[BACK]Return to sshd.8 CVS log [TXT][DIR] Up to [local] / src / usr.bin / ssh

Diff for /src/usr.bin/ssh/sshd.8 between version 1.217 and 1.218

version 1.217, 2006/02/12 10:52:41 version 1.218, 2006/02/12 17:57:19
Line 395 
Line 395 
 The following option specifications are supported (note  The following option specifications are supported (note
 that option keywords are case-insensitive):  that option keywords are case-insensitive):
 .Bl -tag -width Ds  .Bl -tag -width Ds
 .It Cm from="pattern-list"  
 Specifies that in addition to public key authentication, the canonical name  
 of the remote host must be present in the comma-separated list of  
 patterns  
 .Pf ( Ql \&*  
 and  
 .Ql \&?  
 serve as wildcards).  
 The list may also contain  
 patterns negated by prefixing them with  
 .Ql \&! ;  
 if the canonical host name matches a negated pattern, the key is not accepted.  
 The purpose  
 of this option is to optionally increase security: public key authentication  
 by itself does not trust the network or name servers or anything (but  
 the key); however, if somebody somehow steals the key, the key  
 permits an intruder to log in from anywhere in the world.  
 This additional option makes using a stolen key more difficult (name  
 servers and/or routers would have to be compromised in addition to  
 just the key).  
 .It Cm command="command"  .It Cm command="command"
 Specifies that the command is executed whenever this key is used for  Specifies that the command is executed whenever this key is used for
 authentication.  authentication.
Line 444 
Line 424 
 This option is automatically disabled if  This option is automatically disabled if
 .Cm UseLogin  .Cm UseLogin
 is enabled.  is enabled.
   .It Cm from="pattern-list"
   Specifies that in addition to public key authentication, the canonical name
   of the remote host must be present in the comma-separated list of
   patterns
   .Pf ( Ql \&*
   and
   .Ql \&?
   serve as wildcards).
   The list may also contain
   patterns negated by prefixing them with
   .Ql \&! ;
   if the canonical host name matches a negated pattern, the key is not accepted.
   The purpose
   of this option is to optionally increase security: public key authentication
   by itself does not trust the network or name servers or anything (but
   the key); however, if somebody somehow steals the key, the key
   permits an intruder to log in from anywhere in the world.
   This additional option makes using a stolen key more difficult (name
   servers and/or routers would have to be compromised in addition to
   just the key).
   .It Cm no-agent-forwarding
   Forbids authentication agent forwarding when this key is used for
   authentication.
 .It Cm no-port-forwarding  .It Cm no-port-forwarding
 Forbids TCP forwarding when this key is used for authentication.  Forbids TCP forwarding when this key is used for authentication.
 Any port forward requests by the client will return an error.  Any port forward requests by the client will return an error.
 This might be used, e.g., in connection with the  This might be used, e.g., in connection with the
 .Cm command  .Cm command
 option.  option.
   .It Cm no-pty
   Prevents tty allocation (a request to allocate a pty will fail).
 .It Cm no-X11-forwarding  .It Cm no-X11-forwarding
 Forbids X11 forwarding when this key is used for authentication.  Forbids X11 forwarding when this key is used for authentication.
 Any X11 forward requests by the client will return an error.  Any X11 forward requests by the client will return an error.
 .It Cm no-agent-forwarding  
 Forbids authentication agent forwarding when this key is used for  
 authentication.  
 .It Cm no-pty  
 Prevents tty allocation (a request to allocate a pty will fail).  
 .It Cm permitopen="host:port"  .It Cm permitopen="host:port"
 Limit local  Limit local
 .Li ``ssh -L''  .Li ``ssh -L''
Legend:
Removed from v.1.217  
changed lines
  Added in v.1.218