version 1.129, 2001/06/22 21:28:53 |
version 1.130, 2001/06/22 21:55:50 |
|
|
directory. |
directory. |
The default is |
The default is |
.Dq .ssh/authorized_keys |
.Dq .ssh/authorized_keys |
.It Cm AuthorizedKeysFile2 |
|
Specifies the file that contains the public keys that can be used |
|
for public key authentication in protocol version 2. |
|
.Cm AuthorizedKeysFile2 |
|
may contain tokens of the form %T which are substituted during connection |
|
set-up. The following tokens are defined; %% is replaces by a literal '%', |
|
%h is replaced by the home directory of the user being authenticated and |
|
%u is replaced by the username of that user. |
|
After expansion, |
|
.Cm AuthorizedKeysFile2 |
|
is taken to be an absolute path or one relative to the user's home |
|
directory. |
|
The default is |
|
.Dq .ssh/authorized_keys2 |
|
.It Cm Banner |
.It Cm Banner |
In some jurisdictions, sending a warning message before authentication |
In some jurisdictions, sending a warning message before authentication |
may be relevant for getting legal protection. |
may be relevant for getting legal protection. |
|
|
.El |
.El |
.Sh AUTHORIZED_KEYS FILE FORMAT |
.Sh AUTHORIZED_KEYS FILE FORMAT |
.Pa $HOME/.ssh/authorized_keys |
.Pa $HOME/.ssh/authorized_keys |
is the default file that lists the RSA keys that are |
is the default file that lists the public keys that are |
permitted for RSA authentication in protocol version 1. |
permitted for RSA authentication in protocol version 1 |
|
and for public key authentication (PubkeyAuthentication) |
|
in protocol version 2. |
.Cm AuthorizedKeysFile |
.Cm AuthorizedKeysFile |
may be used to specify an alternative file. |
may be used to specify an alternative file. |
Similarly, |
|
.Pa $HOME/.ssh/authorized_keys2 |
|
is the default file that lists the DSA and RSA keys that are |
|
permitted for public key authentication (PubkeyAuthentication) |
|
in protocol version 2. |
|
.Cm AuthorizedKeysFile2 |
|
may be used to specify an alternative file. |
|
.Pp |
.Pp |
Each line of the file contains one |
Each line of the file contains one |
key (empty lines and lines starting with a |
key (empty lines and lines starting with a |
|
|
started last). |
started last). |
The content of this file is not sensitive; it can be world-readable. |
The content of this file is not sensitive; it can be world-readable. |
.It Pa $HOME/.ssh/authorized_keys |
.It Pa $HOME/.ssh/authorized_keys |
Lists the RSA keys that can be used to log into the user's account. |
|
This file must be readable by root (which may on some machines imply |
|
it being world-readable if the user's home directory resides on an NFS |
|
volume). |
|
It is recommended that it not be accessible by others. |
|
The format of this file is described above. |
|
Users will place the contents of their |
|
.Pa identity.pub |
|
files into this file, as described in |
|
.Xr ssh-keygen 1 . |
|
.It Pa $HOME/.ssh/authorized_keys2 |
|
Lists the public keys (RSA or DSA) that can be used to log into the user's account. |
Lists the public keys (RSA or DSA) that can be used to log into the user's account. |
This file must be readable by root (which may on some machines imply |
This file must be readable by root (which may on some machines imply |
it being world-readable if the user's home directory resides on an NFS |
it being world-readable if the user's home directory resides on an NFS |
|
|
It is recommended that it not be accessible by others. |
It is recommended that it not be accessible by others. |
The format of this file is described above. |
The format of this file is described above. |
Users will place the contents of their |
Users will place the contents of their |
|
.Pa identity.pub , |
.Pa id_dsa.pub |
.Pa id_dsa.pub |
and/or |
and/or |
.Pa id_rsa.pub |
.Pa id_rsa.pub |