summaryrefslogtreecommitdiff
path: root/sshd.0
diff options
context:
space:
mode:
authorColin Watson <cjwatson@debian.org>2014-02-10 00:18:28 +0000
committerColin Watson <cjwatson@debian.org>2014-02-10 00:18:28 +0000
commit9a975a9faed7c4f334e8c8490db3e77e102f2b21 (patch)
tree764a885ec9a963f6a8b15de6e1765f16b9ac4738 /sshd.0
parentee196dab7c5f97f0b80c8099343a375bead92010 (diff)
parentcdb6c90811caa5df2df856be9b0b16db020fe31d (diff)
Import openssh_6.5p1.orig.tar.gz
Diffstat (limited to 'sshd.0')
-rw-r--r--sshd.037
1 files changed, 20 insertions, 17 deletions
diff --git a/sshd.0 b/sshd.0
index c48b987f9..154009c9f 100644
--- a/sshd.0
+++ b/sshd.0
@@ -82,10 +82,11 @@ DESCRIPTION
82 be given if sshd is not run as root (as the normal host key files 82 be given if sshd is not run as root (as the normal host key files
83 are normally not readable by anyone but root). The default is 83 are normally not readable by anyone but root). The default is
84 /etc/ssh/ssh_host_key for protocol version 1, and 84 /etc/ssh/ssh_host_key for protocol version 1, and
85 /etc/ssh/ssh_host_dsa_key, /etc/ssh/ssh_host_ecdsa_key and 85 /etc/ssh/ssh_host_dsa_key, /etc/ssh/ssh_host_ecdsa_key.
86 /etc/ssh/ssh_host_rsa_key for protocol version 2. It is possible 86 /etc/ssh/ssh_host_ed25519_key and /etc/ssh/ssh_host_rsa_key for
87 to have multiple host key files for the different protocol 87 protocol version 2. It is possible to have multiple host key
88 versions and host key algorithms. 88 files for the different protocol versions and host key
89 algorithms.
89 90
90 -i Specifies that sshd is being run from inetd(8). sshd is normally 91 -i Specifies that sshd is being run from inetd(8). sshd is normally
91 not run from inetd because it needs to generate the server key 92 not run from inetd because it needs to generate the server key
@@ -147,9 +148,9 @@ DESCRIPTION
147AUTHENTICATION 148AUTHENTICATION
148 The OpenSSH SSH daemon supports SSH protocols 1 and 2. The default is to 149 The OpenSSH SSH daemon supports SSH protocols 1 and 2. The default is to
149 use protocol 2 only, though this can be changed via the Protocol option 150 use protocol 2 only, though this can be changed via the Protocol option
150 in sshd_config(5). Protocol 2 supports DSA, ECDSA and RSA keys; protocol 151 in sshd_config(5). Protocol 2 supports DSA, ECDSA, ED25519 and RSA keys;
151 1 only supports RSA keys. For both protocols, each host has a host- 152 protocol 1 only supports RSA keys. For both protocols, each host has a
152 specific key, normally 2048 bits, used to identify the host. 153 host-specific key, normally 2048 bits, used to identify the host.
153 154
154 Forward security for protocol 1 is provided through an additional server 155 Forward security for protocol 1 is provided through an additional server
155 key, normally 768 bits, generated when the server starts. This key is 156 key, normally 768 bits, generated when the server starts. This key is
@@ -278,15 +279,15 @@ AUTHORIZED_KEYS FILE FORMAT
278 give the RSA key for protocol version 1; the comment field is not used 279 give the RSA key for protocol version 1; the comment field is not used
279 for anything (but may be convenient for the user to identify the key). 280 for anything (but may be convenient for the user to identify the key).
280 For protocol version 2 the keytype is ``ecdsa-sha2-nistp256'', 281 For protocol version 2 the keytype is ``ecdsa-sha2-nistp256'',
281 ``ecdsa-sha2-nistp384'', ``ecdsa-sha2-nistp521'', ``ssh-dss'' or 282 ``ecdsa-sha2-nistp384'', ``ecdsa-sha2-nistp521'', ``ssh-ed25519'',
282 ``ssh-rsa''. 283 ``ssh-dss'' or ``ssh-rsa''.
283 284
284 Note that lines in this file are usually several hundred bytes long 285 Note that lines in this file are usually several hundred bytes long
285 (because of the size of the public key encoding) up to a limit of 8 286 (because of the size of the public key encoding) up to a limit of 8
286 kilobytes, which permits DSA keys up to 8 kilobits and RSA keys up to 16 287 kilobytes, which permits DSA keys up to 8 kilobits and RSA keys up to 16
287 kilobits. You don't want to type them in; instead, copy the 288 kilobits. You don't want to type them in; instead, copy the
288 identity.pub, id_dsa.pub, id_ecdsa.pub, or the id_rsa.pub file and edit 289 identity.pub, id_dsa.pub, id_ecdsa.pub, id_ed25519.pub, or the id_rsa.pub
289 it. 290 file and edit it.
290 291
291 sshd enforces a minimum RSA key modulus size for protocol 1 and protocol 292 sshd enforces a minimum RSA key modulus size for protocol 1 and protocol
292 2 keys of 768 bits. 293 2 keys of 768 bits.
@@ -512,11 +513,11 @@ FILES
512 for the user, and not accessible by others. 513 for the user, and not accessible by others.
513 514
514 ~/.ssh/authorized_keys 515 ~/.ssh/authorized_keys
515 Lists the public keys (DSA/ECDSA/RSA) that can be used for 516 Lists the public keys (DSA, ECDSA, ED25519, RSA) that can be used
516 logging in as this user. The format of this file is described 517 for logging in as this user. The format of this file is
517 above. The content of the file is not highly sensitive, but the 518 described above. The content of the file is not highly
518 recommended permissions are read/write for the user, and not 519 sensitive, but the recommended permissions are read/write for the
519 accessible by others. 520 user, and not accessible by others.
520 521
521 If this file, the ~/.ssh directory, or the user's home directory 522 If this file, the ~/.ssh directory, or the user's home directory
522 are writable by other users, then the file could be modified or 523 are writable by other users, then the file could be modified or
@@ -574,6 +575,7 @@ FILES
574 /etc/ssh/ssh_host_key 575 /etc/ssh/ssh_host_key
575 /etc/ssh/ssh_host_dsa_key 576 /etc/ssh/ssh_host_dsa_key
576 /etc/ssh/ssh_host_ecdsa_key 577 /etc/ssh/ssh_host_ecdsa_key
578 /etc/ssh/ssh_host_ed25519_key
577 /etc/ssh/ssh_host_rsa_key 579 /etc/ssh/ssh_host_rsa_key
578 These files contain the private parts of the host keys. These 580 These files contain the private parts of the host keys. These
579 files should only be owned by root, readable only by root, and 581 files should only be owned by root, readable only by root, and
@@ -583,6 +585,7 @@ FILES
583 /etc/ssh/ssh_host_key.pub 585 /etc/ssh/ssh_host_key.pub
584 /etc/ssh/ssh_host_dsa_key.pub 586 /etc/ssh/ssh_host_dsa_key.pub
585 /etc/ssh/ssh_host_ecdsa_key.pub 587 /etc/ssh/ssh_host_ecdsa_key.pub
588 /etc/ssh/ssh_host_ed25519_key.pub
586 /etc/ssh/ssh_host_rsa_key.pub 589 /etc/ssh/ssh_host_rsa_key.pub
587 These files contain the public parts of the host keys. These 590 These files contain the public parts of the host keys. These
588 files should be world-readable but writable only by root. Their 591 files should be world-readable but writable only by root. Their
@@ -637,4 +640,4 @@ CAVEATS
637 System security is not improved unless rshd, rlogind, and rexecd are 640 System security is not improved unless rshd, rlogind, and rexecd are
638 disabled (thus completely disabling rlogin and rsh into the machine). 641 disabled (thus completely disabling rlogin and rsh into the machine).
639 642
640OpenBSD 5.4 June 27, 2013 OpenBSD 5.4 643OpenBSD 5.4 December 7, 2013 OpenBSD 5.4