version 1.188, 2002/08/12 17:30:35 |
version 1.189, 2002/08/21 11:20:59 |
|
|
spaces: options, bits, exponent, modulus, comment. |
spaces: options, bits, exponent, modulus, comment. |
Each protocol version 2 public key consists of: |
Each protocol version 2 public key consists of: |
options, keytype, base64 encoded key, comment. |
options, keytype, base64 encoded key, comment. |
The options fields |
The options field |
are optional; its presence is determined by whether the line starts |
is optional; its presence is determined by whether the line starts |
with a number or not (the option field never starts with a number). |
with a number or not (the options field never starts with a number). |
The bits, exponent, modulus and comment fields give the RSA key for |
The bits, exponent, modulus and comment fields give the RSA key for |
protocol version 1; the |
protocol version 1; the |
comment field is not used for anything (but may be convenient for the |
comment field is not used for anything (but may be convenient for the |
|
|
.Dq ssh-rsa . |
.Dq ssh-rsa . |
.Pp |
.Pp |
Note that lines in this file are usually several hundred bytes long |
Note that lines in this file are usually several hundred bytes long |
(because of the size of the RSA key modulus). |
(because of the size of the public key encoding). |
You don't want to type them in; instead, copy the |
You don't want to type them in; instead, copy the |
.Pa identity.pub , |
.Pa identity.pub , |
.Pa id_dsa.pub |
.Pa id_dsa.pub |
|
|
that option keywords are case-insensitive): |
that option keywords are case-insensitive): |
.Bl -tag -width Ds |
.Bl -tag -width Ds |
.It Cm from="pattern-list" |
.It Cm from="pattern-list" |
Specifies that in addition to RSA authentication, the canonical name |
Specifies that in addition to public key authentication, the canonical name |
of the remote host must be present in the comma-separated list of |
of the remote host must be present in the comma-separated list of |
patterns |
patterns |
.Pf ( Ql * |
.Pf ( Ql * |
|
|
.Ql ! ; |
.Ql ! ; |
if the canonical host name matches a negated pattern, the key is not accepted. |
if the canonical host name matches a negated pattern, the key is not accepted. |
The purpose |
The purpose |
of this option is to optionally increase security: RSA authentication |
of this option is to optionally increase security: public key authentication |
by itself does not trust the network or name servers or anything (but |
by itself does not trust the network or name servers or anything (but |
the key); however, if somebody somehow steals the key, the key |
the key); however, if somebody somehow steals the key, the key |
permits an intruder to log in from anywhere in the world. |
permits an intruder to log in from anywhere in the world. |
|
|
.Cm no-pty . |
.Cm no-pty . |
A quote may be included in the command by quoting it with a backslash. |
A quote may be included in the command by quoting it with a backslash. |
This option might be useful |
This option might be useful |
to restrict certain RSA keys to perform just a specific operation. |
to restrict certain public keys to perform just a specific operation. |
An example might be a key that permits remote backups but nothing else. |
An example might be a key that permits remote backups but nothing else. |
Note that the client may specify TCP/IP and/or X11 |
Note that the client may specify TCP/IP and/or X11 |
forwarding unless they are explicitly prohibited. |
forwarding unless they are explicitly prohibited. |