summaryrefslogtreecommitdiff
path: root/sshd.8
diff options
context:
space:
mode:
authorDamien Miller <djm@mindrot.org>1999-10-29 09:15:49 +1000
committerDamien Miller <djm@mindrot.org>1999-10-29 09:15:49 +1000
commit32aa144d7034447fee864d050b35b684519c2e45 (patch)
tree213473231103f90e2a3e77400a0828572b45d344 /sshd.8
parent34d0b614b3ee27f5b4fbaf7fb733ddccb02f58d6 (diff)
Re-imported OpenBSD manpages
Diffstat (limited to 'sshd.8')
-rw-r--r--sshd.8781
1 files changed, 781 insertions, 0 deletions
diff --git a/sshd.8 b/sshd.8
new file mode 100644
index 000000000..a5c3f9554
--- /dev/null
+++ b/sshd.8
@@ -0,0 +1,781 @@
1.\" -*- nroff -*-
2.\"
3.\" sshd.8.in
4.\"
5.\" Author: Tatu Ylonen <ylo@cs.hut.fi>
6.\"
7.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
8.\" All rights reserved
9.\"
10.\" Created: Sat Apr 22 21:55:14 1995 ylo
11.\"
12.\" $Id: sshd.8,v 1.3 1999/10/28 23:15:50 damien Exp $
13.\"
14.Dd September 25, 1999
15.Dt SSHD 8
16.Os
17.Sh NAME
18.Nm sshd
19.Nd secure shell daemon
20.Sh SYNOPSIS
21.Nm sshd
22.Op Fl diq
23.Op Fl b Ar bits
24.Op Fl f Ar config_file
25.Op Fl g Ar login_grace_time
26.Op Fl h Ar host_key_file
27.Op Fl k Ar key_gen_time
28.Op Fl p Ar port
29.Sh DESCRIPTION
30.Nm
31(Secure Shell Daemon) is the daemon program for
32.Xr ssh 1 .
33Together these programs replace rlogin and rsh programs, and
34provide secure encrypted communications between two untrusted hosts
35over an insecure network. The programs are intended to be as easy to
36install and use as possible.
37.Pp
38.Nm
39is the daemon that listens for connections from clients. It is
40normally started at boot from
41.Pa /etc/rc .
42It forks a new
43daemon for each incoming connection. The forked daemons handle
44key exchange, encryption, authentication, command execution,
45and data exchange.
46.Pp
47.Nm
48works as follows. Each host has a host-specific RSA key
49(normally 1024 bits) used to identify the host. Additionally, when
50the daemon starts, it generates a server RSA key (normally 768 bits).
51This key is normally regenerated every hour if it has been used, and
52is never stored on disk.
53.Pp
54Whenever a client connects the daemon, the daemon sends its host
55and server public keys to the client. The client compares the
56host key against its own database to verify that it has not changed.
57The client then generates a 256 bit random number. It encrypts this
58random number using both the host key and the server key, and sends
59the encrypted number to the server. Both sides then start to use this
60random number as a session key which is used to encrypt all further
61communications in the session. The rest of the session is encrypted
62using a conventional cipher, currently Blowfish and 3DES, with 3DES
63being is used by default. The client selects the encryption algorithm
64to use from those offered by the server.
65.Pp
66Next, the server and the client enter an authentication dialog. The
67client tries to authenticate itself using
68.Pa .rhosts
69authentication,
70.Pa .rhosts
71authentication combined with RSA host
72authentication, RSA challenge-response authentication, or password
73based authentication.
74.Pp
75Rhosts authentication is normally disabled
76because it is fundamentally insecure, but can be enabled in the server
77configuration file if desired. System security is not improved unless
78.Xr rshd 8 ,
79.Xr rlogind 8 ,
80.Xr rexecd 8 ,
81and
82.Xr rexd 8
83are disabled (thus completely disabling
84.Xr rlogin 1
85and
86.Xr rsh 1
87into that machine).
88.Pp
89If the client successfully authenticates itself, a dialog for
90preparing the session is entered. At this time the client may request
91things like allocating a pseudo-tty, forwarding X11 connections,
92forwarding TCP/IP connections, or forwarding the authentication agent
93connection over the secure channel.
94.Pp
95Finally, the client either requests a shell or execution of a command.
96The sides then enter session mode. In this mode, either side may send
97data at any time, and such data is forwarded to/from the shell or
98command on the server side, and the user terminal in the client side.
99.Pp
100When the user program terminates and all forwarded X11 and other
101connections have been closed, the server sends command exit status to
102the client, and both sides exit.
103.Pp
104.Nm
105can be configured using command-line options or a configuration
106file. Command-line options override values specified in the
107configuration file.
108.Pp
109The options are as follows:
110.Bl -tag -width Ds
111.It Fl b Ar bits
112Specifies the number of bits in the server key (default 768).
113.Pp
114.It Fl d
115Debug mode. The server sends verbose debug output to the system
116log, and does not put itself in the background. The server also will
117not fork and will only process one connection. This option is only
118intended for debugging for the server.
119.It Fl f Ar configuration_file
120Specifies the name of the configuration file. The default is
121.Pa /etc/sshd_config .
122.Nm
123refuses to start if there is no configuration file.
124.It Fl g Ar login_grace_time
125Gives the grace time for clients to authenticate themselves (default
126300 seconds). If the client fails to authenticate the user within
127this many seconds, the server disconnects and exits. A value of zero
128indicates no limit.
129.It Fl h Ar host_key_file
130Specifies the file from which the host key is read (default
131.Pa /etc/ssh_host_key ) .
132This option must be given if
133.Nm
134is not run as root (as the normal
135host file is normally not readable by anyone but root).
136.It Fl i
137Specifies that
138.Nm
139is being run from inetd.
140.Nm
141is normally not run
142from inetd because it needs to generate the server key before it can
143respond to the client, and this may take tens of seconds. Clients
144would have to wait too long if the key was regenerated every time.
145However, with small key sizes (e.g. 512) using
146.Nm
147from inetd may
148be feasible.
149.It Fl k Ar key_gen_time
150Specifies how often the server key is regenerated (default 3600
151seconds, or one hour). The motivation for regenerating the key fairly
152often is that the key is not stored anywhere, and after about an hour,
153it becomes impossible to recover the key for decrypting intercepted
154communications even if the machine is cracked into or physically
155seized. A value of zero indicates that the key will never be regenerated.
156.It Fl p Ar port
157Specifies the port on which the server listens for connections
158(default 22).
159.It Fl q
160Quiet mode. Nothing is sent to the system log. Normally the beginning,
161authentication, and termination of each connection is logged.
162.It Fl Q
163Do not print an error message if RSA support is missing.
164.El
165.Sh CONFIGURATION FILE
166.Nm
167reads configuration data from
168.Pa /etc/sshd_config
169(or the file specified with
170.Fl f
171on the command line). The file
172contains keyword-value pairs, one per line. Lines starting with
173.Ql #
174and empty lines are interpreted as comments.
175.Pp
176The following keywords are possible.
177.Bl -tag -width Ds
178.It Cm AFSTokenPassing
179Specifies whether an AFS token may be forwarded to the server. Default is
180.Dq yes .
181.It Cm AllowGroups
182This keyword can be followed by a number of group names, separated
183by spaces. If specified, login is allowed only for users whose primary
184group matches one of the patterns.
185.Ql \&*
186and
187.Ql ?
188can be used as
189wildcards in the patterns. Only group names are valid, a numerical group
190id isn't recognized. By default login is allowed regardless of
191the primary group.
192.Pp
193.It Cm AllowUsers
194This keyword can be followed by a number of user names, separated
195by spaces. If specified, login is allowed only for users names that
196match one of the patterns.
197.Ql \&*
198and
199.Ql ?
200can be used as
201wildcards in the patterns. Only user names are valid, a numerical user
202id isn't recognized. By default login is allowed regardless of
203the user name.
204.Pp
205.It Cm CheckMail
206Specifies whether
207.Nm
208should check for new mail for interactive logins.
209The default is
210.Dq no .
211.It Cm DenyGroups
212This keyword can be followed by a number of group names, separated
213by spaces. Users whose primary group matches one of the patterns
214aren't allowed to log in.
215.Ql \&*
216and
217.Ql ?
218can be used as
219wildcards in the patterns. Only group names are valid, a numerical group
220id isn't recognized. By default login is allowed regardless of
221the primary group.
222.Pp
223.It Cm DenyUsers
224This keyword can be followed by a number of user names, separated
225by spaces. Login is allowed disallowed for user names that match
226one of the patterns.
227.Ql \&*
228and
229.Ql ?
230can be used as
231wildcards in the patterns. Only user names are valid, a numerical user
232id isn't recognized. By default login is allowed regardless of
233the user name.
234.Pp
235.It Cm FascistLogging
236Specifies whether to use verbose logging. Verbose logging violates
237the privacy of users and is not recommended. The argument must be
238.Dq yes
239or
240.Dq no .
241The default is
242.Dq no .
243.It Cm HostKey
244Specifies the file containing the private host key (default
245.Pa /etc/ssh_host_key ) .
246Note that
247.Nm
248does not start if this file is group/world-accessible.
249.It Cm IgnoreRhosts
250Specifies that rhosts and shosts files will not be used in
251authentication.
252.Pa /etc/hosts.equiv
253and
254.Pa /etc/shosts.equiv
255are still used. The default is
256.Dq no .
257.It Cm KeepAlive
258Specifies whether the system should send keepalive messages to the
259other side. If they are sent, death of the connection or crash of one
260of the machines will be properly noticed. However, this means that
261connections will die if the route is down temporarily, and some people
262find it annoying. On the other hand, if keepalives are not send,
263sessions may hang indefinitely on the server, leaving
264.Dq ghost
265users and consuming server resources.
266.Pp
267The default is
268.Dq yes
269(to send keepalives), and the server will notice
270if the network goes down or the client host reboots. This avoids
271infinitely hanging sessions.
272.Pp
273To disable keepalives, the value should be set to
274.Dq no
275in both the server and the client configuration files.
276.It Cm KerberosAuthentication
277Specifies whether Kerberos authentication is allowed. This can
278be in the form of a Kerberos ticket, or if
279.Cm PasswordAuthentication
280is yes, the password provided by the user will be validated through
281the Kerberos KDC. Default is
282.Dq yes .
283.It Cm KerberosOrLocalPasswd
284If set then if password authentication through Kerberos fails then
285the password will be validated via any additional local mechanism
286such as
287.Pa /etc/passwd
288or SecurID. Default is
289.Dq yes .
290.It Cm KerberosTgtPassing
291Specifies whether a Kerberos TGT may be forwarded to the server.
292Default is
293.Dq no ,
294as this only works when the Kerberos KDC is actually an AFS kaserver.
295.It Cm KerberosTicketCleanup
296Specifies whether to automatically destroy the user's ticket cache
297file on logout. Default is
298.Dq yes .
299.It Cm KeyRegenerationInterval
300The server key is automatically regenerated after this many seconds
301(if it has been used). The purpose of regeneration is to prevent
302decrypting captured sessions by later breaking into the machine and
303stealing the keys. The key is never stored anywhere. If the value is
3040, the key is never regenerated. The default is 3600
305(seconds).
306.It Cm ListenAddress
307Specifies what local address
308.Nm
309should listen on.
310The default is to listen to all local addresses.
311.It Cm LoginGraceTime
312The server disconnects after this time if the user has not
313successfully logged in. If the value is 0, there is no time limit.
314The default is 600 (seconds).
315.It Cm PasswordAuthentication
316Specifies whether password authentication is allowed.
317The default is
318.Dq yes .
319.It Cm PermitEmptyPasswords
320When password authentication is allowed, it specifies whether the
321server allows login to accounts with empty password strings. The default
322is
323.Dq yes .
324.It Cm PermitRootLogin
325Specifies whether the root can log in using
326.Xr ssh 1 .
327The argument must be
328.Dq yes ,
329.Dq without-password
330or
331.Dq no .
332The default is
333.Dq yes .
334If this options is set to
335.Dq without-password
336only password authentication is disabled for root.
337.Pp
338Root login with RSA authentication when the
339.Ar command
340option has been
341specified will be allowed regardless of the value of this setting
342(which may be useful for taking remote backups even if root login is
343normally not allowed).
344.It Cm Port
345Specifies the port number that
346.Nm
347listens on. The default is 22.
348.It Cm PrintMotd
349Specifies whether
350.Nm
351should print
352.Pa /etc/motd
353when a user logs in interactively. (On some systems it is also
354printed by the shell,
355.Pa /etc/profile ,
356or equivalent.) The default is
357.Dq yes .
358.It Cm QuietMode
359Specifies whether the system runs in quiet mode. In quiet mode,
360nothing is logged in the system log, except fatal errors. The default
361is
362.Dq no .
363.It Cm RandomSeed
364Obsolete. Random number generation uses other techniques.
365.It Cm RhostsAuthentication
366Specifies whether authentication using rhosts or /etc/hosts.equiv
367files is sufficient. Normally, this method should not be permitted
368because it is insecure.
369.Cm RhostsRSAAuthentication
370should be used
371instead, because it performs RSA-based host authentication in addition
372to normal rhosts or /etc/hosts.equiv authentication.
373The default is
374.Dq no .
375.It Cm RhostsRSAAuthentication
376Specifies whether rhosts or /etc/hosts.equiv authentication together
377with successful RSA host authentication is allowed. The default is
378.Dq yes .
379.It Cm RSAAuthentication
380Specifies whether pure RSA authentication is allowed. The default is
381.Dq yes .
382.It Cm ServerKeyBits
383Defines the number of bits in the server key. The minimum value is
384512, and the default is 768.
385.It Cm SkeyAuthentication
386Specifies whether
387.Xr skey 1
388authentication is allowed. The default is
389.Dq yes .
390Note that s/key authentication is enabled only if
391.Cm PasswordAuthentication
392is allowed, too.
393.It Cm StrictModes
394Specifies whether
395.Nm
396should check file modes and ownership of the
397user's files and home directory before accepting login. This
398is normally desirable because novices sometimes accidentally leave their
399directory or files world-writable. The default is
400.Dq yes .
401.It Cm SyslogFacility
402Gives the facility code that is used when logging messages from
403.Nm sshd .
404The possible values are: DAEMON, USER, AUTH, LOCAL0, LOCAL1, LOCAL2,
405LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7. The default is AUTH.
406.It Cm UseLogin
407Specifies whether
408.Xr login 1
409is used. The default is
410.Dq no .
411.It Cm X11Forwarding
412Specifies whether X11 forwarding is permitted. The default is
413.Dq yes .
414Note that disabling X11 forwarding does not improve security in any
415way, as users can always install their own forwarders.
416.It Cm X11DisplayOffset
417Specifies the first display number available for
418.Nm sshd Ns 's
419X11 forwarding. This prevents
420.Nm
421from interfering with real X11 servers.
422.El
423.Sh LOGIN PROCESS
424When a user successfully logs in,
425.Nm
426does the following:
427.Bl -enum -offset indent
428.It
429If the login is on a tty, and no command has been specified,
430prints last login time and
431.Pa /etc/motd
432(unless prevented in the configuration file or by
433.Pa $HOME/.hushlogin ;
434see the
435.Sx FILES
436section).
437.It
438If the login is on a tty, records login time.
439.It
440Checks
441.Pa /etc/nologin ;
442if it exists, prints contents and quits
443(unless root).
444.It
445Changes to run with normal user privileges.
446.It
447Sets up basic environment.
448.It
449Reads
450.Pa $HOME/.ssh/environment
451if it exists.
452.It
453Changes to user's home directory.
454.It
455If
456.Pa $HOME/.ssh/rc
457exists, runs it; else if
458.Pa /etc/sshrc
459exists, runs
460it; otherwise runs xauth. The
461.Dq rc
462files are given the X11
463authentication protocol and cookie in standard input.
464.It
465Runs user's shell or command.
466.El
467.Sh AUTHORIZED_KEYS FILE FORMAT
468The
469.Pa $HOME/.ssh/authorized_keys
470file lists the RSA keys that are
471permitted for RSA authentication. Each line of the file contains one
472key (empty lines and lines starting with a
473.Ql #
474are ignored as
475comments). Each line consists of the following fields, separated by
476spaces: options, bits, exponent, modulus, comment. The options field
477is optional; its presence is determined by whether the line starts
478with a number or not (the option field never starts with a number).
479The bits, exponent, modulus and comment fields give the RSA key; the
480comment field is not used for anything (but may be convenient for the
481user to identify the key).
482.Pp
483Note that lines in this file are usually several hundred bytes long
484(because of the size of the RSA key modulus). You don't want to type
485them in; instead, copy the
486.Pa identity.pub
487file and edit it.
488.Pp
489The options (if present) consists of comma-separated option
490specifications. No spaces are permitted, except within double quotes.
491The following option specifications are supported:
492.Bl -tag -width Ds
493.It Cm from="pattern-list"
494Specifies that in addition to RSA authentication, the canonical name
495of the remote host must be present in the comma-separated list of
496patterns ('*' and '?' serve as wildcards). The list may also contain
497patterns negated by prefixing them with '!'; if the canonical host
498name matches a negated pattern, the key is not accepted. The purpose
499of this option is to optionally increase security: RSA authentication
500by itself does not trust the network or name servers or anything (but
501the key); however, if somebody somehow steals the key, the key
502permits an intruder to log in from anywhere in the world. This
503additional option makes using a stolen key more difficult (name
504servers and/or routers would have to be compromised in addition to
505just the key).
506.It Cm command="command"
507Specifies that the command is executed whenever this key is used for
508authentication. The command supplied by the user (if any) is ignored.
509The command is run on a pty if the connection requests a pty;
510otherwise it is run without a tty. A quote may be included in the
511command by quoting it with a backslash. This option might be useful
512to restrict certain RSA keys to perform just a specific operation. An
513example might be a key that permits remote backups but nothing
514else. Notice that the client may specify TCP/IP and/or X11
515forwardings unless they are explicitly prohibited.
516.It Cm environment="NAME=value"
517Specifies that the string is to be added to the environment when
518logging in using this key. Environment variables set this way
519override other default environment values. Multiple options of this
520type are permitted.
521.It Cm no-port-forwarding
522Forbids TCP/IP forwarding when this key is used for authentication.
523Any port forward requests by the client will return an error. This
524might be used, e.g., in connection with the
525.Cm command
526option.
527.It Cm no-X11-forwarding
528Forbids X11 forwarding when this key is used for authentication.
529Any X11 forward requests by the client will return an error.
530.It Cm no-agent-forwarding
531Forbids authentication agent forwarding when this key is used for
532authentication.
533.It Cm no-pty
534Prevents tty allocation (a request to allocate a pty will fail).
535.El
536.Ss Examples
5371024 33 12121.\|.\|.\|312314325 ylo@foo.bar
538.Pp
539from="*.niksula.hut.fi,!pc.niksula.hut.fi" 1024 35 23.\|.\|.\|2334 ylo@niksula
540.Pp
541command="dump /home",no-pty,no-port-forwarding 1024 33 23.\|.\|.\|2323 backup.hut.fi
542.Sh SSH_KNOWN_HOSTS FILE FORMAT
543The
544.Pa /etc/ssh_known_hosts
545and
546.Pa $HOME/.ssh/known_hosts
547files contain host public keys for all known hosts. The global file should
548be prepared by the admistrator (optional), and the per-user file is
549maintained automatically: whenever the user connects an unknown host
550its key is added to the per-user file.
551.Pp
552Each line in these files contains the following fields: hostnames,
553bits, exponent, modulus, comment. The fields are separated by spaces.
554.Pp
555Hostnames is a comma-separated list of patterns ('*' and '?' act as
556wildcards); each pattern in turn is matched against the canonical host
557name (when authenticating a client) or against the user-supplied
558name (when authenticating a server). A pattern may also be preceded
559by
560.Ql !
561to indicate negation: if the host name matches a negated
562pattern, it is not accepted (by that line) even if it matched another
563pattern on the line.
564.Pp
565Bits, exponent, and modulus are taken directly from the host key; they
566can be obtained, e.g., from
567.Pa /etc/ssh_host_key.pub .
568The optional comment field continues to the end of the line, and is not used.
569.Pp
570Lines starting with
571.Ql #
572and empty lines are ignored as comments.
573.Pp
574When performing host authentication, authentication is accepted if any
575matching line has the proper key. It is thus permissible (but not
576recommended) to have several lines or different host keys for the same
577names. This will inevitably happen when short forms of host names
578from different domains are put in the file. It is possible
579that the files contain conflicting information; authentication is
580accepted if valid information can be found from either file.
581.Pp
582Note that the lines in these files are typically hundreds of characters
583long, and you definitely don't want to type in the host keys by hand.
584Rather, generate them by a script
585or by taking
586.Pa /etc/ssh_host_key.pub
587and adding the host names at the front.
588.Ss Examples
589closenet,closenet.hut.fi,.\|.\|.\|,130.233.208.41 1024 37 159.\|.\|.93 closenet.hut.fi
590.Sh FILES
591.Bl -tag -width Ds
592.It Pa /etc/sshd_config
593Contains configuration data for
594.Nm sshd .
595This file should be writable by root only, but it is recommended
596(though not necessary) that it be world-readable.
597.It Pa /etc/ssh_host_key
598Contains the private part of the host key.
599This file should only be owned by root, readable only by root, and not
600accessible to others.
601Note that
602.Nm
603does not start if this file is group/world-accessible.
604.It Pa /etc/ssh_host_key.pub
605Contains the public part of the host key.
606This file should be world-readable but writable only by
607root. Its contents should match the private part. This file is not
608really used for anything; it is only provided for the convenience of
609the user so its contents can be copied to known hosts files.
610These two files are created using
611.Xr ssh-keygen 1 .
612.It Pa /var/run/sshd.pid
613Contains the process ID of the
614.Nm
615listening for connections (if there are several daemons running
616concurrently for different ports, this contains the pid of the one
617started last). The contents of this file are not sensitive; it can be
618world-readable.
619.It Pa $HOME/.ssh/authorized_keys
620Lists the RSA keys that can be used to log into the user's account.
621This file must be readable by root (which may on some machines imply
622it being world-readable if the user's home directory resides on an NFS
623volume). It is recommended that it not be accessible by others. The
624format of this file is described above.
625.It Pa /etc/ssh_known_hosts
626This file is consulted when using rhosts with RSA host
627authentication to check the public key of the host. The key must be
628listed in this file to be accepted.
629.It Pa $HOME/.ssh/known_hosts
630The client uses this file
631and
632.Pa /etc/ssh_known_hosts
633to verify that the remote host is the one we intended to
634connect. These files should be writable only by root/the owner.
635.Pa /etc/ssh_known_hosts
636should be world-readable, and
637.Pa $HOME/.ssh/known_hosts
638can but need not be world-readable.
639.It Pa /etc/nologin
640If this file exists,
641.Nm
642refuses to let anyone except root log in. The contents of the file
643are displayed to anyone trying to log in, and non-root connections are
644refused. The file should be world-readable.
645.It Pa /etc/hosts.allow, /etc/hosts.deny
646If compiled with
647.Sy LIBWRAP
648support, tcp-wrappers access controls may be defined here as described in
649.Xr hosts_access 5 .
650.It Pa $HOME/.rhosts
651This file contains host-username pairs, separated by a space, one per
652line. The given user on the corresponding host is permitted to log in
653without password. The same file is used by rlogind and rshd.
654The file must
655be writable only by the user; it is recommended that it not be
656accessible by others.
657.Pp
658If is also possible to use netgroups in the file. Either host or user
659name may be of the form +@groupname to specify all hosts or all users
660in the group.
661.It Pa $HOME/.shosts
662For ssh,
663this file is exactly the same as for
664.Pa .rhosts .
665However, this file is
666not used by rlogin and rshd, so using this permits access using SSH only.
667.Pa /etc/hosts.equiv
668This file is used during
669.Pa .rhosts
670authentication. In the
671simplest form, this file contains host names, one per line. Users on
672those hosts are permitted to log in without a password, provided they
673have the same user name on both machines. The host name may also be
674followed by a user name; such users are permitted to log in as
675.Em any
676user on this machine (except root). Additionally, the syntax
677.Dq +@group
678can be used to specify netgroups. Negated entries start with
679.Ql \&- .
680.Pp
681If the client host/user is successfully matched in this file, login is
682automatically permitted provided the client and server user names are the
683same. Additionally, successful RSA host authentication is normally
684required. This file must be writable only by root; it is recommended
685that it be world-readable.
686.Pp
687.Sy "Warning: It is almost never a good idea to use user names in"
688.Pa hosts.equiv .
689Beware that it really means that the named user(s) can log in as
690.Em anybody ,
691which includes bin, daemon, adm, and other accounts that own critical
692binaries and directories. Using a user name practically grants the
693user root access. The only valid use for user names that I can think
694of is in negative entries.
695.Pp
696Note that this warning also applies to rsh/rlogin.
697.It Pa /etc/shosts.equiv
698This is processed exactly as
699.Pa /etc/hosts.equiv .
700However, this file may be useful in environments that want to run both
701rsh/rlogin and ssh.
702.It Pa $HOME/.ssh/environment
703This file is read into the environment at login (if it exists). It
704can only contain empty lines, comment lines (that start with
705.Ql # ) ,
706and assignment lines of the form name=value. The file should be writable
707only by the user; it need not be readable by anyone else.
708.It Pa $HOME/.ssh/rc
709If this file exists, it is run with /bin/sh after reading the
710environment files but before starting the user's shell or command. If
711X11 spoofing is in use, this will receive the "proto cookie" pair in
712standard input (and
713.Ev DISPLAY
714in environment). This must call
715.Xr xauth 1
716in that case.
717.Pp
718The primary purpose of this file is to run any initialization routines
719which may be needed before the user's home directory becomes
720accessible; AFS is a particular example of such an environment.
721.Pp
722This file will probably contain some initialization code followed by
723something similar to: "if read proto cookie; then echo add $DISPLAY
724$proto $cookie | xauth -q -; fi".
725.Pp
726If this file does not exist,
727.Pa /etc/sshrc
728is run, and if that
729does not exist either, xauth is used to store the cookie.
730.Pp
731This file should be writable only by the user, and need not be
732readable by anyone else.
733.It Pa /etc/sshrc
734Like
735.Pa $HOME/.ssh/rc .
736This can be used to specify
737machine-specific login-time initializations globally. This file
738should be writable only by root, and should be world-readable.
739.Sh AUTHOR
740Tatu Ylonen <ylo@cs.hut.fi>
741.Pp
742Information about new releases, mailing lists, and other related
743issues can be found from the SSH WWW home page:
744.Pp
745.Dl http://www.cs.hut.fi/ssh.
746.Pp
747OpenSSH
748is a derivative of the original (free) ssh 1.2.12 release, but with bugs
749removed and newer features re-added. Rapidly after the 1.2.12 release,
750newer versions bore successively more restrictive licenses. This version
751of OpenSSH
752.Bl -bullet
753.It
754has all components of a restrictive nature (ie. patents, see
755.Xr ssl 8 )
756directly removed from the source code; any licensed or patented components
757are chosen from
758external libraries.
759.It
760has been updated to support ssh protocol 1.5.
761.It
762contains added support for
763.Xr kerberos 8
764authentication and ticket passing.
765.It
766supports one-time password authentication with
767.Xr skey 1 .
768.El
769.Pp
770The libraries described in
771.Xr ssl 8
772are required for proper operation.
773.Sh SEE ALSO
774.Xr rlogin 1 ,
775.Xr rsh 1 ,
776.Xr scp 1 ,
777.Xr ssh 1 ,
778.Xr ssh-add 1 ,
779.Xr ssh-agent 1 ,
780.Xr ssh-keygen 1 ,
781.Xr ssl 8