src/usr.bin/ssh/sshd.8 - diff

Return to sshd.8 CVS log

Up to [local] / src / usr.bin / ssh

Diff for /src/usr.bin/ssh/sshd.8 between version 1.243 and 1.244

-version 1.243, 2008/06/10 08:17:40
+version 1.244, 2008/06/10 23:06:19
 Line 504
 Line 504
 Line 504
  .Cm UseLogin
  is enabled.
  .It Cm from="pattern-list"
- Specifies that in addition to public key authentication, the canonical name
+ Specifies that in addition to public key authentication, either the canonical
- of the remote host must be present in the comma-separated list of
+ name of the remote host or its IP address must be present in the
- patterns.
+ comma-separated list of patterns.
- The purpose
- of this option is to optionally increase security: public key authentication
- by itself does not trust the network or name servers or anything (but
- the key); however, if somebody somehow steals the key, the key
- permits an intruder to log in from anywhere in the world.
- This additional option makes using a stolen key more difficult (name
- servers and/or routers would have to be compromised in addition to
- just the key).
- .Pp
  See
  .Sx PATTERNS
  in
  .Xr ssh_config 5
  for more information on patterns.
+ .Pp
+ In addition to the wildcard matching that may be applied to hostnames or
+ addresses, a
+ .Cm from
+ stanza may match IP addressess using CIDR address/masklen notation.
+ .Pp
+ The purpose of this option is to optionally increase security: public key
+ authentication by itself does not trust the network or name servers or
+ anything (but the key); however, if somebody somehow steals the key, the key
+ permits an intruder to log in from anywhere in the world.
+ This additional option makes using a stolen key more difficult (name
+ servers and/or routers would have to be compromised in addition to
+ just the key).
  .It Cm no-agent-forwarding
  Forbids authentication agent forwarding when this key is used for
  authentication.