version 1.47, 2000/05/02 22:01:55 |
version 1.48, 2000/05/03 18:04:39 |
|
|
It is possible to have |
It is possible to have |
multiple identity files specified in configuration files; all these |
multiple identity files specified in configuration files; all these |
identities will be tried in sequence. |
identities will be tried in sequence. |
|
.It Cm IdentityFile2 |
|
Specifies the file from which the user's DSA authentication identity |
|
is read (default |
|
.Pa .ssh/id_dsa |
|
in the user's home directory). |
|
The file name may use the tilde |
|
syntax to refer to a user's home directory. |
|
It is possible to have |
|
multiple identity files specified in configuration files; all these |
|
identities will be tried in sequence. |
.It Cm KeepAlive |
.It Cm KeepAlive |
Specifies whether the system should send keepalive messages to the |
Specifies whether the system should send keepalive messages to the |
other side. |
other side. |
|
|
.Nm |
.Nm |
ssh will never automatically add host keys to the |
ssh will never automatically add host keys to the |
.Pa $HOME/.ssh/known_hosts |
.Pa $HOME/.ssh/known_hosts |
file, and refuses to connect hosts whose host key has changed. |
and |
|
.Pa $HOME/.ssh/known_hosts2 |
|
files, and refuses to connect hosts whose host key has changed. |
This provides maximum protection against trojan horse attacks. |
This provides maximum protection against trojan horse attacks. |
However, it can be somewhat annoying if you don't have good |
However, it can be somewhat annoying if you don't have good |
.Pa /etc/ssh_known_hosts |
.Pa /etc/ssh_known_hosts |
|
and |
|
.Pa /etc/ssh_known_hosts2 |
files installed and frequently |
files installed and frequently |
connect new hosts. |
connect new hosts. |
Basically this option forces the user to manually |
Basically this option forces the user to manually |
|
|
.Pa /etc/ssh_known_hosts ) . |
.Pa /etc/ssh_known_hosts ) . |
See |
See |
.Xr sshd 8 . |
.Xr sshd 8 . |
.It Pa $HOME/.ssh/identity |
.It Pa $HOME/.ssh/identity, $HOME/.ssh/id_dsa |
Contains the RSA authentication identity of the user. |
Contains the RSA and the DSA authentication identity of the user. |
This file |
These files |
contains sensitive data and should be readable by the user but not |
contain sensitive data and should be readable by the user but not |
accessible by others (read/write/execute). |
accessible by others (read/write/execute). |
Note that |
Note that |
.Nm |
.Nm |
ignores this file if it is accessible by others. |
ignores a private key file if it is accessible by others. |
It is possible to specify a passphrase when |
It is possible to specify a passphrase when |
generating the key; the passphrase will be used to encrypt the |
generating the key; the passphrase will be used to encrypt the |
sensitive part of this file using 3DES. |
sensitive part of this file using 3DES. |
.It Pa $HOME/.ssh/identity.pub |
.It Pa $HOME/.ssh/identity.pub, $HOME/.ssh/id_dsa.pub |
Contains the public key for authentication (public part of the |
Contains the public key for authentication (public part of the |
identity file in human-readable form). |
identity file in human-readable form). |
The contents of this file should be added to |
The contents of the |
|
.Pa $HOME/.ssh/identity.pub |
|
file should be added to |
.Pa $HOME/.ssh/authorized_keys |
.Pa $HOME/.ssh/authorized_keys |
on all machines |
on all machines |
where you wish to log in using RSA authentication. |
where you wish to log in using RSA authentication. |
This file is not |
The contents of the |
|
.Pa $HOME/.ssh/id_dsa.pub |
|
file should be added to |
|
.Pa $HOME/.ssh/authorized_keys2 |
|
on all machines |
|
where you wish to log in using DSA authentication. |
|
These files are not |
sensitive and can (but need not) be readable by anyone. |
sensitive and can (but need not) be readable by anyone. |
This file is |
These files are |
never used automatically and is not necessary; it is only provided for |
never used automatically and are not necessary; they is only provided for |
the convenience of the user. |
the convenience of the user. |
.It Pa $HOME/.ssh/config |
.It Pa $HOME/.ssh/config |
This is the per-user configuration file. |
This is the per-user configuration file. |
|
|
spaces). |
spaces). |
This file is not highly sensitive, but the recommended |
This file is not highly sensitive, but the recommended |
permissions are read/write for the user, and not accessible by others. |
permissions are read/write for the user, and not accessible by others. |
.It Pa /etc/ssh_known_hosts |
.It Pa $HOME/.ssh/authorized_keys2 |
|
Lists the DSA keys that can be used for logging in as this user. |
|
This file is not highly sensitive, but the recommended |
|
permissions are read/write for the user, and not accessible by others. |
|
.It Pa /etc/ssh_known_hosts, /etc/ssh_known_hosts2 |
Systemwide list of known host keys. |
Systemwide list of known host keys. |
This file should be prepared by the |
.Pa /etc/ssh_known_hosts |
|
contains RSA and |
|
.Pa /etc/ssh_known_hosts2 |
|
contains DSA keys. |
|
These files should be prepared by the |
system administrator to contain the public host keys of all machines in the |
system administrator to contain the public host keys of all machines in the |
organization. |
organization. |
This file should be world-readable. |
This file should be world-readable. |
|
|
.Pa $HOME/.ssh/known_hosts . |
.Pa $HOME/.ssh/known_hosts . |
The easiest way to do this is to |
The easiest way to do this is to |
connect back to the client from the server machine using ssh; this |
connect back to the client from the server machine using ssh; this |
will automatically add the host key inxi |
will automatically add the host key to |
.Pa $HOME/.ssh/known_hosts . |
.Pa $HOME/.ssh/known_hosts . |
.It Pa $HOME/.shosts |
.It Pa $HOME/.shosts |
This file is used exactly the same way as |
This file is used exactly the same way as |