=================================================================== RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/ssh/sshd.8,v retrieving revision 1.202.2.2 retrieving revision 1.203 diff -u -r1.202.2.2 -r1.203 --- src/usr.bin/ssh/sshd.8 2005/09/02 03:45:01 1.202.2.2 +++ src/usr.bin/ssh/sshd.8 2004/12/06 11:41:03 1.203 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd.8,v 1.202.2.2 2005/09/02 03:45:01 brad Exp $ +.\" $OpenBSD: sshd.8,v 1.203 2004/12/06 11:41:03 dtucker Exp $ .Dd September 25, 1999 .Dt SSHD 8 .Os @@ -80,7 +80,7 @@ works as follows: .Ss SSH protocol version 1 Each host has a host-specific RSA key -(normally 2048 bits) used to identify the host. +(normally 1024 bits) used to identify the host. Additionally, when the daemon starts, it generates a server RSA key (normally 768 bits). This key is normally regenerated every hour if it has been used, and @@ -328,7 +328,7 @@ prints last login time and .Pa /etc/motd (unless prevented in the configuration file or by -.Pa ~/.hushlogin ; +.Pa $HOME/.hushlogin ; see the .Sx FILES section). @@ -345,7 +345,7 @@ Sets up basic environment. .It Reads the file -.Pa ~/.ssh/environment , +.Pa $HOME/.ssh/environment , if it exists, and users are allowed to change their environment. See the .Cm PermitUserEnvironment @@ -355,7 +355,7 @@ Changes to user's home directory. .It If -.Pa ~/.ssh/rc +.Pa $HOME/.ssh/rc exists, runs it; else if .Pa /etc/ssh/sshrc exists, runs @@ -368,7 +368,7 @@ Runs user's shell or command. .El .Sh AUTHORIZED_KEYS FILE FORMAT -.Pa ~/.ssh/authorized_keys +.Pa $HOME/.ssh/authorized_keys is the default file that lists the public keys that are permitted for RSA authentication in protocol version 1 and for public key authentication (PubkeyAuthentication) @@ -506,7 +506,7 @@ The .Pa /etc/ssh/ssh_known_hosts and -.Pa ~/.ssh/known_hosts +.Pa $HOME/.ssh/known_hosts files contain host public keys for all known hosts. The global file should be prepared by the administrator (optional), and the per-user file is @@ -531,14 +531,6 @@ pattern, it is not accepted (by that line) even if it matched another pattern on the line. .Pp -Alternately, hostnames may be stored in a hashed form which hides host names -and addresses should the file's contents be disclosed. -Hashed hostnames start with a -.Ql | -character. -Only one hashed hostname may appear on a single line and none of the above -negation or wildcard operators may be applied. -.Pp Bits, exponent, and modulus are taken directly from the RSA host key; they can be obtained, e.g., from .Pa /etc/ssh/ssh_host_key.pub . @@ -570,11 +562,6 @@ closenet,...,130.233.208.41 1024 37 159...93 closenet.hut.fi cvs.openbsd.org,199.185.137.3 ssh-rsa AAAA1234.....= .Ed -.Bd -literal -# A hashed hostname -|1|JfKTdBh7rNbXkVAQCRp4OQoPfmI=|USECr3SWf1JUPsms5AqfD5QfxkM= ssh-rsa -AAAA1234.....= -.Ed .Sh FILES .Bl -tag -width Ds .It Pa /etc/ssh/sshd_config @@ -617,7 +604,7 @@ concurrently for different ports, this contains the process ID of the one started last). The content of this file is not sensitive; it can be world-readable. -.It Pa ~/.ssh/authorized_keys +.It Pa $HOME/.ssh/authorized_keys Lists the public keys (RSA or DSA) that can be used to log into the user's account. This file must be readable by root (which may on some machines imply it being world-readable if the user's home directory resides on an NFS @@ -631,7 +618,7 @@ .Pa id_rsa.pub files into this file, as described in .Xr ssh-keygen 1 . -.It Pa "/etc/ssh/ssh_known_hosts", "~/.ssh/known_hosts" +.It Pa "/etc/ssh/ssh_known_hosts", "$HOME/.ssh/known_hosts" These files are consulted when using rhosts with RSA host authentication or protocol version 2 hostbased authentication to check the public key of the host. @@ -641,22 +628,8 @@ These files should be writable only by root/the owner. .Pa /etc/ssh/ssh_known_hosts should be world-readable, and -.Pa ~/.ssh/known_hosts +.Pa $HOME/.ssh/known_hosts can, but need not be, world-readable. -.It Pa /etc/motd -See -.Xr motd 5 . -.It Pa ~/.hushlogin -This file is used to suppress printing the last login time and -.Pa /etc/motd , -if -.Cm PrintLastLog -and -.Cm PrintMotd , -respectively, -are enabled. -It does not suppress printing of the banner specified by -.Cm Banner . .It Pa /etc/nologin If this file exists, .Nm @@ -669,7 +642,7 @@ Access controls that should be enforced by tcp-wrappers are defined here. Further details are described in .Xr hosts_access 5 . -.It Pa ~/.rhosts +.It Pa $HOME/.rhosts This file is used during .Cm RhostsRSAAuthentication and @@ -687,7 +660,7 @@ Either host or user name may be of the form +@groupname to specify all hosts or all users in the group. -.It Pa ~/.shosts +.It Pa $HOME/.shosts For ssh, this file is exactly the same as for .Pa .rhosts . @@ -736,7 +709,7 @@ .Pa /etc/hosts.equiv . However, this file may be useful in environments that want to run both rsh/rlogin and ssh. -.It Pa ~/.ssh/environment +.It Pa $HOME/.ssh/environment This file is read into the environment at login (if it exists). It can only contain empty lines, comment lines (that start with .Ql # ) , @@ -747,7 +720,7 @@ controlled via the .Cm PermitUserEnvironment option. -.It Pa ~/.ssh/rc +.It Pa $HOME/.ssh/rc If this file exists, it is run with .Pa /bin/sh after reading the @@ -792,7 +765,7 @@ readable by anyone else. .It Pa /etc/ssh/sshrc Like -.Pa ~/.ssh/rc . +.Pa $HOME/.ssh/rc . This can be used to specify machine-specific login-time initializations globally. This file should be writable only by root, and should be world-readable.