mirror of https://gitee.com/openkylin/openssh.git
94 lines
2.9 KiB
Groff
94 lines
2.9 KiB
Groff
|
.\" $OpenBSD: ssh-keysign.8,v 1.16 2019/11/30 07:07:59 jmc Exp $
|
||
|
.\"
|
||
|
.\" Copyright (c) 2002 Markus Friedl. All rights reserved.
|
||
|
.\"
|
||
|
.\" Redistribution and use in source and binary forms, with or without
|
||
|
.\" modification, are permitted provided that the following conditions
|
||
|
.\" are met:
|
||
|
.\" 1. Redistributions of source code must retain the above copyright
|
||
|
.\" notice, this list of conditions and the following disclaimer.
|
||
|
.\" 2. Redistributions in binary form must reproduce the above copyright
|
||
|
.\" notice, this list of conditions and the following disclaimer in the
|
||
|
.\" documentation and/or other materials provided with the distribution.
|
||
|
.\"
|
||
|
.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
|
||
|
.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
|
||
|
.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
|
||
|
.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
|
||
|
.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
|
||
|
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
||
|
.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
||
|
.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
||
|
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
|
||
|
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||
|
.\"
|
||
|
.Dd $Mdocdate: November 30 2019 $
|
||
|
.Dt SSH-KEYSIGN 8
|
||
|
.Os
|
||
|
.Sh NAME
|
||
|
.Nm ssh-keysign
|
||
|
.Nd OpenSSH helper for host-based authentication
|
||
|
.Sh SYNOPSIS
|
||
|
.Nm
|
||
|
.Sh DESCRIPTION
|
||
|
.Nm
|
||
|
is used by
|
||
|
.Xr ssh 1
|
||
|
to access the local host keys and generate the digital signature
|
||
|
required during host-based authentication.
|
||
|
.Pp
|
||
|
.Nm
|
||
|
is disabled by default and can only be enabled in the
|
||
|
global client configuration file
|
||
|
.Pa /etc/ssh/ssh_config
|
||
|
by setting
|
||
|
.Cm EnableSSHKeysign
|
||
|
to
|
||
|
.Dq yes .
|
||
|
.Pp
|
||
|
.Nm
|
||
|
is not intended to be invoked by the user, but from
|
||
|
.Xr ssh 1 .
|
||
|
See
|
||
|
.Xr ssh 1
|
||
|
and
|
||
|
.Xr sshd 8
|
||
|
for more information about host-based authentication.
|
||
|
.Sh FILES
|
||
|
.Bl -tag -width Ds -compact
|
||
|
.It Pa /etc/ssh/ssh_config
|
||
|
Controls whether
|
||
|
.Nm
|
||
|
is enabled.
|
||
|
.Pp
|
||
|
.It Pa /etc/ssh/ssh_host_dsa_key
|
||
|
.It Pa /etc/ssh/ssh_host_ecdsa_key
|
||
|
.It Pa /etc/ssh/ssh_host_ed25519_key
|
||
|
.It Pa /etc/ssh/ssh_host_rsa_key
|
||
|
These files contain the private parts of the host keys used to
|
||
|
generate the digital signature.
|
||
|
They should be owned by root, readable only by root, and not
|
||
|
accessible to others.
|
||
|
Since they are readable only by root,
|
||
|
.Nm
|
||
|
must be set-uid root if host-based authentication is used.
|
||
|
.Pp
|
||
|
.It Pa /etc/ssh/ssh_host_dsa_key-cert.pub
|
||
|
.It Pa /etc/ssh/ssh_host_ecdsa_key-cert.pub
|
||
|
.It Pa /etc/ssh/ssh_host_ed25519_key-cert.pub
|
||
|
.It Pa /etc/ssh/ssh_host_rsa_key-cert.pub
|
||
|
If these files exist they are assumed to contain public certificate
|
||
|
information corresponding with the private keys above.
|
||
|
.El
|
||
|
.Sh SEE ALSO
|
||
|
.Xr ssh 1 ,
|
||
|
.Xr ssh-keygen 1 ,
|
||
|
.Xr ssh_config 5 ,
|
||
|
.Xr sshd 8
|
||
|
.Sh HISTORY
|
||
|
.Nm
|
||
|
first appeared in
|
||
|
.Ox 3.2 .
|
||
|
.Sh AUTHORS
|
||
|
.An Markus Friedl Aq Mt markus@openbsd.org
|