mirror of
git://anongit.mindrot.org/openssh.git
synced 2024-12-24 19:02:06 +00:00
- jmc@cvs.openbsd.org 2006/02/19 20:02:17
[sshd.8] sync the (s)hosts.equiv FILES entries w/ those from ssh.1;
This commit is contained in:
parent
fd725cf585
commit
445121fe8d
@ -123,6 +123,9 @@
|
||||
[sshd.8]
|
||||
move the sshrc stuff out of FILES, and into its own section:
|
||||
FILES is not a good place to document how stuff works;
|
||||
- jmc@cvs.openbsd.org 2006/02/19 20:02:17
|
||||
[sshd.8]
|
||||
sync the (s)hosts.equiv FILES entries w/ those from ssh.1;
|
||||
|
||||
20060313
|
||||
- (dtucker) [configure.ac] Bug #1171: Don't use printf("%lld", longlong)
|
||||
@ -4024,4 +4027,4 @@
|
||||
- (djm) Trim deprecated options from INSTALL. Mention UsePAM
|
||||
- (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu
|
||||
|
||||
$Id: ChangeLog,v 1.4174 2006/03/15 00:35:54 djm Exp $
|
||||
$Id: ChangeLog,v 1.4175 2006/03/15 00:36:18 djm Exp $
|
||||
|
50
sshd.8
50
sshd.8
@ -34,7 +34,7 @@
|
||||
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
|
||||
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
.\"
|
||||
.\" $OpenBSD: sshd.8,v 1.226 2006/02/19 19:52:10 jmc Exp $
|
||||
.\" $OpenBSD: sshd.8,v 1.227 2006/02/19 20:02:17 jmc Exp $
|
||||
.Dd September 25, 1999
|
||||
.Dt SSHD 8
|
||||
.Os
|
||||
@ -708,43 +708,9 @@ Further details are described in
|
||||
.Xr hosts_access 5 .
|
||||
.Pp
|
||||
.It /etc/hosts.equiv
|
||||
This file is used during
|
||||
.Cm RhostsRSAAuthentication
|
||||
and
|
||||
.Cm HostbasedAuthentication
|
||||
authentication.
|
||||
In the simplest form, this file contains host names, one per line.
|
||||
Users on
|
||||
those hosts are permitted to log in without a password, provided they
|
||||
have the same user name on both machines.
|
||||
The host name may also be
|
||||
followed by a user name; such users are permitted to log in as
|
||||
.Em any
|
||||
user on this machine (except root).
|
||||
Additionally, the syntax
|
||||
.Dq +@group
|
||||
can be used to specify netgroups.
|
||||
Negated entries start with
|
||||
.Ql \&- .
|
||||
.Pp
|
||||
If the client host/user is successfully matched in this file, login is
|
||||
automatically permitted provided the client and server user names are the
|
||||
same.
|
||||
Additionally, successful client host key authentication is required.
|
||||
This file must be writable only by root; it is recommended
|
||||
that it be world-readable.
|
||||
.Pp
|
||||
.Sy "Warning: It is almost never a good idea to use user names in"
|
||||
.Pa hosts.equiv .
|
||||
Beware that it really means that the named user(s) can log in as
|
||||
.Em anybody ,
|
||||
which includes bin, daemon, adm, and other accounts that own critical
|
||||
binaries and directories.
|
||||
Using a user name practically grants the user root access.
|
||||
The only valid use for user names that I can think
|
||||
of is in negative entries.
|
||||
.Pp
|
||||
Note that this warning also applies to rsh/rlogin.
|
||||
This file is for host-based authentication (see
|
||||
.Xr ssh 1 ) .
|
||||
It should only be writable by root.
|
||||
.Pp
|
||||
.It /etc/moduli
|
||||
Contains Diffie-Hellman groups used for the "Diffie-Hellman Group Exchange".
|
||||
@ -765,10 +731,10 @@ refused.
|
||||
The file should be world-readable.
|
||||
.Pp
|
||||
.It /etc/shosts.equiv
|
||||
This is processed exactly as
|
||||
.Pa /etc/hosts.equiv .
|
||||
However, this file may be useful in environments that want to run both
|
||||
rsh/rlogin and ssh.
|
||||
This file is used in exactly the same way as
|
||||
.Pa hosts.equiv ,
|
||||
but allows host-based authentication without permitting login with
|
||||
rlogin/rsh.
|
||||
.Pp
|
||||
.It /etc/ssh/ssh_known_hosts
|
||||
Systemwide list of known host keys.
|
||||
|
Loading…
Reference in New Issue
Block a user