[openssh-commits] [openssh] 01/01: upstream: rework authorized_keys example section, removing irrelevant

git+noreply at mindrot.org git+noreply at mindrot.org
Fri Jun 4 16:00:45 AEST 2021


This is an automated email from the git hooks/post-receive script.

djm pushed a commit to branch master
in repository openssh.

commit c298c4da574ab92df2f051561aeb3e106b0ec954
Author: djm at openbsd.org <djm at openbsd.org>
Date:   Fri Jun 4 05:59:18 2021 +0000

    upstream: rework authorized_keys example section, removing irrelevant
    
    stuff, de-wrapping the example lines and better aligning the examples with
    common usage and FAQs; ok jmc
    
    OpenBSD-Commit-ID: d59f1c9281f828148e2a2e49eb9629266803b75c
---
 sshd.8 | 41 +++++++++++++++++++++--------------------
 1 file changed, 21 insertions(+), 20 deletions(-)

diff --git a/sshd.8 b/sshd.8
index 1aa56ba7..3f4ab8f3 100644
--- a/sshd.8
+++ b/sshd.8
@@ -33,8 +33,8 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: sshd.8,v 1.314 2021/04/03 05:46:41 djm Exp $
-.Dd $Mdocdate: April 3 2021 $
+.\" $OpenBSD: sshd.8,v 1.315 2021/06/04 05:59:18 djm Exp $
+.Dd $Mdocdate: June 4 2021 $
 .Dt SSHD 8
 .Os
 .Sh NAME
@@ -665,24 +665,25 @@ option.
 .Pp
 An example authorized_keys file:
 .Bd -literal -offset 3n
-# Comments allowed at start of line
-ssh-rsa AAAAB3Nza...LiPk== user at example.net
-from="*.sales.example.net,!pc.sales.example.net" ssh-rsa
-AAAAB2...19Q== john at example.net
-command="dump /home",no-pty,no-port-forwarding ssh-rsa
-AAAAC3...51R== example.net
-permitopen="192.0.2.1:80",permitopen="192.0.2.2:25" ssh-rsa
-AAAAB5...21S==
-permitlisten="localhost:8080",permitopen="localhost:22000" ssh-rsa
-AAAAB5...21S==
-tunnel="0",command="sh /etc/netstart tun0" ssh-rsa AAAA...==
-jane at example.net
-restrict,command="uptime" ssh-rsa AAAA1C8...32Tv==
-user at example.net
-restrict,pty,command="nethack" ssh-rsa AAAA1f8...IrrC5==
-user at example.net
-no-touch-required sk-ecdsa-sha2-nistp256 at openssh.com AAAAInN...Ko==
-user at example.net
+# Comments are allowed at start of line. Blank lines are allowed.
+# Plain key, no restrictions
+ssh-rsa ...
+# Forced command, disable PTY and all forwarding
+restrict,command="dump /home" ssh-rsa ...
+# Restriction of ssh -L forwarding destinations
+permitopen="192.0.2.1:80",permitopen="192.0.2.2:25" ssh-rsa ...
+# Restriction of ssh -R forwarding listeners
+permitlisten="localhost:8080",permitlisten="[::1]:22000" ssh-rsa ...
+# Configuration for tunnel forwarding
+tunnel="0",command="sh /etc/netstart tun0" ssh-rsa ...
+# Override of restriction to allow PTY allocation
+restrict,pty,command="nethack" ssh-rsa ...
+# Allow FIDO key without requiring touch
+no-touch-required sk-ecdsa-sha2-nistp256 at openssh.com ...
+# Require user-verification (e.g. PIN or biometric) for FIDO key
+verify-required sk-ecdsa-sha2-nistp256 at openssh.com ...
+# Trust CA key, allow touch-less FIDO if requested in certificate
+cert-authority,no-touch-required,principals="user_a" ssh-rsa ...
 .Ed
 .Sh SSH_KNOWN_HOSTS FILE FORMAT
 The

-- 
To stop receiving notification emails like this one, please contact
djm at mindrot.org.


More information about the openssh-commits mailing list