- jmc@cvs.openbsd.org 2006/01/04 18:42:46

[ssh.1] chop out some duplication in the .{r,s}hosts/{h,sh}osts.equiv FILES entries; ok markus
author: Damien Miller <djm@mindrot.org> 2006-01-06 14:49:38 +1100
committer: Damien Miller <djm@mindrot.org> 2006-01-06 14:49:38 +1100
commit: 1bcdb50a3dd315178ad889070d0313e3a3e5ff04 (patch)
tree: 5c5fb571cc11b7042bfac16088d7124af65590ad
parent: 4c102eede39e71cf6a32b9cca6149ed67f6178aa (diff)
2 files changed, 19 insertions, 57 deletions
diff --git a/ChangeLog b/ChangeLog
index 1784bd131..281faccab 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -15,6 +15,11 @@
   - jmc@cvs.openbsd.org 2006/01/03 16:55:18
     [ssh.1]
     tweak the description of ~/.ssh/environment
+   - jmc@cvs.openbsd.org 2006/01/04 18:42:46
+     [ssh.1]
+     chop out some duplication in the .{r,s}hosts/{h,sh}osts.equiv FILES
+     entries;
+     ok markus
 20060103
 - (djm) [channels.c] clean up harmless merge error, from reyk@
@@ -3649,4 +3654,4 @@
   - (djm) Trim deprecated options from INSTALL. Mention UsePAM
   - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu
-$Id: ChangeLog,v 1.4077 2006/01/06 03:49:17 djm Exp $
+$Id: ChangeLog,v 1.4078 2006/01/06 03:49:38 djm Exp $
diff --git a/ssh.1 b/ssh.1
index 27a51b690..d2f6f11e5 100644
--- a/ssh.1
+++ b/ssh.1
@@ -34,7 +34,7 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: ssh.1,v 1.239 2006/01/03 16:55:18 jmc Exp $
+.\" $OpenBSD: ssh.1,v 1.240 2006/01/04 18:42:46 jmc Exp $
 .Dd September 25, 1999
 .Dt SSH 1
 .Os
@@ -1055,19 +1055,9 @@ option in
 .Sh FILES
 .Bl -tag -width Ds -compact
 .It ~/.rhosts
-This file is used in
+This file is used for host-based authentication (see above).
-.Cm RhostsRSAAuthentication
-and
-.Cm HostbasedAuthentication
-authentication to list the
-host/user pairs that are permitted to log in.
-(Note that this file is
-also used by rlogin and rsh, which makes using this file insecure.)
-Each line of the file contains a host name (in the canonical form
-returned by name servers), and then a user name on that host,
-separated by a space.
 On some machines this file may need to be
-world-readable if the user's home directory is on a NFS partition,
+world-readable if the user's home directory is on an NFS partition,
 because
 .Xr sshd 8
 reads it as root.
@@ -1077,31 +1067,11 @@ The recommended
 permission for most machines is read/write for the user, and not
 accessible by others.
 .Pp
-Note that
-.Xr sshd 8
-allows authentication only in combination with client host key
-authentication before permitting log in.
-If the server machine does not have the client's host key in
-.Pa /etc/ssh/ssh_known_hosts ,
-it can be stored in
-.Pa ~/.ssh/known_hosts .
-The easiest way to do this is to
-connect back to the client from the server machine using ssh; this
-will automatically add the host key to
-.Pa ~/.ssh/known_hosts .
-.Pp
 .It ~/.shosts
-This file is used exactly the same way as
+This file is used in exactly the same way as
-.Pa .rhosts .
+.Pa .rhosts ,
-The purpose for
+but allows host-based authentication without permitting login with
-having this file is to be able to use
+rlogin/rsh.
-.Cm RhostsRSAAuthentication
-and
-.Cm HostbasedAuthentication
-authentication without permitting login with
-.Xr rlogin
-or
-.Xr rsh 1 .
 .Pp
 .It ~/.ssh/authorized_keys
 Lists the public keys (RSA/DSA) that can be used for logging in as this user.
@@ -1166,27 +1136,14 @@ See the
 manual page for more information.
 .Pp
 .It /etc/hosts.equiv
-This file is used during
+This file is for host-based authentication (see above).
-.Cm RhostsRSAAuthentication
+It should only be writable by root.
-and
-.Cm HostbasedAuthentication
-authentication.
-It contains
-canonical hosts names, one per line (the full format is described in the
-.Xr sshd 8
-manual page).
-If the client host is found in this file, login is
-automatically permitted provided client and server user names are the
-same.
-Additionally, successful client host key authentication is required.
-This file should only be writable by root.
 .Pp
 .It /etc/shosts.equiv
-This file is processed exactly as
+This file is used in exactly the same way as
-.Pa /etc/hosts.equiv .
+.Pa hosts.equiv ,
-This file may be useful to permit logins using
+but allows host-based authentication without permitting login with
-.Nm
+rlogin/rsh.
-but not using rsh/rlogin.
 .Pp
 .It Pa /etc/ssh/ssh_config
 Systemwide configuration file.
author	Damien Miller <djm@mindrot.org>	2006-01-06 14:49:38 +1100
committer	Damien Miller <djm@mindrot.org>	2006-01-06 14:49:38 +1100
commit	1bcdb50a3dd315178ad889070d0313e3a3e5ff04 (patch)
tree	5c5fb571cc11b7042bfac16088d7124af65590ad
parent	4c102eede39e71cf6a32b9cca6149ed67f6178aa (diff)

diff --git a/ChangeLog b/ChangeLog index 1784bd131..281faccab 100644 --- a/ChangeLog +++ b/ChangeLog
@@ -15,6 +15,11 @@
15	- jmc@cvs.openbsd.org 2006/01/03 16:55:18	15	- jmc@cvs.openbsd.org 2006/01/03 16:55:18
16	[ssh.1]	16	[ssh.1]
17	tweak the description of ~/.ssh/environment	17	tweak the description of ~/.ssh/environment
		18	- jmc@cvs.openbsd.org 2006/01/04 18:42:46
		19	[ssh.1]
		20	chop out some duplication in the .{r,s}hosts/{h,sh}osts.equiv FILES
		21	entries;
		22	ok markus
18		23
19	20060103	24	20060103
20	- (djm) [channels.c] clean up harmless merge error, from reyk@	25	- (djm) [channels.c] clean up harmless merge error, from reyk@
@@ -3649,4 +3654,4 @@
3649	- (djm) Trim deprecated options from INSTALL. Mention UsePAM	3654	- (djm) Trim deprecated options from INSTALL. Mention UsePAM
3650	- (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu	3655	- (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu
3651		3656
3652	$Id: ChangeLog,v 1.4077 2006/01/06 03:49:17 djm Exp $	3657	$Id: ChangeLog,v 1.4078 2006/01/06 03:49:38 djm Exp $


diff --git a/ssh.1 b/ssh.1 index 27a51b690..d2f6f11e5 100644 --- a/ssh.1 +++ b/ssh.1
@@ -34,7 +34,7 @@
34	.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF	34	.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
35	.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.	35	.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
36	.\"	36	.\"
37	.\" $OpenBSD: ssh.1,v 1.239 2006/01/03 16:55:18 jmc Exp $	37	.\" $OpenBSD: ssh.1,v 1.240 2006/01/04 18:42:46 jmc Exp $
38	.Dd September 25, 1999	38	.Dd September 25, 1999
39	.Dt SSH 1	39	.Dt SSH 1
40	.Os	40	.Os
@@ -1055,19 +1055,9 @@ option in
1055	.Sh FILES	1055	.Sh FILES
1056	.Bl -tag -width Ds -compact	1056	.Bl -tag -width Ds -compact
1057	.It ~/.rhosts	1057	.It ~/.rhosts
1058	This file is used in	1058	This file is used for host-based authentication (see above).
1059	.Cm RhostsRSAAuthentication
1060	and
1061	.Cm HostbasedAuthentication
1062	authentication to list the
1063	host/user pairs that are permitted to log in.
1064	(Note that this file is
1065	also used by rlogin and rsh, which makes using this file insecure.)
1066	Each line of the file contains a host name (in the canonical form
1067	returned by name servers), and then a user name on that host,
1068	separated by a space.
1069	On some machines this file may need to be	1059	On some machines this file may need to be
1070	world-readable if the user's home directory is on a NFS partition,	1060	world-readable if the user's home directory is on an NFS partition,
1071	because	1061	because
1072	.Xr sshd 8	1062	.Xr sshd 8
1073	reads it as root.	1063	reads it as root.
@@ -1077,31 +1067,11 @@ The recommended
1077	permission for most machines is read/write for the user, and not	1067	permission for most machines is read/write for the user, and not
1078	accessible by others.	1068	accessible by others.
1079	.Pp	1069	.Pp
1080	Note that
1081	.Xr sshd 8
1082	allows authentication only in combination with client host key
1083	authentication before permitting log in.
1084	If the server machine does not have the client's host key in
1085	.Pa /etc/ssh/ssh_known_hosts ,
1086	it can be stored in
1087	.Pa ~/.ssh/known_hosts .
1088	The easiest way to do this is to
1089	connect back to the client from the server machine using ssh; this
1090	will automatically add the host key to
1091	.Pa ~/.ssh/known_hosts .
1092	.Pp
1093	.It ~/.shosts	1070	.It ~/.shosts
1094	This file is used exactly the same way as	1071	This file is used in exactly the same way as
1095	.Pa .rhosts .	1072	.Pa .rhosts ,
1096	The purpose for	1073	but allows host-based authentication without permitting login with
1097	having this file is to be able to use	1074	rlogin/rsh.
1098	.Cm RhostsRSAAuthentication
1099	and
1100	.Cm HostbasedAuthentication
1101	authentication without permitting login with
1102	.Xr rlogin
1103	or
1104	.Xr rsh 1 .
1105	.Pp	1075	.Pp
1106	.It ~/.ssh/authorized_keys	1076	.It ~/.ssh/authorized_keys
1107	Lists the public keys (RSA/DSA) that can be used for logging in as this user.	1077	Lists the public keys (RSA/DSA) that can be used for logging in as this user.
@@ -1166,27 +1136,14 @@ See the
1166	manual page for more information.	1136	manual page for more information.
1167	.Pp	1137	.Pp
1168	.It /etc/hosts.equiv	1138	.It /etc/hosts.equiv
1169	This file is used during	1139	This file is for host-based authentication (see above).
1170	.Cm RhostsRSAAuthentication	1140	It should only be writable by root.
1171	and
1172	.Cm HostbasedAuthentication
1173	authentication.
1174	It contains
1175	canonical hosts names, one per line (the full format is described in the
1176	.Xr sshd 8
1177	manual page).
1178	If the client host is found in this file, login is
1179	automatically permitted provided client and server user names are the
1180	same.
1181	Additionally, successful client host key authentication is required.
1182	This file should only be writable by root.
1183	.Pp	1141	.Pp
1184	.It /etc/shosts.equiv	1142	.It /etc/shosts.equiv
1185	This file is processed exactly as	1143	This file is used in exactly the same way as
1186	.Pa /etc/hosts.equiv .	1144	.Pa hosts.equiv ,
1187	This file may be useful to permit logins using	1145	but allows host-based authentication without permitting login with
1188	.Nm	1146	rlogin/rsh.
1189	but not using rsh/rlogin.
1190	.Pp	1147	.Pp
1191	.It Pa /etc/ssh/ssh_config	1148	.It Pa /etc/ssh/ssh_config
1192	Systemwide configuration file.	1149	Systemwide configuration file.