diff options
Diffstat (limited to 'sshd_config.5')
-rw-r--r-- | sshd_config.5 | 25 |
1 files changed, 18 insertions, 7 deletions
diff --git a/sshd_config.5 b/sshd_config.5 index b294efc2d..6fa421cae 100644 --- a/sshd_config.5 +++ b/sshd_config.5 | |||
@@ -33,8 +33,8 @@ | |||
33 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 33 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
34 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 34 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
35 | .\" | 35 | .\" |
36 | .\" $OpenBSD: sshd_config.5,v 1.311 2020/04/17 06:12:41 jmc Exp $ | 36 | .\" $OpenBSD: sshd_config.5,v 1.315 2020/08/27 12:34:00 jmc Exp $ |
37 | .Dd $Mdocdate: April 17 2020 $ | 37 | .Dd $Mdocdate: August 27 2020 $ |
38 | .Dt SSHD_CONFIG 5 | 38 | .Dt SSHD_CONFIG 5 |
39 | .Os | 39 | .Os |
40 | .Sh NAME | 40 | .Sh NAME |
@@ -817,7 +817,7 @@ The default is | |||
817 | Include the specified configuration file(s). | 817 | Include the specified configuration file(s). |
818 | Multiple pathnames may be specified and each pathname may contain | 818 | Multiple pathnames may be specified and each pathname may contain |
819 | .Xr glob 7 | 819 | .Xr glob 7 |
820 | wildcards. | 820 | wildcards that will be expanded and processed in lexical order. |
821 | Files without absolute paths are assumed to be in | 821 | Files without absolute paths are assumed to be in |
822 | .Pa /etc/ssh . | 822 | .Pa /etc/ssh . |
823 | An | 823 | An |
@@ -1476,11 +1476,12 @@ The list of available key types may also be obtained using | |||
1476 | .Qq ssh -Q PubkeyAcceptedKeyTypes . | 1476 | .Qq ssh -Q PubkeyAcceptedKeyTypes . |
1477 | .It Cm PubkeyAuthOptions | 1477 | .It Cm PubkeyAuthOptions |
1478 | Sets one or more public key authentication options. | 1478 | Sets one or more public key authentication options. |
1479 | Two option keywords are currently supported: | 1479 | The supported keywords are: |
1480 | .Cm none | 1480 | .Cm none |
1481 | (the default; indicating no additional options are enabled) | 1481 | (the default; indicating no additional options are enabled), |
1482 | .Cm touch-required | ||
1482 | and | 1483 | and |
1483 | .Cm touch-required . | 1484 | .Cm verify-required . |
1484 | .Pp | 1485 | .Pp |
1485 | The | 1486 | The |
1486 | .Cm touch-required | 1487 | .Cm touch-required |
@@ -1497,7 +1498,17 @@ requires user presence unless overridden with an authorized_keys option. | |||
1497 | The | 1498 | The |
1498 | .Cm touch-required | 1499 | .Cm touch-required |
1499 | flag disables this override. | 1500 | flag disables this override. |
1500 | This option has no effect for other, non-authenticator public key types. | 1501 | .Pp |
1502 | The | ||
1503 | .Cm verify-required | ||
1504 | option requires a FIDO key signature attest that the user was verified, | ||
1505 | e.g. via a PIN. | ||
1506 | .Pp | ||
1507 | Neither the | ||
1508 | .Cm touch-required | ||
1509 | or | ||
1510 | .Cm verify-required | ||
1511 | options have any effect for other, non-FIDO, public key types. | ||
1501 | .It Cm PubkeyAuthentication | 1512 | .It Cm PubkeyAuthentication |
1502 | Specifies whether public key authentication is allowed. | 1513 | Specifies whether public key authentication is allowed. |
1503 | The default is | 1514 | The default is |