diff options
author | Colin Watson <cjwatson@debian.org> | 2013-11-09 12:08:24 +0000 |
---|---|---|
committer | Colin Watson <cjwatson@debian.org> | 2013-11-09 12:08:24 +0000 |
commit | ee196dab7c5f97f0b80c8099343a375bead92010 (patch) | |
tree | f5e86571416d84ad156949e8a3ab12ed12d681f2 /ssh-keysign.0 | |
parent | e01f4f6bfd6f5a47f810fd3522a151d59815402b (diff) | |
parent | c41345ad7ee5a22689e2c009595e85fa27b4b39a (diff) |
Import 6.4p1 tarball
Diffstat (limited to 'ssh-keysign.0')
-rw-r--r-- | ssh-keysign.0 | 51 |
1 files changed, 51 insertions, 0 deletions
diff --git a/ssh-keysign.0 b/ssh-keysign.0 new file mode 100644 index 000000000..808828a07 --- /dev/null +++ b/ssh-keysign.0 | |||
@@ -0,0 +1,51 @@ | |||
1 | SSH-KEYSIGN(8) OpenBSD System Manager's Manual SSH-KEYSIGN(8) | ||
2 | |||
3 | NAME | ||
4 | ssh-keysign - ssh helper program for host-based authentication | ||
5 | |||
6 | SYNOPSIS | ||
7 | ssh-keysign | ||
8 | |||
9 | DESCRIPTION | ||
10 | ssh-keysign is used by ssh(1) to access the local host keys and generate | ||
11 | the digital signature required during host-based authentication with SSH | ||
12 | protocol version 2. | ||
13 | |||
14 | ssh-keysign is disabled by default and can only be enabled in the global | ||
15 | client configuration file /etc/ssh/ssh_config by setting EnableSSHKeysign | ||
16 | to ``yes''. | ||
17 | |||
18 | ssh-keysign is not intended to be invoked by the user, but from ssh(1). | ||
19 | See ssh(1) and sshd(8) for more information about host-based | ||
20 | authentication. | ||
21 | |||
22 | FILES | ||
23 | /etc/ssh/ssh_config | ||
24 | Controls whether ssh-keysign is enabled. | ||
25 | |||
26 | /etc/ssh/ssh_host_dsa_key | ||
27 | /etc/ssh/ssh_host_ecdsa_key | ||
28 | /etc/ssh/ssh_host_rsa_key | ||
29 | These files contain the private parts of the host keys used to | ||
30 | generate the digital signature. They should be owned by root, | ||
31 | readable only by root, and not accessible to others. Since they | ||
32 | are readable only by root, ssh-keysign must be set-uid root if | ||
33 | host-based authentication is used. | ||
34 | |||
35 | /etc/ssh/ssh_host_dsa_key-cert.pub | ||
36 | /etc/ssh/ssh_host_ecdsa_key-cert.pub | ||
37 | /etc/ssh/ssh_host_rsa_key-cert.pub | ||
38 | If these files exist they are assumed to contain public | ||
39 | certificate information corresponding with the private keys | ||
40 | above. | ||
41 | |||
42 | SEE ALSO | ||
43 | ssh(1), ssh-keygen(1), ssh_config(5), sshd(8) | ||
44 | |||
45 | HISTORY | ||
46 | ssh-keysign first appeared in OpenBSD 3.2. | ||
47 | |||
48 | AUTHORS | ||
49 | Markus Friedl <markus@openbsd.org> | ||
50 | |||
51 | OpenBSD 5.4 July 16, 2013 OpenBSD 5.4 | ||