[0931098] | 1 | <?xml version="1.0" encoding="ISO-8859-1"?>
|
---|
[6732c094] | 2 | <!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
|
---|
| 3 | "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
|
---|
[0931098] | 4 | <!ENTITY % general-entities SYSTEM "../../general.ent">
|
---|
| 5 | %general-entities;
|
---|
| 6 |
|
---|
[3a373116] | 7 | <!ENTITY openssh-download-http
|
---|
| 8 | "http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-&openssh-version;.tar.gz">
|
---|
| 9 | <!ENTITY openssh-download-ftp
|
---|
| 10 | "ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-&openssh-version;.tar.gz">
|
---|
[5a2f5972] | 11 | <!ENTITY openssh-md5sum "be46174dcbb77ebb4ea88ef140685de1">
|
---|
[5a6a6be] | 12 | <!ENTITY openssh-size "1.2 MB">
|
---|
[5a2f5972] | 13 | <!ENTITY openssh-buildsize "31 MB (additional 10 MB if running the tests)">
|
---|
[5a6a6be] | 14 | <!ENTITY openssh-time "0.4 SBU (running the tests takes at least 10 minutes, irrespective of processor speed)">
|
---|
[0931098] | 15 | ]>
|
---|
| 16 |
|
---|
[1708d1e9] | 17 | <sect1 id="openssh" xreflabel="OpenSSH-&openssh-version;">
|
---|
[e4e0d060] | 18 | <?dbhtml filename="openssh.html"?>
|
---|
| 19 |
|
---|
| 20 | <sect1info>
|
---|
| 21 | <othername>$LastChangedBy$</othername>
|
---|
| 22 | <date>$Date$</date>
|
---|
| 23 | </sect1info>
|
---|
| 24 |
|
---|
| 25 | <title>OpenSSH-&openssh-version;</title>
|
---|
| 26 |
|
---|
[0978e07] | 27 | <indexterm zone="openssh">
|
---|
| 28 | <primary sortas="a-OpenSSH">OpenSSH</primary>
|
---|
| 29 | </indexterm>
|
---|
| 30 |
|
---|
| 31 | <sect2 role="package">
|
---|
| 32 | <title>Introduction to OpenSSH</title>
|
---|
| 33 |
|
---|
[3a373116] | 34 | <para>
|
---|
| 35 | The <application>OpenSSH</application> package contains
|
---|
| 36 | <command>ssh</command> clients and the <command>sshd</command> daemon. This
|
---|
| 37 | is useful for encrypting authentication and subsequent traffic over a
|
---|
| 38 | network. The <command>ssh</command> and <command>scp</command> commands are
|
---|
| 39 | secure implementions of <command>telnet</command> and <command>rcp</command>
|
---|
| 40 | respectively.
|
---|
| 41 | </para>
|
---|
[6b5cc24] | 42 |
|
---|
[3ecfea9] | 43 | &lfs73_checked;
|
---|
[6b5cc24] | 44 |
|
---|
[e4e0d060] | 45 | <bridgehead renderas="sect3">Package Information</bridgehead>
|
---|
| 46 | <itemizedlist spacing="compact">
|
---|
| 47 | <listitem>
|
---|
[3a373116] | 48 | <para>
|
---|
| 49 | Download (HTTP): <ulink url="&openssh-download-http;"/>
|
---|
| 50 | </para>
|
---|
[e4e0d060] | 51 | </listitem>
|
---|
| 52 | <listitem>
|
---|
[3a373116] | 53 | <para>
|
---|
| 54 | Download (FTP): <ulink url="&openssh-download-ftp;"/>
|
---|
| 55 | </para>
|
---|
[e4e0d060] | 56 | </listitem>
|
---|
| 57 | <listitem>
|
---|
[3a373116] | 58 | <para>
|
---|
| 59 | Download MD5 sum: &openssh-md5sum;
|
---|
| 60 | </para>
|
---|
[e4e0d060] | 61 | </listitem>
|
---|
| 62 | <listitem>
|
---|
[3a373116] | 63 | <para>
|
---|
| 64 | Download size: &openssh-size;
|
---|
| 65 | </para>
|
---|
[e4e0d060] | 66 | </listitem>
|
---|
| 67 | <listitem>
|
---|
[3a373116] | 68 | <para>
|
---|
| 69 | Estimated disk space required: &openssh-buildsize;
|
---|
| 70 | </para>
|
---|
[e4e0d060] | 71 | </listitem>
|
---|
| 72 | <listitem>
|
---|
[3a373116] | 73 | <para>
|
---|
| 74 | Estimated build time: &openssh-time;
|
---|
| 75 | </para>
|
---|
[e4e0d060] | 76 | </listitem>
|
---|
| 77 | </itemizedlist>
|
---|
| 78 |
|
---|
| 79 | <bridgehead renderas="sect3">OpenSSH Dependencies</bridgehead>
|
---|
| 80 |
|
---|
| 81 | <bridgehead renderas="sect4">Required</bridgehead>
|
---|
[a6ac43b] | 82 | <para role="required"><xref linkend="openssl"/></para>
|
---|
[e4e0d060] | 83 |
|
---|
| 84 | <bridgehead renderas="sect4">Optional</bridgehead>
|
---|
[3a373116] | 85 | <para role="optional">
|
---|
| 86 | <xref linkend="linux-pam"/>,
|
---|
| 87 | <xref linkend="x-window-system"/>,
|
---|
| 88 | <xref linkend="mitkrb"/>,
|
---|
[ba0004e] | 89 | <ulink url="http://www.thrysoee.dk/editline/">libedit</ulink>,
|
---|
[3a373116] | 90 | <ulink url="http://www.opensc-project.org/">OpenSC</ulink> and
|
---|
| 91 | <ulink url="http://www.citi.umich.edu/projects/smartcard/sectok.html">libsectok</ulink>
|
---|
| 92 | </para>
|
---|
[9561d7e] | 93 |
|
---|
[409e2e7] | 94 | <bridgehead renderas="sect4">Optional Runtime (Used only to gather entropy)</bridgehead>
|
---|
[3a373116] | 95 | <para role="optional">
|
---|
[bc6e56d] | 96 | <xref linkend="openjdk"/>,
|
---|
[3a373116] | 97 | <xref linkend="net-tools"/> and
|
---|
| 98 | <xref linkend="sysstat"/>.
|
---|
| 99 | </para>
|
---|
[e4e0d060] | 100 |
|
---|
[3a373116] | 101 | <para condition="html" role="usernotes">
|
---|
| 102 | User Notes: <ulink url='&blfs-wiki;/OpenSSH'/>
|
---|
| 103 | </para>
|
---|
[e4e0d060] | 104 | </sect2>
|
---|
| 105 |
|
---|
| 106 | <sect2 role="installation">
|
---|
| 107 | <title>Installation of OpenSSH</title>
|
---|
| 108 |
|
---|
[3a373116] | 109 | <para>
|
---|
| 110 | <application>OpenSSH</application> runs as two processes when connecting
|
---|
| 111 | to other computers. The first process is a privileged process and controls
|
---|
| 112 | the issuance of privileges as necessary. The second process communicates
|
---|
| 113 | with the network. Additional installation steps are necessary to set up
|
---|
| 114 | the proper environment, which are performed by issuing the following
|
---|
| 115 | commands as the <systemitem class="username">root</systemitem> user:
|
---|
| 116 | </para>
|
---|
[e4e0d060] | 117 |
|
---|
[45f3870] | 118 | <screen role="root"><userinput>install -v -m700 -d /var/lib/sshd &&
|
---|
| 119 | chown -v root:sys /var/lib/sshd &&
|
---|
[b21c661] | 120 | groupadd -g 50 sshd &&
|
---|
| 121 | useradd -c 'sshd PrivSep' -d /var/lib/sshd -g sshd \
|
---|
| 122 | -s /bin/false -u 50 sshd</userinput></screen>
|
---|
[0931098] | 123 |
|
---|
[3a373116] | 124 | <para>
|
---|
| 125 | Install <application>OpenSSH</application> by running the following
|
---|
| 126 | commands:
|
---|
| 127 | </para>
|
---|
[0931098] | 128 |
|
---|
[5a2f5972] | 129 | <screen><userinput>./configure --prefix=/usr \
|
---|
| 130 | --libexecdir=/usr/lib/openssh \
|
---|
| 131 | --sysconfdir=/etc/ssh \
|
---|
| 132 | --datadir=/usr/share/sshd \
|
---|
| 133 | --with-md5-passwords \
|
---|
[d52512f2] | 134 | --with-privsep-path=/var/lib/sshd &&
|
---|
[3a3b19b] | 135 | make</userinput></screen>
|
---|
[1b83a7c1] | 136 |
|
---|
[3a373116] | 137 | <para>
|
---|
[bc6e56d] | 138 | The testsuite requires an installed copy of <command>scp</command> to
|
---|
| 139 | complete the multiplexing tests. To run the test suite, first copy the
|
---|
| 140 | <command>scp</command> program to
|
---|
| 141 | <filename class="directory">/usr/bin</filename>, making sure that you
|
---|
| 142 | back up any existing copy first.
|
---|
[3a373116] | 143 | </para>
|
---|
[409e2e7] | 144 |
|
---|
[5a6a6be] | 145 | <para>
|
---|
[5a2f5972] | 146 | To test the results, issue: <command>make tests</command>.
|
---|
[5a6a6be] | 147 | </para>
|
---|
| 148 |
|
---|
| 149 | <!-- commenting this, I get "all tests passed" [ ken ]
|
---|
| 150 | NB tests should be run as _user_ but the role in the comment is root
|
---|
[3a373116] | 151 | <para>
|
---|
| 152 | To run the test suite, issue the following commands:
|
---|
| 153 | </para>
|
---|
[7c9e252] | 154 |
|
---|
[409e2e7] | 155 | <screen role="root"><userinput>make tests 2>&1 | tee check.log
|
---|
| 156 | grep FATAL check.log</userinput></screen>
|
---|
[7c9e252] | 157 |
|
---|
[3a373116] | 158 | <para>
|
---|
| 159 | If the above command produces no 'FATAL' errors, then proceed with the
|
---|
| 160 | installation, as the <systemitem class="username">root</systemitem> user:
|
---|
[5a6a6be] | 161 | </para>-->
|
---|
| 162 | <para>
|
---|
| 163 | Now, as the <systemitem class="username">root</systemitem> user:
|
---|
[3a373116] | 164 | </para>
|
---|
[7c9e252] | 165 |
|
---|
[409e2e7] | 166 | <screen role="root"><userinput>make install &&
|
---|
[5a2f5972] | 167 | install -v -m755 contrib/ssh-copy-id /usr/bin &&
|
---|
| 168 | install -v -m644 contrib/ssh-copy-id.1 /usr/share/man/man1 &&
|
---|
[45f3870] | 169 | install -v -m755 -d /usr/share/doc/openssh-&openssh-version; &&
|
---|
[6b5cc24] | 170 | install -v -m644 INSTALL LICENCE OVERVIEW README* \
|
---|
[45f3870] | 171 | /usr/share/doc/openssh-&openssh-version;</userinput></screen>
|
---|
[e4e0d060] | 172 | </sect2>
|
---|
| 173 |
|
---|
| 174 | <sect2 role="commands">
|
---|
| 175 | <title>Command Explanations</title>
|
---|
| 176 |
|
---|
[3a373116] | 177 | <para>
|
---|
| 178 | <parameter>--sysconfdir=/etc/ssh</parameter>: This prevents the
|
---|
| 179 | configuration files from being installed in
|
---|
| 180 | <filename class="directory">/usr/etc</filename>.
|
---|
| 181 | </para>
|
---|
| 182 |
|
---|
| 183 | <para>
|
---|
| 184 | <parameter>--datadir=/usr/share/sshd</parameter>: This switch puts the
|
---|
| 185 | Ssh.bin file (used for SmartCard authentication) in
|
---|
| 186 | <filename class="directory">/usr/share/sshd</filename>.
|
---|
| 187 | </para>
|
---|
| 188 |
|
---|
| 189 | <para>
|
---|
| 190 | <parameter>--with-md5-passwords</parameter>: This enables the use of MD5
|
---|
| 191 | passwords.
|
---|
| 192 | </para>
|
---|
| 193 |
|
---|
| 194 | <para>
|
---|
| 195 | <parameter>--with-pam</parameter>: This parameter enables
|
---|
| 196 | <application>Linux-PAM</application> support in the build.
|
---|
| 197 | </para>
|
---|
| 198 |
|
---|
| 199 | <para>
|
---|
| 200 | <parameter>--with-xauth=/usr/bin/xauth</parameter>: Set the default
|
---|
| 201 | location for the <command>xauth</command> binary for X authentication.
|
---|
| 202 | Change the location if <command>xauth</command> will be installed to a
|
---|
| 203 | different path. This can also be controlled from
|
---|
| 204 | <filename>sshd_config</filename> with the XAuthLocation keyword. You can
|
---|
| 205 | omit this switch if <application>Xorg</application> is already installed.
|
---|
| 206 | </para>
|
---|
| 207 |
|
---|
| 208 | <para>
|
---|
| 209 | <parameter>--with-kerberos5=/usr</parameter>: This option is used to
|
---|
| 210 | include Kerberos 5 support in the build.
|
---|
| 211 | </para>
|
---|
[409e2e7] | 212 |
|
---|
[ba0004e] | 213 | <para>
|
---|
| 214 | <parameter>--with-libedit</parameter>: This option enables line editing
|
---|
| 215 | and history features for <command>sftp</command>.
|
---|
| 216 | </para>
|
---|
| 217 |
|
---|
[e4e0d060] | 218 | </sect2>
|
---|
| 219 |
|
---|
| 220 | <sect2 role="configuration">
|
---|
| 221 | <title>Configuring OpenSSH</title>
|
---|
| 222 |
|
---|
| 223 | <sect3 id="openssh-config">
|
---|
| 224 | <title>Config Files</title>
|
---|
| 225 |
|
---|
[3a373116] | 226 | <para>
|
---|
| 227 | <filename>~/.ssh/*</filename>,
|
---|
[e4e0d060] | 228 | <filename>/etc/ssh/ssh_config</filename>, and
|
---|
[3a373116] | 229 | <filename>/etc/ssh/sshd_config</filename>
|
---|
| 230 | </para>
|
---|
[e4e0d060] | 231 |
|
---|
| 232 | <indexterm zone="openssh openssh-config">
|
---|
| 233 | <primary sortas="e-AA.ssh">~/.ssh/*</primary>
|
---|
| 234 | </indexterm>
|
---|
| 235 |
|
---|
| 236 | <indexterm zone="openssh openssh-config">
|
---|
| 237 | <primary sortas="e-etc-ssh-ssh_config">/etc/ssh/ssh_config</primary>
|
---|
| 238 | </indexterm>
|
---|
| 239 |
|
---|
| 240 | <indexterm zone="openssh openssh-config">
|
---|
| 241 | <primary sortas="e-etc-ssh-sshd_config">/etc/ssh/sshd_config</primary>
|
---|
| 242 | </indexterm>
|
---|
| 243 |
|
---|
[3a373116] | 244 | <para>
|
---|
| 245 | There are no required changes to any of these files. However,
|
---|
| 246 | you may wish to view the
|
---|
| 247 | <filename class='directory'>/etc/ssh/</filename> files and make any
|
---|
| 248 | changes appropriate for the security of your system. One recommended
|
---|
| 249 | change is that you disable
|
---|
| 250 | <systemitem class='username'>root</systemitem> login via
|
---|
| 251 | <command>ssh</command>. Execute the following command as the
|
---|
| 252 | <systemitem class='username'>root</systemitem> user to disable
|
---|
| 253 | <systemitem class='username'>root</systemitem> login via
|
---|
| 254 | <command>ssh</command>:
|
---|
| 255 | </para>
|
---|
[e4e0d060] | 256 |
|
---|
[6c24da75] | 257 | <screen role="root"><userinput>echo "PermitRootLogin no" >> /etc/ssh/sshd_config</userinput></screen>
|
---|
| 258 |
|
---|
[3a373116] | 259 | <para>
|
---|
| 260 | If you want to be able to log in without typing in your password, first
|
---|
| 261 | create ~/.ssh/id_rsa and ~/.ssh/id_rsa.pub with
|
---|
| 262 | <command>ssh-keygen</command> and then copy ~/.ssh/id_rsa.pub to
|
---|
| 263 | ~/.ssh/authorized_keys on the remote computer that you want to log into.
|
---|
| 264 | You'll need to change REMOTE_HOSTNAME for the hostname of the remote
|
---|
| 265 | computer and you'll also need to enter you password for the ssh command
|
---|
| 266 | to succeed:
|
---|
| 267 | </para>
|
---|
| 268 |
|
---|
| 269 | <screen><userinput>ssh-keygen &&
|
---|
| 270 | public_key="$(cat ~/.ssh/id_rsa.pub)" &&
|
---|
| 271 | ssh REMOTE_HOSTNAME "echo ${public_key} >> ~/.ssh/authorized_keys" &&
|
---|
| 272 | unset public_key</userinput></screen>
|
---|
| 273 |
|
---|
| 274 | <para>
|
---|
| 275 | Once you've got passwordless logins working it's actually more secure
|
---|
| 276 | than logging in with a password (as the private key is much longer than
|
---|
| 277 | most people's passwords). If you would like to now disable password
|
---|
| 278 | logins, as the <systemitem class="username">root</systemitem> user:
|
---|
| 279 | </para>
|
---|
| 280 |
|
---|
| 281 |
|
---|
| 282 | <screen role="root"><userinput>echo "PasswordAuthentication no" >> /etc/ssh/sshd_config &&
|
---|
| 283 | echo "ChallengeResponseAuthentication no" >> /etc/ssh/sshd_config</userinput></screen>
|
---|
| 284 |
|
---|
| 285 | <para>
|
---|
| 286 | If you added <application>LinuxPAM</application> support and you want
|
---|
| 287 | ssh to use it then you will need to add a configuration file for
|
---|
| 288 | <application>sshd</application> and enable use of
|
---|
| 289 | <application>LinuxPAM</application>. Note, ssh only uses PAM to check
|
---|
| 290 | passwords, if you've disabled password logins these commands are not
|
---|
| 291 | needed. If you want to use PAM issue the following commands as the
|
---|
| 292 | <systemitem class='username'>root</systemitem> user:
|
---|
| 293 | </para>
|
---|
[6c24da75] | 294 |
|
---|
| 295 | <screen role="root"><userinput>sed 's@d/login@d/sshd@g' /etc/pam.d/login > /etc/pam.d/sshd &&
|
---|
[b30ddee] | 296 | chmod 644 /etc/pam.d/sshd &&
|
---|
[5a6a6be] | 297 | echo "UsePAM yes" >> /etc/ssh/sshd_config</userinput></screen>
|
---|
[e4e0d060] | 298 |
|
---|
[3a373116] | 299 | <para>
|
---|
| 300 | Additional configuration information can be found in the man
|
---|
| 301 | pages for <command>sshd</command>, <command>ssh</command> and
|
---|
| 302 | <command>ssh-agent</command>.
|
---|
| 303 | </para>
|
---|
[e4e0d060] | 304 | </sect3>
|
---|
| 305 |
|
---|
| 306 | <sect3 id="openssh-init">
|
---|
| 307 | <title>Boot Script</title>
|
---|
| 308 |
|
---|
[3a373116] | 309 | <para>
|
---|
| 310 | To start the SSH server at system boot, install the
|
---|
[e4e0d060] | 311 | <filename>/etc/rc.d/init.d/sshd</filename> init script included
|
---|
[3a373116] | 312 | in the <xref linkend="bootscripts"/> package.
|
---|
| 313 | </para>
|
---|
[e4e0d060] | 314 |
|
---|
| 315 | <indexterm zone="openssh openssh-init">
|
---|
| 316 | <primary sortas="f-sshd">sshd</primary>
|
---|
| 317 | </indexterm>
|
---|
| 318 |
|
---|
| 319 | <screen role="root"><userinput>make install-sshd</userinput></screen>
|
---|
| 320 | </sect3>
|
---|
| 321 | </sect2>
|
---|
| 322 |
|
---|
| 323 | <sect2 role="content">
|
---|
| 324 | <title>Contents</title>
|
---|
| 325 |
|
---|
| 326 | <segmentedlist>
|
---|
| 327 | <segtitle>Installed Programs</segtitle>
|
---|
[c3c56b2] | 328 | <segtitle>Installed Libraries</segtitle>
|
---|
[e4e0d060] | 329 | <segtitle>Installed Directories</segtitle>
|
---|
| 330 |
|
---|
| 331 | <seglistitem>
|
---|
[3a373116] | 332 | <seg>
|
---|
| 333 | scp, sftp, sftp-server, slogin, ssh, sshd, ssh-add, ssh-agent,
|
---|
[5a2f5972] | 334 | ssh-copy-id, ssh-keygen, ssh-keyscan, ssh-keysign and
|
---|
| 335 | ssh-pkcs11-helper
|
---|
[c3c56b2] | 336 | </seg>
|
---|
| 337 | <seg>
|
---|
| 338 | None
|
---|
[3a373116] | 339 | </seg>
|
---|
| 340 | <seg>
|
---|
| 341 | /etc/ssh,
|
---|
| 342 | /var/lib/sshd,
|
---|
| 343 | /usr/lib/openssh and
|
---|
[c3c56b2] | 344 | /usr/share/doc/openssh-&openssh-version;
|
---|
[3a373116] | 345 | </seg>
|
---|
[e4e0d060] | 346 | </seglistitem>
|
---|
| 347 | </segmentedlist>
|
---|
| 348 |
|
---|
| 349 | <variablelist>
|
---|
| 350 | <bridgehead renderas="sect3">Short Descriptions</bridgehead>
|
---|
| 351 | <?dbfo list-presentation="list"?>
|
---|
| 352 | <?dbhtml list-presentation="table"?>
|
---|
| 353 |
|
---|
| 354 | <varlistentry id="scp">
|
---|
| 355 | <term><command>scp</command></term>
|
---|
| 356 | <listitem>
|
---|
[3a373116] | 357 | <para>
|
---|
| 358 | is a file copy program that acts like <command>rcp</command> except
|
---|
| 359 | it uses an encrypted protocol.
|
---|
| 360 | </para>
|
---|
[e4e0d060] | 361 | <indexterm zone="openssh scp">
|
---|
| 362 | <primary sortas="b-scp">scp</primary>
|
---|
| 363 | </indexterm>
|
---|
| 364 | </listitem>
|
---|
| 365 | </varlistentry>
|
---|
| 366 |
|
---|
| 367 | <varlistentry id="sftp">
|
---|
| 368 | <term><command>sftp</command></term>
|
---|
| 369 | <listitem>
|
---|
[3a373116] | 370 | <para>
|
---|
| 371 | is an FTP-like program that works over the SSH1 and SSH2 protocols.
|
---|
| 372 | </para>
|
---|
[e4e0d060] | 373 | <indexterm zone="openssh sftp">
|
---|
| 374 | <primary sortas="b-sftp">sftp</primary>
|
---|
| 375 | </indexterm>
|
---|
| 376 | </listitem>
|
---|
| 377 | </varlistentry>
|
---|
| 378 |
|
---|
| 379 | <varlistentry id="sftp-server">
|
---|
| 380 | <term><command>sftp-server</command></term>
|
---|
| 381 | <listitem>
|
---|
[3a373116] | 382 | <para>
|
---|
| 383 | is an SFTP server subsystem. This program is not normally called
|
---|
| 384 | directly by the user.
|
---|
| 385 | </para>
|
---|
[e4e0d060] | 386 | <indexterm zone="openssh sftp-server">
|
---|
| 387 | <primary sortas="b-sftp-server">sftp-server</primary>
|
---|
| 388 | </indexterm>
|
---|
| 389 | </listitem>
|
---|
| 390 | </varlistentry>
|
---|
| 391 |
|
---|
| 392 | <varlistentry id="slogin">
|
---|
| 393 | <term><command>slogin</command></term>
|
---|
| 394 | <listitem>
|
---|
[3a373116] | 395 | <para>
|
---|
| 396 | is a symlink to <command>ssh</command>.
|
---|
| 397 | </para>
|
---|
[e4e0d060] | 398 | <indexterm zone="openssh slogin">
|
---|
[b960e3ec] | 399 | <primary sortas="b-slogin">slogin</primary>
|
---|
[e4e0d060] | 400 | </indexterm>
|
---|
| 401 | </listitem>
|
---|
| 402 | </varlistentry>
|
---|
| 403 |
|
---|
| 404 | <varlistentry id="ssh">
|
---|
| 405 | <term><command>ssh</command></term>
|
---|
| 406 | <listitem>
|
---|
[3a373116] | 407 | <para>
|
---|
| 408 | is an <command>rlogin</command>/<command>rsh</command>-like client
|
---|
| 409 | program except it uses an encrypted protocol.
|
---|
| 410 | </para>
|
---|
[e4e0d060] | 411 | <indexterm zone="openssh ssh">
|
---|
| 412 | <primary sortas="b-ssh">ssh</primary>
|
---|
| 413 | </indexterm>
|
---|
| 414 | </listitem>
|
---|
| 415 | </varlistentry>
|
---|
| 416 |
|
---|
| 417 | <varlistentry id="sshd">
|
---|
| 418 | <term><command>sshd</command></term>
|
---|
| 419 | <listitem>
|
---|
[3a373116] | 420 | <para>
|
---|
| 421 | is a daemon that listens for <command>ssh</command> login requests.
|
---|
| 422 | </para>
|
---|
[e4e0d060] | 423 | <indexterm zone="openssh sshd">
|
---|
| 424 | <primary sortas="b-sshd">sshd</primary>
|
---|
| 425 | </indexterm>
|
---|
| 426 | </listitem>
|
---|
| 427 | </varlistentry>
|
---|
| 428 |
|
---|
| 429 | <varlistentry id="ssh-add">
|
---|
| 430 | <term><command>ssh-add</command></term>
|
---|
| 431 | <listitem>
|
---|
[3a373116] | 432 | <para>
|
---|
| 433 | is a tool which adds keys to the <command>ssh-agent</command>.
|
---|
| 434 | </para>
|
---|
[e4e0d060] | 435 | <indexterm zone="openssh ssh-add">
|
---|
| 436 | <primary sortas="b-ssh-add">ssh-add</primary>
|
---|
| 437 | </indexterm>
|
---|
| 438 | </listitem>
|
---|
| 439 | </varlistentry>
|
---|
| 440 |
|
---|
| 441 | <varlistentry id="ssh-agent">
|
---|
| 442 | <term><command>ssh-agent</command></term>
|
---|
| 443 | <listitem>
|
---|
[3a373116] | 444 | <para>
|
---|
| 445 | is an authentication agent that can store private keys.
|
---|
| 446 | </para>
|
---|
[e4e0d060] | 447 | <indexterm zone="openssh ssh-agent">
|
---|
| 448 | <primary sortas="b-ssh-agent">ssh-agent</primary>
|
---|
| 449 | </indexterm>
|
---|
| 450 | </listitem>
|
---|
| 451 | </varlistentry>
|
---|
| 452 |
|
---|
[5a2f5972] | 453 | <varlistentry id="ssh-copy-id">
|
---|
| 454 | <term><command>ssh-copy-id</command></term>
|
---|
| 455 | <listitem>
|
---|
| 456 | <para>
|
---|
| 457 | is a script that enables logins on remote machine using local keys.
|
---|
| 458 | </para>
|
---|
| 459 | <indexterm zone="openssh ssh-copy-id">
|
---|
| 460 | <primary sortas="b-ssh-copy-id">ssh-copy-id</primary>
|
---|
| 461 | </indexterm>
|
---|
| 462 | </listitem>
|
---|
| 463 | </varlistentry>
|
---|
| 464 |
|
---|
[e4e0d060] | 465 | <varlistentry id="ssh-keygen">
|
---|
| 466 | <term><command>ssh-keygen</command></term>
|
---|
| 467 | <listitem>
|
---|
[3a373116] | 468 | <para>
|
---|
| 469 | is a key generation tool.
|
---|
| 470 | </para>
|
---|
[e4e0d060] | 471 | <indexterm zone="openssh ssh-keygen">
|
---|
| 472 | <primary sortas="b-ssh-keygen">ssh-keygen</primary>
|
---|
| 473 | </indexterm>
|
---|
| 474 | </listitem>
|
---|
| 475 | </varlistentry>
|
---|
| 476 |
|
---|
| 477 | <varlistentry id="ssh-keyscan">
|
---|
| 478 | <term><command>ssh-keyscan</command></term>
|
---|
| 479 | <listitem>
|
---|
[3a373116] | 480 | <para>
|
---|
| 481 | is a utility for gathering public host keys from a number of hosts.
|
---|
| 482 | </para>
|
---|
[e4e0d060] | 483 | <indexterm zone="openssh ssh-keyscan">
|
---|
| 484 | <primary sortas="b-ssh-keyscan">ssh-keyscan</primary>
|
---|
| 485 | </indexterm>
|
---|
| 486 | </listitem>
|
---|
| 487 | </varlistentry>
|
---|
| 488 |
|
---|
| 489 | <varlistentry id="ssh-keysign">
|
---|
| 490 | <term><command>ssh-keysign</command></term>
|
---|
| 491 | <listitem>
|
---|
[3a373116] | 492 | <para>
|
---|
| 493 | is used by <command>ssh</command> to access the local host keys and
|
---|
| 494 | generate the digital signature required during hostbased
|
---|
| 495 | authentication with SSH protocol version 2. This program is not
|
---|
| 496 | normally called directly by the user.
|
---|
| 497 | </para>
|
---|
[e4e0d060] | 498 | <indexterm zone="openssh ssh-keysign">
|
---|
| 499 | <primary sortas="b-ssh-keysign">ssh-keysign</primary>
|
---|
| 500 | </indexterm>
|
---|
| 501 | </listitem>
|
---|
| 502 | </varlistentry>
|
---|
[5a2f5972] | 503 |
|
---|
| 504 | <varlistentry id="ssh-pkcs11-helper">
|
---|
| 505 | <term><command>ssh-pkcs11-helper</command></term>
|
---|
| 506 | <listitem>
|
---|
| 507 | <para>
|
---|
| 508 | is a <command>ssh-agent</command> helper program for PKCS#11 support.
|
---|
| 509 | </para>
|
---|
| 510 | <indexterm zone="openssh ssh-pkcs11-helper">
|
---|
| 511 | <primary sortas="b-ssh-pkcs11-helper">ssh-pkcs11-helper</primary>
|
---|
| 512 | </indexterm>
|
---|
| 513 | </listitem>
|
---|
| 514 | </varlistentry>
|
---|
| 515 |
|
---|
[e4e0d060] | 516 | </variablelist>
|
---|
| 517 | </sect2>
|
---|
| 518 | </sect1>
|
---|