diff options
Diffstat (limited to 'sshd.8')
-rw-r--r-- | sshd.8 | 50 |
1 files changed, 8 insertions, 42 deletions
@@ -34,7 +34,7 @@ | |||
34 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 34 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
35 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 35 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
36 | .\" | 36 | .\" |
37 | .\" $OpenBSD: sshd.8,v 1.226 2006/02/19 19:52:10 jmc Exp $ | 37 | .\" $OpenBSD: sshd.8,v 1.227 2006/02/19 20:02:17 jmc Exp $ |
38 | .Dd September 25, 1999 | 38 | .Dd September 25, 1999 |
39 | .Dt SSHD 8 | 39 | .Dt SSHD 8 |
40 | .Os | 40 | .Os |
@@ -708,43 +708,9 @@ Further details are described in | |||
708 | .Xr hosts_access 5 . | 708 | .Xr hosts_access 5 . |
709 | .Pp | 709 | .Pp |
710 | .It /etc/hosts.equiv | 710 | .It /etc/hosts.equiv |
711 | This file is used during | 711 | This file is for host-based authentication (see |
712 | .Cm RhostsRSAAuthentication | 712 | .Xr ssh 1 ) . |
713 | and | 713 | It should only be writable by root. |
714 | .Cm HostbasedAuthentication | ||
715 | authentication. | ||
716 | In the simplest form, this file contains host names, one per line. | ||
717 | Users on | ||
718 | those hosts are permitted to log in without a password, provided they | ||
719 | have the same user name on both machines. | ||
720 | The host name may also be | ||
721 | followed by a user name; such users are permitted to log in as | ||
722 | .Em any | ||
723 | user on this machine (except root). | ||
724 | Additionally, the syntax | ||
725 | .Dq +@group | ||
726 | can be used to specify netgroups. | ||
727 | Negated entries start with | ||
728 | .Ql \&- . | ||
729 | .Pp | ||
730 | If the client host/user is successfully matched in this file, login is | ||
731 | automatically permitted provided the client and server user names are the | ||
732 | same. | ||
733 | Additionally, successful client host key authentication is required. | ||
734 | This file must be writable only by root; it is recommended | ||
735 | that it be world-readable. | ||
736 | .Pp | ||
737 | .Sy "Warning: It is almost never a good idea to use user names in" | ||
738 | .Pa hosts.equiv . | ||
739 | Beware that it really means that the named user(s) can log in as | ||
740 | .Em anybody , | ||
741 | which includes bin, daemon, adm, and other accounts that own critical | ||
742 | binaries and directories. | ||
743 | Using a user name practically grants the user root access. | ||
744 | The only valid use for user names that I can think | ||
745 | of is in negative entries. | ||
746 | .Pp | ||
747 | Note that this warning also applies to rsh/rlogin. | ||
748 | .Pp | 714 | .Pp |
749 | .It /etc/moduli | 715 | .It /etc/moduli |
750 | Contains Diffie-Hellman groups used for the "Diffie-Hellman Group Exchange". | 716 | Contains Diffie-Hellman groups used for the "Diffie-Hellman Group Exchange". |
@@ -765,10 +731,10 @@ refused. | |||
765 | The file should be world-readable. | 731 | The file should be world-readable. |
766 | .Pp | 732 | .Pp |
767 | .It /etc/shosts.equiv | 733 | .It /etc/shosts.equiv |
768 | This is processed exactly as | 734 | This file is used in exactly the same way as |
769 | .Pa /etc/hosts.equiv . | 735 | .Pa hosts.equiv , |
770 | However, this file may be useful in environments that want to run both | 736 | but allows host-based authentication without permitting login with |
771 | rsh/rlogin and ssh. | 737 | rlogin/rsh. |
772 | .Pp | 738 | .Pp |
773 | .It /etc/ssh/ssh_known_hosts | 739 | .It /etc/ssh/ssh_known_hosts |
774 | Systemwide list of known host keys. | 740 | Systemwide list of known host keys. |