summaryrefslogtreecommitdiff
path: root/sshd.8
diff options
context:
space:
mode:
Diffstat (limited to 'sshd.8')
-rw-r--r--sshd.832
1 files changed, 16 insertions, 16 deletions
diff --git a/sshd.8 b/sshd.8
index 99e62173c..92eb7a9da 100644
--- a/sshd.8
+++ b/sshd.8
@@ -34,7 +34,7 @@
34.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 34.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
35.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 35.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
36.\" 36.\"
37.\" $OpenBSD: sshd.8,v 1.206 2005/03/01 14:59:49 jmc Exp $ 37.\" $OpenBSD: sshd.8,v 1.208 2005/06/08 03:50:00 djm Exp $
38.Dd September 25, 1999 38.Dd September 25, 1999
39.Dt SSHD 8 39.Dt SSHD 8
40.Os 40.Os
@@ -80,7 +80,7 @@ supports both SSH protocol version 1 and 2 simultaneously.
80works as follows: 80works as follows:
81.Ss SSH protocol version 1 81.Ss SSH protocol version 1
82Each host has a host-specific RSA key 82Each host has a host-specific RSA key
83(normally 1024 bits) used to identify the host. 83(normally 2048 bits) used to identify the host.
84Additionally, when 84Additionally, when
85the daemon starts, it generates a server RSA key (normally 768 bits). 85the daemon starts, it generates a server RSA key (normally 768 bits).
86This key is normally regenerated every hour if it has been used, and 86This key is normally regenerated every hour if it has been used, and
@@ -353,7 +353,7 @@ If the login is on a tty, and no command has been specified,
353prints last login time and 353prints last login time and
354.Pa /etc/motd 354.Pa /etc/motd
355(unless prevented in the configuration file or by 355(unless prevented in the configuration file or by
356.Pa $HOME/.hushlogin ; 356.Pa ~/.hushlogin ;
357see the 357see the
358.Sx FILES 358.Sx FILES
359section). 359section).
@@ -370,7 +370,7 @@ Changes to run with normal user privileges.
370Sets up basic environment. 370Sets up basic environment.
371.It 371.It
372Reads the file 372Reads the file
373.Pa $HOME/.ssh/environment , 373.Pa ~/.ssh/environment ,
374if it exists, and users are allowed to change their environment. 374if it exists, and users are allowed to change their environment.
375See the 375See the
376.Cm PermitUserEnvironment 376.Cm PermitUserEnvironment
@@ -380,7 +380,7 @@ option in
380Changes to user's home directory. 380Changes to user's home directory.
381.It 381.It
382If 382If
383.Pa $HOME/.ssh/rc 383.Pa ~/.ssh/rc
384exists, runs it; else if 384exists, runs it; else if
385.Pa /etc/ssh/sshrc 385.Pa /etc/ssh/sshrc
386exists, runs 386exists, runs
@@ -393,7 +393,7 @@ authentication protocol and cookie in standard input.
393Runs user's shell or command. 393Runs user's shell or command.
394.El 394.El
395.Sh AUTHORIZED_KEYS FILE FORMAT 395.Sh AUTHORIZED_KEYS FILE FORMAT
396.Pa $HOME/.ssh/authorized_keys 396.Pa ~/.ssh/authorized_keys
397is the default file that lists the public keys that are 397is the default file that lists the public keys that are
398permitted for RSA authentication in protocol version 1 398permitted for RSA authentication in protocol version 1
399and for public key authentication (PubkeyAuthentication) 399and for public key authentication (PubkeyAuthentication)
@@ -531,7 +531,7 @@ permitopen="10.2.1.55:80",permitopen="10.2.1.56:25" 1024 33 23...2323
531The 531The
532.Pa /etc/ssh/ssh_known_hosts 532.Pa /etc/ssh/ssh_known_hosts
533and 533and
534.Pa $HOME/.ssh/known_hosts 534.Pa ~/.ssh/known_hosts
535files contain host public keys for all known hosts. 535files contain host public keys for all known hosts.
536The global file should 536The global file should
537be prepared by the administrator (optional), and the per-user file is 537be prepared by the administrator (optional), and the per-user file is
@@ -642,7 +642,7 @@ listening for connections (if there are several daemons running
642concurrently for different ports, this contains the process ID of the one 642concurrently for different ports, this contains the process ID of the one
643started last). 643started last).
644The content of this file is not sensitive; it can be world-readable. 644The content of this file is not sensitive; it can be world-readable.
645.It Pa $HOME/.ssh/authorized_keys 645.It Pa ~/.ssh/authorized_keys
646Lists the public keys (RSA or DSA) that can be used to log into the user's account. 646Lists the public keys (RSA or DSA) that can be used to log into the user's account.
647This file must be readable by root (which may on some machines imply 647This file must be readable by root (which may on some machines imply
648it being world-readable if the user's home directory resides on an NFS 648it being world-readable if the user's home directory resides on an NFS
@@ -656,7 +656,7 @@ and/or
656.Pa id_rsa.pub 656.Pa id_rsa.pub
657files into this file, as described in 657files into this file, as described in
658.Xr ssh-keygen 1 . 658.Xr ssh-keygen 1 .
659.It Pa "/etc/ssh/ssh_known_hosts", "$HOME/.ssh/known_hosts" 659.It Pa "/etc/ssh/ssh_known_hosts", "~/.ssh/known_hosts"
660These files are consulted when using rhosts with RSA host 660These files are consulted when using rhosts with RSA host
661authentication or protocol version 2 hostbased authentication 661authentication or protocol version 2 hostbased authentication
662to check the public key of the host. 662to check the public key of the host.
@@ -666,12 +666,12 @@ to verify that it is connecting to the correct remote host.
666These files should be writable only by root/the owner. 666These files should be writable only by root/the owner.
667.Pa /etc/ssh/ssh_known_hosts 667.Pa /etc/ssh/ssh_known_hosts
668should be world-readable, and 668should be world-readable, and
669.Pa $HOME/.ssh/known_hosts 669.Pa ~/.ssh/known_hosts
670can, but need not be, world-readable. 670can, but need not be, world-readable.
671.It Pa /etc/motd 671.It Pa /etc/motd
672See 672See
673.Xr motd 5 . 673.Xr motd 5 .
674.It Pa $HOME/.hushlogin 674.It Pa ~/.hushlogin
675This file is used to suppress printing the last login time and 675This file is used to suppress printing the last login time and
676.Pa /etc/motd , 676.Pa /etc/motd ,
677if 677if
@@ -694,7 +694,7 @@ The file should be world-readable.
694Access controls that should be enforced by tcp-wrappers are defined here. 694Access controls that should be enforced by tcp-wrappers are defined here.
695Further details are described in 695Further details are described in
696.Xr hosts_access 5 . 696.Xr hosts_access 5 .
697.It Pa $HOME/.rhosts 697.It Pa ~/.rhosts
698This file is used during 698This file is used during
699.Cm RhostsRSAAuthentication 699.Cm RhostsRSAAuthentication
700and 700and
@@ -712,7 +712,7 @@ It is also possible to use netgroups in the file.
712Either host or user 712Either host or user
713name may be of the form +@groupname to specify all hosts or all users 713name may be of the form +@groupname to specify all hosts or all users
714in the group. 714in the group.
715.It Pa $HOME/.shosts 715.It Pa ~/.shosts
716For ssh, 716For ssh,
717this file is exactly the same as for 717this file is exactly the same as for
718.Pa .rhosts . 718.Pa .rhosts .
@@ -761,7 +761,7 @@ This is processed exactly as
761.Pa /etc/hosts.equiv . 761.Pa /etc/hosts.equiv .
762However, this file may be useful in environments that want to run both 762However, this file may be useful in environments that want to run both
763rsh/rlogin and ssh. 763rsh/rlogin and ssh.
764.It Pa $HOME/.ssh/environment 764.It Pa ~/.ssh/environment
765This file is read into the environment at login (if it exists). 765This file is read into the environment at login (if it exists).
766It can only contain empty lines, comment lines (that start with 766It can only contain empty lines, comment lines (that start with
767.Ql # ) , 767.Ql # ) ,
@@ -772,7 +772,7 @@ Environment processing is disabled by default and is
772controlled via the 772controlled via the
773.Cm PermitUserEnvironment 773.Cm PermitUserEnvironment
774option. 774option.
775.It Pa $HOME/.ssh/rc 775.It Pa ~/.ssh/rc
776If this file exists, it is run with 776If this file exists, it is run with
777.Pa /bin/sh 777.Pa /bin/sh
778after reading the 778after reading the
@@ -817,7 +817,7 @@ This file should be writable only by the user, and need not be
817readable by anyone else. 817readable by anyone else.
818.It Pa /etc/ssh/sshrc 818.It Pa /etc/ssh/sshrc
819Like 819Like
820.Pa $HOME/.ssh/rc . 820.Pa ~/.ssh/rc .
821This can be used to specify 821This can be used to specify
822machine-specific login-time initializations globally. 822machine-specific login-time initializations globally.
823This file should be writable only by root, and should be world-readable. 823This file should be writable only by root, and should be world-readable.