version 1.130, 2001/06/22 21:55:50 |
version 1.131, 2001/06/23 02:34:33 |
|
|
.Sh SSH_KNOWN_HOSTS FILE FORMAT |
.Sh SSH_KNOWN_HOSTS FILE FORMAT |
The |
The |
.Pa /etc/ssh_known_hosts , |
.Pa /etc/ssh_known_hosts , |
.Pa /etc/ssh_known_hosts2 , |
|
.Pa $HOME/.ssh/known_hosts , |
|
and |
and |
.Pa $HOME/.ssh/known_hosts2 |
.Pa $HOME/.ssh/known_hosts |
files contain host public keys for all known hosts. |
files contain host public keys for all known hosts. |
The global file should |
The global file should |
be prepared by the administrator (optional), and the per-user file is |
be prepared by the administrator (optional), and the per-user file is |
|
|
.Xr ssh-keygen 1 . |
.Xr ssh-keygen 1 . |
.It Pa "/etc/ssh_known_hosts" and "$HOME/.ssh/known_hosts" |
.It Pa "/etc/ssh_known_hosts" and "$HOME/.ssh/known_hosts" |
These files are consulted when using rhosts with RSA host |
These files are consulted when using rhosts with RSA host |
authentication to check the public key of the host. |
authentication or protocol version 2 hostbased authentication |
|
to check the public key of the host. |
The key must be listed in one of these files to be accepted. |
The key must be listed in one of these files to be accepted. |
The client uses the same files |
The client uses the same files |
to verify that it is connecting to the correct remote host. |
to verify that it is connecting to the correct remote host. |
|
|
.Pa /etc/ssh_known_hosts |
.Pa /etc/ssh_known_hosts |
should be world-readable, and |
should be world-readable, and |
.Pa $HOME/.ssh/known_hosts |
.Pa $HOME/.ssh/known_hosts |
can but need not be world-readable. |
|
.It Pa "/etc/ssh_known_hosts2" and "$HOME/.ssh/known_hosts2" |
|
These files are consulted when using protocol version 2 hostbased |
|
authentication to check the public key of the host. |
|
The key must be listed in one of these files to be accepted. |
|
The client uses the same files |
|
to verify that it is connecting to the correct remote host. |
|
These files should be writable only by root/the owner. |
|
.Pa /etc/ssh_known_hosts2 |
|
should be world-readable, and |
|
.Pa $HOME/.ssh/known_hosts2 |
|
can but need not be world-readable. |
can but need not be world-readable. |
.It Pa /etc/nologin |
.It Pa /etc/nologin |
If this file exists, |
If this file exists, |