[openssh-commits] [openssh] 01/04: upstream: auth2-pubkey r1.89 changed the order of operations to

git+noreply at mindrot.org git+noreply at mindrot.org
Fri Apr 17 17:17:51 AEST 2020


This is an automated email from the git hooks/post-receive script.

djm pushed a commit to branch master
in repository openssh.

commit 44ae009a0112081d0d541aeaa90088bedb6f21ce
Author: djm at openbsd.org <djm at openbsd.org>
Date:   Fri Apr 17 04:27:03 2020 +0000

    upstream: auth2-pubkey r1.89 changed the order of operations to
    
    checking AuthorizedKeysFile first and falling back to AuthorizedKeysCommand
    if no key was found in a file. Document this order here; bz3134
    
    OpenBSD-Commit-ID: afce0872cbfcfc1d4910ad7722e50f792a1dce12
---
 sshd_config.5 | 8 +++-----
 1 file changed, 3 insertions(+), 5 deletions(-)

diff --git a/sshd_config.5 b/sshd_config.5
index 5648337a..b2fda8d5 100644
--- a/sshd_config.5
+++ b/sshd_config.5
@@ -33,7 +33,7 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: sshd_config.5,v 1.309 2020/04/17 03:30:05 djm Exp $
+.\" $OpenBSD: sshd_config.5,v 1.310 2020/04/17 04:27:03 djm Exp $
 .Dd $Mdocdate: April 17 2020 $
 .Dt SSHD_CONFIG 5
 .Os
@@ -247,12 +247,10 @@ more lines of authorized_keys output (see
 .Sx AUTHORIZED_KEYS
 in
 .Xr sshd 8 ) .
-If a key supplied by
 .Cm AuthorizedKeysCommand
-does not successfully authenticate
-and authorize the user then public key authentication continues using the usual
+is tried after the usual
 .Cm AuthorizedKeysFile
-files.
+files and will not be executed if a matching key is found there.
 By default, no
 .Cm AuthorizedKeysCommand
 is run.

-- 
To stop receiving notification emails like this one, please contact
djm at mindrot.org.


More information about the openssh-commits mailing list