184 lines
3.0 KiB
HTML
184 lines
3.0 KiB
HTML
|
|
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
|
|
<HTML><HEAD><TITLE>Man page of SSH-KEYSIGN</TITLE>
|
|
</HEAD><BODY>
|
|
<H1>SSH-KEYSIGN</H1>
|
|
Section: Maintenance Commands (8)<BR><A HREF="#index">Index</A>
|
|
<A HREF="/cgi-bin/man/man2html">Return to Main Contents</A><HR>
|
|
<BR>BSD mandoc<BR>
|
|
<A NAME="lbAB"> </A>
|
|
<H2>NAME</H2>
|
|
|
|
|
|
|
|
<B>ssh-keysign</B>
|
|
|
|
- OpenSSH helper for host-based authentication
|
|
|
|
<A NAME="lbAC"> </A>
|
|
<H2>SYNOPSIS</H2>
|
|
|
|
<B></B>
|
|
|
|
|
|
<A NAME="lbAD"> </A>
|
|
<H2>DESCRIPTION</H2>
|
|
|
|
<B></B>
|
|
|
|
|
|
is used by
|
|
<A HREF="/cgi-bin/man/man2html?1+ssh">ssh</A>(1)
|
|
|
|
|
|
to access the local host keys and generate the digital signature
|
|
required during host-based authentication.
|
|
<P>
|
|
|
|
<B></B>
|
|
|
|
|
|
is disabled by default and can only be enabled in the
|
|
global client configuration file
|
|
/etc/ssh/ssh_config
|
|
|
|
by setting
|
|
<B>EnableSSHKeysign</B>
|
|
|
|
to
|
|
``yes''
|
|
|
|
|
|
<P>
|
|
|
|
<B></B>
|
|
|
|
|
|
is not intended to be invoked by the user, but from
|
|
<A HREF="/cgi-bin/man/man2html?1+ssh">ssh</A>(1).
|
|
|
|
|
|
See
|
|
<A HREF="/cgi-bin/man/man2html?1+ssh">ssh</A>(1)
|
|
|
|
|
|
and
|
|
<A HREF="/cgi-bin/man/man2html?8+sshd">sshd</A>(8)
|
|
|
|
|
|
for more information about host-based authentication.
|
|
<A NAME="lbAE"> </A>
|
|
<H2>FILES</H2>
|
|
|
|
<DL COMPACT>
|
|
<P>
|
|
|
|
<DT id="1"><B>/etc/ssh/ssh_config
|
|
|
|
</B>
|
|
<DD>
|
|
Controls whether
|
|
<B></B>
|
|
|
|
|
|
is enabled.
|
|
<P>
|
|
|
|
<DT id="2"><B>/etc/ssh/ssh_host_dsa_key
|
|
|
|
</B>
|
|
<DD>
|
|
<DT id="3"><B>/etc/ssh/ssh_host_ecdsa_key
|
|
|
|
</B>
|
|
<DD>
|
|
<DT id="4"><B>/etc/ssh/ssh_host_ed25519_key
|
|
|
|
</B>
|
|
<DD>
|
|
<DT id="5"><B>/etc/ssh/ssh_host_rsa_key
|
|
|
|
</B>
|
|
<DD>
|
|
These files contain the private parts of the host keys used to
|
|
generate the digital signature.
|
|
They should be owned by root, readable only by root, and not
|
|
accessible to others.
|
|
Since they are readable only by root,
|
|
<B></B>
|
|
|
|
|
|
must be set-uid root if host-based authentication is used.
|
|
<P>
|
|
|
|
<DT id="6"><B>/etc/ssh/ssh_host_dsa_key-cert.pub
|
|
|
|
</B>
|
|
<DD>
|
|
<DT id="7"><B>/etc/ssh/ssh_host_ecdsa_key-cert.pub
|
|
|
|
</B>
|
|
<DD>
|
|
<DT id="8"><B>/etc/ssh/ssh_host_ed25519_key-cert.pub
|
|
|
|
</B>
|
|
<DD>
|
|
<DT id="9"><B>/etc/ssh/ssh_host_rsa_key-cert.pub
|
|
|
|
</B>
|
|
<DD>
|
|
If these files exist they are assumed to contain public certificate
|
|
information corresponding with the private keys above.
|
|
</DL>
|
|
<P>
|
|
|
|
<A NAME="lbAF"> </A>
|
|
<H2>SEE ALSO</H2>
|
|
|
|
<A HREF="/cgi-bin/man/man2html?1+ssh">ssh</A>(1),
|
|
|
|
|
|
ssh-keygen1,
|
|
|
|
|
|
ssh_config5,
|
|
|
|
|
|
<A HREF="/cgi-bin/man/man2html?8+sshd">sshd</A>(8)
|
|
|
|
|
|
<A NAME="lbAG"> </A>
|
|
<H2>HISTORY</H2>
|
|
|
|
<B></B>
|
|
|
|
|
|
first appeared in
|
|
Ox 3.2 .
|
|
|
|
<A NAME="lbAH"> </A>
|
|
<H2>AUTHORS</H2>
|
|
|
|
An Markus Friedl Aq Mt <A HREF="mailto:markus@openbsd.org">markus@openbsd.org</A>
|
|
|
|
<P>
|
|
|
|
<HR>
|
|
<A NAME="index"> </A><H2>Index</H2>
|
|
<DL>
|
|
<DT id="10"><A HREF="#lbAB">NAME</A><DD>
|
|
<DT id="11"><A HREF="#lbAC">SYNOPSIS</A><DD>
|
|
<DT id="12"><A HREF="#lbAD">DESCRIPTION</A><DD>
|
|
<DT id="13"><A HREF="#lbAE">FILES</A><DD>
|
|
<DT id="14"><A HREF="#lbAF">SEE ALSO</A><DD>
|
|
<DT id="15"><A HREF="#lbAG">HISTORY</A><DD>
|
|
<DT id="16"><A HREF="#lbAH">AUTHORS</A><DD>
|
|
</DL>
|
|
<HR>
|
|
This document was created by
|
|
<A HREF="/cgi-bin/man/man2html">man2html</A>,
|
|
using the manual pages.<BR>
|
|
Time: 00:06:16 GMT, March 31, 2021
|
|
</BODY>
|
|
</HTML>
|