| version 1.234, 2016/09/22 17:55:13 |
version 1.235, 2016/09/22 19:19:01 |
|
|
| Specifies a program to be used to look up the user's public keys. |
Specifies a program to be used to look up the user's public keys. |
| The program must be owned by root, not writable by group or others and |
The program must be owned by root, not writable by group or others and |
| specified by an absolute path. |
specified by an absolute path. |
| .Pp |
|
| Arguments to |
Arguments to |
| .Cm AuthorizedKeysCommand |
.Cm AuthorizedKeysCommand |
| may be provided using the following tokens, which will be expanded |
accept the tokens described in the |
| at runtime: %% is replaced by a literal '%', %u is replaced by the |
.Sx TOKENS |
| username being authenticated, %h is replaced by the home directory |
section. |
| of the user being authenticated, %t is replaced with the key type |
If no arguments are specified then the username of the target user is used. |
| offered for authentication, %f is replaced with the fingerprint of |
|
| the key, and %k is replaced with the key being offered for authentication. |
|
| If no arguments are specified then the username of the target user |
|
| will be supplied. |
|
| .Pp |
.Pp |
| The program should produce on standard output zero or |
The program should produce on standard output zero or |
| more lines of authorized_keys output (see AUTHORIZED_KEYS in |
more lines of authorized_keys output (see |
| |
.Sx AUTHORIZED_KEYS |
| |
in |
| .Xr sshd 8 ) . |
.Xr sshd 8 ) . |
| If a key supplied by AuthorizedKeysCommand does not successfully authenticate |
If a key supplied by |
| |
.Cm AuthorizedKeysCommand |
| |
does not successfully authenticate |
| and authorize the user then public key authentication continues using the usual |
and authorize the user then public key authentication continues using the usual |
| .Cm AuthorizedKeysFile |
.Cm AuthorizedKeysFile |
| files. |
files. |
|
|
| .Xr sshd 8 |
.Xr sshd 8 |
| will refuse to start. |
will refuse to start. |
| .It Cm AuthorizedKeysFile |
.It Cm AuthorizedKeysFile |
| Specifies the file that contains the public keys that can be used |
Specifies the file that contains the public keys used for user authentication. |
| for user authentication. |
|
| The format is described in the |
The format is described in the |
| AUTHORIZED_KEYS FILE FORMAT |
.Sx AUTHORIZED_KEYS FILE FORMAT |
| section of |
section of |
| .Xr sshd 8 . |
.Xr sshd 8 . |
| |
Arguments to |
| .Cm AuthorizedKeysFile |
.Cm AuthorizedKeysFile |
| may contain tokens of the form %T which are substituted during connection |
accept the tokens described in the |
| setup. |
.Sx TOKENS |
| The following tokens are defined: %% is replaced by a literal '%', |
section. |
| %h is replaced by the home directory of the user being authenticated, and |
|
| %u is replaced by the username of that user. |
|
| After expansion, |
After expansion, |
| .Cm AuthorizedKeysFile |
.Cm AuthorizedKeysFile |
| is taken to be an absolute path or one relative to the user's home |
is taken to be an absolute path or one relative to the user's home |
|
|
| .Cm AuthorizedPrincipalsFile . |
.Cm AuthorizedPrincipalsFile . |
| The program must be owned by root, not writable by group or others and |
The program must be owned by root, not writable by group or others and |
| specified by an absolute path. |
specified by an absolute path. |
| .Pp |
|
| Arguments to |
Arguments to |
| .Cm AuthorizedPrincipalsCommand |
.Cm AuthorizedPrincipalsCommand |
| may be provided using the following tokens, which will be expanded |
accept the tokens described in the |
| at runtime: |
.Sx TOKENS |
| %% is replaced by a literal '%', |
section. |
| %F with the fingerprint of the CA key, |
If no arguments are specified then the username of the target user is used. |
| %f is replaced with certificate fingerprint, |
|
| %K is replaced with the base-64 encoded CA key. |
|
| %k is replaced with the full base-64 encoded certificate, |
|
| %h is replaced with the home directory of the user being authenticated, |
|
| %i is replaced with key ID in the certificate, |
|
| %s is replaced with the serial number of the certificate, |
|
| %T with the type of the CA key, |
|
| %t is replaced with type of the certificate being offered, and |
|
| %u is replaced by the username being authenticated, |
|
| If no arguments are specified then the username of the target user |
|
| will be supplied. |
|
| .Pp |
.Pp |
| The program should produce on standard output zero or |
The program should produce on standard output zero or |
| more lines of |
more lines of |
|
|
| .Cm AuthorizedPrincipalsFile |
.Cm AuthorizedPrincipalsFile |
| is specified, then certificates offered by the client for authentication |
is specified, then certificates offered by the client for authentication |
| must contain a principal that is listed. |
must contain a principal that is listed. |
| By default, no AuthorizedPrincipalsCommand is run. |
By default, no |
| |
.Cm AuthorizedPrincipalsCommand |
| |
is run. |
| .It Cm AuthorizedPrincipalsCommandUser |
.It Cm AuthorizedPrincipalsCommandUser |
| Specifies the user under whose account the AuthorizedPrincipalsCommand is run. |
Specifies the user under whose account the |
| |
.Cm AuthorizedPrincipalsCommand |
| |
is run. |
| It is recommended to use a dedicated user that has no other role on the host |
It is recommended to use a dedicated user that has no other role on the host |
| than running authorized principals commands. |
than running authorized principals commands. |
| If |
If |
|
|
| .Cm TrustedUserCAKeys , |
.Cm TrustedUserCAKeys , |
| this file lists names, one of which must appear in the certificate for it |
this file lists names, one of which must appear in the certificate for it |
| to be accepted for authentication. |
to be accepted for authentication. |
| Names are listed one per line preceded by key options (as described |
Names are listed one per line preceded by key options (as described in |
| in AUTHORIZED_KEYS FILE FORMAT in |
.Sx AUTHORIZED_KEYS FILE FORMAT |
| |
in |
| .Xr sshd 8 ) . |
.Xr sshd 8 ) . |
| Empty lines and comments starting with |
Empty lines and comments starting with |
| .Ql # |
.Ql # |
| are ignored. |
are ignored. |
| .Pp |
.Pp |
| |
Arguments to |
| .Cm AuthorizedPrincipalsFile |
.Cm AuthorizedPrincipalsFile |
| may contain tokens of the form %T which are substituted during connection |
accept the tokens described in the |
| setup. |
.Sx TOKENS |
| The following tokens are defined: %% is replaced by a literal '%', |
section. |
| %h is replaced by the home directory of the user being authenticated, and |
|
| %u is replaced by the username of that user. |
|
| After expansion, |
After expansion, |
| .Cm AuthorizedPrincipalsFile |
.Cm AuthorizedPrincipalsFile |
| is taken to be an absolute path or one relative to the user's home |
is taken to be an absolute path or one relative to the user's home directory. |
| directory. |
|
| .Pp |
|
| The default is |
The default is |
| .Dq none , |
.Dq none , |
| i.e. not to use a principals file \(en in this case, the username |
i.e. not to use a principals file \(en in this case, the username |
| of the user must appear in a certificate's principals list for it to be |
of the user must appear in a certificate's principals list for it to be |
| accepted. |
accepted. |
| |
.Pp |
| Note that |
Note that |
| .Cm AuthorizedPrincipalsFile |
.Cm AuthorizedPrincipalsFile |
| is only used when authentication proceeds using a CA listed in |
is only used when authentication proceeds using a CA listed in |
|
|
| After the chroot, |
After the chroot, |
| .Xr sshd 8 |
.Xr sshd 8 |
| changes the working directory to the user's home directory. |
changes the working directory to the user's home directory. |
| |
Arguments to |
| |
.Cm ChrootDirectory |
| |
accept the tokens described in the |
| |
.Sx TOKENS |
| |
section. |
| .Pp |
.Pp |
| The pathname may contain the following tokens that are expanded at runtime once |
|
| the connecting user has been authenticated: %% is replaced by a literal '%', |
|
| %h is replaced by the home directory of the user being authenticated, and |
|
| %u is replaced by the username of that user. |
|
| .Pp |
|
| The |
The |
| .Cm ChrootDirectory |
.Cm ChrootDirectory |
| must contain the necessary files and directories to support the |
must contain the necessary files and directories to support the |
|
|
| .It 1h30m |
.It 1h30m |
| 1 hour 30 minutes (90 minutes) |
1 hour 30 minutes (90 minutes) |
| .El |
.El |
| |
.Sh TOKENS |
| |
Arguments to some keywords can make use of tokens, |
| |
which are expanded at runtime: |
| |
.Pp |
| |
.Bl -tag -width XXXX -offset indent -compact |
| |
.It %% |
| |
A literal |
| |
.Sq % . |
| |
.It %F |
| |
The fingerprint of the CA key. |
| |
.It %f |
| |
The fingerprint of the key or certificate. |
| |
.It %h |
| |
The home directory of the user. |
| |
.It %i |
| |
The key ID in the certificate. |
| |
.It %K |
| |
The base64-encoded CA key. |
| |
.It %k |
| |
The base64-encoded key or certificate for authentication. |
| |
.It %s |
| |
The serial number of the certificate. |
| |
.It \&%T |
| |
The type of the CA key. |
| |
.It %t |
| |
The key or certificate type. |
| |
.It %u |
| |
The username. |
| |
.El |
| |
.Pp |
| |
.Cm AuthorizedKeysCommand |
| |
accepts the tokens %%, %f, %h, %t, and %u. |
| |
.Pp |
| |
.Cm AuthorizedKeysFile |
| |
accepts the tokens %%, %h, and %u. |
| |
.Pp |
| |
.Cm AuthorizedPrincipalsCommand |
| |
accepts the tokens %%, %F, %f, %K, %k, %h, %i, %s, %T, %t, and %u. |
| |
.Pp |
| |
.Cm AuthorizedPrincipalsFile |
| |
accepts the tokens %%, %h, and %u. |
| |
.Pp |
| |
.Cm ChrootDirectory |
| |
accepts the tokens %%, %h, and %u. |
| .Sh FILES |
.Sh FILES |
| .Bl -tag -width Ds |
.Bl -tag -width Ds |
| .It Pa /etc/ssh/sshd_config |
.It Pa /etc/ssh/sshd_config |
![[BACK]](/icons/back.gif){kind=icon}
Return to sshd_config.5 CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / src / usr.bin / ssh