diff options
Diffstat (limited to 'sshd.8')
-rw-r--r-- | sshd.8 | 32 |
1 files changed, 16 insertions, 16 deletions
@@ -34,7 +34,7 @@ | |||
34 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 34 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
35 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 35 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
36 | .\" | 36 | .\" |
37 | .\" $OpenBSD: sshd.8,v 1.206 2005/03/01 14:59:49 jmc Exp $ | 37 | .\" $OpenBSD: sshd.8,v 1.208 2005/06/08 03:50:00 djm Exp $ |
38 | .Dd September 25, 1999 | 38 | .Dd September 25, 1999 |
39 | .Dt SSHD 8 | 39 | .Dt SSHD 8 |
40 | .Os | 40 | .Os |
@@ -80,7 +80,7 @@ supports both SSH protocol version 1 and 2 simultaneously. | |||
80 | works as follows: | 80 | works as follows: |
81 | .Ss SSH protocol version 1 | 81 | .Ss SSH protocol version 1 |
82 | Each host has a host-specific RSA key | 82 | Each host has a host-specific RSA key |
83 | (normally 1024 bits) used to identify the host. | 83 | (normally 2048 bits) used to identify the host. |
84 | Additionally, when | 84 | Additionally, when |
85 | the daemon starts, it generates a server RSA key (normally 768 bits). | 85 | the daemon starts, it generates a server RSA key (normally 768 bits). |
86 | This key is normally regenerated every hour if it has been used, and | 86 | This key is normally regenerated every hour if it has been used, and |
@@ -350,7 +350,7 @@ If the login is on a tty, and no command has been specified, | |||
350 | prints last login time and | 350 | prints last login time and |
351 | .Pa /etc/motd | 351 | .Pa /etc/motd |
352 | (unless prevented in the configuration file or by | 352 | (unless prevented in the configuration file or by |
353 | .Pa $HOME/.hushlogin ; | 353 | .Pa ~/.hushlogin ; |
354 | see the | 354 | see the |
355 | .Sx FILES | 355 | .Sx FILES |
356 | section). | 356 | section). |
@@ -367,7 +367,7 @@ Changes to run with normal user privileges. | |||
367 | Sets up basic environment. | 367 | Sets up basic environment. |
368 | .It | 368 | .It |
369 | Reads the file | 369 | Reads the file |
370 | .Pa $HOME/.ssh/environment , | 370 | .Pa ~/.ssh/environment , |
371 | if it exists, and users are allowed to change their environment. | 371 | if it exists, and users are allowed to change their environment. |
372 | See the | 372 | See the |
373 | .Cm PermitUserEnvironment | 373 | .Cm PermitUserEnvironment |
@@ -377,7 +377,7 @@ option in | |||
377 | Changes to user's home directory. | 377 | Changes to user's home directory. |
378 | .It | 378 | .It |
379 | If | 379 | If |
380 | .Pa $HOME/.ssh/rc | 380 | .Pa ~/.ssh/rc |
381 | exists, runs it; else if | 381 | exists, runs it; else if |
382 | .Pa /etc/ssh/sshrc | 382 | .Pa /etc/ssh/sshrc |
383 | exists, runs | 383 | exists, runs |
@@ -390,7 +390,7 @@ authentication protocol and cookie in standard input. | |||
390 | Runs user's shell or command. | 390 | Runs user's shell or command. |
391 | .El | 391 | .El |
392 | .Sh AUTHORIZED_KEYS FILE FORMAT | 392 | .Sh AUTHORIZED_KEYS FILE FORMAT |
393 | .Pa $HOME/.ssh/authorized_keys | 393 | .Pa ~/.ssh/authorized_keys |
394 | is the default file that lists the public keys that are | 394 | is the default file that lists the public keys that are |
395 | permitted for RSA authentication in protocol version 1 | 395 | permitted for RSA authentication in protocol version 1 |
396 | and for public key authentication (PubkeyAuthentication) | 396 | and for public key authentication (PubkeyAuthentication) |
@@ -528,7 +528,7 @@ permitopen="10.2.1.55:80",permitopen="10.2.1.56:25" 1024 33 23...2323 | |||
528 | The | 528 | The |
529 | .Pa /etc/ssh/ssh_known_hosts | 529 | .Pa /etc/ssh/ssh_known_hosts |
530 | and | 530 | and |
531 | .Pa $HOME/.ssh/known_hosts | 531 | .Pa ~/.ssh/known_hosts |
532 | files contain host public keys for all known hosts. | 532 | files contain host public keys for all known hosts. |
533 | The global file should | 533 | The global file should |
534 | be prepared by the administrator (optional), and the per-user file is | 534 | be prepared by the administrator (optional), and the per-user file is |
@@ -639,7 +639,7 @@ listening for connections (if there are several daemons running | |||
639 | concurrently for different ports, this contains the process ID of the one | 639 | concurrently for different ports, this contains the process ID of the one |
640 | started last). | 640 | started last). |
641 | The content of this file is not sensitive; it can be world-readable. | 641 | The content of this file is not sensitive; it can be world-readable. |
642 | .It Pa $HOME/.ssh/authorized_keys | 642 | .It Pa ~/.ssh/authorized_keys |
643 | Lists the public keys (RSA or DSA) that can be used to log into the user's account. | 643 | Lists the public keys (RSA or DSA) that can be used to log into the user's account. |
644 | This file must be readable by root (which may on some machines imply | 644 | This file must be readable by root (which may on some machines imply |
645 | it being world-readable if the user's home directory resides on an NFS | 645 | it being world-readable if the user's home directory resides on an NFS |
@@ -653,7 +653,7 @@ and/or | |||
653 | .Pa id_rsa.pub | 653 | .Pa id_rsa.pub |
654 | files into this file, as described in | 654 | files into this file, as described in |
655 | .Xr ssh-keygen 1 . | 655 | .Xr ssh-keygen 1 . |
656 | .It Pa "/etc/ssh/ssh_known_hosts", "$HOME/.ssh/known_hosts" | 656 | .It Pa "/etc/ssh/ssh_known_hosts", "~/.ssh/known_hosts" |
657 | These files are consulted when using rhosts with RSA host | 657 | These files are consulted when using rhosts with RSA host |
658 | authentication or protocol version 2 hostbased authentication | 658 | authentication or protocol version 2 hostbased authentication |
659 | to check the public key of the host. | 659 | to check the public key of the host. |
@@ -663,12 +663,12 @@ to verify that it is connecting to the correct remote host. | |||
663 | These files should be writable only by root/the owner. | 663 | These files should be writable only by root/the owner. |
664 | .Pa /etc/ssh/ssh_known_hosts | 664 | .Pa /etc/ssh/ssh_known_hosts |
665 | should be world-readable, and | 665 | should be world-readable, and |
666 | .Pa $HOME/.ssh/known_hosts | 666 | .Pa ~/.ssh/known_hosts |
667 | can, but need not be, world-readable. | 667 | can, but need not be, world-readable. |
668 | .It Pa /etc/motd | 668 | .It Pa /etc/motd |
669 | See | 669 | See |
670 | .Xr motd 5 . | 670 | .Xr motd 5 . |
671 | .It Pa $HOME/.hushlogin | 671 | .It Pa ~/.hushlogin |
672 | This file is used to suppress printing the last login time and | 672 | This file is used to suppress printing the last login time and |
673 | .Pa /etc/motd , | 673 | .Pa /etc/motd , |
674 | if | 674 | if |
@@ -691,7 +691,7 @@ The file should be world-readable. | |||
691 | Access controls that should be enforced by tcp-wrappers are defined here. | 691 | Access controls that should be enforced by tcp-wrappers are defined here. |
692 | Further details are described in | 692 | Further details are described in |
693 | .Xr hosts_access 5 . | 693 | .Xr hosts_access 5 . |
694 | .It Pa $HOME/.rhosts | 694 | .It Pa ~/.rhosts |
695 | This file is used during | 695 | This file is used during |
696 | .Cm RhostsRSAAuthentication | 696 | .Cm RhostsRSAAuthentication |
697 | and | 697 | and |
@@ -709,7 +709,7 @@ It is also possible to use netgroups in the file. | |||
709 | Either host or user | 709 | Either host or user |
710 | name may be of the form +@groupname to specify all hosts or all users | 710 | name may be of the form +@groupname to specify all hosts or all users |
711 | in the group. | 711 | in the group. |
712 | .It Pa $HOME/.shosts | 712 | .It Pa ~/.shosts |
713 | For ssh, | 713 | For ssh, |
714 | this file is exactly the same as for | 714 | this file is exactly the same as for |
715 | .Pa .rhosts . | 715 | .Pa .rhosts . |
@@ -758,7 +758,7 @@ This is processed exactly as | |||
758 | .Pa /etc/hosts.equiv . | 758 | .Pa /etc/hosts.equiv . |
759 | However, this file may be useful in environments that want to run both | 759 | However, this file may be useful in environments that want to run both |
760 | rsh/rlogin and ssh. | 760 | rsh/rlogin and ssh. |
761 | .It Pa $HOME/.ssh/environment | 761 | .It Pa ~/.ssh/environment |
762 | This file is read into the environment at login (if it exists). | 762 | This file is read into the environment at login (if it exists). |
763 | It can only contain empty lines, comment lines (that start with | 763 | It can only contain empty lines, comment lines (that start with |
764 | .Ql # ) , | 764 | .Ql # ) , |
@@ -769,7 +769,7 @@ Environment processing is disabled by default and is | |||
769 | controlled via the | 769 | controlled via the |
770 | .Cm PermitUserEnvironment | 770 | .Cm PermitUserEnvironment |
771 | option. | 771 | option. |
772 | .It Pa $HOME/.ssh/rc | 772 | .It Pa ~/.ssh/rc |
773 | If this file exists, it is run with | 773 | If this file exists, it is run with |
774 | .Pa /bin/sh | 774 | .Pa /bin/sh |
775 | after reading the | 775 | after reading the |
@@ -814,7 +814,7 @@ This file should be writable only by the user, and need not be | |||
814 | readable by anyone else. | 814 | readable by anyone else. |
815 | .It Pa /etc/ssh/sshrc | 815 | .It Pa /etc/ssh/sshrc |
816 | Like | 816 | Like |
817 | .Pa $HOME/.ssh/rc . | 817 | .Pa ~/.ssh/rc . |
818 | This can be used to specify | 818 | This can be used to specify |
819 | machine-specific login-time initializations globally. | 819 | machine-specific login-time initializations globally. |
820 | This file should be writable only by root, and should be world-readable. | 820 | This file should be writable only by root, and should be world-readable. |