version 1.258, 2010/08/08 19:36:30 |
version 1.259, 2010/08/31 11:54:45 |
|
|
The default is |
The default is |
.Pa /etc/ssh/ssh_host_key |
.Pa /etc/ssh/ssh_host_key |
for protocol version 1, and |
for protocol version 1, and |
.Pa /etc/ssh/ssh_host_rsa_key |
.Pa /etc/ssh/ssh_host_dsa_key , |
|
.Pa /etc/ssh/ssh_host_ecdsa_key |
and |
and |
.Pa /etc/ssh/ssh_host_dsa_key |
.Pa /etc/ssh/ssh_host_rsa_key |
for protocol version 2. |
for protocol version 2. |
It is possible to have multiple host key files for |
It is possible to have multiple host key files for |
the different protocol versions and host key algorithms. |
the different protocol versions and host key algorithms. |
|
|
.Cm Protocol |
.Cm Protocol |
option in |
option in |
.Xr sshd_config 5 . |
.Xr sshd_config 5 . |
Protocol 2 supports both RSA and DSA keys; |
Protocol 2 supports DSA, ECDSA and RSA keys; |
protocol 1 only supports RSA keys. |
protocol 1 only supports RSA keys. |
For both protocols, |
For both protocols, |
each host has a host-specific key, |
each host has a host-specific key, |
|
|
comment field is not used for anything (but may be convenient for the |
comment field is not used for anything (but may be convenient for the |
user to identify the key). |
user to identify the key). |
For protocol version 2 the keytype is |
For protocol version 2 the keytype is |
|
.Dq ecdsa-sha2-nistp256 , |
|
.Dq ecdsa-sha2-nistp384 , |
|
.Dq ecdsa-sha2-nistp521 , |
.Dq ssh-dss |
.Dq ssh-dss |
or |
or |
.Dq ssh-rsa . |
.Dq ssh-rsa . |
|
|
You don't want to type them in; instead, copy the |
You don't want to type them in; instead, copy the |
.Pa identity.pub , |
.Pa identity.pub , |
.Pa id_dsa.pub , |
.Pa id_dsa.pub , |
|
.Pa id_ecdsa.pub , |
or the |
or the |
.Pa id_rsa.pub |
.Pa id_rsa.pub |
file and edit it. |
file and edit it. |
|
|
and not accessible by others. |
and not accessible by others. |
.Pp |
.Pp |
.It Pa ~/.ssh/authorized_keys |
.It Pa ~/.ssh/authorized_keys |
Lists the public keys (RSA/DSA) that can be used for logging in as this user. |
Lists the public keys (DSA/ECDSA/RSA) that can be used for logging in |
|
as this user. |
The format of this file is described above. |
The format of this file is described above. |
The content of the file is not highly sensitive, but the recommended |
The content of the file is not highly sensitive, but the recommended |
permissions are read/write for the user, and not accessible by others. |
permissions are read/write for the user, and not accessible by others. |
|
|
.Pp |
.Pp |
.It Pa /etc/ssh/ssh_host_key |
.It Pa /etc/ssh/ssh_host_key |
.It Pa /etc/ssh/ssh_host_dsa_key |
.It Pa /etc/ssh/ssh_host_dsa_key |
|
.It Pa /etc/ssh/ssh_host_ecdsa_key |
.It Pa /etc/ssh/ssh_host_rsa_key |
.It Pa /etc/ssh/ssh_host_rsa_key |
These three files contain the private parts of the host keys. |
These three files contain the private parts of the host keys. |
These files should only be owned by root, readable only by root, and not |
These files should only be owned by root, readable only by root, and not |
|
|
.Pp |
.Pp |
.It Pa /etc/ssh/ssh_host_key.pub |
.It Pa /etc/ssh/ssh_host_key.pub |
.It Pa /etc/ssh/ssh_host_dsa_key.pub |
.It Pa /etc/ssh/ssh_host_dsa_key.pub |
|
.It Pa /etc/ssh/ssh_host_ecdsa_key.pub |
.It Pa /etc/ssh/ssh_host_rsa_key.pub |
.It Pa /etc/ssh/ssh_host_rsa_key.pub |
These three files contain the public parts of the host keys. |
These three files contain the public parts of the host keys. |
These files should be world-readable but writable only by |
These files should be world-readable but writable only by |