Match rules question
Ben Lindstrom
mouring at eviladmin.org
Wed Mar 25 09:36:58 EST 2009
On Mar 24, 2009, at 4:38 PM, Iain Morgan wrote:
> On Tue, Mar 24, 2009 at 14:56:32 -0500, Ben Lindstrom wrote:
>>
>> Currently I see that "PubkeyAuthentication" is currently excluded as
>> being usable with the Match command in 5.1 and 5.2. Is there a
>> reason
>> for this? There is a discussion in-house where we'd like to do:
>>
>> PubkeyAuthentication no
>>
>> Match Address [INTERNAL-IP-LIST]
>> PubkeyAuthentication Yes
>>
>
> Did you actually test this or are you going by the man page? I don't
> see
> pubkeyauthentication listed as one of the allowed options under the
> Match directive, but a glance at servconf.c indicates that it is
> supported. Likewise, sshd -t against an sshd_config similar to the one
> above does not complain.
Actually I assumed the manpage was right (one of the few projects that
tends to have good manpages).
> This looks to me like it's a documentation bug. In any case, please
> file
> a bug at https://bugzilla.mindrot.org so the issue does not get
> forgotten.
I'll valid it soon and throw a bug against it. Seemed odd to that it
wouldn't be there.
- Ben
More information about the openssh-unix-dev
mailing list