CVSROOT:        /cvs
Module name:    src
Changes by:     d...@cvs.openbsd.org    2015/11/15 17:30:02

Modified files:
        usr.bin/ssh    : auth-options.c sshd.8 

Log message:
Add a new authorized_keys option "restrict" that includes all current
and future key restrictions (no-*-forwarding, etc). Also add permissive
versions of the existing restrictions, e.g. "no-pty" -> "pty". This
simplifies the task of setting up restricted keys and ensures they are
maximally-restricted, regardless of any permissions we might implement
in the future.

Example:

restrict,pty,command="nethack" ssh-ed25519 AAAAC3NzaC1lZDI1...

Idea from Jann Horn; ok markus@

Reply via email to