12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788899091929394 |
- .\" $OpenBSD: ssh-keysign.8,v 1.16 2019/11/30 07:07:59 jmc Exp $
- .\"
- .\" Copyright (c) 2002 Markus Friedl. All rights reserved.
- .\"
- .\" Redistribution and use in source and binary forms, with or without
- .\" modification, are permitted provided that the following conditions
- .\" are met:
- .\" 1. Redistributions of source code must retain the above copyright
- .\" notice, this list of conditions and the following disclaimer.
- .\" 2. Redistributions in binary form must reproduce the above copyright
- .\" notice, this list of conditions and the following disclaimer in the
- .\" documentation and/or other materials provided with the distribution.
- .\"
- .\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
- .\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- .\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
- .\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
- .\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- .\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
- .\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
- .\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
- .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- .\"
- .Dd $Mdocdate: November 30 2019 $
- .Dt SSH-KEYSIGN 8
- .Os
- .Sh NAME
- .Nm ssh-keysign
- .Nd OpenSSH helper for host-based authentication
- .Sh SYNOPSIS
- .Nm
- .Sh DESCRIPTION
- .Nm
- is used by
- .Xr ssh 1
- to access the local host keys and generate the digital signature
- required during host-based authentication.
- .Pp
- .Nm
- is disabled by default and can only be enabled in the
- global client configuration file
- .Pa /etc/ssh/ssh_config
- by setting
- .Cm EnableSSHKeysign
- to
- .Dq yes .
- .Pp
- .Nm
- is not intended to be invoked by the user, but from
- .Xr ssh 1 .
- See
- .Xr ssh 1
- and
- .Xr sshd 8
- for more information about host-based authentication.
- .Sh FILES
- .Bl -tag -width Ds -compact
- .It Pa /etc/ssh/ssh_config
- Controls whether
- .Nm
- is enabled.
- .Pp
- .It Pa /etc/ssh/ssh_host_dsa_key
- .It Pa /etc/ssh/ssh_host_ecdsa_key
- .It Pa /etc/ssh/ssh_host_ed25519_key
- .It Pa /etc/ssh/ssh_host_rsa_key
- These files contain the private parts of the host keys used to
- generate the digital signature.
- They should be owned by root, readable only by root, and not
- accessible to others.
- Since they are readable only by root,
- .Nm
- must be set-uid root if host-based authentication is used.
- .Pp
- .It Pa /etc/ssh/ssh_host_dsa_key-cert.pub
- .It Pa /etc/ssh/ssh_host_ecdsa_key-cert.pub
- .It Pa /etc/ssh/ssh_host_ed25519_key-cert.pub
- .It Pa /etc/ssh/ssh_host_rsa_key-cert.pub
- If these files exist they are assumed to contain public certificate
- information corresponding with the private keys above.
- .El
- .Sh SEE ALSO
- .Xr ssh 1 ,
- .Xr ssh-keygen 1 ,
- .Xr ssh_config 5 ,
- .Xr sshd 8
- .Sh HISTORY
- .Nm
- first appeared in
- .Ox 3.2 .
- .Sh AUTHORS
- .An Markus Friedl Aq Mt markus@openbsd.org
|