]>
Commit | Line | Data |
---|---|---|
fa0f0f45 | 1 | .\" $OpenBSD: ssh-keysign.8,v 1.9 2007/05/31 19:20:16 jmc Exp $ |
884dc78b | 2 | .\" |
3 | .\" Copyright (c) 2002 Markus Friedl. All rights reserved. | |
4 | .\" | |
5 | .\" Redistribution and use in source and binary forms, with or without | |
6 | .\" modification, are permitted provided that the following conditions | |
7 | .\" are met: | |
8 | .\" 1. Redistributions of source code must retain the above copyright | |
9 | .\" notice, this list of conditions and the following disclaimer. | |
10 | .\" 2. Redistributions in binary form must reproduce the above copyright | |
11 | .\" notice, this list of conditions and the following disclaimer in the | |
12 | .\" documentation and/or other materials provided with the distribution. | |
13 | .\" | |
14 | .\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR | |
15 | .\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES | |
16 | .\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. | |
17 | .\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, | |
18 | .\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | |
19 | .\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, | |
20 | .\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY | |
21 | .\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT | |
22 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | |
23 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | |
24 | .\" | |
fa0f0f45 | 25 | .Dd $Mdocdate: June 5 2007 $ |
884dc78b | 26 | .Dt SSH-KEYSIGN 8 |
27 | .Os | |
28 | .Sh NAME | |
29 | .Nm ssh-keysign | |
30460aeb | 30 | .Nd ssh helper program for host-based authentication |
884dc78b | 31 | .Sh SYNOPSIS |
32 | .Nm | |
33 | .Sh DESCRIPTION | |
34 | .Nm | |
35 | is used by | |
36 | .Xr ssh 1 | |
37 | to access the local host keys and generate the digital signature | |
30460aeb | 38 | required during host-based authentication with SSH protocol version 2. |
d03f4262 | 39 | .Pp |
40 | .Nm | |
41 | is disabled by default and can only be enabled in the | |
bfe49944 | 42 | global client configuration file |
d03f4262 | 43 | .Pa /etc/ssh/ssh_config |
44 | by setting | |
bfe49944 | 45 | .Cm EnableSSHKeysign |
d03f4262 | 46 | to |
47 | .Dq yes . | |
48 | .Pp | |
884dc78b | 49 | .Nm |
50 | is not intended to be invoked by the user, but from | |
51 | .Xr ssh 1 . | |
52 | See | |
53 | .Xr ssh 1 | |
54 | and | |
55 | .Xr sshd 8 | |
30460aeb | 56 | for more information about host-based authentication. |
884dc78b | 57 | .Sh FILES |
58 | .Bl -tag -width Ds | |
d03f4262 | 59 | .It Pa /etc/ssh/ssh_config |
60 | Controls whether | |
61 | .Nm | |
62 | is enabled. | |
884dc78b | 63 | .It Pa /etc/ssh/ssh_host_dsa_key, /etc/ssh/ssh_host_rsa_key |
64 | These files contain the private parts of the host keys used to | |
bfe49944 | 65 | generate the digital signature. |
66 | They should be owned by root, readable only by root, and not | |
884dc78b | 67 | accessible to others. |
68 | Since they are readable only by root, | |
69 | .Nm | |
30460aeb | 70 | must be set-uid root if host-based authentication is used. |
884dc78b | 71 | .El |
72 | .Sh SEE ALSO | |
73 | .Xr ssh 1 , | |
74 | .Xr ssh-keygen 1 , | |
d03f4262 | 75 | .Xr ssh_config 5 , |
884dc78b | 76 | .Xr sshd 8 |
884dc78b | 77 | .Sh HISTORY |
78 | .Nm | |
79 | first appeared in | |
80 | .Ox 3.2 . | |
7cac2b65 | 81 | .Sh AUTHORS |
82 | .An Markus Friedl Aq markus@openbsd.org |