Changeset View
Changeset View
Standalone View
Standalone View
crypto/openssh/sshd_config.5
| Show First 20 Lines • Show All 1,531 Lines • ▼ Show 20 Lines | |||||
| If a certificate is presented for authentication and has its signing CA key | If a certificate is presented for authentication and has its signing CA key | ||||
| listed in this file, then it may be used for authentication for any user | listed in this file, then it may be used for authentication for any user | ||||
| listed in the certificate's principals list. | listed in the certificate's principals list. | ||||
| Note that certificates that lack a list of principals will not be permitted | Note that certificates that lack a list of principals will not be permitted | ||||
| for authentication using | for authentication using | ||||
| .Cm TrustedUserCAKeys . | .Cm TrustedUserCAKeys . | ||||
| For more details on certificates, see the CERTIFICATES section in | For more details on certificates, see the CERTIFICATES section in | ||||
| .Xr ssh-keygen 1 . | .Xr ssh-keygen 1 . | ||||
| .It Cm UseBlacklist | |||||
| Specifies whether | |||||
| .Xr sshd 8 | |||||
| should attempt to send authentication success and failure messages | |||||
wblock: Passive -> active. Also, "should" implies a recommendation.
s/should attempt/attempts/ | |||||
| to the | |||||
| .Xr blacklistd 8 | |||||
| daemon. | |||||
| The default is | |||||
| .Dq no . | |||||
| .It Cm UseDNS | .It Cm UseDNS | ||||
| Specifies whether | Specifies whether | ||||
| .Xr sshd 8 | .Xr sshd 8 | ||||
| should look up the remote host name, and to check that | should look up the remote host name, and to check that | ||||
wblockUnsubmitted Not Done Inline ActionsAs above: looks up the remote host name and checks that wblock: As above:
```looks up the remote host name and checks that``` | |||||
lidlAuthorUnsubmitted Not Done Inline ActionsI'm not going to make this change in this part of the text, as this comes from upstream. While you are correct it could be improved, I don't think that improvement ought to be part of this patch. lidl: I'm not going to make this change in this part of the text, as this comes from upstream. While… | |||||
wblockUnsubmitted Not Done Inline ActionsFair enough. wblock: Fair enough. | |||||
| the resolved host name for the remote IP address maps back to the | the resolved host name for the remote IP address maps back to the | ||||
| very same IP address. | very same IP address. | ||||
| .Pp | .Pp | ||||
| If this option is set to | If this option is set to | ||||
| .Dq no , | .Dq no , | ||||
| then only addresses and not host names may be used in | then only addresses and not host names may be used in | ||||
| .Pa ~/.ssh/known_hosts | .Pa ~/.ssh/known_hosts | ||||
| .Cm from | .Cm from | ||||
| ▲ Show 20 Lines • Show All 216 Lines • Show Last 20 Lines | |||||
Passive -> active. Also, "should" implies a recommendation.
s/should attempt/attempts/