Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / openssh / 141df487ba699cfd1ec3dcd98186e7c956e99024^! / . / sshd_config.5
commit141df487ba699cfd1ec3dcd98186e7c956e99024[log] [tgz]
authornaddy@openbsd.org <naddy@openbsd.org>Sat Dec 21 20:22:34 2019 +0000
committerDamien Miller <djm@mindrot.org>Mon Dec 30 14:31:40 2019 +1100
treed759e3195bf74db1bf1673c563dd24450fcc4c50
parentfbd9729d4eadf2f7097b6017156387ac64302453 [diff] [blame]
upstream: Replace the term "security key" with "(FIDO)

authenticator".

The polysemous use of "key" was too confusing.  Input from markus@.
ok jmc@

OpenBSD-Commit-ID: 12eea973a44c8232af89f86e4269d71ae900ca8f

diff --git a/sshd_config.5 b/sshd_config.5
index 2221931..76ec69b 100644
--- a/sshd_config.5
+++ b/sshd_config.5

@@ -33,8 +33,8 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: sshd_config.5,v 1.296 2019/12/19 15:09:30 naddy Exp $
-.Dd $Mdocdate: December 19 2019 $
+.\" $OpenBSD: sshd_config.5,v 1.297 2019/12/21 20:22:34 naddy Exp $
+.Dd $Mdocdate: December 21 2019 $
 .Dt SSHD_CONFIG 5
 .Os
 .Sh NAME
@@ -1462,20 +1462,20 @@
 .Pp
 The
 .Cm touch-required
-option causes public key authentication using a security key algorithm
+option causes public key authentication using a FIDO authenticator algorithm
 (i.e.\&
 .Cm ecdsa-sk
 or
 .Cm ed25519-sk )
 to always require the signature to attest that a physically present user
-explicitly confirmed the authentication (usually by touching the security key).
+explicitly confirmed the authentication (usually by touching the authenticator).
 By default,
 .Xr sshd 8
-requires key touch unless overridden with an authorized_keys option.
+requires user presence unless overridden with an authorized_keys option.
 The
 .Cm touch-required
 flag disables this override.
-This option has no effect for other, non-security key, public key types.
+This option has no effect for other, non-authenticator public key types.
 .It Cm PubkeyAuthentication
 Specifies whether public key authentication is allowed.
 The default is
@@ -1527,9 +1527,9 @@
 .Cm \&%D ,
 then the domain in which the incoming connection was received will be applied.
 .It Cm SecurityKeyProvider
-Specifies a path to a security key provider library that will be used when
-loading any security key-hosted keys, overriding the default of using
-the built-in support for USB HID keys.
+Specifies a path to a library that will be used when loading
+FIDO authenticator-hosted keys, overriding the default of using
+the built-in USB HID support.
 .It Cm SetEnv
 Specifies one or more environment variables to set in child sessions started
 by