diff options
| author | djm@openbsd.org <djm@openbsd.org> | 2021-06-04 05:59:18 +0000 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2021-06-04 16:00:31 +1000 |
| commit | c298c4da574ab92df2f051561aeb3e106b0ec954 (patch) | |
| tree | 4608ba3393762980802f7fb05a3c2a3be645e8c0 /sshd.8 | |
| parent | d9cb35bbec5f623589d7c58fc094817b33030f35 (diff) | |
| download | openssh-git-c298c4da574ab92df2f051561aeb3e106b0ec954.tar.gz | |
upstream: rework authorized_keys example section, removing irrelevant
stuff, de-wrapping the example lines and better aligning the examples with
common usage and FAQs; ok jmc
OpenBSD-Commit-ID: d59f1c9281f828148e2a2e49eb9629266803b75c
Diffstat (limited to 'sshd.8')
| -rw-r--r-- | sshd.8 | 41 |
1 files changed, 21 insertions, 20 deletions
@@ -33,8 +33,8 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd.8,v 1.314 2021/04/03 05:46:41 djm Exp $ -.Dd $Mdocdate: April 3 2021 $ +.\" $OpenBSD: sshd.8,v 1.315 2021/06/04 05:59:18 djm Exp $ +.Dd $Mdocdate: June 4 2021 $ .Dt SSHD 8 .Os .Sh NAME @@ -665,24 +665,25 @@ option. .Pp An example authorized_keys file: .Bd -literal -offset 3n -# Comments allowed at start of line -ssh-rsa AAAAB3Nza...LiPk== user@example.net -from="*.sales.example.net,!pc.sales.example.net" ssh-rsa -AAAAB2...19Q== john@example.net -command="dump /home",no-pty,no-port-forwarding ssh-rsa -AAAAC3...51R== example.net -permitopen="192.0.2.1:80",permitopen="192.0.2.2:25" ssh-rsa -AAAAB5...21S== -permitlisten="localhost:8080",permitopen="localhost:22000" ssh-rsa -AAAAB5...21S== -tunnel="0",command="sh /etc/netstart tun0" ssh-rsa AAAA...== -jane@example.net -restrict,command="uptime" ssh-rsa AAAA1C8...32Tv== -user@example.net -restrict,pty,command="nethack" ssh-rsa AAAA1f8...IrrC5== -user@example.net -no-touch-required sk-ecdsa-sha2-nistp256@openssh.com AAAAInN...Ko== -user@example.net +# Comments are allowed at start of line. Blank lines are allowed. +# Plain key, no restrictions +ssh-rsa ... +# Forced command, disable PTY and all forwarding +restrict,command="dump /home" ssh-rsa ... +# Restriction of ssh -L forwarding destinations +permitopen="192.0.2.1:80",permitopen="192.0.2.2:25" ssh-rsa ... +# Restriction of ssh -R forwarding listeners +permitlisten="localhost:8080",permitlisten="[::1]:22000" ssh-rsa ... +# Configuration for tunnel forwarding +tunnel="0",command="sh /etc/netstart tun0" ssh-rsa ... +# Override of restriction to allow PTY allocation +restrict,pty,command="nethack" ssh-rsa ... +# Allow FIDO key without requiring touch +no-touch-required sk-ecdsa-sha2-nistp256@openssh.com ... +# Require user-verification (e.g. PIN or biometric) for FIDO key +verify-required sk-ecdsa-sha2-nistp256@openssh.com ... +# Trust CA key, allow touch-less FIDO if requested in certificate +cert-authority,no-touch-required,principals="user_a" ssh-rsa ... .Ed .Sh SSH_KNOWN_HOSTS FILE FORMAT The |