[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Format of ssh2 config files.
>>>>> "Barrie" == Barrie Bremner <TheEnglishman [at] ecosse.net> writes:
Barrie> Could someone please tell me what goes in
Barrie> ~/.ssh2/identification and ~/authorization please?
Barrie> Ideas anyone?
Read the manual? Taking you at your word, you didn't bother putting
the keywords in.
$ man ssh2
SSH2(1) SSH2 SSH2(1)
NAME
ssh2 - secure shell client (remote login program)
[...]
CONFIGURATION FILES
Ssh2 obtains configuration data from the following sources
(in this order): system's global configuration file (typi
cally /etc/ssh2/ssh2_config), user's configuration file
($HOME/.ssh2/ssh2_config) and command line options. For
each parameter, the last obtained value will be effective.
The configuration file has the following format:
`expression:' denotes the start of a per-host con
figuration block, where `expression' is an arbi
trary string which distinguishes this block from
others. `expression' can contain wildcards.
`expression' will be compared with the hostname
obtained from the command-line, and if it matches,
the block will be evaluated. Evaluation stops at
the next `expression:' statement. If more than one
match is found, all will be evaluated and the last
obtained values for parameters will be effective.
Note that `expression' doesn't have to be a real
hostname, as long as the `expression' block con
tains a "Host" configuration parameter, where the
real hostname to connect is defined.
Empty lines and lines starting with ´#´ are ignored
as comments.
LOOK! >>>>>>> Otherwise a line is of the format "keyword argu
ments". Note that it is possible to enclose argu
ments in quotes, and use standard C-convention.
The possible keywords and their meanings are as
follows (note that the configuration files are
case-sensitive, but keywords are case-insensitive):
[...]
FILES
$HOME/.ssh2/random_seed
Used for seeding the random number generator. This
file contains sensitive data and should be
read/write for the user and not accessible for oth
ers. This file is created the first time the pro
gram is run and updated automatically. The user
should never need to read or modify this file.
$HOME/.ssh2/ssh2_config
This is the per-user configuration file. The for
mat of this file is described above. This file is
used by the ssh2 client. This file does not usu
ally contain any sensitive information, but the
recommended permissions are read/write for the
user, and not accessible by others.
$HOME/.ssh2/identification
contains information on how the user wishes to
authenticate himself when contacting a specific
host.
SSH2 April 29, 1999 11
SSH2(1) SSH2 SSH2(1)
LOOK! >>>>>>> The identification file has the same general syntax
as the configuration files. Following keywords may
be used:
IdKey This is followed by the filename of a private key
in the $HOME/.ssh2 directory used for identifica
tion when contacting a host. If there are more
than one IdKeys , they are tried in the order that
they appear in the identification file.
PgpSecretKeyFile
This is followed by the filename of the user's
OpenPGP private keyring in $HOME/.ssh2 directory.
OpenPGP keys listed after this line are expected to
be found from this file. Keys identified with
"IdPgpKey*"-keywords are used like ones identified
with "IdKey"-keyword.
IdPgpKeyName
This is followed by the OpenPGP key name of the key
in PgpSecretKeyFile file.
IdPgpKeyFingerprint
This is followed by the OpenPGP key fingerprint of
the key in PgpSecretKeyFile file.
IdPgpKeyFingerprint
This is followed by the OpenPGP key id of the key
in PgpSecretKeyFile file.
$HOME/.ssh2/authorization
contains information on how the server will verify
the identity of an user.
The authorization file has the same general syntax
as the configuration files. Following keywords may
be used:
Key This is followed by the filename of a public key in
the $HOME/.ssh2 directory that is used for identi
fication when contacting the host. If there are
more than one key, they are all acceptable for
login.
PgpPublicKeyFile
This is followed by the filename of the user's
OpenPGP public keyring in $HOME/.ssh2 directory.
OpenPGP keys listed after this line are expected to
be found from this file. Keys identified with
"PgpKey*"-keywords are used like ones identified
with "Key"-keyword.
SSH2 April 29, 1999 12
SSH2(1) SSH2 SSH2(1)
PgpKeyName
This is followed by the OpenPGP key name.
PgpKeyFingerprint
This is followed by the OpenPGP key fingerprint.
PgpKeyId
This is followed by the OpenPGP key id.
Command
This keyword, if used, must follow the "Key" or
"PgpKey*" -keyword above. This is used to specify a
"forced command", that will be executed on the
server side instead of anything else when the user
is authenticated. The command supplied by the user
(if any) is put in the environment variable
"SSH2_ORIGINAL_COMMAND". The command is run on a
pty if the connection requests a pty; otherwise it
is run without a tty. A quote may be included in
the command by quoting it with a backslash. This
option might be useful to restrict certain public
keys to perform just a specific operation. An exam
ple might be a key that permits remote backups but
nothing else. Notice that the client may specify
TCP/IP and/or X11 forwardings unless they are
explicitly prohibited.
--
University of Tsukuba Tennodai 1-1-1 Tsukuba 305-8573 JAPAN
Institute of Policy and Planning Sciences Tel/fax: +81 (298) 53-5091
_________________ _________________ _________________ _________________
What are those straight lines for? "XEmacs rules."
---------------------------------------------------------------------
Sheffield Linux User's Group - http://www.sheflug.co.uk
To unsubscribe from this list send mail to
- <sheflug-request [at] vuw.ac.nz> - with the word
"unsubscribe" in the body of the message.
GNU the choice of a complete generation.