upstream: auth2-pubkey r1.89 changed the order of operations to

checking AuthorizedKeysFile first and falling back to AuthorizedKeysCommand
if no key was found in a file. Document this order here; bz3134

OpenBSD-Commit-ID: afce0872cbfcfc1d4910ad7722e50f792a1dce12
This commit is contained in:
djm@openbsd.org 2020-04-17 04:27:03 +00:00 committed by Damien Miller
parent f96f17f920
commit 44ae009a01

View File

@ -33,7 +33,7 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.\" $OpenBSD: sshd_config.5,v 1.309 2020/04/17 03:30:05 djm Exp $
.\" $OpenBSD: sshd_config.5,v 1.310 2020/04/17 04:27:03 djm Exp $
.Dd $Mdocdate: April 17 2020 $
.Dt SSHD_CONFIG 5
.Os
@ -247,12 +247,10 @@ more lines of authorized_keys output (see
.Sx AUTHORIZED_KEYS
in
.Xr sshd 8 ) .
If a key supplied by
.Cm AuthorizedKeysCommand
does not successfully authenticate
and authorize the user then public key authentication continues using the usual
is tried after the usual
.Cm AuthorizedKeysFile
files.
files and will not be executed if a matching key is found there.
By default, no
.Cm AuthorizedKeysCommand
is run.