version 1.243, 2008/06/10 08:17:40 |
version 1.244, 2008/06/10 23:06:19 |
|
|
.Cm UseLogin |
.Cm UseLogin |
is enabled. |
is enabled. |
.It Cm from="pattern-list" |
.It Cm from="pattern-list" |
Specifies that in addition to public key authentication, the canonical name |
Specifies that in addition to public key authentication, either the canonical |
of the remote host must be present in the comma-separated list of |
name of the remote host or its IP address must be present in the |
patterns. |
comma-separated list of patterns. |
The purpose |
|
of this option is to optionally increase security: public key authentication |
|
by itself does not trust the network or name servers or anything (but |
|
the key); however, if somebody somehow steals the key, the key |
|
permits an intruder to log in from anywhere in the world. |
|
This additional option makes using a stolen key more difficult (name |
|
servers and/or routers would have to be compromised in addition to |
|
just the key). |
|
.Pp |
|
See |
See |
.Sx PATTERNS |
.Sx PATTERNS |
in |
in |
.Xr ssh_config 5 |
.Xr ssh_config 5 |
for more information on patterns. |
for more information on patterns. |
|
.Pp |
|
In addition to the wildcard matching that may be applied to hostnames or |
|
addresses, a |
|
.Cm from |
|
stanza may match IP addressess using CIDR address/masklen notation. |
|
.Pp |
|
The purpose of this option is to optionally increase security: public key |
|
authentication by itself does not trust the network or name servers or |
|
anything (but the key); however, if somebody somehow steals the key, the key |
|
permits an intruder to log in from anywhere in the world. |
|
This additional option makes using a stolen key more difficult (name |
|
servers and/or routers would have to be compromised in addition to |
|
just the key). |
.It Cm no-agent-forwarding |
.It Cm no-agent-forwarding |
Forbids authentication agent forwarding when this key is used for |
Forbids authentication agent forwarding when this key is used for |
authentication. |
authentication. |