version 1.235, 2006/01/02 12:31:06 |
version 1.236, 2006/01/03 16:31:10 |
|
|
option in |
option in |
.Xr sshd_config 5 . |
.Xr sshd_config 5 . |
.Sh FILES |
.Sh FILES |
.Bl -tag -width Ds |
.Bl -tag -width Ds -compact |
.It Pa ~/.ssh/known_hosts |
.It ~/.ssh/known_hosts |
Records host keys for all hosts the user has logged into that are not |
Records host keys for all hosts the user has logged into that are not |
in |
in |
.Pa /etc/ssh/ssh_known_hosts . |
.Pa /etc/ssh/ssh_known_hosts . |
See |
See |
.Xr sshd 8 . |
.Xr sshd 8 . |
.It Pa ~/.ssh/identity, ~/.ssh/id_dsa, ~/.ssh/id_rsa |
.Pp |
|
.It ~/.ssh/identity |
|
.It ~/.ssh/id_dsa |
|
.It ~/.ssh/id_rsa |
Contains the private key for authentication. |
Contains the private key for authentication. |
These files |
These files |
contain sensitive data and should be readable by the user but not |
contain sensitive data and should be readable by the user but not |
|
|
It is possible to specify a passphrase when |
It is possible to specify a passphrase when |
generating the key which will be used to encrypt the |
generating the key which will be used to encrypt the |
sensitive part of this file using 3DES. |
sensitive part of this file using 3DES. |
.It Pa ~/.ssh/identity.pub, ~/.ssh/id_dsa.pub, ~/.ssh/id_rsa.pub |
.Pp |
|
.It ~/.ssh/identity.pub |
|
.It ~/.ssh/id_dsa.pub |
|
.It ~/.ssh/id_rsa.pub |
Contains the public key for authentication. |
Contains the public key for authentication. |
These files are not |
These files are not |
sensitive and can (but need not) be readable by anyone. |
sensitive and can (but need not) be readable by anyone. |
They are |
They are |
never used automatically and are not necessary: they are only provided for |
never used automatically and are not necessary: they are only provided for |
the convenience of the user. |
the convenience of the user. |
.It Pa ~/.ssh/config |
.Pp |
|
.It ~/.ssh/config |
This is the per-user configuration file. |
This is the per-user configuration file. |
The file format and configuration options are described in |
The file format and configuration options are described in |
.Xr ssh_config 5 . |
.Xr ssh_config 5 . |
Because of the potential for abuse, this file must have strict permissions: |
Because of the potential for abuse, this file must have strict permissions: |
read/write for the user, and not accessible by others. |
read/write for the user, and not accessible by others. |
.It Pa ~/.ssh/authorized_keys |
.Pp |
|
.It ~/.ssh/authorized_keys |
Lists the public keys (RSA/DSA) that can be used for logging in as this user. |
Lists the public keys (RSA/DSA) that can be used for logging in as this user. |
The format of this file is described in the |
The format of this file is described in the |
.Xr sshd 8 |
.Xr sshd 8 |
|
|
identity files. |
identity files. |
This file is not highly sensitive, but the recommended |
This file is not highly sensitive, but the recommended |
permissions are read/write for the user, and not accessible by others. |
permissions are read/write for the user, and not accessible by others. |
.It Pa /etc/ssh/ssh_known_hosts |
.Pp |
|
.It /etc/ssh/ssh_known_hosts |
Systemwide list of known host keys. |
Systemwide list of known host keys. |
This file should be prepared by the |
This file should be prepared by the |
system administrator to contain the public host keys of all machines in the |
system administrator to contain the public host keys of all machines in the |
|
|
does not convert the user-supplied name to a canonical name before |
does not convert the user-supplied name to a canonical name before |
checking the key, because someone with access to the name servers |
checking the key, because someone with access to the name servers |
would then be able to fool host authentication. |
would then be able to fool host authentication. |
|
.Pp |
.It Pa /etc/ssh/ssh_config |
.It Pa /etc/ssh/ssh_config |
Systemwide configuration file. |
Systemwide configuration file. |
The file format and configuration options are described in |
The file format and configuration options are described in |
.Xr ssh_config 5 . |
.Xr ssh_config 5 . |
.It Pa /etc/ssh/ssh_host_key, /etc/ssh/ssh_host_dsa_key, /etc/ssh/ssh_host_rsa_key |
.Pp |
|
.It /etc/ssh/ssh_host_key |
|
.It /etc/ssh/ssh_host_dsa_key |
|
.It /etc/ssh/ssh_host_rsa_key |
These three files contain the private parts of the host keys |
These three files contain the private parts of the host keys |
and are used for |
and are used for |
.Cm RhostsRSAAuthentication |
.Cm RhostsRSAAuthentication |
|
|
By default |
By default |
.Nm |
.Nm |
is not setuid root. |
is not setuid root. |
.It Pa ~/.rhosts |
.Pp |
|
.It ~/.rhosts |
This file is used in |
This file is used in |
.Cm RhostsRSAAuthentication |
.Cm RhostsRSAAuthentication |
and |
and |
|
|
connect back to the client from the server machine using ssh; this |
connect back to the client from the server machine using ssh; this |
will automatically add the host key to |
will automatically add the host key to |
.Pa ~/.ssh/known_hosts . |
.Pa ~/.ssh/known_hosts . |
.It Pa ~/.shosts |
.Pp |
|
.It ~/.shosts |
This file is used exactly the same way as |
This file is used exactly the same way as |
.Pa .rhosts . |
.Pa .rhosts . |
The purpose for |
The purpose for |
|
|
.Xr rlogin |
.Xr rlogin |
or |
or |
.Xr rsh 1 . |
.Xr rsh 1 . |
.It Pa /etc/hosts.equiv |
.Pp |
|
.It /etc/hosts.equiv |
This file is used during |
This file is used during |
.Cm RhostsRSAAuthentication |
.Cm RhostsRSAAuthentication |
and |
and |
|
|
same. |
same. |
Additionally, successful client host key authentication is required. |
Additionally, successful client host key authentication is required. |
This file should only be writable by root. |
This file should only be writable by root. |
.It Pa /etc/shosts.equiv |
.Pp |
|
.It /etc/shosts.equiv |
This file is processed exactly as |
This file is processed exactly as |
.Pa /etc/hosts.equiv . |
.Pa /etc/hosts.equiv . |
This file may be useful to permit logins using |
This file may be useful to permit logins using |
.Nm |
.Nm |
but not using rsh/rlogin. |
but not using rsh/rlogin. |
.It Pa /etc/ssh/sshrc |
.Pp |
|
.It /etc/ssh/sshrc |
Commands in this file are executed by |
Commands in this file are executed by |
.Nm |
.Nm |
when the user logs in just before the user's shell (or command) is started. |
when the user logs in just before the user's shell (or command) is started. |
See the |
See the |
.Xr sshd 8 |
.Xr sshd 8 |
manual page for more information. |
manual page for more information. |
.It Pa ~/.ssh/rc |
.Pp |
|
.It ~/.ssh/rc |
Commands in this file are executed by |
Commands in this file are executed by |
.Nm |
.Nm |
when the user logs in just before the user's shell (or command) is |
when the user logs in just before the user's shell (or command) is |
|
|
See the |
See the |
.Xr sshd 8 |
.Xr sshd 8 |
manual page for more information. |
manual page for more information. |
.It Pa ~/.ssh/environment |
.Pp |
|
.It ~/.ssh/environment |
Contains additional definitions for environment variables, see section |
Contains additional definitions for environment variables, see section |
.Sx ENVIRONMENT |
.Sx ENVIRONMENT |
above. |
above. |