diff options
Diffstat (limited to 'sshd_config.5')
-rw-r--r-- | sshd_config.5 | 25 |
1 files changed, 24 insertions, 1 deletions
diff --git a/sshd_config.5 b/sshd_config.5 index 0fb0b837d..05f3374fb 100644 --- a/sshd_config.5 +++ b/sshd_config.5 | |||
@@ -33,7 +33,7 @@ | |||
33 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 33 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
34 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 34 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
35 | .\" | 35 | .\" |
36 | .\" $OpenBSD: sshd_config.5,v 1.148 2012/11/04 10:38:43 djm Exp $ | 36 | .\" $OpenBSD: sshd_config.5,v 1.149 2012/11/04 11:09:15 djm Exp $ |
37 | .Dd $Mdocdate: November 4 2012 $ | 37 | .Dd $Mdocdate: November 4 2012 $ |
38 | .Dt SSHD_CONFIG 5 | 38 | .Dt SSHD_CONFIG 5 |
39 | .Os | 39 | .Os |
@@ -151,6 +151,28 @@ See | |||
151 | in | 151 | in |
152 | .Xr ssh_config 5 | 152 | .Xr ssh_config 5 |
153 | for more information on patterns. | 153 | for more information on patterns. |
154 | .It Cm AuthenticationMethods | ||
155 | Specifies the authentication methods that must be successfully completed | ||
156 | for a user to be granted access. | ||
157 | This option must be followed by one or more comma-separated lists of | ||
158 | authentication method names. | ||
159 | Successful authentication requires completion of every method in at least | ||
160 | one of these lists. | ||
161 | .Pp | ||
162 | For example, an argument of | ||
163 | .Dq publickey,password publickey,keyboard-interactive | ||
164 | would require the user to complete public key authentication, followed by | ||
165 | either password or keyboard interactive authentication. | ||
166 | Only methods that are next in one or more lists are offered at each stage, | ||
167 | so for this example, it would not be possible to attempt password or | ||
168 | keyboard-interactive authentication before public key. | ||
169 | .Pp | ||
170 | This option is only available for SSH protocol 2 and will yield a fatal | ||
171 | error if enabled if protocol 1 is also enabled. | ||
172 | Note that each authentication method listed should also be explicitly enabled | ||
173 | in the configuration. | ||
174 | The default is not to require multiple authentication; successful completion | ||
175 | of a single authentication method is sufficient. | ||
154 | .It Cm AuthorizedKeysCommand | 176 | .It Cm AuthorizedKeysCommand |
155 | Specifies a program to be used to look up the user's public keys. | 177 | Specifies a program to be used to look up the user's public keys. |
156 | The program will be invoked with a single argument of the username | 178 | The program will be invoked with a single argument of the username |
@@ -728,6 +750,7 @@ Available keywords are | |||
728 | .Cm AllowGroups , | 750 | .Cm AllowGroups , |
729 | .Cm AllowTcpForwarding , | 751 | .Cm AllowTcpForwarding , |
730 | .Cm AllowUsers , | 752 | .Cm AllowUsers , |
753 | .Cm AuthenticationMethods , | ||
731 | .Cm AuthorizedKeysCommand , | 754 | .Cm AuthorizedKeysCommand , |
732 | .Cm AuthorizedKeysCommandUser , | 755 | .Cm AuthorizedKeysCommandUser , |
733 | .Cm AuthorizedKeysFile , | 756 | .Cm AuthorizedKeysFile , |