-.It Pa /etc/primes
-Contains Diffie-Hellman groups used for the "Diffie-Hellman Group Exchange".
-.It Pa /var/run/sshd.pid
-Contains the process ID of the
-.Nm
-listening for connections (if there are several daemons running
-concurrently for different ports, this contains the pid of the one
-started last).
-The content of this file is not sensitive; it can be world-readable.
-.It Pa $HOME/.ssh/authorized_keys
-Lists the RSA keys that can be used to log into the user's account.
-This file must be readable by root (which may on some machines imply
-it being world-readable if the user's home directory resides on an NFS
-volume).
-It is recommended that it not be accessible by others.
-The format of this file is described above.
-Users will place the contents of their
-.Pa identity.pub
-files into this file, as described in
-.Xr ssh-keygen 1 .
-.It Pa $HOME/.ssh/authorized_keys2
-Lists the public keys (RSA or DSA) that can be used to log into the user's account.
-This file must be readable by root (which may on some machines imply
-it being world-readable if the user's home directory resides on an NFS
-volume).
-It is recommended that it not be accessible by others.
-The format of this file is described above.
-Users will place the contents of their
-.Pa id_dsa.pub
-and/or
-.Pa id_rsa.pub
-files into this file, as described in
-.Xr ssh-keygen 1 .
-.It Pa "/etc/ssh_known_hosts" and "$HOME/.ssh/known_hosts"
-These files are consulted when using rhosts with RSA host
-authentication to check the public key of the host.
-The key must be listed in one of these files to be accepted.
-The client uses the same files
-to verify that it is connecting to the correct remote host.
-These files should be writable only by root/the owner.
-.Pa /etc/ssh_known_hosts
-should be world-readable, and
-.Pa $HOME/.ssh/known_hosts
-can but need not be world-readable.
-.It Pa "/etc/ssh_known_hosts2" and "$HOME/.ssh/known_hosts2"
-These files are consulted when using protocol version 2 hostbased
-authentication to check the public key of the host.
-The key must be listed in one of these files to be accepted.
-The client uses the same files
-to verify that it is connecting to the correct remote host.
-These files should be writable only by root/the owner.
-.Pa /etc/ssh_known_hosts2
-should be world-readable, and
-.Pa $HOME/.ssh/known_hosts2
-can but need not be world-readable.
-.It Pa /etc/nologin
-If this file exists,
-.Nm
-refuses to let anyone except root log in.
-The contents of the file
-are displayed to anyone trying to log in, and non-root connections are
-refused.
-The file should be world-readable.
-.It Pa /etc/hosts.allow, /etc/hosts.deny
-If compiled with
-.Sy LIBWRAP
-support, tcp-wrappers access controls may be defined here as described in
-.Xr hosts_access 5 .
-.It Pa $HOME/.rhosts
-This file contains host-username pairs, separated by a space, one per
-line.
-The given user on the corresponding host is permitted to log in
-without password.
-The same file is used by rlogind and rshd.
-The file must
-be writable only by the user; it is recommended that it not be
-accessible by others.
-.Pp
-If is also possible to use netgroups in the file.
-Either host or user
-name may be of the form +@groupname to specify all hosts or all users
-in the group.
-.It Pa $HOME/.shosts
-For ssh,
-this file is exactly the same as for
-.Pa .rhosts .
-However, this file is
-not used by rlogin and rshd, so using this permits access using SSH only.
-.It Pa /etc/hosts.equiv
-This file is used during
-.Pa .rhosts
-authentication.
-In the simplest form, this file contains host names, one per line.
-Users on
-those hosts are permitted to log in without a password, provided they
-have the same user name on both machines.
-The host name may also be
-followed by a user name; such users are permitted to log in as
-.Em any
-user on this machine (except root).
-Additionally, the syntax
-.Dq +@group
-can be used to specify netgroups.
-Negated entries start with
-.Ql \&- .
-.Pp
-If the client host/user is successfully matched in this file, login is
-automatically permitted provided the client and server user names are the
-same.
-Additionally, successful RSA host authentication is normally required.
-This file must be writable only by root; it is recommended
-that it be world-readable.
-.Pp
-.Sy "Warning: It is almost never a good idea to use user names in"
-.Pa hosts.equiv .
-Beware that it really means that the named user(s) can log in as
-.Em anybody ,
-which includes bin, daemon, adm, and other accounts that own critical
-binaries and directories.
-Using a user name practically grants the user root access.
-The only valid use for user names that I can think
-of is in negative entries.
-.Pp
-Note that this warning also applies to rsh/rlogin.
-.It Pa /etc/shosts.equiv
-This is processed exactly as
-.Pa /etc/hosts.equiv .
-However, this file may be useful in environments that want to run both
-rsh/rlogin and ssh.
-.It Pa $HOME/.ssh/environment
-This file is read into the environment at login (if it exists).
-It can only contain empty lines, comment lines (that start with
-.Ql # ) ,
-and assignment lines of the form name=value.
-The file should be writable
-only by the user; it need not be readable by anyone else.
-.It Pa $HOME/.ssh/rc
-If this file exists, it is run with /bin/sh after reading the
-environment files but before starting the user's shell or command.
-If X11 spoofing is in use, this will receive the "proto cookie" pair in
-standard input (and
-.Ev DISPLAY
-in environment).
-This must call
-.Xr xauth 1
-in that case.
-.Pp
-The primary purpose of this file is to run any initialization routines
-which may be needed before the user's home directory becomes
-accessible; AFS is a particular example of such an environment.