version 1.314, 2021/04/03 05:46:41 |
version 1.315, 2021/06/04 05:59:18 |
|
|
.Pp |
.Pp |
An example authorized_keys file: |
An example authorized_keys file: |
.Bd -literal -offset 3n |
.Bd -literal -offset 3n |
# Comments allowed at start of line |
# Comments are allowed at start of line. Blank lines are allowed. |
ssh-rsa AAAAB3Nza...LiPk== user@example.net |
# Plain key, no restrictions |
from="*.sales.example.net,!pc.sales.example.net" ssh-rsa |
ssh-rsa ... |
AAAAB2...19Q== john@example.net |
# Forced command, disable PTY and all forwarding |
command="dump /home",no-pty,no-port-forwarding ssh-rsa |
restrict,command="dump /home" ssh-rsa ... |
AAAAC3...51R== example.net |
# Restriction of ssh -L forwarding destinations |
permitopen="192.0.2.1:80",permitopen="192.0.2.2:25" ssh-rsa |
permitopen="192.0.2.1:80",permitopen="192.0.2.2:25" ssh-rsa ... |
AAAAB5...21S== |
# Restriction of ssh -R forwarding listeners |
permitlisten="localhost:8080",permitopen="localhost:22000" ssh-rsa |
permitlisten="localhost:8080",permitlisten="[::1]:22000" ssh-rsa ... |
AAAAB5...21S== |
# Configuration for tunnel forwarding |
tunnel="0",command="sh /etc/netstart tun0" ssh-rsa AAAA...== |
tunnel="0",command="sh /etc/netstart tun0" ssh-rsa ... |
jane@example.net |
# Override of restriction to allow PTY allocation |
restrict,command="uptime" ssh-rsa AAAA1C8...32Tv== |
restrict,pty,command="nethack" ssh-rsa ... |
user@example.net |
# Allow FIDO key without requiring touch |
restrict,pty,command="nethack" ssh-rsa AAAA1f8...IrrC5== |
no-touch-required sk-ecdsa-sha2-nistp256@openssh.com ... |
user@example.net |
# Require user-verification (e.g. PIN or biometric) for FIDO key |
no-touch-required sk-ecdsa-sha2-nistp256@openssh.com AAAAInN...Ko== |
verify-required sk-ecdsa-sha2-nistp256@openssh.com ... |
user@example.net |
# Trust CA key, allow touch-less FIDO if requested in certificate |
|
cert-authority,no-touch-required,principals="user_a" ssh-rsa ... |
.Ed |
.Ed |
.Sh SSH_KNOWN_HOSTS FILE FORMAT |
.Sh SSH_KNOWN_HOSTS FILE FORMAT |
The |
The |