version 1.194, 2003/01/31 21:54:40 |
version 1.194.2.1, 2003/09/16 20:50:44 |
|
|
from making DNS requests unless the authentication |
from making DNS requests unless the authentication |
mechanism or configuration requires it. |
mechanism or configuration requires it. |
Authentication mechanisms that may require DNS include |
Authentication mechanisms that may require DNS include |
.Cm RhostsAuthentication , |
|
.Cm RhostsRSAAuthentication , |
.Cm RhostsRSAAuthentication , |
.Cm HostbasedAuthentication |
.Cm HostbasedAuthentication |
and using a |
and using a |
|
|
Specifies that in addition to public key authentication, the canonical name |
Specifies that in addition to public key authentication, the canonical name |
of the remote host must be present in the comma-separated list of |
of the remote host must be present in the comma-separated list of |
patterns |
patterns |
.Pf ( Ql * |
.Pf ( Ql \&* |
and |
and |
.Ql ? |
.Ql \&? |
serve as wildcards). |
serve as wildcards). |
The list may also contain |
The list may also contain |
patterns negated by prefixing them with |
patterns negated by prefixing them with |
.Ql ! ; |
.Ql \&! ; |
if the canonical host name matches a negated pattern, the key is not accepted. |
if the canonical host name matches a negated pattern, the key is not accepted. |
The purpose |
The purpose |
of this option is to optionally increase security: public key authentication |
of this option is to optionally increase security: public key authentication |
|
|
.Ar host/port . |
.Ar host/port . |
Multiple |
Multiple |
.Cm permitopen |
.Cm permitopen |
options may be applied separated by commas. No pattern matching is |
options may be applied separated by commas. |
performed on the specified hostnames, they must be literal domains or |
No pattern matching is performed on the specified hostnames, |
addresses. |
they must be literal domains or addresses. |
.El |
.El |
.Ss Examples |
.Ss Examples |
1024 33 12121.\|.\|.\|312314325 ylo@foo.bar |
1024 33 12121.\|.\|.\|312314325 ylo@foo.bar |
|
|
bits, exponent, modulus, comment. |
bits, exponent, modulus, comment. |
The fields are separated by spaces. |
The fields are separated by spaces. |
.Pp |
.Pp |
Hostnames is a comma-separated list of patterns ('*' and '?' act as |
Hostnames is a comma-separated list of patterns |
|
.Pf ( Ql \&* |
|
and |
|
.Ql \&? |
|
act as |
wildcards); each pattern in turn is matched against the canonical host |
wildcards); each pattern in turn is matched against the canonical host |
name (when authenticating a client) or against the user-supplied |
name (when authenticating a client) or against the user-supplied |
name (when authenticating a server). |
name (when authenticating a server). |
A pattern may also be preceded by |
A pattern may also be preceded by |
.Ql ! |
.Ql \&! |
to indicate negation: if the host name matches a negated |
to indicate negation: if the host name matches a negated |
pattern, it is not accepted (by that line) even if it matched another |
pattern, it is not accepted (by that line) even if it matched another |
pattern on the line. |
pattern on the line. |
|
|
machine-specific login-time initializations globally. |
machine-specific login-time initializations globally. |
This file should be writable only by root, and should be world-readable. |
This file should be writable only by root, and should be world-readable. |
.El |
.El |
.Sh AUTHORS |
|
OpenSSH is a derivative of the original and free |
|
ssh 1.2.12 release by Tatu Ylonen. |
|
Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, |
|
Theo de Raadt and Dug Song |
|
removed many bugs, re-added newer features and |
|
created OpenSSH. |
|
Markus Friedl contributed the support for SSH |
|
protocol versions 1.5 and 2.0. |
|
Niels Provos and Markus Friedl contributed support |
|
for privilege separation. |
|
.Sh SEE ALSO |
.Sh SEE ALSO |
.Xr scp 1 , |
.Xr scp 1 , |
.Xr sftp 1 , |
.Xr sftp 1 , |
|
|
.%D January 2002 |
.%D January 2002 |
.%O work in progress material |
.%O work in progress material |
.Re |
.Re |
|
.Sh AUTHORS |
|
OpenSSH is a derivative of the original and free |
|
ssh 1.2.12 release by Tatu Ylonen. |
|
Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, |
|
Theo de Raadt and Dug Song |
|
removed many bugs, re-added newer features and |
|
created OpenSSH. |
|
Markus Friedl contributed the support for SSH |
|
protocol versions 1.5 and 2.0. |
|
Niels Provos and Markus Friedl contributed support |
|
for privilege separation. |