diff options
author | Damien Miller <djm@cvs.openbsd.org> | 2020-04-17 04:27:04 +0000 |
---|---|---|
committer | Damien Miller <djm@cvs.openbsd.org> | 2020-04-17 04:27:04 +0000 |
commit | 552d3a52f8e9de716d59ceb1edd318e13dc35507 (patch) | |
tree | 256acd9293c0bbd653f6e6bd3a2f18135a65bb20 /usr.bin/ssh | |
parent | b446850893f352f0ce16d9320a8ac16e0f464331 (diff) |
auth2-pubkey r1.89 changed the order of operations to checking
AuthorizedKeysFile first and falling back to AuthorizedKeysCommand
if no key was found in a file. Document this order here; bz3134
Diffstat (limited to 'usr.bin/ssh')
-rw-r--r-- | usr.bin/ssh/sshd_config.5 | 8 |
1 files changed, 3 insertions, 5 deletions
diff --git a/usr.bin/ssh/sshd_config.5 b/usr.bin/ssh/sshd_config.5 index a73d095d178..d61fcb799ee 100644 --- a/usr.bin/ssh/sshd_config.5 +++ b/usr.bin/ssh/sshd_config.5 @@ -33,7 +33,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd_config.5,v 1.309 2020/04/17 03:30:05 djm Exp $ +.\" $OpenBSD: sshd_config.5,v 1.310 2020/04/17 04:27:03 djm Exp $ .Dd $Mdocdate: April 17 2020 $ .Dt SSHD_CONFIG 5 .Os @@ -248,12 +248,10 @@ more lines of authorized_keys output (see .Sx AUTHORIZED_KEYS in .Xr sshd 8 ) . -If a key supplied by .Cm AuthorizedKeysCommand -does not successfully authenticate -and authorize the user then public key authentication continues using the usual +is tried after the usual .Cm AuthorizedKeysFile -files. +files and will not be executed if a matching key is found there. By default, no .Cm AuthorizedKeysCommand is run. |