| version 1.239, 2006/01/03 16:55:18 |
version 1.240, 2006/01/04 18:42:46 |
|
|
| .Sh FILES |
.Sh FILES |
| .Bl -tag -width Ds -compact |
.Bl -tag -width Ds -compact |
| .It ~/.rhosts |
.It ~/.rhosts |
| This file is used in |
This file is used for host-based authentication (see above). |
| .Cm RhostsRSAAuthentication |
|
| and |
|
| .Cm HostbasedAuthentication |
|
| authentication to list the |
|
| host/user pairs that are permitted to log in. |
|
| (Note that this file is |
|
| also used by rlogin and rsh, which makes using this file insecure.) |
|
| Each line of the file contains a host name (in the canonical form |
|
| returned by name servers), and then a user name on that host, |
|
| separated by a space. |
|
| On some machines this file may need to be |
On some machines this file may need to be |
| world-readable if the user's home directory is on a NFS partition, |
world-readable if the user's home directory is on an NFS partition, |
| because |
because |
| .Xr sshd 8 |
.Xr sshd 8 |
| reads it as root. |
reads it as root. |
|
|
| permission for most machines is read/write for the user, and not |
permission for most machines is read/write for the user, and not |
| accessible by others. |
accessible by others. |
| .Pp |
.Pp |
| Note that |
|
| .Xr sshd 8 |
|
| allows authentication only in combination with client host key |
|
| authentication before permitting log in. |
|
| If the server machine does not have the client's host key in |
|
| .Pa /etc/ssh/ssh_known_hosts , |
|
| it can be stored in |
|
| .Pa ~/.ssh/known_hosts . |
|
| The easiest way to do this is to |
|
| connect back to the client from the server machine using ssh; this |
|
| will automatically add the host key to |
|
| .Pa ~/.ssh/known_hosts . |
|
| .Pp |
|
| .It ~/.shosts |
.It ~/.shosts |
| This file is used exactly the same way as |
This file is used in exactly the same way as |
| .Pa .rhosts . |
.Pa .rhosts , |
| The purpose for |
but allows host-based authentication without permitting login with |
| having this file is to be able to use |
rlogin/rsh. |
| .Cm RhostsRSAAuthentication |
|
| and |
|
| .Cm HostbasedAuthentication |
|
| authentication without permitting login with |
|
| .Xr rlogin |
|
| or |
|
| .Xr rsh 1 . |
|
| .Pp |
.Pp |
| .It ~/.ssh/authorized_keys |
.It ~/.ssh/authorized_keys |
| Lists the public keys (RSA/DSA) that can be used for logging in as this user. |
Lists the public keys (RSA/DSA) that can be used for logging in as this user. |
|
|
| manual page for more information. |
manual page for more information. |
| .Pp |
.Pp |
| .It /etc/hosts.equiv |
.It /etc/hosts.equiv |
| This file is used during |
This file is for host-based authentication (see above). |
| .Cm RhostsRSAAuthentication |
It should only be writable by root. |
| and |
|
| .Cm HostbasedAuthentication |
|
| authentication. |
|
| It contains |
|
| canonical hosts names, one per line (the full format is described in the |
|
| .Xr sshd 8 |
|
| manual page). |
|
| If the client host is found in this file, login is |
|
| automatically permitted provided client and server user names are the |
|
| same. |
|
| Additionally, successful client host key authentication is required. |
|
| This file should only be writable by root. |
|
| .Pp |
.Pp |
| .It /etc/shosts.equiv |
.It /etc/shosts.equiv |
| This file is processed exactly as |
This file is used in exactly the same way as |
| .Pa /etc/hosts.equiv . |
.Pa hosts.equiv , |
| This file may be useful to permit logins using |
but allows host-based authentication without permitting login with |
| .Nm |
rlogin/rsh. |
| but not using rsh/rlogin. |
|
| .Pp |
.Pp |
| .It Pa /etc/ssh/ssh_config |
.It Pa /etc/ssh/ssh_config |
| Systemwide configuration file. |
Systemwide configuration file. |
![[BACK]](/icons/back.gif){kind=icon}
Return to ssh.1 CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / src / usr.bin / ssh