diff options
author | Colin Watson <cjwatson@debian.org> | 2009-12-29 21:40:29 +0000 |
---|---|---|
committer | Colin Watson <cjwatson@debian.org> | 2009-12-29 21:40:29 +0000 |
commit | a25ec0b132c44c9e341e08464ff830de06b81126 (patch) | |
tree | e20842d80f9e25cb6cf09525abea63f7bf655dd7 /sshd.0 | |
parent | 1b816ea846aca3ee89e7995373ace609e9518424 (diff) | |
parent | 70847d299887abb96f8703ca99db6d817b78960e (diff) |
import openssh-4.7p1-gsskex-20070927.patch
Diffstat (limited to 'sshd.0')
-rw-r--r-- | sshd.0 | 37 |
1 files changed, 19 insertions, 18 deletions
@@ -9,8 +9,8 @@ SYNOPSIS | |||
9 | 9 | ||
10 | DESCRIPTION | 10 | DESCRIPTION |
11 | sshd (OpenSSH Daemon) is the daemon program for ssh(1). Together these | 11 | sshd (OpenSSH Daemon) is the daemon program for ssh(1). Together these |
12 | programs replace rlogin and rsh, and provide secure encrypted communica- | 12 | programs replace rlogin(1) and rsh(1), and provide secure encrypted com- |
13 | tions between two untrusted hosts over an insecure network. | 13 | munications between two untrusted hosts over an insecure network. |
14 | 14 | ||
15 | sshd listens for connections from clients. It is normally started at | 15 | sshd listens for connections from clients. It is normally started at |
16 | boot from /etc/rc. It forks a new daemon for each incoming connection. | 16 | boot from /etc/rc. It forks a new daemon for each incoming connection. |
@@ -45,7 +45,7 @@ DESCRIPTION | |||
45 | -e When this option is specified, sshd will send the output to the | 45 | -e When this option is specified, sshd will send the output to the |
46 | standard error instead of the system log. | 46 | standard error instead of the system log. |
47 | 47 | ||
48 | -f configuration_file | 48 | -f config_file |
49 | Specifies the name of the configuration file. The default is | 49 | Specifies the name of the configuration file. The default is |
50 | /etc/ssh/sshd_config. sshd refuses to start if there is no con- | 50 | /etc/ssh/sshd_config. sshd refuses to start if there is no con- |
51 | figuration file. | 51 | figuration file. |
@@ -143,7 +143,8 @@ AUTHENTICATION | |||
143 | AES, Blowfish, 3DES, CAST128, Arcfour, 192-bit AES, or 256-bit AES. The | 143 | AES, Blowfish, 3DES, CAST128, Arcfour, 192-bit AES, or 256-bit AES. The |
144 | client selects the encryption algorithm to use from those offered by the | 144 | client selects the encryption algorithm to use from those offered by the |
145 | server. Additionally, session integrity is provided through a crypto- | 145 | server. Additionally, session integrity is provided through a crypto- |
146 | graphic message authentication code (hmac-sha1 or hmac-md5). | 146 | graphic message authentication code (hmac-md5, hmac-sha1, umac-64 or |
147 | hmac-ripemd160). | ||
147 | 148 | ||
148 | Finally, the server and the client enter an authentication dialog. The | 149 | Finally, the server and the client enter an authentication dialog. The |
149 | client tries to authenticate itself using host-based authentication, pub- | 150 | client tries to authenticate itself using host-based authentication, pub- |
@@ -156,10 +157,10 @@ AUTHENTICATION | |||
156 | tion of a locked account is system dependant. Some platforms have their | 157 | tion of a locked account is system dependant. Some platforms have their |
157 | own account database (eg AIX) and some modify the passwd field ( `*LK*' | 158 | own account database (eg AIX) and some modify the passwd field ( `*LK*' |
158 | on Solaris and UnixWare, `*' on HP-UX, containing `Nologin' on Tru64, a | 159 | on Solaris and UnixWare, `*' on HP-UX, containing `Nologin' on Tru64, a |
159 | leading `*LOCKED*' on FreeBSD and a leading `!!' on Linux). If there is | 160 | leading `*LOCKED*' on FreeBSD and a leading `!' on most Linuxes). If |
160 | a requirement to disable password authentication for the account while | 161 | there is a requirement to disable password authentication for the account |
161 | allowing still public-key, then the passwd field should be set to some- | 162 | while allowing still public-key, then the passwd field should be set to |
162 | thing other than these values (eg `NP' or `*NP*' ). | 163 | something other than these values (eg `NP' or `*NP*' ). |
163 | 164 | ||
164 | If the client successfully authenticates itself, a dialog for preparing | 165 | If the client successfully authenticates itself, a dialog for preparing |
165 | the session is entered. At this time the client may request things like | 166 | the session is entered. At this time the client may request things like |
@@ -477,13 +478,6 @@ FILES | |||
477 | lows host-based authentication without permitting login with | 478 | lows host-based authentication without permitting login with |
478 | rlogin/rsh. | 479 | rlogin/rsh. |
479 | 480 | ||
480 | /etc/ssh/ssh_known_hosts | ||
481 | Systemwide list of known host keys. This file should be prepared | ||
482 | by the system administrator to contain the public host keys of | ||
483 | all machines in the organization. The format of this file is de- | ||
484 | scribed above. This file should be writable only by root/the | ||
485 | owner and should be world-readable. | ||
486 | |||
487 | /etc/ssh/ssh_host_key | 481 | /etc/ssh/ssh_host_key |
488 | /etc/ssh/ssh_host_dsa_key | 482 | /etc/ssh/ssh_host_dsa_key |
489 | /etc/ssh/ssh_host_rsa_key | 483 | /etc/ssh/ssh_host_rsa_key |
@@ -502,6 +496,13 @@ FILES | |||
502 | convenience of the user so their contents can be copied to known | 496 | convenience of the user so their contents can be copied to known |
503 | hosts files. These files are created using ssh-keygen(1). | 497 | hosts files. These files are created using ssh-keygen(1). |
504 | 498 | ||
499 | /etc/ssh/ssh_known_hosts | ||
500 | Systemwide list of known host keys. This file should be prepared | ||
501 | by the system administrator to contain the public host keys of | ||
502 | all machines in the organization. The format of this file is de- | ||
503 | scribed above. This file should be writable only by root/the | ||
504 | owner and should be world-readable. | ||
505 | |||
505 | /etc/ssh/sshd_config | 506 | /etc/ssh/sshd_config |
506 | Contains configuration data for sshd. The file format and con- | 507 | Contains configuration data for sshd. The file format and con- |
507 | figuration options are described in sshd_config(5). | 508 | figuration options are described in sshd_config(5). |
@@ -526,8 +527,8 @@ FILES | |||
526 | 527 | ||
527 | SEE ALSO | 528 | SEE ALSO |
528 | scp(1), sftp(1), ssh(1), ssh-add(1), ssh-agent(1), ssh-keygen(1), | 529 | scp(1), sftp(1), ssh(1), ssh-add(1), ssh-agent(1), ssh-keygen(1), |
529 | chroot(2), hosts_access(5), login.conf(5), moduli(5), sshd_config(5), | 530 | ssh-keyscan(1), chroot(2), hosts_access(5), login.conf(5), moduli(5), |
530 | inetd(8), sftp-server(8) | 531 | sshd_config(5), inetd(8), sftp-server(8) |
531 | 532 | ||
532 | AUTHORS | 533 | AUTHORS |
533 | OpenSSH is a derivative of the original and free ssh 1.2.12 release by | 534 | OpenSSH is a derivative of the original and free ssh 1.2.12 release by |
@@ -541,4 +542,4 @@ CAVEATS | |||
541 | System security is not improved unless rshd, rlogind, and rexecd are dis- | 542 | System security is not improved unless rshd, rlogind, and rexecd are dis- |
542 | abled (thus completely disabling rlogin and rsh into the machine). | 543 | abled (thus completely disabling rlogin and rsh into the machine). |
543 | 544 | ||
544 | OpenBSD 4.1 September 25, 1999 9 | 545 | OpenBSD 4.2 August 16, 2007 9 |