- jmc@cvs.openbsd.org 2014/01/29 14:04:51

     [sshd_config.5]
     document kbdinteractiveauthentication;
     requested From: Ross L Richardson

     dtucker/markus helped explain its workings;

2 files changed, 19 insertions, 2 deletions

diff --git a/ChangeLog b/ChangeLog
index 25d9c9af..aca0044f 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -25,6 +25,12 @@
      [monitor.h monitor_wrap.c monitor_wrap.h readconf.c readconf.h]
      [schnorr.c schnorr.h servconf.c servconf.h ssh2.h sshconnect2.c]
      remove experimental, never-enabled JPAKE code; ok markus@
+   - jmc@cvs.openbsd.org 2014/01/29 14:04:51
+     [sshd_config.5]
+     document kbdinteractiveauthentication;
+     requested From: Ross L Richardson
+     
+     dtucker/markus helped explain its workings;
 
 20140131
  - (djm) [sandbox-seccomp-filter.c sandbox-systrace.c] Allow shutdown(2)
diff --git a/sshd_config.5 b/sshd_config.5
index 3b21ea6e..de330a00 100644
--- a/sshd_config.5
+++ b/sshd_config.5
@@ -33,8 +33,8 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: sshd_config.5,v 1.170 2013/12/08 09:53:27 dtucker Exp $
-.Dd $Mdocdate: December 8 2013 $
+.\" $OpenBSD: sshd_config.5,v 1.171 2014/01/29 14:04:51 jmc Exp $
+.Dd $Mdocdate: January 29 2014 $
 .Dt SSHD_CONFIG 5
 .Os
 .Sh NAME
@@ -633,6 +633,17 @@ The default is
 for interactive sessions and
 .Dq throughput
 for non-interactive sessions.
+.It Cm KbdInteractiveAuthentication
+Specifies whether to allow keyboard-interactive authentication.
+The argument to this keyword must be
+.Dq yes
+or
+.Dq no .
+The default is to use whatever value
+.Cm ChallengeResponseAuthentication
+is set to
+(by default
+.Dq yes ) .
 .It Cm KerberosAuthentication
 Specifies whether the password provided by the user for
 .Cm PasswordAuthentication