-.Bl -tag -width Ds
-.It Pa $HOME/.ssh/known_hosts
-Records host keys for all hosts the user has logged into (that are not
-in
-.Pa /etc/ssh_known_hosts .
-See
-.Xr sshd 8 .
-.It Pa $HOME/.ssh/identity, $HOME/.ssh/id_dsa, $HOME/.ssh/id_rsa
-Contains the authentication identity of the user.
-They are for protocol 1 RSA, protocol 2 DSA, and protocol 2 RSA, respectively.
-These files
-contain sensitive data and should be readable by the user but not
-accessible by others (read/write/execute).
-Note that
-.Nm
-ignores a private key file if it is accessible by others.
-It is possible to specify a passphrase when
-generating the key; the passphrase will be used to encrypt the
-sensitive part of this file using 3DES.
-.It Pa $HOME/.ssh/identity.pub, $HOME/.ssh/id_dsa.pub, $HOME/.ssh/id_rsa.pub
-Contains the public key for authentication (public part of the
-identity file in human-readable form).
-The contents of the
-.Pa $HOME/.ssh/identity.pub
-file should be added to
-.Pa $HOME/.ssh/authorized_keys
-on all machines
-where you wish to log in using protocol version 1 RSA authentication.
-The contents of the
-.Pa $HOME/.ssh/id_dsa.pub
-and
-.Pa $HOME/.ssh/id_rsa.pub
-file should be added to
-.Pa $HOME/.ssh/authorized_keys
-on all machines
-where you wish to log in using protocol version 2 DSA/RSA authentication.
-These files are not
-sensitive and can (but need not) be readable by anyone.
-These files are
-never used automatically and are not necessary; they are only provided for
-the convenience of the user.
-.It Pa $HOME/.ssh/config
-This is the per-user configuration file.
-The format of this file is described above.
-This file is used by the
-.Nm
-client.
-This file does not usually contain any sensitive information,
-but the recommended permissions are read/write for the user, and not
-accessible by others.
-.It Pa $HOME/.ssh/authorized_keys
-Lists the public keys (RSA/DSA) that can be used for logging in as this user.
-The format of this file is described in the
-.Xr sshd 8
-manual page.
-In the simplest form the format is the same as the .pub
-identity files.
-This file is not highly sensitive, but the recommended
-permissions are read/write for the user, and not accessible by others.
-.It Pa /etc/ssh_known_hosts
-Systemwide list of known host keys.
-This file should be prepared by the
-system administrator to contain the public host keys of all machines in the
-organization.
-This file should be world-readable.
-This file contains
-public keys, one per line, in the following format (fields separated
-by spaces): system name, public key and optional comment field.
-When different names are used
-for the same machine, all such names should be listed, separated by
-commas.
-The format is described on the
-.Xr sshd 8
-manual page.
-.Pp
-The canonical system name (as returned by name servers) is used by
-.Xr sshd 8
-to verify the client host when logging in; other names are needed because
-.Nm
-does not convert the user-supplied name to a canonical name before
-checking the key, because someone with access to the name servers
-would then be able to fool host authentication.
-.It Pa /etc/ssh_config
-Systemwide configuration file.
-This file provides defaults for those
-values that are not specified in the user's configuration file, and
-for those users who do not have a configuration file.
-This file must be world-readable.
-.It Pa $HOME/.rhosts
-This file is used in
-.Pa \&.rhosts
-authentication to list the
-host/user pairs that are permitted to log in.
-(Note that this file is
-also used by rlogin and rsh, which makes using this file insecure.)
-Each line of the file contains a host name (in the canonical form
-returned by name servers), and then a user name on that host,
-separated by a space.