diff options
Diffstat (limited to 'ssh.1')
-rw-r--r-- | ssh.1 | 70 |
1 files changed, 35 insertions, 35 deletions
@@ -34,7 +34,7 @@ | |||
34 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 34 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
35 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 35 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
36 | .\" | 36 | .\" |
37 | .\" $OpenBSD: ssh.1,v 1.206 2005/04/14 12:30:30 jmc Exp $ | 37 | .\" $OpenBSD: ssh.1,v 1.207 2005/04/21 06:17:50 djm Exp $ |
38 | .Dd September 25, 1999 | 38 | .Dd September 25, 1999 |
39 | .Dt SSH 1 | 39 | .Dt SSH 1 |
40 | .Os | 40 | .Os |
@@ -109,9 +109,9 @@ or | |||
109 | .Pa /etc/shosts.equiv | 109 | .Pa /etc/shosts.equiv |
110 | on the remote machine, and the user names are | 110 | on the remote machine, and the user names are |
111 | the same on both sides, or if the files | 111 | the same on both sides, or if the files |
112 | .Pa $HOME/.rhosts | 112 | .Pa ~/.rhosts |
113 | or | 113 | or |
114 | .Pa $HOME/.shosts | 114 | .Pa ~/.shosts |
115 | exist in the user's home directory on the | 115 | exist in the user's home directory on the |
116 | remote machine and contain a line containing the name of the client | 116 | remote machine and contain a line containing the name of the client |
117 | machine and the name of the user on that machine, the user is | 117 | machine and the name of the user on that machine, the user is |
@@ -120,7 +120,7 @@ Additionally, if the server can verify the client's | |||
120 | host key (see | 120 | host key (see |
121 | .Pa /etc/ssh/ssh_known_hosts | 121 | .Pa /etc/ssh/ssh_known_hosts |
122 | and | 122 | and |
123 | .Pa $HOME/.ssh/known_hosts | 123 | .Pa ~/.ssh/known_hosts |
124 | in the | 124 | in the |
125 | .Sx FILES | 125 | .Sx FILES |
126 | section), only then is login permitted. | 126 | section), only then is login permitted. |
@@ -128,7 +128,7 @@ This authentication method closes security holes due to IP | |||
128 | spoofing, DNS spoofing and routing spoofing. | 128 | spoofing, DNS spoofing and routing spoofing. |
129 | [Note to the administrator: | 129 | [Note to the administrator: |
130 | .Pa /etc/hosts.equiv , | 130 | .Pa /etc/hosts.equiv , |
131 | .Pa $HOME/.rhosts , | 131 | .Pa ~/.rhosts , |
132 | and the rlogin/rsh protocol in general, are inherently insecure and should be | 132 | and the rlogin/rsh protocol in general, are inherently insecure and should be |
133 | disabled if security is desired.] | 133 | disabled if security is desired.] |
134 | .Pp | 134 | .Pp |
@@ -144,7 +144,7 @@ key pair for authentication purposes. | |||
144 | The server knows the public key, and only the user knows the private key. | 144 | The server knows the public key, and only the user knows the private key. |
145 | .Pp | 145 | .Pp |
146 | The file | 146 | The file |
147 | .Pa $HOME/.ssh/authorized_keys | 147 | .Pa ~/.ssh/authorized_keys |
148 | lists the public keys that are permitted for logging in. | 148 | lists the public keys that are permitted for logging in. |
149 | When the user logs in, the | 149 | When the user logs in, the |
150 | .Nm | 150 | .Nm |
@@ -165,18 +165,18 @@ implements the RSA authentication protocol automatically. | |||
165 | The user creates his/her RSA key pair by running | 165 | The user creates his/her RSA key pair by running |
166 | .Xr ssh-keygen 1 . | 166 | .Xr ssh-keygen 1 . |
167 | This stores the private key in | 167 | This stores the private key in |
168 | .Pa $HOME/.ssh/identity | 168 | .Pa ~/.ssh/identity |
169 | and stores the public key in | 169 | and stores the public key in |
170 | .Pa $HOME/.ssh/identity.pub | 170 | .Pa ~/.ssh/identity.pub |
171 | in the user's home directory. | 171 | in the user's home directory. |
172 | The user should then copy the | 172 | The user should then copy the |
173 | .Pa identity.pub | 173 | .Pa identity.pub |
174 | to | 174 | to |
175 | .Pa $HOME/.ssh/authorized_keys | 175 | .Pa ~/.ssh/authorized_keys |
176 | in his/her home directory on the remote machine (the | 176 | in his/her home directory on the remote machine (the |
177 | .Pa authorized_keys | 177 | .Pa authorized_keys |
178 | file corresponds to the conventional | 178 | file corresponds to the conventional |
179 | .Pa $HOME/.rhosts | 179 | .Pa ~/.rhosts |
180 | file, and has one key | 180 | file, and has one key |
181 | per line, though the lines can be very long). | 181 | per line, though the lines can be very long). |
182 | After this, the user can log in without giving the password. | 182 | After this, the user can log in without giving the password. |
@@ -206,12 +206,12 @@ password authentication are tried. | |||
206 | The public key method is similar to RSA authentication described | 206 | The public key method is similar to RSA authentication described |
207 | in the previous section and allows the RSA or DSA algorithm to be used: | 207 | in the previous section and allows the RSA or DSA algorithm to be used: |
208 | The client uses his private key, | 208 | The client uses his private key, |
209 | .Pa $HOME/.ssh/id_dsa | 209 | .Pa ~/.ssh/id_dsa |
210 | or | 210 | or |
211 | .Pa $HOME/.ssh/id_rsa , | 211 | .Pa ~/.ssh/id_rsa , |
212 | to sign the session identifier and sends the result to the server. | 212 | to sign the session identifier and sends the result to the server. |
213 | The server checks whether the matching public key is listed in | 213 | The server checks whether the matching public key is listed in |
214 | .Pa $HOME/.ssh/authorized_keys | 214 | .Pa ~/.ssh/authorized_keys |
215 | and grants access if both the key is found and the signature is correct. | 215 | and grants access if both the key is found and the signature is correct. |
216 | The session identifier is derived from a shared Diffie-Hellman value | 216 | The session identifier is derived from a shared Diffie-Hellman value |
217 | and is only known to the client and the server. | 217 | and is only known to the client and the server. |
@@ -365,7 +365,7 @@ electronic purse; another is going through firewalls. | |||
365 | automatically maintains and checks a database containing | 365 | automatically maintains and checks a database containing |
366 | identifications for all hosts it has ever been used with. | 366 | identifications for all hosts it has ever been used with. |
367 | Host keys are stored in | 367 | Host keys are stored in |
368 | .Pa $HOME/.ssh/known_hosts | 368 | .Pa ~/.ssh/known_hosts |
369 | in the user's home directory. | 369 | in the user's home directory. |
370 | Additionally, the file | 370 | Additionally, the file |
371 | .Pa /etc/ssh/ssh_known_hosts | 371 | .Pa /etc/ssh/ssh_known_hosts |
@@ -522,7 +522,7 @@ the system-wide configuration file | |||
522 | .Pq Pa /etc/ssh/ssh_config | 522 | .Pq Pa /etc/ssh/ssh_config |
523 | will be ignored. | 523 | will be ignored. |
524 | The default for the per-user configuration file is | 524 | The default for the per-user configuration file is |
525 | .Pa $HOME/.ssh/config . | 525 | .Pa ~/.ssh/config . |
526 | .It Fl f | 526 | .It Fl f |
527 | Requests | 527 | Requests |
528 | .Nm | 528 | .Nm |
@@ -548,11 +548,11 @@ private RSA key. | |||
548 | Selects a file from which the identity (private key) for | 548 | Selects a file from which the identity (private key) for |
549 | RSA or DSA authentication is read. | 549 | RSA or DSA authentication is read. |
550 | The default is | 550 | The default is |
551 | .Pa $HOME/.ssh/identity | 551 | .Pa ~/.ssh/identity |
552 | for protocol version 1, and | 552 | for protocol version 1, and |
553 | .Pa $HOME/.ssh/id_rsa | 553 | .Pa ~/.ssh/id_rsa |
554 | and | 554 | and |
555 | .Pa $HOME/.ssh/id_dsa | 555 | .Pa ~/.ssh/id_dsa |
556 | for protocol version 2. | 556 | for protocol version 2. |
557 | Identity files may also be specified on | 557 | Identity files may also be specified on |
558 | a per-host basis in the configuration file. | 558 | a per-host basis in the configuration file. |
@@ -941,7 +941,7 @@ Set to the name of the user logging in. | |||
941 | Additionally, | 941 | Additionally, |
942 | .Nm | 942 | .Nm |
943 | reads | 943 | reads |
944 | .Pa $HOME/.ssh/environment , | 944 | .Pa ~/.ssh/environment , |
945 | and adds lines of the format | 945 | and adds lines of the format |
946 | .Dq VARNAME=value | 946 | .Dq VARNAME=value |
947 | to the environment if the file exists and if users are allowed to | 947 | to the environment if the file exists and if users are allowed to |
@@ -952,13 +952,13 @@ option in | |||
952 | .Xr sshd_config 5 . | 952 | .Xr sshd_config 5 . |
953 | .Sh FILES | 953 | .Sh FILES |
954 | .Bl -tag -width Ds | 954 | .Bl -tag -width Ds |
955 | .It Pa $HOME/.ssh/known_hosts | 955 | .It Pa ~/.ssh/known_hosts |
956 | Records host keys for all hosts the user has logged into that are not | 956 | Records host keys for all hosts the user has logged into that are not |
957 | in | 957 | in |
958 | .Pa /etc/ssh/ssh_known_hosts . | 958 | .Pa /etc/ssh/ssh_known_hosts . |
959 | See | 959 | See |
960 | .Xr sshd 8 . | 960 | .Xr sshd 8 . |
961 | .It Pa $HOME/.ssh/identity, $HOME/.ssh/id_dsa, $HOME/.ssh/id_rsa | 961 | .It Pa ~/.ssh/identity, ~/.ssh/id_dsa, ~/.ssh/id_rsa |
962 | Contains the authentication identity of the user. | 962 | Contains the authentication identity of the user. |
963 | They are for protocol 1 RSA, protocol 2 DSA, and protocol 2 RSA, respectively. | 963 | They are for protocol 1 RSA, protocol 2 DSA, and protocol 2 RSA, respectively. |
964 | These files | 964 | These files |
@@ -970,21 +970,21 @@ ignores a private key file if it is accessible by others. | |||
970 | It is possible to specify a passphrase when | 970 | It is possible to specify a passphrase when |
971 | generating the key; the passphrase will be used to encrypt the | 971 | generating the key; the passphrase will be used to encrypt the |
972 | sensitive part of this file using 3DES. | 972 | sensitive part of this file using 3DES. |
973 | .It Pa $HOME/.ssh/identity.pub, $HOME/.ssh/id_dsa.pub, $HOME/.ssh/id_rsa.pub | 973 | .It Pa ~/.ssh/identity.pub, ~/.ssh/id_dsa.pub, ~/.ssh/id_rsa.pub |
974 | Contains the public key for authentication (public part of the | 974 | Contains the public key for authentication (public part of the |
975 | identity file in human-readable form). | 975 | identity file in human-readable form). |
976 | The contents of the | 976 | The contents of the |
977 | .Pa $HOME/.ssh/identity.pub | 977 | .Pa ~/.ssh/identity.pub |
978 | file should be added to the file | 978 | file should be added to the file |
979 | .Pa $HOME/.ssh/authorized_keys | 979 | .Pa ~/.ssh/authorized_keys |
980 | on all machines | 980 | on all machines |
981 | where the user wishes to log in using protocol version 1 RSA authentication. | 981 | where the user wishes to log in using protocol version 1 RSA authentication. |
982 | The contents of the | 982 | The contents of the |
983 | .Pa $HOME/.ssh/id_dsa.pub | 983 | .Pa ~/.ssh/id_dsa.pub |
984 | and | 984 | and |
985 | .Pa $HOME/.ssh/id_rsa.pub | 985 | .Pa ~/.ssh/id_rsa.pub |
986 | file should be added to | 986 | file should be added to |
987 | .Pa $HOME/.ssh/authorized_keys | 987 | .Pa ~/.ssh/authorized_keys |
988 | on all machines | 988 | on all machines |
989 | where the user wishes to log in using protocol version 2 DSA/RSA authentication. | 989 | where the user wishes to log in using protocol version 2 DSA/RSA authentication. |
990 | These files are not | 990 | These files are not |
@@ -992,13 +992,13 @@ sensitive and can (but need not) be readable by anyone. | |||
992 | These files are | 992 | These files are |
993 | never used automatically and are not necessary; they are only provided for | 993 | never used automatically and are not necessary; they are only provided for |
994 | the convenience of the user. | 994 | the convenience of the user. |
995 | .It Pa $HOME/.ssh/config | 995 | .It Pa ~/.ssh/config |
996 | This is the per-user configuration file. | 996 | This is the per-user configuration file. |
997 | The file format and configuration options are described in | 997 | The file format and configuration options are described in |
998 | .Xr ssh_config 5 . | 998 | .Xr ssh_config 5 . |
999 | Because of the potential for abuse, this file must have strict permissions: | 999 | Because of the potential for abuse, this file must have strict permissions: |
1000 | read/write for the user, and not accessible by others. | 1000 | read/write for the user, and not accessible by others. |
1001 | .It Pa $HOME/.ssh/authorized_keys | 1001 | .It Pa ~/.ssh/authorized_keys |
1002 | Lists the public keys (RSA/DSA) that can be used for logging in as this user. | 1002 | Lists the public keys (RSA/DSA) that can be used for logging in as this user. |
1003 | The format of this file is described in the | 1003 | The format of this file is described in the |
1004 | .Xr sshd 8 | 1004 | .Xr sshd 8 |
@@ -1058,7 +1058,7 @@ be setuid root when that authentication method is used. | |||
1058 | By default | 1058 | By default |
1059 | .Nm | 1059 | .Nm |
1060 | is not setuid root. | 1060 | is not setuid root. |
1061 | .It Pa $HOME/.rhosts | 1061 | .It Pa ~/.rhosts |
1062 | This file is used in | 1062 | This file is used in |
1063 | .Cm RhostsRSAAuthentication | 1063 | .Cm RhostsRSAAuthentication |
1064 | and | 1064 | and |
@@ -1088,12 +1088,12 @@ authentication before permitting log in. | |||
1088 | If the server machine does not have the client's host key in | 1088 | If the server machine does not have the client's host key in |
1089 | .Pa /etc/ssh/ssh_known_hosts , | 1089 | .Pa /etc/ssh/ssh_known_hosts , |
1090 | it can be stored in | 1090 | it can be stored in |
1091 | .Pa $HOME/.ssh/known_hosts . | 1091 | .Pa ~/.ssh/known_hosts . |
1092 | The easiest way to do this is to | 1092 | The easiest way to do this is to |
1093 | connect back to the client from the server machine using ssh; this | 1093 | connect back to the client from the server machine using ssh; this |
1094 | will automatically add the host key to | 1094 | will automatically add the host key to |
1095 | .Pa $HOME/.ssh/known_hosts . | 1095 | .Pa ~/.ssh/known_hosts . |
1096 | .It Pa $HOME/.shosts | 1096 | .It Pa ~/.shosts |
1097 | This file is used exactly the same way as | 1097 | This file is used exactly the same way as |
1098 | .Pa .rhosts . | 1098 | .Pa .rhosts . |
1099 | The purpose for | 1099 | The purpose for |
@@ -1133,7 +1133,7 @@ when the user logs in just before the user's shell (or command) is started. | |||
1133 | See the | 1133 | See the |
1134 | .Xr sshd 8 | 1134 | .Xr sshd 8 |
1135 | manual page for more information. | 1135 | manual page for more information. |
1136 | .It Pa $HOME/.ssh/rc | 1136 | .It Pa ~/.ssh/rc |
1137 | Commands in this file are executed by | 1137 | Commands in this file are executed by |
1138 | .Nm | 1138 | .Nm |
1139 | when the user logs in just before the user's shell (or command) is | 1139 | when the user logs in just before the user's shell (or command) is |
@@ -1141,7 +1141,7 @@ started. | |||
1141 | See the | 1141 | See the |
1142 | .Xr sshd 8 | 1142 | .Xr sshd 8 |
1143 | manual page for more information. | 1143 | manual page for more information. |
1144 | .It Pa $HOME/.ssh/environment | 1144 | .It Pa ~/.ssh/environment |
1145 | Contains additional definitions for environment variables, see section | 1145 | Contains additional definitions for environment variables, see section |
1146 | .Sx ENVIRONMENT | 1146 | .Sx ENVIRONMENT |
1147 | above. | 1147 | above. |