diff options
Diffstat (limited to 'sshd.0')
| -rw-r--r-- | sshd.0 | 32 |
1 files changed, 18 insertions, 14 deletions
| @@ -78,10 +78,10 @@ DESCRIPTION | |||
| 78 | be given if sshd is not run as root (as the normal host key files | 78 | be given if sshd is not run as root (as the normal host key files |
| 79 | are normally not readable by anyone but root). The default is | 79 | are normally not readable by anyone but root). The default is |
| 80 | /etc/ssh/ssh_host_key for protocol version 1, and | 80 | /etc/ssh/ssh_host_key for protocol version 1, and |
| 81 | /etc/ssh/ssh_host_rsa_key and /etc/ssh/ssh_host_dsa_key for | 81 | /etc/ssh/ssh_host_dsa_key, /etc/ssh/ssh_host_ecdsa_key and |
| 82 | protocol version 2. It is possible to have multiple host key | 82 | /etc/ssh/ssh_host_rsa_key for protocol version 2. It is possible |
| 83 | files for the different protocol versions and host key | 83 | to have multiple host key files for the different protocol |
| 84 | algorithms. | 84 | versions and host key algorithms. |
| 85 | 85 | ||
| 86 | -i Specifies that sshd is being run from inetd(8). sshd is normally | 86 | -i Specifies that sshd is being run from inetd(8). sshd is normally |
| 87 | not run from inetd because it needs to generate the server key | 87 | not run from inetd because it needs to generate the server key |
| @@ -143,8 +143,8 @@ DESCRIPTION | |||
| 143 | AUTHENTICATION | 143 | AUTHENTICATION |
| 144 | The OpenSSH SSH daemon supports SSH protocols 1 and 2. The default is to | 144 | The OpenSSH SSH daemon supports SSH protocols 1 and 2. The default is to |
| 145 | use protocol 2 only, though this can be changed via the Protocol option | 145 | use protocol 2 only, though this can be changed via the Protocol option |
| 146 | in sshd_config(5). Protocol 2 supports both RSA and DSA keys; protocol 1 | 146 | in sshd_config(5). Protocol 2 supports DSA, ECDSA and RSA keys; protocol |
| 147 | only supports RSA keys. For both protocols, each host has a host- | 147 | 1 only supports RSA keys. For both protocols, each host has a host- |
| 148 | specific key, normally 2048 bits, used to identify the host. | 148 | specific key, normally 2048 bits, used to identify the host. |
| 149 | 149 | ||
| 150 | Forward security for protocol 1 is provided through an additional server | 150 | Forward security for protocol 1 is provided through an additional server |
| @@ -273,13 +273,15 @@ AUTHORIZED_KEYS FILE FORMAT | |||
| 273 | exponent, modulus, and comment fields give the RSA key for protocol | 273 | exponent, modulus, and comment fields give the RSA key for protocol |
| 274 | version 1; the comment field is not used for anything (but may be | 274 | version 1; the comment field is not used for anything (but may be |
| 275 | convenient for the user to identify the key). For protocol version 2 the | 275 | convenient for the user to identify the key). For protocol version 2 the |
| 276 | keytype is ``ssh-dss'' or ``ssh-rsa''. | 276 | keytype is ``ecdsa-sha2-nistp256'', ``ecdsa-sha2-nistp384'', |
| 277 | ``ecdsa-sha2-nistp521'', ``ssh-dss'' or ``ssh-rsa''. | ||
| 277 | 278 | ||
| 278 | Note that lines in this file are usually several hundred bytes long | 279 | Note that lines in this file are usually several hundred bytes long |
| 279 | (because of the size of the public key encoding) up to a limit of 8 | 280 | (because of the size of the public key encoding) up to a limit of 8 |
| 280 | kilobytes, which permits DSA keys up to 8 kilobits and RSA keys up to 16 | 281 | kilobytes, which permits DSA keys up to 8 kilobits and RSA keys up to 16 |
| 281 | kilobits. You don't want to type them in; instead, copy the | 282 | kilobits. You don't want to type them in; instead, copy the |
| 282 | identity.pub, id_dsa.pub, or the id_rsa.pub file and edit it. | 283 | identity.pub, id_dsa.pub, id_ecdsa.pub, or the id_rsa.pub file and edit |
| 284 | it. | ||
| 283 | 285 | ||
| 284 | sshd enforces a minimum RSA key modulus size for protocol 1 and protocol | 286 | sshd enforces a minimum RSA key modulus size for protocol 1 and protocol |
| 285 | 2 keys of 768 bits. | 287 | 2 keys of 768 bits. |
| @@ -504,11 +506,11 @@ FILES | |||
| 504 | for the user, and not accessible by others. | 506 | for the user, and not accessible by others. |
| 505 | 507 | ||
| 506 | ~/.ssh/authorized_keys | 508 | ~/.ssh/authorized_keys |
| 507 | Lists the public keys (RSA/DSA) that can be used for logging in | 509 | Lists the public keys (DSA/ECDSA/RSA) that can be used for |
| 508 | as this user. The format of this file is described above. The | 510 | logging in as this user. The format of this file is described |
| 509 | content of the file is not highly sensitive, but the recommended | 511 | above. The content of the file is not highly sensitive, but the |
| 510 | permissions are read/write for the user, and not accessible by | 512 | recommended permissions are read/write for the user, and not |
| 511 | others. | 513 | accessible by others. |
| 512 | 514 | ||
| 513 | If this file, the ~/.ssh directory, or the user's home directory | 515 | If this file, the ~/.ssh directory, or the user's home directory |
| 514 | are writable by other users, then the file could be modified or | 516 | are writable by other users, then the file could be modified or |
| @@ -565,6 +567,7 @@ FILES | |||
| 565 | 567 | ||
| 566 | /etc/ssh/ssh_host_key | 568 | /etc/ssh/ssh_host_key |
| 567 | /etc/ssh/ssh_host_dsa_key | 569 | /etc/ssh/ssh_host_dsa_key |
| 570 | /etc/ssh/ssh_host_ecdsa_key | ||
| 568 | /etc/ssh/ssh_host_rsa_key | 571 | /etc/ssh/ssh_host_rsa_key |
| 569 | These three files contain the private parts of the host keys. | 572 | These three files contain the private parts of the host keys. |
| 570 | These files should only be owned by root, readable only by root, | 573 | These files should only be owned by root, readable only by root, |
| @@ -573,6 +576,7 @@ FILES | |||
| 573 | 576 | ||
| 574 | /etc/ssh/ssh_host_key.pub | 577 | /etc/ssh/ssh_host_key.pub |
| 575 | /etc/ssh/ssh_host_dsa_key.pub | 578 | /etc/ssh/ssh_host_dsa_key.pub |
| 579 | /etc/ssh/ssh_host_ecdsa_key.pub | ||
| 576 | /etc/ssh/ssh_host_rsa_key.pub | 580 | /etc/ssh/ssh_host_rsa_key.pub |
| 577 | These three files contain the public parts of the host keys. | 581 | These three files contain the public parts of the host keys. |
| 578 | These files should be world-readable but writable only by root. | 582 | These files should be world-readable but writable only by root. |
| @@ -627,4 +631,4 @@ CAVEATS | |||
| 627 | System security is not improved unless rshd, rlogind, and rexecd are | 631 | System security is not improved unless rshd, rlogind, and rexecd are |
| 628 | disabled (thus completely disabling rlogin and rsh into the machine). | 632 | disabled (thus completely disabling rlogin and rsh into the machine). |
| 629 | 633 | ||
| 630 | OpenBSD 4.8 August 4, 2010 OpenBSD 4.8 | 634 | OpenBSD 4.8 October 28, 2010 OpenBSD 4.8 |