| version 1.153.2.3, 2002/03/07 17:37:48 |
version 1.153.2.4, 2002/03/08 15:17:18 |
|
|
| .It Fl f Ar configuration_file |
.It Fl f Ar configuration_file |
| Specifies the name of the configuration file. |
Specifies the name of the configuration file. |
| The default is |
The default is |
| .Pa /etc/ssh/sshd_config . |
.Pa /etc/sshd_config . |
| .Nm |
.Nm |
| refuses to start if there is no configuration file. |
refuses to start if there is no configuration file. |
| .It Fl g Ar login_grace_time |
.It Fl g Ar login_grace_time |
|
|
| is not run as root (as the normal |
is not run as root (as the normal |
| host key files are normally not readable by anyone but root). |
host key files are normally not readable by anyone but root). |
| The default is |
The default is |
| .Pa /etc/ssh/ssh_host_key |
.Pa /etc/ssh_host_key |
| for protocol version 1, and |
for protocol version 1, and |
| .Pa /etc/ssh/ssh_host_rsa_key |
.Pa /etc/ssh_host_rsa_key |
| and |
and |
| .Pa /etc/ssh/ssh_host_dsa_key |
.Pa /etc/ssh_host_dsa_key |
| for protocol version 2. |
for protocol version 2. |
| It is possible to have multiple host key files for |
It is possible to have multiple host key files for |
| the different protocol versions and host key algorithms. |
the different protocol versions and host key algorithms. |
|
|
| .Sh CONFIGURATION FILE |
.Sh CONFIGURATION FILE |
| .Nm |
.Nm |
| reads configuration data from |
reads configuration data from |
| .Pa /etc/ssh/sshd_config |
.Pa /etc/sshd_config |
| (or the file specified with |
(or the file specified with |
| .Fl f |
.Fl f |
| on the command line). |
on the command line). |
|
|
| Specifies a file containing a private host key |
Specifies a file containing a private host key |
| used by SSH. |
used by SSH. |
| The default is |
The default is |
| .Pa /etc/ssh/ssh_host_key |
.Pa /etc/ssh_host_key |
| for protocol version 1, and |
for protocol version 1, and |
| .Pa /etc/ssh/ssh_host_rsa_key |
.Pa /etc/ssh_host_rsa_key |
| and |
and |
| .Pa /etc/ssh/ssh_host_dsa_key |
.Pa /etc/ssh_host_dsa_key |
| for protocol version 2. |
for protocol version 2. |
| Note that |
Note that |
| .Nm |
.Nm |
|
|
| If |
If |
| .Pa $HOME/.ssh/rc |
.Pa $HOME/.ssh/rc |
| exists, runs it; else if |
exists, runs it; else if |
| .Pa /etc/ssh/sshrc |
.Pa /etc/sshrc |
| exists, runs |
exists, runs |
| it; otherwise runs xauth. |
it; otherwise runs xauth. |
| The |
The |
|
|
| permitopen="10.2.1.55:80",permitopen="10.2.1.56:25" 1024 33 23.\|.\|.\|2323 |
permitopen="10.2.1.55:80",permitopen="10.2.1.56:25" 1024 33 23.\|.\|.\|2323 |
| .Sh SSH_KNOWN_HOSTS FILE FORMAT |
.Sh SSH_KNOWN_HOSTS FILE FORMAT |
| The |
The |
| .Pa /etc/ssh/ssh_known_hosts , |
.Pa /etc/ssh_known_hosts , |
| and |
and |
| .Pa $HOME/.ssh/known_hosts |
.Pa $HOME/.ssh/known_hosts |
| files contain host public keys for all known hosts. |
files contain host public keys for all known hosts. |
|
|
| .Pp |
.Pp |
| Bits, exponent, and modulus are taken directly from the RSA host key; they |
Bits, exponent, and modulus are taken directly from the RSA host key; they |
| can be obtained, e.g., from |
can be obtained, e.g., from |
| .Pa /etc/ssh/ssh_host_key.pub . |
.Pa /etc/ssh_host_key.pub . |
| The optional comment field continues to the end of the line, and is not used. |
The optional comment field continues to the end of the line, and is not used. |
| .Pp |
.Pp |
| Lines starting with |
Lines starting with |
|
|
| long, and you definitely don't want to type in the host keys by hand. |
long, and you definitely don't want to type in the host keys by hand. |
| Rather, generate them by a script |
Rather, generate them by a script |
| or by taking |
or by taking |
| .Pa /etc/ssh/ssh_host_key.pub |
.Pa /etc/ssh_host_key.pub |
| and adding the host names at the front. |
and adding the host names at the front. |
| .Ss Examples |
.Ss Examples |
| .Bd -literal |
.Bd -literal |
|
|
| .Ed |
.Ed |
| .Sh FILES |
.Sh FILES |
| .Bl -tag -width Ds |
.Bl -tag -width Ds |
| .It Pa /etc/ssh/sshd_config |
.It Pa /etc/sshd_config |
| Contains configuration data for |
Contains configuration data for |
| .Nm sshd . |
.Nm sshd . |
| This file should be writable by root only, but it is recommended |
This file should be writable by root only, but it is recommended |
| (though not necessary) that it be world-readable. |
(though not necessary) that it be world-readable. |
| .It Pa /etc/ssh/ssh_host_key, /etc/ssh/ssh_host_dsa_key, /etc/ssh/ssh_host_rsa_key |
.It Pa /etc/ssh_host_key, /etc/ssh_host_dsa_key, /etc/ssh_host_rsa_key |
| These three files contain the private parts of the host keys. |
These three files contain the private parts of the host keys. |
| These files should only be owned by root, readable only by root, and not |
These files should only be owned by root, readable only by root, and not |
| accessible to others. |
accessible to others. |
| Note that |
Note that |
| .Nm |
.Nm |
| does not start if this file is group/world-accessible. |
does not start if this file is group/world-accessible. |
| .It Pa /etc/ssh/ssh_host_key.pub, /etc/ssh/ssh_host_dsa_key.pub, /etc/ssh/ssh_host_rsa_key.pub |
.It Pa /etc/ssh_host_key.pub, /etc/ssh_host_dsa_key.pub, /etc/ssh_host_rsa_key.pub |
| These three files contain the public parts of the host keys. |
These three files contain the public parts of the host keys. |
| These files should be world-readable but writable only by |
These files should be world-readable but writable only by |
| root. |
root. |
|
|
| .Pa id_rsa.pub |
.Pa id_rsa.pub |
| files into this file, as described in |
files into this file, as described in |
| .Xr ssh-keygen 1 . |
.Xr ssh-keygen 1 . |
| .It Pa "/etc/ssh/ssh_known_hosts" and "$HOME/.ssh/known_hosts" |
.It Pa "/etc/ssh_known_hosts" and "$HOME/.ssh/known_hosts" |
| These files are consulted when using rhosts with RSA host |
These files are consulted when using rhosts with RSA host |
| authentication or protocol version 2 hostbased authentication |
authentication or protocol version 2 hostbased authentication |
| to check the public key of the host. |
to check the public key of the host. |
|
|
| The client uses the same files |
The client uses the same files |
| to verify that it is connecting to the correct remote host. |
to verify that it is connecting to the correct remote host. |
| These files should be writable only by root/the owner. |
These files should be writable only by root/the owner. |
| .Pa /etc/ssh/ssh_known_hosts |
.Pa /etc/ssh_known_hosts |
| should be world-readable, and |
should be world-readable, and |
| .Pa $HOME/.ssh/known_hosts |
.Pa $HOME/.ssh/known_hosts |
| can but need not be world-readable. |
can but need not be world-readable. |
|
|
| .Ed |
.Ed |
| .Pp |
.Pp |
| If this file does not exist, |
If this file does not exist, |
| .Pa /etc/ssh/sshrc |
.Pa /etc/sshrc |
| is run, and if that |
is run, and if that |
| does not exist either, xauth is used to store the cookie. |
does not exist either, xauth is used to store the cookie. |
| .Pp |
.Pp |
| This file should be writable only by the user, and need not be |
This file should be writable only by the user, and need not be |
| readable by anyone else. |
readable by anyone else. |
| .It Pa /etc/ssh/sshrc |
.It Pa /etc/sshrc |
| Like |
Like |
| .Pa $HOME/.ssh/rc . |
.Pa $HOME/.ssh/rc . |
| This can be used to specify |
This can be used to specify |
![[BACK]](/icons/back.gif){kind=icon}
Return to sshd.8 CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / src / usr.bin / ssh