diff options
Diffstat (limited to 'sshd.8')
-rw-r--r-- | sshd.8 | 41 |
1 files changed, 30 insertions, 11 deletions
@@ -34,7 +34,7 @@ | |||
34 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 34 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
35 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 35 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
36 | .\" | 36 | .\" |
37 | .\" $OpenBSD: sshd.8,v 1.73 2000/11/22 15:38:30 provos Exp $ | 37 | .\" $OpenBSD: sshd.8,v 1.76 2000/12/28 12:03:57 markus Exp $ |
38 | .Dd September 25, 1999 | 38 | .Dd September 25, 1999 |
39 | .Dt SSHD 8 | 39 | .Dt SSHD 8 |
40 | .Os | 40 | .Os |
@@ -43,7 +43,7 @@ | |||
43 | .Nd secure shell daemon | 43 | .Nd secure shell daemon |
44 | .Sh SYNOPSIS | 44 | .Sh SYNOPSIS |
45 | .Nm sshd | 45 | .Nm sshd |
46 | .Op Fl diqQ46 | 46 | .Op Fl diqDQ46 |
47 | .Op Fl b Ar bits | 47 | .Op Fl b Ar bits |
48 | .Op Fl f Ar config_file | 48 | .Op Fl f Ar config_file |
49 | .Op Fl g Ar login_grace_time | 49 | .Op Fl g Ar login_grace_time |
@@ -202,12 +202,14 @@ If the client fails to authenticate the user within | |||
202 | this many seconds, the server disconnects and exits. | 202 | this many seconds, the server disconnects and exits. |
203 | A value of zero indicates no limit. | 203 | A value of zero indicates no limit. |
204 | .It Fl h Ar host_key_file | 204 | .It Fl h Ar host_key_file |
205 | Specifies the file from which the RSA host key is read (default | 205 | Specifies the file from which the host key is read (default |
206 | .Pa /etc/ssh_host_key ) . | 206 | .Pa /etc/ssh_host_key ) . |
207 | This option must be given if | 207 | This option must be given if |
208 | .Nm | 208 | .Nm |
209 | is not run as root (as the normal | 209 | is not run as root (as the normal |
210 | host file is normally not readable by anyone but root). | 210 | host file is normally not readable by anyone but root). |
211 | It is possible to have multiple host key files for | ||
212 | the different protocol versions. | ||
211 | .It Fl i | 213 | .It Fl i |
212 | Specifies that | 214 | Specifies that |
213 | .Nm | 215 | .Nm |
@@ -254,6 +256,12 @@ indicates that only dotted decimal addresses | |||
254 | should be put into the | 256 | should be put into the |
255 | .Pa utmp | 257 | .Pa utmp |
256 | file. | 258 | file. |
259 | .It Fl D | ||
260 | When this option is specified | ||
261 | .Nm | ||
262 | will not detach and does not become a daemon. | ||
263 | This allows easy monitoring of | ||
264 | .Nm sshd . | ||
257 | .It Fl Q | 265 | .It Fl Q |
258 | Do not print an error message if RSA support is missing. | 266 | Do not print an error message if RSA support is missing. |
259 | .It Fl V Ar client_protocol_id | 267 | .It Fl V Ar client_protocol_id |
@@ -720,26 +728,37 @@ file lists the RSA keys that are | |||
720 | permitted for RSA authentication in SSH protocols 1.3 and 1.5 | 728 | permitted for RSA authentication in SSH protocols 1.3 and 1.5 |
721 | Similarly, the | 729 | Similarly, the |
722 | .Pa $HOME/.ssh/authorized_keys2 | 730 | .Pa $HOME/.ssh/authorized_keys2 |
723 | file lists the DSA keys that are | 731 | file lists the DSA and RSA keys that are |
724 | permitted for DSA authentication in SSH protocol 2.0. | 732 | permitted for public key authentication (PubkeyAuthentication) |
733 | in SSH protocol 2.0. | ||
734 | .Pp | ||
725 | Each line of the file contains one | 735 | Each line of the file contains one |
726 | key (empty lines and lines starting with a | 736 | key (empty lines and lines starting with a |
727 | .Ql # | 737 | .Ql # |
728 | are ignored as | 738 | are ignored as |
729 | comments). | 739 | comments). |
730 | Each line consists of the following fields, separated by | 740 | Each RSA public key consists of the following fields, separated by |
731 | spaces: options, bits, exponent, modulus, comment. | 741 | spaces: options, bits, exponent, modulus, comment. |
732 | The options field | 742 | Each protocol version 2 public key consists of: |
733 | is optional; its presence is determined by whether the line starts | 743 | options, keytype, base64 encoded key, comment. |
744 | The options fields | ||
745 | are optional; its presence is determined by whether the line starts | ||
734 | with a number or not (the option field never starts with a number). | 746 | with a number or not (the option field never starts with a number). |
735 | The bits, exponent, modulus and comment fields give the RSA key; the | 747 | The bits, exponent, modulus and comment fields give the RSA key for |
748 | protocol version 1; the | ||
736 | comment field is not used for anything (but may be convenient for the | 749 | comment field is not used for anything (but may be convenient for the |
737 | user to identify the key). | 750 | user to identify the key). |
751 | For protocol version 2 the keytype is | ||
752 | .Dq ssh-dss | ||
753 | or | ||
754 | .Dq ssh-rsa . | ||
738 | .Pp | 755 | .Pp |
739 | Note that lines in this file are usually several hundred bytes long | 756 | Note that lines in this file are usually several hundred bytes long |
740 | (because of the size of the RSA key modulus). | 757 | (because of the size of the RSA key modulus). |
741 | You don't want to type them in; instead, copy the | 758 | You don't want to type them in; instead, copy the |
742 | .Pa identity.pub | 759 | .Pa identity.pub |
760 | or the | ||
761 | .Pa id_dsa.pub | ||
743 | file and edit it. | 762 | file and edit it. |
744 | .Pp | 763 | .Pp |
745 | The options (if present) consist of comma-separated option | 764 | The options (if present) consist of comma-separated option |
@@ -1053,7 +1072,7 @@ This version of OpenSSH | |||
1053 | .Bl -bullet | 1072 | .Bl -bullet |
1054 | .It | 1073 | .It |
1055 | has all components of a restrictive nature (i.e., patents, see | 1074 | has all components of a restrictive nature (i.e., patents, see |
1056 | .Xr crypto 3 ) | 1075 | .Xr ssl 8 ) |
1057 | directly removed from the source code; any licensed or patented components | 1076 | directly removed from the source code; any licensed or patented components |
1058 | are chosen from | 1077 | are chosen from |
1059 | external libraries. | 1078 | external libraries. |
@@ -1080,6 +1099,6 @@ The support for SSH protocol 2 was written by Markus Friedl. | |||
1080 | .Xr ssh-add 1 , | 1099 | .Xr ssh-add 1 , |
1081 | .Xr ssh-agent 1 , | 1100 | .Xr ssh-agent 1 , |
1082 | .Xr ssh-keygen 1 , | 1101 | .Xr ssh-keygen 1 , |
1083 | .Xr crypto 3 , | 1102 | .Xr ssl 8 , |
1084 | .Xr rlogin 1 , | 1103 | .Xr rlogin 1 , |
1085 | .Xr rsh 1 | 1104 | .Xr rsh 1 |