| version 1.129, 2001/06/22 21:28:53 |
version 1.130, 2001/06/22 21:55:50 |
|
|
| directory. |
directory. |
| The default is |
The default is |
| .Dq .ssh/authorized_keys |
.Dq .ssh/authorized_keys |
| .It Cm AuthorizedKeysFile2 |
|
| Specifies the file that contains the public keys that can be used |
|
| for public key authentication in protocol version 2. |
|
| .Cm AuthorizedKeysFile2 |
|
| may contain tokens of the form %T which are substituted during connection |
|
| set-up. The following tokens are defined; %% is replaces by a literal '%', |
|
| %h is replaced by the home directory of the user being authenticated and |
|
| %u is replaced by the username of that user. |
|
| After expansion, |
|
| .Cm AuthorizedKeysFile2 |
|
| is taken to be an absolute path or one relative to the user's home |
|
| directory. |
|
| The default is |
|
| .Dq .ssh/authorized_keys2 |
|
| .It Cm Banner |
.It Cm Banner |
| In some jurisdictions, sending a warning message before authentication |
In some jurisdictions, sending a warning message before authentication |
| may be relevant for getting legal protection. |
may be relevant for getting legal protection. |
|
|
| .El |
.El |
| .Sh AUTHORIZED_KEYS FILE FORMAT |
.Sh AUTHORIZED_KEYS FILE FORMAT |
| .Pa $HOME/.ssh/authorized_keys |
.Pa $HOME/.ssh/authorized_keys |
| is the default file that lists the RSA keys that are |
is the default file that lists the public keys that are |
| permitted for RSA authentication in protocol version 1. |
permitted for RSA authentication in protocol version 1 |
| |
and for public key authentication (PubkeyAuthentication) |
| |
in protocol version 2. |
| .Cm AuthorizedKeysFile |
.Cm AuthorizedKeysFile |
| may be used to specify an alternative file. |
may be used to specify an alternative file. |
| Similarly, |
|
| .Pa $HOME/.ssh/authorized_keys2 |
|
| is the default file that lists the DSA and RSA keys that are |
|
| permitted for public key authentication (PubkeyAuthentication) |
|
| in protocol version 2. |
|
| .Cm AuthorizedKeysFile2 |
|
| may be used to specify an alternative file. |
|
| .Pp |
.Pp |
| Each line of the file contains one |
Each line of the file contains one |
| key (empty lines and lines starting with a |
key (empty lines and lines starting with a |
|
|
| started last). |
started last). |
| The content of this file is not sensitive; it can be world-readable. |
The content of this file is not sensitive; it can be world-readable. |
| .It Pa $HOME/.ssh/authorized_keys |
.It Pa $HOME/.ssh/authorized_keys |
| Lists the RSA keys that can be used to log into the user's account. |
|
| This file must be readable by root (which may on some machines imply |
|
| it being world-readable if the user's home directory resides on an NFS |
|
| volume). |
|
| It is recommended that it not be accessible by others. |
|
| The format of this file is described above. |
|
| Users will place the contents of their |
|
| .Pa identity.pub |
|
| files into this file, as described in |
|
| .Xr ssh-keygen 1 . |
|
| .It Pa $HOME/.ssh/authorized_keys2 |
|
| Lists the public keys (RSA or DSA) that can be used to log into the user's account. |
Lists the public keys (RSA or DSA) that can be used to log into the user's account. |
| This file must be readable by root (which may on some machines imply |
This file must be readable by root (which may on some machines imply |
| it being world-readable if the user's home directory resides on an NFS |
it being world-readable if the user's home directory resides on an NFS |
|
|
| It is recommended that it not be accessible by others. |
It is recommended that it not be accessible by others. |
| The format of this file is described above. |
The format of this file is described above. |
| Users will place the contents of their |
Users will place the contents of their |
| |
.Pa identity.pub , |
| .Pa id_dsa.pub |
.Pa id_dsa.pub |
| and/or |
and/or |
| .Pa id_rsa.pub |
.Pa id_rsa.pub |
![[BACK]](/icons/back.gif){kind=icon}
Return to sshd.8 CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / src / usr.bin / ssh