upstream commit correct description of what will happen when a AuthorizedKeysCommand is specified but AuthorizedKeysCommandUser is not (sshd will refuse to start)

commit: f1c4d8ec52158b6f57834b8cd839605b0a33e7f2 [log] [tgz]
author: djm@openbsd.org <djm@openbsd.org> Mon Dec 22 08:04:23 2014 +0000
committer: Damien Miller <djm@mindrot.org> Mon Dec 22 19:08:12 2014 +1100
tree: 2982f8a7d1e00a47a4c9cf325702a477c98529b4
parent: 161cf419f412446635013ac49e8c660cadc36080 [diff] [blame]
diff --git a/sshd_config.5 b/sshd_config.5
index d2ab281..40a1dbd 100644
--- a/sshd_config.5
+++ b/sshd_config.5

@@ -33,7 +33,7 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: sshd_config.5,v 1.185 2014/12/22 07:51:30 djm Exp $
+.\" $OpenBSD: sshd_config.5,v 1.186 2014/12/22 08:04:23 djm Exp $
 .Dd $Mdocdate: December 22 2014 $
 .Dt SSHD_CONFIG 5
 .Os
@@ -244,9 +244,13 @@
 Specifies the user under whose account the AuthorizedKeysCommand is run.
 It is recommended to use a dedicated user that has no other role on the host
 than running authorized keys commands.
-If no user is specified then
+If
 .Cm AuthorizedKeysCommand
-is ignored.
+is specified but
+.Cm AuthorizedKeysCommandUser
+is not, then
+.Xr sshd 8
+will refuse to start.
 .It Cm AuthorizedKeysFile
 Specifies the file that contains the public keys that can be used
 for user authentication.
commit	f1c4d8ec52158b6f57834b8cd839605b0a33e7f2	[log] [tgz]
author	djm@openbsd.org <djm@openbsd.org>	Mon Dec 22 08:04:23 2014 +0000
committer	Damien Miller <djm@mindrot.org>	Mon Dec 22 19:08:12 2014 +1100
tree	2982f8a7d1e00a47a4c9cf325702a477c98529b4
parent	161cf419f412446635013ac49e8c660cadc36080 [diff] [blame]