.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.\" $OpenBSD: sshd.8,v 1.225 2006/02/16 09:05:34 jmc Exp $
+.\" $OpenBSD: sshd.8,v 1.226 2006/02/19 19:52:10 jmc Exp $
.Dd September 25, 1999
.Dt SSHD 8
.Os
.Dq rc
files are given the X11
authentication protocol and cookie in standard input.
+See
+.Sx SSHRC ,
+below.
.It
Runs user's shell or command.
.El
+.Sh SSHRC
+If the file
+.Pa ~/.ssh/rc
+exists,
+.Xr sh 1
+runs it after reading the
+environment files but before starting the user's shell or command.
+It must not produce any output on stdout; stderr must be used
+instead.
+If X11 forwarding is in use, it will receive the "proto cookie" pair in
+its standard input (and
+.Ev DISPLAY
+in its environment).
+The script must call
+.Xr xauth 1
+because
+.Nm
+will not run xauth automatically to add X11 cookies.
+.Pp
+The primary purpose of this file is to run any initialization routines
+which may be needed before the user's home directory becomes
+accessible; AFS is a particular example of such an environment.
+.Pp
+This file will probably contain some initialization code followed by
+something similar to:
+.Bd -literal -offset 3n
+if read proto cookie && [ -n "$DISPLAY" ]; then
+ if [ `echo $DISPLAY | cut -c1-10` = 'localhost:' ]; then
+ # X11UseLocalhost=yes
+ echo add unix:`echo $DISPLAY |
+ cut -c11-` $proto $cookie
+ else
+ # X11UseLocalhost=no
+ echo add $DISPLAY $proto $cookie
+ fi | xauth -q -
+fi
+.Ed
+.Pp
+If this file does not exist,
+.Pa /etc/ssh/sshrc
+is run, and if that
+does not exist either, xauth is used to add the cookie.
.Sh AUTHORIZED_KEYS FILE FORMAT
.Cm AuthorizedKeysFile
specifies the file containing public keys for
can, but need not be, world-readable.
.Pp
.It ~/.ssh/rc
-If this file exists, it is run with
-.Pa /bin/sh
-after reading the
-environment files but before starting the user's shell or command.
-It must not produce any output on stdout; stderr must be used
-instead.
-If X11 forwarding is in use, it will receive the "proto cookie" pair in
-its standard input (and
-.Ev DISPLAY
-in its environment).
-The script must call
-.Xr xauth 1
-because
-.Nm
-will not run xauth automatically to add X11 cookies.
-.Pp
-The primary purpose of this file is to run any initialization routines
-which may be needed before the user's home directory becomes
-accessible; AFS is a particular example of such an environment.
-.Pp
-This file will probably contain some initialization code followed by
-something similar to:
-.Bd -literal
-if read proto cookie && [ -n "$DISPLAY" ]; then
- if [ `echo $DISPLAY | cut -c1-10` = 'localhost:' ]; then
- # X11UseLocalhost=yes
- echo add unix:`echo $DISPLAY |
- cut -c11-` $proto $cookie
- else
- # X11UseLocalhost=no
- echo add $DISPLAY $proto $cookie
- fi | xauth -q -
-fi
-.Ed
-.Pp
-If this file does not exist,
-.Pa /etc/ssh/sshrc
-is run, and if that
-does not exist either, xauth is used to add the cookie.
-.Pp
+Contains initialization routines to be run before
+the user's home directory becomes accessible.
This file should be writable only by the user, and need not be
readable by anyone else.
.Pp
.Xr sshd_config 5 .
.Pp
.It /etc/ssh/sshrc
-Like
-.Pa ~/.ssh/rc .
-This can be used to specify
+Similar to
+.Pa ~/.ssh/rc ,
+it can be used to specify
machine-specific login-time initializations globally.
This file should be writable only by root, and should be world-readable.
.Pp