ALT Linux Bugzilla
– Attachment 4010 Details for
Bug 21843
пробелы в документации
New bug
|
Search
|
[?]
|
Help
Register
|
Log In
[x]
|
Forgot Password
Login:
[x]
|
EN
|
RU
[patch]
Патч к man-страницам
ssh-altlinux-man.patch (text/plain), 4.34 KB, created by
Sergey Zhumatiy
on 2009-10-23 17:46:41 MSD
(
hide
)
Description:
Патч к man-страницам
Filename:
MIME Type:
Creator:
Sergey Zhumatiy
Created:
2009-10-23 17:46:41 MSD
Size:
4.34 KB
patch
obsolete
>--- ssh-keygen.1 2009-10-23 17:41:50.000000000 +0400 >+++ ssh-altlinux/ssh-keygen.1 2009-10-23 17:30:20.000000000 +0400 >@@ -399,6 +399,8 @@ > Contains the protocol version 1 RSA public key for authentication. > The contents of this file should be added to > .Pa ~/.ssh/authorized_keys >+or >+.Pa /etc/openssh/authorized_keys/ > on all machines > where the user wishes to log in using RSA authentication. > There is no need to keep the contents of this file secret. >@@ -417,6 +419,8 @@ > Contains the protocol version 2 DSA public key for authentication. > The contents of this file should be added to > .Pa ~/.ssh/authorized_keys >+or >+.Pa /etc/openssh/authorized_keys/ > on all machines > where the user wishes to log in using public key authentication. > There is no need to keep the contents of this file secret. >@@ -435,6 +439,8 @@ > Contains the protocol version 2 RSA public key for authentication. > The contents of this file should be added to > .Pa ~/.ssh/authorized_keys >+or >+.Pa /etc/openssh/authorized_keys/ > on all machines > where the user wishes to log in using public key authentication. > There is no need to keep the contents of this file secret. >--- ssh.1 2009-10-23 17:41:50.000000000 +0400 >+++ ssh-altlinux/ssh.1 2009-10-23 17:40:26.000000000 +0400 >@@ -744,6 +744,11 @@ > The file > .Pa ~/.ssh/authorized_keys > lists the public keys that are permitted for logging in. >+Also public keys list can be stored in >+.Pa /etc/openssh/authorized_keys/%u >+(where %u is username). If last file is present >+.Pa ~/.ssh/authorized_keys >+is not taken in account. > When the user logs in, the > .Nm > program tells the server which key pair it would like to use for >@@ -774,7 +779,10 @@ > The user should then copy the public key > to > .Pa ~/.ssh/authorized_keys >-in his/her home directory on the remote machine. >+in his/her home directory on the remote machine >+or >+.Pa /etc/openssh/authorized_keys/username >+on remote machine. > The > .Pa authorized_keys > file corresponds to the conventional >@@ -1253,6 +1261,11 @@ > This file is not highly sensitive, but the recommended > permissions are read/write for the user, and not accessible by others. > .Pp >+.It /etc/openssh/authorized_keys/ >+Can contain files, named with usernames, containing users' public keys >+(RSA/DSA) that can be used for logging in. It has greater priority, than >+~/.ssh/authorized_keys >+.Pp > .It ~/.ssh/config > This is the per-user configuration file. > The file format and configuration options are described in >@@ -1354,6 +1367,10 @@ > .Xr sshd 8 > manual page for more information. > .El >+.Sh ALTLINUX SPECIFIC >+.Pp >+AuthorizedKeysSystemFile option to sshd_config >+was added to improve security. > .Sh SEE ALSO > .Xr scp 1 , > .Xr sftp 1 , >--- sshd.8 2009-10-23 17:41:50.000000000 +0400 >+++ ssh-altlinux/sshd.8 2009-10-23 17:25:39.000000000 +0400 >@@ -428,6 +428,10 @@ > public key authentication; > if none is specified, the default is > .Pa ~/.ssh/authorized_keys . >+.Cm AuthorizedKeysSystemFile >+specifies more prioritized place for >+public key authentication. Default is >+.Pa /etc/openssh/authorized_keys/%u . > Each line of the file contains one > key (empty lines and lines starting with a > .Ql # >@@ -702,6 +706,11 @@ > The recommended permissions can be set by executing > .Dq chmod go-w ~/ ~/.ssh ~/.ssh/authorized_keys . > .Pp >+.It /etc/openssh/authorized_keys >+Can contain pfiles with ublic keys (RSA/DSA) that can be used for users logging in. >+It has greater priority than >+.Pa ~/.ssh/authorized_keys . >+.Pp > .It ~/.ssh/environment > This file is read into the environment at login (if it exists). > It can only contain empty lines, comment lines (that start with >@@ -823,6 +832,10 @@ > started last). > The content of this file is not sensitive; it can be world-readable. > .El >+.Sh ALTLINUX SPECIFIC >+.Pp >+AuthorizedKeysSystemFile option to sshd_config >+was added to improve security. > .Sh SEE ALSO > .Xr scp 1 , > .Xr sftp 1 , >--- sshd_config.5 2009-10-23 17:41:36.000000000 +0400 >+++ ssh-altlinux/sshd_config.5 2009-10-23 17:40:55.000000000 +0400 >@@ -747,6 +747,8 @@ > .Cm environment= > options in > .Pa ~/.ssh/authorized_keys >+or >+.Pa /etc/openssh/authorized_keys/ > are processed by > .Xr sshd 8 . > The default is >@@ -1063,6 +1065,10 @@ > This file should be writable by root only, but it is recommended > (though not necessary) that it be world-readable. > .El >+.Sh ALTLINUX SPECIFIC >+.Pp >+AuthorizedKeysSystemFile option to sshd_config >+was added to improve security. > .Sh SEE ALSO > .Xr sshd 8 > .Sh AUTHORS
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=4010">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 21843
: 4010
