- djm@cvs.openbsd.org 2005/04/21 06:17:50

     [ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh.1 ssh_config.5 sshd.8]
     [sshd_config.5] OpenSSH doesn't ever look at the $HOME environment
     variable, so don't say that we do (bz #623); ok deraadt@

1 files changed, 35 insertions, 35 deletions

diff --git a/ssh.1 b/ssh.1
index 4cbab7477..05d2234a3 100644
--- a/ssh.1
+++ b/ssh.1
@@ -34,7 +34,7 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: ssh.1,v 1.206 2005/04/14 12:30:30 jmc Exp $
+.\" $OpenBSD: ssh.1,v 1.207 2005/04/21 06:17:50 djm Exp $
 .Dd September 25, 1999
 .Dt SSH 1
 .Os
@@ -109,9 +109,9 @@ or
 .Pa /etc/shosts.equiv
 on the remote machine, and the user names are
 the same on both sides, or if the files
-.Pa $HOME/.rhosts
+.Pa ~/.rhosts
 or
-.Pa $HOME/.shosts
+.Pa ~/.shosts
 exist in the user's home directory on the
 remote machine and contain a line containing the name of the client
 machine and the name of the user on that machine, the user is
@@ -120,7 +120,7 @@ Additionally, if the server can verify the client's
 host key (see
 .Pa /etc/ssh/ssh_known_hosts
 and
-.Pa $HOME/.ssh/known_hosts
+.Pa ~/.ssh/known_hosts
 in the
 .Sx FILES
 section), only then is login permitted.
@@ -128,7 +128,7 @@ This authentication method closes security holes due to IP
 spoofing, DNS spoofing and routing spoofing.
 [Note to the administrator:
 .Pa /etc/hosts.equiv ,
-.Pa $HOME/.rhosts ,
+.Pa ~/.rhosts ,
 and the rlogin/rsh protocol in general, are inherently insecure and should be
 disabled if security is desired.]
 .Pp
@@ -144,7 +144,7 @@ key pair for authentication purposes.
 The server knows the public key, and only the user knows the private key.
 .Pp
 The file
-.Pa $HOME/.ssh/authorized_keys
+.Pa ~/.ssh/authorized_keys
 lists the public keys that are permitted for logging in.
 When the user logs in, the
 .Nm
@@ -165,18 +165,18 @@ implements the RSA authentication protocol automatically.
 The user creates his/her RSA key pair by running
 .Xr ssh-keygen 1 .
 This stores the private key in
-.Pa $HOME/.ssh/identity
+.Pa ~/.ssh/identity
 and stores the public key in
-.Pa $HOME/.ssh/identity.pub
+.Pa ~/.ssh/identity.pub
 in the user's home directory.
 The user should then copy the
 .Pa identity.pub
 to
-.Pa $HOME/.ssh/authorized_keys
+.Pa ~/.ssh/authorized_keys
 in his/her home directory on the remote machine (the
 .Pa authorized_keys
 file corresponds to the conventional
-.Pa $HOME/.rhosts
+.Pa ~/.rhosts
 file, and has one key
 per line, though the lines can be very long).
 After this, the user can log in without giving the password.
@@ -206,12 +206,12 @@ password authentication are tried.
 The public key method is similar to RSA authentication described
 in the previous section and allows the RSA or DSA algorithm to be used:
 The client uses his private key,
-.Pa $HOME/.ssh/id_dsa
+.Pa ~/.ssh/id_dsa
 or
-.Pa $HOME/.ssh/id_rsa ,
+.Pa ~/.ssh/id_rsa ,
 to sign the session identifier and sends the result to the server.
 The server checks whether the matching public key is listed in
-.Pa $HOME/.ssh/authorized_keys
+.Pa ~/.ssh/authorized_keys
 and grants access if both the key is found and the signature is correct.
 The session identifier is derived from a shared Diffie-Hellman value
 and is only known to the client and the server.
@@ -365,7 +365,7 @@ electronic purse; another is going through firewalls.
 automatically maintains and checks a database containing
 identifications for all hosts it has ever been used with.
 Host keys are stored in
-.Pa $HOME/.ssh/known_hosts
+.Pa ~/.ssh/known_hosts
 in the user's home directory.
 Additionally, the file
 .Pa /etc/ssh/ssh_known_hosts
@@ -522,7 +522,7 @@ the system-wide configuration file
 .Pq Pa /etc/ssh/ssh_config
 will be ignored.
 The default for the per-user configuration file is
-.Pa $HOME/.ssh/config .
+.Pa ~/.ssh/config .
 .It Fl f
 Requests
 .Nm
@@ -548,11 +548,11 @@ private RSA key.
 Selects a file from which the identity (private key) for
 RSA or DSA authentication is read.
 The default is
-.Pa $HOME/.ssh/identity
+.Pa ~/.ssh/identity
 for protocol version 1, and
-.Pa $HOME/.ssh/id_rsa
+.Pa ~/.ssh/id_rsa
 and
-.Pa $HOME/.ssh/id_dsa
+.Pa ~/.ssh/id_dsa
 for protocol version 2.
 Identity files may also be specified on
 a per-host basis in the configuration file.
@@ -941,7 +941,7 @@ Set to the name of the user logging in.
 Additionally,
 .Nm
 reads
-.Pa $HOME/.ssh/environment ,
+.Pa ~/.ssh/environment ,
 and adds lines of the format
 .Dq VARNAME=value
 to the environment if the file exists and if users are allowed to
@@ -952,13 +952,13 @@ option in
 .Xr sshd_config 5 .
 .Sh FILES
 .Bl -tag -width Ds
-.It Pa $HOME/.ssh/known_hosts
+.It Pa ~/.ssh/known_hosts
 Records host keys for all hosts the user has logged into that are not
 in
 .Pa /etc/ssh/ssh_known_hosts .
 See
 .Xr sshd 8 .
-.It Pa $HOME/.ssh/identity, $HOME/.ssh/id_dsa, $HOME/.ssh/id_rsa
+.It Pa ~/.ssh/identity, ~/.ssh/id_dsa, ~/.ssh/id_rsa
 Contains the authentication identity of the user.
 They are for protocol 1 RSA, protocol 2 DSA, and protocol 2 RSA, respectively.
 These files
@@ -970,21 +970,21 @@ ignores a private key file if it is accessible by others.
 It is possible to specify a passphrase when
 generating the key; the passphrase will be used to encrypt the
 sensitive part of this file using 3DES.
-.It Pa $HOME/.ssh/identity.pub, $HOME/.ssh/id_dsa.pub, $HOME/.ssh/id_rsa.pub
+.It Pa ~/.ssh/identity.pub, ~/.ssh/id_dsa.pub, ~/.ssh/id_rsa.pub
 Contains the public key for authentication (public part of the
 identity file in human-readable form).
 The contents of the
-.Pa $HOME/.ssh/identity.pub
+.Pa ~/.ssh/identity.pub
 file should be added to the file
-.Pa $HOME/.ssh/authorized_keys
+.Pa ~/.ssh/authorized_keys
 on all machines
 where the user wishes to log in using protocol version 1 RSA authentication.
 The contents of the
-.Pa $HOME/.ssh/id_dsa.pub
+.Pa ~/.ssh/id_dsa.pub
 and
-.Pa $HOME/.ssh/id_rsa.pub
+.Pa ~/.ssh/id_rsa.pub
 file should be added to
-.Pa $HOME/.ssh/authorized_keys
+.Pa ~/.ssh/authorized_keys
 on all machines
 where the user wishes to log in using protocol version 2 DSA/RSA authentication.
 These files are not
@@ -992,13 +992,13 @@ sensitive and can (but need not) be readable by anyone.
 These files are
 never used automatically and are not necessary; they are only provided for
 the convenience of the user.
-.It Pa $HOME/.ssh/config
+.It Pa ~/.ssh/config
 This is the per-user configuration file.
 The file format and configuration options are described in
 .Xr ssh_config 5 .
 Because of the potential for abuse, this file must have strict permissions:
 read/write for the user, and not accessible by others.
-.It Pa $HOME/.ssh/authorized_keys
+.It Pa ~/.ssh/authorized_keys
 Lists the public keys (RSA/DSA) that can be used for logging in as this user.
 The format of this file is described in the
 .Xr sshd 8
@@ -1058,7 +1058,7 @@ be setuid root when that authentication method is used.
 By default
 .Nm
 is not setuid root.
-.It Pa $HOME/.rhosts
+.It Pa ~/.rhosts
 This file is used in
 .Cm RhostsRSAAuthentication
 and
@@ -1088,12 +1088,12 @@ authentication before permitting log in.
 If the server machine does not have the client's host key in
 .Pa /etc/ssh/ssh_known_hosts ,
 it can be stored in
-.Pa $HOME/.ssh/known_hosts .
+.Pa ~/.ssh/known_hosts .
 The easiest way to do this is to
 connect back to the client from the server machine using ssh; this
 will automatically add the host key to
-.Pa $HOME/.ssh/known_hosts .
-.It Pa $HOME/.shosts
+.Pa ~/.ssh/known_hosts .
+.It Pa ~/.shosts
 This file is used exactly the same way as
 .Pa .rhosts .
 The purpose for
@@ -1133,7 +1133,7 @@ when the user logs in just before the user's shell (or command) is started.
 See the
 .Xr sshd 8
 manual page for more information.
-.It Pa $HOME/.ssh/rc
+.It Pa ~/.ssh/rc
 Commands in this file are executed by
 .Nm
 when the user logs in just before the user's shell (or command) is
@@ -1141,7 +1141,7 @@ started.
 See the
 .Xr sshd 8
 manual page for more information.
-.It Pa $HOME/.ssh/environment
+.It Pa ~/.ssh/environment
 Contains additional definitions for environment variables, see section
 .Sx ENVIRONMENT
 above.