version 1.281, 2015/09/11 03:13:36 |
version 1.282, 2015/11/16 00:30:02 |
|
|
The following option specifications are supported (note |
The following option specifications are supported (note |
that option keywords are case-insensitive): |
that option keywords are case-insensitive): |
.Bl -tag -width Ds |
.Bl -tag -width Ds |
|
.It Cm agent-forwarding |
|
Enable authentication agent forwarding previously disabled by the |
|
.Cm restrict |
|
option. |
.It Cm cert-authority |
.It Cm cert-authority |
Specifies that the listed key is a certification authority (CA) that is |
Specifies that the listed key is a certification authority (CA) that is |
trusted to validate signed certificates for user authentication. |
trusted to validate signed certificates for user authentication. |
|
|
A port specification of |
A port specification of |
.Cm * |
.Cm * |
matches any port. |
matches any port. |
|
.It Cm port-forwarding |
|
Enable port forwarding previously disabled by the |
|
.Cm restrict |
.It Cm principals="principals" |
.It Cm principals="principals" |
On a |
On a |
.Cm cert-authority |
.Cm cert-authority |
|
|
signers using the |
signers using the |
.Cm cert-authority |
.Cm cert-authority |
option. |
option. |
|
.It Cm pty |
|
Permits tty allocation previously disabled by the |
|
.Cm restrict |
|
option. |
|
.It Cm restrict |
|
Enable all restrictions, i.e. disable port, agent and X11 forwarding, |
|
as well as disabling PTY allocation |
|
and execution of |
|
.Pa ~/.ssh/rc . |
|
If any future restriction capabilities are added to authorized_keys files |
|
they will be included in this set. |
.It Cm tunnel="n" |
.It Cm tunnel="n" |
Force a |
Force a |
.Xr tun 4 |
.Xr tun 4 |
device on the server. |
device on the server. |
Without this option, the next available device will be used if |
Without this option, the next available device will be used if |
the client requests a tunnel. |
the client requests a tunnel. |
|
.It Cm user-rc |
|
Enables execution of |
|
.Pa ~/.ssh/rc |
|
previously disabled by the |
|
.Cm restrict |
|
option. |
|
.It Cm X11-forwarding |
|
Permits X11 forwarding previously disabled by the |
|
.Cm restrict |
|
option. |
.El |
.El |
.Pp |
.Pp |
An example authorized_keys file: |
An example authorized_keys file: |
|
|
AAAAB5...21S== |
AAAAB5...21S== |
tunnel="0",command="sh /etc/netstart tun0" ssh-rsa AAAA...== |
tunnel="0",command="sh /etc/netstart tun0" ssh-rsa AAAA...== |
jane@example.net |
jane@example.net |
|
restrict,command="uptime" ssh-rsa AAAA1C8...32Tv== |
|
user@example.net |
|
restrict,pty,command="nethack" ssh-rsa AAAA1f8...IrrC5== |
|
user@example.net |
.Ed |
.Ed |
.Sh SSH_KNOWN_HOSTS FILE FORMAT |
.Sh SSH_KNOWN_HOSTS FILE FORMAT |
The |
The |