| version 1.139.2.2, 2002/03/07 17:37:47 |
version 1.139.2.3, 2002/03/08 15:17:18 |
|
|
| .Pa /etc/shosts.equiv , |
.Pa /etc/shosts.equiv , |
| and if additionally the server can verify the client's |
and if additionally the server can verify the client's |
| host key (see |
host key (see |
| .Pa /etc/ssh/ssh_known_hosts |
.Pa /etc/ssh_known_hosts |
| and |
and |
| .Pa $HOME/.ssh/known_hosts |
.Pa $HOME/.ssh/known_hosts |
| in the |
in the |
|
|
| .Pa $HOME/.ssh/known_hosts |
.Pa $HOME/.ssh/known_hosts |
| in the user's home directory. |
in the user's home directory. |
| Additionally, the file |
Additionally, the file |
| .Pa /etc/ssh/ssh_known_hosts |
.Pa /etc/ssh_known_hosts |
| is automatically checked for known hosts. |
is automatically checked for known hosts. |
| Any new hosts are automatically added to the user's file. |
Any new hosts are automatically added to the user's file. |
| If a host's identification |
If a host's identification |
|
|
| Specifies an alternative per-user configuration file. |
Specifies an alternative per-user configuration file. |
| If a configuration file is given on the command line, |
If a configuration file is given on the command line, |
| the system-wide configuration file |
the system-wide configuration file |
| .Pq Pa /etc/ssh/ssh_config |
.Pq Pa /etc/ssh_config |
| will be ignored. |
will be ignored. |
| The default for the per-user configuration file is |
The default for the per-user configuration file is |
| .Pa $HOME/.ssh/config . |
.Pa $HOME/.ssh/config . |
|
|
| command line options, user's configuration file |
command line options, user's configuration file |
| .Pq Pa $HOME/.ssh/config , |
.Pq Pa $HOME/.ssh/config , |
| and system-wide configuration file |
and system-wide configuration file |
| .Pq Pa /etc/ssh/ssh_config . |
.Pq Pa /etc/ssh_config . |
| For each parameter, the first obtained value |
For each parameter, the first obtained value |
| will be used. |
will be used. |
| The configuration files contain sections bracketed by |
The configuration files contain sections bracketed by |
|
|
| .It Cm GlobalKnownHostsFile |
.It Cm GlobalKnownHostsFile |
| Specifies a file to use for the global |
Specifies a file to use for the global |
| host key database instead of |
host key database instead of |
| .Pa /etc/ssh/ssh_known_hosts . |
.Pa /etc/ssh_known_hosts . |
| .It Cm HostbasedAuthentication |
.It Cm HostbasedAuthentication |
| Specifies whether to try rhosts based authentication with public key |
Specifies whether to try rhosts based authentication with public key |
| authentication. |
authentication. |
|
|
| file, and refuses to connect to hosts whose host key has changed. |
file, and refuses to connect to hosts whose host key has changed. |
| This provides maximum protection against trojan horse attacks, |
This provides maximum protection against trojan horse attacks, |
| however, can be annoying when the |
however, can be annoying when the |
| .Pa /etc/ssh/ssh_known_hosts |
.Pa /etc/ssh_known_hosts |
| file is poorly maintained, or connections to new hosts are |
file is poorly maintained, or connections to new hosts are |
| frequently made. |
frequently made. |
| This option forces the user to manually |
This option forces the user to manually |
|
|
| .It Pa $HOME/.ssh/known_hosts |
.It Pa $HOME/.ssh/known_hosts |
| Records host keys for all hosts the user has logged into that are not |
Records host keys for all hosts the user has logged into that are not |
| in |
in |
| .Pa /etc/ssh/ssh_known_hosts . |
.Pa /etc/ssh_known_hosts . |
| See |
See |
| .Xr sshd 8 . |
.Xr sshd 8 . |
| .It Pa $HOME/.ssh/identity, $HOME/.ssh/id_dsa, $HOME/.ssh/id_rsa |
.It Pa $HOME/.ssh/identity, $HOME/.ssh/id_dsa, $HOME/.ssh/id_rsa |
|
|
| identity files. |
identity files. |
| This file is not highly sensitive, but the recommended |
This file is not highly sensitive, but the recommended |
| permissions are read/write for the user, and not accessible by others. |
permissions are read/write for the user, and not accessible by others. |
| .It Pa /etc/ssh/ssh_known_hosts |
.It Pa /etc/ssh_known_hosts |
| Systemwide list of known host keys. |
Systemwide list of known host keys. |
| This file should be prepared by the |
This file should be prepared by the |
| system administrator to contain the public host keys of all machines in the |
system administrator to contain the public host keys of all machines in the |
|
|
| does not convert the user-supplied name to a canonical name before |
does not convert the user-supplied name to a canonical name before |
| checking the key, because someone with access to the name servers |
checking the key, because someone with access to the name servers |
| would then be able to fool host authentication. |
would then be able to fool host authentication. |
| .It Pa /etc/ssh/ssh_config |
.It Pa /etc/ssh_config |
| Systemwide configuration file. |
Systemwide configuration file. |
| This file provides defaults for those |
This file provides defaults for those |
| values that are not specified in the user's configuration file, and |
values that are not specified in the user's configuration file, and |
| for those users who do not have a configuration file. |
for those users who do not have a configuration file. |
| This file must be world-readable. |
This file must be world-readable. |
| .It Pa /etc/ssh/ssh_host_key, /etc/ssh/ssh_host_dsa_key, /etc/ssh/ssh_host_rsa_key |
.It Pa /etc/ssh_host_key, /etc/ssh_host_dsa_key, /etc/ssh_host_rsa_key |
| These three files contain the private parts of the host keys |
These three files contain the private parts of the host keys |
| and are used for |
and are used for |
| .Cm RhostsRSAAuthentication |
.Cm RhostsRSAAuthentication |
|
|
| will be installed so that it requires successful RSA host |
will be installed so that it requires successful RSA host |
| authentication before permitting \s+2.\s0rhosts authentication. |
authentication before permitting \s+2.\s0rhosts authentication. |
| If the server machine does not have the client's host key in |
If the server machine does not have the client's host key in |
| .Pa /etc/ssh/ssh_known_hosts , |
.Pa /etc/ssh_known_hosts , |
| it can be stored in |
it can be stored in |
| .Pa $HOME/.ssh/known_hosts . |
.Pa $HOME/.ssh/known_hosts . |
| The easiest way to do this is to |
The easiest way to do this is to |
|
|
| This file may be useful to permit logins using |
This file may be useful to permit logins using |
| .Nm |
.Nm |
| but not using rsh/rlogin. |
but not using rsh/rlogin. |
| .It Pa /etc/ssh/sshrc |
.It Pa /etc/sshrc |
| Commands in this file are executed by |
Commands in this file are executed by |
| .Nm |
.Nm |
| when the user logs in just before the user's shell (or command) is started. |
when the user logs in just before the user's shell (or command) is started. |
![[BACK]](/icons/back.gif){kind=icon}
Return to ssh.1 CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / src / usr.bin / ssh