diff options
author | Colin Watson <cjwatson@debian.org> | 2014-02-10 00:18:28 +0000 |
---|---|---|
committer | Colin Watson <cjwatson@debian.org> | 2014-02-10 00:18:28 +0000 |
commit | 9a975a9faed7c4f334e8c8490db3e77e102f2b21 (patch) | |
tree | 764a885ec9a963f6a8b15de6e1765f16b9ac4738 /sshd.0 | |
parent | ee196dab7c5f97f0b80c8099343a375bead92010 (diff) | |
parent | cdb6c90811caa5df2df856be9b0b16db020fe31d (diff) |
Import openssh_6.5p1.orig.tar.gz
Diffstat (limited to 'sshd.0')
-rw-r--r-- | sshd.0 | 37 |
1 files changed, 20 insertions, 17 deletions
@@ -82,10 +82,11 @@ DESCRIPTION | |||
82 | be given if sshd is not run as root (as the normal host key files | 82 | be given if sshd is not run as root (as the normal host key files |
83 | are normally not readable by anyone but root). The default is | 83 | are normally not readable by anyone but root). The default is |
84 | /etc/ssh/ssh_host_key for protocol version 1, and | 84 | /etc/ssh/ssh_host_key for protocol version 1, and |
85 | /etc/ssh/ssh_host_dsa_key, /etc/ssh/ssh_host_ecdsa_key and | 85 | /etc/ssh/ssh_host_dsa_key, /etc/ssh/ssh_host_ecdsa_key. |
86 | /etc/ssh/ssh_host_rsa_key for protocol version 2. It is possible | 86 | /etc/ssh/ssh_host_ed25519_key and /etc/ssh/ssh_host_rsa_key for |
87 | to have multiple host key files for the different protocol | 87 | protocol version 2. It is possible to have multiple host key |
88 | versions and host key algorithms. | 88 | files for the different protocol versions and host key |
89 | algorithms. | ||
89 | 90 | ||
90 | -i Specifies that sshd is being run from inetd(8). sshd is normally | 91 | -i Specifies that sshd is being run from inetd(8). sshd is normally |
91 | not run from inetd because it needs to generate the server key | 92 | not run from inetd because it needs to generate the server key |
@@ -147,9 +148,9 @@ DESCRIPTION | |||
147 | AUTHENTICATION | 148 | AUTHENTICATION |
148 | The OpenSSH SSH daemon supports SSH protocols 1 and 2. The default is to | 149 | The OpenSSH SSH daemon supports SSH protocols 1 and 2. The default is to |
149 | use protocol 2 only, though this can be changed via the Protocol option | 150 | use protocol 2 only, though this can be changed via the Protocol option |
150 | in sshd_config(5). Protocol 2 supports DSA, ECDSA and RSA keys; protocol | 151 | in sshd_config(5). Protocol 2 supports DSA, ECDSA, ED25519 and RSA keys; |
151 | 1 only supports RSA keys. For both protocols, each host has a host- | 152 | protocol 1 only supports RSA keys. For both protocols, each host has a |
152 | specific key, normally 2048 bits, used to identify the host. | 153 | host-specific key, normally 2048 bits, used to identify the host. |
153 | 154 | ||
154 | Forward security for protocol 1 is provided through an additional server | 155 | Forward security for protocol 1 is provided through an additional server |
155 | key, normally 768 bits, generated when the server starts. This key is | 156 | key, normally 768 bits, generated when the server starts. This key is |
@@ -278,15 +279,15 @@ AUTHORIZED_KEYS FILE FORMAT | |||
278 | give the RSA key for protocol version 1; the comment field is not used | 279 | give the RSA key for protocol version 1; the comment field is not used |
279 | for anything (but may be convenient for the user to identify the key). | 280 | for anything (but may be convenient for the user to identify the key). |
280 | For protocol version 2 the keytype is ``ecdsa-sha2-nistp256'', | 281 | For protocol version 2 the keytype is ``ecdsa-sha2-nistp256'', |
281 | ``ecdsa-sha2-nistp384'', ``ecdsa-sha2-nistp521'', ``ssh-dss'' or | 282 | ``ecdsa-sha2-nistp384'', ``ecdsa-sha2-nistp521'', ``ssh-ed25519'', |
282 | ``ssh-rsa''. | 283 | ``ssh-dss'' or ``ssh-rsa''. |
283 | 284 | ||
284 | Note that lines in this file are usually several hundred bytes long | 285 | Note that lines in this file are usually several hundred bytes long |
285 | (because of the size of the public key encoding) up to a limit of 8 | 286 | (because of the size of the public key encoding) up to a limit of 8 |
286 | kilobytes, which permits DSA keys up to 8 kilobits and RSA keys up to 16 | 287 | kilobytes, which permits DSA keys up to 8 kilobits and RSA keys up to 16 |
287 | kilobits. You don't want to type them in; instead, copy the | 288 | kilobits. You don't want to type them in; instead, copy the |
288 | identity.pub, id_dsa.pub, id_ecdsa.pub, or the id_rsa.pub file and edit | 289 | identity.pub, id_dsa.pub, id_ecdsa.pub, id_ed25519.pub, or the id_rsa.pub |
289 | it. | 290 | file and edit it. |
290 | 291 | ||
291 | sshd enforces a minimum RSA key modulus size for protocol 1 and protocol | 292 | sshd enforces a minimum RSA key modulus size for protocol 1 and protocol |
292 | 2 keys of 768 bits. | 293 | 2 keys of 768 bits. |
@@ -512,11 +513,11 @@ FILES | |||
512 | for the user, and not accessible by others. | 513 | for the user, and not accessible by others. |
513 | 514 | ||
514 | ~/.ssh/authorized_keys | 515 | ~/.ssh/authorized_keys |
515 | Lists the public keys (DSA/ECDSA/RSA) that can be used for | 516 | Lists the public keys (DSA, ECDSA, ED25519, RSA) that can be used |
516 | logging in as this user. The format of this file is described | 517 | for logging in as this user. The format of this file is |
517 | above. The content of the file is not highly sensitive, but the | 518 | described above. The content of the file is not highly |
518 | recommended permissions are read/write for the user, and not | 519 | sensitive, but the recommended permissions are read/write for the |
519 | accessible by others. | 520 | user, and not accessible by others. |
520 | 521 | ||
521 | If this file, the ~/.ssh directory, or the user's home directory | 522 | If this file, the ~/.ssh directory, or the user's home directory |
522 | are writable by other users, then the file could be modified or | 523 | are writable by other users, then the file could be modified or |
@@ -574,6 +575,7 @@ FILES | |||
574 | /etc/ssh/ssh_host_key | 575 | /etc/ssh/ssh_host_key |
575 | /etc/ssh/ssh_host_dsa_key | 576 | /etc/ssh/ssh_host_dsa_key |
576 | /etc/ssh/ssh_host_ecdsa_key | 577 | /etc/ssh/ssh_host_ecdsa_key |
578 | /etc/ssh/ssh_host_ed25519_key | ||
577 | /etc/ssh/ssh_host_rsa_key | 579 | /etc/ssh/ssh_host_rsa_key |
578 | These files contain the private parts of the host keys. These | 580 | These files contain the private parts of the host keys. These |
579 | files should only be owned by root, readable only by root, and | 581 | files should only be owned by root, readable only by root, and |
@@ -583,6 +585,7 @@ FILES | |||
583 | /etc/ssh/ssh_host_key.pub | 585 | /etc/ssh/ssh_host_key.pub |
584 | /etc/ssh/ssh_host_dsa_key.pub | 586 | /etc/ssh/ssh_host_dsa_key.pub |
585 | /etc/ssh/ssh_host_ecdsa_key.pub | 587 | /etc/ssh/ssh_host_ecdsa_key.pub |
588 | /etc/ssh/ssh_host_ed25519_key.pub | ||
586 | /etc/ssh/ssh_host_rsa_key.pub | 589 | /etc/ssh/ssh_host_rsa_key.pub |
587 | These files contain the public parts of the host keys. These | 590 | These files contain the public parts of the host keys. These |
588 | files should be world-readable but writable only by root. Their | 591 | files should be world-readable but writable only by root. Their |
@@ -637,4 +640,4 @@ CAVEATS | |||
637 | System security is not improved unless rshd, rlogind, and rexecd are | 640 | System security is not improved unless rshd, rlogind, and rexecd are |
638 | disabled (thus completely disabling rlogin and rsh into the machine). | 641 | disabled (thus completely disabling rlogin and rsh into the machine). |
639 | 642 | ||
640 | OpenBSD 5.4 June 27, 2013 OpenBSD 5.4 | 643 | OpenBSD 5.4 December 7, 2013 OpenBSD 5.4 |