| version 1.50, 2000/05/08 17:12:16 |
version 1.51, 2000/05/08 17:42:31 |
|
|
| The client selects the encryption algorithm |
The client selects the encryption algorithm |
| to use from those offered by the server. |
to use from those offered by the server. |
| Additionally, session integrity is provided |
Additionally, session integrity is provided |
| through a crytographic message authentication code |
through a cryptographic message authentication code |
| (hmac-sha1 or hmac-md5). |
(hmac-sha1 or hmac-md5). |
| .Pp |
.Pp |
| Protocol version 2 provides a public key based |
Protocol version 2 provides a public key based |
|
|
| used by SSH protocol 2.0. |
used by SSH protocol 2.0. |
| Note that |
Note that |
| .Nm |
.Nm |
| disables protcol 2.0 if this file is group/world-accessible. |
disables protocol 2.0 if this file is group/world-accessible. |
| .It Cm HostKey |
.It Cm HostKey |
| Specifies the file containing the private RSA host key (default |
Specifies the file containing the private RSA host key (default |
| .Pa /etc/ssh_host_key ) |
.Pa /etc/ssh_host_key ) |
| used by SSH protocols 1.3 and 1.5. |
used by SSH protocols 1.3 and 1.5. |
| Note that |
Note that |
| .Nm |
.Nm |
| disables protcols 1.3 and 1.5 if this file is group/world-accessible. |
disables protocols 1.3 and 1.5 if this file is group/world-accessible. |
| .It Cm IgnoreRhosts |
.It Cm IgnoreRhosts |
| Specifies that |
Specifies that |
| .Pa .rhosts |
.Pa .rhosts |
|
|
| However, this means that |
However, this means that |
| connections will die if the route is down temporarily, and some people |
connections will die if the route is down temporarily, and some people |
| find it annoying. |
find it annoying. |
| On the other hand, if keepalives are not send, |
On the other hand, if keepalives are not sent, |
| sessions may hang indefinitely on the server, leaving |
sessions may hang indefinitely on the server, leaving |
| .Dq ghost |
.Dq ghost |
| users and consuming server resources. |
users and consuming server resources. |
|
|
| .Pa $HOME/.ssh/authorized_keys |
.Pa $HOME/.ssh/authorized_keys |
| file lists the RSA keys that are |
file lists the RSA keys that are |
| permitted for RSA authentication in SSH protocols 1.3 and 1.5 |
permitted for RSA authentication in SSH protocols 1.3 and 1.5 |
| Similarily, the |
Similarly, the |
| .Pa $HOME/.ssh/authorized_keys2 |
.Pa $HOME/.ssh/authorized_keys2 |
| file lists the DSA keys that are |
file lists the DSA keys that are |
| permitted for DSA authentication in SSH protocol 2.0. |
permitted for DSA authentication in SSH protocol 2.0. |
|
|
| This option might be useful |
This option might be useful |
| to restrict certain RSA keys to perform just a specific operation. |
to restrict certain RSA keys to perform just a specific operation. |
| An example might be a key that permits remote backups but nothing else. |
An example might be a key that permits remote backups but nothing else. |
| Notice that the client may specify TCP/IP and/or X11 |
Note that the client may specify TCP/IP and/or X11 |
| forwardings unless they are explicitly prohibited. |
forwarding unless they are explicitly prohibited. |
| .It Cm environment="NAME=value" |
.It Cm environment="NAME=value" |
| Specifies that the string is to be added to the environment when |
Specifies that the string is to be added to the environment when |
| logging in using this key. |
logging in using this key. |
![[BACK]](/icons/back.gif){kind=icon}
Return to sshd.8 CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / src / usr.bin / ssh