From d8a9021f3652d8ab99d0fed2460420c3eb4e10a2 Mon Sep 17 00:00:00 2001 From: Ben Lindstrom Date: Thu, 15 Feb 2001 03:08:27 +0000 Subject: - markus@cvs.openbsd.org 2001/02/12 16:16:23 [auth-passwd.c auth.c auth.h auth1.c auth2.c servconf.c servconf.h ssh-keygen.c sshd.8] PermitRootLogin={yes,without-password,forced-commands-only,no} (before this change, root could login even if PermitRootLogin==no) --- sshd.8 | 21 +++++++++++++-------- 1 file changed, 13 insertions(+), 8 deletions(-) (limited to 'sshd.8') diff --git a/sshd.8 b/sshd.8 index 1b1e9645c..79c184330 100644 --- a/sshd.8 +++ b/sshd.8 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd.8,v 1.93 2001/02/11 12:59:25 markus Exp $ +.\" $OpenBSD: sshd.8,v 1.94 2001/02/12 16:16:24 markus Exp $ .Dd September 25, 1999 .Dt SSHD 8 .Os @@ -552,21 +552,26 @@ Specifies whether the root can log in using .Xr ssh 1 . The argument must be .Dq yes , -.Dq without-password +.Dq without-password , +.Dq forced-commands-only or .Dq no . The default is .Dq yes . -If this options is set to +.Pp +If this option is set to .Dq without-password -only password authentication is disabled for root. +password authentication is disabled for root. .Pp -Root login with RSA authentication when the +If this option is set to +.Dq forced-commands-only +root login with public key authentication will be allowed, +but only if the .Ar command -option has been -specified will be allowed regardless of the value of this setting +option has been specified (which may be useful for taking remote backups even if root login is -normally not allowed). +normally not allowed). All other authentication methods are disabled +for root. .It Cm PidFile Specifies the file that contains the process identifier of the .Nm -- cgit v1.2.3