version 1.206, 2005/03/01 14:59:49 |
version 1.206.2.1, 2005/09/04 18:40:11 |
|
|
works as follows: |
works as follows: |
.Ss SSH protocol version 1 |
.Ss SSH protocol version 1 |
Each host has a host-specific RSA key |
Each host has a host-specific RSA key |
(normally 1024 bits) used to identify the host. |
(normally 2048 bits) used to identify the host. |
Additionally, when |
Additionally, when |
the daemon starts, it generates a server RSA key (normally 768 bits). |
the daemon starts, it generates a server RSA key (normally 768 bits). |
This key is normally regenerated every hour if it has been used, and |
This key is normally regenerated every hour if it has been used, and |
|
|
prints last login time and |
prints last login time and |
.Pa /etc/motd |
.Pa /etc/motd |
(unless prevented in the configuration file or by |
(unless prevented in the configuration file or by |
.Pa $HOME/.hushlogin ; |
.Pa ~/.hushlogin ; |
see the |
see the |
.Sx FILES |
.Sx FILES |
section). |
section). |
|
|
Sets up basic environment. |
Sets up basic environment. |
.It |
.It |
Reads the file |
Reads the file |
.Pa $HOME/.ssh/environment , |
.Pa ~/.ssh/environment , |
if it exists, and users are allowed to change their environment. |
if it exists, and users are allowed to change their environment. |
See the |
See the |
.Cm PermitUserEnvironment |
.Cm PermitUserEnvironment |
|
|
Changes to user's home directory. |
Changes to user's home directory. |
.It |
.It |
If |
If |
.Pa $HOME/.ssh/rc |
.Pa ~/.ssh/rc |
exists, runs it; else if |
exists, runs it; else if |
.Pa /etc/ssh/sshrc |
.Pa /etc/ssh/sshrc |
exists, runs |
exists, runs |
|
|
Runs user's shell or command. |
Runs user's shell or command. |
.El |
.El |
.Sh AUTHORIZED_KEYS FILE FORMAT |
.Sh AUTHORIZED_KEYS FILE FORMAT |
.Pa $HOME/.ssh/authorized_keys |
.Pa ~/.ssh/authorized_keys |
is the default file that lists the public keys that are |
is the default file that lists the public keys that are |
permitted for RSA authentication in protocol version 1 |
permitted for RSA authentication in protocol version 1 |
and for public key authentication (PubkeyAuthentication) |
and for public key authentication (PubkeyAuthentication) |
|
|
The |
The |
.Pa /etc/ssh/ssh_known_hosts |
.Pa /etc/ssh/ssh_known_hosts |
and |
and |
.Pa $HOME/.ssh/known_hosts |
.Pa ~/.ssh/known_hosts |
files contain host public keys for all known hosts. |
files contain host public keys for all known hosts. |
The global file should |
The global file should |
be prepared by the administrator (optional), and the per-user file is |
be prepared by the administrator (optional), and the per-user file is |
|
|
concurrently for different ports, this contains the process ID of the one |
concurrently for different ports, this contains the process ID of the one |
started last). |
started last). |
The content of this file is not sensitive; it can be world-readable. |
The content of this file is not sensitive; it can be world-readable. |
.It Pa $HOME/.ssh/authorized_keys |
.It Pa ~/.ssh/authorized_keys |
Lists the public keys (RSA or DSA) that can be used to log into the user's account. |
Lists the public keys (RSA or DSA) that can be used to log into the user's account. |
This file must be readable by root (which may on some machines imply |
This file must be readable by root (which may on some machines imply |
it being world-readable if the user's home directory resides on an NFS |
it being world-readable if the user's home directory resides on an NFS |
|
|
.Pa id_rsa.pub |
.Pa id_rsa.pub |
files into this file, as described in |
files into this file, as described in |
.Xr ssh-keygen 1 . |
.Xr ssh-keygen 1 . |
.It Pa "/etc/ssh/ssh_known_hosts", "$HOME/.ssh/known_hosts" |
.It Pa "/etc/ssh/ssh_known_hosts", "~/.ssh/known_hosts" |
These files are consulted when using rhosts with RSA host |
These files are consulted when using rhosts with RSA host |
authentication or protocol version 2 hostbased authentication |
authentication or protocol version 2 hostbased authentication |
to check the public key of the host. |
to check the public key of the host. |
|
|
These files should be writable only by root/the owner. |
These files should be writable only by root/the owner. |
.Pa /etc/ssh/ssh_known_hosts |
.Pa /etc/ssh/ssh_known_hosts |
should be world-readable, and |
should be world-readable, and |
.Pa $HOME/.ssh/known_hosts |
.Pa ~/.ssh/known_hosts |
can, but need not be, world-readable. |
can, but need not be, world-readable. |
.It Pa /etc/motd |
.It Pa /etc/motd |
See |
See |
.Xr motd 5 . |
.Xr motd 5 . |
.It Pa $HOME/.hushlogin |
.It Pa ~/.hushlogin |
This file is used to suppress printing the last login time and |
This file is used to suppress printing the last login time and |
.Pa /etc/motd , |
.Pa /etc/motd , |
if |
if |
|
|
Access controls that should be enforced by tcp-wrappers are defined here. |
Access controls that should be enforced by tcp-wrappers are defined here. |
Further details are described in |
Further details are described in |
.Xr hosts_access 5 . |
.Xr hosts_access 5 . |
.It Pa $HOME/.rhosts |
.It Pa ~/.rhosts |
This file is used during |
This file is used during |
.Cm RhostsRSAAuthentication |
.Cm RhostsRSAAuthentication |
and |
and |
|
|
Either host or user |
Either host or user |
name may be of the form +@groupname to specify all hosts or all users |
name may be of the form +@groupname to specify all hosts or all users |
in the group. |
in the group. |
.It Pa $HOME/.shosts |
.It Pa ~/.shosts |
For ssh, |
For ssh, |
this file is exactly the same as for |
this file is exactly the same as for |
.Pa .rhosts . |
.Pa .rhosts . |
|
|
.Pa /etc/hosts.equiv . |
.Pa /etc/hosts.equiv . |
However, this file may be useful in environments that want to run both |
However, this file may be useful in environments that want to run both |
rsh/rlogin and ssh. |
rsh/rlogin and ssh. |
.It Pa $HOME/.ssh/environment |
.It Pa ~/.ssh/environment |
This file is read into the environment at login (if it exists). |
This file is read into the environment at login (if it exists). |
It can only contain empty lines, comment lines (that start with |
It can only contain empty lines, comment lines (that start with |
.Ql # ) , |
.Ql # ) , |
|
|
controlled via the |
controlled via the |
.Cm PermitUserEnvironment |
.Cm PermitUserEnvironment |
option. |
option. |
.It Pa $HOME/.ssh/rc |
.It Pa ~/.ssh/rc |
If this file exists, it is run with |
If this file exists, it is run with |
.Pa /bin/sh |
.Pa /bin/sh |
after reading the |
after reading the |
|
|
readable by anyone else. |
readable by anyone else. |
.It Pa /etc/ssh/sshrc |
.It Pa /etc/ssh/sshrc |
Like |
Like |
.Pa $HOME/.ssh/rc . |
.Pa ~/.ssh/rc . |
This can be used to specify |
This can be used to specify |
machine-specific login-time initializations globally. |
machine-specific login-time initializations globally. |
This file should be writable only by root, and should be world-readable. |
This file should be writable only by root, and should be world-readable. |