diff options
Diffstat (limited to 'ssh.1')
-rw-r--r-- | ssh.1 | 51 |
1 files changed, 14 insertions, 37 deletions
@@ -34,7 +34,7 @@ | |||
34 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 34 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
35 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 35 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
36 | .\" | 36 | .\" |
37 | .\" $OpenBSD: ssh.1,v 1.115 2001/06/22 21:55:49 markus Exp $ | 37 | .\" $OpenBSD: ssh.1,v 1.116 2001/06/23 02:34:31 markus Exp $ |
38 | .Dd September 25, 1999 | 38 | .Dd September 25, 1999 |
39 | .Dt SSH 1 | 39 | .Dt SSH 1 |
40 | .Os | 40 | .Os |
@@ -361,17 +361,12 @@ electronic purse; another is going through firewalls. | |||
361 | .Nm | 361 | .Nm |
362 | automatically maintains and checks a database containing | 362 | automatically maintains and checks a database containing |
363 | identifications for all hosts it has ever been used with. | 363 | identifications for all hosts it has ever been used with. |
364 | RSA host keys are stored in | 364 | Host keys are stored in |
365 | .Pa $HOME/.ssh/known_hosts | 365 | .Pa $HOME/.ssh/known_hosts |
366 | and | ||
367 | host keys used in the protocol version 2 are stored in | ||
368 | .Pa $HOME/.ssh/known_hosts2 | ||
369 | in the user's home directory. | 366 | in the user's home directory. |
370 | Additionally, the files | 367 | Additionally, the file |
371 | .Pa /etc/ssh_known_hosts | 368 | .Pa /etc/ssh_known_hosts |
372 | and | 369 | is automatically checked for known hosts. |
373 | .Pa /etc/ssh_known_hosts2 | ||
374 | are automatically checked for known hosts. | ||
375 | Any new hosts are automatically added to the user's file. | 370 | Any new hosts are automatically added to the user's file. |
376 | If a host's identification | 371 | If a host's identification |
377 | ever changes, | 372 | ever changes, |
@@ -797,13 +792,9 @@ or | |||
797 | The default is | 792 | The default is |
798 | .Dq no . | 793 | .Dq no . |
799 | .It Cm GlobalKnownHostsFile | 794 | .It Cm GlobalKnownHostsFile |
800 | Specifies a file to use for the protocol version 1 global | 795 | Specifies a file to use for the global |
801 | host key database instead of | 796 | host key database instead of |
802 | .Pa /etc/ssh_known_hosts . | 797 | .Pa /etc/ssh_known_hosts . |
803 | .It Cm GlobalKnownHostsFile2 | ||
804 | Specifies a file to use for the protocol version 2 global | ||
805 | host key database instead of | ||
806 | .Pa /etc/ssh_known_hosts2 . | ||
807 | .It Cm HostbasedAuthentication | 798 | .It Cm HostbasedAuthentication |
808 | Specifies whether to try rhosts based authentication with public key | 799 | Specifies whether to try rhosts based authentication with public key |
809 | authentication. | 800 | authentication. |
@@ -1036,14 +1027,10 @@ If this flag is set to | |||
1036 | .Nm | 1027 | .Nm |
1037 | will never automatically add host keys to the | 1028 | will never automatically add host keys to the |
1038 | .Pa $HOME/.ssh/known_hosts | 1029 | .Pa $HOME/.ssh/known_hosts |
1039 | and | 1030 | file, and refuses to connect to hosts whose host key has changed. |
1040 | .Pa $HOME/.ssh/known_hosts2 | ||
1041 | files, and refuses to connect to hosts whose host key has changed. | ||
1042 | This provides maximum protection against trojan horse attacks. | 1031 | This provides maximum protection against trojan horse attacks. |
1043 | However, it can be somewhat annoying if you don't have good | 1032 | However, it can be somewhat annoying if you don't have good |
1044 | .Pa /etc/ssh_known_hosts | 1033 | .Pa /etc/ssh_known_hosts |
1045 | and | ||
1046 | .Pa /etc/ssh_known_hosts2 | ||
1047 | files installed and frequently | 1034 | files installed and frequently |
1048 | connect to new hosts. | 1035 | connect to new hosts. |
1049 | This option forces the user to manually | 1036 | This option forces the user to manually |
@@ -1090,13 +1077,9 @@ This can be useful if you have a different user name on different machines. | |||
1090 | This saves the trouble of | 1077 | This saves the trouble of |
1091 | having to remember to give the user name on the command line. | 1078 | having to remember to give the user name on the command line. |
1092 | .It Cm UserKnownHostsFile | 1079 | .It Cm UserKnownHostsFile |
1093 | Specifies a file to use for the protocol version 1 user | 1080 | Specifies a file to use for the user |
1094 | host key database instead of | 1081 | host key database instead of |
1095 | .Pa $HOME/.ssh/known_hosts . | 1082 | .Pa $HOME/.ssh/known_hosts . |
1096 | .It Cm UserKnownHostsFile2 | ||
1097 | Specifies a file to use for the protocol version 2 user | ||
1098 | host key database instead of | ||
1099 | .Pa $HOME/.ssh/known_hosts2 . | ||
1100 | .It Cm UseRsh | 1083 | .It Cm UseRsh |
1101 | Specifies that rlogin/rsh should be used for this host. | 1084 | Specifies that rlogin/rsh should be used for this host. |
1102 | It is possible that the host does not at all support the | 1085 | It is possible that the host does not at all support the |
@@ -1189,13 +1172,10 @@ and adds lines of the format | |||
1189 | to the environment. | 1172 | to the environment. |
1190 | .Sh FILES | 1173 | .Sh FILES |
1191 | .Bl -tag -width Ds | 1174 | .Bl -tag -width Ds |
1192 | .It Pa $HOME/.ssh/known_hosts, $HOME/.ssh/known_hosts2 | 1175 | .It Pa $HOME/.ssh/known_hosts |
1193 | Records host keys for all hosts the user has logged into (that are not | 1176 | Records host keys for all hosts the user has logged into (that are not |
1194 | in | 1177 | in |
1195 | .Pa /etc/ssh_known_hosts | 1178 | .Pa /etc/ssh_known_hosts . |
1196 | for protocol version 1 or | ||
1197 | .Pa /etc/ssh_known_hosts2 | ||
1198 | for protocol version 2). | ||
1199 | See | 1179 | See |
1200 | .Xr sshd 8 . | 1180 | .Xr sshd 8 . |
1201 | .It Pa $HOME/.ssh/identity, $HOME/.ssh/id_dsa, $HOME/.ssh/id_rsa | 1181 | .It Pa $HOME/.ssh/identity, $HOME/.ssh/id_dsa, $HOME/.ssh/id_rsa |
@@ -1246,22 +1226,19 @@ Lists the public keys (RSA/DSA) that can be used for logging in as this user. | |||
1246 | The format of this file is described in the | 1226 | The format of this file is described in the |
1247 | .Xr sshd 8 | 1227 | .Xr sshd 8 |
1248 | manual page. | 1228 | manual page. |
1229 | In the simplest form the format is the same as the .pub | ||
1230 | identity files. | ||
1249 | This file is not highly sensitive, but the recommended | 1231 | This file is not highly sensitive, but the recommended |
1250 | permissions are read/write for the user, and not accessible by others. | 1232 | permissions are read/write for the user, and not accessible by others. |
1251 | .It Pa /etc/ssh_known_hosts, /etc/ssh_known_hosts2 | 1233 | .It Pa /etc/ssh_known_hosts |
1252 | Systemwide list of known host keys. | 1234 | Systemwide list of known host keys. |
1253 | .Pa /etc/ssh_known_hosts | 1235 | This file should be prepared by the |
1254 | contains RSA and | ||
1255 | .Pa /etc/ssh_known_hosts2 | ||
1256 | contains RSA or DSA keys for protocol version 2. | ||
1257 | These files should be prepared by the | ||
1258 | system administrator to contain the public host keys of all machines in the | 1236 | system administrator to contain the public host keys of all machines in the |
1259 | organization. | 1237 | organization. |
1260 | This file should be world-readable. | 1238 | This file should be world-readable. |
1261 | This file contains | 1239 | This file contains |
1262 | public keys, one per line, in the following format (fields separated | 1240 | public keys, one per line, in the following format (fields separated |
1263 | by spaces): system name, number of bits in modulus, public exponent, | 1241 | by spaces): system name, public key and optional comment field. |
1264 | modulus, and optional comment field. | ||
1265 | When different names are used | 1242 | When different names are used |
1266 | for the same machine, all such names should be listed, separated by | 1243 | for the same machine, all such names should be listed, separated by |
1267 | commas. | 1244 | commas. |