diff options
author | Damien Miller <djm@mindrot.org> | 2006-01-06 14:49:38 +1100 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2006-01-06 14:49:38 +1100 |
commit | 1bcdb50a3dd315178ad889070d0313e3a3e5ff04 (patch) | |
tree | 5c5fb571cc11b7042bfac16088d7124af65590ad | |
parent | 4c102eede39e71cf6a32b9cca6149ed67f6178aa (diff) |
- jmc@cvs.openbsd.org 2006/01/04 18:42:46
[ssh.1]
chop out some duplication in the .{r,s}hosts/{h,sh}osts.equiv FILES
entries;
ok markus
-rw-r--r-- | ChangeLog | 7 | ||||
-rw-r--r-- | ssh.1 | 69 |
2 files changed, 19 insertions, 57 deletions
@@ -15,6 +15,11 @@ | |||
15 | - jmc@cvs.openbsd.org 2006/01/03 16:55:18 | 15 | - jmc@cvs.openbsd.org 2006/01/03 16:55:18 |
16 | [ssh.1] | 16 | [ssh.1] |
17 | tweak the description of ~/.ssh/environment | 17 | tweak the description of ~/.ssh/environment |
18 | - jmc@cvs.openbsd.org 2006/01/04 18:42:46 | ||
19 | [ssh.1] | ||
20 | chop out some duplication in the .{r,s}hosts/{h,sh}osts.equiv FILES | ||
21 | entries; | ||
22 | ok markus | ||
18 | 23 | ||
19 | 20060103 | 24 | 20060103 |
20 | - (djm) [channels.c] clean up harmless merge error, from reyk@ | 25 | - (djm) [channels.c] clean up harmless merge error, from reyk@ |
@@ -3649,4 +3654,4 @@ | |||
3649 | - (djm) Trim deprecated options from INSTALL. Mention UsePAM | 3654 | - (djm) Trim deprecated options from INSTALL. Mention UsePAM |
3650 | - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu | 3655 | - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu |
3651 | 3656 | ||
3652 | $Id: ChangeLog,v 1.4077 2006/01/06 03:49:17 djm Exp $ | 3657 | $Id: ChangeLog,v 1.4078 2006/01/06 03:49:38 djm Exp $ |
@@ -34,7 +34,7 @@ | |||
34 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 34 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
35 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 35 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
36 | .\" | 36 | .\" |
37 | .\" $OpenBSD: ssh.1,v 1.239 2006/01/03 16:55:18 jmc Exp $ | 37 | .\" $OpenBSD: ssh.1,v 1.240 2006/01/04 18:42:46 jmc Exp $ |
38 | .Dd September 25, 1999 | 38 | .Dd September 25, 1999 |
39 | .Dt SSH 1 | 39 | .Dt SSH 1 |
40 | .Os | 40 | .Os |
@@ -1055,19 +1055,9 @@ option in | |||
1055 | .Sh FILES | 1055 | .Sh FILES |
1056 | .Bl -tag -width Ds -compact | 1056 | .Bl -tag -width Ds -compact |
1057 | .It ~/.rhosts | 1057 | .It ~/.rhosts |
1058 | This file is used in | 1058 | This file is used for host-based authentication (see above). |
1059 | .Cm RhostsRSAAuthentication | ||
1060 | and | ||
1061 | .Cm HostbasedAuthentication | ||
1062 | authentication to list the | ||
1063 | host/user pairs that are permitted to log in. | ||
1064 | (Note that this file is | ||
1065 | also used by rlogin and rsh, which makes using this file insecure.) | ||
1066 | Each line of the file contains a host name (in the canonical form | ||
1067 | returned by name servers), and then a user name on that host, | ||
1068 | separated by a space. | ||
1069 | On some machines this file may need to be | 1059 | On some machines this file may need to be |
1070 | world-readable if the user's home directory is on a NFS partition, | 1060 | world-readable if the user's home directory is on an NFS partition, |
1071 | because | 1061 | because |
1072 | .Xr sshd 8 | 1062 | .Xr sshd 8 |
1073 | reads it as root. | 1063 | reads it as root. |
@@ -1077,31 +1067,11 @@ The recommended | |||
1077 | permission for most machines is read/write for the user, and not | 1067 | permission for most machines is read/write for the user, and not |
1078 | accessible by others. | 1068 | accessible by others. |
1079 | .Pp | 1069 | .Pp |
1080 | Note that | ||
1081 | .Xr sshd 8 | ||
1082 | allows authentication only in combination with client host key | ||
1083 | authentication before permitting log in. | ||
1084 | If the server machine does not have the client's host key in | ||
1085 | .Pa /etc/ssh/ssh_known_hosts , | ||
1086 | it can be stored in | ||
1087 | .Pa ~/.ssh/known_hosts . | ||
1088 | The easiest way to do this is to | ||
1089 | connect back to the client from the server machine using ssh; this | ||
1090 | will automatically add the host key to | ||
1091 | .Pa ~/.ssh/known_hosts . | ||
1092 | .Pp | ||
1093 | .It ~/.shosts | 1070 | .It ~/.shosts |
1094 | This file is used exactly the same way as | 1071 | This file is used in exactly the same way as |
1095 | .Pa .rhosts . | 1072 | .Pa .rhosts , |
1096 | The purpose for | 1073 | but allows host-based authentication without permitting login with |
1097 | having this file is to be able to use | 1074 | rlogin/rsh. |
1098 | .Cm RhostsRSAAuthentication | ||
1099 | and | ||
1100 | .Cm HostbasedAuthentication | ||
1101 | authentication without permitting login with | ||
1102 | .Xr rlogin | ||
1103 | or | ||
1104 | .Xr rsh 1 . | ||
1105 | .Pp | 1075 | .Pp |
1106 | .It ~/.ssh/authorized_keys | 1076 | .It ~/.ssh/authorized_keys |
1107 | Lists the public keys (RSA/DSA) that can be used for logging in as this user. | 1077 | Lists the public keys (RSA/DSA) that can be used for logging in as this user. |
@@ -1166,27 +1136,14 @@ See the | |||
1166 | manual page for more information. | 1136 | manual page for more information. |
1167 | .Pp | 1137 | .Pp |
1168 | .It /etc/hosts.equiv | 1138 | .It /etc/hosts.equiv |
1169 | This file is used during | 1139 | This file is for host-based authentication (see above). |
1170 | .Cm RhostsRSAAuthentication | 1140 | It should only be writable by root. |
1171 | and | ||
1172 | .Cm HostbasedAuthentication | ||
1173 | authentication. | ||
1174 | It contains | ||
1175 | canonical hosts names, one per line (the full format is described in the | ||
1176 | .Xr sshd 8 | ||
1177 | manual page). | ||
1178 | If the client host is found in this file, login is | ||
1179 | automatically permitted provided client and server user names are the | ||
1180 | same. | ||
1181 | Additionally, successful client host key authentication is required. | ||
1182 | This file should only be writable by root. | ||
1183 | .Pp | 1141 | .Pp |
1184 | .It /etc/shosts.equiv | 1142 | .It /etc/shosts.equiv |
1185 | This file is processed exactly as | 1143 | This file is used in exactly the same way as |
1186 | .Pa /etc/hosts.equiv . | 1144 | .Pa hosts.equiv , |
1187 | This file may be useful to permit logins using | 1145 | but allows host-based authentication without permitting login with |
1188 | .Nm | 1146 | rlogin/rsh. |
1189 | but not using rsh/rlogin. | ||
1190 | .Pp | 1147 | .Pp |
1191 | .It Pa /etc/ssh/ssh_config | 1148 | .It Pa /etc/ssh/ssh_config |
1192 | Systemwide configuration file. | 1149 | Systemwide configuration file. |