| version 1.281, 2015/09/11 03:13:36 |
version 1.282, 2015/11/16 00:30:02 |
|
|
| The following option specifications are supported (note |
The following option specifications are supported (note |
| that option keywords are case-insensitive): |
that option keywords are case-insensitive): |
| .Bl -tag -width Ds |
.Bl -tag -width Ds |
| |
.It Cm agent-forwarding |
| |
Enable authentication agent forwarding previously disabled by the |
| |
.Cm restrict |
| |
option. |
| .It Cm cert-authority |
.It Cm cert-authority |
| Specifies that the listed key is a certification authority (CA) that is |
Specifies that the listed key is a certification authority (CA) that is |
| trusted to validate signed certificates for user authentication. |
trusted to validate signed certificates for user authentication. |
|
|
| A port specification of |
A port specification of |
| .Cm * |
.Cm * |
| matches any port. |
matches any port. |
| |
.It Cm port-forwarding |
| |
Enable port forwarding previously disabled by the |
| |
.Cm restrict |
| .It Cm principals="principals" |
.It Cm principals="principals" |
| On a |
On a |
| .Cm cert-authority |
.Cm cert-authority |
|
|
| signers using the |
signers using the |
| .Cm cert-authority |
.Cm cert-authority |
| option. |
option. |
| |
.It Cm pty |
| |
Permits tty allocation previously disabled by the |
| |
.Cm restrict |
| |
option. |
| |
.It Cm restrict |
| |
Enable all restrictions, i.e. disable port, agent and X11 forwarding, |
| |
as well as disabling PTY allocation |
| |
and execution of |
| |
.Pa ~/.ssh/rc . |
| |
If any future restriction capabilities are added to authorized_keys files |
| |
they will be included in this set. |
| .It Cm tunnel="n" |
.It Cm tunnel="n" |
| Force a |
Force a |
| .Xr tun 4 |
.Xr tun 4 |
| device on the server. |
device on the server. |
| Without this option, the next available device will be used if |
Without this option, the next available device will be used if |
| the client requests a tunnel. |
the client requests a tunnel. |
| |
.It Cm user-rc |
| |
Enables execution of |
| |
.Pa ~/.ssh/rc |
| |
previously disabled by the |
| |
.Cm restrict |
| |
option. |
| |
.It Cm X11-forwarding |
| |
Permits X11 forwarding previously disabled by the |
| |
.Cm restrict |
| |
option. |
| .El |
.El |
| .Pp |
.Pp |
| An example authorized_keys file: |
An example authorized_keys file: |
|
|
| AAAAB5...21S== |
AAAAB5...21S== |
| tunnel="0",command="sh /etc/netstart tun0" ssh-rsa AAAA...== |
tunnel="0",command="sh /etc/netstart tun0" ssh-rsa AAAA...== |
| jane@example.net |
jane@example.net |
| |
restrict,command="uptime" ssh-rsa AAAA1C8...32Tv== |
| |
user@example.net |
| |
restrict,pty,command="nethack" ssh-rsa AAAA1f8...IrrC5== |
| |
user@example.net |
| .Ed |
.Ed |
| .Sh SSH_KNOWN_HOSTS FILE FORMAT |
.Sh SSH_KNOWN_HOSTS FILE FORMAT |
| The |
The |
![[BACK]](/icons/back.gif){kind=icon}
Return to sshd.8 CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / src / usr.bin / ssh