summaryrefslogtreecommitdiff
path: root/sshd.8
diff options
context:
space:
mode:
Diffstat (limited to 'sshd.8')
-rw-r--r--sshd.832
1 files changed, 16 insertions, 16 deletions
diff --git a/sshd.8 b/sshd.8
index ac3bf96cf..fdff4ac91 100644
--- a/sshd.8
+++ b/sshd.8
@@ -34,7 +34,7 @@
34.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 34.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
35.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 35.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
36.\" 36.\"
37.\" $OpenBSD: sshd.8,v 1.206 2005/03/01 14:59:49 jmc Exp $ 37.\" $OpenBSD: sshd.8,v 1.208 2005/06/08 03:50:00 djm Exp $
38.Dd September 25, 1999 38.Dd September 25, 1999
39.Dt SSHD 8 39.Dt SSHD 8
40.Os 40.Os
@@ -80,7 +80,7 @@ supports both SSH protocol version 1 and 2 simultaneously.
80works as follows: 80works as follows:
81.Ss SSH protocol version 1 81.Ss SSH protocol version 1
82Each host has a host-specific RSA key 82Each host has a host-specific RSA key
83(normally 1024 bits) used to identify the host. 83(normally 2048 bits) used to identify the host.
84Additionally, when 84Additionally, when
85the daemon starts, it generates a server RSA key (normally 768 bits). 85the daemon starts, it generates a server RSA key (normally 768 bits).
86This key is normally regenerated every hour if it has been used, and 86This key is normally regenerated every hour if it has been used, and
@@ -350,7 +350,7 @@ If the login is on a tty, and no command has been specified,
350prints last login time and 350prints last login time and
351.Pa /etc/motd 351.Pa /etc/motd
352(unless prevented in the configuration file or by 352(unless prevented in the configuration file or by
353.Pa $HOME/.hushlogin ; 353.Pa ~/.hushlogin ;
354see the 354see the
355.Sx FILES 355.Sx FILES
356section). 356section).
@@ -367,7 +367,7 @@ Changes to run with normal user privileges.
367Sets up basic environment. 367Sets up basic environment.
368.It 368.It
369Reads the file 369Reads the file
370.Pa $HOME/.ssh/environment , 370.Pa ~/.ssh/environment ,
371if it exists, and users are allowed to change their environment. 371if it exists, and users are allowed to change their environment.
372See the 372See the
373.Cm PermitUserEnvironment 373.Cm PermitUserEnvironment
@@ -377,7 +377,7 @@ option in
377Changes to user's home directory. 377Changes to user's home directory.
378.It 378.It
379If 379If
380.Pa $HOME/.ssh/rc 380.Pa ~/.ssh/rc
381exists, runs it; else if 381exists, runs it; else if
382.Pa /etc/ssh/sshrc 382.Pa /etc/ssh/sshrc
383exists, runs 383exists, runs
@@ -390,7 +390,7 @@ authentication protocol and cookie in standard input.
390Runs user's shell or command. 390Runs user's shell or command.
391.El 391.El
392.Sh AUTHORIZED_KEYS FILE FORMAT 392.Sh AUTHORIZED_KEYS FILE FORMAT
393.Pa $HOME/.ssh/authorized_keys 393.Pa ~/.ssh/authorized_keys
394is the default file that lists the public keys that are 394is the default file that lists the public keys that are
395permitted for RSA authentication in protocol version 1 395permitted for RSA authentication in protocol version 1
396and for public key authentication (PubkeyAuthentication) 396and for public key authentication (PubkeyAuthentication)
@@ -528,7 +528,7 @@ permitopen="10.2.1.55:80",permitopen="10.2.1.56:25" 1024 33 23...2323
528The 528The
529.Pa /etc/ssh/ssh_known_hosts 529.Pa /etc/ssh/ssh_known_hosts
530and 530and
531.Pa $HOME/.ssh/known_hosts 531.Pa ~/.ssh/known_hosts
532files contain host public keys for all known hosts. 532files contain host public keys for all known hosts.
533The global file should 533The global file should
534be prepared by the administrator (optional), and the per-user file is 534be prepared by the administrator (optional), and the per-user file is
@@ -639,7 +639,7 @@ listening for connections (if there are several daemons running
639concurrently for different ports, this contains the process ID of the one 639concurrently for different ports, this contains the process ID of the one
640started last). 640started last).
641The content of this file is not sensitive; it can be world-readable. 641The content of this file is not sensitive; it can be world-readable.
642.It Pa $HOME/.ssh/authorized_keys 642.It Pa ~/.ssh/authorized_keys
643Lists the public keys (RSA or DSA) that can be used to log into the user's account. 643Lists the public keys (RSA or DSA) that can be used to log into the user's account.
644This file must be readable by root (which may on some machines imply 644This file must be readable by root (which may on some machines imply
645it being world-readable if the user's home directory resides on an NFS 645it being world-readable if the user's home directory resides on an NFS
@@ -653,7 +653,7 @@ and/or
653.Pa id_rsa.pub 653.Pa id_rsa.pub
654files into this file, as described in 654files into this file, as described in
655.Xr ssh-keygen 1 . 655.Xr ssh-keygen 1 .
656.It Pa "/etc/ssh/ssh_known_hosts", "$HOME/.ssh/known_hosts" 656.It Pa "/etc/ssh/ssh_known_hosts", "~/.ssh/known_hosts"
657These files are consulted when using rhosts with RSA host 657These files are consulted when using rhosts with RSA host
658authentication or protocol version 2 hostbased authentication 658authentication or protocol version 2 hostbased authentication
659to check the public key of the host. 659to check the public key of the host.
@@ -663,12 +663,12 @@ to verify that it is connecting to the correct remote host.
663These files should be writable only by root/the owner. 663These files should be writable only by root/the owner.
664.Pa /etc/ssh/ssh_known_hosts 664.Pa /etc/ssh/ssh_known_hosts
665should be world-readable, and 665should be world-readable, and
666.Pa $HOME/.ssh/known_hosts 666.Pa ~/.ssh/known_hosts
667can, but need not be, world-readable. 667can, but need not be, world-readable.
668.It Pa /etc/motd 668.It Pa /etc/motd
669See 669See
670.Xr motd 5 . 670.Xr motd 5 .
671.It Pa $HOME/.hushlogin 671.It Pa ~/.hushlogin
672This file is used to suppress printing the last login time and 672This file is used to suppress printing the last login time and
673.Pa /etc/motd , 673.Pa /etc/motd ,
674if 674if
@@ -691,7 +691,7 @@ The file should be world-readable.
691Access controls that should be enforced by tcp-wrappers are defined here. 691Access controls that should be enforced by tcp-wrappers are defined here.
692Further details are described in 692Further details are described in
693.Xr hosts_access 5 . 693.Xr hosts_access 5 .
694.It Pa $HOME/.rhosts 694.It Pa ~/.rhosts
695This file is used during 695This file is used during
696.Cm RhostsRSAAuthentication 696.Cm RhostsRSAAuthentication
697and 697and
@@ -709,7 +709,7 @@ It is also possible to use netgroups in the file.
709Either host or user 709Either host or user
710name may be of the form +@groupname to specify all hosts or all users 710name may be of the form +@groupname to specify all hosts or all users
711in the group. 711in the group.
712.It Pa $HOME/.shosts 712.It Pa ~/.shosts
713For ssh, 713For ssh,
714this file is exactly the same as for 714this file is exactly the same as for
715.Pa .rhosts . 715.Pa .rhosts .
@@ -758,7 +758,7 @@ This is processed exactly as
758.Pa /etc/hosts.equiv . 758.Pa /etc/hosts.equiv .
759However, this file may be useful in environments that want to run both 759However, this file may be useful in environments that want to run both
760rsh/rlogin and ssh. 760rsh/rlogin and ssh.
761.It Pa $HOME/.ssh/environment 761.It Pa ~/.ssh/environment
762This file is read into the environment at login (if it exists). 762This file is read into the environment at login (if it exists).
763It can only contain empty lines, comment lines (that start with 763It can only contain empty lines, comment lines (that start with
764.Ql # ) , 764.Ql # ) ,
@@ -769,7 +769,7 @@ Environment processing is disabled by default and is
769controlled via the 769controlled via the
770.Cm PermitUserEnvironment 770.Cm PermitUserEnvironment
771option. 771option.
772.It Pa $HOME/.ssh/rc 772.It Pa ~/.ssh/rc
773If this file exists, it is run with 773If this file exists, it is run with
774.Pa /bin/sh 774.Pa /bin/sh
775after reading the 775after reading the
@@ -814,7 +814,7 @@ This file should be writable only by the user, and need not be
814readable by anyone else. 814readable by anyone else.
815.It Pa /etc/ssh/sshrc 815.It Pa /etc/ssh/sshrc
816Like 816Like
817.Pa $HOME/.ssh/rc . 817.Pa ~/.ssh/rc .
818This can be used to specify 818This can be used to specify
819machine-specific login-time initializations globally. 819machine-specific login-time initializations globally.
820This file should be writable only by root, and should be world-readable. 820This file should be writable only by root, and should be world-readable.