diff options
| author | Damien Miller <djm@mindrot.org> | 2012-04-22 11:25:10 +1000 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2012-04-22 11:25:10 +1000 |
| commit | 8fef9ebbab6bd68d245edbadedd52600a800c09c (patch) | |
| tree | 941d280c54fc833a3e006766b4e65d1b1c49c363 | |
| parent | 23528816dc10165b3bc009f2ab5fdf1653db418c (diff) | |
- djm@cvs.openbsd.org 2012/04/12 02:43:55
[sshd_config sshd_config.5]
mention AuthorizedPrincipalsFile=none default
| -rw-r--r-- | ChangeLog | 3 | ||||
| -rw-r--r-- | sshd_config | 4 | ||||
| -rw-r--r-- | sshd_config.5 | 6 |
3 files changed, 10 insertions, 3 deletions
@@ -37,6 +37,9 @@ [servconf.c servconf.h sshd.c sshd_config sshd_config.5] VersionAddendum option to allow server operators to append some arbitrary text to the SSH-... banner; ok deraadt@ "don't care" markus@ + - djm@cvs.openbsd.org 2012/04/12 02:43:55 + [sshd_config sshd_config.5] + mention AuthorizedPrincipalsFile=none default 20120420 - (djm) [contrib/caldera/openssh.spec contrib/redhat/openssh.spec] diff --git a/sshd_config b/sshd_config index 99dbd858..ec3ca2af 100644 --- a/sshd_config +++ b/sshd_config @@ -1,4 +1,4 @@ -# $OpenBSD: sshd_config,v 1.85 2012/04/12 02:42:32 djm Exp $ +# $OpenBSD: sshd_config,v 1.86 2012/04/12 02:43:55 djm Exp $ # This is the sshd server system-wide configuration file. See # sshd_config(5) for more information. @@ -49,6 +49,8 @@ # but this is overridden so installations will only check .ssh/authorized_keys AuthorizedKeysFile .ssh/authorized_keys +#AuthorizedPrincipalsFile none + # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts #RhostsRSAAuthentication no # similar for protocol version 2 diff --git a/sshd_config.5 b/sshd_config.5 index 1522355a..27ee1914 100644 --- a/sshd_config.5 +++ b/sshd_config.5 @@ -33,7 +33,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd_config.5,v 1.137 2012/04/12 02:42:32 djm Exp $ +.\" $OpenBSD: sshd_config.5,v 1.138 2012/04/12 02:43:55 djm Exp $ .Dd $Mdocdate: April 12 2012 $ .Dt SSHD_CONFIG 5 .Os @@ -198,7 +198,9 @@ After expansion, is taken to be an absolute path or one relative to the user's home directory. .Pp -The default is not to use a principals file \(en in this case, the username +The default is +.Dq none , +i.e. not to use a principals file \(en in this case, the username of the user must appear in a certificate's principals list for it to be accepted. Note that |