version 1.220, 2015/09/22 08:33:23 |
version 1.221, 2015/09/24 06:15:11 |
|
|
or |
or |
.Dq *.c.example.com |
.Dq *.c.example.com |
domains. |
domains. |
|
.It Cm CertificateFile |
|
Specifies a file from which the user's certificate is read. |
|
A corresponding private key must be provided separately in order |
|
to use this certificate either |
|
from an |
|
.Cm IdentityFile |
|
directive or |
|
.Fl i |
|
flag to |
|
.Xr ssh 1 , |
|
via |
|
.Xr ssh-agent 1 , |
|
or via a |
|
.Cm PKCS11Provider . |
|
.Pp |
|
The file name may use the tilde |
|
syntax to refer to a user's home directory or one of the following |
|
escape characters: |
|
.Ql %d |
|
(local user's home directory), |
|
.Ql %u |
|
(local user name), |
|
.Ql %l |
|
(local host name), |
|
.Ql %h |
|
(remote host name) or |
|
.Ql %r |
|
(remote user name). |
|
.Pp |
|
It is possible to have multiple certificate files specified in |
|
configuration files; these certificates will be tried in sequence. |
|
Multiple |
|
.Cm CertificateFile |
|
directives will add to the list of certificates used for |
|
authentication. |
.It Cm ChallengeResponseAuthentication |
.It Cm ChallengeResponseAuthentication |
Specifies whether to use challenge-response authentication. |
Specifies whether to use challenge-response authentication. |
The argument to this keyword must be |
The argument to this keyword must be |
|
|
.It Cm IdentitiesOnly |
.It Cm IdentitiesOnly |
Specifies that |
Specifies that |
.Xr ssh 1 |
.Xr ssh 1 |
should only use the authentication identity files configured in the |
should only use the authentication identity and certificate files explicitly |
|
configured in the |
.Nm |
.Nm |
files, |
files |
|
or passed on the |
|
.Xr ssh 1 |
|
command-line, |
even if |
even if |
.Xr ssh-agent 1 |
.Xr ssh-agent 1 |
or a |
or a |
|
|
will be used for authentication unless |
will be used for authentication unless |
.Cm IdentitiesOnly |
.Cm IdentitiesOnly |
is set. |
is set. |
|
If no certificates have been explicitly specified by |
|
.Cm CertificateFile , |
.Xr ssh 1 |
.Xr ssh 1 |
will try to load certificate information from the filename obtained by |
will try to load certificate information from the filename obtained by |
appending |
appending |
|
|
may be used in conjunction with |
may be used in conjunction with |
.Cm IdentitiesOnly |
.Cm IdentitiesOnly |
to select which identities in an agent are offered during authentication. |
to select which identities in an agent are offered during authentication. |
|
.Cm IdentityFile |
|
may also be used in conjunction with |
|
.Cm CertificateFile |
|
in order to provide any certificate also needed for authentication with |
|
the identity. |
.It Cm IgnoreUnknown |
.It Cm IgnoreUnknown |
Specifies a pattern-list of unknown options to be ignored if they are |
Specifies a pattern-list of unknown options to be ignored if they are |
encountered in configuration parsing. |
encountered in configuration parsing. |