- jmc@cvs.openbsd.org 2006/01/04 18:42:46
[ssh.1] chop out some duplication in the .{r,s}hosts/{h,sh}osts.equiv FILES entries; ok markus
This commit is contained in:
parent
4c102eede3
commit
1bcdb50a3d
|
@ -15,6 +15,11 @@
|
|||
- jmc@cvs.openbsd.org 2006/01/03 16:55:18
|
||||
[ssh.1]
|
||||
tweak the description of ~/.ssh/environment
|
||||
- jmc@cvs.openbsd.org 2006/01/04 18:42:46
|
||||
[ssh.1]
|
||||
chop out some duplication in the .{r,s}hosts/{h,sh}osts.equiv FILES
|
||||
entries;
|
||||
ok markus
|
||||
|
||||
20060103
|
||||
- (djm) [channels.c] clean up harmless merge error, from reyk@
|
||||
|
@ -3649,4 +3654,4 @@
|
|||
- (djm) Trim deprecated options from INSTALL. Mention UsePAM
|
||||
- (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu
|
||||
|
||||
$Id: ChangeLog,v 1.4077 2006/01/06 03:49:17 djm Exp $
|
||||
$Id: ChangeLog,v 1.4078 2006/01/06 03:49:38 djm Exp $
|
||||
|
|
69
ssh.1
69
ssh.1
|
@ -34,7 +34,7 @@
|
|||
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
|
||||
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
.\"
|
||||
.\" $OpenBSD: ssh.1,v 1.239 2006/01/03 16:55:18 jmc Exp $
|
||||
.\" $OpenBSD: ssh.1,v 1.240 2006/01/04 18:42:46 jmc Exp $
|
||||
.Dd September 25, 1999
|
||||
.Dt SSH 1
|
||||
.Os
|
||||
|
@ -1055,19 +1055,9 @@ option in
|
|||
.Sh FILES
|
||||
.Bl -tag -width Ds -compact
|
||||
.It ~/.rhosts
|
||||
This file is used in
|
||||
.Cm RhostsRSAAuthentication
|
||||
and
|
||||
.Cm HostbasedAuthentication
|
||||
authentication to list the
|
||||
host/user pairs that are permitted to log in.
|
||||
(Note that this file is
|
||||
also used by rlogin and rsh, which makes using this file insecure.)
|
||||
Each line of the file contains a host name (in the canonical form
|
||||
returned by name servers), and then a user name on that host,
|
||||
separated by a space.
|
||||
This file is used for host-based authentication (see above).
|
||||
On some machines this file may need to be
|
||||
world-readable if the user's home directory is on a NFS partition,
|
||||
world-readable if the user's home directory is on an NFS partition,
|
||||
because
|
||||
.Xr sshd 8
|
||||
reads it as root.
|
||||
|
@ -1077,31 +1067,11 @@ The recommended
|
|||
permission for most machines is read/write for the user, and not
|
||||
accessible by others.
|
||||
.Pp
|
||||
Note that
|
||||
.Xr sshd 8
|
||||
allows authentication only in combination with client host key
|
||||
authentication before permitting log in.
|
||||
If the server machine does not have the client's host key in
|
||||
.Pa /etc/ssh/ssh_known_hosts ,
|
||||
it can be stored in
|
||||
.Pa ~/.ssh/known_hosts .
|
||||
The easiest way to do this is to
|
||||
connect back to the client from the server machine using ssh; this
|
||||
will automatically add the host key to
|
||||
.Pa ~/.ssh/known_hosts .
|
||||
.Pp
|
||||
.It ~/.shosts
|
||||
This file is used exactly the same way as
|
||||
.Pa .rhosts .
|
||||
The purpose for
|
||||
having this file is to be able to use
|
||||
.Cm RhostsRSAAuthentication
|
||||
and
|
||||
.Cm HostbasedAuthentication
|
||||
authentication without permitting login with
|
||||
.Xr rlogin
|
||||
or
|
||||
.Xr rsh 1 .
|
||||
This file is used in exactly the same way as
|
||||
.Pa .rhosts ,
|
||||
but allows host-based authentication without permitting login with
|
||||
rlogin/rsh.
|
||||
.Pp
|
||||
.It ~/.ssh/authorized_keys
|
||||
Lists the public keys (RSA/DSA) that can be used for logging in as this user.
|
||||
|
@ -1166,27 +1136,14 @@ See the
|
|||
manual page for more information.
|
||||
.Pp
|
||||
.It /etc/hosts.equiv
|
||||
This file is used during
|
||||
.Cm RhostsRSAAuthentication
|
||||
and
|
||||
.Cm HostbasedAuthentication
|
||||
authentication.
|
||||
It contains
|
||||
canonical hosts names, one per line (the full format is described in the
|
||||
.Xr sshd 8
|
||||
manual page).
|
||||
If the client host is found in this file, login is
|
||||
automatically permitted provided client and server user names are the
|
||||
same.
|
||||
Additionally, successful client host key authentication is required.
|
||||
This file should only be writable by root.
|
||||
This file is for host-based authentication (see above).
|
||||
It should only be writable by root.
|
||||
.Pp
|
||||
.It /etc/shosts.equiv
|
||||
This file is processed exactly as
|
||||
.Pa /etc/hosts.equiv .
|
||||
This file may be useful to permit logins using
|
||||
.Nm
|
||||
but not using rsh/rlogin.
|
||||
This file is used in exactly the same way as
|
||||
.Pa hosts.equiv ,
|
||||
but allows host-based authentication without permitting login with
|
||||
rlogin/rsh.
|
||||
.Pp
|
||||
.It Pa /etc/ssh/ssh_config
|
||||
Systemwide configuration file.
|
||||
|
|
Loading…
Reference in New Issue