version 1.257, 2010/08/04 05:37:01 |
version 1.258, 2010/08/08 19:36:30 |
|
|
.Ed |
.Ed |
.Sh FILES |
.Sh FILES |
.Bl -tag -width Ds -compact |
.Bl -tag -width Ds -compact |
.It ~/.hushlogin |
.It Pa ~/.hushlogin |
This file is used to suppress printing the last login time and |
This file is used to suppress printing the last login time and |
.Pa /etc/motd , |
.Pa /etc/motd , |
if |
if |
|
|
It does not suppress printing of the banner specified by |
It does not suppress printing of the banner specified by |
.Cm Banner . |
.Cm Banner . |
.Pp |
.Pp |
.It ~/.rhosts |
.It Pa ~/.rhosts |
This file is used for host-based authentication (see |
This file is used for host-based authentication (see |
.Xr ssh 1 |
.Xr ssh 1 |
for more information). |
for more information). |
|
|
permission for most machines is read/write for the user, and not |
permission for most machines is read/write for the user, and not |
accessible by others. |
accessible by others. |
.Pp |
.Pp |
.It ~/.shosts |
.It Pa ~/.shosts |
This file is used in exactly the same way as |
This file is used in exactly the same way as |
.Pa .rhosts , |
.Pa .rhosts , |
but allows host-based authentication without permitting login with |
but allows host-based authentication without permitting login with |
rlogin/rsh. |
rlogin/rsh. |
.Pp |
.Pp |
.It ~/.ssh/ |
.It Pa ~/.ssh/ |
This directory is the default location for all user-specific configuration |
This directory is the default location for all user-specific configuration |
and authentication information. |
and authentication information. |
There is no general requirement to keep the entire contents of this directory |
There is no general requirement to keep the entire contents of this directory |
secret, but the recommended permissions are read/write/execute for the user, |
secret, but the recommended permissions are read/write/execute for the user, |
and not accessible by others. |
and not accessible by others. |
.Pp |
.Pp |
.It ~/.ssh/authorized_keys |
.It Pa ~/.ssh/authorized_keys |
Lists the public keys (RSA/DSA) that can be used for logging in as this user. |
Lists the public keys (RSA/DSA) that can be used for logging in as this user. |
The format of this file is described above. |
The format of this file is described above. |
The content of the file is not highly sensitive, but the recommended |
The content of the file is not highly sensitive, but the recommended |
|
|
option has been set to |
option has been set to |
.Dq no . |
.Dq no . |
.Pp |
.Pp |
.It ~/.ssh/environment |
.It Pa ~/.ssh/environment |
This file is read into the environment at login (if it exists). |
This file is read into the environment at login (if it exists). |
It can only contain empty lines, comment lines (that start with |
It can only contain empty lines, comment lines (that start with |
.Ql # ) , |
.Ql # ) , |
|
|
.Cm PermitUserEnvironment |
.Cm PermitUserEnvironment |
option. |
option. |
.Pp |
.Pp |
.It ~/.ssh/known_hosts |
.It Pa ~/.ssh/known_hosts |
Contains a list of host keys for all hosts the user has logged into |
Contains a list of host keys for all hosts the user has logged into |
that are not already in the systemwide list of known host keys. |
that are not already in the systemwide list of known host keys. |
The format of this file is described above. |
The format of this file is described above. |
This file should be writable only by root/the owner and |
This file should be writable only by root/the owner and |
can, but need not be, world-readable. |
can, but need not be, world-readable. |
.Pp |
.Pp |
.It ~/.ssh/rc |
.It Pa ~/.ssh/rc |
Contains initialization routines to be run before |
Contains initialization routines to be run before |
the user's home directory becomes accessible. |
the user's home directory becomes accessible. |
This file should be writable only by the user, and need not be |
This file should be writable only by the user, and need not be |
readable by anyone else. |
readable by anyone else. |
.Pp |
.Pp |
.It /etc/hosts.allow |
.It Pa /etc/hosts.allow |
.It /etc/hosts.deny |
.It Pa /etc/hosts.deny |
Access controls that should be enforced by tcp-wrappers are defined here. |
Access controls that should be enforced by tcp-wrappers are defined here. |
Further details are described in |
Further details are described in |
.Xr hosts_access 5 . |
.Xr hosts_access 5 . |
.Pp |
.Pp |
.It /etc/hosts.equiv |
.It Pa /etc/hosts.equiv |
This file is for host-based authentication (see |
This file is for host-based authentication (see |
.Xr ssh 1 ) . |
.Xr ssh 1 ) . |
It should only be writable by root. |
It should only be writable by root. |
.Pp |
.Pp |
.It /etc/moduli |
.It Pa /etc/moduli |
Contains Diffie-Hellman groups used for the "Diffie-Hellman Group Exchange". |
Contains Diffie-Hellman groups used for the "Diffie-Hellman Group Exchange". |
The file format is described in |
The file format is described in |
.Xr moduli 5 . |
.Xr moduli 5 . |
.Pp |
.Pp |
.It /etc/motd |
.It Pa /etc/motd |
See |
See |
.Xr motd 5 . |
.Xr motd 5 . |
.Pp |
.Pp |
.It /etc/nologin |
.It Pa /etc/nologin |
If this file exists, |
If this file exists, |
.Nm |
.Nm |
refuses to let anyone except root log in. |
refuses to let anyone except root log in. |
|
|
refused. |
refused. |
The file should be world-readable. |
The file should be world-readable. |
.Pp |
.Pp |
.It /etc/shosts.equiv |
.It Pa /etc/shosts.equiv |
This file is used in exactly the same way as |
This file is used in exactly the same way as |
.Pa hosts.equiv , |
.Pa hosts.equiv , |
but allows host-based authentication without permitting login with |
but allows host-based authentication without permitting login with |
rlogin/rsh. |
rlogin/rsh. |
.Pp |
.Pp |
.It /etc/ssh/ssh_host_key |
.It Pa /etc/ssh/ssh_host_key |
.It /etc/ssh/ssh_host_dsa_key |
.It Pa /etc/ssh/ssh_host_dsa_key |
.It /etc/ssh/ssh_host_rsa_key |
.It Pa /etc/ssh/ssh_host_rsa_key |
These three files contain the private parts of the host keys. |
These three files contain the private parts of the host keys. |
These files should only be owned by root, readable only by root, and not |
These files should only be owned by root, readable only by root, and not |
accessible to others. |
accessible to others. |
|
|
.Nm |
.Nm |
does not start if these files are group/world-accessible. |
does not start if these files are group/world-accessible. |
.Pp |
.Pp |
.It /etc/ssh/ssh_host_key.pub |
.It Pa /etc/ssh/ssh_host_key.pub |
.It /etc/ssh/ssh_host_dsa_key.pub |
.It Pa /etc/ssh/ssh_host_dsa_key.pub |
.It /etc/ssh/ssh_host_rsa_key.pub |
.It Pa /etc/ssh/ssh_host_rsa_key.pub |
These three files contain the public parts of the host keys. |
These three files contain the public parts of the host keys. |
These files should be world-readable but writable only by |
These files should be world-readable but writable only by |
root. |
root. |
|
|
These files are created using |
These files are created using |
.Xr ssh-keygen 1 . |
.Xr ssh-keygen 1 . |
.Pp |
.Pp |
.It /etc/ssh/ssh_known_hosts |
.It Pa /etc/ssh/ssh_known_hosts |
Systemwide list of known host keys. |
Systemwide list of known host keys. |
This file should be prepared by the |
This file should be prepared by the |
system administrator to contain the public host keys of all machines in the |
system administrator to contain the public host keys of all machines in the |
|
|
This file should be writable only by root/the owner and |
This file should be writable only by root/the owner and |
should be world-readable. |
should be world-readable. |
.Pp |
.Pp |
.It /etc/ssh/sshd_config |
.It Pa /etc/ssh/sshd_config |
Contains configuration data for |
Contains configuration data for |
.Nm sshd . |
.Nm sshd . |
The file format and configuration options are described in |
The file format and configuration options are described in |
.Xr sshd_config 5 . |
.Xr sshd_config 5 . |
.Pp |
.Pp |
.It /etc/ssh/sshrc |
.It Pa /etc/ssh/sshrc |
Similar to |
Similar to |
.Pa ~/.ssh/rc , |
.Pa ~/.ssh/rc , |
it can be used to specify |
it can be used to specify |
machine-specific login-time initializations globally. |
machine-specific login-time initializations globally. |
This file should be writable only by root, and should be world-readable. |
This file should be writable only by root, and should be world-readable. |
.Pp |
.Pp |
.It /var/empty |
.It Pa /var/empty |
.Xr chroot 2 |
.Xr chroot 2 |
directory used by |
directory used by |
.Nm |
.Nm |
|
|
The directory should not contain any files and must be owned by root |
The directory should not contain any files and must be owned by root |
and not group or world-writable. |
and not group or world-writable. |
.Pp |
.Pp |
.It /var/run/sshd.pid |
.It Pa /var/run/sshd.pid |
Contains the process ID of the |
Contains the process ID of the |
.Nm |
.Nm |
listening for connections (if there are several daemons running |
listening for connections (if there are several daemons running |