summaryrefslogtreecommitdiff
path: root/ssh.1
diff options
context:
space:
mode:
Diffstat (limited to 'ssh.1')
-rw-r--r--ssh.170
1 files changed, 35 insertions, 35 deletions
diff --git a/ssh.1 b/ssh.1
index 4cbab7477..05d2234a3 100644
--- a/ssh.1
+++ b/ssh.1
@@ -34,7 +34,7 @@
34.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 34.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
35.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 35.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
36.\" 36.\"
37.\" $OpenBSD: ssh.1,v 1.206 2005/04/14 12:30:30 jmc Exp $ 37.\" $OpenBSD: ssh.1,v 1.207 2005/04/21 06:17:50 djm Exp $
38.Dd September 25, 1999 38.Dd September 25, 1999
39.Dt SSH 1 39.Dt SSH 1
40.Os 40.Os
@@ -109,9 +109,9 @@ or
109.Pa /etc/shosts.equiv 109.Pa /etc/shosts.equiv
110on the remote machine, and the user names are 110on the remote machine, and the user names are
111the same on both sides, or if the files 111the same on both sides, or if the files
112.Pa $HOME/.rhosts 112.Pa ~/.rhosts
113or 113or
114.Pa $HOME/.shosts 114.Pa ~/.shosts
115exist in the user's home directory on the 115exist in the user's home directory on the
116remote machine and contain a line containing the name of the client 116remote machine and contain a line containing the name of the client
117machine and the name of the user on that machine, the user is 117machine and the name of the user on that machine, the user is
@@ -120,7 +120,7 @@ Additionally, if the server can verify the client's
120host key (see 120host key (see
121.Pa /etc/ssh/ssh_known_hosts 121.Pa /etc/ssh/ssh_known_hosts
122and 122and
123.Pa $HOME/.ssh/known_hosts 123.Pa ~/.ssh/known_hosts
124in the 124in the
125.Sx FILES 125.Sx FILES
126section), only then is login permitted. 126section), only then is login permitted.
@@ -128,7 +128,7 @@ This authentication method closes security holes due to IP
128spoofing, DNS spoofing and routing spoofing. 128spoofing, DNS spoofing and routing spoofing.
129[Note to the administrator: 129[Note to the administrator:
130.Pa /etc/hosts.equiv , 130.Pa /etc/hosts.equiv ,
131.Pa $HOME/.rhosts , 131.Pa ~/.rhosts ,
132and the rlogin/rsh protocol in general, are inherently insecure and should be 132and the rlogin/rsh protocol in general, are inherently insecure and should be
133disabled if security is desired.] 133disabled if security is desired.]
134.Pp 134.Pp
@@ -144,7 +144,7 @@ key pair for authentication purposes.
144The server knows the public key, and only the user knows the private key. 144The server knows the public key, and only the user knows the private key.
145.Pp 145.Pp
146The file 146The file
147.Pa $HOME/.ssh/authorized_keys 147.Pa ~/.ssh/authorized_keys
148lists the public keys that are permitted for logging in. 148lists the public keys that are permitted for logging in.
149When the user logs in, the 149When the user logs in, the
150.Nm 150.Nm
@@ -165,18 +165,18 @@ implements the RSA authentication protocol automatically.
165The user creates his/her RSA key pair by running 165The user creates his/her RSA key pair by running
166.Xr ssh-keygen 1 . 166.Xr ssh-keygen 1 .
167This stores the private key in 167This stores the private key in
168.Pa $HOME/.ssh/identity 168.Pa ~/.ssh/identity
169and stores the public key in 169and stores the public key in
170.Pa $HOME/.ssh/identity.pub 170.Pa ~/.ssh/identity.pub
171in the user's home directory. 171in the user's home directory.
172The user should then copy the 172The user should then copy the
173.Pa identity.pub 173.Pa identity.pub
174to 174to
175.Pa $HOME/.ssh/authorized_keys 175.Pa ~/.ssh/authorized_keys
176in his/her home directory on the remote machine (the 176in his/her home directory on the remote machine (the
177.Pa authorized_keys 177.Pa authorized_keys
178file corresponds to the conventional 178file corresponds to the conventional
179.Pa $HOME/.rhosts 179.Pa ~/.rhosts
180file, and has one key 180file, and has one key
181per line, though the lines can be very long). 181per line, though the lines can be very long).
182After this, the user can log in without giving the password. 182After this, the user can log in without giving the password.
@@ -206,12 +206,12 @@ password authentication are tried.
206The public key method is similar to RSA authentication described 206The public key method is similar to RSA authentication described
207in the previous section and allows the RSA or DSA algorithm to be used: 207in the previous section and allows the RSA or DSA algorithm to be used:
208The client uses his private key, 208The client uses his private key,
209.Pa $HOME/.ssh/id_dsa 209.Pa ~/.ssh/id_dsa
210or 210or
211.Pa $HOME/.ssh/id_rsa , 211.Pa ~/.ssh/id_rsa ,
212to sign the session identifier and sends the result to the server. 212to sign the session identifier and sends the result to the server.
213The server checks whether the matching public key is listed in 213The server checks whether the matching public key is listed in
214.Pa $HOME/.ssh/authorized_keys 214.Pa ~/.ssh/authorized_keys
215and grants access if both the key is found and the signature is correct. 215and grants access if both the key is found and the signature is correct.
216The session identifier is derived from a shared Diffie-Hellman value 216The session identifier is derived from a shared Diffie-Hellman value
217and is only known to the client and the server. 217and is only known to the client and the server.
@@ -365,7 +365,7 @@ electronic purse; another is going through firewalls.
365automatically maintains and checks a database containing 365automatically maintains and checks a database containing
366identifications for all hosts it has ever been used with. 366identifications for all hosts it has ever been used with.
367Host keys are stored in 367Host keys are stored in
368.Pa $HOME/.ssh/known_hosts 368.Pa ~/.ssh/known_hosts
369in the user's home directory. 369in the user's home directory.
370Additionally, the file 370Additionally, the file
371.Pa /etc/ssh/ssh_known_hosts 371.Pa /etc/ssh/ssh_known_hosts
@@ -522,7 +522,7 @@ the system-wide configuration file
522.Pq Pa /etc/ssh/ssh_config 522.Pq Pa /etc/ssh/ssh_config
523will be ignored. 523will be ignored.
524The default for the per-user configuration file is 524The default for the per-user configuration file is
525.Pa $HOME/.ssh/config . 525.Pa ~/.ssh/config .
526.It Fl f 526.It Fl f
527Requests 527Requests
528.Nm 528.Nm
@@ -548,11 +548,11 @@ private RSA key.
548Selects a file from which the identity (private key) for 548Selects a file from which the identity (private key) for
549RSA or DSA authentication is read. 549RSA or DSA authentication is read.
550The default is 550The default is
551.Pa $HOME/.ssh/identity 551.Pa ~/.ssh/identity
552for protocol version 1, and 552for protocol version 1, and
553.Pa $HOME/.ssh/id_rsa 553.Pa ~/.ssh/id_rsa
554and 554and
555.Pa $HOME/.ssh/id_dsa 555.Pa ~/.ssh/id_dsa
556for protocol version 2. 556for protocol version 2.
557Identity files may also be specified on 557Identity files may also be specified on
558a per-host basis in the configuration file. 558a per-host basis in the configuration file.
@@ -941,7 +941,7 @@ Set to the name of the user logging in.
941Additionally, 941Additionally,
942.Nm 942.Nm
943reads 943reads
944.Pa $HOME/.ssh/environment , 944.Pa ~/.ssh/environment ,
945and adds lines of the format 945and adds lines of the format
946.Dq VARNAME=value 946.Dq VARNAME=value
947to the environment if the file exists and if users are allowed to 947to the environment if the file exists and if users are allowed to
@@ -952,13 +952,13 @@ option in
952.Xr sshd_config 5 . 952.Xr sshd_config 5 .
953.Sh FILES 953.Sh FILES
954.Bl -tag -width Ds 954.Bl -tag -width Ds
955.It Pa $HOME/.ssh/known_hosts 955.It Pa ~/.ssh/known_hosts
956Records host keys for all hosts the user has logged into that are not 956Records host keys for all hosts the user has logged into that are not
957in 957in
958.Pa /etc/ssh/ssh_known_hosts . 958.Pa /etc/ssh/ssh_known_hosts .
959See 959See
960.Xr sshd 8 . 960.Xr sshd 8 .
961.It Pa $HOME/.ssh/identity, $HOME/.ssh/id_dsa, $HOME/.ssh/id_rsa 961.It Pa ~/.ssh/identity, ~/.ssh/id_dsa, ~/.ssh/id_rsa
962Contains the authentication identity of the user. 962Contains the authentication identity of the user.
963They are for protocol 1 RSA, protocol 2 DSA, and protocol 2 RSA, respectively. 963They are for protocol 1 RSA, protocol 2 DSA, and protocol 2 RSA, respectively.
964These files 964These files
@@ -970,21 +970,21 @@ ignores a private key file if it is accessible by others.
970It is possible to specify a passphrase when 970It is possible to specify a passphrase when
971generating the key; the passphrase will be used to encrypt the 971generating the key; the passphrase will be used to encrypt the
972sensitive part of this file using 3DES. 972sensitive part of this file using 3DES.
973.It Pa $HOME/.ssh/identity.pub, $HOME/.ssh/id_dsa.pub, $HOME/.ssh/id_rsa.pub 973.It Pa ~/.ssh/identity.pub, ~/.ssh/id_dsa.pub, ~/.ssh/id_rsa.pub
974Contains the public key for authentication (public part of the 974Contains the public key for authentication (public part of the
975identity file in human-readable form). 975identity file in human-readable form).
976The contents of the 976The contents of the
977.Pa $HOME/.ssh/identity.pub 977.Pa ~/.ssh/identity.pub
978file should be added to the file 978file should be added to the file
979.Pa $HOME/.ssh/authorized_keys 979.Pa ~/.ssh/authorized_keys
980on all machines 980on all machines
981where the user wishes to log in using protocol version 1 RSA authentication. 981where the user wishes to log in using protocol version 1 RSA authentication.
982The contents of the 982The contents of the
983.Pa $HOME/.ssh/id_dsa.pub 983.Pa ~/.ssh/id_dsa.pub
984and 984and
985.Pa $HOME/.ssh/id_rsa.pub 985.Pa ~/.ssh/id_rsa.pub
986file should be added to 986file should be added to
987.Pa $HOME/.ssh/authorized_keys 987.Pa ~/.ssh/authorized_keys
988on all machines 988on all machines
989where the user wishes to log in using protocol version 2 DSA/RSA authentication. 989where the user wishes to log in using protocol version 2 DSA/RSA authentication.
990These files are not 990These files are not
@@ -992,13 +992,13 @@ sensitive and can (but need not) be readable by anyone.
992These files are 992These files are
993never used automatically and are not necessary; they are only provided for 993never used automatically and are not necessary; they are only provided for
994the convenience of the user. 994the convenience of the user.
995.It Pa $HOME/.ssh/config 995.It Pa ~/.ssh/config
996This is the per-user configuration file. 996This is the per-user configuration file.
997The file format and configuration options are described in 997The file format and configuration options are described in
998.Xr ssh_config 5 . 998.Xr ssh_config 5 .
999Because of the potential for abuse, this file must have strict permissions: 999Because of the potential for abuse, this file must have strict permissions:
1000read/write for the user, and not accessible by others. 1000read/write for the user, and not accessible by others.
1001.It Pa $HOME/.ssh/authorized_keys 1001.It Pa ~/.ssh/authorized_keys
1002Lists the public keys (RSA/DSA) that can be used for logging in as this user. 1002Lists the public keys (RSA/DSA) that can be used for logging in as this user.
1003The format of this file is described in the 1003The format of this file is described in the
1004.Xr sshd 8 1004.Xr sshd 8
@@ -1058,7 +1058,7 @@ be setuid root when that authentication method is used.
1058By default 1058By default
1059.Nm 1059.Nm
1060is not setuid root. 1060is not setuid root.
1061.It Pa $HOME/.rhosts 1061.It Pa ~/.rhosts
1062This file is used in 1062This file is used in
1063.Cm RhostsRSAAuthentication 1063.Cm RhostsRSAAuthentication
1064and 1064and
@@ -1088,12 +1088,12 @@ authentication before permitting log in.
1088If the server machine does not have the client's host key in 1088If the server machine does not have the client's host key in
1089.Pa /etc/ssh/ssh_known_hosts , 1089.Pa /etc/ssh/ssh_known_hosts ,
1090it can be stored in 1090it can be stored in
1091.Pa $HOME/.ssh/known_hosts . 1091.Pa ~/.ssh/known_hosts .
1092The easiest way to do this is to 1092The easiest way to do this is to
1093connect back to the client from the server machine using ssh; this 1093connect back to the client from the server machine using ssh; this
1094will automatically add the host key to 1094will automatically add the host key to
1095.Pa $HOME/.ssh/known_hosts . 1095.Pa ~/.ssh/known_hosts .
1096.It Pa $HOME/.shosts 1096.It Pa ~/.shosts
1097This file is used exactly the same way as 1097This file is used exactly the same way as
1098.Pa .rhosts . 1098.Pa .rhosts .
1099The purpose for 1099The purpose for
@@ -1133,7 +1133,7 @@ when the user logs in just before the user's shell (or command) is started.
1133See the 1133See the
1134.Xr sshd 8 1134.Xr sshd 8
1135manual page for more information. 1135manual page for more information.
1136.It Pa $HOME/.ssh/rc 1136.It Pa ~/.ssh/rc
1137Commands in this file are executed by 1137Commands in this file are executed by
1138.Nm 1138.Nm
1139when the user logs in just before the user's shell (or command) is 1139when the user logs in just before the user's shell (or command) is
@@ -1141,7 +1141,7 @@ started.
1141See the 1141See the
1142.Xr sshd 8 1142.Xr sshd 8
1143manual page for more information. 1143manual page for more information.
1144.It Pa $HOME/.ssh/environment 1144.It Pa ~/.ssh/environment
1145Contains additional definitions for environment variables, see section 1145Contains additional definitions for environment variables, see section
1146.Sx ENVIRONMENT 1146.Sx ENVIRONMENT
1147above. 1147above.