07..a555e7ec3 100644 --- a/sshd_config.5 +++ b/sshd_config.5 | |||
@@ -33,8 +33,8 @@ | |||
33 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 33 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
34 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 34 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
35 | .\" | 35 | .\" |
36 | .\" $OpenBSD: sshd_config.5,v 1.311 2020/04/17 06:12:41 jmc Exp $ | 36 | .\" $OpenBSD: sshd_config.5,v 1.315 2020/08/27 12:34:00 jmc Exp $ |
37 | .Dd $Mdocdate: April 17 2020 $ | 37 | .Dd $Mdocdate: August 27 2020 $ |
38 | .Dt SSHD_CONFIG 5 | 38 | .Dt SSHD_CONFIG 5 |
39 | .Os | 39 | .Os |
40 | .Sh NAME | 40 | .Sh NAME |
@@ -880,7 +880,7 @@ The default is | |||
880 | Include the specified configuration file(s). | 880 | Include the specified configuration file(s). |
881 | Multiple pathnames may be specified and each pathname may contain | 881 | Multiple pathnames may be specified and each pathname may contain |
882 | .Xr glob 7 | 882 | .Xr glob 7 |
883 | wildcards. | 883 | wildcards that will be expanded and processed in lexical order. |
884 | Files without absolute paths are assumed to be in | 884 | Files without absolute paths are assumed to be in |
885 | .Pa /etc/ssh . | 885 | .Pa /etc/ssh . |
886 | An | 886 | An |
@@ -1537,11 +1537,12 @@ The list of available key types may also be obtained using | |||
1537 | .Qq ssh -Q PubkeyAcceptedKeyTypes . | 1537 | .Qq ssh -Q PubkeyAcceptedKeyTypes . |
1538 | .It Cm PubkeyAuthOptions | 1538 | .It Cm PubkeyAuthOptions |
1539 | Sets one or more public key authentication options. | 1539 | Sets one or more public key authentication options. |
1540 | Two option keywords are currently supported: | 1540 | The supported keywords are: |
1541 | .Cm none | 1541 | .Cm none |
1542 | (the default; indicating no additional options are enabled) | 1542 | (the default; indicating no additional options are enabled), |
1543 | .Cm touch-required | ||
1543 | and | 1544 | and |
1544 | .Cm touch-required . | 1545 | .Cm verify-required . |
1545 | .Pp | 1546 | .Pp |
1546 | The | 1547 | The |
1547 | .Cm touch-required | 1548 | .Cm touch-required |
@@ -1558,7 +1559,17 @@ requires user presence unless overridden with an authorized_keys option. | |||
1558 | The | 1559 | The |
1559 | .Cm touch-required | 1560 | .Cm touch-required |
1560 | flag disables this override. | 1561 | flag disables this override. |
1561 | This option has no effect for other, non-authenticator public key types. | 1562 | .Pp |
1563 | The | ||
1564 | .Cm verify-required | ||
1565 | option requires a FIDO key signature attest that the user was verified, | ||
1566 | e.g. via a PIN. | ||
1567 | .Pp | ||
1568 | Neither the | ||
1569 | .Cm touch-required | ||
1570 | or | ||
1571 | .Cm verify-required | ||
1572 | options have any effect for other, non-FIDO, public key types. | ||
1562 | .It Cm PubkeyAuthentication | 1573 | .It Cm PubkeyAuthentication |
1563 | Specifies whether public key authentication is allowed. | 1574 | Specifies whether public key authentication is allowed. |
1564 | The default is | 1575 | The default is |