correct description of what will happen when a AuthorizedKeysCommand is

author djm <djm@openbsd.org>

Mon, 22 Dec 2014 08:04:23 +0000 (08:04 +0000)

committer djm <djm@openbsd.org>

Mon, 22 Dec 2014 08:04:23 +0000 (08:04 +0000)
author djm <djm@openbsd.org>
Mon, 22 Dec 2014 08:04:23 +0000 (08:04 +0000)
committer djm <djm@openbsd.org>
Mon, 22 Dec 2014 08:04:23 +0000 (08:04 +0000)
diff --git a/usr.bin/ssh/sshd_config.5 b/usr.bin/ssh/sshd_config.5

index 98985c0..8e87e44 100644 (file)
--- a/usr.bin/ssh/sshd_config.5
+++ b/usr.bin/ssh/sshd_config.5
@@ -33,7 +33,7 @@
  .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
  .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  .\"
-.\" $OpenBSD: sshd_config.5,v 1.185 2014/12/22 07:51:30 djm Exp $
+.\" $OpenBSD: sshd_config.5,v 1.186 2014/12/22 08:04:23 djm Exp $
  .Dd $Mdocdate: December 22 2014 $
  .Dt SSHD_CONFIG 5
  .Os
@@ -244,9 +244,13 @@ By default, no AuthorizedKeysCommand is run.
  Specifies the user under whose account the AuthorizedKeysCommand is run.
  It is recommended to use a dedicated user that has no other role on the host
  than running authorized keys commands.
-If no user is specified then
+If
  .Cm AuthorizedKeysCommand
-is ignored.
+is specified but
+.Cm AuthorizedKeysCommandUser
+is not, then
+.Xr sshd 8
+will refuse to start.
  .It Cm AuthorizedKeysFile
  Specifies the file that contains the public keys that can be used
  for user authentication.
author	djm <djm@openbsd.org>
	Mon, 22 Dec 2014 08:04:23 +0000 (08:04 +0000)
committer	djm <djm@openbsd.org>
	Mon, 22 Dec 2014 08:04:23 +0000 (08:04 +0000)