- jmc@cvs.openbsd.org 2006/02/16 09:05:34
[sshd.8]
sync some of the FILES entries w/ ssh.1;
This commit is contained in:
Damien Miller
parent
bc1936ad87
commit
adc35b9583
|
|
@ -116,6 +116,9 @@
|
|||
- jmc@cvs.openbsd.org 2006/02/15 16:55:33
|
||||
[sshd.8]
|
||||
remove ietf draft references; RFC list now maintained in ssh.1;
|
||||
- jmc@cvs.openbsd.org 2006/02/16 09:05:34
|
||||
[sshd.8]
|
||||
sync some of the FILES entries w/ ssh.1;
|
||||
|
||||
20060313
|
||||
- (dtucker) [configure.ac] Bug #1171: Don't use printf("%lld", longlong)
|
||||
|
|
@ -4017,4 +4020,4 @@
|
|||
- (djm) Trim deprecated options from INSTALL. Mention UsePAM
|
||||
- (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu
|
||||
|
||||
$Id: ChangeLog,v 1.4172 2006/03/15 00:35:05 djm Exp $
|
||||
$Id: ChangeLog,v 1.4173 2006/03/15 00:35:27 djm Exp $
|
||||
|
|
|
|||
78
sshd.8
78
sshd.8
|
|
@ -34,7 +34,7 @@
|
|||
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
|
||||
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
.\"
|
||||
.\" $OpenBSD: sshd.8,v 1.224 2006/02/15 16:55:33 jmc Exp $
|
||||
.\" $OpenBSD: sshd.8,v 1.225 2006/02/16 09:05:34 jmc Exp $
|
||||
.Dd September 25, 1999
|
||||
.Dt SSHD 8
|
||||
.Os
|
||||
|
|
@ -605,45 +605,31 @@ It does not suppress printing of the banner specified by
|
|||
.Cm Banner .
|
||||
.Pp
|
||||
.It ~/.rhosts
|
||||
This file is used during
|
||||
.Cm RhostsRSAAuthentication
|
||||
and
|
||||
.Cm HostbasedAuthentication
|
||||
and contains host-username pairs, separated by a space, one per
|
||||
line.
|
||||
The given user on the corresponding host is permitted to log in
|
||||
without a password.
|
||||
The same file is used by rlogind and rshd.
|
||||
The file must
|
||||
be writable only by the user; it is recommended that it not be
|
||||
This file is used for host-based authentication (see
|
||||
.Xr ssh 1
|
||||
for more information).
|
||||
On some machines this file may need to be
|
||||
world-readable if the user's home directory is on an NFS partition,
|
||||
because
|
||||
.Nm
|
||||
reads it as root.
|
||||
Additionally, this file must be owned by the user,
|
||||
and must not have write permissions for anyone else.
|
||||
The recommended
|
||||
permission for most machines is read/write for the user, and not
|
||||
accessible by others.
|
||||
.Pp
|
||||
It is also possible to use netgroups in the file.
|
||||
Either host or user
|
||||
name may be of the form +@groupname to specify all hosts or all users
|
||||
in the group.
|
||||
.Pp
|
||||
.It ~/.shosts
|
||||
For ssh,
|
||||
this file is exactly the same as for
|
||||
.Pa .rhosts .
|
||||
However, this file is
|
||||
not used by rlogin and rshd, so using this permits access using SSH only.
|
||||
This file is used in exactly the same way as
|
||||
.Pa .rhosts ,
|
||||
but allows host-based authentication without permitting login with
|
||||
rlogin/rsh.
|
||||
.Pp
|
||||
.It ~/.ssh/authorized_keys
|
||||
Lists the public keys (RSA or DSA) that can be used to log into the user's account.
|
||||
This file must be readable by root (which may on some machines imply
|
||||
it being world-readable if the user's home directory resides on an NFS
|
||||
volume).
|
||||
It is recommended that it not be accessible by others.
|
||||
Lists the public keys (RSA/DSA) that can be used for logging in as this user.
|
||||
The format of this file is described above.
|
||||
Users will place the contents of their
|
||||
.Pa identity.pub ,
|
||||
.Pa id_dsa.pub
|
||||
and/or
|
||||
.Pa id_rsa.pub
|
||||
files into this file, as described in
|
||||
.Xr ssh-keygen 1 .
|
||||
This file is not highly sensitive, but the recommended
|
||||
permissions are read/write for the user, and not accessible by others.
|
||||
.Pp
|
||||
.It ~/.ssh/environment
|
||||
This file is read into the environment at login (if it exists).
|
||||
|
|
@ -658,17 +644,10 @@ controlled via the
|
|||
option.
|
||||
.Pp
|
||||
.It ~/.ssh/known_hosts
|
||||
.It /etc/ssh/ssh_known_hosts
|
||||
These files are consulted when using rhosts with RSA host
|
||||
authentication or protocol version 2 hostbased authentication
|
||||
to check the public key of the host.
|
||||
The key must be listed in one of these files to be accepted.
|
||||
The client uses the same files
|
||||
to verify that it is connecting to the correct remote host.
|
||||
These files should be writable only by root/the owner.
|
||||
.Pa /etc/ssh/ssh_known_hosts
|
||||
should be world-readable, and
|
||||
.Pa ~/.ssh/known_hosts
|
||||
Contains a list of host keys for all hosts the user has logged into
|
||||
that are not already in the systemwide list of known host keys.
|
||||
The format of this file is described above.
|
||||
This file should be writable only by root/the owner and
|
||||
can, but need not be, world-readable.
|
||||
.Pp
|
||||
.It ~/.ssh/rc
|
||||
|
|
@ -784,6 +763,15 @@ This is processed exactly as
|
|||
However, this file may be useful in environments that want to run both
|
||||
rsh/rlogin and ssh.
|
||||
.Pp
|
||||
.It /etc/ssh/ssh_known_hosts
|
||||
Systemwide list of known host keys.
|
||||
This file should be prepared by the
|
||||
system administrator to contain the public host keys of all machines in the
|
||||
organization.
|
||||
The format of this file is described above.
|
||||
This file should be writable only by root/the owner and
|
||||
should be world-readable.
|
||||
.Pp
|
||||
.It /etc/ssh/ssh_host_key
|
||||
.It /etc/ssh/ssh_host_dsa_key
|
||||
.It /etc/ssh/ssh_host_rsa_key
|
||||
|
|
|
|||
Loading…
Reference in New Issue