version 1.115, 2001/06/22 21:55:49 |
version 1.116, 2001/06/23 02:34:31 |
|
|
.Nm |
.Nm |
automatically maintains and checks a database containing |
automatically maintains and checks a database containing |
identifications for all hosts it has ever been used with. |
identifications for all hosts it has ever been used with. |
RSA host keys are stored in |
Host keys are stored in |
.Pa $HOME/.ssh/known_hosts |
.Pa $HOME/.ssh/known_hosts |
and |
|
host keys used in the protocol version 2 are stored in |
|
.Pa $HOME/.ssh/known_hosts2 |
|
in the user's home directory. |
in the user's home directory. |
Additionally, the files |
Additionally, the file |
.Pa /etc/ssh_known_hosts |
.Pa /etc/ssh_known_hosts |
and |
is automatically checked for known hosts. |
.Pa /etc/ssh_known_hosts2 |
|
are automatically checked for known hosts. |
|
Any new hosts are automatically added to the user's file. |
Any new hosts are automatically added to the user's file. |
If a host's identification |
If a host's identification |
ever changes, |
ever changes, |
|
|
The default is |
The default is |
.Dq no . |
.Dq no . |
.It Cm GlobalKnownHostsFile |
.It Cm GlobalKnownHostsFile |
Specifies a file to use for the protocol version 1 global |
Specifies a file to use for the global |
host key database instead of |
host key database instead of |
.Pa /etc/ssh_known_hosts . |
.Pa /etc/ssh_known_hosts . |
.It Cm GlobalKnownHostsFile2 |
|
Specifies a file to use for the protocol version 2 global |
|
host key database instead of |
|
.Pa /etc/ssh_known_hosts2 . |
|
.It Cm HostbasedAuthentication |
.It Cm HostbasedAuthentication |
Specifies whether to try rhosts based authentication with public key |
Specifies whether to try rhosts based authentication with public key |
authentication. |
authentication. |
|
|
.Nm |
.Nm |
will never automatically add host keys to the |
will never automatically add host keys to the |
.Pa $HOME/.ssh/known_hosts |
.Pa $HOME/.ssh/known_hosts |
and |
file, and refuses to connect to hosts whose host key has changed. |
.Pa $HOME/.ssh/known_hosts2 |
|
files, and refuses to connect to hosts whose host key has changed. |
|
This provides maximum protection against trojan horse attacks. |
This provides maximum protection against trojan horse attacks. |
However, it can be somewhat annoying if you don't have good |
However, it can be somewhat annoying if you don't have good |
.Pa /etc/ssh_known_hosts |
.Pa /etc/ssh_known_hosts |
and |
|
.Pa /etc/ssh_known_hosts2 |
|
files installed and frequently |
files installed and frequently |
connect to new hosts. |
connect to new hosts. |
This option forces the user to manually |
This option forces the user to manually |
|
|
This saves the trouble of |
This saves the trouble of |
having to remember to give the user name on the command line. |
having to remember to give the user name on the command line. |
.It Cm UserKnownHostsFile |
.It Cm UserKnownHostsFile |
Specifies a file to use for the protocol version 1 user |
Specifies a file to use for the user |
host key database instead of |
host key database instead of |
.Pa $HOME/.ssh/known_hosts . |
.Pa $HOME/.ssh/known_hosts . |
.It Cm UserKnownHostsFile2 |
|
Specifies a file to use for the protocol version 2 user |
|
host key database instead of |
|
.Pa $HOME/.ssh/known_hosts2 . |
|
.It Cm UseRsh |
.It Cm UseRsh |
Specifies that rlogin/rsh should be used for this host. |
Specifies that rlogin/rsh should be used for this host. |
It is possible that the host does not at all support the |
It is possible that the host does not at all support the |
|
|
to the environment. |
to the environment. |
.Sh FILES |
.Sh FILES |
.Bl -tag -width Ds |
.Bl -tag -width Ds |
.It Pa $HOME/.ssh/known_hosts, $HOME/.ssh/known_hosts2 |
.It Pa $HOME/.ssh/known_hosts |
Records host keys for all hosts the user has logged into (that are not |
Records host keys for all hosts the user has logged into (that are not |
in |
in |
.Pa /etc/ssh_known_hosts |
.Pa /etc/ssh_known_hosts . |
for protocol version 1 or |
|
.Pa /etc/ssh_known_hosts2 |
|
for protocol version 2). |
|
See |
See |
.Xr sshd 8 . |
.Xr sshd 8 . |
.It Pa $HOME/.ssh/identity, $HOME/.ssh/id_dsa, $HOME/.ssh/id_rsa |
.It Pa $HOME/.ssh/identity, $HOME/.ssh/id_dsa, $HOME/.ssh/id_rsa |
|
|
The format of this file is described in the |
The format of this file is described in the |
.Xr sshd 8 |
.Xr sshd 8 |
manual page. |
manual page. |
|
In the simplest form the format is the same as the .pub |
|
identity files. |
This file is not highly sensitive, but the recommended |
This file is not highly sensitive, but the recommended |
permissions are read/write for the user, and not accessible by others. |
permissions are read/write for the user, and not accessible by others. |
.It Pa /etc/ssh_known_hosts, /etc/ssh_known_hosts2 |
.It Pa /etc/ssh_known_hosts |
Systemwide list of known host keys. |
Systemwide list of known host keys. |
.Pa /etc/ssh_known_hosts |
This file should be prepared by the |
contains RSA and |
|
.Pa /etc/ssh_known_hosts2 |
|
contains RSA or DSA keys for protocol version 2. |
|
These files should be prepared by the |
|
system administrator to contain the public host keys of all machines in the |
system administrator to contain the public host keys of all machines in the |
organization. |
organization. |
This file should be world-readable. |
This file should be world-readable. |
This file contains |
This file contains |
public keys, one per line, in the following format (fields separated |
public keys, one per line, in the following format (fields separated |
by spaces): system name, number of bits in modulus, public exponent, |
by spaces): system name, public key and optional comment field. |
modulus, and optional comment field. |
|
When different names are used |
When different names are used |
for the same machine, all such names should be listed, separated by |
for the same machine, all such names should be listed, separated by |
commas. |
commas. |