1 files changed, 14 insertions, 0 deletions
diff --git a/sshd_config.5 b/sshd_config.5
index a7a7227b2..dab26e079 100644
--- a/sshd_config.5
+++ b/sshd_config.5
@@ -615,6 +615,20 @@ are refused if the number of unauthenticated connections reaches
 Specifies whether password authentication is allowed.
 The default is
 .Dq yes .
+.It Cm PermitBlacklistedKeys
+Specifies whether
+.Xr sshd 8
+should allow keys recorded in its blacklist of known-compromised keys (see
+.Xr ssh-vulnkey 1 ) .
+If
+.Dq yes ,
+then attempts to authenticate with compromised keys will be logged but
+accepted.
+If
+.Dq no ,
+then attempts to authenticate with compromised keys will be rejected.
+The default is
+.Dq no .
 .It Cm PermitEmptyPasswords
 When password authentication is allowed, it specifies whether the
 server allows login to accounts with empty password strings.

diff --git a/sshd_config.5 b/sshd_config.5 index a7a7227b2..dab26e079 100644 --- a/sshd_config.5 +++ b/sshd_config.5
@@ -615,6 +615,20 @@ are refused if the number of unauthenticated connections reaches
615	Specifies whether password authentication is allowed.	615	Specifies whether password authentication is allowed.
616	The default is	616	The default is
617	.Dq yes .	617	.Dq yes .
		618	.It Cm PermitBlacklistedKeys
		619	Specifies whether
		620	.Xr sshd 8
		621	should allow keys recorded in its blacklist of known-compromised keys (see
		622	.Xr ssh-vulnkey 1 ) .
		623	If
		624	.Dq yes ,
		625	then attempts to authenticate with compromised keys will be logged but
		626	accepted.
		627	If
		628	.Dq no ,
		629	then attempts to authenticate with compromised keys will be rejected.
		630	The default is
		631	.Dq no .
618	.It Cm PermitEmptyPasswords	632	.It Cm PermitEmptyPasswords
619	When password authentication is allowed, it specifies whether the	633	When password authentication is allowed, it specifies whether the
620	server allows login to accounts with empty password strings.	634	server allows login to accounts with empty password strings.