summaryrefslogtreecommitdiff
path: root/sshd.8
diff options
context:
space:
mode:
Diffstat (limited to 'sshd.8')
-rw-r--r--sshd.821
1 files changed, 10 insertions, 11 deletions
diff --git a/sshd.8 b/sshd.8
index 233b00037..83d0f48d2 100644
--- a/sshd.8
+++ b/sshd.8
@@ -34,7 +34,7 @@
34.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 34.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
35.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 35.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
36.\" 36.\"
37.\" $OpenBSD: sshd.8,v 1.201 2004/05/02 11:54:31 dtucker Exp $ 37.\" $OpenBSD: sshd.8,v 1.202 2004/08/26 16:00:55 markus Exp $
38.Dd September 25, 1999 38.Dd September 25, 1999
39.Dt SSHD 8 39.Dt SSHD 8
40.Os 40.Os
@@ -106,8 +106,6 @@ to use from those offered by the server.
106Next, the server and the client enter an authentication dialog. 106Next, the server and the client enter an authentication dialog.
107The client tries to authenticate itself using 107The client tries to authenticate itself using
108.Em .rhosts 108.Em .rhosts
109authentication,
110.Em .rhosts
111authentication combined with RSA host 109authentication combined with RSA host
112authentication, RSA challenge-response authentication, or password 110authentication, RSA challenge-response authentication, or password
113based authentication. 111based authentication.
@@ -135,11 +133,6 @@ or
135.Ql \&*NP\&* 133.Ql \&*NP\&*
136). 134).
137.Pp 135.Pp
138.Em rhosts
139authentication is normally disabled
140because it is fundamentally insecure, but can be enabled in the server
141configuration file if desired.
142System security is not improved unless
143.Nm rshd , 136.Nm rshd ,
144.Nm rlogind , 137.Nm rlogind ,
145and 138and
@@ -670,7 +663,11 @@ Access controls that should be enforced by tcp-wrappers are defined here.
670Further details are described in 663Further details are described in
671.Xr hosts_access 5 . 664.Xr hosts_access 5 .
672.It Pa $HOME/.rhosts 665.It Pa $HOME/.rhosts
673This file contains host-username pairs, separated by a space, one per 666This file is used during
667.Cm RhostsRSAAuthentication
668and
669.Cm HostbasedAuthentication
670and contains host-username pairs, separated by a space, one per
674line. 671line.
675The given user on the corresponding host is permitted to log in 672The given user on the corresponding host is permitted to log in
676without a password. 673without a password.
@@ -691,7 +688,9 @@ However, this file is
691not used by rlogin and rshd, so using this permits access using SSH only. 688not used by rlogin and rshd, so using this permits access using SSH only.
692.It Pa /etc/hosts.equiv 689.It Pa /etc/hosts.equiv
693This file is used during 690This file is used during
694.Em rhosts 691.Cm RhostsRSAAuthentication
692and
693.Cm HostbasedAuthentication
695authentication. 694authentication.
696In the simplest form, this file contains host names, one per line. 695In the simplest form, this file contains host names, one per line.
697Users on 696Users on
@@ -710,7 +709,7 @@ Negated entries start with
710If the client host/user is successfully matched in this file, login is 709If the client host/user is successfully matched in this file, login is
711automatically permitted provided the client and server user names are the 710automatically permitted provided the client and server user names are the
712same. 711same.
713Additionally, successful RSA host authentication is normally required. 712Additionally, successful client host key authentication is required.
714This file must be writable only by root; it is recommended 713This file must be writable only by root; it is recommended
715that it be world-readable. 714that it be world-readable.
716.Pp 715.Pp