=================================================================== RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/ssh/sshd.8,v retrieving revision 1.225 retrieving revision 1.226 diff -u -r1.225 -r1.226 --- src/usr.bin/ssh/sshd.8 2006/02/16 09:05:34 1.225 +++ src/usr.bin/ssh/sshd.8 2006/02/19 19:52:10 1.226 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd.8,v 1.225 2006/02/16 09:05:34 jmc Exp $ +.\" $OpenBSD: sshd.8,v 1.226 2006/02/19 19:52:10 jmc Exp $ .Dd September 25, 1999 .Dt SSHD 8 .Os @@ -344,9 +344,54 @@ .Dq rc files are given the X11 authentication protocol and cookie in standard input. +See +.Sx SSHRC , +below. .It Runs user's shell or command. .El +.Sh SSHRC +If the file +.Pa ~/.ssh/rc +exists, +.Xr sh 1 +runs it after reading the +environment files but before starting the user's shell or command. +It must not produce any output on stdout; stderr must be used +instead. +If X11 forwarding is in use, it will receive the "proto cookie" pair in +its standard input (and +.Ev DISPLAY +in its environment). +The script must call +.Xr xauth 1 +because +.Nm +will not run xauth automatically to add X11 cookies. +.Pp +The primary purpose of this file is to run any initialization routines +which may be needed before the user's home directory becomes +accessible; AFS is a particular example of such an environment. +.Pp +This file will probably contain some initialization code followed by +something similar to: +.Bd -literal -offset 3n +if read proto cookie && [ -n "$DISPLAY" ]; then + if [ `echo $DISPLAY | cut -c1-10` = 'localhost:' ]; then + # X11UseLocalhost=yes + echo add unix:`echo $DISPLAY | + cut -c11-` $proto $cookie + else + # X11UseLocalhost=no + echo add $DISPLAY $proto $cookie + fi | xauth -q - +fi +.Ed +.Pp +If this file does not exist, +.Pa /etc/ssh/sshrc +is run, and if that +does not exist either, xauth is used to add the cookie. .Sh AUTHORIZED_KEYS FILE FORMAT .Cm AuthorizedKeysFile specifies the file containing public keys for @@ -625,46 +670,8 @@ can, but need not be, world-readable. .Pp .It ~/.ssh/rc -If this file exists, it is run with -.Pa /bin/sh -after reading the -environment files but before starting the user's shell or command. -It must not produce any output on stdout; stderr must be used -instead. -If X11 forwarding is in use, it will receive the "proto cookie" pair in -its standard input (and -.Ev DISPLAY -in its environment). -The script must call -.Xr xauth 1 -because -.Nm -will not run xauth automatically to add X11 cookies. -.Pp -The primary purpose of this file is to run any initialization routines -which may be needed before the user's home directory becomes -accessible; AFS is a particular example of such an environment. -.Pp -This file will probably contain some initialization code followed by -something similar to: -.Bd -literal -if read proto cookie && [ -n "$DISPLAY" ]; then - if [ `echo $DISPLAY | cut -c1-10` = 'localhost:' ]; then - # X11UseLocalhost=yes - echo add unix:`echo $DISPLAY | - cut -c11-` $proto $cookie - else - # X11UseLocalhost=no - echo add $DISPLAY $proto $cookie - fi | xauth -q - -fi -.Ed -.Pp -If this file does not exist, -.Pa /etc/ssh/sshrc -is run, and if that -does not exist either, xauth is used to add the cookie. -.Pp +Contains initialization routines to be run before +the user's home directory becomes accessible. This file should be writable only by the user, and need not be readable by anyone else. .Pp @@ -776,9 +783,9 @@ .Xr sshd_config 5 . .Pp .It /etc/ssh/sshrc -Like -.Pa ~/.ssh/rc . -This can be used to specify +Similar to +.Pa ~/.ssh/rc , +it can be used to specify machine-specific login-time initializations globally. This file should be writable only by root, and should be world-readable. .Pp