version 1.205, 2015/07/03 03:49:45 |
version 1.206, 2015/07/10 06:21:53 |
|
|
.It Cm HostbasedAcceptedKeyTypes |
.It Cm HostbasedAcceptedKeyTypes |
Specifies the key types that will be accepted for hostbased authentication |
Specifies the key types that will be accepted for hostbased authentication |
as a comma-separated pattern list. |
as a comma-separated pattern list. |
The default |
The default for this option is: |
.Dq * |
.Bd -literal -offset 3n |
will allow all key types. |
ecdsa-sha2-nistp256-cert-v01@openssh.com, |
|
ecdsa-sha2-nistp384-cert-v01@openssh.com, |
|
ecdsa-sha2-nistp521-cert-v01@openssh.com, |
|
ssh-ed25519-cert-v01@openssh.com, |
|
ssh-rsa-cert-v01@openssh.com, |
|
ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, |
|
ssh-ed25519,ssh-rsa |
|
.Ed |
|
.Pp |
The |
The |
.Fl Q |
.Fl Q |
option of |
option of |
|
|
and |
and |
.Pa /etc/ssh/ssh_host_rsa_key |
.Pa /etc/ssh/ssh_host_rsa_key |
for protocol version 2. |
for protocol version 2. |
|
.Pp |
Note that |
Note that |
.Xr sshd 8 |
.Xr sshd 8 |
will refuse to use a file if it is group/world-accessible. |
will refuse to use a file if it is group/world-accessible |
|
and that the |
|
.Cm HostKeyAlgorithms |
|
option restricts which of the keys are actually used by |
|
.Xr sshd 8 . |
|
.Pp |
It is possible to have multiple host key files. |
It is possible to have multiple host key files. |
.Dq rsa1 |
.Dq rsa1 |
keys are used for version 1 and |
keys are used for version 1 and |
|
|
is specified, the location of the socket will be read from the |
is specified, the location of the socket will be read from the |
.Ev SSH_AUTH_SOCK |
.Ev SSH_AUTH_SOCK |
environment variable. |
environment variable. |
|
.It Cm HostKeyAlgorithms |
|
Specifies the protocol version 2 host key algorithms |
|
that the server offers. |
|
The default for this option is: |
|
.Bd -literal -offset 3n |
|
ecdsa-sha2-nistp256-cert-v01@openssh.com, |
|
ecdsa-sha2-nistp384-cert-v01@openssh.com, |
|
ecdsa-sha2-nistp521-cert-v01@openssh.com, |
|
ssh-ed25519-cert-v01@openssh.com, |
|
ssh-rsa-cert-v01@openssh.com, |
|
ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, |
|
ssh-ed25519,ssh-rsa |
|
.Ed |
|
.Pp |
|
The list of available key types may also be obtained using the |
|
.Fl Q |
|
option of |
|
.Xr ssh 1 |
|
with an argument of |
|
.Dq key . |
.It Cm IgnoreRhosts |
.It Cm IgnoreRhosts |
Specifies that |
Specifies that |
.Pa .rhosts |
.Pa .rhosts |
|
|
.It Cm PubkeyAcceptedKeyTypes |
.It Cm PubkeyAcceptedKeyTypes |
Specifies the key types that will be accepted for public key authentication |
Specifies the key types that will be accepted for public key authentication |
as a comma-separated pattern list. |
as a comma-separated pattern list. |
The default |
The default for this option is: |
.Dq * |
.Bd -literal -offset 3n |
will allow all key types. |
ecdsa-sha2-nistp256-cert-v01@openssh.com, |
|
ecdsa-sha2-nistp384-cert-v01@openssh.com, |
|
ecdsa-sha2-nistp521-cert-v01@openssh.com, |
|
ssh-ed25519-cert-v01@openssh.com, |
|
ssh-rsa-cert-v01@openssh.com, |
|
ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, |
|
ssh-ed25519,ssh-rsa |
|
.Ed |
|
.Pp |
The |
The |
.Fl Q |
.Fl Q |
option of |
option of |