version 1.67, 2000/11/10 05:10:40 |
version 1.68, 2000/11/12 19:50:38 |
|
|
If this method fails password authentication is tried. |
If this method fails password authentication is tried. |
.Pp |
.Pp |
The public key method is similar to RSA authentication described |
The public key method is similar to RSA authentication described |
in the previous section except that the DSA algorithm is used |
in the previous section except that the DSA or RSA algorithm is used |
instead of the patented RSA algorithm. |
instead. |
The client uses his private DSA key |
The client uses his private key |
.Pa $HOME/.ssh/id_dsa |
.Pa $HOME/.ssh/id_dsa |
to sign the session identifier and sends the result to the server. |
to sign the session identifier and sends the result to the server. |
The server checks whether the matching public key is listed in |
The server checks whether the matching public key is listed in |
|
|
RSA host keys are stored in |
RSA host keys are stored in |
.Pa $HOME/.ssh/known_hosts |
.Pa $HOME/.ssh/known_hosts |
and |
and |
DSA host keys are stored in |
host keys used in the protocol version 2 are stored in |
.Pa $HOME/.ssh/known_hosts2 |
.Pa $HOME/.ssh/known_hosts2 |
in the user's home directory. |
in the user's home directory. |
Additionally, the files |
Additionally, the files |
|
|
Allows remote hosts to connect to local forwarded ports. |
Allows remote hosts to connect to local forwarded ports. |
.It Fl i Ar identity_file |
.It Fl i Ar identity_file |
Selects the file from which the identity (private key) for |
Selects the file from which the identity (private key) for |
RSA authentication is read. |
RSA or DSA authentication is read. |
Default is |
Default is |
.Pa $HOME/.ssh/identity |
.Pa $HOME/.ssh/identity |
in the user's home directory. |
in the user's home directory. |
|
|
back to rsh or exiting. |
back to rsh or exiting. |
The argument must be an integer. |
The argument must be an integer. |
This may be useful in scripts if the connection sometimes fails. |
This may be useful in scripts if the connection sometimes fails. |
.It Cm DSAAuthentication |
.It Cm PubkeyAuthentication |
Specifies whether to try DSA authentication. |
Specifies whether to try public key authentication. |
The argument to this keyword must be |
The argument to this keyword must be |
.Dq yes |
.Dq yes |
or |
or |
.Dq no . |
.Dq no . |
DSA authentication will only be |
|
attempted if a DSA identity file exists. |
|
Note that this option applies to protocol version 2 only. |
Note that this option applies to protocol version 2 only. |
.It Cm EscapeChar |
.It Cm EscapeChar |
Sets the escape character (default: |
Sets the escape character (default: |
|
|
It is possible to have |
It is possible to have |
multiple identity files specified in configuration files; all these |
multiple identity files specified in configuration files; all these |
identities will be tried in sequence. |
identities will be tried in sequence. |
.It Cm IdentityFile2 |
|
Specifies the file from which the user's DSA authentication identity |
|
is read (default |
|
.Pa $HOME/.ssh/id_dsa |
|
in the user's home directory). |
|
The file name may use the tilde |
|
syntax to refer to a user's home directory. |
|
It is possible to have |
|
multiple identity files specified in configuration files; all these |
|
identities will be tried in sequence. |
|
.It Cm KeepAlive |
.It Cm KeepAlive |
Specifies whether the system should send keepalive messages to the |
Specifies whether the system should send keepalive messages to the |
other side. |
other side. |
|
|
This file is not highly sensitive, but the recommended |
This file is not highly sensitive, but the recommended |
permissions are read/write for the user, and not accessible by others. |
permissions are read/write for the user, and not accessible by others. |
.It Pa $HOME/.ssh/authorized_keys2 |
.It Pa $HOME/.ssh/authorized_keys2 |
Lists the DSA keys that can be used for logging in as this user. |
Lists the public keys (DSA/RSA) that can be used for logging in as this user. |
This file is not highly sensitive, but the recommended |
This file is not highly sensitive, but the recommended |
permissions are read/write for the user, and not accessible by others. |
permissions are read/write for the user, and not accessible by others. |
.It Pa /etc/ssh_known_hosts, /etc/ssh_known_hosts2 |
.It Pa /etc/ssh_known_hosts, /etc/ssh_known_hosts2 |
|
|
.Pa /etc/ssh_known_hosts |
.Pa /etc/ssh_known_hosts |
contains RSA and |
contains RSA and |
.Pa /etc/ssh_known_hosts2 |
.Pa /etc/ssh_known_hosts2 |
contains DSA keys. |
contains DSA or RSA keys for protocol version 2. |
These files should be prepared by the |
These files should be prepared by the |
system administrator to contain the public host keys of all machines in the |
system administrator to contain the public host keys of all machines in the |
organization. |
organization. |