| version 1.226, 2006/02/19 19:52:10 |
version 1.227, 2006/02/19 20:02:17 |
|
|
| .Xr hosts_access 5 . |
.Xr hosts_access 5 . |
| .Pp |
.Pp |
| .It /etc/hosts.equiv |
.It /etc/hosts.equiv |
| This file is used during |
This file is for host-based authentication (see |
| .Cm RhostsRSAAuthentication |
.Xr ssh 1 ) . |
| and |
It should only be writable by root. |
| .Cm HostbasedAuthentication |
|
| authentication. |
|
| In the simplest form, this file contains host names, one per line. |
|
| Users on |
|
| those hosts are permitted to log in without a password, provided they |
|
| have the same user name on both machines. |
|
| The host name may also be |
|
| followed by a user name; such users are permitted to log in as |
|
| .Em any |
|
| user on this machine (except root). |
|
| Additionally, the syntax |
|
| .Dq +@group |
|
| can be used to specify netgroups. |
|
| Negated entries start with |
|
| .Ql \&- . |
|
| .Pp |
.Pp |
| If the client host/user is successfully matched in this file, login is |
|
| automatically permitted provided the client and server user names are the |
|
| same. |
|
| Additionally, successful client host key authentication is required. |
|
| This file must be writable only by root; it is recommended |
|
| that it be world-readable. |
|
| .Pp |
|
| .Sy "Warning: It is almost never a good idea to use user names in" |
|
| .Pa hosts.equiv . |
|
| Beware that it really means that the named user(s) can log in as |
|
| .Em anybody , |
|
| which includes bin, daemon, adm, and other accounts that own critical |
|
| binaries and directories. |
|
| Using a user name practically grants the user root access. |
|
| The only valid use for user names that I can think |
|
| of is in negative entries. |
|
| .Pp |
|
| Note that this warning also applies to rsh/rlogin. |
|
| .Pp |
|
| .It /etc/moduli |
.It /etc/moduli |
| Contains Diffie-Hellman groups used for the "Diffie-Hellman Group Exchange". |
Contains Diffie-Hellman groups used for the "Diffie-Hellman Group Exchange". |
| The file format is described in |
The file format is described in |
|
|
| The file should be world-readable. |
The file should be world-readable. |
| .Pp |
.Pp |
| .It /etc/shosts.equiv |
.It /etc/shosts.equiv |
| This is processed exactly as |
This file is used in exactly the same way as |
| .Pa /etc/hosts.equiv . |
.Pa hosts.equiv , |
| However, this file may be useful in environments that want to run both |
but allows host-based authentication without permitting login with |
| rsh/rlogin and ssh. |
rlogin/rsh. |
| .Pp |
.Pp |
| .It /etc/ssh/ssh_known_hosts |
.It /etc/ssh/ssh_known_hosts |
| Systemwide list of known host keys. |
Systemwide list of known host keys. |
![[BACK]](/icons/back.gif){kind=icon}
Return to sshd.8 CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / src / usr.bin / ssh