diff options
Diffstat (limited to 'sshd_config.5')
| -rw-r--r-- | sshd_config.5 | 25 |
1 files changed, 24 insertions, 1 deletions
diff --git a/sshd_config.5 b/sshd_config.5 index 0fb0b837d..05f3374fb 100644 --- a/sshd_config.5 +++ b/sshd_config.5 | |||
| @@ -33,7 +33,7 @@ | |||
| 33 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 33 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
| 34 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 34 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
| 35 | .\" | 35 | .\" |
| 36 | .\" $OpenBSD: sshd_config.5,v 1.148 2012/11/04 10:38:43 djm Exp $ | 36 | .\" $OpenBSD: sshd_config.5,v 1.149 2012/11/04 11:09:15 djm Exp $ |
| 37 | .Dd $Mdocdate: November 4 2012 $ | 37 | .Dd $Mdocdate: November 4 2012 $ |
| 38 | .Dt SSHD_CONFIG 5 | 38 | .Dt SSHD_CONFIG 5 |
| 39 | .Os | 39 | .Os |
| @@ -151,6 +151,28 @@ See | |||
| 151 | in | 151 | in |
| 152 | .Xr ssh_config 5 | 152 | .Xr ssh_config 5 |
| 153 | for more information on patterns. | 153 | for more information on patterns. |
| 154 | .It Cm AuthenticationMethods | ||
| 155 | Specifies the authentication methods that must be successfully completed | ||
| 156 | for a user to be granted access. | ||
| 157 | This option must be followed by one or more comma-separated lists of | ||
| 158 | authentication method names. | ||
| 159 | Successful authentication requires completion of every method in at least | ||
| 160 | one of these lists. | ||
| 161 | .Pp | ||
| 162 | For example, an argument of | ||
| 163 | .Dq publickey,password publickey,keyboard-interactive | ||
| 164 | would require the user to complete public key authentication, followed by | ||
| 165 | either password or keyboard interactive authentication. | ||
| 166 | Only methods that are next in one or more lists are offered at each stage, | ||
| 167 | so for this example, it would not be possible to attempt password or | ||
| 168 | keyboard-interactive authentication before public key. | ||
| 169 | .Pp | ||
| 170 | This option is only available for SSH protocol 2 and will yield a fatal | ||
| 171 | error if enabled if protocol 1 is also enabled. | ||
| 172 | Note that each authentication method listed should also be explicitly enabled | ||
| 173 | in the configuration. | ||
| 174 | The default is not to require multiple authentication; successful completion | ||
| 175 | of a single authentication method is sufficient. | ||
| 154 | .It Cm AuthorizedKeysCommand | 176 | .It Cm AuthorizedKeysCommand |
| 155 | Specifies a program to be used to look up the user's public keys. | 177 | Specifies a program to be used to look up the user's public keys. |
| 156 | The program will be invoked with a single argument of the username | 178 | The program will be invoked with a single argument of the username |
| @@ -728,6 +750,7 @@ Available keywords are | |||
| 728 | .Cm AllowGroups , | 750 | .Cm AllowGroups , |
| 729 | .Cm AllowTcpForwarding , | 751 | .Cm AllowTcpForwarding , |
| 730 | .Cm AllowUsers , | 752 | .Cm AllowUsers , |
| 753 | .Cm AuthenticationMethods , | ||
| 731 | .Cm AuthorizedKeysCommand , | 754 | .Cm AuthorizedKeysCommand , |
| 732 | .Cm AuthorizedKeysCommandUser , | 755 | .Cm AuthorizedKeysCommandUser , |
| 733 | .Cm AuthorizedKeysFile , | 756 | .Cm AuthorizedKeysFile , |