upstream commit

cidr permitted for {allow,deny}users; from lars nooden ok djm

Upstream-ID: 13e7327fe85f6c63f3f7f069e0fdc8c351515d11

1 files changed, 6 insertions, 2 deletions

diff --git a/sshd_config.5 b/sshd_config.5
index 433b8f2c1..63807c030 100644
--- a/sshd_config.5
+++ b/sshd_config.5
@@ -33,8 +33,8 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: sshd_config.5,v 1.221 2016/03/17 17:19:43 djm Exp $
-.Dd $Mdocdate: March 17 2016 $
+.\" $OpenBSD: sshd_config.5,v 1.222 2016/04/27 13:53:48 jmc Exp $
+.Dd $Mdocdate: April 27 2016 $
 .Dt SSHD_CONFIG 5
 .Os
 .Sh NAME
@@ -173,6 +173,8 @@ By default, login is allowed for all users.
 If the pattern takes the form USER@HOST then USER and HOST
 are separately checked, restricting logins to particular
 users from particular hosts.
+HOST criteria may additionally contain addresses to match in CIDR
+address/masklen format.
 The allow/deny directives are processed in the following order:
 .Cm DenyUsers ,
 .Cm AllowUsers ,
@@ -560,6 +562,8 @@ By default, login is allowed for all users.
 If the pattern takes the form USER@HOST then USER and HOST
 are separately checked, restricting logins to particular
 users from particular hosts.
+HOST criteria may additionally contain addresses to match in CIDR
+address/masklen format.
 The allow/deny directives are processed in the following order:
 .Cm DenyUsers ,
 .Cm AllowUsers ,