diff options
author | Damien Miller <djm@mindrot.org> | 2005-05-26 12:04:02 +1000 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2005-05-26 12:04:02 +1000 |
commit | 167ea5d0268243991ad3c55cb20fa2b53f577b37 (patch) | |
tree | 8b73e38d56fa0ff77c11e745adf28acb22d1a52e | |
parent | a31c929f3601561d6d147a2940d7a81a2a40e377 (diff) |
- djm@cvs.openbsd.org 2005/04/21 06:17:50
[ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh.1 ssh_config.5 sshd.8]
[sshd_config.5] OpenSSH doesn't ever look at the $HOME environment
variable, so don't say that we do (bz #623); ok deraadt@
-rw-r--r-- | ChangeLog | 6 | ||||
-rw-r--r-- | ssh-add.1 | 14 | ||||
-rw-r--r-- | ssh-agent.1 | 14 | ||||
-rw-r--r-- | ssh-keygen.1 | 26 | ||||
-rw-r--r-- | ssh.1 | 70 | ||||
-rw-r--r-- | ssh_config.5 | 20 | ||||
-rw-r--r-- | sshd.8 | 30 | ||||
-rw-r--r-- | sshd_config.5 | 4 |
8 files changed, 94 insertions, 90 deletions
@@ -23,6 +23,10 @@ | |||
23 | - jakob@cvs.openbsd.org 2005/04/20 10:05:45 | 23 | - jakob@cvs.openbsd.org 2005/04/20 10:05:45 |
24 | [dns.c] | 24 | [dns.c] |
25 | do not try to look up SSHFP for numerical hostname. ok djm@ | 25 | do not try to look up SSHFP for numerical hostname. ok djm@ |
26 | - djm@cvs.openbsd.org 2005/04/21 06:17:50 | ||
27 | [ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh.1 ssh_config.5 sshd.8] | ||
28 | [sshd_config.5] OpenSSH doesn't ever look at the $HOME environment | ||
29 | variable, so don't say that we do (bz #623); ok deraadt@ | ||
26 | 30 | ||
27 | 20050524 | 31 | 20050524 |
28 | - (djm) [contrib/caldera/openssh.spec contrib/redhat/openssh.spec] | 32 | - (djm) [contrib/caldera/openssh.spec contrib/redhat/openssh.spec] |
@@ -2522,4 +2526,4 @@ | |||
2522 | - (djm) Trim deprecated options from INSTALL. Mention UsePAM | 2526 | - (djm) Trim deprecated options from INSTALL. Mention UsePAM |
2523 | - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu | 2527 | - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu |
2524 | 2528 | ||
2525 | $Id: ChangeLog,v 1.3767 2005/05/26 02:03:31 djm Exp $ | 2529 | $Id: ChangeLog,v 1.3768 2005/05/26 02:04:02 djm Exp $ |
@@ -1,4 +1,4 @@ | |||
1 | .\" $OpenBSD: ssh-add.1,v 1.42 2005/03/01 17:32:19 jmc Exp $ | 1 | .\" $OpenBSD: ssh-add.1,v 1.43 2005/04/21 06:17:50 djm Exp $ |
2 | .\" | 2 | .\" |
3 | .\" -*- nroff -*- | 3 | .\" -*- nroff -*- |
4 | .\" | 4 | .\" |
@@ -57,10 +57,10 @@ | |||
57 | adds RSA or DSA identities to the authentication agent, | 57 | adds RSA or DSA identities to the authentication agent, |
58 | .Xr ssh-agent 1 . | 58 | .Xr ssh-agent 1 . |
59 | When run without arguments, it adds the files | 59 | When run without arguments, it adds the files |
60 | .Pa $HOME/.ssh/id_rsa , | 60 | .Pa ~/.ssh/id_rsa , |
61 | .Pa $HOME/.ssh/id_dsa | 61 | .Pa ~/.ssh/id_dsa |
62 | and | 62 | and |
63 | .Pa $HOME/.ssh/identity . | 63 | .Pa ~/.ssh/identity . |
64 | Alternative file names can be given on the command line. | 64 | Alternative file names can be given on the command line. |
65 | If any file requires a passphrase, | 65 | If any file requires a passphrase, |
66 | .Nm | 66 | .Nm |
@@ -142,11 +142,11 @@ agent. | |||
142 | .El | 142 | .El |
143 | .Sh FILES | 143 | .Sh FILES |
144 | .Bl -tag -width Ds | 144 | .Bl -tag -width Ds |
145 | .It Pa $HOME/.ssh/identity | 145 | .It Pa ~/.ssh/identity |
146 | Contains the protocol version 1 RSA authentication identity of the user. | 146 | Contains the protocol version 1 RSA authentication identity of the user. |
147 | .It Pa $HOME/.ssh/id_dsa | 147 | .It Pa ~/.ssh/id_dsa |
148 | Contains the protocol version 2 DSA authentication identity of the user. | 148 | Contains the protocol version 2 DSA authentication identity of the user. |
149 | .It Pa $HOME/.ssh/id_rsa | 149 | .It Pa ~/.ssh/id_rsa |
150 | Contains the protocol version 2 RSA authentication identity of the user. | 150 | Contains the protocol version 2 RSA authentication identity of the user. |
151 | .El | 151 | .El |
152 | .Pp | 152 | .Pp |
diff --git a/ssh-agent.1 b/ssh-agent.1 index 226804e5f..741cf4bd1 100644 --- a/ssh-agent.1 +++ b/ssh-agent.1 | |||
@@ -1,4 +1,4 @@ | |||
1 | .\" $OpenBSD: ssh-agent.1,v 1.41 2004/07/11 17:48:47 deraadt Exp $ | 1 | .\" $OpenBSD: ssh-agent.1,v 1.42 2005/04/21 06:17:50 djm Exp $ |
2 | .\" | 2 | .\" |
3 | .\" Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | .\" Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | .\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | .\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -111,10 +111,10 @@ Keys are added using | |||
111 | When executed without arguments, | 111 | When executed without arguments, |
112 | .Xr ssh-add 1 | 112 | .Xr ssh-add 1 |
113 | adds the files | 113 | adds the files |
114 | .Pa $HOME/.ssh/id_rsa , | 114 | .Pa ~/.ssh/id_rsa , |
115 | .Pa $HOME/.ssh/id_dsa | 115 | .Pa ~/.ssh/id_dsa |
116 | and | 116 | and |
117 | .Pa $HOME/.ssh/identity . | 117 | .Pa ~/.ssh/identity . |
118 | If the identity has a passphrase, | 118 | If the identity has a passphrase, |
119 | .Xr ssh-add 1 | 119 | .Xr ssh-add 1 |
120 | asks for the passphrase (using a small X11 application if running | 120 | asks for the passphrase (using a small X11 application if running |
@@ -179,11 +179,11 @@ The agent exits automatically when the command given on the command | |||
179 | line terminates. | 179 | line terminates. |
180 | .Sh FILES | 180 | .Sh FILES |
181 | .Bl -tag -width Ds | 181 | .Bl -tag -width Ds |
182 | .It Pa $HOME/.ssh/identity | 182 | .It Pa ~/.ssh/identity |
183 | Contains the protocol version 1 RSA authentication identity of the user. | 183 | Contains the protocol version 1 RSA authentication identity of the user. |
184 | .It Pa $HOME/.ssh/id_dsa | 184 | .It Pa ~/.ssh/id_dsa |
185 | Contains the protocol version 2 DSA authentication identity of the user. | 185 | Contains the protocol version 2 DSA authentication identity of the user. |
186 | .It Pa $HOME/.ssh/id_rsa | 186 | .It Pa ~/.ssh/id_rsa |
187 | Contains the protocol version 2 RSA authentication identity of the user. | 187 | Contains the protocol version 2 RSA authentication identity of the user. |
188 | .It Pa /tmp/ssh-XXXXXXXX/agent.<ppid> | 188 | .It Pa /tmp/ssh-XXXXXXXX/agent.<ppid> |
189 | Unix-domain sockets used to contain the connection to the | 189 | Unix-domain sockets used to contain the connection to the |
diff --git a/ssh-keygen.1 b/ssh-keygen.1 index c14eed14e..ac0b72764 100644 --- a/ssh-keygen.1 +++ b/ssh-keygen.1 | |||
@@ -1,4 +1,4 @@ | |||
1 | .\" $OpenBSD: ssh-keygen.1,v 1.67 2005/03/14 10:09:03 dtucker Exp $ | 1 | .\" $OpenBSD: ssh-keygen.1,v 1.68 2005/04/21 06:17:50 djm Exp $ |
2 | .\" | 2 | .\" |
3 | .\" -*- nroff -*- | 3 | .\" -*- nroff -*- |
4 | .\" | 4 | .\" |
@@ -129,10 +129,10 @@ section for details. | |||
129 | Normally each user wishing to use SSH | 129 | Normally each user wishing to use SSH |
130 | with RSA or DSA authentication runs this once to create the authentication | 130 | with RSA or DSA authentication runs this once to create the authentication |
131 | key in | 131 | key in |
132 | .Pa $HOME/.ssh/identity , | 132 | .Pa ~/.ssh/identity , |
133 | .Pa $HOME/.ssh/id_dsa | 133 | .Pa ~/.ssh/id_dsa |
134 | or | 134 | or |
135 | .Pa $HOME/.ssh/id_rsa . | 135 | .Pa ~/.ssh/id_rsa . |
136 | Additionally, the system administrator may use this to generate host keys, | 136 | Additionally, the system administrator may use this to generate host keys, |
137 | as seen in | 137 | as seen in |
138 | .Pa /etc/rc . | 138 | .Pa /etc/rc . |
@@ -381,7 +381,7 @@ It is important that this file contains moduli of a range of bit lengths and | |||
381 | that both ends of a connection share common moduli. | 381 | that both ends of a connection share common moduli. |
382 | .Sh FILES | 382 | .Sh FILES |
383 | .Bl -tag -width Ds | 383 | .Bl -tag -width Ds |
384 | .It Pa $HOME/.ssh/identity | 384 | .It Pa ~/.ssh/identity |
385 | Contains the protocol version 1 RSA authentication identity of the user. | 385 | Contains the protocol version 1 RSA authentication identity of the user. |
386 | This file should not be readable by anyone but the user. | 386 | This file should not be readable by anyone but the user. |
387 | It is possible to | 387 | It is possible to |
@@ -392,14 +392,14 @@ This file is not automatically accessed by | |||
392 | but it is offered as the default file for the private key. | 392 | but it is offered as the default file for the private key. |
393 | .Xr ssh 1 | 393 | .Xr ssh 1 |
394 | will read this file when a login attempt is made. | 394 | will read this file when a login attempt is made. |
395 | .It Pa $HOME/.ssh/identity.pub | 395 | .It Pa ~/.ssh/identity.pub |
396 | Contains the protocol version 1 RSA public key for authentication. | 396 | Contains the protocol version 1 RSA public key for authentication. |
397 | The contents of this file should be added to | 397 | The contents of this file should be added to |
398 | .Pa $HOME/.ssh/authorized_keys | 398 | .Pa ~/.ssh/authorized_keys |
399 | on all machines | 399 | on all machines |
400 | where the user wishes to log in using RSA authentication. | 400 | where the user wishes to log in using RSA authentication. |
401 | There is no need to keep the contents of this file secret. | 401 | There is no need to keep the contents of this file secret. |
402 | .It Pa $HOME/.ssh/id_dsa | 402 | .It Pa ~/.ssh/id_dsa |
403 | Contains the protocol version 2 DSA authentication identity of the user. | 403 | Contains the protocol version 2 DSA authentication identity of the user. |
404 | This file should not be readable by anyone but the user. | 404 | This file should not be readable by anyone but the user. |
405 | It is possible to | 405 | It is possible to |
@@ -410,14 +410,14 @@ This file is not automatically accessed by | |||
410 | but it is offered as the default file for the private key. | 410 | but it is offered as the default file for the private key. |
411 | .Xr ssh 1 | 411 | .Xr ssh 1 |
412 | will read this file when a login attempt is made. | 412 | will read this file when a login attempt is made. |
413 | .It Pa $HOME/.ssh/id_dsa.pub | 413 | .It Pa ~/.ssh/id_dsa.pub |
414 | Contains the protocol version 2 DSA public key for authentication. | 414 | Contains the protocol version 2 DSA public key for authentication. |
415 | The contents of this file should be added to | 415 | The contents of this file should be added to |
416 | .Pa $HOME/.ssh/authorized_keys | 416 | .Pa ~/.ssh/authorized_keys |
417 | on all machines | 417 | on all machines |
418 | where the user wishes to log in using public key authentication. | 418 | where the user wishes to log in using public key authentication. |
419 | There is no need to keep the contents of this file secret. | 419 | There is no need to keep the contents of this file secret. |
420 | .It Pa $HOME/.ssh/id_rsa | 420 | .It Pa ~/.ssh/id_rsa |
421 | Contains the protocol version 2 RSA authentication identity of the user. | 421 | Contains the protocol version 2 RSA authentication identity of the user. |
422 | This file should not be readable by anyone but the user. | 422 | This file should not be readable by anyone but the user. |
423 | It is possible to | 423 | It is possible to |
@@ -428,10 +428,10 @@ This file is not automatically accessed by | |||
428 | but it is offered as the default file for the private key. | 428 | but it is offered as the default file for the private key. |
429 | .Xr ssh 1 | 429 | .Xr ssh 1 |
430 | will read this file when a login attempt is made. | 430 | will read this file when a login attempt is made. |
431 | .It Pa $HOME/.ssh/id_rsa.pub | 431 | .It Pa ~/.ssh/id_rsa.pub |
432 | Contains the protocol version 2 RSA public key for authentication. | 432 | Contains the protocol version 2 RSA public key for authentication. |
433 | The contents of this file should be added to | 433 | The contents of this file should be added to |
434 | .Pa $HOME/.ssh/authorized_keys | 434 | .Pa ~/.ssh/authorized_keys |
435 | on all machines | 435 | on all machines |
436 | where the user wishes to log in using public key authentication. | 436 | where the user wishes to log in using public key authentication. |
437 | There is no need to keep the contents of this file secret. | 437 | There is no need to keep the contents of this file secret. |
@@ -34,7 +34,7 @@ | |||
34 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 34 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
35 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 35 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
36 | .\" | 36 | .\" |
37 | .\" $OpenBSD: ssh.1,v 1.206 2005/04/14 12:30:30 jmc Exp $ | 37 | .\" $OpenBSD: ssh.1,v 1.207 2005/04/21 06:17:50 djm Exp $ |
38 | .Dd September 25, 1999 | 38 | .Dd September 25, 1999 |
39 | .Dt SSH 1 | 39 | .Dt SSH 1 |
40 | .Os | 40 | .Os |
@@ -109,9 +109,9 @@ or | |||
109 | .Pa /etc/shosts.equiv | 109 | .Pa /etc/shosts.equiv |
110 | on the remote machine, and the user names are | 110 | on the remote machine, and the user names are |
111 | the same on both sides, or if the files | 111 | the same on both sides, or if the files |
112 | .Pa $HOME/.rhosts | 112 | .Pa ~/.rhosts |
113 | or | 113 | or |
114 | .Pa $HOME/.shosts | 114 | .Pa ~/.shosts |
115 | exist in the user's home directory on the | 115 | exist in the user's home directory on the |
116 | remote machine and contain a line containing the name of the client | 116 | remote machine and contain a line containing the name of the client |
117 | machine and the name of the user on that machine, the user is | 117 | machine and the name of the user on that machine, the user is |
@@ -120,7 +120,7 @@ Additionally, if the server can verify the client's | |||
120 | host key (see | 120 | host key (see |
121 | .Pa /etc/ssh/ssh_known_hosts | 121 | .Pa /etc/ssh/ssh_known_hosts |
122 | and | 122 | and |
123 | .Pa $HOME/.ssh/known_hosts | 123 | .Pa ~/.ssh/known_hosts |
124 | in the | 124 | in the |
125 | .Sx FILES | 125 | .Sx FILES |
126 | section), only then is login permitted. | 126 | section), only then is login permitted. |
@@ -128,7 +128,7 @@ This authentication method closes security holes due to IP | |||
128 | spoofing, DNS spoofing and routing spoofing. | 128 | spoofing, DNS spoofing and routing spoofing. |
129 | [Note to the administrator: | 129 | [Note to the administrator: |
130 | .Pa /etc/hosts.equiv , | 130 | .Pa /etc/hosts.equiv , |
131 | .Pa $HOME/.rhosts , | 131 | .Pa ~/.rhosts , |
132 | and the rlogin/rsh protocol in general, are inherently insecure and should be | 132 | and the rlogin/rsh protocol in general, are inherently insecure and should be |
133 | disabled if security is desired.] | 133 | disabled if security is desired.] |
134 | .Pp | 134 | .Pp |
@@ -144,7 +144,7 @@ key pair for authentication purposes. | |||
144 | The server knows the public key, and only the user knows the private key. | 144 | The server knows the public key, and only the user knows the private key. |
145 | .Pp | 145 | .Pp |
146 | The file | 146 | The file |
147 | .Pa $HOME/.ssh/authorized_keys | 147 | .Pa ~/.ssh/authorized_keys |
148 | lists the public keys that are permitted for logging in. | 148 | lists the public keys that are permitted for logging in. |
149 | When the user logs in, the | 149 | When the user logs in, the |
150 | .Nm | 150 | .Nm |
@@ -165,18 +165,18 @@ implements the RSA authentication protocol automatically. | |||
165 | The user creates his/her RSA key pair by running | 165 | The user creates his/her RSA key pair by running |
166 | .Xr ssh-keygen 1 . | 166 | .Xr ssh-keygen 1 . |
167 | This stores the private key in | 167 | This stores the private key in |
168 | .Pa $HOME/.ssh/identity | 168 | .Pa ~/.ssh/identity |
169 | and stores the public key in | 169 | and stores the public key in |
170 | .Pa $HOME/.ssh/identity.pub | 170 | .Pa ~/.ssh/identity.pub |
171 | in the user's home directory. | 171 | in the user's home directory. |
172 | The user should then copy the | 172 | The user should then copy the |
173 | .Pa identity.pub | 173 | .Pa identity.pub |
174 | to | 174 | to |
175 | .Pa $HOME/.ssh/authorized_keys | 175 | .Pa ~/.ssh/authorized_keys |
176 | in his/her home directory on the remote machine (the | 176 | in his/her home directory on the remote machine (the |
177 | .Pa authorized_keys | 177 | .Pa authorized_keys |
178 | file corresponds to the conventional | 178 | file corresponds to the conventional |
179 | .Pa $HOME/.rhosts | 179 | .Pa ~/.rhosts |
180 | file, and has one key | 180 | file, and has one key |
181 | per line, though the lines can be very long). | 181 | per line, though the lines can be very long). |
182 | After this, the user can log in without giving the password. | 182 | After this, the user can log in without giving the password. |
@@ -206,12 +206,12 @@ password authentication are tried. | |||
206 | The public key method is similar to RSA authentication described | 206 | The public key method is similar to RSA authentication described |
207 | in the previous section and allows the RSA or DSA algorithm to be used: | 207 | in the previous section and allows the RSA or DSA algorithm to be used: |
208 | The client uses his private key, | 208 | The client uses his private key, |
209 | .Pa $HOME/.ssh/id_dsa | 209 | .Pa ~/.ssh/id_dsa |
210 | or | 210 | or |
211 | .Pa $HOME/.ssh/id_rsa , | 211 | .Pa ~/.ssh/id_rsa , |
212 | to sign the session identifier and sends the result to the server. | 212 | to sign the session identifier and sends the result to the server. |
213 | The server checks whether the matching public key is listed in | 213 | The server checks whether the matching public key is listed in |
214 | .Pa $HOME/.ssh/authorized_keys | 214 | .Pa ~/.ssh/authorized_keys |
215 | and grants access if both the key is found and the signature is correct. | 215 | and grants access if both the key is found and the signature is correct. |
216 | The session identifier is derived from a shared Diffie-Hellman value | 216 | The session identifier is derived from a shared Diffie-Hellman value |
217 | and is only known to the client and the server. | 217 | and is only known to the client and the server. |
@@ -365,7 +365,7 @@ electronic purse; another is going through firewalls. | |||
365 | automatically maintains and checks a database containing | 365 | automatically maintains and checks a database containing |
366 | identifications for all hosts it has ever been used with. | 366 | identifications for all hosts it has ever been used with. |
367 | Host keys are stored in | 367 | Host keys are stored in |
368 | .Pa $HOME/.ssh/known_hosts | 368 | .Pa ~/.ssh/known_hosts |
369 | in the user's home directory. | 369 | in the user's home directory. |
370 | Additionally, the file | 370 | Additionally, the file |
371 | .Pa /etc/ssh/ssh_known_hosts | 371 | .Pa /etc/ssh/ssh_known_hosts |
@@ -522,7 +522,7 @@ the system-wide configuration file | |||
522 | .Pq Pa /etc/ssh/ssh_config | 522 | .Pq Pa /etc/ssh/ssh_config |
523 | will be ignored. | 523 | will be ignored. |
524 | The default for the per-user configuration file is | 524 | The default for the per-user configuration file is |
525 | .Pa $HOME/.ssh/config . | 525 | .Pa ~/.ssh/config . |
526 | .It Fl f | 526 | .It Fl f |
527 | Requests | 527 | Requests |
528 | .Nm | 528 | .Nm |
@@ -548,11 +548,11 @@ private RSA key. | |||
548 | Selects a file from which the identity (private key) for | 548 | Selects a file from which the identity (private key) for |
549 | RSA or DSA authentication is read. | 549 | RSA or DSA authentication is read. |
550 | The default is | 550 | The default is |
551 | .Pa $HOME/.ssh/identity | 551 | .Pa ~/.ssh/identity |
552 | for protocol version 1, and | 552 | for protocol version 1, and |
553 | .Pa $HOME/.ssh/id_rsa | 553 | .Pa ~/.ssh/id_rsa |
554 | and | 554 | and |
555 | .Pa $HOME/.ssh/id_dsa | 555 | .Pa ~/.ssh/id_dsa |
556 | for protocol version 2. | 556 | for protocol version 2. |
557 | Identity files may also be specified on | 557 | Identity files may also be specified on |
558 | a per-host basis in the configuration file. | 558 | a per-host basis in the configuration file. |
@@ -941,7 +941,7 @@ Set to the name of the user logging in. | |||
941 | Additionally, | 941 | Additionally, |
942 | .Nm | 942 | .Nm |
943 | reads | 943 | reads |
944 | .Pa $HOME/.ssh/environment , | 944 | .Pa ~/.ssh/environment , |
945 | and adds lines of the format | 945 | and adds lines of the format |
946 | .Dq VARNAME=value | 946 | .Dq VARNAME=value |
947 | to the environment if the file exists and if users are allowed to | 947 | to the environment if the file exists and if users are allowed to |
@@ -952,13 +952,13 @@ option in | |||
952 | .Xr sshd_config 5 . | 952 | .Xr sshd_config 5 . |
953 | .Sh FILES | 953 | .Sh FILES |
954 | .Bl -tag -width Ds | 954 | .Bl -tag -width Ds |
955 | .It Pa $HOME/.ssh/known_hosts | 955 | .It Pa ~/.ssh/known_hosts |
956 | Records host keys for all hosts the user has logged into that are not | 956 | Records host keys for all hosts the user has logged into that are not |
957 | in | 957 | in |
958 | .Pa /etc/ssh/ssh_known_hosts . | 958 | .Pa /etc/ssh/ssh_known_hosts . |
959 | See | 959 | See |
960 | .Xr sshd 8 . | 960 | .Xr sshd 8 . |
961 | .It Pa $HOME/.ssh/identity, $HOME/.ssh/id_dsa, $HOME/.ssh/id_rsa | 961 | .It Pa ~/.ssh/identity, ~/.ssh/id_dsa, ~/.ssh/id_rsa |
962 | Contains the authentication identity of the user. | 962 | Contains the authentication identity of the user. |
963 | They are for protocol 1 RSA, protocol 2 DSA, and protocol 2 RSA, respectively. | 963 | They are for protocol 1 RSA, protocol 2 DSA, and protocol 2 RSA, respectively. |
964 | These files | 964 | These files |
@@ -970,21 +970,21 @@ ignores a private key file if it is accessible by others. | |||
970 | It is possible to specify a passphrase when | 970 | It is possible to specify a passphrase when |
971 | generating the key; the passphrase will be used to encrypt the | 971 | generating the key; the passphrase will be used to encrypt the |
972 | sensitive part of this file using 3DES. | 972 | sensitive part of this file using 3DES. |
973 | .It Pa $HOME/.ssh/identity.pub, $HOME/.ssh/id_dsa.pub, $HOME/.ssh/id_rsa.pub | 973 | .It Pa ~/.ssh/identity.pub, ~/.ssh/id_dsa.pub, ~/.ssh/id_rsa.pub |
974 | Contains the public key for authentication (public part of the | 974 | Contains the public key for authentication (public part of the |
975 | identity file in human-readable form). | 975 | identity file in human-readable form). |
976 | The contents of the | 976 | The contents of the |
977 | .Pa $HOME/.ssh/identity.pub | 977 | .Pa ~/.ssh/identity.pub |
978 | file should be added to the file | 978 | file should be added to the file |
979 | .Pa $HOME/.ssh/authorized_keys | 979 | .Pa ~/.ssh/authorized_keys |
980 | on all machines | 980 | on all machines |
981 | where the user wishes to log in using protocol version 1 RSA authentication. | 981 | where the user wishes to log in using protocol version 1 RSA authentication. |
982 | The contents of the | 982 | The contents of the |
983 | .Pa $HOME/.ssh/id_dsa.pub | 983 | .Pa ~/.ssh/id_dsa.pub |
984 | and | 984 | and |
985 | .Pa $HOME/.ssh/id_rsa.pub | 985 | .Pa ~/.ssh/id_rsa.pub |
986 | file should be added to | 986 | file should be added to |
987 | .Pa $HOME/.ssh/authorized_keys | 987 | .Pa ~/.ssh/authorized_keys |
988 | on all machines | 988 | on all machines |
989 | where the user wishes to log in using protocol version 2 DSA/RSA authentication. | 989 | where the user wishes to log in using protocol version 2 DSA/RSA authentication. |
990 | These files are not | 990 | These files are not |
@@ -992,13 +992,13 @@ sensitive and can (but need not) be readable by anyone. | |||
992 | These files are | 992 | These files are |
993 | never used automatically and are not necessary; they are only provided for | 993 | never used automatically and are not necessary; they are only provided for |
994 | the convenience of the user. | 994 | the convenience of the user. |
995 | .It Pa $HOME/.ssh/config | 995 | .It Pa ~/.ssh/config |
996 | This is the per-user configuration file. | 996 | This is the per-user configuration file. |
997 | The file format and configuration options are described in | 997 | The file format and configuration options are described in |
998 | .Xr ssh_config 5 . | 998 | .Xr ssh_config 5 . |
999 | Because of the potential for abuse, this file must have strict permissions: | 999 | Because of the potential for abuse, this file must have strict permissions: |
1000 | read/write for the user, and not accessible by others. | 1000 | read/write for the user, and not accessible by others. |
1001 | .It Pa $HOME/.ssh/authorized_keys | 1001 | .It Pa ~/.ssh/authorized_keys |
1002 | Lists the public keys (RSA/DSA) that can be used for logging in as this user. | 1002 | Lists the public keys (RSA/DSA) that can be used for logging in as this user. |
1003 | The format of this file is described in the | 1003 | The format of this file is described in the |
1004 | .Xr sshd 8 | 1004 | .Xr sshd 8 |
@@ -1058,7 +1058,7 @@ be setuid root when that authentication method is used. | |||
1058 | By default | 1058 | By default |
1059 | .Nm | 1059 | .Nm |
1060 | is not setuid root. | 1060 | is not setuid root. |
1061 | .It Pa $HOME/.rhosts | 1061 | .It Pa ~/.rhosts |
1062 | This file is used in | 1062 | This file is used in |
1063 | .Cm RhostsRSAAuthentication | 1063 | .Cm RhostsRSAAuthentication |
1064 | and | 1064 | and |
@@ -1088,12 +1088,12 @@ authentication before permitting log in. | |||
1088 | If the server machine does not have the client's host key in | 1088 | If the server machine does not have the client's host key in |
1089 | .Pa /etc/ssh/ssh_known_hosts , | 1089 | .Pa /etc/ssh/ssh_known_hosts , |
1090 | it can be stored in | 1090 | it can be stored in |
1091 | .Pa $HOME/.ssh/known_hosts . | 1091 | .Pa ~/.ssh/known_hosts . |
1092 | The easiest way to do this is to | 1092 | The easiest way to do this is to |
1093 | connect back to the client from the server machine using ssh; this | 1093 | connect back to the client from the server machine using ssh; this |
1094 | will automatically add the host key to | 1094 | will automatically add the host key to |
1095 | .Pa $HOME/.ssh/known_hosts . | 1095 | .Pa ~/.ssh/known_hosts . |
1096 | .It Pa $HOME/.shosts | 1096 | .It Pa ~/.shosts |
1097 | This file is used exactly the same way as | 1097 | This file is used exactly the same way as |
1098 | .Pa .rhosts . | 1098 | .Pa .rhosts . |
1099 | The purpose for | 1099 | The purpose for |
@@ -1133,7 +1133,7 @@ when the user logs in just before the user's shell (or command) is started. | |||
1133 | See the | 1133 | See the |
1134 | .Xr sshd 8 | 1134 | .Xr sshd 8 |
1135 | manual page for more information. | 1135 | manual page for more information. |
1136 | .It Pa $HOME/.ssh/rc | 1136 | .It Pa ~/.ssh/rc |
1137 | Commands in this file are executed by | 1137 | Commands in this file are executed by |
1138 | .Nm | 1138 | .Nm |
1139 | when the user logs in just before the user's shell (or command) is | 1139 | when the user logs in just before the user's shell (or command) is |
@@ -1141,7 +1141,7 @@ started. | |||
1141 | See the | 1141 | See the |
1142 | .Xr sshd 8 | 1142 | .Xr sshd 8 |
1143 | manual page for more information. | 1143 | manual page for more information. |
1144 | .It Pa $HOME/.ssh/environment | 1144 | .It Pa ~/.ssh/environment |
1145 | Contains additional definitions for environment variables, see section | 1145 | Contains additional definitions for environment variables, see section |
1146 | .Sx ENVIRONMENT | 1146 | .Sx ENVIRONMENT |
1147 | above. | 1147 | above. |
diff --git a/ssh_config.5 b/ssh_config.5 index b35753307..7e48fa65b 100644 --- a/ssh_config.5 +++ b/ssh_config.5 | |||
@@ -34,7 +34,7 @@ | |||
34 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 34 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
35 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 35 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
36 | .\" | 36 | .\" |
37 | .\" $OpenBSD: ssh_config.5,v 1.49 2005/03/16 11:10:38 jmc Exp $ | 37 | .\" $OpenBSD: ssh_config.5,v 1.50 2005/04/21 06:17:50 djm Exp $ |
38 | .Dd September 25, 1999 | 38 | .Dd September 25, 1999 |
39 | .Dt SSH_CONFIG 5 | 39 | .Dt SSH_CONFIG 5 |
40 | .Os | 40 | .Os |
@@ -43,7 +43,7 @@ | |||
43 | .Nd OpenSSH SSH client configuration files | 43 | .Nd OpenSSH SSH client configuration files |
44 | .Sh SYNOPSIS | 44 | .Sh SYNOPSIS |
45 | .Bl -tag -width Ds -compact | 45 | .Bl -tag -width Ds -compact |
46 | .It Pa $HOME/.ssh/config | 46 | .It Pa ~/.ssh/config |
47 | .It Pa /etc/ssh/ssh_config | 47 | .It Pa /etc/ssh/ssh_config |
48 | .El | 48 | .El |
49 | .Sh DESCRIPTION | 49 | .Sh DESCRIPTION |
@@ -55,7 +55,7 @@ the following order: | |||
55 | command-line options | 55 | command-line options |
56 | .It | 56 | .It |
57 | user's configuration file | 57 | user's configuration file |
58 | .Pq Pa $HOME/.ssh/config | 58 | .Pq Pa ~/.ssh/config |
59 | .It | 59 | .It |
60 | system-wide configuration file | 60 | system-wide configuration file |
61 | .Pq Pa /etc/ssh/ssh_config | 61 | .Pq Pa /etc/ssh/ssh_config |
@@ -411,7 +411,7 @@ Note that this option applies to protocol version 2 only. | |||
411 | Indicates that | 411 | Indicates that |
412 | .Nm ssh | 412 | .Nm ssh |
413 | should hash host names and addresses when they are added to | 413 | should hash host names and addresses when they are added to |
414 | .Pa $HOME/.ssh/known_hosts . | 414 | .Pa ~/.ssh/known_hosts . |
415 | These hashed names may be used normally by | 415 | These hashed names may be used normally by |
416 | .Nm ssh | 416 | .Nm ssh |
417 | and | 417 | and |
@@ -457,11 +457,11 @@ specifications). | |||
457 | Specifies a file from which the user's RSA or DSA authentication identity | 457 | Specifies a file from which the user's RSA or DSA authentication identity |
458 | is read. | 458 | is read. |
459 | The default is | 459 | The default is |
460 | .Pa $HOME/.ssh/identity | 460 | .Pa ~/.ssh/identity |
461 | for protocol version 1, and | 461 | for protocol version 1, and |
462 | .Pa $HOME/.ssh/id_rsa | 462 | .Pa ~/.ssh/id_rsa |
463 | and | 463 | and |
464 | .Pa $HOME/.ssh/id_dsa | 464 | .Pa ~/.ssh/id_dsa |
465 | for protocol version 2. | 465 | for protocol version 2. |
466 | Additionally, any identities represented by the authentication agent | 466 | Additionally, any identities represented by the authentication agent |
467 | will be used for authentication. | 467 | will be used for authentication. |
@@ -751,7 +751,7 @@ If this flag is set to | |||
751 | .Dq yes , | 751 | .Dq yes , |
752 | .Nm ssh | 752 | .Nm ssh |
753 | will never automatically add host keys to the | 753 | will never automatically add host keys to the |
754 | .Pa $HOME/.ssh/known_hosts | 754 | .Pa ~/.ssh/known_hosts |
755 | file, and refuses to connect to hosts whose host key has changed. | 755 | file, and refuses to connect to hosts whose host key has changed. |
756 | This provides maximum protection against trojan horse attacks, | 756 | This provides maximum protection against trojan horse attacks, |
757 | however, can be annoying when the | 757 | however, can be annoying when the |
@@ -823,7 +823,7 @@ having to remember to give the user name on the command line. | |||
823 | .It Cm UserKnownHostsFile | 823 | .It Cm UserKnownHostsFile |
824 | Specifies a file to use for the user | 824 | Specifies a file to use for the user |
825 | host key database instead of | 825 | host key database instead of |
826 | .Pa $HOME/.ssh/known_hosts . | 826 | .Pa ~/.ssh/known_hosts . |
827 | .It Cm VerifyHostKeyDNS | 827 | .It Cm VerifyHostKeyDNS |
828 | Specifies whether to verify the remote key using DNS and SSHFP resource | 828 | Specifies whether to verify the remote key using DNS and SSHFP resource |
829 | records. | 829 | records. |
@@ -856,7 +856,7 @@ The default is | |||
856 | .El | 856 | .El |
857 | .Sh FILES | 857 | .Sh FILES |
858 | .Bl -tag -width Ds | 858 | .Bl -tag -width Ds |
859 | .It Pa $HOME/.ssh/config | 859 | .It Pa ~/.ssh/config |
860 | This is the per-user configuration file. | 860 | This is the per-user configuration file. |
861 | The format of this file is described above. | 861 | The format of this file is described above. |
862 | This file is used by the | 862 | This file is used by the |
@@ -34,7 +34,7 @@ | |||
34 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 34 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
35 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 35 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
36 | .\" | 36 | .\" |
37 | .\" $OpenBSD: sshd.8,v 1.206 2005/03/01 14:59:49 jmc Exp $ | 37 | .\" $OpenBSD: sshd.8,v 1.207 2005/04/21 06:17:50 djm Exp $ |
38 | .Dd September 25, 1999 | 38 | .Dd September 25, 1999 |
39 | .Dt SSHD 8 | 39 | .Dt SSHD 8 |
40 | .Os | 40 | .Os |
@@ -350,7 +350,7 @@ If the login is on a tty, and no command has been specified, | |||
350 | prints last login time and | 350 | prints last login time and |
351 | .Pa /etc/motd | 351 | .Pa /etc/motd |
352 | (unless prevented in the configuration file or by | 352 | (unless prevented in the configuration file or by |
353 | .Pa $HOME/.hushlogin ; | 353 | .Pa ~/.hushlogin ; |
354 | see the | 354 | see the |
355 | .Sx FILES | 355 | .Sx FILES |
356 | section). | 356 | section). |
@@ -367,7 +367,7 @@ Changes to run with normal user privileges. | |||
367 | Sets up basic environment. | 367 | Sets up basic environment. |
368 | .It | 368 | .It |
369 | Reads the file | 369 | Reads the file |
370 | .Pa $HOME/.ssh/environment , | 370 | .Pa ~/.ssh/environment , |
371 | if it exists, and users are allowed to change their environment. | 371 | if it exists, and users are allowed to change their environment. |
372 | See the | 372 | See the |
373 | .Cm PermitUserEnvironment | 373 | .Cm PermitUserEnvironment |
@@ -377,7 +377,7 @@ option in | |||
377 | Changes to user's home directory. | 377 | Changes to user's home directory. |
378 | .It | 378 | .It |
379 | If | 379 | If |
380 | .Pa $HOME/.ssh/rc | 380 | .Pa ~/.ssh/rc |
381 | exists, runs it; else if | 381 | exists, runs it; else if |
382 | .Pa /etc/ssh/sshrc | 382 | .Pa /etc/ssh/sshrc |
383 | exists, runs | 383 | exists, runs |
@@ -390,7 +390,7 @@ authentication protocol and cookie in standard input. | |||
390 | Runs user's shell or command. | 390 | Runs user's shell or command. |
391 | .El | 391 | .El |
392 | .Sh AUTHORIZED_KEYS FILE FORMAT | 392 | .Sh AUTHORIZED_KEYS FILE FORMAT |
393 | .Pa $HOME/.ssh/authorized_keys | 393 | .Pa ~/.ssh/authorized_keys |
394 | is the default file that lists the public keys that are | 394 | is the default file that lists the public keys that are |
395 | permitted for RSA authentication in protocol version 1 | 395 | permitted for RSA authentication in protocol version 1 |
396 | and for public key authentication (PubkeyAuthentication) | 396 | and for public key authentication (PubkeyAuthentication) |
@@ -528,7 +528,7 @@ permitopen="10.2.1.55:80",permitopen="10.2.1.56:25" 1024 33 23...2323 | |||
528 | The | 528 | The |
529 | .Pa /etc/ssh/ssh_known_hosts | 529 | .Pa /etc/ssh/ssh_known_hosts |
530 | and | 530 | and |
531 | .Pa $HOME/.ssh/known_hosts | 531 | .Pa ~/.ssh/known_hosts |
532 | files contain host public keys for all known hosts. | 532 | files contain host public keys for all known hosts. |
533 | The global file should | 533 | The global file should |
534 | be prepared by the administrator (optional), and the per-user file is | 534 | be prepared by the administrator (optional), and the per-user file is |
@@ -639,7 +639,7 @@ listening for connections (if there are several daemons running | |||
639 | concurrently for different ports, this contains the process ID of the one | 639 | concurrently for different ports, this contains the process ID of the one |
640 | started last). | 640 | started last). |
641 | The content of this file is not sensitive; it can be world-readable. | 641 | The content of this file is not sensitive; it can be world-readable. |
642 | .It Pa $HOME/.ssh/authorized_keys | 642 | .It Pa ~/.ssh/authorized_keys |
643 | Lists the public keys (RSA or DSA) that can be used to log into the user's account. | 643 | Lists the public keys (RSA or DSA) that can be used to log into the user's account. |
644 | This file must be readable by root (which may on some machines imply | 644 | This file must be readable by root (which may on some machines imply |
645 | it being world-readable if the user's home directory resides on an NFS | 645 | it being world-readable if the user's home directory resides on an NFS |
@@ -653,7 +653,7 @@ and/or | |||
653 | .Pa id_rsa.pub | 653 | .Pa id_rsa.pub |
654 | files into this file, as described in | 654 | files into this file, as described in |
655 | .Xr ssh-keygen 1 . | 655 | .Xr ssh-keygen 1 . |
656 | .It Pa "/etc/ssh/ssh_known_hosts", "$HOME/.ssh/known_hosts" | 656 | .It Pa "/etc/ssh/ssh_known_hosts", "~/.ssh/known_hosts" |
657 | These files are consulted when using rhosts with RSA host | 657 | These files are consulted when using rhosts with RSA host |
658 | authentication or protocol version 2 hostbased authentication | 658 | authentication or protocol version 2 hostbased authentication |
659 | to check the public key of the host. | 659 | to check the public key of the host. |
@@ -663,12 +663,12 @@ to verify that it is connecting to the correct remote host. | |||
663 | These files should be writable only by root/the owner. | 663 | These files should be writable only by root/the owner. |
664 | .Pa /etc/ssh/ssh_known_hosts | 664 | .Pa /etc/ssh/ssh_known_hosts |
665 | should be world-readable, and | 665 | should be world-readable, and |
666 | .Pa $HOME/.ssh/known_hosts | 666 | .Pa ~/.ssh/known_hosts |
667 | can, but need not be, world-readable. | 667 | can, but need not be, world-readable. |
668 | .It Pa /etc/motd | 668 | .It Pa /etc/motd |
669 | See | 669 | See |
670 | .Xr motd 5 . | 670 | .Xr motd 5 . |
671 | .It Pa $HOME/.hushlogin | 671 | .It Pa ~/.hushlogin |
672 | This file is used to suppress printing the last login time and | 672 | This file is used to suppress printing the last login time and |
673 | .Pa /etc/motd , | 673 | .Pa /etc/motd , |
674 | if | 674 | if |
@@ -691,7 +691,7 @@ The file should be world-readable. | |||
691 | Access controls that should be enforced by tcp-wrappers are defined here. | 691 | Access controls that should be enforced by tcp-wrappers are defined here. |
692 | Further details are described in | 692 | Further details are described in |
693 | .Xr hosts_access 5 . | 693 | .Xr hosts_access 5 . |
694 | .It Pa $HOME/.rhosts | 694 | .It Pa ~/.rhosts |
695 | This file is used during | 695 | This file is used during |
696 | .Cm RhostsRSAAuthentication | 696 | .Cm RhostsRSAAuthentication |
697 | and | 697 | and |
@@ -709,7 +709,7 @@ It is also possible to use netgroups in the file. | |||
709 | Either host or user | 709 | Either host or user |
710 | name may be of the form +@groupname to specify all hosts or all users | 710 | name may be of the form +@groupname to specify all hosts or all users |
711 | in the group. | 711 | in the group. |
712 | .It Pa $HOME/.shosts | 712 | .It Pa ~/.shosts |
713 | For ssh, | 713 | For ssh, |
714 | this file is exactly the same as for | 714 | this file is exactly the same as for |
715 | .Pa .rhosts . | 715 | .Pa .rhosts . |
@@ -758,7 +758,7 @@ This is processed exactly as | |||
758 | .Pa /etc/hosts.equiv . | 758 | .Pa /etc/hosts.equiv . |
759 | However, this file may be useful in environments that want to run both | 759 | However, this file may be useful in environments that want to run both |
760 | rsh/rlogin and ssh. | 760 | rsh/rlogin and ssh. |
761 | .It Pa $HOME/.ssh/environment | 761 | .It Pa ~/.ssh/environment |
762 | This file is read into the environment at login (if it exists). | 762 | This file is read into the environment at login (if it exists). |
763 | It can only contain empty lines, comment lines (that start with | 763 | It can only contain empty lines, comment lines (that start with |
764 | .Ql # ) , | 764 | .Ql # ) , |
@@ -769,7 +769,7 @@ Environment processing is disabled by default and is | |||
769 | controlled via the | 769 | controlled via the |
770 | .Cm PermitUserEnvironment | 770 | .Cm PermitUserEnvironment |
771 | option. | 771 | option. |
772 | .It Pa $HOME/.ssh/rc | 772 | .It Pa ~/.ssh/rc |
773 | If this file exists, it is run with | 773 | If this file exists, it is run with |
774 | .Pa /bin/sh | 774 | .Pa /bin/sh |
775 | after reading the | 775 | after reading the |
@@ -814,7 +814,7 @@ This file should be writable only by the user, and need not be | |||
814 | readable by anyone else. | 814 | readable by anyone else. |
815 | .It Pa /etc/ssh/sshrc | 815 | .It Pa /etc/ssh/sshrc |
816 | Like | 816 | Like |
817 | .Pa $HOME/.ssh/rc . | 817 | .Pa ~/.ssh/rc . |
818 | This can be used to specify | 818 | This can be used to specify |
819 | machine-specific login-time initializations globally. | 819 | machine-specific login-time initializations globally. |
820 | This file should be writable only by root, and should be world-readable. | 820 | This file should be writable only by root, and should be world-readable. |
diff --git a/sshd_config.5 b/sshd_config.5 index ea79a54bf..df51fb867 100644 --- a/sshd_config.5 +++ b/sshd_config.5 | |||
@@ -34,7 +34,7 @@ | |||
34 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 34 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
35 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 35 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
36 | .\" | 36 | .\" |
37 | .\" $OpenBSD: sshd_config.5,v 1.40 2005/03/18 17:05:00 jmc Exp $ | 37 | .\" $OpenBSD: sshd_config.5,v 1.41 2005/04/21 06:17:50 djm Exp $ |
38 | .Dd September 25, 1999 | 38 | .Dd September 25, 1999 |
39 | .Dt SSHD_CONFIG 5 | 39 | .Dt SSHD_CONFIG 5 |
40 | .Os | 40 | .Os |
@@ -327,7 +327,7 @@ The default is | |||
327 | Specifies whether | 327 | Specifies whether |
328 | .Nm sshd | 328 | .Nm sshd |
329 | should ignore the user's | 329 | should ignore the user's |
330 | .Pa $HOME/.ssh/known_hosts | 330 | .Pa ~/.ssh/known_hosts |
331 | during | 331 | during |
332 | .Cm RhostsRSAAuthentication | 332 | .Cm RhostsRSAAuthentication |
333 | or | 333 | or |