src/usr.bin/ssh/sshd.8 - diff

Return to sshd.8 CVS log

Up to [local] / src / usr.bin / ssh

Diff for /src/usr.bin/ssh/sshd.8 between version 1.314 and 1.315

-version 1.314, 2021/04/03 05:46:41
+version 1.315, 2021/06/04 05:59:18
 Line 638
 Line 638
 Line 638
  .Pp
  An example authorized_keys file:
  .Bd -literal -offset 3n
- # Comments allowed at start of line
+ # Comments are allowed at start of line. Blank lines are allowed.
- ssh-rsa AAAAB3Nza...LiPk== user@example.net
+ # Plain key, no restrictions
- from="*.sales.example.net,!pc.sales.example.net" ssh-rsa
+ ssh-rsa ...
- AAAAB2...19Q== john@example.net
+ # Forced command, disable PTY and all forwarding
- command="dump /home",no-pty,no-port-forwarding ssh-rsa
+ restrict,command="dump /home" ssh-rsa ...
- AAAAC3...51R== example.net
+ # Restriction of ssh -L forwarding destinations
- permitopen="192.0.2.1:80",permitopen="192.0.2.2:25" ssh-rsa
+ permitopen="192.0.2.1:80",permitopen="192.0.2.2:25" ssh-rsa ...
- AAAAB5...21S==
+ # Restriction of ssh -R forwarding listeners
- permitlisten="localhost:8080",permitopen="localhost:22000" ssh-rsa
+ permitlisten="localhost:8080",permitlisten="[::1]:22000" ssh-rsa ...
- AAAAB5...21S==
+ # Configuration for tunnel forwarding
- tunnel="0",command="sh /etc/netstart tun0" ssh-rsa AAAA...==
+ tunnel="0",command="sh /etc/netstart tun0" ssh-rsa ...
- jane@example.net
+ # Override of restriction to allow PTY allocation
- restrict,command="uptime" ssh-rsa AAAA1C8...32Tv==
+ restrict,pty,command="nethack" ssh-rsa ...
- user@example.net
+ # Allow FIDO key without requiring touch
- restrict,pty,command="nethack" ssh-rsa AAAA1f8...IrrC5==
+ no-touch-required sk-ecdsa-sha2-nistp256@openssh.com ...
- user@example.net
+ # Require user-verification (e.g. PIN or biometric) for FIDO key
- no-touch-required sk-ecdsa-sha2-nistp256@openssh.com AAAAInN...Ko==
+ verify-required sk-ecdsa-sha2-nistp256@openssh.com ...
- user@example.net
+ # Trust CA key, allow touch-less FIDO if requested in certificate
+ cert-authority,no-touch-required,principals="user_a" ssh-rsa ...
  .Ed
  .Sh SSH_KNOWN_HOSTS FILE FORMAT
  The