version 1.153.2.3, 2002/03/07 17:37:48 |
version 1.153.2.4, 2002/03/08 15:17:18 |
|
|
.It Fl f Ar configuration_file |
.It Fl f Ar configuration_file |
Specifies the name of the configuration file. |
Specifies the name of the configuration file. |
The default is |
The default is |
.Pa /etc/ssh/sshd_config . |
.Pa /etc/sshd_config . |
.Nm |
.Nm |
refuses to start if there is no configuration file. |
refuses to start if there is no configuration file. |
.It Fl g Ar login_grace_time |
.It Fl g Ar login_grace_time |
|
|
is not run as root (as the normal |
is not run as root (as the normal |
host key files are normally not readable by anyone but root). |
host key files are normally not readable by anyone but root). |
The default is |
The default is |
.Pa /etc/ssh/ssh_host_key |
.Pa /etc/ssh_host_key |
for protocol version 1, and |
for protocol version 1, and |
.Pa /etc/ssh/ssh_host_rsa_key |
.Pa /etc/ssh_host_rsa_key |
and |
and |
.Pa /etc/ssh/ssh_host_dsa_key |
.Pa /etc/ssh_host_dsa_key |
for protocol version 2. |
for protocol version 2. |
It is possible to have multiple host key files for |
It is possible to have multiple host key files for |
the different protocol versions and host key algorithms. |
the different protocol versions and host key algorithms. |
|
|
.Sh CONFIGURATION FILE |
.Sh CONFIGURATION FILE |
.Nm |
.Nm |
reads configuration data from |
reads configuration data from |
.Pa /etc/ssh/sshd_config |
.Pa /etc/sshd_config |
(or the file specified with |
(or the file specified with |
.Fl f |
.Fl f |
on the command line). |
on the command line). |
|
|
Specifies a file containing a private host key |
Specifies a file containing a private host key |
used by SSH. |
used by SSH. |
The default is |
The default is |
.Pa /etc/ssh/ssh_host_key |
.Pa /etc/ssh_host_key |
for protocol version 1, and |
for protocol version 1, and |
.Pa /etc/ssh/ssh_host_rsa_key |
.Pa /etc/ssh_host_rsa_key |
and |
and |
.Pa /etc/ssh/ssh_host_dsa_key |
.Pa /etc/ssh_host_dsa_key |
for protocol version 2. |
for protocol version 2. |
Note that |
Note that |
.Nm |
.Nm |
|
|
If |
If |
.Pa $HOME/.ssh/rc |
.Pa $HOME/.ssh/rc |
exists, runs it; else if |
exists, runs it; else if |
.Pa /etc/ssh/sshrc |
.Pa /etc/sshrc |
exists, runs |
exists, runs |
it; otherwise runs xauth. |
it; otherwise runs xauth. |
The |
The |
|
|
permitopen="10.2.1.55:80",permitopen="10.2.1.56:25" 1024 33 23.\|.\|.\|2323 |
permitopen="10.2.1.55:80",permitopen="10.2.1.56:25" 1024 33 23.\|.\|.\|2323 |
.Sh SSH_KNOWN_HOSTS FILE FORMAT |
.Sh SSH_KNOWN_HOSTS FILE FORMAT |
The |
The |
.Pa /etc/ssh/ssh_known_hosts , |
.Pa /etc/ssh_known_hosts , |
and |
and |
.Pa $HOME/.ssh/known_hosts |
.Pa $HOME/.ssh/known_hosts |
files contain host public keys for all known hosts. |
files contain host public keys for all known hosts. |
|
|
.Pp |
.Pp |
Bits, exponent, and modulus are taken directly from the RSA host key; they |
Bits, exponent, and modulus are taken directly from the RSA host key; they |
can be obtained, e.g., from |
can be obtained, e.g., from |
.Pa /etc/ssh/ssh_host_key.pub . |
.Pa /etc/ssh_host_key.pub . |
The optional comment field continues to the end of the line, and is not used. |
The optional comment field continues to the end of the line, and is not used. |
.Pp |
.Pp |
Lines starting with |
Lines starting with |
|
|
long, and you definitely don't want to type in the host keys by hand. |
long, and you definitely don't want to type in the host keys by hand. |
Rather, generate them by a script |
Rather, generate them by a script |
or by taking |
or by taking |
.Pa /etc/ssh/ssh_host_key.pub |
.Pa /etc/ssh_host_key.pub |
and adding the host names at the front. |
and adding the host names at the front. |
.Ss Examples |
.Ss Examples |
.Bd -literal |
.Bd -literal |
|
|
.Ed |
.Ed |
.Sh FILES |
.Sh FILES |
.Bl -tag -width Ds |
.Bl -tag -width Ds |
.It Pa /etc/ssh/sshd_config |
.It Pa /etc/sshd_config |
Contains configuration data for |
Contains configuration data for |
.Nm sshd . |
.Nm sshd . |
This file should be writable by root only, but it is recommended |
This file should be writable by root only, but it is recommended |
(though not necessary) that it be world-readable. |
(though not necessary) that it be world-readable. |
.It Pa /etc/ssh/ssh_host_key, /etc/ssh/ssh_host_dsa_key, /etc/ssh/ssh_host_rsa_key |
.It Pa /etc/ssh_host_key, /etc/ssh_host_dsa_key, /etc/ssh_host_rsa_key |
These three files contain the private parts of the host keys. |
These three files contain the private parts of the host keys. |
These files should only be owned by root, readable only by root, and not |
These files should only be owned by root, readable only by root, and not |
accessible to others. |
accessible to others. |
Note that |
Note that |
.Nm |
.Nm |
does not start if this file is group/world-accessible. |
does not start if this file is group/world-accessible. |
.It Pa /etc/ssh/ssh_host_key.pub, /etc/ssh/ssh_host_dsa_key.pub, /etc/ssh/ssh_host_rsa_key.pub |
.It Pa /etc/ssh_host_key.pub, /etc/ssh_host_dsa_key.pub, /etc/ssh_host_rsa_key.pub |
These three files contain the public parts of the host keys. |
These three files contain the public parts of the host keys. |
These files should be world-readable but writable only by |
These files should be world-readable but writable only by |
root. |
root. |
|
|
.Pa id_rsa.pub |
.Pa id_rsa.pub |
files into this file, as described in |
files into this file, as described in |
.Xr ssh-keygen 1 . |
.Xr ssh-keygen 1 . |
.It Pa "/etc/ssh/ssh_known_hosts" and "$HOME/.ssh/known_hosts" |
.It Pa "/etc/ssh_known_hosts" and "$HOME/.ssh/known_hosts" |
These files are consulted when using rhosts with RSA host |
These files are consulted when using rhosts with RSA host |
authentication or protocol version 2 hostbased authentication |
authentication or protocol version 2 hostbased authentication |
to check the public key of the host. |
to check the public key of the host. |
|
|
The client uses the same files |
The client uses the same files |
to verify that it is connecting to the correct remote host. |
to verify that it is connecting to the correct remote host. |
These files should be writable only by root/the owner. |
These files should be writable only by root/the owner. |
.Pa /etc/ssh/ssh_known_hosts |
.Pa /etc/ssh_known_hosts |
should be world-readable, and |
should be world-readable, and |
.Pa $HOME/.ssh/known_hosts |
.Pa $HOME/.ssh/known_hosts |
can but need not be world-readable. |
can but need not be world-readable. |
|
|
.Ed |
.Ed |
.Pp |
.Pp |
If this file does not exist, |
If this file does not exist, |
.Pa /etc/ssh/sshrc |
.Pa /etc/sshrc |
is run, and if that |
is run, and if that |
does not exist either, xauth is used to store the cookie. |
does not exist either, xauth is used to store the cookie. |
.Pp |
.Pp |
This file should be writable only by the user, and need not be |
This file should be writable only by the user, and need not be |
readable by anyone else. |
readable by anyone else. |
.It Pa /etc/ssh/sshrc |
.It Pa /etc/sshrc |
Like |
Like |
.Pa $HOME/.ssh/rc . |
.Pa $HOME/.ssh/rc . |
This can be used to specify |
This can be used to specify |