diff options
Diffstat (limited to 'sshd.8')
-rw-r--r-- | sshd.8 | 18 |
1 files changed, 16 insertions, 2 deletions
@@ -34,7 +34,7 @@ | |||
34 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 34 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
35 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 35 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
36 | .\" | 36 | .\" |
37 | .\" $OpenBSD: sshd.8,v 1.233 2006/07/19 13:07:10 dtucker Exp $ | 37 | .\" $OpenBSD: sshd.8,v 1.234 2006/08/21 08:15:57 dtucker Exp $ |
38 | .Dd September 25, 1999 | 38 | .Dd September 25, 1999 |
39 | .Dt SSHD 8 | 39 | .Dt SSHD 8 |
40 | .Os | 40 | .Os |
@@ -681,9 +681,23 @@ rlogin/rsh. | |||
681 | .It ~/.ssh/authorized_keys | 681 | .It ~/.ssh/authorized_keys |
682 | Lists the public keys (RSA/DSA) that can be used for logging in as this user. | 682 | Lists the public keys (RSA/DSA) that can be used for logging in as this user. |
683 | The format of this file is described above. | 683 | The format of this file is described above. |
684 | This file is not highly sensitive, but the recommended | 684 | The content of the file is not highly sensitive, but the recommended |
685 | permissions are read/write for the user, and not accessible by others. | 685 | permissions are read/write for the user, and not accessible by others. |
686 | .Pp | 686 | .Pp |
687 | If this file, the | ||
688 | .Pa ~/.ssh | ||
689 | directory, or the user's home directory are writable | ||
690 | by other users, then the file could be modified or replaced by unauthorized | ||
691 | users. | ||
692 | In this case, | ||
693 | .Nm | ||
694 | will not allow it to be used unless the | ||
695 | .Cm StrictModes | ||
696 | option has been set to | ||
697 | .Dq no . | ||
698 | The recommended permissions can be set by executing | ||
699 | .Dq chmod go-w ~/ ~/.ssh ~/.ssh/authorized_keys . | ||
700 | .Pp | ||
687 | .It ~/.ssh/environment | 701 | .It ~/.ssh/environment |
688 | This file is read into the environment at login (if it exists). | 702 | This file is read into the environment at login (if it exists). |
689 | It can only contain empty lines, comment lines (that start with | 703 | It can only contain empty lines, comment lines (that start with |