version 1.160, 2013/05/16 06:30:06 |
version 1.161, 2013/06/27 14:05:37 |
|
|
and finally |
and finally |
.Cm AllowGroups . |
.Cm AllowGroups . |
.Pp |
.Pp |
See |
See PATTERNS in |
.Sx PATTERNS |
|
in |
|
.Xr ssh_config 5 |
.Xr ssh_config 5 |
for more information on patterns. |
for more information on patterns. |
.It Cm AllowTcpForwarding |
.It Cm AllowTcpForwarding |
|
|
and finally |
and finally |
.Cm AllowGroups . |
.Cm AllowGroups . |
.Pp |
.Pp |
See |
See PATTERNS in |
.Sx PATTERNS |
|
in |
|
.Xr ssh_config 5 |
.Xr ssh_config 5 |
for more information on patterns. |
for more information on patterns. |
.It Cm AuthenticationMethods |
.It Cm AuthenticationMethods |
|
|
The program must be owned by root and not writable by group or others. |
The program must be owned by root and not writable by group or others. |
It will be invoked with a single argument of the username |
It will be invoked with a single argument of the username |
being authenticated, and should produce on standard output zero or |
being authenticated, and should produce on standard output zero or |
more lines of authorized_keys output (see |
more lines of authorized_keys output (see AUTHORIZED_KEYS in |
.Sx AUTHORIZED_KEYS |
|
in |
|
.Xr sshd 8 ) . |
.Xr sshd 8 ) . |
If a key supplied by AuthorizedKeysCommand does not successfully authenticate |
If a key supplied by AuthorizedKeysCommand does not successfully authenticate |
and authorize the user then public key authentication continues using the usual |
and authorize the user then public key authentication continues using the usual |
|
|
Specifies the file that contains the public keys that can be used |
Specifies the file that contains the public keys that can be used |
for user authentication. |
for user authentication. |
The format is described in the |
The format is described in the |
.Sx AUTHORIZED_KEYS FILE FORMAT |
AUTHORIZED_KEYS FILE FORMAT |
section of |
section of |
.Xr sshd 8 . |
.Xr sshd 8 . |
.Cm AuthorizedKeysFile |
.Cm AuthorizedKeysFile |
|
|
this file lists names, one of which must appear in the certificate for it |
this file lists names, one of which must appear in the certificate for it |
to be accepted for authentication. |
to be accepted for authentication. |
Names are listed one per line preceded by key options (as described |
Names are listed one per line preceded by key options (as described |
in |
in AUTHORIZED_KEYS FILE FORMAT in |
.Sx AUTHORIZED_KEYS FILE FORMAT |
|
in |
|
.Xr sshd 8 ) . |
.Xr sshd 8 ) . |
Empty lines and comments starting with |
Empty lines and comments starting with |
.Ql # |
.Ql # |
|
|
and finally |
and finally |
.Cm AllowGroups . |
.Cm AllowGroups . |
.Pp |
.Pp |
See |
See PATTERNS in |
.Sx PATTERNS |
|
in |
|
.Xr ssh_config 5 |
.Xr ssh_config 5 |
for more information on patterns. |
for more information on patterns. |
.It Cm DenyUsers |
.It Cm DenyUsers |
|
|
and finally |
and finally |
.Cm AllowGroups . |
.Cm AllowGroups . |
.Pp |
.Pp |
See |
See PATTERNS in |
.Sx PATTERNS |
|
in |
|
.Xr ssh_config 5 |
.Xr ssh_config 5 |
for more information on patterns. |
for more information on patterns. |
.It Cm ForceCommand |
.It Cm ForceCommand |
|
|
.Cm Address . |
.Cm Address . |
The match patterns may consist of single entries or comma-separated |
The match patterns may consist of single entries or comma-separated |
lists and may use the wildcard and negation operators described in the |
lists and may use the wildcard and negation operators described in the |
.Sx PATTERNS |
PATTERNS section of |
section of |
|
.Xr ssh_config 5 . |
.Xr ssh_config 5 . |
.Pp |
.Pp |
The patterns in an |
The patterns in an |
|
|
Keys may be specified as a text file, listing one public key per line, or as |
Keys may be specified as a text file, listing one public key per line, or as |
an OpenSSH Key Revocation List (KRL) as generated by |
an OpenSSH Key Revocation List (KRL) as generated by |
.Xr ssh-keygen 1 . |
.Xr ssh-keygen 1 . |
For more information on KRLs, see the |
For more information on KRLs, see the KEY REVOCATION LISTS section in |
.Sx KEY REVOCATION LISTS |
|
section in |
|
.Xr ssh-keygen 1 . |
.Xr ssh-keygen 1 . |
.It Cm RhostsRSAAuthentication |
.It Cm RhostsRSAAuthentication |
Specifies whether rhosts or /etc/hosts.equiv authentication together |
Specifies whether rhosts or /etc/hosts.equiv authentication together |
|
|
Note that certificates that lack a list of principals will not be permitted |
Note that certificates that lack a list of principals will not be permitted |
for authentication using |
for authentication using |
.Cm TrustedUserCAKeys . |
.Cm TrustedUserCAKeys . |
For more details on certificates, see the |
For more details on certificates, see the CERTIFICATES section in |
.Sx CERTIFICATES |
|
section in |
|
.Xr ssh-keygen 1 . |
.Xr ssh-keygen 1 . |
.It Cm UseDNS |
.It Cm UseDNS |
Specifies whether |
Specifies whether |