diff options
Diffstat (limited to 'sshd.8')
-rw-r--r-- | sshd.8 | 20 |
1 files changed, 14 insertions, 6 deletions
@@ -34,8 +34,8 @@ | |||
34 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 34 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
35 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 35 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
36 | .\" | 36 | .\" |
37 | .\" $OpenBSD: sshd.8,v 1.258 2010/08/08 19:36:30 jmc Exp $ | 37 | .\" $OpenBSD: sshd.8,v 1.259 2010/08/31 11:54:45 djm Exp $ |
38 | .Dd $Mdocdate: August 8 2010 $ | 38 | .Dd $Mdocdate: August 31 2010 $ |
39 | .Dt SSHD 8 | 39 | .Dt SSHD 8 |
40 | .Os | 40 | .Os |
41 | .Sh NAME | 41 | .Sh NAME |
@@ -170,9 +170,10 @@ host key files are normally not readable by anyone but root). | |||
170 | The default is | 170 | The default is |
171 | .Pa /etc/ssh/ssh_host_key | 171 | .Pa /etc/ssh/ssh_host_key |
172 | for protocol version 1, and | 172 | for protocol version 1, and |
173 | .Pa /etc/ssh/ssh_host_rsa_key | 173 | .Pa /etc/ssh/ssh_host_dsa_key , |
174 | .Pa /etc/ssh/ssh_host_ecdsa_key | ||
174 | and | 175 | and |
175 | .Pa /etc/ssh/ssh_host_dsa_key | 176 | .Pa /etc/ssh/ssh_host_rsa_key |
176 | for protocol version 2. | 177 | for protocol version 2. |
177 | It is possible to have multiple host key files for | 178 | It is possible to have multiple host key files for |
178 | the different protocol versions and host key algorithms. | 179 | the different protocol versions and host key algorithms. |
@@ -275,7 +276,7 @@ though this can be changed via the | |||
275 | .Cm Protocol | 276 | .Cm Protocol |
276 | option in | 277 | option in |
277 | .Xr sshd_config 5 . | 278 | .Xr sshd_config 5 . |
278 | Protocol 2 supports both RSA and DSA keys; | 279 | Protocol 2 supports DSA, ECDSA and RSA keys; |
279 | protocol 1 only supports RSA keys. | 280 | protocol 1 only supports RSA keys. |
280 | For both protocols, | 281 | For both protocols, |
281 | each host has a host-specific key, | 282 | each host has a host-specific key, |
@@ -483,6 +484,9 @@ protocol version 1; the | |||
483 | comment field is not used for anything (but may be convenient for the | 484 | comment field is not used for anything (but may be convenient for the |
484 | user to identify the key). | 485 | user to identify the key). |
485 | For protocol version 2 the keytype is | 486 | For protocol version 2 the keytype is |
487 | .Dq ecdsa-sha2-nistp256 , | ||
488 | .Dq ecdsa-sha2-nistp384 , | ||
489 | .Dq ecdsa-sha2-nistp521 , | ||
486 | .Dq ssh-dss | 490 | .Dq ssh-dss |
487 | or | 491 | or |
488 | .Dq ssh-rsa . | 492 | .Dq ssh-rsa . |
@@ -494,6 +498,7 @@ keys up to 16 kilobits. | |||
494 | You don't want to type them in; instead, copy the | 498 | You don't want to type them in; instead, copy the |
495 | .Pa identity.pub , | 499 | .Pa identity.pub , |
496 | .Pa id_dsa.pub , | 500 | .Pa id_dsa.pub , |
501 | .Pa id_ecdsa.pub , | ||
497 | or the | 502 | or the |
498 | .Pa id_rsa.pub | 503 | .Pa id_rsa.pub |
499 | file and edit it. | 504 | file and edit it. |
@@ -792,7 +797,8 @@ secret, but the recommended permissions are read/write/execute for the user, | |||
792 | and not accessible by others. | 797 | and not accessible by others. |
793 | .Pp | 798 | .Pp |
794 | .It Pa ~/.ssh/authorized_keys | 799 | .It Pa ~/.ssh/authorized_keys |
795 | Lists the public keys (RSA/DSA) that can be used for logging in as this user. | 800 | Lists the public keys (DSA/ECDSA/RSA) that can be used for logging in |
801 | as this user. | ||
796 | The format of this file is described above. | 802 | The format of this file is described above. |
797 | The content of the file is not highly sensitive, but the recommended | 803 | The content of the file is not highly sensitive, but the recommended |
798 | permissions are read/write for the user, and not accessible by others. | 804 | permissions are read/write for the user, and not accessible by others. |
@@ -871,6 +877,7 @@ rlogin/rsh. | |||
871 | .Pp | 877 | .Pp |
872 | .It Pa /etc/ssh/ssh_host_key | 878 | .It Pa /etc/ssh/ssh_host_key |
873 | .It Pa /etc/ssh/ssh_host_dsa_key | 879 | .It Pa /etc/ssh/ssh_host_dsa_key |
880 | .It Pa /etc/ssh/ssh_host_ecdsa_key | ||
874 | .It Pa /etc/ssh/ssh_host_rsa_key | 881 | .It Pa /etc/ssh/ssh_host_rsa_key |
875 | These three files contain the private parts of the host keys. | 882 | These three files contain the private parts of the host keys. |
876 | These files should only be owned by root, readable only by root, and not | 883 | These files should only be owned by root, readable only by root, and not |
@@ -881,6 +888,7 @@ does not start if these files are group/world-accessible. | |||
881 | .Pp | 888 | .Pp |
882 | .It Pa /etc/ssh/ssh_host_key.pub | 889 | .It Pa /etc/ssh/ssh_host_key.pub |
883 | .It Pa /etc/ssh/ssh_host_dsa_key.pub | 890 | .It Pa /etc/ssh/ssh_host_dsa_key.pub |
891 | .It Pa /etc/ssh/ssh_host_ecdsa_key.pub | ||
884 | .It Pa /etc/ssh/ssh_host_rsa_key.pub | 892 | .It Pa /etc/ssh/ssh_host_rsa_key.pub |
885 | These three files contain the public parts of the host keys. | 893 | These three files contain the public parts of the host keys. |
886 | These files should be world-readable but writable only by | 894 | These files should be world-readable but writable only by |