summaryrefslogtreecommitdiff
path: root/sshd.0
diff options
context:
space:
mode:
authorColin Watson <cjwatson@debian.org>2009-12-29 21:40:29 +0000
committerColin Watson <cjwatson@debian.org>2009-12-29 21:40:29 +0000
commita25ec0b132c44c9e341e08464ff830de06b81126 (patch)
treee20842d80f9e25cb6cf09525abea63f7bf655dd7 /sshd.0
parent1b816ea846aca3ee89e7995373ace609e9518424 (diff)
parent70847d299887abb96f8703ca99db6d817b78960e (diff)
import openssh-4.7p1-gsskex-20070927.patch
Diffstat (limited to 'sshd.0')
-rw-r--r--sshd.037
1 files changed, 19 insertions, 18 deletions
diff --git a/sshd.0 b/sshd.0
index 5e21db125..d2ffaacfa 100644
--- a/sshd.0
+++ b/sshd.0
@@ -9,8 +9,8 @@ SYNOPSIS
9 9
10DESCRIPTION 10DESCRIPTION
11 sshd (OpenSSH Daemon) is the daemon program for ssh(1). Together these 11 sshd (OpenSSH Daemon) is the daemon program for ssh(1). Together these
12 programs replace rlogin and rsh, and provide secure encrypted communica- 12 programs replace rlogin(1) and rsh(1), and provide secure encrypted com-
13 tions between two untrusted hosts over an insecure network. 13 munications between two untrusted hosts over an insecure network.
14 14
15 sshd listens for connections from clients. It is normally started at 15 sshd listens for connections from clients. It is normally started at
16 boot from /etc/rc. It forks a new daemon for each incoming connection. 16 boot from /etc/rc. It forks a new daemon for each incoming connection.
@@ -45,7 +45,7 @@ DESCRIPTION
45 -e When this option is specified, sshd will send the output to the 45 -e When this option is specified, sshd will send the output to the
46 standard error instead of the system log. 46 standard error instead of the system log.
47 47
48 -f configuration_file 48 -f config_file
49 Specifies the name of the configuration file. The default is 49 Specifies the name of the configuration file. The default is
50 /etc/ssh/sshd_config. sshd refuses to start if there is no con- 50 /etc/ssh/sshd_config. sshd refuses to start if there is no con-
51 figuration file. 51 figuration file.
@@ -143,7 +143,8 @@ AUTHENTICATION
143 AES, Blowfish, 3DES, CAST128, Arcfour, 192-bit AES, or 256-bit AES. The 143 AES, Blowfish, 3DES, CAST128, Arcfour, 192-bit AES, or 256-bit AES. The
144 client selects the encryption algorithm to use from those offered by the 144 client selects the encryption algorithm to use from those offered by the
145 server. Additionally, session integrity is provided through a crypto- 145 server. Additionally, session integrity is provided through a crypto-
146 graphic message authentication code (hmac-sha1 or hmac-md5). 146 graphic message authentication code (hmac-md5, hmac-sha1, umac-64 or
147 hmac-ripemd160).
147 148
148 Finally, the server and the client enter an authentication dialog. The 149 Finally, the server and the client enter an authentication dialog. The
149 client tries to authenticate itself using host-based authentication, pub- 150 client tries to authenticate itself using host-based authentication, pub-
@@ -156,10 +157,10 @@ AUTHENTICATION
156 tion of a locked account is system dependant. Some platforms have their 157 tion of a locked account is system dependant. Some platforms have their
157 own account database (eg AIX) and some modify the passwd field ( `*LK*' 158 own account database (eg AIX) and some modify the passwd field ( `*LK*'
158 on Solaris and UnixWare, `*' on HP-UX, containing `Nologin' on Tru64, a 159 on Solaris and UnixWare, `*' on HP-UX, containing `Nologin' on Tru64, a
159 leading `*LOCKED*' on FreeBSD and a leading `!!' on Linux). If there is 160 leading `*LOCKED*' on FreeBSD and a leading `!' on most Linuxes). If
160 a requirement to disable password authentication for the account while 161 there is a requirement to disable password authentication for the account
161 allowing still public-key, then the passwd field should be set to some- 162 while allowing still public-key, then the passwd field should be set to
162 thing other than these values (eg `NP' or `*NP*' ). 163 something other than these values (eg `NP' or `*NP*' ).
163 164
164 If the client successfully authenticates itself, a dialog for preparing 165 If the client successfully authenticates itself, a dialog for preparing
165 the session is entered. At this time the client may request things like 166 the session is entered. At this time the client may request things like
@@ -477,13 +478,6 @@ FILES
477 lows host-based authentication without permitting login with 478 lows host-based authentication without permitting login with
478 rlogin/rsh. 479 rlogin/rsh.
479 480
480 /etc/ssh/ssh_known_hosts
481 Systemwide list of known host keys. This file should be prepared
482 by the system administrator to contain the public host keys of
483 all machines in the organization. The format of this file is de-
484 scribed above. This file should be writable only by root/the
485 owner and should be world-readable.
486
487 /etc/ssh/ssh_host_key 481 /etc/ssh/ssh_host_key
488 /etc/ssh/ssh_host_dsa_key 482 /etc/ssh/ssh_host_dsa_key
489 /etc/ssh/ssh_host_rsa_key 483 /etc/ssh/ssh_host_rsa_key
@@ -502,6 +496,13 @@ FILES
502 convenience of the user so their contents can be copied to known 496 convenience of the user so their contents can be copied to known
503 hosts files. These files are created using ssh-keygen(1). 497 hosts files. These files are created using ssh-keygen(1).
504 498
499 /etc/ssh/ssh_known_hosts
500 Systemwide list of known host keys. This file should be prepared
501 by the system administrator to contain the public host keys of
502 all machines in the organization. The format of this file is de-
503 scribed above. This file should be writable only by root/the
504 owner and should be world-readable.
505
505 /etc/ssh/sshd_config 506 /etc/ssh/sshd_config
506 Contains configuration data for sshd. The file format and con- 507 Contains configuration data for sshd. The file format and con-
507 figuration options are described in sshd_config(5). 508 figuration options are described in sshd_config(5).
@@ -526,8 +527,8 @@ FILES
526 527
527SEE ALSO 528SEE ALSO
528 scp(1), sftp(1), ssh(1), ssh-add(1), ssh-agent(1), ssh-keygen(1), 529 scp(1), sftp(1), ssh(1), ssh-add(1), ssh-agent(1), ssh-keygen(1),
529 chroot(2), hosts_access(5), login.conf(5), moduli(5), sshd_config(5), 530 ssh-keyscan(1), chroot(2), hosts_access(5), login.conf(5), moduli(5),
530 inetd(8), sftp-server(8) 531 sshd_config(5), inetd(8), sftp-server(8)
531 532
532AUTHORS 533AUTHORS
533 OpenSSH is a derivative of the original and free ssh 1.2.12 release by 534 OpenSSH is a derivative of the original and free ssh 1.2.12 release by
@@ -541,4 +542,4 @@ CAVEATS
541 System security is not improved unless rshd, rlogind, and rexecd are dis- 542 System security is not improved unless rshd, rlogind, and rexecd are dis-
542 abled (thus completely disabling rlogin and rsh into the machine). 543 abled (thus completely disabling rlogin and rsh into the machine).
543 544
544OpenBSD 4.1 September 25, 1999 9 545OpenBSD 4.2 August 16, 2007 9