--- ssh-keygen.1 2009-10-23 17:41:50.000000000 +0400 +++ ssh-altlinux/ssh-keygen.1 2009-10-23 17:30:20.000000000 +0400 @@ -399,6 +399,8 @@ Contains the protocol version 1 RSA public key for authentication. The contents of this file should be added to .Pa ~/.ssh/authorized_keys +or +.Pa /etc/openssh/authorized_keys/ on all machines where the user wishes to log in using RSA authentication. There is no need to keep the contents of this file secret. @@ -417,6 +419,8 @@ Contains the protocol version 2 DSA public key for authentication. The contents of this file should be added to .Pa ~/.ssh/authorized_keys +or +.Pa /etc/openssh/authorized_keys/ on all machines where the user wishes to log in using public key authentication. There is no need to keep the contents of this file secret. @@ -435,6 +439,8 @@ Contains the protocol version 2 RSA public key for authentication. The contents of this file should be added to .Pa ~/.ssh/authorized_keys +or +.Pa /etc/openssh/authorized_keys/ on all machines where the user wishes to log in using public key authentication. There is no need to keep the contents of this file secret. --- ssh.1 2009-10-23 17:41:50.000000000 +0400 +++ ssh-altlinux/ssh.1 2009-10-23 17:40:26.000000000 +0400 @@ -744,6 +744,11 @@ The file .Pa ~/.ssh/authorized_keys lists the public keys that are permitted for logging in. +Also public keys list can be stored in +.Pa /etc/openssh/authorized_keys/%u +(where %u is username). If last file is present +.Pa ~/.ssh/authorized_keys +is not taken in account. When the user logs in, the .Nm program tells the server which key pair it would like to use for @@ -774,7 +779,10 @@ The user should then copy the public key to .Pa ~/.ssh/authorized_keys -in his/her home directory on the remote machine. +in his/her home directory on the remote machine +or +.Pa /etc/openssh/authorized_keys/username +on remote machine. The .Pa authorized_keys file corresponds to the conventional @@ -1253,6 +1261,11 @@ This file is not highly sensitive, but the recommended permissions are read/write for the user, and not accessible by others. .Pp +.It /etc/openssh/authorized_keys/ +Can contain files, named with usernames, containing users' public keys +(RSA/DSA) that can be used for logging in. It has greater priority, than +~/.ssh/authorized_keys +.Pp .It ~/.ssh/config This is the per-user configuration file. The file format and configuration options are described in @@ -1354,6 +1367,10 @@ .Xr sshd 8 manual page for more information. .El +.Sh ALTLINUX SPECIFIC +.Pp +AuthorizedKeysSystemFile option to sshd_config +was added to improve security. .Sh SEE ALSO .Xr scp 1 , .Xr sftp 1 , --- sshd.8 2009-10-23 17:41:50.000000000 +0400 +++ ssh-altlinux/sshd.8 2009-10-23 17:25:39.000000000 +0400 @@ -428,6 +428,10 @@ public key authentication; if none is specified, the default is .Pa ~/.ssh/authorized_keys . +.Cm AuthorizedKeysSystemFile +specifies more prioritized place for +public key authentication. Default is +.Pa /etc/openssh/authorized_keys/%u . Each line of the file contains one key (empty lines and lines starting with a .Ql # @@ -702,6 +706,11 @@ The recommended permissions can be set by executing .Dq chmod go-w ~/ ~/.ssh ~/.ssh/authorized_keys . .Pp +.It /etc/openssh/authorized_keys +Can contain pfiles with ublic keys (RSA/DSA) that can be used for users logging in. +It has greater priority than +.Pa ~/.ssh/authorized_keys . +.Pp .It ~/.ssh/environment This file is read into the environment at login (if it exists). It can only contain empty lines, comment lines (that start with @@ -823,6 +832,10 @@ started last). The content of this file is not sensitive; it can be world-readable. .El +.Sh ALTLINUX SPECIFIC +.Pp +AuthorizedKeysSystemFile option to sshd_config +was added to improve security. .Sh SEE ALSO .Xr scp 1 , .Xr sftp 1 , --- sshd_config.5 2009-10-23 17:41:36.000000000 +0400 +++ ssh-altlinux/sshd_config.5 2009-10-23 17:40:55.000000000 +0400 @@ -747,6 +747,8 @@ .Cm environment= options in .Pa ~/.ssh/authorized_keys +or +.Pa /etc/openssh/authorized_keys/ are processed by .Xr sshd 8 . The default is @@ -1063,6 +1065,10 @@ This file should be writable by root only, but it is recommended (though not necessary) that it be world-readable. .El +.Sh ALTLINUX SPECIFIC +.Pp +AuthorizedKeysSystemFile option to sshd_config +was added to improve security. .Sh SEE ALSO .Xr sshd 8 .Sh AUTHORS