diff options
Diffstat (limited to 'sshd_config.5')
| -rw-r--r-- | sshd_config.5 | 25 |
1 files changed, 18 insertions, 7 deletions
diff --git a/sshd_config.5 b/sshd_config.5 index 88db4db07..a555e7ec3 100644 --- a/sshd_config.5 +++ b/sshd_config.5 | |||
| @@ -33,8 +33,8 @@ | |||
| 33 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 33 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
| 34 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 34 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
| 35 | .\" | 35 | .\" |
| 36 | .\" $OpenBSD: sshd_config.5,v 1.311 2020/04/17 06:12:41 jmc Exp $ | 36 | .\" $OpenBSD: sshd_config.5,v 1.315 2020/08/27 12:34:00 jmc Exp $ |
| 37 | .Dd $Mdocdate: April 17 2020 $ | 37 | .Dd $Mdocdate: August 27 2020 $ |
| 38 | .Dt SSHD_CONFIG 5 | 38 | .Dt SSHD_CONFIG 5 |
| 39 | .Os | 39 | .Os |
| 40 | .Sh NAME | 40 | .Sh NAME |
| @@ -880,7 +880,7 @@ The default is | |||
| 880 | Include the specified configuration file(s). | 880 | Include the specified configuration file(s). |
| 881 | Multiple pathnames may be specified and each pathname may contain | 881 | Multiple pathnames may be specified and each pathname may contain |
| 882 | .Xr glob 7 | 882 | .Xr glob 7 |
| 883 | wildcards. | 883 | wildcards that will be expanded and processed in lexical order. |
| 884 | Files without absolute paths are assumed to be in | 884 | Files without absolute paths are assumed to be in |
| 885 | .Pa /etc/ssh . | 885 | .Pa /etc/ssh . |
| 886 | An | 886 | An |
| @@ -1537,11 +1537,12 @@ The list of available key types may also be obtained using | |||
| 1537 | .Qq ssh -Q PubkeyAcceptedKeyTypes . | 1537 | .Qq ssh -Q PubkeyAcceptedKeyTypes . |
| 1538 | .It Cm PubkeyAuthOptions | 1538 | .It Cm PubkeyAuthOptions |
| 1539 | Sets one or more public key authentication options. | 1539 | Sets one or more public key authentication options. |
| 1540 | Two option keywords are currently supported: | 1540 | The supported keywords are: |
| 1541 | .Cm none | 1541 | .Cm none |
| 1542 | (the default; indicating no additional options are enabled) | 1542 | (the default; indicating no additional options are enabled), |
| 1543 | .Cm touch-required | ||
| 1543 | and | 1544 | and |
| 1544 | .Cm touch-required . | 1545 | .Cm verify-required . |
| 1545 | .Pp | 1546 | .Pp |
| 1546 | The | 1547 | The |
| 1547 | .Cm touch-required | 1548 | .Cm touch-required |
| @@ -1558,7 +1559,17 @@ requires user presence unless overridden with an authorized_keys option. | |||
| 1558 | The | 1559 | The |
| 1559 | .Cm touch-required | 1560 | .Cm touch-required |
| 1560 | flag disables this override. | 1561 | flag disables this override. |
| 1561 | This option has no effect for other, non-authenticator public key types. | 1562 | .Pp |
| 1563 | The | ||
| 1564 | .Cm verify-required | ||
| 1565 | option requires a FIDO key signature attest that the user was verified, | ||
| 1566 | e.g. via a PIN. | ||
| 1567 | .Pp | ||
| 1568 | Neither the | ||
| 1569 | .Cm touch-required | ||
| 1570 | or | ||
| 1571 | .Cm verify-required | ||
| 1572 | options have any effect for other, non-FIDO, public key types. | ||
| 1562 | .It Cm PubkeyAuthentication | 1573 | .It Cm PubkeyAuthentication |
| 1563 | Specifies whether public key authentication is allowed. | 1574 | Specifies whether public key authentication is allowed. |
| 1564 | The default is | 1575 | The default is |