| version 1.230, 2006/02/24 20:31:31 |
version 1.230.2.1, 2006/09/30 04:06:51 |
|
|
| An example might be a key that permits remote backups but nothing else. |
An example might be a key that permits remote backups but nothing else. |
| Note that the client may specify TCP and/or X11 |
Note that the client may specify TCP and/or X11 |
| forwarding unless they are explicitly prohibited. |
forwarding unless they are explicitly prohibited. |
| |
The command originally supplied by the client is available in the |
| |
.Ev SSH_ORIGINAL_COMMAND |
| |
environment variable. |
| Note that this option applies to shell, command or subsystem execution. |
Note that this option applies to shell, command or subsystem execution. |
| .It Cm environment="NAME=value" |
.It Cm environment="NAME=value" |
| Specifies that the string is to be added to the environment when |
Specifies that the string is to be added to the environment when |
|
|
| to indicate negation: if the host name matches a negated |
to indicate negation: if the host name matches a negated |
| pattern, it is not accepted (by that line) even if it matched another |
pattern, it is not accepted (by that line) even if it matched another |
| pattern on the line. |
pattern on the line. |
| |
A hostname or address may optionally be enclosed within |
| |
.Ql \&[ |
| |
and |
| |
.Ql \&] |
| |
brackets then followed by |
| |
.Ql \&: |
| |
and a non-standard port number. |
| .Pp |
.Pp |
| Alternately, hostnames may be stored in a hashed form which hides host names |
Alternately, hostnames may be stored in a hashed form which hides host names |
| and addresses should the file's contents be disclosed. |
and addresses should the file's contents be disclosed. |
|
|
| .It ~/.ssh/authorized_keys |
.It ~/.ssh/authorized_keys |
| Lists the public keys (RSA/DSA) that can be used for logging in as this user. |
Lists the public keys (RSA/DSA) that can be used for logging in as this user. |
| The format of this file is described above. |
The format of this file is described above. |
| This file is not highly sensitive, but the recommended |
The content of the file is not highly sensitive, but the recommended |
| permissions are read/write for the user, and not accessible by others. |
permissions are read/write for the user, and not accessible by others. |
| |
.Pp |
| |
If this file, the |
| |
.Pa ~/.ssh |
| |
directory, or the user's home directory are writable |
| |
by other users, then the file could be modified or replaced by unauthorized |
| |
users. |
| |
In this case, |
| |
.Nm |
| |
will not allow it to be used unless the |
| |
.Cm StrictModes |
| |
option has been set to |
| |
.Dq no . |
| |
The recommended permissions can be set by executing |
| |
.Dq chmod go-w ~/ ~/.ssh ~/.ssh/authorized_keys . |
| .Pp |
.Pp |
| .It ~/.ssh/environment |
.It ~/.ssh/environment |
| This file is read into the environment at login (if it exists). |
This file is read into the environment at login (if it exists). |
![[BACK]](/icons/back.gif){kind=icon}
Return to sshd.8 CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / src / usr.bin / ssh