summaryrefslogtreecommitdiff
path: root/sshd.8
diff options
context:
space:
mode:
Diffstat (limited to 'sshd.8')
-rw-r--r--sshd.850
1 files changed, 8 insertions, 42 deletions
diff --git a/sshd.8 b/sshd.8
index 6df9d8aab..24c149975 100644
--- a/sshd.8
+++ b/sshd.8
@@ -34,7 +34,7 @@
34.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 34.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
35.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 35.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
36.\" 36.\"
37.\" $OpenBSD: sshd.8,v 1.226 2006/02/19 19:52:10 jmc Exp $ 37.\" $OpenBSD: sshd.8,v 1.227 2006/02/19 20:02:17 jmc Exp $
38.Dd September 25, 1999 38.Dd September 25, 1999
39.Dt SSHD 8 39.Dt SSHD 8
40.Os 40.Os
@@ -708,43 +708,9 @@ Further details are described in
708.Xr hosts_access 5 . 708.Xr hosts_access 5 .
709.Pp 709.Pp
710.It /etc/hosts.equiv 710.It /etc/hosts.equiv
711This file is used during 711This file is for host-based authentication (see
712.Cm RhostsRSAAuthentication 712.Xr ssh 1 ) .
713and 713It should only be writable by root.
714.Cm HostbasedAuthentication
715authentication.
716In the simplest form, this file contains host names, one per line.
717Users on
718those hosts are permitted to log in without a password, provided they
719have the same user name on both machines.
720The host name may also be
721followed by a user name; such users are permitted to log in as
722.Em any
723user on this machine (except root).
724Additionally, the syntax
725.Dq +@group
726can be used to specify netgroups.
727Negated entries start with
728.Ql \&- .
729.Pp
730If the client host/user is successfully matched in this file, login is
731automatically permitted provided the client and server user names are the
732same.
733Additionally, successful client host key authentication is required.
734This file must be writable only by root; it is recommended
735that it be world-readable.
736.Pp
737.Sy "Warning: It is almost never a good idea to use user names in"
738.Pa hosts.equiv .
739Beware that it really means that the named user(s) can log in as
740.Em anybody ,
741which includes bin, daemon, adm, and other accounts that own critical
742binaries and directories.
743Using a user name practically grants the user root access.
744The only valid use for user names that I can think
745of is in negative entries.
746.Pp
747Note that this warning also applies to rsh/rlogin.
748.Pp 714.Pp
749.It /etc/moduli 715.It /etc/moduli
750Contains Diffie-Hellman groups used for the "Diffie-Hellman Group Exchange". 716Contains Diffie-Hellman groups used for the "Diffie-Hellman Group Exchange".
@@ -765,10 +731,10 @@ refused.
765The file should be world-readable. 731The file should be world-readable.
766.Pp 732.Pp
767.It /etc/shosts.equiv 733.It /etc/shosts.equiv
768This is processed exactly as 734This file is used in exactly the same way as
769.Pa /etc/hosts.equiv . 735.Pa hosts.equiv ,
770However, this file may be useful in environments that want to run both 736but allows host-based authentication without permitting login with
771rsh/rlogin and ssh. 737rlogin/rsh.
772.Pp 738.Pp
773.It /etc/ssh/ssh_known_hosts 739.It /etc/ssh/ssh_known_hosts
774Systemwide list of known host keys. 740Systemwide list of known host keys.