| version 1.296, 2019/12/19 15:09:30 |
version 1.297, 2019/12/21 20:22:34 |
|
|
| .Pp |
.Pp |
| The |
The |
| .Cm touch-required |
.Cm touch-required |
| option causes public key authentication using a security key algorithm |
option causes public key authentication using a FIDO authenticator algorithm |
| (i.e.\& |
(i.e.\& |
| .Cm ecdsa-sk |
.Cm ecdsa-sk |
| or |
or |
| .Cm ed25519-sk ) |
.Cm ed25519-sk ) |
| to always require the signature to attest that a physically present user |
to always require the signature to attest that a physically present user |
| explicitly confirmed the authentication (usually by touching the security key). |
explicitly confirmed the authentication (usually by touching the authenticator). |
| By default, |
By default, |
| .Xr sshd 8 |
.Xr sshd 8 |
| requires key touch unless overridden with an authorized_keys option. |
requires user presence unless overridden with an authorized_keys option. |
| The |
The |
| .Cm touch-required |
.Cm touch-required |
| flag disables this override. |
flag disables this override. |
| This option has no effect for other, non-security key, public key types. |
This option has no effect for other, non-authenticator public key types. |
| .It Cm PubkeyAuthentication |
.It Cm PubkeyAuthentication |
| Specifies whether public key authentication is allowed. |
Specifies whether public key authentication is allowed. |
| The default is |
The default is |
|
|
| .Cm \&%D , |
.Cm \&%D , |
| then the domain in which the incoming connection was received will be applied. |
then the domain in which the incoming connection was received will be applied. |
| .It Cm SecurityKeyProvider |
.It Cm SecurityKeyProvider |
| Specifies a path to a security key provider library that will be used when |
Specifies a path to a library that will be used when loading |
| loading any security key-hosted keys, overriding the default of using |
FIDO authenticator-hosted keys, overriding the default of using |
| the built-in support for USB HID keys. |
the built-in USB HID support. |
| .It Cm SetEnv |
.It Cm SetEnv |
| Specifies one or more environment variables to set in child sessions started |
Specifies one or more environment variables to set in child sessions started |
| by |
by |
![[BACK]](/icons/back.gif){kind=icon}
Return to sshd_config.5 CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / src / usr.bin / ssh