diff options
author | djm@openbsd.org <djm@openbsd.org> | 2020-04-17 04:27:03 +0000 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2020-04-17 17:17:47 +1000 |
commit | 44ae009a0112081d0d541aeaa90088bedb6f21ce (patch) | |
tree | edb664fcec28db5427d24523ff97bbf5e13ff96e | |
parent | f96f17f920f38ceea6f3c5cb0b075c46b8929fdc (diff) |
upstream: auth2-pubkey r1.89 changed the order of operations to
checking AuthorizedKeysFile first and falling back to AuthorizedKeysCommand
if no key was found in a file. Document this order here; bz3134
OpenBSD-Commit-ID: afce0872cbfcfc1d4910ad7722e50f792a1dce12
-rw-r--r-- | sshd_config.5 | 8 |
1 files changed, 3 insertions, 5 deletions
diff --git a/sshd_config.5 b/sshd_config.5 index 5648337a..b2fda8d5 100644 --- a/sshd_config.5 +++ b/sshd_config.5 @@ -33,7 +33,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd_config.5,v 1.309 2020/04/17 03:30:05 djm Exp $ +.\" $OpenBSD: sshd_config.5,v 1.310 2020/04/17 04:27:03 djm Exp $ .Dd $Mdocdate: April 17 2020 $ .Dt SSHD_CONFIG 5 .Os @@ -247,12 +247,10 @@ more lines of authorized_keys output (see .Sx AUTHORIZED_KEYS in .Xr sshd 8 ) . -If a key supplied by .Cm AuthorizedKeysCommand -does not successfully authenticate -and authorize the user then public key authentication continues using the usual +is tried after the usual .Cm AuthorizedKeysFile -files. +files and will not be executed if a matching key is found there. By default, no .Cm AuthorizedKeysCommand is run. |