| version 1.257, 2010/08/04 05:37:01 |
version 1.258, 2010/08/08 19:36:30 |
|
|
| .Ed |
.Ed |
| .Sh FILES |
.Sh FILES |
| .Bl -tag -width Ds -compact |
.Bl -tag -width Ds -compact |
| .It ~/.hushlogin |
.It Pa ~/.hushlogin |
| This file is used to suppress printing the last login time and |
This file is used to suppress printing the last login time and |
| .Pa /etc/motd , |
.Pa /etc/motd , |
| if |
if |
|
|
| It does not suppress printing of the banner specified by |
It does not suppress printing of the banner specified by |
| .Cm Banner . |
.Cm Banner . |
| .Pp |
.Pp |
| .It ~/.rhosts |
.It Pa ~/.rhosts |
| This file is used for host-based authentication (see |
This file is used for host-based authentication (see |
| .Xr ssh 1 |
.Xr ssh 1 |
| for more information). |
for more information). |
|
|
| permission for most machines is read/write for the user, and not |
permission for most machines is read/write for the user, and not |
| accessible by others. |
accessible by others. |
| .Pp |
.Pp |
| .It ~/.shosts |
.It Pa ~/.shosts |
| This file is used in exactly the same way as |
This file is used in exactly the same way as |
| .Pa .rhosts , |
.Pa .rhosts , |
| but allows host-based authentication without permitting login with |
but allows host-based authentication without permitting login with |
| rlogin/rsh. |
rlogin/rsh. |
| .Pp |
.Pp |
| .It ~/.ssh/ |
.It Pa ~/.ssh/ |
| This directory is the default location for all user-specific configuration |
This directory is the default location for all user-specific configuration |
| and authentication information. |
and authentication information. |
| There is no general requirement to keep the entire contents of this directory |
There is no general requirement to keep the entire contents of this directory |
| secret, but the recommended permissions are read/write/execute for the user, |
secret, but the recommended permissions are read/write/execute for the user, |
| and not accessible by others. |
and not accessible by others. |
| .Pp |
.Pp |
| .It ~/.ssh/authorized_keys |
.It Pa ~/.ssh/authorized_keys |
| Lists the public keys (RSA/DSA) that can be used for logging in as this user. |
Lists the public keys (RSA/DSA) that can be used for logging in as this user. |
| The format of this file is described above. |
The format of this file is described above. |
| The content of the file is not highly sensitive, but the recommended |
The content of the file is not highly sensitive, but the recommended |
|
|
| option has been set to |
option has been set to |
| .Dq no . |
.Dq no . |
| .Pp |
.Pp |
| .It ~/.ssh/environment |
.It Pa ~/.ssh/environment |
| This file is read into the environment at login (if it exists). |
This file is read into the environment at login (if it exists). |
| It can only contain empty lines, comment lines (that start with |
It can only contain empty lines, comment lines (that start with |
| .Ql # ) , |
.Ql # ) , |
|
|
| .Cm PermitUserEnvironment |
.Cm PermitUserEnvironment |
| option. |
option. |
| .Pp |
.Pp |
| .It ~/.ssh/known_hosts |
.It Pa ~/.ssh/known_hosts |
| Contains a list of host keys for all hosts the user has logged into |
Contains a list of host keys for all hosts the user has logged into |
| that are not already in the systemwide list of known host keys. |
that are not already in the systemwide list of known host keys. |
| The format of this file is described above. |
The format of this file is described above. |
| This file should be writable only by root/the owner and |
This file should be writable only by root/the owner and |
| can, but need not be, world-readable. |
can, but need not be, world-readable. |
| .Pp |
.Pp |
| .It ~/.ssh/rc |
.It Pa ~/.ssh/rc |
| Contains initialization routines to be run before |
Contains initialization routines to be run before |
| the user's home directory becomes accessible. |
the user's home directory becomes accessible. |
| This file should be writable only by the user, and need not be |
This file should be writable only by the user, and need not be |
| readable by anyone else. |
readable by anyone else. |
| .Pp |
.Pp |
| .It /etc/hosts.allow |
.It Pa /etc/hosts.allow |
| .It /etc/hosts.deny |
.It Pa /etc/hosts.deny |
| Access controls that should be enforced by tcp-wrappers are defined here. |
Access controls that should be enforced by tcp-wrappers are defined here. |
| Further details are described in |
Further details are described in |
| .Xr hosts_access 5 . |
.Xr hosts_access 5 . |
| .Pp |
.Pp |
| .It /etc/hosts.equiv |
.It Pa /etc/hosts.equiv |
| This file is for host-based authentication (see |
This file is for host-based authentication (see |
| .Xr ssh 1 ) . |
.Xr ssh 1 ) . |
| It should only be writable by root. |
It should only be writable by root. |
| .Pp |
.Pp |
| .It /etc/moduli |
.It Pa /etc/moduli |
| Contains Diffie-Hellman groups used for the "Diffie-Hellman Group Exchange". |
Contains Diffie-Hellman groups used for the "Diffie-Hellman Group Exchange". |
| The file format is described in |
The file format is described in |
| .Xr moduli 5 . |
.Xr moduli 5 . |
| .Pp |
.Pp |
| .It /etc/motd |
.It Pa /etc/motd |
| See |
See |
| .Xr motd 5 . |
.Xr motd 5 . |
| .Pp |
.Pp |
| .It /etc/nologin |
.It Pa /etc/nologin |
| If this file exists, |
If this file exists, |
| .Nm |
.Nm |
| refuses to let anyone except root log in. |
refuses to let anyone except root log in. |
|
|
| refused. |
refused. |
| The file should be world-readable. |
The file should be world-readable. |
| .Pp |
.Pp |
| .It /etc/shosts.equiv |
.It Pa /etc/shosts.equiv |
| This file is used in exactly the same way as |
This file is used in exactly the same way as |
| .Pa hosts.equiv , |
.Pa hosts.equiv , |
| but allows host-based authentication without permitting login with |
but allows host-based authentication without permitting login with |
| rlogin/rsh. |
rlogin/rsh. |
| .Pp |
.Pp |
| .It /etc/ssh/ssh_host_key |
.It Pa /etc/ssh/ssh_host_key |
| .It /etc/ssh/ssh_host_dsa_key |
.It Pa /etc/ssh/ssh_host_dsa_key |
| .It /etc/ssh/ssh_host_rsa_key |
.It Pa /etc/ssh/ssh_host_rsa_key |
| These three files contain the private parts of the host keys. |
These three files contain the private parts of the host keys. |
| These files should only be owned by root, readable only by root, and not |
These files should only be owned by root, readable only by root, and not |
| accessible to others. |
accessible to others. |
|
|
| .Nm |
.Nm |
| does not start if these files are group/world-accessible. |
does not start if these files are group/world-accessible. |
| .Pp |
.Pp |
| .It /etc/ssh/ssh_host_key.pub |
.It Pa /etc/ssh/ssh_host_key.pub |
| .It /etc/ssh/ssh_host_dsa_key.pub |
.It Pa /etc/ssh/ssh_host_dsa_key.pub |
| .It /etc/ssh/ssh_host_rsa_key.pub |
.It Pa /etc/ssh/ssh_host_rsa_key.pub |
| These three files contain the public parts of the host keys. |
These three files contain the public parts of the host keys. |
| These files should be world-readable but writable only by |
These files should be world-readable but writable only by |
| root. |
root. |
|
|
| These files are created using |
These files are created using |
| .Xr ssh-keygen 1 . |
.Xr ssh-keygen 1 . |
| .Pp |
.Pp |
| .It /etc/ssh/ssh_known_hosts |
.It Pa /etc/ssh/ssh_known_hosts |
| Systemwide list of known host keys. |
Systemwide list of known host keys. |
| This file should be prepared by the |
This file should be prepared by the |
| system administrator to contain the public host keys of all machines in the |
system administrator to contain the public host keys of all machines in the |
|
|
| This file should be writable only by root/the owner and |
This file should be writable only by root/the owner and |
| should be world-readable. |
should be world-readable. |
| .Pp |
.Pp |
| .It /etc/ssh/sshd_config |
.It Pa /etc/ssh/sshd_config |
| Contains configuration data for |
Contains configuration data for |
| .Nm sshd . |
.Nm sshd . |
| The file format and configuration options are described in |
The file format and configuration options are described in |
| .Xr sshd_config 5 . |
.Xr sshd_config 5 . |
| .Pp |
.Pp |
| .It /etc/ssh/sshrc |
.It Pa /etc/ssh/sshrc |
| Similar to |
Similar to |
| .Pa ~/.ssh/rc , |
.Pa ~/.ssh/rc , |
| it can be used to specify |
it can be used to specify |
| machine-specific login-time initializations globally. |
machine-specific login-time initializations globally. |
| This file should be writable only by root, and should be world-readable. |
This file should be writable only by root, and should be world-readable. |
| .Pp |
.Pp |
| .It /var/empty |
.It Pa /var/empty |
| .Xr chroot 2 |
.Xr chroot 2 |
| directory used by |
directory used by |
| .Nm |
.Nm |
|
|
| The directory should not contain any files and must be owned by root |
The directory should not contain any files and must be owned by root |
| and not group or world-writable. |
and not group or world-writable. |
| .Pp |
.Pp |
| .It /var/run/sshd.pid |
.It Pa /var/run/sshd.pid |
| Contains the process ID of the |
Contains the process ID of the |
| .Nm |
.Nm |
| listening for connections (if there are several daemons running |
listening for connections (if there are several daemons running |
![[BACK]](/icons/back.gif){kind=icon}
Return to sshd.8 CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / src / usr.bin / ssh