diff options
| author |   djm <djm@openbsd.org> | 2013-04-19 01:00:10 +0000 |
|---|---|---|
| committer | djm <djm@openbsd.org> | 2013-04-19 01:00:10 +0000 |
| commit | e6c3f5a46e4cc63db8c21ebfdf823e14da7843d0 (patch) | |
| tree | e309662f497d0c3684f3ef937e8681c5066ce1d5 | |
| parent | Use __guard_local as the stack protector canary symbol, as already done in (diff) | |
| download | wireguard-openbsd-e6c3f5a46e4cc63db8c21ebfdf823e14da7843d0.tar.xz wireguard-openbsd-e6c3f5a46e4cc63db8c21ebfdf823e14da7843d0.zip | |
document the requirment that the AuthorizedKeysCommand be owned by root;
ok dtucker@ markus@
| -rw-r--r-- | usr.bin/ssh/sshd_config.5 | 7 |
1 files changed, 4 insertions, 3 deletions
diff --git a/usr.bin/ssh/sshd_config.5 b/usr.bin/ssh/sshd_config.5 index 459e04270d4..b82fdf9f3a8 100644 --- a/usr.bin/ssh/sshd_config.5 +++ b/usr.bin/ssh/sshd_config.5 @@ -33,8 +33,8 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd_config.5,v 1.157 2013/03/07 19:27:25 markus Exp $ -.Dd $Mdocdate: March 7 2013 $ +.\" $OpenBSD: sshd_config.5,v 1.158 2013/04/19 01:00:10 djm Exp $ +.Dd $Mdocdate: April 19 2013 $ .Dt SSHD_CONFIG 5 .Os .Sh NAME @@ -202,7 +202,8 @@ The default is not to require multiple authentication; successful completion of a single authentication method is sufficient. .It Cm AuthorizedKeysCommand Specifies a program to be used to look up the user's public keys. -The program will be invoked with a single argument of the username +The program must be owned by root and not writable by group or others. +It will be invoked with a single argument of the username being authenticated, and should produce on standard output zero or more lines of authorized_keys output (see .Sx AUTHORIZED_KEYS |