| version 1.188, 2002/08/12 17:30:35 |
version 1.189, 2002/08/21 11:20:59 |
|
|
| spaces: options, bits, exponent, modulus, comment. |
spaces: options, bits, exponent, modulus, comment. |
| Each protocol version 2 public key consists of: |
Each protocol version 2 public key consists of: |
| options, keytype, base64 encoded key, comment. |
options, keytype, base64 encoded key, comment. |
| The options fields |
The options field |
| are optional; its presence is determined by whether the line starts |
is optional; its presence is determined by whether the line starts |
| with a number or not (the option field never starts with a number). |
with a number or not (the options field never starts with a number). |
| The bits, exponent, modulus and comment fields give the RSA key for |
The bits, exponent, modulus and comment fields give the RSA key for |
| protocol version 1; the |
protocol version 1; the |
| comment field is not used for anything (but may be convenient for the |
comment field is not used for anything (but may be convenient for the |
|
|
| .Dq ssh-rsa . |
.Dq ssh-rsa . |
| .Pp |
.Pp |
| Note that lines in this file are usually several hundred bytes long |
Note that lines in this file are usually several hundred bytes long |
| (because of the size of the RSA key modulus). |
(because of the size of the public key encoding). |
| You don't want to type them in; instead, copy the |
You don't want to type them in; instead, copy the |
| .Pa identity.pub , |
.Pa identity.pub , |
| .Pa id_dsa.pub |
.Pa id_dsa.pub |
|
|
| that option keywords are case-insensitive): |
that option keywords are case-insensitive): |
| .Bl -tag -width Ds |
.Bl -tag -width Ds |
| .It Cm from="pattern-list" |
.It Cm from="pattern-list" |
| Specifies that in addition to RSA authentication, the canonical name |
Specifies that in addition to public key authentication, the canonical name |
| of the remote host must be present in the comma-separated list of |
of the remote host must be present in the comma-separated list of |
| patterns |
patterns |
| .Pf ( Ql * |
.Pf ( Ql * |
|
|
| .Ql ! ; |
.Ql ! ; |
| if the canonical host name matches a negated pattern, the key is not accepted. |
if the canonical host name matches a negated pattern, the key is not accepted. |
| The purpose |
The purpose |
| of this option is to optionally increase security: RSA authentication |
of this option is to optionally increase security: public key authentication |
| by itself does not trust the network or name servers or anything (but |
by itself does not trust the network or name servers or anything (but |
| the key); however, if somebody somehow steals the key, the key |
the key); however, if somebody somehow steals the key, the key |
| permits an intruder to log in from anywhere in the world. |
permits an intruder to log in from anywhere in the world. |
|
|
| .Cm no-pty . |
.Cm no-pty . |
| A quote may be included in the command by quoting it with a backslash. |
A quote may be included in the command by quoting it with a backslash. |
| This option might be useful |
This option might be useful |
| to restrict certain RSA keys to perform just a specific operation. |
to restrict certain public keys to perform just a specific operation. |
| An example might be a key that permits remote backups but nothing else. |
An example might be a key that permits remote backups but nothing else. |
| Note that the client may specify TCP/IP and/or X11 |
Note that the client may specify TCP/IP and/or X11 |
| forwarding unless they are explicitly prohibited. |
forwarding unless they are explicitly prohibited. |
![[BACK]](/icons/back.gif){kind=icon}
Return to sshd.8 CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / src / usr.bin / ssh