| version 1.67, 2000/11/10 05:10:40 |
version 1.68, 2000/11/12 19:50:38 |
|
|
| If this method fails password authentication is tried. |
If this method fails password authentication is tried. |
| .Pp |
.Pp |
| The public key method is similar to RSA authentication described |
The public key method is similar to RSA authentication described |
| in the previous section except that the DSA algorithm is used |
in the previous section except that the DSA or RSA algorithm is used |
| instead of the patented RSA algorithm. |
instead. |
| The client uses his private DSA key |
The client uses his private key |
| .Pa $HOME/.ssh/id_dsa |
.Pa $HOME/.ssh/id_dsa |
| to sign the session identifier and sends the result to the server. |
to sign the session identifier and sends the result to the server. |
| The server checks whether the matching public key is listed in |
The server checks whether the matching public key is listed in |
|
|
| RSA host keys are stored in |
RSA host keys are stored in |
| .Pa $HOME/.ssh/known_hosts |
.Pa $HOME/.ssh/known_hosts |
| and |
and |
| DSA host keys are stored in |
host keys used in the protocol version 2 are stored in |
| .Pa $HOME/.ssh/known_hosts2 |
.Pa $HOME/.ssh/known_hosts2 |
| in the user's home directory. |
in the user's home directory. |
| Additionally, the files |
Additionally, the files |
|
|
| Allows remote hosts to connect to local forwarded ports. |
Allows remote hosts to connect to local forwarded ports. |
| .It Fl i Ar identity_file |
.It Fl i Ar identity_file |
| Selects the file from which the identity (private key) for |
Selects the file from which the identity (private key) for |
| RSA authentication is read. |
RSA or DSA authentication is read. |
| Default is |
Default is |
| .Pa $HOME/.ssh/identity |
.Pa $HOME/.ssh/identity |
| in the user's home directory. |
in the user's home directory. |
|
|
| back to rsh or exiting. |
back to rsh or exiting. |
| The argument must be an integer. |
The argument must be an integer. |
| This may be useful in scripts if the connection sometimes fails. |
This may be useful in scripts if the connection sometimes fails. |
| .It Cm DSAAuthentication |
.It Cm PubkeyAuthentication |
| Specifies whether to try DSA authentication. |
Specifies whether to try public key authentication. |
| The argument to this keyword must be |
The argument to this keyword must be |
| .Dq yes |
.Dq yes |
| or |
or |
| .Dq no . |
.Dq no . |
| DSA authentication will only be |
|
| attempted if a DSA identity file exists. |
|
| Note that this option applies to protocol version 2 only. |
Note that this option applies to protocol version 2 only. |
| .It Cm EscapeChar |
.It Cm EscapeChar |
| Sets the escape character (default: |
Sets the escape character (default: |
|
|
| It is possible to have |
It is possible to have |
| multiple identity files specified in configuration files; all these |
multiple identity files specified in configuration files; all these |
| identities will be tried in sequence. |
identities will be tried in sequence. |
| .It Cm IdentityFile2 |
|
| Specifies the file from which the user's DSA authentication identity |
|
| is read (default |
|
| .Pa $HOME/.ssh/id_dsa |
|
| in the user's home directory). |
|
| The file name may use the tilde |
|
| syntax to refer to a user's home directory. |
|
| It is possible to have |
|
| multiple identity files specified in configuration files; all these |
|
| identities will be tried in sequence. |
|
| .It Cm KeepAlive |
.It Cm KeepAlive |
| Specifies whether the system should send keepalive messages to the |
Specifies whether the system should send keepalive messages to the |
| other side. |
other side. |
|
|
| This file is not highly sensitive, but the recommended |
This file is not highly sensitive, but the recommended |
| permissions are read/write for the user, and not accessible by others. |
permissions are read/write for the user, and not accessible by others. |
| .It Pa $HOME/.ssh/authorized_keys2 |
.It Pa $HOME/.ssh/authorized_keys2 |
| Lists the DSA keys that can be used for logging in as this user. |
Lists the public keys (DSA/RSA) that can be used for logging in as this user. |
| This file is not highly sensitive, but the recommended |
This file is not highly sensitive, but the recommended |
| permissions are read/write for the user, and not accessible by others. |
permissions are read/write for the user, and not accessible by others. |
| .It Pa /etc/ssh_known_hosts, /etc/ssh_known_hosts2 |
.It Pa /etc/ssh_known_hosts, /etc/ssh_known_hosts2 |
|
|
| .Pa /etc/ssh_known_hosts |
.Pa /etc/ssh_known_hosts |
| contains RSA and |
contains RSA and |
| .Pa /etc/ssh_known_hosts2 |
.Pa /etc/ssh_known_hosts2 |
| contains DSA keys. |
contains DSA or RSA keys for protocol version 2. |
| These files should be prepared by the |
These files should be prepared by the |
| system administrator to contain the public host keys of all machines in the |
system administrator to contain the public host keys of all machines in the |
| organization. |
organization. |
![[BACK]](/icons/back.gif){kind=icon}
Return to ssh.1 CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / src / usr.bin / ssh