5. ssh-keysign - ssh helper program for host-based authentication ssh-keysign.sunssh

ssh-keysign - ssh helper program for host-based authentication ssh-keysign.sunssh 


  • System Administration Commands				       ssh-keysign(1M)



NAME
       ssh-keysign - ssh helper	program	for host-based authentication

SYNOPSIS
       ssh-keysign


DESCRIPTION
       ssh-keysign  is used by ssh(1) to access	the local host keys and	gener-
       ate the digital signature  required  during  host-based	authentication
       with  SSH  protocol version 2. This signature is	of data	that includes,
       among other items, the name of the client host  and  the	 name  of  the
       client user.


       ssh-keysign  is	disabled  by  default  and  can	be enabled only	in the
       global client configuration file	/etc/ssh/ssh_config by	setting	 Host-
       basedAuthentication to yes.


       ssh-keysign  is	not  intended to be invoked by the user, but from ssh.
       See ssh(1) and sshd(1M) for more	information about host-based authenti-
       cation.

FILES
       /etc/ssh/ssh_config	    Controls whether ssh-keysign is enabled.


       /etc/ssh/ssh_host_dsa_key    These  files  contain the private parts of
       /etc/ssh/ssh_host_rsa_key    the	host keys used to generate the digital
				    signature.	They  should be	owned by root,
				    readable only by root, and not  accessible
				    to	others.	Because	they are readable only
				    by root, ssh-keysign must be set-uid  root
				    if host-based authentication is used.


SECURITY
       ssh-keysign will	not sign host-based authentication data	under the fol-
       lowing conditions:

	   o	  If the HostbasedAuthentication client	configuration  parame-
		  ter  is  not set to yes in /etc/ssh/ssh_config. This setting
		  cannot be overriden in users'	~/.ssh/ssh_config files.

	   o	  If the client	hostname and username  in  /etc/ssh/ssh_config
		  do not match the canonical hostname of the client where ssh-
		  keysign is invoked and the name of the  user	invoking  ssh-
		  keysign.


       In  spite  of  ssh-keysign's  restrictions on the contents of the host-
       based authentication data, there	remains	the ability of users to	use it
       as  an  avenue  for  obtaining the client's private host	keys. For this
       reason host-based authentication	is turned off by default.

ATTRIBUTES
       See attributes(5) for descriptions of the following attributes:




       +-----------------------------+-----------------------------+
       |      ATTRIBUTE	TYPE	     |	    ATTRIBUTE VALUE	   |
       +-----------------------------+-----------------------------+
       |Availability		     |network/ssh		   |
       +-----------------------------+-----------------------------+
       |Interface Stability	     |Committed			   |
       +-----------------------------+-----------------------------+

SEE ALSO
       ssh(1), sshd(1M), ssh_config(4),	attributes(5)

AUTHORS
       Markus Friedl, [email protected]

HISTORY
       ssh-keysign first appeared in Ox	3.2.



SunOS 5.11			  9 Jun	2004		       ssh-keysign(1M)
solaris manpages 2041
Log in to reply
 

© Lightnetics 2024