summaryrefslogtreecommitdiff
path: root/usr.bin/ssh
diff options
context:
space:
mode:
authormouring <mouring@cvs.openbsd.org>2003-04-30 01:16:21 +0000
committermouring <mouring@cvs.openbsd.org>2003-04-30 01:16:21 +0000
commitb20bfedb5daf0b038b3a3e5e03de6eb0aa2d8c52 (patch)
tree6424857326fa2dbfdae0e1218ea9b8084b5732f7 /usr.bin/ssh
parent9edc81588ce929771b8fe051aafafc18ebffe5c7 (diff)
Escape ?, * and ! in .Ql for nroff compatibility. OpenSSH Portable Bug #550
and * escaping suggested by jmc@.
Diffstat (limited to 'usr.bin/ssh')
-rw-r--r--usr.bin/ssh/sshd.817
-rw-r--r--usr.bin/ssh/sshd_config.510
2 files changed, 16 insertions, 11 deletions
diff --git a/usr.bin/ssh/sshd.8 b/usr.bin/ssh/sshd.8
index a99c4f16273..1d4e90fb2f8 100644
--- a/usr.bin/ssh/sshd.8
+++ b/usr.bin/ssh/sshd.8
@@ -34,7 +34,7 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.\" $OpenBSD: sshd.8,v 1.194 2003/01/31 21:54:40 jmc Exp $
+.\" $OpenBSD: sshd.8,v 1.195 2003/04/30 01:16:20 mouring Exp $
.Dd September 25, 1999
.Dt SSHD 8
.Os
@@ -429,13 +429,14 @@ that option keywords are case-insensitive):
Specifies that in addition to public key authentication, the canonical name
of the remote host must be present in the comma-separated list of
patterns
-.Pf ( Ql *
+.Pf (
+.Ql \&*
and
-.Ql ?
+.Ql \&?
serve as wildcards).
The list may also contain
patterns negated by prefixing them with
-.Ql ! ;
+.Ql \&! ;
if the canonical host name matches a negated pattern, the key is not accepted.
The purpose
of this option is to optionally increase security: public key authentication
@@ -524,12 +525,16 @@ Each line in these files contains the following fields: hostnames,
bits, exponent, modulus, comment.
The fields are separated by spaces.
.Pp
-Hostnames is a comma-separated list of patterns ('*' and '?' act as
+Hostnames is a comma-separated list of patterns (
+.Ql \&*
+and
+.Ql \&?
+act as
wildcards); each pattern in turn is matched against the canonical host
name (when authenticating a client) or against the user-supplied
name (when authenticating a server).
A pattern may also be preceded by
-.Ql !
+.Ql \&!
to indicate negation: if the host name matches a negated
pattern, it is not accepted (by that line) even if it matched another
pattern on the line.
diff --git a/usr.bin/ssh/sshd_config.5 b/usr.bin/ssh/sshd_config.5
index c554d2eb194..a563b62bdb5 100644
--- a/usr.bin/ssh/sshd_config.5
+++ b/usr.bin/ssh/sshd_config.5
@@ -34,7 +34,7 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.\" $OpenBSD: sshd_config.5,v 1.15 2003/03/28 10:11:43 jmc Exp $
+.\" $OpenBSD: sshd_config.5,v 1.16 2003/04/30 01:16:20 mouring Exp $
.Dd September 25, 1999
.Dt SSHD_CONFIG 5
.Os
@@ -72,7 +72,7 @@ If specified, login is allowed only for users whose primary
group or supplementary group list matches one of the patterns.
.Ql \&*
and
-.Ql ?
+.Ql \&?
can be used as
wildcards in the patterns.
Only group names are valid; a numerical group ID is not recognized.
@@ -93,7 +93,7 @@ If specified, login is allowed only for user names that
match one of the patterns.
.Ql \&*
and
-.Ql ?
+.Ql \&?
can be used as
wildcards in the patterns.
Only user names are valid; a numerical user ID is not recognized.
@@ -187,7 +187,7 @@ Login is disallowed for users whose primary group or supplementary
group list matches one of the patterns.
.Ql \&*
and
-.Ql ?
+.Ql \&?
can be used as
wildcards in the patterns.
Only group names are valid; a numerical group ID is not recognized.
@@ -199,7 +199,7 @@ by spaces.
Login is disallowed for user names that match one of the patterns.
.Ql \&*
and
-.Ql ?
+.Ql \&?
can be used as wildcards in the patterns.
Only user names are valid; a numerical user ID is not recognized.
By default, login is allowed for all users.