diff options
| author | Colin Watson <cjwatson@debian.org> | 2014-02-10 00:18:28 +0000 |
|---|---|---|
| committer | Colin Watson <cjwatson@debian.org> | 2014-02-10 00:18:28 +0000 |
| commit | 9a975a9faed7c4f334e8c8490db3e77e102f2b21 (patch) | |
| tree | 764a885ec9a963f6a8b15de6e1765f16b9ac4738 /sshd.0 | |
| parent | ee196dab7c5f97f0b80c8099343a375bead92010 (diff) | |
| parent | cdb6c90811caa5df2df856be9b0b16db020fe31d (diff) | |
Import openssh_6.5p1.orig.tar.gz
Diffstat (limited to 'sshd.0')
| -rw-r--r-- | sshd.0 | 37 |
1 files changed, 20 insertions, 17 deletions
| @@ -82,10 +82,11 @@ DESCRIPTION | |||
| 82 | be given if sshd is not run as root (as the normal host key files | 82 | be given if sshd is not run as root (as the normal host key files |
| 83 | are normally not readable by anyone but root). The default is | 83 | are normally not readable by anyone but root). The default is |
| 84 | /etc/ssh/ssh_host_key for protocol version 1, and | 84 | /etc/ssh/ssh_host_key for protocol version 1, and |
| 85 | /etc/ssh/ssh_host_dsa_key, /etc/ssh/ssh_host_ecdsa_key and | 85 | /etc/ssh/ssh_host_dsa_key, /etc/ssh/ssh_host_ecdsa_key. |
| 86 | /etc/ssh/ssh_host_rsa_key for protocol version 2. It is possible | 86 | /etc/ssh/ssh_host_ed25519_key and /etc/ssh/ssh_host_rsa_key for |
| 87 | to have multiple host key files for the different protocol | 87 | protocol version 2. It is possible to have multiple host key |
| 88 | versions and host key algorithms. | 88 | files for the different protocol versions and host key |
| 89 | algorithms. | ||
| 89 | 90 | ||
| 90 | -i Specifies that sshd is being run from inetd(8). sshd is normally | 91 | -i Specifies that sshd is being run from inetd(8). sshd is normally |
| 91 | not run from inetd because it needs to generate the server key | 92 | not run from inetd because it needs to generate the server key |
| @@ -147,9 +148,9 @@ DESCRIPTION | |||
| 147 | AUTHENTICATION | 148 | AUTHENTICATION |
| 148 | The OpenSSH SSH daemon supports SSH protocols 1 and 2. The default is to | 149 | The OpenSSH SSH daemon supports SSH protocols 1 and 2. The default is to |
| 149 | use protocol 2 only, though this can be changed via the Protocol option | 150 | use protocol 2 only, though this can be changed via the Protocol option |
| 150 | in sshd_config(5). Protocol 2 supports DSA, ECDSA and RSA keys; protocol | 151 | in sshd_config(5). Protocol 2 supports DSA, ECDSA, ED25519 and RSA keys; |
| 151 | 1 only supports RSA keys. For both protocols, each host has a host- | 152 | protocol 1 only supports RSA keys. For both protocols, each host has a |
| 152 | specific key, normally 2048 bits, used to identify the host. | 153 | host-specific key, normally 2048 bits, used to identify the host. |
| 153 | 154 | ||
| 154 | Forward security for protocol 1 is provided through an additional server | 155 | Forward security for protocol 1 is provided through an additional server |
| 155 | key, normally 768 bits, generated when the server starts. This key is | 156 | key, normally 768 bits, generated when the server starts. This key is |
| @@ -278,15 +279,15 @@ AUTHORIZED_KEYS FILE FORMAT | |||
| 278 | give the RSA key for protocol version 1; the comment field is not used | 279 | give the RSA key for protocol version 1; the comment field is not used |
| 279 | for anything (but may be convenient for the user to identify the key). | 280 | for anything (but may be convenient for the user to identify the key). |
| 280 | For protocol version 2 the keytype is ``ecdsa-sha2-nistp256'', | 281 | For protocol version 2 the keytype is ``ecdsa-sha2-nistp256'', |
| 281 | ``ecdsa-sha2-nistp384'', ``ecdsa-sha2-nistp521'', ``ssh-dss'' or | 282 | ``ecdsa-sha2-nistp384'', ``ecdsa-sha2-nistp521'', ``ssh-ed25519'', |
| 282 | ``ssh-rsa''. | 283 | ``ssh-dss'' or ``ssh-rsa''. |
| 283 | 284 | ||
| 284 | Note that lines in this file are usually several hundred bytes long | 285 | Note that lines in this file are usually several hundred bytes long |
| 285 | (because of the size of the public key encoding) up to a limit of 8 | 286 | (because of the size of the public key encoding) up to a limit of 8 |
| 286 | kilobytes, which permits DSA keys up to 8 kilobits and RSA keys up to 16 | 287 | kilobytes, which permits DSA keys up to 8 kilobits and RSA keys up to 16 |
| 287 | kilobits. You don't want to type them in; instead, copy the | 288 | kilobits. You don't want to type them in; instead, copy the |
| 288 | identity.pub, id_dsa.pub, id_ecdsa.pub, or the id_rsa.pub file and edit | 289 | identity.pub, id_dsa.pub, id_ecdsa.pub, id_ed25519.pub, or the id_rsa.pub |
| 289 | it. | 290 | file and edit it. |
| 290 | 291 | ||
| 291 | sshd enforces a minimum RSA key modulus size for protocol 1 and protocol | 292 | sshd enforces a minimum RSA key modulus size for protocol 1 and protocol |
| 292 | 2 keys of 768 bits. | 293 | 2 keys of 768 bits. |
| @@ -512,11 +513,11 @@ FILES | |||
| 512 | for the user, and not accessible by others. | 513 | for the user, and not accessible by others. |
| 513 | 514 | ||
| 514 | ~/.ssh/authorized_keys | 515 | ~/.ssh/authorized_keys |
| 515 | Lists the public keys (DSA/ECDSA/RSA) that can be used for | 516 | Lists the public keys (DSA, ECDSA, ED25519, RSA) that can be used |
| 516 | logging in as this user. The format of this file is described | 517 | for logging in as this user. The format of this file is |
| 517 | above. The content of the file is not highly sensitive, but the | 518 | described above. The content of the file is not highly |
| 518 | recommended permissions are read/write for the user, and not | 519 | sensitive, but the recommended permissions are read/write for the |
| 519 | accessible by others. | 520 | user, and not accessible by others. |
| 520 | 521 | ||
| 521 | If this file, the ~/.ssh directory, or the user's home directory | 522 | If this file, the ~/.ssh directory, or the user's home directory |
| 522 | are writable by other users, then the file could be modified or | 523 | are writable by other users, then the file could be modified or |
| @@ -574,6 +575,7 @@ FILES | |||
| 574 | /etc/ssh/ssh_host_key | 575 | /etc/ssh/ssh_host_key |
| 575 | /etc/ssh/ssh_host_dsa_key | 576 | /etc/ssh/ssh_host_dsa_key |
| 576 | /etc/ssh/ssh_host_ecdsa_key | 577 | /etc/ssh/ssh_host_ecdsa_key |
| 578 | /etc/ssh/ssh_host_ed25519_key | ||
| 577 | /etc/ssh/ssh_host_rsa_key | 579 | /etc/ssh/ssh_host_rsa_key |
| 578 | These files contain the private parts of the host keys. These | 580 | These files contain the private parts of the host keys. These |
| 579 | files should only be owned by root, readable only by root, and | 581 | files should only be owned by root, readable only by root, and |
| @@ -583,6 +585,7 @@ FILES | |||
| 583 | /etc/ssh/ssh_host_key.pub | 585 | /etc/ssh/ssh_host_key.pub |
| 584 | /etc/ssh/ssh_host_dsa_key.pub | 586 | /etc/ssh/ssh_host_dsa_key.pub |
| 585 | /etc/ssh/ssh_host_ecdsa_key.pub | 587 | /etc/ssh/ssh_host_ecdsa_key.pub |
| 588 | /etc/ssh/ssh_host_ed25519_key.pub | ||
| 586 | /etc/ssh/ssh_host_rsa_key.pub | 589 | /etc/ssh/ssh_host_rsa_key.pub |
| 587 | These files contain the public parts of the host keys. These | 590 | These files contain the public parts of the host keys. These |
| 588 | files should be world-readable but writable only by root. Their | 591 | files should be world-readable but writable only by root. Their |
| @@ -637,4 +640,4 @@ CAVEATS | |||
| 637 | System security is not improved unless rshd, rlogind, and rexecd are | 640 | System security is not improved unless rshd, rlogind, and rexecd are |
| 638 | disabled (thus completely disabling rlogin and rsh into the machine). | 641 | disabled (thus completely disabling rlogin and rsh into the machine). |
| 639 | 642 | ||
| 640 | OpenBSD 5.4 June 27, 2013 OpenBSD 5.4 | 643 | OpenBSD 5.4 December 7, 2013 OpenBSD 5.4 |