diff options
Diffstat (limited to 'sshd.8')
-rw-r--r-- | sshd.8 | 21 |
1 files changed, 10 insertions, 11 deletions
@@ -34,7 +34,7 @@ | |||
34 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 34 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
35 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 35 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
36 | .\" | 36 | .\" |
37 | .\" $OpenBSD: sshd.8,v 1.201 2004/05/02 11:54:31 dtucker Exp $ | 37 | .\" $OpenBSD: sshd.8,v 1.202 2004/08/26 16:00:55 markus Exp $ |
38 | .Dd September 25, 1999 | 38 | .Dd September 25, 1999 |
39 | .Dt SSHD 8 | 39 | .Dt SSHD 8 |
40 | .Os | 40 | .Os |
@@ -106,8 +106,6 @@ to use from those offered by the server. | |||
106 | Next, the server and the client enter an authentication dialog. | 106 | Next, the server and the client enter an authentication dialog. |
107 | The client tries to authenticate itself using | 107 | The client tries to authenticate itself using |
108 | .Em .rhosts | 108 | .Em .rhosts |
109 | authentication, | ||
110 | .Em .rhosts | ||
111 | authentication combined with RSA host | 109 | authentication combined with RSA host |
112 | authentication, RSA challenge-response authentication, or password | 110 | authentication, RSA challenge-response authentication, or password |
113 | based authentication. | 111 | based authentication. |
@@ -135,11 +133,6 @@ or | |||
135 | .Ql \&*NP\&* | 133 | .Ql \&*NP\&* |
136 | ). | 134 | ). |
137 | .Pp | 135 | .Pp |
138 | .Em rhosts | ||
139 | authentication is normally disabled | ||
140 | because it is fundamentally insecure, but can be enabled in the server | ||
141 | configuration file if desired. | ||
142 | System security is not improved unless | ||
143 | .Nm rshd , | 136 | .Nm rshd , |
144 | .Nm rlogind , | 137 | .Nm rlogind , |
145 | and | 138 | and |
@@ -670,7 +663,11 @@ Access controls that should be enforced by tcp-wrappers are defined here. | |||
670 | Further details are described in | 663 | Further details are described in |
671 | .Xr hosts_access 5 . | 664 | .Xr hosts_access 5 . |
672 | .It Pa $HOME/.rhosts | 665 | .It Pa $HOME/.rhosts |
673 | This file contains host-username pairs, separated by a space, one per | 666 | This file is used during |
667 | .Cm RhostsRSAAuthentication | ||
668 | and | ||
669 | .Cm HostbasedAuthentication | ||
670 | and contains host-username pairs, separated by a space, one per | ||
674 | line. | 671 | line. |
675 | The given user on the corresponding host is permitted to log in | 672 | The given user on the corresponding host is permitted to log in |
676 | without a password. | 673 | without a password. |
@@ -691,7 +688,9 @@ However, this file is | |||
691 | not used by rlogin and rshd, so using this permits access using SSH only. | 688 | not used by rlogin and rshd, so using this permits access using SSH only. |
692 | .It Pa /etc/hosts.equiv | 689 | .It Pa /etc/hosts.equiv |
693 | This file is used during | 690 | This file is used during |
694 | .Em rhosts | 691 | .Cm RhostsRSAAuthentication |
692 | and | ||
693 | .Cm HostbasedAuthentication | ||
695 | authentication. | 694 | authentication. |
696 | In the simplest form, this file contains host names, one per line. | 695 | In the simplest form, this file contains host names, one per line. |
697 | Users on | 696 | Users on |
@@ -710,7 +709,7 @@ Negated entries start with | |||
710 | If the client host/user is successfully matched in this file, login is | 709 | If the client host/user is successfully matched in this file, login is |
711 | automatically permitted provided the client and server user names are the | 710 | automatically permitted provided the client and server user names are the |
712 | same. | 711 | same. |
713 | Additionally, successful RSA host authentication is normally required. | 712 | Additionally, successful client host key authentication is required. |
714 | This file must be writable only by root; it is recommended | 713 | This file must be writable only by root; it is recommended |
715 | that it be world-readable. | 714 | that it be world-readable. |
716 | .Pp | 715 | .Pp |