diff options
author | djm@openbsd.org <djm@openbsd.org> | 2019-11-25 00:54:23 +0000 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2019-11-25 12:23:40 +1100 |
commit | 2e71263b80fec7ad977e098004fef7d122169d40 (patch) | |
tree | b4eef0768ef7fb69c0acdfad6a9d63762791d6f6 /sshd.8 | |
parent | 0fddf2967ac51d518e300408a0d7e6adf4cd2634 (diff) | |
download | openssh-git-2e71263b80fec7ad977e098004fef7d122169d40.tar.gz |
upstream: add a "no-touch-required" option for authorized_keys and
a similar extension for certificates. This option disables the default
requirement that security key signatures attest that the user touched their
key to authorize them.
feedback deraadt, ok markus
OpenBSD-Commit-ID: f1fb56151ba68d55d554d0f6d3d4dba0cf1a452e
Diffstat (limited to 'sshd.8')
-rw-r--r-- | sshd.8 | 13 |
1 files changed, 11 insertions, 2 deletions
@@ -33,8 +33,8 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd.8,v 1.306 2019/11/18 04:55:02 djm Exp $ -.Dd $Mdocdate: November 18 2019 $ +.\" $OpenBSD: sshd.8,v 1.307 2019/11/25 00:54:23 djm Exp $ +.Dd $Mdocdate: November 25 2019 $ .Dt SSHD 8 .Os .Sh NAME @@ -627,6 +627,13 @@ option. Permits tty allocation previously disabled by the .Cm restrict option. +.It Cm no-touch-required +Do not require demonstration of user presence +for signatures made using this key. +This option only makes sense for the Security Key algorithms +.Cm ecdsa-sk +and +.Cm ed25519-sk . .It Cm restrict Enable all restrictions, i.e. disable port, agent and X11 forwarding, as well as disabling PTY allocation @@ -670,6 +677,8 @@ restrict,command="uptime" ssh-rsa AAAA1C8...32Tv== user@example.net restrict,pty,command="nethack" ssh-rsa AAAA1f8...IrrC5== user@example.net +no-touch-required sk-ecdsa-sha2-nistp256@openssh.com AAAAInN...Ko== +user@example.net .Ed .Sh SSH_KNOWN_HOSTS FILE FORMAT The |