diff options
| author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-07 14:40:04 +0000 |
|---|---|---|
| committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-07 14:40:04 +0000 |
| commit | 25505898530a333011f4fd5cbc841ad6b26c089c (patch) | |
| tree | 333a33fdd60930bcccc3f177ed9467d535e9bac6 /ssh-keysign.0 | |
| parent | Initial commit. (diff) | |
| download | openssh-25505898530a333011f4fd5cbc841ad6b26c089c.tar.xz openssh-25505898530a333011f4fd5cbc841ad6b26c089c.zip | |
Adding upstream version 1:9.2p1.upstream/1%9.2p1upstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'ssh-keysign.0')
| -rw-r--r-- | ssh-keysign.0 | 52 |
1 files changed, 52 insertions, 0 deletions
diff --git a/ssh-keysign.0 b/ssh-keysign.0 new file mode 100644 index 0000000..f75f12f --- /dev/null +++ b/ssh-keysign.0 @@ -0,0 +1,52 @@ +SSH-KEYSIGN(8) System Manager's Manual SSH-KEYSIGN(8) + +NAME + ssh-keysign M-bM-^@M-^S OpenSSH helper for host-based authentication + +SYNOPSIS + ssh-keysign + +DESCRIPTION + ssh-keysign is used by ssh(1) to access the local host keys and generate + the digital signature required during host-based authentication. + + ssh-keysign is disabled by default and can only be enabled in the global + client configuration file /etc/ssh/ssh_config by setting EnableSSHKeysign + to M-bM-^@M-^\yesM-bM-^@M-^]. + + ssh-keysign is not intended to be invoked by the user, but from ssh(1). + See ssh(1) and sshd(8) for more information about host-based + authentication. + +FILES + /etc/ssh/ssh_config + Controls whether ssh-keysign is enabled. + + /etc/ssh/ssh_host_dsa_key + /etc/ssh/ssh_host_ecdsa_key + /etc/ssh/ssh_host_ed25519_key + /etc/ssh/ssh_host_rsa_key + These files contain the private parts of the host keys used to + generate the digital signature. They should be owned by root, + readable only by root, and not accessible to others. Since they + are readable only by root, ssh-keysign must be set-uid root if + host-based authentication is used. + + /etc/ssh/ssh_host_dsa_key-cert.pub + /etc/ssh/ssh_host_ecdsa_key-cert.pub + /etc/ssh/ssh_host_ed25519_key-cert.pub + /etc/ssh/ssh_host_rsa_key-cert.pub + If these files exist, they are assumed to contain public + certificate information corresponding with the private keys + above. + +SEE ALSO + ssh(1), ssh-keygen(1), ssh_config(5), sshd(8) + +HISTORY + ssh-keysign first appeared in OpenBSD 3.2. + +AUTHORS + Markus Friedl <markus@openbsd.org> + +OpenBSD 7.2 March 31, 2022 OpenBSD 7.2 |