CHAPTER 29 Secure Shell, SSH
| Directory | File | Usage |
|---|---|---|
| /etc | ssh_host_key | machine private key, accessible only by root |
| ssh_host_key.pub | machine public key. This file has one line of the form: 1024 37 94512...(lots of numbers)...34891 root@this_machine | |
| ssh_random_seed | seed for the random number generator, accessible only by root | |
| ssh_known_hosts | system-wide known public host keys of machines. Public keys are put here, one per line, with a format similar to ~/.ssh/authorized_keys: system name, number of bits in modulus, public exponent, modulus, and optional comment field, all separated by spaces. The system name can include aliases and IP addresses separated by commas, e.g. (all on one line) nyssa,nyssa.acs.ohio-state.edu,128.146.116.4 1024 41 50812...(lots of numbers)...72391 root@nyssa These can be obtained from the /etc/ssh_host_key.pub of each other host. If you have enabled StrictHostKeyChecking in /etc/ssh_config then you must manually add the desired host's public key to this file so that sshd will allow an RSA authenticated connection. Otherwise, if the host's entry is not in this file ssh will add it to the users local file, ~/.ssh/known_hosts. Generate the entries as root on the host, with ssh-keygen. | |
| ssh_config | system-wide ssh configuration file. Provides defaults for parameters not specified in the users' ~/.ssh/config. See the table below for a list of keywords and default arguments. | |
| sshd_config | sshd (ssh server daemon) configuration file. Lines beginning with # and empty lines are comments. Configuration lines have the form: "keywords arguments", where the keywords are case sensitive. See the table below for a list of keywords and default arguments. | |
| sshd.pid | process id number of the latest sshd. | |
| nologin | limits logins to root user only, if it exists. The contents of this file will be displayed to any user trying to login in. | |
| environment | environment variables to set at login. Lines should be of the form "name=value". | |
| hosts.equiv | lists hosts and users allowed to use rlogin/rsh if RhostsAuthentication or RhostRSAAuthentication is set. | |
| shosts.equiv | same as /etc/hosts.equiv, but only for ssh. | |
| sshrc | commands to execute when the user logs in before starting the user's shell. | |
| $HOME (~) | .rhosts | provides .rhosts authentication if enabled by the ssh configuration files. |
| .shosts | same as ~/.rhosts, but only for ssh. | |
| .Xauthority | used by ssh to store the authorization cookie for the X11 server. Ssh verifies that X11 forwarded connections carry this cookie. When the connection is opened the real cookie replaces this one. All X11 displays automatically go through the encrypted channel via a proxy X server created by ssh. Ssh will set the DISPLAY environment variable pointing to the server machine with a display number greater than zero. | |
| $HOME/.ssh (~/.ssh) | known_hosts. | used in conjunction with /etc/ssh_known_hosts. This is ignored if StrictHostKeyChecking is enabled |
| authorized_keys | list of public keys of users that are allowed access to this account without a password. Generate the entries as the user on the host with ssh-keygen and provide a passphrase. Additional security options can be specified here. The user's local public key, kept in ~/.ssh/identity.pub, should be in this authorized_keys file on the remote machine. This file replaces the function of ~/.rhosts when using RSA authentication. It allows the user to login without providing a password. This file has one key per line, each in the form: 1024 37 44765081...(lots of numbers)...86828 frank@other_machine | |
| identity | local private key of the user. | |
| identity.pub | local public key of the user. This should be copied to ~/.ssh/authorized_keys on the remote machine. This file has one line of the form: 1025 35 5574508...lots of numbers)...74727 frank@this_machine | |
| random_seed | contains the seed for the random number generator. It should be read/write only for the user and should not be changed by the user. | |
| config | configuration file for the user. The format is the same as for the system-wide ssh configuration file, /etc/ssh_config. | |
| environment | environment variables to set at login for this user. Similar to /etc/environment and read after that file. | |
| rc | same as /etc/sshrc, but for the individual user. |