diff options
author | Colin Watson <cjwatson@debian.org> | 2005-09-14 12:45:47 +0000 |
---|---|---|
committer | Colin Watson <cjwatson@debian.org> | 2005-09-14 12:45:47 +0000 |
commit | 9b71add4cecf753c45f5fbd6ff0913bc95b3e95d (patch) | |
tree | d4ea8fdb30c7949c6433f5277c39548ea579d4dc /sshd.8 | |
parent | ed07bcbea56007ab5b218ddf3aa6a7d4e21966e0 (diff) | |
parent | 16704d57999d987fb8d9ba53379841a79f016d67 (diff) |
Merge 4.2p1 to the trunk.
Diffstat (limited to 'sshd.8')
-rw-r--r-- | sshd.8 | 32 |
1 files changed, 16 insertions, 16 deletions
@@ -34,7 +34,7 @@ | |||
34 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 34 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
35 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 35 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
36 | .\" | 36 | .\" |
37 | .\" $OpenBSD: sshd.8,v 1.206 2005/03/01 14:59:49 jmc Exp $ | 37 | .\" $OpenBSD: sshd.8,v 1.208 2005/06/08 03:50:00 djm Exp $ |
38 | .Dd September 25, 1999 | 38 | .Dd September 25, 1999 |
39 | .Dt SSHD 8 | 39 | .Dt SSHD 8 |
40 | .Os | 40 | .Os |
@@ -80,7 +80,7 @@ supports both SSH protocol version 1 and 2 simultaneously. | |||
80 | works as follows: | 80 | works as follows: |
81 | .Ss SSH protocol version 1 | 81 | .Ss SSH protocol version 1 |
82 | Each host has a host-specific RSA key | 82 | Each host has a host-specific RSA key |
83 | (normally 1024 bits) used to identify the host. | 83 | (normally 2048 bits) used to identify the host. |
84 | Additionally, when | 84 | Additionally, when |
85 | the daemon starts, it generates a server RSA key (normally 768 bits). | 85 | the daemon starts, it generates a server RSA key (normally 768 bits). |
86 | This key is normally regenerated every hour if it has been used, and | 86 | This key is normally regenerated every hour if it has been used, and |
@@ -353,7 +353,7 @@ If the login is on a tty, and no command has been specified, | |||
353 | prints last login time and | 353 | prints last login time and |
354 | .Pa /etc/motd | 354 | .Pa /etc/motd |
355 | (unless prevented in the configuration file or by | 355 | (unless prevented in the configuration file or by |
356 | .Pa $HOME/.hushlogin ; | 356 | .Pa ~/.hushlogin ; |
357 | see the | 357 | see the |
358 | .Sx FILES | 358 | .Sx FILES |
359 | section). | 359 | section). |
@@ -370,7 +370,7 @@ Changes to run with normal user privileges. | |||
370 | Sets up basic environment. | 370 | Sets up basic environment. |
371 | .It | 371 | .It |
372 | Reads the file | 372 | Reads the file |
373 | .Pa $HOME/.ssh/environment , | 373 | .Pa ~/.ssh/environment , |
374 | if it exists, and users are allowed to change their environment. | 374 | if it exists, and users are allowed to change their environment. |
375 | See the | 375 | See the |
376 | .Cm PermitUserEnvironment | 376 | .Cm PermitUserEnvironment |
@@ -380,7 +380,7 @@ option in | |||
380 | Changes to user's home directory. | 380 | Changes to user's home directory. |
381 | .It | 381 | .It |
382 | If | 382 | If |
383 | .Pa $HOME/.ssh/rc | 383 | .Pa ~/.ssh/rc |
384 | exists, runs it; else if | 384 | exists, runs it; else if |
385 | .Pa /etc/ssh/sshrc | 385 | .Pa /etc/ssh/sshrc |
386 | exists, runs | 386 | exists, runs |
@@ -393,7 +393,7 @@ authentication protocol and cookie in standard input. | |||
393 | Runs user's shell or command. | 393 | Runs user's shell or command. |
394 | .El | 394 | .El |
395 | .Sh AUTHORIZED_KEYS FILE FORMAT | 395 | .Sh AUTHORIZED_KEYS FILE FORMAT |
396 | .Pa $HOME/.ssh/authorized_keys | 396 | .Pa ~/.ssh/authorized_keys |
397 | is the default file that lists the public keys that are | 397 | is the default file that lists the public keys that are |
398 | permitted for RSA authentication in protocol version 1 | 398 | permitted for RSA authentication in protocol version 1 |
399 | and for public key authentication (PubkeyAuthentication) | 399 | and for public key authentication (PubkeyAuthentication) |
@@ -531,7 +531,7 @@ permitopen="10.2.1.55:80",permitopen="10.2.1.56:25" 1024 33 23...2323 | |||
531 | The | 531 | The |
532 | .Pa /etc/ssh/ssh_known_hosts | 532 | .Pa /etc/ssh/ssh_known_hosts |
533 | and | 533 | and |
534 | .Pa $HOME/.ssh/known_hosts | 534 | .Pa ~/.ssh/known_hosts |
535 | files contain host public keys for all known hosts. | 535 | files contain host public keys for all known hosts. |
536 | The global file should | 536 | The global file should |
537 | be prepared by the administrator (optional), and the per-user file is | 537 | be prepared by the administrator (optional), and the per-user file is |
@@ -642,7 +642,7 @@ listening for connections (if there are several daemons running | |||
642 | concurrently for different ports, this contains the process ID of the one | 642 | concurrently for different ports, this contains the process ID of the one |
643 | started last). | 643 | started last). |
644 | The content of this file is not sensitive; it can be world-readable. | 644 | The content of this file is not sensitive; it can be world-readable. |
645 | .It Pa $HOME/.ssh/authorized_keys | 645 | .It Pa ~/.ssh/authorized_keys |
646 | Lists the public keys (RSA or DSA) that can be used to log into the user's account. | 646 | Lists the public keys (RSA or DSA) that can be used to log into the user's account. |
647 | This file must be readable by root (which may on some machines imply | 647 | This file must be readable by root (which may on some machines imply |
648 | it being world-readable if the user's home directory resides on an NFS | 648 | it being world-readable if the user's home directory resides on an NFS |
@@ -656,7 +656,7 @@ and/or | |||
656 | .Pa id_rsa.pub | 656 | .Pa id_rsa.pub |
657 | files into this file, as described in | 657 | files into this file, as described in |
658 | .Xr ssh-keygen 1 . | 658 | .Xr ssh-keygen 1 . |
659 | .It Pa "/etc/ssh/ssh_known_hosts", "$HOME/.ssh/known_hosts" | 659 | .It Pa "/etc/ssh/ssh_known_hosts", "~/.ssh/known_hosts" |
660 | These files are consulted when using rhosts with RSA host | 660 | These files are consulted when using rhosts with RSA host |
661 | authentication or protocol version 2 hostbased authentication | 661 | authentication or protocol version 2 hostbased authentication |
662 | to check the public key of the host. | 662 | to check the public key of the host. |
@@ -666,12 +666,12 @@ to verify that it is connecting to the correct remote host. | |||
666 | These files should be writable only by root/the owner. | 666 | These files should be writable only by root/the owner. |
667 | .Pa /etc/ssh/ssh_known_hosts | 667 | .Pa /etc/ssh/ssh_known_hosts |
668 | should be world-readable, and | 668 | should be world-readable, and |
669 | .Pa $HOME/.ssh/known_hosts | 669 | .Pa ~/.ssh/known_hosts |
670 | can, but need not be, world-readable. | 670 | can, but need not be, world-readable. |
671 | .It Pa /etc/motd | 671 | .It Pa /etc/motd |
672 | See | 672 | See |
673 | .Xr motd 5 . | 673 | .Xr motd 5 . |
674 | .It Pa $HOME/.hushlogin | 674 | .It Pa ~/.hushlogin |
675 | This file is used to suppress printing the last login time and | 675 | This file is used to suppress printing the last login time and |
676 | .Pa /etc/motd , | 676 | .Pa /etc/motd , |
677 | if | 677 | if |
@@ -694,7 +694,7 @@ The file should be world-readable. | |||
694 | Access controls that should be enforced by tcp-wrappers are defined here. | 694 | Access controls that should be enforced by tcp-wrappers are defined here. |
695 | Further details are described in | 695 | Further details are described in |
696 | .Xr hosts_access 5 . | 696 | .Xr hosts_access 5 . |
697 | .It Pa $HOME/.rhosts | 697 | .It Pa ~/.rhosts |
698 | This file is used during | 698 | This file is used during |
699 | .Cm RhostsRSAAuthentication | 699 | .Cm RhostsRSAAuthentication |
700 | and | 700 | and |
@@ -712,7 +712,7 @@ It is also possible to use netgroups in the file. | |||
712 | Either host or user | 712 | Either host or user |
713 | name may be of the form +@groupname to specify all hosts or all users | 713 | name may be of the form +@groupname to specify all hosts or all users |
714 | in the group. | 714 | in the group. |
715 | .It Pa $HOME/.shosts | 715 | .It Pa ~/.shosts |
716 | For ssh, | 716 | For ssh, |
717 | this file is exactly the same as for | 717 | this file is exactly the same as for |
718 | .Pa .rhosts . | 718 | .Pa .rhosts . |
@@ -761,7 +761,7 @@ This is processed exactly as | |||
761 | .Pa /etc/hosts.equiv . | 761 | .Pa /etc/hosts.equiv . |
762 | However, this file may be useful in environments that want to run both | 762 | However, this file may be useful in environments that want to run both |
763 | rsh/rlogin and ssh. | 763 | rsh/rlogin and ssh. |
764 | .It Pa $HOME/.ssh/environment | 764 | .It Pa ~/.ssh/environment |
765 | This file is read into the environment at login (if it exists). | 765 | This file is read into the environment at login (if it exists). |
766 | It can only contain empty lines, comment lines (that start with | 766 | It can only contain empty lines, comment lines (that start with |
767 | .Ql # ) , | 767 | .Ql # ) , |
@@ -772,7 +772,7 @@ Environment processing is disabled by default and is | |||
772 | controlled via the | 772 | controlled via the |
773 | .Cm PermitUserEnvironment | 773 | .Cm PermitUserEnvironment |
774 | option. | 774 | option. |
775 | .It Pa $HOME/.ssh/rc | 775 | .It Pa ~/.ssh/rc |
776 | If this file exists, it is run with | 776 | If this file exists, it is run with |
777 | .Pa /bin/sh | 777 | .Pa /bin/sh |
778 | after reading the | 778 | after reading the |
@@ -817,7 +817,7 @@ This file should be writable only by the user, and need not be | |||
817 | readable by anyone else. | 817 | readable by anyone else. |
818 | .It Pa /etc/ssh/sshrc | 818 | .It Pa /etc/ssh/sshrc |
819 | Like | 819 | Like |
820 | .Pa $HOME/.ssh/rc . | 820 | .Pa ~/.ssh/rc . |
821 | This can be used to specify | 821 | This can be used to specify |
822 | machine-specific login-time initializations globally. | 822 | machine-specific login-time initializations globally. |
823 | This file should be writable only by root, and should be world-readable. | 823 | This file should be writable only by root, and should be world-readable. |