summaryrefslogtreecommitdiffstats
path: root/ssh-keysign.0
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--ssh-keysign.052
1 files changed, 52 insertions, 0 deletions
diff --git a/ssh-keysign.0 b/ssh-keysign.0
new file mode 100644
index 0000000..71fa63b
--- /dev/null
+++ b/ssh-keysign.0
@@ -0,0 +1,52 @@
+SSH-KEYSIGN(8) System Manager's Manual SSH-KEYSIGN(8)
+
+NAME
+ ssh-keysign M-bM-^@M-^S OpenSSH helper for host-based authentication
+
+SYNOPSIS
+ ssh-keysign
+
+DESCRIPTION
+ ssh-keysign is used by ssh(1) to access the local host keys and generate
+ the digital signature required during host-based authentication.
+
+ ssh-keysign is disabled by default and can only be enabled in the global
+ client configuration file /etc/ssh/ssh_config by setting EnableSSHKeysign
+ to M-bM-^@M-^\yesM-bM-^@M-^].
+
+ ssh-keysign is not intended to be invoked by the user, but from ssh(1).
+ See ssh(1) and sshd(8) for more information about host-based
+ authentication.
+
+FILES
+ /etc/ssh/ssh_config
+ Controls whether ssh-keysign is enabled.
+
+ /etc/ssh/ssh_host_dsa_key
+ /etc/ssh/ssh_host_ecdsa_key
+ /etc/ssh/ssh_host_ed25519_key
+ /etc/ssh/ssh_host_rsa_key
+ These files contain the private parts of the host keys used to
+ generate the digital signature. They should be owned by root,
+ readable only by root, and not accessible to others. Since they
+ are readable only by root, ssh-keysign must be set-uid root if
+ host-based authentication is used.
+
+ /etc/ssh/ssh_host_dsa_key-cert.pub
+ /etc/ssh/ssh_host_ecdsa_key-cert.pub
+ /etc/ssh/ssh_host_ed25519_key-cert.pub
+ /etc/ssh/ssh_host_rsa_key-cert.pub
+ If these files exist, they are assumed to contain public
+ certificate information corresponding with the private keys
+ above.
+
+SEE ALSO
+ ssh(1), ssh-keygen(1), ssh_config(5), sshd(8)
+
+HISTORY
+ ssh-keysign first appeared in OpenBSD 3.2.
+
+AUTHORS
+ Markus Friedl <markus@openbsd.org>
+
+OpenBSD 7.3 March 31, 2022 OpenBSD 7.3