version 1.296, 2019/12/19 15:09:30 |
version 1.297, 2019/12/21 20:22:34 |
|
|
.Pp |
.Pp |
The |
The |
.Cm touch-required |
.Cm touch-required |
option causes public key authentication using a security key algorithm |
option causes public key authentication using a FIDO authenticator algorithm |
(i.e.\& |
(i.e.\& |
.Cm ecdsa-sk |
.Cm ecdsa-sk |
or |
or |
.Cm ed25519-sk ) |
.Cm ed25519-sk ) |
to always require the signature to attest that a physically present user |
to always require the signature to attest that a physically present user |
explicitly confirmed the authentication (usually by touching the security key). |
explicitly confirmed the authentication (usually by touching the authenticator). |
By default, |
By default, |
.Xr sshd 8 |
.Xr sshd 8 |
requires key touch unless overridden with an authorized_keys option. |
requires user presence unless overridden with an authorized_keys option. |
The |
The |
.Cm touch-required |
.Cm touch-required |
flag disables this override. |
flag disables this override. |
This option has no effect for other, non-security key, public key types. |
This option has no effect for other, non-authenticator public key types. |
.It Cm PubkeyAuthentication |
.It Cm PubkeyAuthentication |
Specifies whether public key authentication is allowed. |
Specifies whether public key authentication is allowed. |
The default is |
The default is |
|
|
.Cm \&%D , |
.Cm \&%D , |
then the domain in which the incoming connection was received will be applied. |
then the domain in which the incoming connection was received will be applied. |
.It Cm SecurityKeyProvider |
.It Cm SecurityKeyProvider |
Specifies a path to a security key provider library that will be used when |
Specifies a path to a library that will be used when loading |
loading any security key-hosted keys, overriding the default of using |
FIDO authenticator-hosted keys, overriding the default of using |
the built-in support for USB HID keys. |
the built-in USB HID support. |
.It Cm SetEnv |
.It Cm SetEnv |
Specifies one or more environment variables to set in child sessions started |
Specifies one or more environment variables to set in child sessions started |
by |
by |