MyWebUniversity.com Home Page
 



OpenSolaris man pages main menu 


System Administration Commands                    ssh-keysign(1M)



NAME
     ssh-keysign - ssh helper program for host-based  authentica-
     tion

SYNOPSIS
     ssh-keysign


DESCRIPTION
     ssh-keysign is used by ssh(1) to access the local host  keys
     and  generate  the  digital  signature required during host-
     based authentication with SH protocol version 2. This  sig-
     nature is of data that includes, among other items, the name
     of the client host and the name of the client user.


     ssh-keysign is disabled by default and can be  enabled  only
     in  the global client configuration file /etc/ssh/sshconfig
     by setting HostbasedAuthentication to yes.


     ssh-keysign is not intended to be invoked by the  user,  but
     from ssh. See ssh(1) and sshd(1M) for more information about
     host-based authentication.

FILES
     /etc/ssh/sshconfig          Controls whether ssh-keysign is
                                  enabled.


     /etc/ssh/sshhostdsakey    These files contain the private
     /etc/ssh/sshhostrsakey    parts  of the host keys used to
                                  generate the digital signature.
                                  They  should  be owned by root,
                                  readable only by root, and  not
                                  accessible  to  others. Because
                                  they are readable only by root,
                                  ssh-keysign   must  be  set-uid
                                  root if host-based  authentica-
                                  tion is used.


SECURITY
     ssh-keysign will not  sign  host-based  authentication  data
     under the following conditions:

         o    If the HostbasedAuthentication client configuration
              parameter is not set to yes in /etc/ssh/sshconfig.
              This  setting  cannot  be   overriden   in   users'
              ~/.ssh/sshconfig files.

         o    If   the   client   hostname   and   username    in



SunOS 5.11           Last change: 9 Jun 2004                    1






System Administration Commands                    ssh-keysign(1M)



              /etc/ssh/sshconfig  do  not  match  the  canonical
              hostname of the client where ssh-keysign is invoked
              and the name of the user invoking ssh-keysign.


     In spite of ssh-keysign's restrictions on  the  contents  of
     the  host-based authentication data, there remains the abil-
     ity of users to use  it  as  an  avenue  for  obtaining  the
     client's  private  host  keys.  For  this  reason host-based
     authentication is turned off by default.

ATRIBUTES
     See attributes(5) for descriptions of the  following  attri-
     butes:



     
           ATRIBUTE TYPE               ATRIBUTE VALUE       
    
     Availability                 SUNWsshu                    
    
     Interface Stability          Evolving                    
    


SEE ALSO
     ssh(1), sshd(1M), sshconfig(4), attributes(5)

AUTHORS
     Markus Friedl, markus@openbsd.org

HISTORY
     ssh-keysign first appeared in Ox 3.2.





















SunOS 5.11           Last change: 9 Jun 2004                    2
OpenSolaris man pages main menu
Contact us      |       About us      |       Term of use      |       Copyright © 2000-2010 MyWebUniversity.com ™