diff options
author | djm@openbsd.org <djm@openbsd.org> | 2019-11-25 00:52:46 +0000 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2019-11-25 12:23:40 +1100 |
commit | 0fddf2967ac51d518e300408a0d7e6adf4cd2634 (patch) | |
tree | d7fe4a4f7cd92c565a765e21b7cb19b9c7544d29 /servconf.h | |
parent | b7e74ea072919b31391bc0f5ff653f80b9f5e84f (diff) | |
download | openssh-git-0fddf2967ac51d518e300408a0d7e6adf4cd2634.tar.gz |
upstream: Add a sshd_config PubkeyAuthOptions directive
This directive has a single valid option "no-touch-required" that
causes sshd to skip checking whether user presence was tested before
a security key signature was made (usually by the user touching the
key).
ok markus@
OpenBSD-Commit-ID: 46e434a49802d4ed82bc0aa38cb985c198c407de
Diffstat (limited to 'servconf.h')
-rw-r--r-- | servconf.h | 6 |
1 files changed, 5 insertions, 1 deletions
@@ -1,4 +1,4 @@ -/* $OpenBSD: servconf.h,v 1.140 2019/04/18 18:56:16 dtucker Exp $ */ +/* $OpenBSD: servconf.h,v 1.141 2019/11/25 00:52:46 djm Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> @@ -42,6 +42,9 @@ /* Magic name for internal sftp-server */ #define INTERNAL_SFTP_NAME "internal-sftp" +/* PubkeyAuthOptions flags */ +#define PUBKEYAUTH_TOUCH_REQUIRED 1 + struct ssh; struct fwd_perm_list; @@ -114,6 +117,7 @@ typedef struct { char *ca_sign_algorithms; /* Allowed CA signature algorithms */ int pubkey_authentication; /* If true, permit ssh2 pubkey authentication. */ char *pubkey_key_types; /* Key types allowed for public key */ + int pubkey_auth_options; /* -1 or mask of PUBKEYAUTH_* flags */ int kerberos_authentication; /* If true, permit Kerberos * authentication. */ int kerberos_or_local_passwd; /* If true, permit kerberos |