summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDamien Miller <djm@mindrot.org>2006-01-06 14:49:38 +1100
committerDamien Miller <djm@mindrot.org>2006-01-06 14:49:38 +1100
commit1bcdb50a3dd315178ad889070d0313e3a3e5ff04 (patch)
tree5c5fb571cc11b7042bfac16088d7124af65590ad
parent4c102eede39e71cf6a32b9cca6149ed67f6178aa (diff)
- jmc@cvs.openbsd.org 2006/01/04 18:42:46
[ssh.1] chop out some duplication in the .{r,s}hosts/{h,sh}osts.equiv FILES entries; ok markus
-rw-r--r--ChangeLog7
-rw-r--r--ssh.169
2 files changed, 19 insertions, 57 deletions
diff --git a/ChangeLog b/ChangeLog
index 1784bd131..281faccab 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -15,6 +15,11 @@
15 - jmc@cvs.openbsd.org 2006/01/03 16:55:18 15 - jmc@cvs.openbsd.org 2006/01/03 16:55:18
16 [ssh.1] 16 [ssh.1]
17 tweak the description of ~/.ssh/environment 17 tweak the description of ~/.ssh/environment
18 - jmc@cvs.openbsd.org 2006/01/04 18:42:46
19 [ssh.1]
20 chop out some duplication in the .{r,s}hosts/{h,sh}osts.equiv FILES
21 entries;
22 ok markus
18 23
1920060103 2420060103
20 - (djm) [channels.c] clean up harmless merge error, from reyk@ 25 - (djm) [channels.c] clean up harmless merge error, from reyk@
@@ -3649,4 +3654,4 @@
3649 - (djm) Trim deprecated options from INSTALL. Mention UsePAM 3654 - (djm) Trim deprecated options from INSTALL. Mention UsePAM
3650 - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu 3655 - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu
3651 3656
3652$Id: ChangeLog,v 1.4077 2006/01/06 03:49:17 djm Exp $ 3657$Id: ChangeLog,v 1.4078 2006/01/06 03:49:38 djm Exp $
diff --git a/ssh.1 b/ssh.1
index 27a51b690..d2f6f11e5 100644
--- a/ssh.1
+++ b/ssh.1
@@ -34,7 +34,7 @@
34.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 34.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
35.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 35.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
36.\" 36.\"
37.\" $OpenBSD: ssh.1,v 1.239 2006/01/03 16:55:18 jmc Exp $ 37.\" $OpenBSD: ssh.1,v 1.240 2006/01/04 18:42:46 jmc Exp $
38.Dd September 25, 1999 38.Dd September 25, 1999
39.Dt SSH 1 39.Dt SSH 1
40.Os 40.Os
@@ -1055,19 +1055,9 @@ option in
1055.Sh FILES 1055.Sh FILES
1056.Bl -tag -width Ds -compact 1056.Bl -tag -width Ds -compact
1057.It ~/.rhosts 1057.It ~/.rhosts
1058This file is used in 1058This file is used for host-based authentication (see above).
1059.Cm RhostsRSAAuthentication
1060and
1061.Cm HostbasedAuthentication
1062authentication to list the
1063host/user pairs that are permitted to log in.
1064(Note that this file is
1065also used by rlogin and rsh, which makes using this file insecure.)
1066Each line of the file contains a host name (in the canonical form
1067returned by name servers), and then a user name on that host,
1068separated by a space.
1069On some machines this file may need to be 1059On some machines this file may need to be
1070world-readable if the user's home directory is on a NFS partition, 1060world-readable if the user's home directory is on an NFS partition,
1071because 1061because
1072.Xr sshd 8 1062.Xr sshd 8
1073reads it as root. 1063reads it as root.
@@ -1077,31 +1067,11 @@ The recommended
1077permission for most machines is read/write for the user, and not 1067permission for most machines is read/write for the user, and not
1078accessible by others. 1068accessible by others.
1079.Pp 1069.Pp
1080Note that
1081.Xr sshd 8
1082allows authentication only in combination with client host key
1083authentication before permitting log in.
1084If the server machine does not have the client's host key in
1085.Pa /etc/ssh/ssh_known_hosts ,
1086it can be stored in
1087.Pa ~/.ssh/known_hosts .
1088The easiest way to do this is to
1089connect back to the client from the server machine using ssh; this
1090will automatically add the host key to
1091.Pa ~/.ssh/known_hosts .
1092.Pp
1093.It ~/.shosts 1070.It ~/.shosts
1094This file is used exactly the same way as 1071This file is used in exactly the same way as
1095.Pa .rhosts . 1072.Pa .rhosts ,
1096The purpose for 1073but allows host-based authentication without permitting login with
1097having this file is to be able to use 1074rlogin/rsh.
1098.Cm RhostsRSAAuthentication
1099and
1100.Cm HostbasedAuthentication
1101authentication without permitting login with
1102.Xr rlogin
1103or
1104.Xr rsh 1 .
1105.Pp 1075.Pp
1106.It ~/.ssh/authorized_keys 1076.It ~/.ssh/authorized_keys
1107Lists the public keys (RSA/DSA) that can be used for logging in as this user. 1077Lists the public keys (RSA/DSA) that can be used for logging in as this user.
@@ -1166,27 +1136,14 @@ See the
1166manual page for more information. 1136manual page for more information.
1167.Pp 1137.Pp
1168.It /etc/hosts.equiv 1138.It /etc/hosts.equiv
1169This file is used during 1139This file is for host-based authentication (see above).
1170.Cm RhostsRSAAuthentication 1140It should only be writable by root.
1171and
1172.Cm HostbasedAuthentication
1173authentication.
1174It contains
1175canonical hosts names, one per line (the full format is described in the
1176.Xr sshd 8
1177manual page).
1178If the client host is found in this file, login is
1179automatically permitted provided client and server user names are the
1180same.
1181Additionally, successful client host key authentication is required.
1182This file should only be writable by root.
1183.Pp 1141.Pp
1184.It /etc/shosts.equiv 1142.It /etc/shosts.equiv
1185This file is processed exactly as 1143This file is used in exactly the same way as
1186.Pa /etc/hosts.equiv . 1144.Pa hosts.equiv ,
1187This file may be useful to permit logins using 1145but allows host-based authentication without permitting login with
1188.Nm 1146rlogin/rsh.
1189but not using rsh/rlogin.
1190.Pp 1147.Pp
1191.It Pa /etc/ssh/ssh_config 1148.It Pa /etc/ssh/ssh_config
1192Systemwide configuration file. 1149Systemwide configuration file.