CVSROOT: /cvs
Module name: src
Changes by: d...@cvs.openbsd.org 2015/11/15 17:30:02
Modified files:
usr.bin/ssh : auth-options.c sshd.8
Log message:
Add a new authorized_keys option "restrict" that includes all current
and future key restrictions (no-*-forwarding, etc). Also add permissive
versions of the existing restrictions, e.g. "no-pty" -> "pty". This
simplifies the task of setting up restricted keys and ensures they are
maximally-restricted, regardless of any permissions we might implement
in the future.
Example:
restrict,pty,command="nethack" ssh-ed25519 AAAAC3NzaC1lZDI1...
Idea from Jann Horn; ok markus@
