version 1.176.2.4, 2002/06/26 15:30:39 |
version 1.176.2.5, 2002/10/11 14:51:53 |
|
|
refuses to start if there is no configuration file. |
refuses to start if there is no configuration file. |
.It Fl g Ar login_grace_time |
.It Fl g Ar login_grace_time |
Gives the grace time for clients to authenticate themselves (default |
Gives the grace time for clients to authenticate themselves (default |
600 seconds). |
120 seconds). |
If the client fails to authenticate the user within |
If the client fails to authenticate the user within |
this many seconds, the server disconnects and exits. |
this many seconds, the server disconnects and exits. |
A value of zero indicates no limit. |
A value of zero indicates no limit. |
|
|
.It |
.It |
Reads |
Reads |
.Pa $HOME/.ssh/environment |
.Pa $HOME/.ssh/environment |
if it exists. |
if it exists and users are allowed to change their environment. |
|
See the |
|
.Cm PermitUserEnvironment |
|
option in |
|
.Xr sshd_config 5 . |
.It |
.It |
Changes to user's home directory. |
Changes to user's home directory. |
.It |
.It |
|
|
spaces: options, bits, exponent, modulus, comment. |
spaces: options, bits, exponent, modulus, comment. |
Each protocol version 2 public key consists of: |
Each protocol version 2 public key consists of: |
options, keytype, base64 encoded key, comment. |
options, keytype, base64 encoded key, comment. |
The options fields |
The options field |
are optional; its presence is determined by whether the line starts |
is optional; its presence is determined by whether the line starts |
with a number or not (the option field never starts with a number). |
with a number or not (the options field never starts with a number). |
The bits, exponent, modulus and comment fields give the RSA key for |
The bits, exponent, modulus and comment fields give the RSA key for |
protocol version 1; the |
protocol version 1; the |
comment field is not used for anything (but may be convenient for the |
comment field is not used for anything (but may be convenient for the |
|
|
.Dq ssh-rsa . |
.Dq ssh-rsa . |
.Pp |
.Pp |
Note that lines in this file are usually several hundred bytes long |
Note that lines in this file are usually several hundred bytes long |
(because of the size of the RSA key modulus). |
(because of the size of the public key encoding). |
You don't want to type them in; instead, copy the |
You don't want to type them in; instead, copy the |
.Pa identity.pub , |
.Pa identity.pub , |
.Pa id_dsa.pub |
.Pa id_dsa.pub |
|
|
that option keywords are case-insensitive): |
that option keywords are case-insensitive): |
.Bl -tag -width Ds |
.Bl -tag -width Ds |
.It Cm from="pattern-list" |
.It Cm from="pattern-list" |
Specifies that in addition to RSA authentication, the canonical name |
Specifies that in addition to public key authentication, the canonical name |
of the remote host must be present in the comma-separated list of |
of the remote host must be present in the comma-separated list of |
patterns |
patterns |
.Pf ( Ql * |
.Pf ( Ql * |
|
|
.Ql ! ; |
.Ql ! ; |
if the canonical host name matches a negated pattern, the key is not accepted. |
if the canonical host name matches a negated pattern, the key is not accepted. |
The purpose |
The purpose |
of this option is to optionally increase security: RSA authentication |
of this option is to optionally increase security: public key authentication |
by itself does not trust the network or name servers or anything (but |
by itself does not trust the network or name servers or anything (but |
the key); however, if somebody somehow steals the key, the key |
the key); however, if somebody somehow steals the key, the key |
permits an intruder to log in from anywhere in the world. |
permits an intruder to log in from anywhere in the world. |
|
|
.Cm no-pty . |
.Cm no-pty . |
A quote may be included in the command by quoting it with a backslash. |
A quote may be included in the command by quoting it with a backslash. |
This option might be useful |
This option might be useful |
to restrict certain RSA keys to perform just a specific operation. |
to restrict certain public keys to perform just a specific operation. |
An example might be a key that permits remote backups but nothing else. |
An example might be a key that permits remote backups but nothing else. |
Note that the client may specify TCP/IP and/or X11 |
Note that the client may specify TCP/IP and/or X11 |
forwarding unless they are explicitly prohibited. |
forwarding unless they are explicitly prohibited. |
|
|
Environment variables set this way |
Environment variables set this way |
override other default environment values. |
override other default environment values. |
Multiple options of this type are permitted. |
Multiple options of this type are permitted. |
|
Environment processing is disabled by default and is |
|
controlled via the |
|
.Cm PermitUserEnvironment |
|
option. |
This option is automatically disabled if |
This option is automatically disabled if |
.Cm UseLogin |
.Cm UseLogin |
is enabled. |
is enabled. |
|
|
.Xr ssh-keygen 1 . |
.Xr ssh-keygen 1 . |
.It Pa /etc/moduli |
.It Pa /etc/moduli |
Contains Diffie-Hellman groups used for the "Diffie-Hellman Group Exchange". |
Contains Diffie-Hellman groups used for the "Diffie-Hellman Group Exchange". |
|
The file format is described in |
|
.Xr moduli 5 . |
.It Pa /var/empty |
.It Pa /var/empty |
.Xr chroot 2 |
.Xr chroot 2 |
directory used by |
directory used by |
|
|
and assignment lines of the form name=value. |
and assignment lines of the form name=value. |
The file should be writable |
The file should be writable |
only by the user; it need not be readable by anyone else. |
only by the user; it need not be readable by anyone else. |
|
Environment processing is disabled by default and is |
|
controlled via the |
|
.Cm PermitUserEnvironment |
|
option. |
.It Pa $HOME/.ssh/rc |
.It Pa $HOME/.ssh/rc |
If this file exists, it is run with /bin/sh after reading the |
If this file exists, it is run with /bin/sh after reading the |
environment files but before starting the user's shell or command. |
environment files but before starting the user's shell or command. |
|
|
if read proto cookie && [ -n "$DISPLAY" ]; then |
if read proto cookie && [ -n "$DISPLAY" ]; then |
if [ `echo $DISPLAY | cut -c1-10` = 'localhost:' ]; then |
if [ `echo $DISPLAY | cut -c1-10` = 'localhost:' ]; then |
# X11UseLocalhost=yes |
# X11UseLocalhost=yes |
xauth add unix:`echo $DISPLAY | |
echo add unix:`echo $DISPLAY | |
cut -c11-` $proto $cookie |
cut -c11-` $proto $cookie |
else |
else |
# X11UseLocalhost=no |
# X11UseLocalhost=no |
xauth add $DISPLAY $proto $cookie |
echo add $DISPLAY $proto $cookie |
fi |
fi | xauth -q - |
fi |
fi |
.Ed |
.Ed |
.Pp |
.Pp |