View | Details | Raw Unified | Return to bug 21843
Collapse All | Expand All

(-)ssh-keygen.1 (+6 lines)
Lines 399-404 Link Here
399 
Contains the protocol version 1 RSA public key for authentication.
 399 
Contains the protocol version 1 RSA public key for authentication.
400 
The contents of this file should be added to
 400 
The contents of this file should be added to
401 
.Pa ~/.ssh/authorized_keys
 401 
.Pa ~/.ssh/authorized_keys
402 
or
403 
.Pa /etc/openssh/authorized_keys/
402 
on all machines
 404 
on all machines
403 
where the user wishes to log in using RSA authentication.
 405 
where the user wishes to log in using RSA authentication.
404 
There is no need to keep the contents of this file secret.
 406 
There is no need to keep the contents of this file secret.
Lines 417-422 Link Here
417 
Contains the protocol version 2 DSA public key for authentication.
 419 
Contains the protocol version 2 DSA public key for authentication.
418 
The contents of this file should be added to
 420 
The contents of this file should be added to
419 
.Pa ~/.ssh/authorized_keys
 421 
.Pa ~/.ssh/authorized_keys
422 
or
423 
.Pa /etc/openssh/authorized_keys/
420 
on all machines
 424 
on all machines
421 
where the user wishes to log in using public key authentication.
 425 
where the user wishes to log in using public key authentication.
422 
There is no need to keep the contents of this file secret.
 426 
There is no need to keep the contents of this file secret.
Lines 435-440 Link Here
435 
Contains the protocol version 2 RSA public key for authentication.
 439 
Contains the protocol version 2 RSA public key for authentication.
436 
The contents of this file should be added to
 440 
The contents of this file should be added to
437 
.Pa ~/.ssh/authorized_keys
 441 
.Pa ~/.ssh/authorized_keys
442 
or
443 
.Pa /etc/openssh/authorized_keys/
438 
on all machines
 444 
on all machines
439 
where the user wishes to log in using public key authentication.
 445 
where the user wishes to log in using public key authentication.
440 
There is no need to keep the contents of this file secret.
 446 
There is no need to keep the contents of this file secret.
(-)ssh.1 (-1 / +18 lines)
Lines 744-749 Link Here
744 
The file
 744 
The file
745 
.Pa ~/.ssh/authorized_keys
 745 
.Pa ~/.ssh/authorized_keys
746 
lists the public keys that are permitted for logging in.
 746 
lists the public keys that are permitted for logging in.
747 
Also public keys list can be stored in
748 
.Pa /etc/openssh/authorized_keys/%u
749 
(where %u is username). If last file is present
750 
.Pa ~/.ssh/authorized_keys
751 
is not taken in account.
747 
When the user logs in, the
 752 
When the user logs in, the
748 
.Nm
 753 
.Nm
749 
program tells the server which key pair it would like to use for
 754 
program tells the server which key pair it would like to use for
Lines 774-780 Link Here
774 
The user should then copy the public key
 779 
The user should then copy the public key
775 
to
 780 
to
776 
.Pa ~/.ssh/authorized_keys
 781 
.Pa ~/.ssh/authorized_keys
777 
in his/her home directory on the remote machine.
 782 
in his/her home directory on the remote machine
783 
or
784 
.Pa /etc/openssh/authorized_keys/username
785 
on remote machine.
778 
The
 786 
The
779 
.Pa authorized_keys
 787 
.Pa authorized_keys
780 
file corresponds to the conventional
 788 
file corresponds to the conventional
Lines 1253-1258 Link Here
1253 
This file is not highly sensitive, but the recommended
 1261 
This file is not highly sensitive, but the recommended
1254 
permissions are read/write for the user, and not accessible by others.
 1262 
permissions are read/write for the user, and not accessible by others.
1255 
.Pp
 1263 
.Pp
1264 
.It /etc/openssh/authorized_keys/
1265 
Can contain files, named with usernames, containing users' public keys
1266 
(RSA/DSA) that can be used for logging in. It has greater priority, than
1267 
~/.ssh/authorized_keys
1268 
.Pp
1256 
.It ~/.ssh/config
 1269 
.It ~/.ssh/config
1257 
This is the per-user configuration file.
 1270 
This is the per-user configuration file.
1258 
The file format and configuration options are described in
 1271 
The file format and configuration options are described in
Lines 1354-1359 Link Here
1354 
.Xr sshd 8
 1367 
.Xr sshd 8
1355 
manual page for more information.
 1368 
manual page for more information.
1356 
.El
 1369 
.El
1370 
.Sh ALTLINUX SPECIFIC
1371 
.Pp
1372 
AuthorizedKeysSystemFile option to sshd_config
1373 
was added to improve security.
1357 
.Sh SEE ALSO
 1374 
.Sh SEE ALSO
1358 
.Xr scp 1 ,
 1375 
.Xr scp 1 ,
1359 
.Xr sftp 1 ,
 1376 
.Xr sftp 1 ,
(-)sshd.8 (+13 lines)
Lines 428-433 Link Here
428 
public key authentication;
 428 
public key authentication;
429 
if none is specified, the default is
 429 
if none is specified, the default is
430 
.Pa ~/.ssh/authorized_keys .
 430 
.Pa ~/.ssh/authorized_keys .
431 
.Cm AuthorizedKeysSystemFile
432 
specifies more prioritized place for
433 
public key authentication. Default is
434 
.Pa /etc/openssh/authorized_keys/%u .
431 
Each line of the file contains one
 435 
Each line of the file contains one
432 
key (empty lines and lines starting with a
 436 
key (empty lines and lines starting with a
433 
.Ql #
 437 
.Ql #
Lines 702-707 Link Here
702 
The recommended permissions can be set by executing
 706 
The recommended permissions can be set by executing
703 
.Dq chmod go-w ~/ ~/.ssh ~/.ssh/authorized_keys .
 707 
.Dq chmod go-w ~/ ~/.ssh ~/.ssh/authorized_keys .
704 
.Pp
 708 
.Pp
709 
.It /etc/openssh/authorized_keys
710 
Can contain pfiles with ublic keys (RSA/DSA) that can be used for users logging in.
711 
It has greater priority than
712 
.Pa ~/.ssh/authorized_keys .
713 
.Pp
705 
.It ~/.ssh/environment
 714 
.It ~/.ssh/environment
706 
This file is read into the environment at login (if it exists).
 715 
This file is read into the environment at login (if it exists).
707 
It can only contain empty lines, comment lines (that start with
 716 
It can only contain empty lines, comment lines (that start with
Lines 823-828 Link Here
823 
started last).
 832 
started last).
824 
The content of this file is not sensitive; it can be world-readable.
 833 
The content of this file is not sensitive; it can be world-readable.
825 
.El
 834 
.El
835 
.Sh ALTLINUX SPECIFIC
836 
.Pp
837 
AuthorizedKeysSystemFile option to sshd_config
838 
was added to improve security.
826 
.Sh SEE ALSO
 839 
.Sh SEE ALSO
827 
.Xr scp 1 ,
 840 
.Xr scp 1 ,
828 
.Xr sftp 1 ,
 841 
.Xr sftp 1 ,
(-)sshd_config.5 (+6 lines)
Lines 747-752 Link Here
747 
.Cm environment=
 747 
.Cm environment=
748 
options in
 748 
options in
749 
.Pa ~/.ssh/authorized_keys
 749 
.Pa ~/.ssh/authorized_keys
750 
or
751 
.Pa /etc/openssh/authorized_keys/
750 
are processed by
 752 
are processed by
751 
.Xr sshd 8 .
 753 
.Xr sshd 8 .
752 
The default is
 754 
The default is
Lines 1063-1068 Link Here
1063 
This file should be writable by root only, but it is recommended
 1065 
This file should be writable by root only, but it is recommended
1064 
(though not necessary) that it be world-readable.
 1066 
(though not necessary) that it be world-readable.
1065 
.El
 1067 
.El
1068 
.Sh ALTLINUX SPECIFIC
1069 
.Pp
1070 
AuthorizedKeysSystemFile option to sshd_config
1071 
was added to improve security.
1066 
.Sh SEE ALSO
 1072 
.Sh SEE ALSO
1067 
.Xr sshd 8
 1073 
.Xr sshd 8
1068 
.Sh AUTHORS
 1074 
.Sh AUTHORS

Return to bug 21843