[openssh-commits] [openssh] 02/02: upstream: mention that RevokedKeys is read by the server at each

[git+noreply at mindrot.org]

This is an automated email from the git hooks/post-receive script.

djm pushed a commit to branch master
in repository openssh.

commit 21ecb5fd72ee442a8b1eb5011c7f929ba8ce02f9
Author: djm at openbsd.org <djm at openbsd.org>
AuthorDate: Sat Mar 28 05:07:12 2026 +0000

    upstream: mention that RevokedKeys is read by the server at each
    
    authentication time and should only ever be replaced atomically.
    
    OpenBSD-Commit-ID: eeedf5a10331ac4e39fbd2fc41e4a11c38b2ef9b
---
 sshd_config.5 | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/sshd_config.5 b/sshd_config.5
index 5bcec932d..3f5e29812 100644
--- a/sshd_config.5
+++ b/sshd_config.5
@@ -33,8 +33,8 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: sshd_config.5,v 1.396 2026/03/23 01:33:46 djm Exp $
-.Dd $Mdocdate: March 23 2026 $
+.\" $OpenBSD: sshd_config.5,v 1.397 2026/03/28 05:07:12 djm Exp $
+.Dd $Mdocdate: March 28 2026 $
 .Dt SSHD_CONFIG 5
 .Os
 .Sh NAME
@@ -1855,6 +1855,11 @@ be refused for all users.
 Keys may be specified as a text file, listing one public key per line, or as
 an OpenSSH Key Revocation List (KRL) as generated by
 .Xr ssh-keygen 1 .
+This file may be consulted for each public key authentication attempt
+received by
+.Xr sshd 8
+and its contents must be consistent at all times, therefore it should only
+be atomically replaced and never modified in place while the server is running.
 For more information on KRLs, see the KEY REVOCATION LISTS section in
 .Xr ssh-keygen 1 .
 .It Cm RDomain

-- 
To stop receiving notification emails like this one, please contact
djm at mindrot.org.