version 1.225, 2006/02/16 09:05:34 |
version 1.226, 2006/02/19 19:52:10 |
|
|
.Dq rc |
.Dq rc |
files are given the X11 |
files are given the X11 |
authentication protocol and cookie in standard input. |
authentication protocol and cookie in standard input. |
|
See |
|
.Sx SSHRC , |
|
below. |
.It |
.It |
Runs user's shell or command. |
Runs user's shell or command. |
.El |
.El |
|
.Sh SSHRC |
|
If the file |
|
.Pa ~/.ssh/rc |
|
exists, |
|
.Xr sh 1 |
|
runs it after reading the |
|
environment files but before starting the user's shell or command. |
|
It must not produce any output on stdout; stderr must be used |
|
instead. |
|
If X11 forwarding is in use, it will receive the "proto cookie" pair in |
|
its standard input (and |
|
.Ev DISPLAY |
|
in its environment). |
|
The script must call |
|
.Xr xauth 1 |
|
because |
|
.Nm |
|
will not run xauth automatically to add X11 cookies. |
|
.Pp |
|
The primary purpose of this file is to run any initialization routines |
|
which may be needed before the user's home directory becomes |
|
accessible; AFS is a particular example of such an environment. |
|
.Pp |
|
This file will probably contain some initialization code followed by |
|
something similar to: |
|
.Bd -literal -offset 3n |
|
if read proto cookie && [ -n "$DISPLAY" ]; then |
|
if [ `echo $DISPLAY | cut -c1-10` = 'localhost:' ]; then |
|
# X11UseLocalhost=yes |
|
echo add unix:`echo $DISPLAY | |
|
cut -c11-` $proto $cookie |
|
else |
|
# X11UseLocalhost=no |
|
echo add $DISPLAY $proto $cookie |
|
fi | xauth -q - |
|
fi |
|
.Ed |
|
.Pp |
|
If this file does not exist, |
|
.Pa /etc/ssh/sshrc |
|
is run, and if that |
|
does not exist either, xauth is used to add the cookie. |
.Sh AUTHORIZED_KEYS FILE FORMAT |
.Sh AUTHORIZED_KEYS FILE FORMAT |
.Cm AuthorizedKeysFile |
.Cm AuthorizedKeysFile |
specifies the file containing public keys for |
specifies the file containing public keys for |
|
|
can, but need not be, world-readable. |
can, but need not be, world-readable. |
.Pp |
.Pp |
.It ~/.ssh/rc |
.It ~/.ssh/rc |
If this file exists, it is run with |
Contains initialization routines to be run before |
.Pa /bin/sh |
the user's home directory becomes accessible. |
after reading the |
|
environment files but before starting the user's shell or command. |
|
It must not produce any output on stdout; stderr must be used |
|
instead. |
|
If X11 forwarding is in use, it will receive the "proto cookie" pair in |
|
its standard input (and |
|
.Ev DISPLAY |
|
in its environment). |
|
The script must call |
|
.Xr xauth 1 |
|
because |
|
.Nm |
|
will not run xauth automatically to add X11 cookies. |
|
.Pp |
|
The primary purpose of this file is to run any initialization routines |
|
which may be needed before the user's home directory becomes |
|
accessible; AFS is a particular example of such an environment. |
|
.Pp |
|
This file will probably contain some initialization code followed by |
|
something similar to: |
|
.Bd -literal |
|
if read proto cookie && [ -n "$DISPLAY" ]; then |
|
if [ `echo $DISPLAY | cut -c1-10` = 'localhost:' ]; then |
|
# X11UseLocalhost=yes |
|
echo add unix:`echo $DISPLAY | |
|
cut -c11-` $proto $cookie |
|
else |
|
# X11UseLocalhost=no |
|
echo add $DISPLAY $proto $cookie |
|
fi | xauth -q - |
|
fi |
|
.Ed |
|
.Pp |
|
If this file does not exist, |
|
.Pa /etc/ssh/sshrc |
|
is run, and if that |
|
does not exist either, xauth is used to add the cookie. |
|
.Pp |
|
This file should be writable only by the user, and need not be |
This file should be writable only by the user, and need not be |
readable by anyone else. |
readable by anyone else. |
.Pp |
.Pp |
|
|
.Xr sshd_config 5 . |
.Xr sshd_config 5 . |
.Pp |
.Pp |
.It /etc/ssh/sshrc |
.It /etc/ssh/sshrc |
Like |
Similar to |
.Pa ~/.ssh/rc . |
.Pa ~/.ssh/rc , |
This can be used to specify |
it can be used to specify |
machine-specific login-time initializations globally. |
machine-specific login-time initializations globally. |
This file should be writable only by root, and should be world-readable. |
This file should be writable only by root, and should be world-readable. |
.Pp |
.Pp |