summaryrefslogtreecommitdiff
path: root/usr.bin/ssh
diff options
context:
space:
mode:
authorDamien Miller <djm@cvs.openbsd.org>2020-04-17 04:27:04 +0000
committerDamien Miller <djm@cvs.openbsd.org>2020-04-17 04:27:04 +0000
commit552d3a52f8e9de716d59ceb1edd318e13dc35507 (patch)
tree256acd9293c0bbd653f6e6bd3a2f18135a65bb20 /usr.bin/ssh
parentb446850893f352f0ce16d9320a8ac16e0f464331 (diff)
auth2-pubkey r1.89 changed the order of operations to checking
AuthorizedKeysFile first and falling back to AuthorizedKeysCommand if no key was found in a file. Document this order here; bz3134
Diffstat (limited to 'usr.bin/ssh')
-rw-r--r--usr.bin/ssh/sshd_config.58
1 files changed, 3 insertions, 5 deletions
diff --git a/usr.bin/ssh/sshd_config.5 b/usr.bin/ssh/sshd_config.5
index a73d095d178..d61fcb799ee 100644
--- a/usr.bin/ssh/sshd_config.5
+++ b/usr.bin/ssh/sshd_config.5
@@ -33,7 +33,7 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.\" $OpenBSD: sshd_config.5,v 1.309 2020/04/17 03:30:05 djm Exp $
+.\" $OpenBSD: sshd_config.5,v 1.310 2020/04/17 04:27:03 djm Exp $
.Dd $Mdocdate: April 17 2020 $
.Dt SSHD_CONFIG 5
.Os
@@ -248,12 +248,10 @@ more lines of authorized_keys output (see
.Sx AUTHORIZED_KEYS
in
.Xr sshd 8 ) .
-If a key supplied by
.Cm AuthorizedKeysCommand
-does not successfully authenticate
-and authorize the user then public key authentication continues using the usual
+is tried after the usual
.Cm AuthorizedKeysFile
-files.
+files and will not be executed if a matching key is found there.
By default, no
.Cm AuthorizedKeysCommand
is run.