summaryrefslogtreecommitdiff
path: root/sshd.8
diff options
context:
space:
mode:
authorDamien Miller <djm@mindrot.org>2006-03-15 11:35:27 +1100
committerDamien Miller <djm@mindrot.org>2006-03-15 11:35:27 +1100
commitadc35b9583944203906ef1fd8b078316213e35d5 (patch)
tree0a74b4bf4d9c132f78af128940b4302b89acce5a /sshd.8
parentbc1936ad8735cc5f4949eb18172869352e2c5c1c (diff)
- jmc@cvs.openbsd.org 2006/02/16 09:05:34
[sshd.8] sync some of the FILES entries w/ ssh.1;
Diffstat (limited to 'sshd.8')
-rw-r--r--sshd.878
1 files changed, 33 insertions, 45 deletions
diff --git a/sshd.8 b/sshd.8
index aed8b60d1..6d79f175c 100644
--- a/sshd.8
+++ b/sshd.8
@@ -34,7 +34,7 @@
34.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 34.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
35.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 35.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
36.\" 36.\"
37.\" $OpenBSD: sshd.8,v 1.224 2006/02/15 16:55:33 jmc Exp $ 37.\" $OpenBSD: sshd.8,v 1.225 2006/02/16 09:05:34 jmc Exp $
38.Dd September 25, 1999 38.Dd September 25, 1999
39.Dt SSHD 8 39.Dt SSHD 8
40.Os 40.Os
@@ -605,45 +605,31 @@ It does not suppress printing of the banner specified by
605.Cm Banner . 605.Cm Banner .
606.Pp 606.Pp
607.It ~/.rhosts 607.It ~/.rhosts
608This file is used during 608This file is used for host-based authentication (see
609.Cm RhostsRSAAuthentication 609.Xr ssh 1
610and 610for more information).
611.Cm HostbasedAuthentication 611On some machines this file may need to be
612and contains host-username pairs, separated by a space, one per 612world-readable if the user's home directory is on an NFS partition,
613line. 613because
614The given user on the corresponding host is permitted to log in 614.Nm
615without a password. 615reads it as root.
616The same file is used by rlogind and rshd. 616Additionally, this file must be owned by the user,
617The file must 617and must not have write permissions for anyone else.
618be writable only by the user; it is recommended that it not be 618The recommended
619permission for most machines is read/write for the user, and not
619accessible by others. 620accessible by others.
620.Pp 621.Pp
621It is also possible to use netgroups in the file.
622Either host or user
623name may be of the form +@groupname to specify all hosts or all users
624in the group.
625.Pp
626.It ~/.shosts 622.It ~/.shosts
627For ssh, 623This file is used in exactly the same way as
628this file is exactly the same as for 624.Pa .rhosts ,
629.Pa .rhosts . 625but allows host-based authentication without permitting login with
630However, this file is 626rlogin/rsh.
631not used by rlogin and rshd, so using this permits access using SSH only.
632.Pp 627.Pp
633.It ~/.ssh/authorized_keys 628.It ~/.ssh/authorized_keys
634Lists the public keys (RSA or DSA) that can be used to log into the user's account. 629Lists the public keys (RSA/DSA) that can be used for logging in as this user.
635This file must be readable by root (which may on some machines imply
636it being world-readable if the user's home directory resides on an NFS
637volume).
638It is recommended that it not be accessible by others.
639The format of this file is described above. 630The format of this file is described above.
640Users will place the contents of their 631This file is not highly sensitive, but the recommended
641.Pa identity.pub , 632permissions are read/write for the user, and not accessible by others.
642.Pa id_dsa.pub
643and/or
644.Pa id_rsa.pub
645files into this file, as described in
646.Xr ssh-keygen 1 .
647.Pp 633.Pp
648.It ~/.ssh/environment 634.It ~/.ssh/environment
649This file is read into the environment at login (if it exists). 635This file is read into the environment at login (if it exists).
@@ -658,17 +644,10 @@ controlled via the
658option. 644option.
659.Pp 645.Pp
660.It ~/.ssh/known_hosts 646.It ~/.ssh/known_hosts
661.It /etc/ssh/ssh_known_hosts 647Contains a list of host keys for all hosts the user has logged into
662These files are consulted when using rhosts with RSA host 648that are not already in the systemwide list of known host keys.
663authentication or protocol version 2 hostbased authentication 649The format of this file is described above.
664to check the public key of the host. 650This file should be writable only by root/the owner and
665The key must be listed in one of these files to be accepted.
666The client uses the same files
667to verify that it is connecting to the correct remote host.
668These files should be writable only by root/the owner.
669.Pa /etc/ssh/ssh_known_hosts
670should be world-readable, and
671.Pa ~/.ssh/known_hosts
672can, but need not be, world-readable. 651can, but need not be, world-readable.
673.Pp 652.Pp
674.It ~/.ssh/rc 653.It ~/.ssh/rc
@@ -784,6 +763,15 @@ This is processed exactly as
784However, this file may be useful in environments that want to run both 763However, this file may be useful in environments that want to run both
785rsh/rlogin and ssh. 764rsh/rlogin and ssh.
786.Pp 765.Pp
766.It /etc/ssh/ssh_known_hosts
767Systemwide list of known host keys.
768This file should be prepared by the
769system administrator to contain the public host keys of all machines in the
770organization.
771The format of this file is described above.
772This file should be writable only by root/the owner and
773should be world-readable.
774.Pp
787.It /etc/ssh/ssh_host_key 775.It /etc/ssh/ssh_host_key
788.It /etc/ssh/ssh_host_dsa_key 776.It /etc/ssh/ssh_host_dsa_key
789.It /etc/ssh/ssh_host_rsa_key 777.It /etc/ssh/ssh_host_rsa_key