[gssapi-openssh.git] / openssh / ssh-keysign.8

.\" $OpenBSD: ssh-keysign.8,v 1.9 2007/05/31 19:20:16 jmc Exp $
.\"
.\" Copyright (c) 2002 Markus Friedl.  All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in the
.\"    documentation and/or other materials provided with the distribution.
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: May 31 2007 $
.Dt SSH-KEYSIGN 8
.Os
.Sh NAME
.Nm ssh-keysign
.Nd ssh helper program for host-based authentication
.Sh SYNOPSIS
.Nm
.Sh DESCRIPTION
.Nm
is used by
.Xr ssh 1
to access the local host keys and generate the digital signature
required during host-based authentication with SSH protocol version 2.
.Pp
.Nm
is disabled by default and can only be enabled in the
global client configuration file
.Pa /etc/ssh/ssh_config
by setting
.Cm EnableSSHKeysign
to
.Dq yes .
.Pp
.Nm
is not intended to be invoked by the user, but from
.Xr ssh 1 .
See
.Xr ssh 1
and
.Xr sshd 8
for more information about host-based authentication.
.Sh FILES
.Bl -tag -width Ds
.It Pa /etc/ssh/ssh_config
Controls whether
.Nm
is enabled.
.It Pa /etc/ssh/ssh_host_dsa_key, /etc/ssh/ssh_host_rsa_key
These files contain the private parts of the host keys used to
generate the digital signature.
They should be owned by root, readable only by root, and not
accessible to others.
Since they are readable only by root,
.Nm
must be set-uid root if host-based authentication is used.
.El
.Sh SEE ALSO
.Xr ssh 1 ,
.Xr ssh-keygen 1 ,
.Xr ssh_config 5 ,
.Xr sshd 8
.Sh HISTORY
.Nm
first appeared in
.Ox 3.2 .
.Sh AUTHORS
.An Markus Friedl Aq markus@openbsd.org
Commit	Line	Data
d4487008	1	.\" $OpenBSD: ssh-keysign.8,v 1.9 2007/05/31 19:20:16 jmc Exp $
f5799ae1	2	.\"
	3	.\" Copyright (c) 2002 Markus Friedl. All rights reserved.
	4	.\"
	5	.\" Redistribution and use in source and binary forms, with or without
	6	.\" modification, are permitted provided that the following conditions
	7	.\" are met:
	8	.\" 1. Redistributions of source code must retain the above copyright
	9	.\" notice, this list of conditions and the following disclaimer.
	10	.\" 2. Redistributions in binary form must reproduce the above copyright
	11	.\" notice, this list of conditions and the following disclaimer in the
	12	.\" documentation and/or other materials provided with the distribution.
	13	.\"
	14	.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
	15	.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
	16	.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
	17	.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
	18	.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
	19	.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
	20	.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
	21	.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
	22	.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
	23	.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
	24	.\"
22616013	25	.Dd $Mdocdate: May 31 2007 $
f5799ae1	26	.Dt SSH-KEYSIGN 8
	27	.Os
	28	.Sh NAME
	29	.Nm ssh-keysign
9108f8d9	30	.Nd ssh helper program for host-based authentication
f5799ae1	31	.Sh SYNOPSIS
	32	.Nm
	33	.Sh DESCRIPTION
	34	.Nm
	35	is used by
	36	.Xr ssh 1
	37	to access the local host keys and generate the digital signature
9108f8d9	38	required during host-based authentication with SSH protocol version 2.
41b2f314	39	.Pp
	40	.Nm
	41	is disabled by default and can only be enabled in the
6a9b3198	42	global client configuration file
41b2f314	43	.Pa /etc/ssh/ssh_config
41b2f314	44	by setting
6a9b3198	45	.Cm EnableSSHKeysign
41b2f314	46	to
	47	.Dq yes .
	48	.Pp
f5799ae1	49	.Nm
	50	is not intended to be invoked by the user, but from
	51	.Xr ssh 1 .
	52	See
	53	.Xr ssh 1
	54	and
	55	.Xr sshd 8
9108f8d9	56	for more information about host-based authentication.
f5799ae1	57	.Sh FILES
f5799ae1	58	.Bl -tag -width Ds
41b2f314	59	.It Pa /etc/ssh/ssh_config
	60	Controls whether
	61	.Nm
	62	is enabled.
f5799ae1	63	.It Pa /etc/ssh/ssh_host_dsa_key, /etc/ssh/ssh_host_rsa_key
f5799ae1	64	These files contain the private parts of the host keys used to
6a9b3198	65	generate the digital signature.
6a9b3198	66	They should be owned by root, readable only by root, and not
f5799ae1	67	accessible to others.
	68	Since they are readable only by root,
	69	.Nm
9108f8d9	70	must be set-uid root if host-based authentication is used.
f5799ae1	71	.El
	72	.Sh SEE ALSO
	73	.Xr ssh 1 ,
	74	.Xr ssh-keygen 1 ,
41b2f314	75	.Xr ssh_config 5 ,
f5799ae1	76	.Xr sshd 8
f5799ae1	77	.Sh HISTORY
	78	.Nm
	79	first appeared in
	80	.Ox 3.2 .
0fff78ff	81	.Sh AUTHORS
0fff78ff	82	.An Markus Friedl Aq markus@openbsd.org