- jmc@cvs.openbsd.org 2006/02/16 09:05:34

[sshd.8]
     sync some of the FILES entries w/ ssh.1;
This commit is contained in:
Damien Miller 2006-03-15 11:35:27 +11:00
parent bc1936ad87
commit adc35b9583
2 changed files with 37 additions and 46 deletions

View File

@ -116,6 +116,9 @@
- jmc@cvs.openbsd.org 2006/02/15 16:55:33
[sshd.8]
remove ietf draft references; RFC list now maintained in ssh.1;
- jmc@cvs.openbsd.org 2006/02/16 09:05:34
[sshd.8]
sync some of the FILES entries w/ ssh.1;
20060313
- (dtucker) [configure.ac] Bug #1171: Don't use printf("%lld", longlong)
@ -4017,4 +4020,4 @@
- (djm) Trim deprecated options from INSTALL. Mention UsePAM
- (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu
$Id: ChangeLog,v 1.4172 2006/03/15 00:35:05 djm Exp $
$Id: ChangeLog,v 1.4173 2006/03/15 00:35:27 djm Exp $

78
sshd.8
View File

@ -34,7 +34,7 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.\" $OpenBSD: sshd.8,v 1.224 2006/02/15 16:55:33 jmc Exp $
.\" $OpenBSD: sshd.8,v 1.225 2006/02/16 09:05:34 jmc Exp $
.Dd September 25, 1999
.Dt SSHD 8
.Os
@ -605,45 +605,31 @@ It does not suppress printing of the banner specified by
.Cm Banner .
.Pp
.It ~/.rhosts
This file is used during
.Cm RhostsRSAAuthentication
and
.Cm HostbasedAuthentication
and contains host-username pairs, separated by a space, one per
line.
The given user on the corresponding host is permitted to log in
without a password.
The same file is used by rlogind and rshd.
The file must
be writable only by the user; it is recommended that it not be
This file is used for host-based authentication (see
.Xr ssh 1
for more information).
On some machines this file may need to be
world-readable if the user's home directory is on an NFS partition,
because
.Nm
reads it as root.
Additionally, this file must be owned by the user,
and must not have write permissions for anyone else.
The recommended
permission for most machines is read/write for the user, and not
accessible by others.
.Pp
It is also possible to use netgroups in the file.
Either host or user
name may be of the form +@groupname to specify all hosts or all users
in the group.
.Pp
.It ~/.shosts
For ssh,
this file is exactly the same as for
.Pa .rhosts .
However, this file is
not used by rlogin and rshd, so using this permits access using SSH only.
This file is used in exactly the same way as
.Pa .rhosts ,
but allows host-based authentication without permitting login with
rlogin/rsh.
.Pp
.It ~/.ssh/authorized_keys
Lists the public keys (RSA or DSA) that can be used to log into the user's account.
This file must be readable by root (which may on some machines imply
it being world-readable if the user's home directory resides on an NFS
volume).
It is recommended that it not be accessible by others.
Lists the public keys (RSA/DSA) that can be used for logging in as this user.
The format of this file is described above.
Users will place the contents of their
.Pa identity.pub ,
.Pa id_dsa.pub
and/or
.Pa id_rsa.pub
files into this file, as described in
.Xr ssh-keygen 1 .
This file is not highly sensitive, but the recommended
permissions are read/write for the user, and not accessible by others.
.Pp
.It ~/.ssh/environment
This file is read into the environment at login (if it exists).
@ -658,17 +644,10 @@ controlled via the
option.
.Pp
.It ~/.ssh/known_hosts
.It /etc/ssh/ssh_known_hosts
These files are consulted when using rhosts with RSA host
authentication or protocol version 2 hostbased authentication
to check the public key of the host.
The key must be listed in one of these files to be accepted.
The client uses the same files
to verify that it is connecting to the correct remote host.
These files should be writable only by root/the owner.
.Pa /etc/ssh/ssh_known_hosts
should be world-readable, and
.Pa ~/.ssh/known_hosts
Contains a list of host keys for all hosts the user has logged into
that are not already in the systemwide list of known host keys.
The format of this file is described above.
This file should be writable only by root/the owner and
can, but need not be, world-readable.
.Pp
.It ~/.ssh/rc
@ -784,6 +763,15 @@ This is processed exactly as
However, this file may be useful in environments that want to run both
rsh/rlogin and ssh.
.Pp
.It /etc/ssh/ssh_known_hosts
Systemwide list of known host keys.
This file should be prepared by the
system administrator to contain the public host keys of all machines in the
organization.
The format of this file is described above.
This file should be writable only by root/the owner and
should be world-readable.
.Pp
.It /etc/ssh/ssh_host_key
.It /etc/ssh/ssh_host_dsa_key
.It /etc/ssh/ssh_host_rsa_key