diff options
author | Ben Lindstrom <mouring@eviladmin.org> | 2001-06-25 04:17:12 +0000 |
---|---|---|
committer | Ben Lindstrom <mouring@eviladmin.org> | 2001-06-25 04:17:12 +0000 |
commit | f96704d4ef4c55599d9999292abc1457e8153674 (patch) | |
tree | 3e3e8a85ae03df6a26b425b607496bac0949e8c0 /sshd.8 | |
parent | ae1c51c208917198fd96f0aca209459f37001ea4 (diff) |
- markus@cvs.openbsd.org 2001/06/22 21:55:49
[auth2.c auth-rsa.c pathnames.h ssh.1 sshd.8 sshd_config
ssh-keygen.1]
merge authorized_keys2 into authorized_keys.
authorized_keys2 is used for backward compat.
(just append authorized_keys2 to authorized_keys).
Diffstat (limited to 'sshd.8')
-rw-r--r-- | sshd.8 | 41 |
1 files changed, 6 insertions, 35 deletions
@@ -34,7 +34,7 @@ | |||
34 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 34 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
35 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 35 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
36 | .\" | 36 | .\" |
37 | .\" $OpenBSD: sshd.8,v 1.129 2001/06/22 21:28:53 provos Exp $ | 37 | .\" $OpenBSD: sshd.8,v 1.130 2001/06/22 21:55:50 markus Exp $ |
38 | .Dd September 25, 1999 | 38 | .Dd September 25, 1999 |
39 | .Dt SSHD 8 | 39 | .Dt SSHD 8 |
40 | .Os | 40 | .Os |
@@ -345,20 +345,6 @@ is taken to be an absolute path or one relative to the user's home | |||
345 | directory. | 345 | directory. |
346 | The default is | 346 | The default is |
347 | .Dq .ssh/authorized_keys | 347 | .Dq .ssh/authorized_keys |
348 | .It Cm AuthorizedKeysFile2 | ||
349 | Specifies the file that contains the public keys that can be used | ||
350 | for public key authentication in protocol version 2. | ||
351 | .Cm AuthorizedKeysFile2 | ||
352 | may contain tokens of the form %T which are substituted during connection | ||
353 | set-up. The following tokens are defined; %% is replaces by a literal '%', | ||
354 | %h is replaced by the home directory of the user being authenticated and | ||
355 | %u is replaced by the username of that user. | ||
356 | After expansion, | ||
357 | .Cm AuthorizedKeysFile2 | ||
358 | is taken to be an absolute path or one relative to the user's home | ||
359 | directory. | ||
360 | The default is | ||
361 | .Dq .ssh/authorized_keys2 | ||
362 | .It Cm Banner | 348 | .It Cm Banner |
363 | In some jurisdictions, sending a warning message before authentication | 349 | In some jurisdictions, sending a warning message before authentication |
364 | may be relevant for getting legal protection. | 350 | may be relevant for getting legal protection. |
@@ -921,16 +907,11 @@ Runs user's shell or command. | |||
921 | .El | 907 | .El |
922 | .Sh AUTHORIZED_KEYS FILE FORMAT | 908 | .Sh AUTHORIZED_KEYS FILE FORMAT |
923 | .Pa $HOME/.ssh/authorized_keys | 909 | .Pa $HOME/.ssh/authorized_keys |
924 | is the default file that lists the RSA keys that are | 910 | is the default file that lists the public keys that are |
925 | permitted for RSA authentication in protocol version 1. | 911 | permitted for RSA authentication in protocol version 1 |
926 | .Cm AuthorizedKeysFile | 912 | and for public key authentication (PubkeyAuthentication) |
927 | may be used to specify an alternative file. | ||
928 | Similarly, | ||
929 | .Pa $HOME/.ssh/authorized_keys2 | ||
930 | is the default file that lists the DSA and RSA keys that are | ||
931 | permitted for public key authentication (PubkeyAuthentication) | ||
932 | in protocol version 2. | 913 | in protocol version 2. |
933 | .Cm AuthorizedKeysFile2 | 914 | .Cm AuthorizedKeysFile |
934 | may be used to specify an alternative file. | 915 | may be used to specify an alternative file. |
935 | .Pp | 916 | .Pp |
936 | Each line of the file contains one | 917 | Each line of the file contains one |
@@ -1133,17 +1114,6 @@ concurrently for different ports, this contains the pid of the one | |||
1133 | started last). | 1114 | started last). |
1134 | The content of this file is not sensitive; it can be world-readable. | 1115 | The content of this file is not sensitive; it can be world-readable. |
1135 | .It Pa $HOME/.ssh/authorized_keys | 1116 | .It Pa $HOME/.ssh/authorized_keys |
1136 | Lists the RSA keys that can be used to log into the user's account. | ||
1137 | This file must be readable by root (which may on some machines imply | ||
1138 | it being world-readable if the user's home directory resides on an NFS | ||
1139 | volume). | ||
1140 | It is recommended that it not be accessible by others. | ||
1141 | The format of this file is described above. | ||
1142 | Users will place the contents of their | ||
1143 | .Pa identity.pub | ||
1144 | files into this file, as described in | ||
1145 | .Xr ssh-keygen 1 . | ||
1146 | .It Pa $HOME/.ssh/authorized_keys2 | ||
1147 | Lists the public keys (RSA or DSA) that can be used to log into the user's account. | 1117 | Lists the public keys (RSA or DSA) that can be used to log into the user's account. |
1148 | This file must be readable by root (which may on some machines imply | 1118 | This file must be readable by root (which may on some machines imply |
1149 | it being world-readable if the user's home directory resides on an NFS | 1119 | it being world-readable if the user's home directory resides on an NFS |
@@ -1151,6 +1121,7 @@ volume). | |||
1151 | It is recommended that it not be accessible by others. | 1121 | It is recommended that it not be accessible by others. |
1152 | The format of this file is described above. | 1122 | The format of this file is described above. |
1153 | Users will place the contents of their | 1123 | Users will place the contents of their |
1124 | .Pa identity.pub , | ||
1154 | .Pa id_dsa.pub | 1125 | .Pa id_dsa.pub |
1155 | and/or | 1126 | and/or |
1156 | .Pa id_rsa.pub | 1127 | .Pa id_rsa.pub |