| version 1.47, 2000/05/02 22:01:55 |
version 1.48, 2000/05/03 18:04:39 |
|
|
| It is possible to have |
It is possible to have |
| multiple identity files specified in configuration files; all these |
multiple identity files specified in configuration files; all these |
| identities will be tried in sequence. |
identities will be tried in sequence. |
| |
.It Cm IdentityFile2 |
| |
Specifies the file from which the user's DSA authentication identity |
| |
is read (default |
| |
.Pa .ssh/id_dsa |
| |
in the user's home directory). |
| |
The file name may use the tilde |
| |
syntax to refer to a user's home directory. |
| |
It is possible to have |
| |
multiple identity files specified in configuration files; all these |
| |
identities will be tried in sequence. |
| .It Cm KeepAlive |
.It Cm KeepAlive |
| Specifies whether the system should send keepalive messages to the |
Specifies whether the system should send keepalive messages to the |
| other side. |
other side. |
|
|
| .Nm |
.Nm |
| ssh will never automatically add host keys to the |
ssh will never automatically add host keys to the |
| .Pa $HOME/.ssh/known_hosts |
.Pa $HOME/.ssh/known_hosts |
| file, and refuses to connect hosts whose host key has changed. |
and |
| |
.Pa $HOME/.ssh/known_hosts2 |
| |
files, and refuses to connect hosts whose host key has changed. |
| This provides maximum protection against trojan horse attacks. |
This provides maximum protection against trojan horse attacks. |
| However, it can be somewhat annoying if you don't have good |
However, it can be somewhat annoying if you don't have good |
| .Pa /etc/ssh_known_hosts |
.Pa /etc/ssh_known_hosts |
| |
and |
| |
.Pa /etc/ssh_known_hosts2 |
| files installed and frequently |
files installed and frequently |
| connect new hosts. |
connect new hosts. |
| Basically this option forces the user to manually |
Basically this option forces the user to manually |
|
|
| .Pa /etc/ssh_known_hosts ) . |
.Pa /etc/ssh_known_hosts ) . |
| See |
See |
| .Xr sshd 8 . |
.Xr sshd 8 . |
| .It Pa $HOME/.ssh/identity |
.It Pa $HOME/.ssh/identity, $HOME/.ssh/id_dsa |
| Contains the RSA authentication identity of the user. |
Contains the RSA and the DSA authentication identity of the user. |
| This file |
These files |
| contains sensitive data and should be readable by the user but not |
contain sensitive data and should be readable by the user but not |
| accessible by others (read/write/execute). |
accessible by others (read/write/execute). |
| Note that |
Note that |
| .Nm |
.Nm |
| ignores this file if it is accessible by others. |
ignores a private key file if it is accessible by others. |
| It is possible to specify a passphrase when |
It is possible to specify a passphrase when |
| generating the key; the passphrase will be used to encrypt the |
generating the key; the passphrase will be used to encrypt the |
| sensitive part of this file using 3DES. |
sensitive part of this file using 3DES. |
| .It Pa $HOME/.ssh/identity.pub |
.It Pa $HOME/.ssh/identity.pub, $HOME/.ssh/id_dsa.pub |
| Contains the public key for authentication (public part of the |
Contains the public key for authentication (public part of the |
| identity file in human-readable form). |
identity file in human-readable form). |
| The contents of this file should be added to |
The contents of the |
| |
.Pa $HOME/.ssh/identity.pub |
| |
file should be added to |
| .Pa $HOME/.ssh/authorized_keys |
.Pa $HOME/.ssh/authorized_keys |
| on all machines |
on all machines |
| where you wish to log in using RSA authentication. |
where you wish to log in using RSA authentication. |
| This file is not |
The contents of the |
| |
.Pa $HOME/.ssh/id_dsa.pub |
| |
file should be added to |
| |
.Pa $HOME/.ssh/authorized_keys2 |
| |
on all machines |
| |
where you wish to log in using DSA authentication. |
| |
These files are not |
| sensitive and can (but need not) be readable by anyone. |
sensitive and can (but need not) be readable by anyone. |
| This file is |
These files are |
| never used automatically and is not necessary; it is only provided for |
never used automatically and are not necessary; they is only provided for |
| the convenience of the user. |
the convenience of the user. |
| .It Pa $HOME/.ssh/config |
.It Pa $HOME/.ssh/config |
| This is the per-user configuration file. |
This is the per-user configuration file. |
|
|
| spaces). |
spaces). |
| This file is not highly sensitive, but the recommended |
This file is not highly sensitive, but the recommended |
| permissions are read/write for the user, and not accessible by others. |
permissions are read/write for the user, and not accessible by others. |
| .It Pa /etc/ssh_known_hosts |
.It Pa $HOME/.ssh/authorized_keys2 |
| |
Lists the DSA keys that can be used for logging in as this user. |
| |
This file is not highly sensitive, but the recommended |
| |
permissions are read/write for the user, and not accessible by others. |
| |
.It Pa /etc/ssh_known_hosts, /etc/ssh_known_hosts2 |
| Systemwide list of known host keys. |
Systemwide list of known host keys. |
| This file should be prepared by the |
.Pa /etc/ssh_known_hosts |
| |
contains RSA and |
| |
.Pa /etc/ssh_known_hosts2 |
| |
contains DSA keys. |
| |
These files should be prepared by the |
| system administrator to contain the public host keys of all machines in the |
system administrator to contain the public host keys of all machines in the |
| organization. |
organization. |
| This file should be world-readable. |
This file should be world-readable. |
|
|
| .Pa $HOME/.ssh/known_hosts . |
.Pa $HOME/.ssh/known_hosts . |
| The easiest way to do this is to |
The easiest way to do this is to |
| connect back to the client from the server machine using ssh; this |
connect back to the client from the server machine using ssh; this |
| will automatically add the host key inxi |
will automatically add the host key to |
| .Pa $HOME/.ssh/known_hosts . |
.Pa $HOME/.ssh/known_hosts . |
| .It Pa $HOME/.shosts |
.It Pa $HOME/.shosts |
| This file is used exactly the same way as |
This file is used exactly the same way as |
![[BACK]](/icons/back.gif){kind=icon}
Return to ssh.1 CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / src / usr.bin / ssh