From f1c4d8ec52158b6f57834b8cd839605b0a33e7f2 Mon Sep 17 00:00:00 2001
From: "djm@openbsd.org" <djm@openbsd.org>
Date: Mon, 22 Dec 2014 08:04:23 +0000
Subject: upstream commit

correct description of what will happen when a
 AuthorizedKeysCommand is specified but AuthorizedKeysCommandUser is not (sshd
 will refuse to start)
---
 sshd_config.5 | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/sshd_config.5 b/sshd_config.5
index d2ab28136..40a1dbdea 100644
--- a/sshd_config.5
+++ b/sshd_config.5
@@ -33,7 +33,7 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: sshd_config.5,v 1.185 2014/12/22 07:51:30 djm Exp $
+.\" $OpenBSD: sshd_config.5,v 1.186 2014/12/22 08:04:23 djm Exp $
 .Dd $Mdocdate: December 22 2014 $
 .Dt SSHD_CONFIG 5
 .Os
@@ -244,9 +244,13 @@ By default, no AuthorizedKeysCommand is run.
 Specifies the user under whose account the AuthorizedKeysCommand is run.
 It is recommended to use a dedicated user that has no other role on the host
 than running authorized keys commands.
-If no user is specified then
+If
 .Cm AuthorizedKeysCommand
-is ignored.
+is specified but
+.Cm AuthorizedKeysCommandUser
+is not, then
+.Xr sshd 8
+will refuse to start.
 .It Cm AuthorizedKeysFile
 Specifies the file that contains the public keys that can be used
 for user authentication.
-- 
cgit v1.2.3