[gssapi-openssh.git] / openssh / ssh-keysign.8

.\" $OpenBSD: ssh-keysign.8,v 1.3 2002/07/03 14:21:05 markus Exp $
.\"
.\" Copyright (c) 2002 Markus Friedl.  All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in the
.\"    documentation and/or other materials provided with the distribution.
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd May 24, 2002
.Dt SSH-KEYSIGN 8
.Os
.Sh NAME
.Nm ssh-keysign
.Nd ssh helper program for hostbased authentication
.Sh SYNOPSIS
.Nm
.Sh DESCRIPTION
.Nm
is used by
.Xr ssh 1
to access the local host keys and generate the digital signature
required during hostbased authentication with SSH protocol version 2.
.Pp
.Nm
is disabled by default and can only be enabled in the
the global client configuration file
.Pa /etc/ssh/ssh_config
by setting
.Cm HostbasedAuthentication
to
.Dq yes .
.Pp
.Nm
is not intended to be invoked by the user, but from
.Xr ssh 1 .
See
.Xr ssh 1
and
.Xr sshd 8
for more information about hostbased authentication.
.Sh FILES
.Bl -tag -width Ds
.It Pa /etc/ssh/ssh_config
Controls whether
.Nm
is enabled.
.It Pa /etc/ssh/ssh_host_dsa_key, /etc/ssh/ssh_host_rsa_key
These files contain the private parts of the host keys used to
generate the digital signature.  They
should be owned by root, readable only by root, and not
accessible to others.
Since they are readable only by root,
.Nm
must be set-uid root if hostbased authentication is used.
.El
.Sh SEE ALSO
.Xr ssh 1 ,
.Xr ssh-keygen 1 ,
.Xr ssh_config 5 ,
.Xr sshd 8
.Sh AUTHORS
Markus Friedl <markus@openbsd.org>
.Sh HISTORY
.Nm
first appeared in
.Ox 3.2 .
Commit	Line	Data
d03f4262	1	.\" $OpenBSD: ssh-keysign.8,v 1.3 2002/07/03 14:21:05 markus Exp $
884dc78b	2	.\"
	3	.\" Copyright (c) 2002 Markus Friedl. All rights reserved.
	4	.\"
	5	.\" Redistribution and use in source and binary forms, with or without
	6	.\" modification, are permitted provided that the following conditions
	7	.\" are met:
	8	.\" 1. Redistributions of source code must retain the above copyright
	9	.\" notice, this list of conditions and the following disclaimer.
	10	.\" 2. Redistributions in binary form must reproduce the above copyright
	11	.\" notice, this list of conditions and the following disclaimer in the
	12	.\" documentation and/or other materials provided with the distribution.
	13	.\"
	14	.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
	15	.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
	16	.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
	17	.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
	18	.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
	19	.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
	20	.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
	21	.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
	22	.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
	23	.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
	24	.\"
	25	.Dd May 24, 2002
	26	.Dt SSH-KEYSIGN 8
	27	.Os
	28	.Sh NAME
	29	.Nm ssh-keysign
	30	.Nd ssh helper program for hostbased authentication
	31	.Sh SYNOPSIS
	32	.Nm
	33	.Sh DESCRIPTION
	34	.Nm
	35	is used by
	36	.Xr ssh 1
	37	to access the local host keys and generate the digital signature
	38	required during hostbased authentication with SSH protocol version 2.
d03f4262	39	.Pp
	40	.Nm
	41	is disabled by default and can only be enabled in the
	42	the global client configuration file
	43	.Pa /etc/ssh/ssh_config
	44	by setting
	45	.Cm HostbasedAuthentication
	46	to
	47	.Dq yes .
	48	.Pp
884dc78b	49	.Nm
	50	is not intended to be invoked by the user, but from
	51	.Xr ssh 1 .
	52	See
	53	.Xr ssh 1
	54	and
	55	.Xr sshd 8
	56	for more information about hostbased authentication.
	57	.Sh FILES
	58	.Bl -tag -width Ds
d03f4262	59	.It Pa /etc/ssh/ssh_config
	60	Controls whether
	61	.Nm
	62	is enabled.
884dc78b	63	.It Pa /etc/ssh/ssh_host_dsa_key, /etc/ssh/ssh_host_rsa_key
	64	These files contain the private parts of the host keys used to
	65	generate the digital signature. They
	66	should be owned by root, readable only by root, and not
	67	accessible to others.
	68	Since they are readable only by root,
	69	.Nm
	70	must be set-uid root if hostbased authentication is used.
	71	.El
	72	.Sh SEE ALSO
	73	.Xr ssh 1 ,
	74	.Xr ssh-keygen 1 ,
d03f4262	75	.Xr ssh_config 5 ,
884dc78b	76	.Xr sshd 8
	77	.Sh AUTHORS
	78	Markus Friedl <markus@openbsd.org>
	79	.Sh HISTORY
	80	.Nm
	81	first appeared in
	82	.Ox 3.2 .