diff options
Diffstat (limited to 'sshd_config.5')
| -rw-r--r-- | sshd_config.5 | 25 |
1 files changed, 18 insertions, 7 deletions
diff --git a/sshd_config.5 b/sshd_config.5 index b294efc2d..6fa421cae 100644 --- a/sshd_config.5 +++ b/sshd_config.5 | |||
| @@ -33,8 +33,8 @@ | |||
| 33 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 33 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
| 34 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 34 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
| 35 | .\" | 35 | .\" |
| 36 | .\" $OpenBSD: sshd_config.5,v 1.311 2020/04/17 06:12:41 jmc Exp $ | 36 | .\" $OpenBSD: sshd_config.5,v 1.315 2020/08/27 12:34:00 jmc Exp $ |
| 37 | .Dd $Mdocdate: April 17 2020 $ | 37 | .Dd $Mdocdate: August 27 2020 $ |
| 38 | .Dt SSHD_CONFIG 5 | 38 | .Dt SSHD_CONFIG 5 |
| 39 | .Os | 39 | .Os |
| 40 | .Sh NAME | 40 | .Sh NAME |
| @@ -817,7 +817,7 @@ The default is | |||
| 817 | Include the specified configuration file(s). | 817 | Include the specified configuration file(s). |
| 818 | Multiple pathnames may be specified and each pathname may contain | 818 | Multiple pathnames may be specified and each pathname may contain |
| 819 | .Xr glob 7 | 819 | .Xr glob 7 |
| 820 | wildcards. | 820 | wildcards that will be expanded and processed in lexical order. |
| 821 | Files without absolute paths are assumed to be in | 821 | Files without absolute paths are assumed to be in |
| 822 | .Pa /etc/ssh . | 822 | .Pa /etc/ssh . |
| 823 | An | 823 | An |
| @@ -1476,11 +1476,12 @@ The list of available key types may also be obtained using | |||
| 1476 | .Qq ssh -Q PubkeyAcceptedKeyTypes . | 1476 | .Qq ssh -Q PubkeyAcceptedKeyTypes . |
| 1477 | .It Cm PubkeyAuthOptions | 1477 | .It Cm PubkeyAuthOptions |
| 1478 | Sets one or more public key authentication options. | 1478 | Sets one or more public key authentication options. |
| 1479 | Two option keywords are currently supported: | 1479 | The supported keywords are: |
| 1480 | .Cm none | 1480 | .Cm none |
| 1481 | (the default; indicating no additional options are enabled) | 1481 | (the default; indicating no additional options are enabled), |
| 1482 | .Cm touch-required | ||
| 1482 | and | 1483 | and |
| 1483 | .Cm touch-required . | 1484 | .Cm verify-required . |
| 1484 | .Pp | 1485 | .Pp |
| 1485 | The | 1486 | The |
| 1486 | .Cm touch-required | 1487 | .Cm touch-required |
| @@ -1497,7 +1498,17 @@ requires user presence unless overridden with an authorized_keys option. | |||
| 1497 | The | 1498 | The |
| 1498 | .Cm touch-required | 1499 | .Cm touch-required |
| 1499 | flag disables this override. | 1500 | flag disables this override. |
| 1500 | This option has no effect for other, non-authenticator public key types. | 1501 | .Pp |
| 1502 | The | ||
| 1503 | .Cm verify-required | ||
| 1504 | option requires a FIDO key signature attest that the user was verified, | ||
| 1505 | e.g. via a PIN. | ||
| 1506 | .Pp | ||
| 1507 | Neither the | ||
| 1508 | .Cm touch-required | ||
| 1509 | or | ||
| 1510 | .Cm verify-required | ||
| 1511 | options have any effect for other, non-FIDO, public key types. | ||
| 1501 | .It Cm PubkeyAuthentication | 1512 | .It Cm PubkeyAuthentication |
| 1502 | Specifies whether public key authentication is allowed. | 1513 | Specifies whether public key authentication is allowed. |
| 1503 | The default is | 1514 | The default is |