- mouring@cvs.openbsd.org 2003/04/30 01:16:20
[sshd.8 sshd_config.5]
Escape ?, * and ! in .Ql for nroff compatibility. OpenSSH Portable
Bug #550 and * escaping suggested by jmc@.
diff --git a/sshd.8 b/sshd.8
index a99c4f1..1d4e90f 100644
--- a/sshd.8
+++ b/sshd.8
@@ -34,7 +34,7 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.\" $OpenBSD: sshd.8,v 1.194 2003/01/31 21:54:40 jmc Exp $
+.\" $OpenBSD: sshd.8,v 1.195 2003/04/30 01:16:20 mouring Exp $
.Dd September 25, 1999
.Dt SSHD 8
.Os
@@ -429,13 +429,14 @@
Specifies that in addition to public key authentication, the canonical name
of the remote host must be present in the comma-separated list of
patterns
-.Pf ( Ql *
+.Pf (
+.Ql \&*
and
-.Ql ?
+.Ql \&?
serve as wildcards).
The list may also contain
patterns negated by prefixing them with
-.Ql ! ;
+.Ql \&! ;
if the canonical host name matches a negated pattern, the key is not accepted.
The purpose
of this option is to optionally increase security: public key authentication
@@ -524,12 +525,16 @@
bits, exponent, modulus, comment.
The fields are separated by spaces.
.Pp
-Hostnames is a comma-separated list of patterns ('*' and '?' act as
+Hostnames is a comma-separated list of patterns (
+.Ql \&*
+and
+.Ql \&?
+act as
wildcards); each pattern in turn is matched against the canonical host
name (when authenticating a client) or against the user-supplied
name (when authenticating a server).
A pattern may also be preceded by
-.Ql !
+.Ql \&!
to indicate negation: if the host name matches a negated
pattern, it is not accepted (by that line) even if it matched another
pattern on the line.