2008-07-23 09:23:42 +00:00
|
|
|
.\" $OpenBSD: ssh-keysign.8,v 1.9 2007/05/31 19:20:16 jmc Exp $
|
2002-06-23 14:01:54 +00:00
|
|
|
.\"
|
|
|
|
.\" Copyright (c) 2002 Markus Friedl. All rights reserved.
|
|
|
|
.\"
|
|
|
|
.\" Redistribution and use in source and binary forms, with or without
|
|
|
|
.\" modification, are permitted provided that the following conditions
|
|
|
|
.\" are met:
|
|
|
|
.\" 1. Redistributions of source code must retain the above copyright
|
|
|
|
.\" notice, this list of conditions and the following disclaimer.
|
|
|
|
.\" 2. Redistributions in binary form must reproduce the above copyright
|
|
|
|
.\" notice, this list of conditions and the following disclaimer in the
|
|
|
|
.\" documentation and/or other materials provided with the distribution.
|
|
|
|
.\"
|
|
|
|
.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
|
|
|
|
.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
|
|
|
|
.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
|
|
|
|
.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
|
|
|
|
.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
|
|
|
|
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
|
|
|
.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
|
|
|
.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
|
|
|
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
|
|
|
|
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
|
|
.\"
|
2008-09-29 10:53:05 +00:00
|
|
|
.Dd May 31 2007
|
2002-06-23 14:01:54 +00:00
|
|
|
.Dt SSH-KEYSIGN 8
|
|
|
|
.Os
|
|
|
|
.Sh NAME
|
|
|
|
.Nm ssh-keysign
|
2006-09-30 13:29:51 +00:00
|
|
|
.Nd ssh helper program for host-based authentication
|
2002-06-23 14:01:54 +00:00
|
|
|
.Sh SYNOPSIS
|
|
|
|
.Nm
|
|
|
|
.Sh DESCRIPTION
|
|
|
|
.Nm
|
|
|
|
is used by
|
|
|
|
.Xr ssh 1
|
|
|
|
to access the local host keys and generate the digital signature
|
2006-09-30 13:29:51 +00:00
|
|
|
required during host-based authentication with SSH protocol version 2.
|
2002-10-29 09:43:00 +00:00
|
|
|
.Pp
|
|
|
|
.Nm
|
|
|
|
is disabled by default and can only be enabled in the
|
2003-04-23 16:53:02 +00:00
|
|
|
global client configuration file
|
2002-10-29 09:43:00 +00:00
|
|
|
.Pa /etc/ssh/ssh_config
|
|
|
|
by setting
|
2003-04-23 16:53:02 +00:00
|
|
|
.Cm EnableSSHKeysign
|
2002-10-29 09:43:00 +00:00
|
|
|
to
|
|
|
|
.Dq yes .
|
|
|
|
.Pp
|
2002-06-23 14:01:54 +00:00
|
|
|
.Nm
|
|
|
|
is not intended to be invoked by the user, but from
|
|
|
|
.Xr ssh 1 .
|
|
|
|
See
|
|
|
|
.Xr ssh 1
|
|
|
|
and
|
|
|
|
.Xr sshd 8
|
2006-09-30 13:29:51 +00:00
|
|
|
for more information about host-based authentication.
|
2002-06-23 14:01:54 +00:00
|
|
|
.Sh FILES
|
|
|
|
.Bl -tag -width Ds
|
2002-10-29 09:43:00 +00:00
|
|
|
.It Pa /etc/ssh/ssh_config
|
|
|
|
Controls whether
|
|
|
|
.Nm
|
|
|
|
is enabled.
|
2002-06-23 14:01:54 +00:00
|
|
|
.It Pa /etc/ssh/ssh_host_dsa_key, /etc/ssh/ssh_host_rsa_key
|
|
|
|
These files contain the private parts of the host keys used to
|
2003-04-23 16:53:02 +00:00
|
|
|
generate the digital signature.
|
|
|
|
They should be owned by root, readable only by root, and not
|
2002-06-23 14:01:54 +00:00
|
|
|
accessible to others.
|
|
|
|
Since they are readable only by root,
|
|
|
|
.Nm
|
2006-09-30 13:29:51 +00:00
|
|
|
must be set-uid root if host-based authentication is used.
|
2002-06-23 14:01:54 +00:00
|
|
|
.El
|
|
|
|
.Sh SEE ALSO
|
|
|
|
.Xr ssh 1 ,
|
|
|
|
.Xr ssh-keygen 1 ,
|
2002-10-29 09:43:00 +00:00
|
|
|
.Xr ssh_config 5 ,
|
2002-06-23 14:01:54 +00:00
|
|
|
.Xr sshd 8
|
|
|
|
.Sh HISTORY
|
|
|
|
.Nm
|
|
|
|
first appeared in
|
|
|
|
.Ox 3.2 .
|
2004-01-07 11:10:17 +00:00
|
|
|
.Sh AUTHORS
|
|
|
|
.An Markus Friedl Aq markus@openbsd.org
|