Unix‎ > ‎Solaris‎ > ‎Solaris man pages‎ > ‎1m‎ > ‎

ssh-keysign


NAME
     ssh-keysign - ssh helper program for host-based  authentica-
     tion

SYNOPSIS
     ssh-keysign

DESCRIPTION
     ssh-keysign is used by ssh(1) to access the local host  keys
     and  generate  the  digital  signature required during host-
     based authentication with SSH protocol version 2. This  sig-
     nature is of data that includes, among other items, the name
     of the client host and the name of the client user.

     ssh-keysign is disabled by default and can be  enabled  only
     in  the global client configuration file /etc/ssh/ssh_config
     by setting HostbasedAuthentication to yes.

     ssh-keysign is not intended to be invoked by the  user,  but
     from ssh. See ssh(1) and sshd(1M) for more information about
     host-based authentication.

FILES
     /etc/ssh/ssh_config

         Controls whether ssh-keysign is enabled.



     /etc/ssh/ssh_host_dsa_key
     /etc/ssh/ssh_host_rsa_key

         These files contain the private parts of the  host  keys
         used  to  generate the digital signature. They should be
         owned by root, readable only by root, and not accessible
         to  others. Because they are readable only by root, ssh-
         keysign must be set-uid root if  host-based  authentica-
         tion is used.




SECURITY
     ssh-keysign will not  sign  host-based  authentication  data
     under the following conditions:

       o  If  the  HostbasedAuthentication  client  configuration
          parameter  is  not  set  to yes in /etc/ssh/ssh_config.
          This   setting   cannot   be   overriden   in    users'
          ~/.ssh/ssh_config files.

       o
          If   the    client    hostname    and    username    in
          /etc/ssh/ssh_config do not match the canonical hostname
          of the client where ssh-keysign is invoked and the name
          of the user invoking ssh-keysign.


     In spite of ssh-keysign's restrictions on  the  contents  of
     the  host-based authentication data, there remains the abil-
     ity of users to use  it  as  an  avenue  for  obtaining  the
     client's  private  host  keys.  For  this  reason host-based
     authentication is turned off by default.

ATTRIBUTES
     See attributes(5) for descriptions of the  following  attri-
     butes:

     ____________________________________________________________
    |       ATTRIBUTE TYPE        |       ATTRIBUTE VALUE       |
    |_____________________________|_____________________________|
    | Availability                | SUNWsshu                    |
    |_____________________________|_____________________________|
    | Interface Stability         | Evolving                    |
    |_____________________________|_____________________________|


SEE ALSO
     ssh(1), sshd(1M), ssh_config(4), attributes(5)

AUTHORS
     Markus Friedl, markus@openbsd.org

HISTORY
     ssh-keysign first appeared in Ox 3.2.










Man pages from Solaris 10 Update 8. See docs.sun.com and www.oracle.com for further documentation and Solaris information.
Comments