Changeset View
Changeset View
Standalone View
Standalone View
crypto/openssh/sshd_config.5
Show First 20 Lines • Show All 1,531 Lines • ▼ Show 20 Lines | |||||
If a certificate is presented for authentication and has its signing CA key | If a certificate is presented for authentication and has its signing CA key | ||||
listed in this file, then it may be used for authentication for any user | listed in this file, then it may be used for authentication for any user | ||||
listed in the certificate's principals list. | listed in the certificate's principals list. | ||||
Note that certificates that lack a list of principals will not be permitted | Note that certificates that lack a list of principals will not be permitted | ||||
for authentication using | for authentication using | ||||
.Cm TrustedUserCAKeys . | .Cm TrustedUserCAKeys . | ||||
For more details on certificates, see the CERTIFICATES section in | For more details on certificates, see the CERTIFICATES section in | ||||
.Xr ssh-keygen 1 . | .Xr ssh-keygen 1 . | ||||
.It Cm UseBlacklist | |||||
Specifies whether | |||||
.Xr sshd 8 | |||||
should attempt to send authentication success and failure messages | |||||
wblock: Passive -> active. Also, "should" implies a recommendation.
s/should attempt/attempts/ | |||||
to the | |||||
.Xr blacklistd 8 | |||||
daemon. | |||||
The default is | |||||
.Dq no . | |||||
.It Cm UseDNS | .It Cm UseDNS | ||||
Specifies whether | Specifies whether | ||||
.Xr sshd 8 | .Xr sshd 8 | ||||
should look up the remote host name, and to check that | should look up the remote host name, and to check that | ||||
wblockUnsubmitted Not Done Inline ActionsAs above: looks up the remote host name and checks that wblock: As above:
```looks up the remote host name and checks that``` | |||||
lidlAuthorUnsubmitted Not Done Inline ActionsI'm not going to make this change in this part of the text, as this comes from upstream. While you are correct it could be improved, I don't think that improvement ought to be part of this patch. lidl: I'm not going to make this change in this part of the text, as this comes from upstream. While… | |||||
wblockUnsubmitted Not Done Inline ActionsFair enough. wblock: Fair enough. | |||||
the resolved host name for the remote IP address maps back to the | the resolved host name for the remote IP address maps back to the | ||||
very same IP address. | very same IP address. | ||||
.Pp | .Pp | ||||
If this option is set to | If this option is set to | ||||
.Dq no , | .Dq no , | ||||
then only addresses and not host names may be used in | then only addresses and not host names may be used in | ||||
.Pa ~/.ssh/known_hosts | .Pa ~/.ssh/known_hosts | ||||
.Cm from | .Cm from | ||||
▲ Show 20 Lines • Show All 216 Lines • Show Last 20 Lines |
Passive -> active. Also, "should" implies a recommendation.
s/should attempt/attempts/