diff options
Diffstat (limited to 'sshd.0')
| -rw-r--r-- | sshd.0 | 37 |
1 files changed, 19 insertions, 18 deletions
| @@ -9,8 +9,8 @@ SYNOPSIS | |||
| 9 | 9 | ||
| 10 | DESCRIPTION | 10 | DESCRIPTION |
| 11 | sshd (OpenSSH Daemon) is the daemon program for ssh(1). Together these | 11 | sshd (OpenSSH Daemon) is the daemon program for ssh(1). Together these |
| 12 | programs replace rlogin and rsh, and provide secure encrypted communica- | 12 | programs replace rlogin(1) and rsh(1), and provide secure encrypted com- |
| 13 | tions between two untrusted hosts over an insecure network. | 13 | munications between two untrusted hosts over an insecure network. |
| 14 | 14 | ||
| 15 | sshd listens for connections from clients. It is normally started at | 15 | sshd listens for connections from clients. It is normally started at |
| 16 | boot from /etc/rc. It forks a new daemon for each incoming connection. | 16 | boot from /etc/rc. It forks a new daemon for each incoming connection. |
| @@ -45,7 +45,7 @@ DESCRIPTION | |||
| 45 | -e When this option is specified, sshd will send the output to the | 45 | -e When this option is specified, sshd will send the output to the |
| 46 | standard error instead of the system log. | 46 | standard error instead of the system log. |
| 47 | 47 | ||
| 48 | -f configuration_file | 48 | -f config_file |
| 49 | Specifies the name of the configuration file. The default is | 49 | Specifies the name of the configuration file. The default is |
| 50 | /etc/ssh/sshd_config. sshd refuses to start if there is no con- | 50 | /etc/ssh/sshd_config. sshd refuses to start if there is no con- |
| 51 | figuration file. | 51 | figuration file. |
| @@ -143,7 +143,8 @@ AUTHENTICATION | |||
| 143 | AES, Blowfish, 3DES, CAST128, Arcfour, 192-bit AES, or 256-bit AES. The | 143 | AES, Blowfish, 3DES, CAST128, Arcfour, 192-bit AES, or 256-bit AES. The |
| 144 | client selects the encryption algorithm to use from those offered by the | 144 | client selects the encryption algorithm to use from those offered by the |
| 145 | server. Additionally, session integrity is provided through a crypto- | 145 | server. Additionally, session integrity is provided through a crypto- |
| 146 | graphic message authentication code (hmac-sha1 or hmac-md5). | 146 | graphic message authentication code (hmac-md5, hmac-sha1, umac-64 or |
| 147 | hmac-ripemd160). | ||
| 147 | 148 | ||
| 148 | Finally, the server and the client enter an authentication dialog. The | 149 | Finally, the server and the client enter an authentication dialog. The |
| 149 | client tries to authenticate itself using host-based authentication, pub- | 150 | client tries to authenticate itself using host-based authentication, pub- |
| @@ -156,10 +157,10 @@ AUTHENTICATION | |||
| 156 | tion of a locked account is system dependant. Some platforms have their | 157 | tion of a locked account is system dependant. Some platforms have their |
| 157 | own account database (eg AIX) and some modify the passwd field ( `*LK*' | 158 | own account database (eg AIX) and some modify the passwd field ( `*LK*' |
| 158 | on Solaris and UnixWare, `*' on HP-UX, containing `Nologin' on Tru64, a | 159 | on Solaris and UnixWare, `*' on HP-UX, containing `Nologin' on Tru64, a |
| 159 | leading `*LOCKED*' on FreeBSD and a leading `!!' on Linux). If there is | 160 | leading `*LOCKED*' on FreeBSD and a leading `!' on most Linuxes). If |
| 160 | a requirement to disable password authentication for the account while | 161 | there is a requirement to disable password authentication for the account |
| 161 | allowing still public-key, then the passwd field should be set to some- | 162 | while allowing still public-key, then the passwd field should be set to |
| 162 | thing other than these values (eg `NP' or `*NP*' ). | 163 | something other than these values (eg `NP' or `*NP*' ). |
| 163 | 164 | ||
| 164 | If the client successfully authenticates itself, a dialog for preparing | 165 | If the client successfully authenticates itself, a dialog for preparing |
| 165 | the session is entered. At this time the client may request things like | 166 | the session is entered. At this time the client may request things like |
| @@ -477,13 +478,6 @@ FILES | |||
| 477 | lows host-based authentication without permitting login with | 478 | lows host-based authentication without permitting login with |
| 478 | rlogin/rsh. | 479 | rlogin/rsh. |
| 479 | 480 | ||
| 480 | /etc/ssh/ssh_known_hosts | ||
| 481 | Systemwide list of known host keys. This file should be prepared | ||
| 482 | by the system administrator to contain the public host keys of | ||
| 483 | all machines in the organization. The format of this file is de- | ||
| 484 | scribed above. This file should be writable only by root/the | ||
| 485 | owner and should be world-readable. | ||
| 486 | |||
| 487 | /etc/ssh/ssh_host_key | 481 | /etc/ssh/ssh_host_key |
| 488 | /etc/ssh/ssh_host_dsa_key | 482 | /etc/ssh/ssh_host_dsa_key |
| 489 | /etc/ssh/ssh_host_rsa_key | 483 | /etc/ssh/ssh_host_rsa_key |
| @@ -502,6 +496,13 @@ FILES | |||
| 502 | convenience of the user so their contents can be copied to known | 496 | convenience of the user so their contents can be copied to known |
| 503 | hosts files. These files are created using ssh-keygen(1). | 497 | hosts files. These files are created using ssh-keygen(1). |
| 504 | 498 | ||
| 499 | /etc/ssh/ssh_known_hosts | ||
| 500 | Systemwide list of known host keys. This file should be prepared | ||
| 501 | by the system administrator to contain the public host keys of | ||
| 502 | all machines in the organization. The format of this file is de- | ||
| 503 | scribed above. This file should be writable only by root/the | ||
| 504 | owner and should be world-readable. | ||
| 505 | |||
| 505 | /etc/ssh/sshd_config | 506 | /etc/ssh/sshd_config |
| 506 | Contains configuration data for sshd. The file format and con- | 507 | Contains configuration data for sshd. The file format and con- |
| 507 | figuration options are described in sshd_config(5). | 508 | figuration options are described in sshd_config(5). |
| @@ -526,8 +527,8 @@ FILES | |||
| 526 | 527 | ||
| 527 | SEE ALSO | 528 | SEE ALSO |
| 528 | scp(1), sftp(1), ssh(1), ssh-add(1), ssh-agent(1), ssh-keygen(1), | 529 | scp(1), sftp(1), ssh(1), ssh-add(1), ssh-agent(1), ssh-keygen(1), |
| 529 | chroot(2), hosts_access(5), login.conf(5), moduli(5), sshd_config(5), | 530 | ssh-keyscan(1), chroot(2), hosts_access(5), login.conf(5), moduli(5), |
| 530 | inetd(8), sftp-server(8) | 531 | sshd_config(5), inetd(8), sftp-server(8) |
| 531 | 532 | ||
| 532 | AUTHORS | 533 | AUTHORS |
| 533 | OpenSSH is a derivative of the original and free ssh 1.2.12 release by | 534 | OpenSSH is a derivative of the original and free ssh 1.2.12 release by |
| @@ -541,4 +542,4 @@ CAVEATS | |||
| 541 | System security is not improved unless rshd, rlogind, and rexecd are dis- | 542 | System security is not improved unless rshd, rlogind, and rexecd are dis- |
| 542 | abled (thus completely disabling rlogin and rsh into the machine). | 543 | abled (thus completely disabling rlogin and rsh into the machine). |
| 543 | 544 | ||
| 544 | OpenBSD 4.1 September 25, 1999 9 | 545 | OpenBSD 4.2 August 16, 2007 9 |