[0931098] | 1 | <?xml version="1.0" encoding="ISO-8859-1"?>
|
---|
[6732c094] | 2 | <!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
|
---|
| 3 | "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
|
---|
[0931098] | 4 | <!ENTITY % general-entities SYSTEM "../../general.ent">
|
---|
| 5 | %general-entities;
|
---|
| 6 |
|
---|
[56586e76] | 7 | <!ENTITY openssh-download-http "http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-&openssh-version;.tar.gz">
|
---|
[3a3b19b] | 8 | <!ENTITY openssh-download-ftp "ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-&openssh-version;.tar.gz">
|
---|
[971bae0d] | 9 | <!ENTITY openssh-md5sum "e6ee52e47c768bf0ec42a232b5d18fb0">
|
---|
| 10 | <!ENTITY openssh-size "1.1 MB">
|
---|
| 11 | <!ENTITY openssh-buildsize "22 MB">
|
---|
| 12 | <!ENTITY openssh-time "0.5 SBU (additional 1.5 SBU to run the test suite)">
|
---|
[0931098] | 13 | ]>
|
---|
| 14 |
|
---|
[1708d1e9] | 15 | <sect1 id="openssh" xreflabel="OpenSSH-&openssh-version;">
|
---|
[e4e0d060] | 16 | <?dbhtml filename="openssh.html"?>
|
---|
| 17 |
|
---|
| 18 | <sect1info>
|
---|
| 19 | <othername>$LastChangedBy$</othername>
|
---|
| 20 | <date>$Date$</date>
|
---|
| 21 | </sect1info>
|
---|
| 22 |
|
---|
| 23 | <title>OpenSSH-&openssh-version;</title>
|
---|
| 24 |
|
---|
| 25 | <indexterm zone="openssh">
|
---|
| 26 | <primary sortas="a-OpenSSH">OpenSSH</primary>
|
---|
| 27 | </indexterm>
|
---|
| 28 |
|
---|
| 29 | <sect2 role="package">
|
---|
| 30 | <title>Introduction to OpenSSH</title>
|
---|
| 31 |
|
---|
| 32 | <para>The <application>OpenSSH</application> package contains
|
---|
| 33 | <command>ssh</command> clients and the <command>sshd</command> daemon.
|
---|
| 34 | This is useful for encrypting authentication and subsequent traffic
|
---|
| 35 | over a network.</para>
|
---|
| 36 |
|
---|
| 37 | <bridgehead renderas="sect3">Package Information</bridgehead>
|
---|
| 38 | <itemizedlist spacing="compact">
|
---|
| 39 | <listitem>
|
---|
| 40 | <para>Download (HTTP): <ulink url="&openssh-download-http;"/></para>
|
---|
| 41 | </listitem>
|
---|
| 42 | <listitem>
|
---|
| 43 | <para>Download (FTP): <ulink url="&openssh-download-ftp;"/></para>
|
---|
| 44 | </listitem>
|
---|
| 45 | <listitem>
|
---|
| 46 | <para>Download MD5 sum: &openssh-md5sum;</para>
|
---|
| 47 | </listitem>
|
---|
| 48 | <listitem>
|
---|
| 49 | <para>Download size: &openssh-size;</para>
|
---|
| 50 | </listitem>
|
---|
| 51 | <listitem>
|
---|
| 52 | <para>Estimated disk space required: &openssh-buildsize;</para>
|
---|
| 53 | </listitem>
|
---|
| 54 | <listitem>
|
---|
| 55 | <para>Estimated build time: &openssh-time;</para>
|
---|
| 56 | </listitem>
|
---|
| 57 | </itemizedlist>
|
---|
| 58 |
|
---|
| 59 | <bridgehead renderas="sect3">OpenSSH Dependencies</bridgehead>
|
---|
| 60 |
|
---|
| 61 | <bridgehead renderas="sect4">Required</bridgehead>
|
---|
[a6ac43b] | 62 | <para role="required"><xref linkend="openssl"/></para>
|
---|
[e4e0d060] | 63 |
|
---|
| 64 | <bridgehead renderas="sect4">Optional</bridgehead>
|
---|
[a6ac43b] | 65 | <para role="optional"><xref linkend="linux-pam"/>,
|
---|
[e4e0d060] | 66 | <xref linkend="tcpwrappers"/>,
|
---|
[e77976f] | 67 | <xref linkend="x-window-system"/>,
|
---|
[e4e0d060] | 68 | <xref linkend="mitkrb"/> or <xref linkend="heimdal"/>,
|
---|
[3e6f331] | 69 | <ulink url="http://www.thrysoee.dk/editline/">libedit</ulink>
|
---|
| 70 | (provides a command-line history feature to <command>sftp</command>),
|
---|
[608a225] | 71 | <ulink url="http://www.opensc-project.org/">OpenSC</ulink>, and
|
---|
[9561d7e] | 72 | <ulink
|
---|
| 73 | url="http://www.citi.umich.edu/projects/smartcard/sectok.html">libsectok</ulink></para>
|
---|
| 74 |
|
---|
[409e2e7] | 75 | <bridgehead renderas="sect4">Optional Runtime (Used only to gather entropy)</bridgehead>
|
---|
[b66ece35] | 76 | <para role="optional"><xref linkend="icedtea6"/> or <xref linkend="jdk"/>,
|
---|
[409e2e7] | 77 | <xref linkend="net-tools"/>, and
|
---|
| 78 | <xref linkend="sysstat"/>.</para>
|
---|
| 79 |
|
---|
[1663c2b5] | 80 | <para condition="html" role="usernotes">User Notes:
|
---|
| 81 | <ulink url='&blfs-wiki;/OpenSSH'/></para>
|
---|
[e4e0d060] | 82 |
|
---|
| 83 | </sect2>
|
---|
| 84 |
|
---|
| 85 | <sect2 role="installation">
|
---|
| 86 | <title>Installation of OpenSSH</title>
|
---|
| 87 |
|
---|
| 88 | <para><application>OpenSSH</application> runs as two processes when
|
---|
| 89 | connecting to other computers. The first process is a privileged process
|
---|
| 90 | and controls the issuance of privileges as necessary. The second process
|
---|
| 91 | communicates with the network. Additional installation steps are necessary
|
---|
[3de6059] | 92 | to set up the proper environment, which are performed by issuing the
|
---|
| 93 | following commands as the <systemitem class="username">root</systemitem>
|
---|
| 94 | user:</para>
|
---|
[e4e0d060] | 95 |
|
---|
[45f3870] | 96 | <screen role="root"><userinput>install -v -m700 -d /var/lib/sshd &&
|
---|
| 97 | chown -v root:sys /var/lib/sshd &&
|
---|
[b21c661] | 98 | groupadd -g 50 sshd &&
|
---|
| 99 | useradd -c 'sshd PrivSep' -d /var/lib/sshd -g sshd \
|
---|
| 100 | -s /bin/false -u 50 sshd</userinput></screen>
|
---|
[0931098] | 101 |
|
---|
[e4e0d060] | 102 | <para><application>OpenSSH</application> is very sensitive to changes in
|
---|
| 103 | the linked <application>OpenSSL</application> libraries. If you recompile
|
---|
| 104 | <application>OpenSSL</application>, <application>OpenSSH</application> may
|
---|
[409e2e7] | 105 | fail to start up. An alternative is to link against the static
|
---|
[e4e0d060] | 106 | <application>OpenSSL</application> library. To link against the static
|
---|
| 107 | library, execute the following command:</para>
|
---|
[0931098] | 108 |
|
---|
[6c24da75] | 109 | <screen><userinput>sed -i 's@-lcrypto@/usr/lib/libcrypto.a -ldl@' configure</userinput></screen>
|
---|
[0931098] | 110 |
|
---|
[e4e0d060] | 111 | <para>Install <application>OpenSSH</application> by running
|
---|
| 112 | the following commands:</para>
|
---|
[0931098] | 113 |
|
---|
[d52512f2] | 114 | <screen><userinput>sed -i.bak 's/ -ldes//' configure &&
|
---|
| 115 | ./configure --prefix=/usr \
|
---|
| 116 | --sysconfdir=/etc/ssh \
|
---|
| 117 | --datadir=/usr/share/sshd \
|
---|
| 118 | --libexecdir=/usr/lib/openssh \
|
---|
| 119 | --with-md5-passwords \
|
---|
| 120 | --with-privsep-path=/var/lib/sshd &&
|
---|
[3a3b19b] | 121 | make</userinput></screen>
|
---|
[1b83a7c1] | 122 |
|
---|
[e4e0d060] | 123 | <para>If you linked <application>tcp_wrappers</application> into the
|
---|
| 124 | build using the <option>--with-tcp-wrappers</option> parameter, ensure
|
---|
| 125 | you add 127.0.0.1 to the sshd line in <filename>/etc/hosts.allow</filename>
|
---|
| 126 | if you have a restrictive <filename>/etc/hosts.deny</filename> file, or the
|
---|
[7c9e252] | 127 | test suite will fail. Additionally, the testsuite requires an installed
|
---|
[409e2e7] | 128 | copy of <command>scp</command> to complete the multiplexing tests. To
|
---|
[a41f643] | 129 | run the test suite, first copy the scp program to
|
---|
| 130 | <filename class="directory">/usr/bin</filename>, making sure that you
|
---|
[409e2e7] | 131 | back up any existing copy first.</para>
|
---|
| 132 |
|
---|
[8c9e2f6e] | 133 | <para>To run the test suite, issue the following commands:</para>
|
---|
[7c9e252] | 134 |
|
---|
[409e2e7] | 135 | <screen role="root"><userinput>make tests 2>&1 | tee check.log
|
---|
| 136 | grep FATAL check.log</userinput></screen>
|
---|
[7c9e252] | 137 |
|
---|
| 138 | <para>If the above command produces no 'FATAL' errors, then proceed
|
---|
[409e2e7] | 139 | with the installation, as the
|
---|
[7c9e252] | 140 | <systemitem class="username">root</systemitem> user:</para>
|
---|
| 141 |
|
---|
[409e2e7] | 142 | <screen role="root"><userinput>make install &&
|
---|
[45f3870] | 143 | install -v -m755 -d /usr/share/doc/openssh-&openssh-version; &&
|
---|
| 144 | install -v -m644 INSTALL LICENCE OVERVIEW README* WARNING.RNG \
|
---|
| 145 | /usr/share/doc/openssh-&openssh-version;</userinput></screen>
|
---|
[e4e0d060] | 146 |
|
---|
| 147 | </sect2>
|
---|
| 148 |
|
---|
| 149 | <sect2 role="commands">
|
---|
| 150 | <title>Command Explanations</title>
|
---|
| 151 |
|
---|
[d52512f2] | 152 | <para><command>sed -i.bak 's/ -ldes//' configure</command>:
|
---|
| 153 | This command fixes a build crash if you used the
|
---|
| 154 | <option>--with-kerberos5</option> parameter and you built the
|
---|
| 155 | <application>Heimdal</application> package in accordance with the BLFS
|
---|
| 156 | instructions. The command is harmless in all other instances.</para>
|
---|
| 157 |
|
---|
[e4e0d060] | 158 | <para><parameter>--sysconfdir=/etc/ssh</parameter>: This prevents
|
---|
| 159 | the configuration files from being installed in
|
---|
| 160 | <filename class="directory">/usr/etc</filename>.</para>
|
---|
[f45b1953] | 161 |
|
---|
[6c24da75] | 162 | <para><parameter>--datadir=/usr/share/sshd</parameter>: This switch
|
---|
[410e228b] | 163 | puts the Ssh.bin file (used for SmartCard authentication) in
|
---|
[6c24da75] | 164 | <filename class="directory">/usr/share/sshd</filename>.</para>
|
---|
| 165 |
|
---|
| 166 | <para><parameter>--with-md5-passwords</parameter>: This is required
|
---|
| 167 | with the default configuration of Shadow password suite in LFS.</para>
|
---|
[e4e0d060] | 168 |
|
---|
[1b744785] | 169 | <para><parameter>--libexecdir=/usr/lib/openssh</parameter>: This parameter
|
---|
[e4e0d060] | 170 | changes the installation path of some programs to
|
---|
[1b744785] | 171 | <filename class="directory">/usr/lib/openssh</filename> instead of
|
---|
[e4e0d060] | 172 | <filename class="directory">/usr/libexec</filename>.</para>
|
---|
| 173 |
|
---|
[ba7a0ce] | 174 | <para><parameter>--with-pam</parameter>: This parameter enables
|
---|
| 175 | <application>Linux-PAM</application> support in the build.</para>
|
---|
| 176 |
|
---|
[4ea98296] | 177 | <para><parameter>--with-xauth=/usr/bin/xauth</parameter>: Set the
|
---|
[410e228b] | 178 | default location for the <command>xauth</command> binary for X
|
---|
[4ea98296] | 179 | authentication. Change the location if <command>xauth</command> will
|
---|
[410e228b] | 180 | be installed to a different path. This can also be controlled from
|
---|
[4ea98296] | 181 | <filename>sshd_config</filename> with the XAuthLocation keyword.
|
---|
[618b9a7] | 182 | You can omit this switch if <application>Xorg</application> is already
|
---|
[4ea98296] | 183 | installed.
|
---|
| 184 | </para>
|
---|
| 185 |
|
---|
[a41f643] | 186 | <para><parameter>--with-kerberos5=/usr</parameter>: This option is used to
|
---|
[409e2e7] | 187 | include Heimdal support in the build.</para>
|
---|
| 188 |
|
---|
[e4e0d060] | 189 | </sect2>
|
---|
| 190 |
|
---|
| 191 | <sect2 role="configuration">
|
---|
| 192 | <title>Configuring OpenSSH</title>
|
---|
| 193 |
|
---|
| 194 | <sect3 id="openssh-config">
|
---|
| 195 | <title>Config Files</title>
|
---|
| 196 |
|
---|
| 197 | <para><filename>~/.ssh/*</filename>,
|
---|
| 198 | <filename>/etc/ssh/ssh_config</filename>, and
|
---|
| 199 | <filename>/etc/ssh/sshd_config</filename></para>
|
---|
| 200 |
|
---|
| 201 | <indexterm zone="openssh openssh-config">
|
---|
| 202 | <primary sortas="e-AA.ssh">~/.ssh/*</primary>
|
---|
| 203 | </indexterm>
|
---|
| 204 |
|
---|
| 205 | <indexterm zone="openssh openssh-config">
|
---|
| 206 | <primary sortas="e-etc-ssh-ssh_config">/etc/ssh/ssh_config</primary>
|
---|
| 207 | </indexterm>
|
---|
| 208 |
|
---|
| 209 | <indexterm zone="openssh openssh-config">
|
---|
| 210 | <primary sortas="e-etc-ssh-sshd_config">/etc/ssh/sshd_config</primary>
|
---|
| 211 | </indexterm>
|
---|
| 212 |
|
---|
| 213 | <para>There are no required changes to any of these files. However,
|
---|
| 214 | you may wish to view the <filename class='directory'>/etc/ssh/</filename>
|
---|
[823b1a3] | 215 | files and make any changes appropriate for the security of your system.
|
---|
[bfb7882] | 216 | One recommended change is that you disable
|
---|
[823b1a3] | 217 | <systemitem class='username'>root</systemitem> login via
|
---|
| 218 | <command>ssh</command>. Execute the following command as the
|
---|
| 219 | <systemitem class='username'>root</systemitem> user to disable
|
---|
| 220 | <systemitem class='username'>root</systemitem> login via
|
---|
[e4e0d060] | 221 | <command>ssh</command>:</para>
|
---|
| 222 |
|
---|
[6c24da75] | 223 | <screen role="root"><userinput>echo "PermitRootLogin no" >> /etc/ssh/sshd_config</userinput></screen>
|
---|
| 224 |
|
---|
| 225 | <para>If you added <application>LinuxPAM</application> support, then you
|
---|
[410e228b] | 226 | will need to add a configuration file for
|
---|
[b30ddee] | 227 | <application>sshd</application> and enable use of
|
---|
| 228 | <application>LinuxPAM</application>. Issue the following commands as the
|
---|
[6c24da75] | 229 | <systemitem class='username'>root</systemitem> user:</para>
|
---|
| 230 |
|
---|
| 231 | <screen role="root"><userinput>sed 's@d/login@d/sshd@g' /etc/pam.d/login > /etc/pam.d/sshd &&
|
---|
[b30ddee] | 232 | chmod 644 /etc/pam.d/sshd &&
|
---|
| 233 | echo "USEPAM yes" >> /etc/ssh/sshd_config</userinput></screen>
|
---|
[e4e0d060] | 234 |
|
---|
| 235 | <para>Additional configuration information can be found in the man
|
---|
| 236 | pages for <command>sshd</command>, <command>ssh</command> and
|
---|
| 237 | <command>ssh-agent</command>.</para>
|
---|
| 238 |
|
---|
| 239 | </sect3>
|
---|
| 240 |
|
---|
| 241 | <sect3 id="openssh-init">
|
---|
| 242 | <title>Boot Script</title>
|
---|
| 243 |
|
---|
| 244 | <para>To start the SSH server at system boot, install the
|
---|
| 245 | <filename>/etc/rc.d/init.d/sshd</filename> init script included
|
---|
[5254d12] | 246 | in the <xref linkend="bootscripts"/> package.</para>
|
---|
[e4e0d060] | 247 |
|
---|
| 248 | <indexterm zone="openssh openssh-init">
|
---|
| 249 | <primary sortas="f-sshd">sshd</primary>
|
---|
| 250 | </indexterm>
|
---|
| 251 |
|
---|
| 252 | <screen role="root"><userinput>make install-sshd</userinput></screen>
|
---|
| 253 |
|
---|
| 254 | </sect3>
|
---|
| 255 |
|
---|
| 256 | </sect2>
|
---|
| 257 |
|
---|
| 258 | <sect2 role="content">
|
---|
| 259 | <title>Contents</title>
|
---|
| 260 |
|
---|
| 261 | <segmentedlist>
|
---|
| 262 | <segtitle>Installed Programs</segtitle>
|
---|
| 263 | <segtitle>Installed Libraries</segtitle>
|
---|
| 264 | <segtitle>Installed Directories</segtitle>
|
---|
| 265 |
|
---|
| 266 | <seglistitem>
|
---|
| 267 | <seg>scp, sftp, sftp-server, slogin, ssh, sshd, ssh-add, ssh-agent,
|
---|
| 268 | ssh-keygen, ssh-keyscan, and ssh-keysign</seg>
|
---|
| 269 | <seg>None</seg>
|
---|
[409e2e7] | 270 | <seg>/etc/ssh, /var/lib/sshd, /usr/lib/openssh, and
|
---|
[45f3870] | 271 | /usr/share/doc/openssh-&openssh-version;</seg>
|
---|
[e4e0d060] | 272 | </seglistitem>
|
---|
| 273 | </segmentedlist>
|
---|
| 274 |
|
---|
| 275 | <variablelist>
|
---|
| 276 | <bridgehead renderas="sect3">Short Descriptions</bridgehead>
|
---|
| 277 | <?dbfo list-presentation="list"?>
|
---|
| 278 | <?dbhtml list-presentation="table"?>
|
---|
| 279 |
|
---|
| 280 | <varlistentry id="scp">
|
---|
| 281 | <term><command>scp</command></term>
|
---|
| 282 | <listitem>
|
---|
| 283 | <para>is a file copy program that acts like <command>rcp</command>
|
---|
| 284 | except it uses an encrypted protocol.</para>
|
---|
| 285 | <indexterm zone="openssh scp">
|
---|
| 286 | <primary sortas="b-scp">scp</primary>
|
---|
| 287 | </indexterm>
|
---|
| 288 | </listitem>
|
---|
| 289 | </varlistentry>
|
---|
| 290 |
|
---|
| 291 | <varlistentry id="sftp">
|
---|
| 292 | <term><command>sftp</command></term>
|
---|
| 293 | <listitem>
|
---|
| 294 | <para>is an FTP-like program that works over
|
---|
| 295 | SSH1 and SSH2 protocols.</para>
|
---|
| 296 | <indexterm zone="openssh sftp">
|
---|
| 297 | <primary sortas="b-sftp">sftp</primary>
|
---|
| 298 | </indexterm>
|
---|
| 299 | </listitem>
|
---|
| 300 | </varlistentry>
|
---|
| 301 |
|
---|
| 302 | <varlistentry id="sftp-server">
|
---|
| 303 | <term><command>sftp-server</command></term>
|
---|
| 304 | <listitem>
|
---|
[0c6194bb] | 305 | <para>is an SFTP server subsystem. This program is not normally
|
---|
| 306 | called directly by the user.</para>
|
---|
[e4e0d060] | 307 | <indexterm zone="openssh sftp-server">
|
---|
| 308 | <primary sortas="b-sftp-server">sftp-server</primary>
|
---|
| 309 | </indexterm>
|
---|
| 310 | </listitem>
|
---|
| 311 | </varlistentry>
|
---|
| 312 |
|
---|
| 313 | <varlistentry id="slogin">
|
---|
| 314 | <term><command>slogin</command></term>
|
---|
| 315 | <listitem>
|
---|
| 316 | <para>is a symlink to <command>ssh</command>.</para>
|
---|
| 317 | <indexterm zone="openssh slogin">
|
---|
| 318 | <primary sortas="g-slogin">slogin</primary>
|
---|
| 319 | </indexterm>
|
---|
| 320 | </listitem>
|
---|
| 321 | </varlistentry>
|
---|
| 322 |
|
---|
| 323 | <varlistentry id="ssh">
|
---|
| 324 | <term><command>ssh</command></term>
|
---|
| 325 | <listitem>
|
---|
| 326 | <para>is an <command>rlogin</command>/<command>rsh</command>-like
|
---|
| 327 | client program except it uses an encrypted protocol.</para>
|
---|
| 328 | <indexterm zone="openssh ssh">
|
---|
| 329 | <primary sortas="b-ssh">ssh</primary>
|
---|
| 330 | </indexterm>
|
---|
| 331 | </listitem>
|
---|
| 332 | </varlistentry>
|
---|
| 333 |
|
---|
| 334 | <varlistentry id="sshd">
|
---|
| 335 | <term><command>sshd</command></term>
|
---|
| 336 | <listitem>
|
---|
| 337 | <para>is a daemon that listens for <command>ssh</command> login
|
---|
| 338 | requests.</para>
|
---|
| 339 | <indexterm zone="openssh sshd">
|
---|
| 340 | <primary sortas="b-sshd">sshd</primary>
|
---|
| 341 | </indexterm>
|
---|
| 342 | </listitem>
|
---|
| 343 | </varlistentry>
|
---|
| 344 |
|
---|
| 345 | <varlistentry id="ssh-add">
|
---|
| 346 | <term><command>ssh-add</command></term>
|
---|
| 347 | <listitem>
|
---|
| 348 | <para>is a tool which adds keys to the
|
---|
| 349 | <command>ssh-agent</command>.</para>
|
---|
| 350 | <indexterm zone="openssh ssh-add">
|
---|
| 351 | <primary sortas="b-ssh-add">ssh-add</primary>
|
---|
| 352 | </indexterm>
|
---|
| 353 | </listitem>
|
---|
| 354 | </varlistentry>
|
---|
| 355 |
|
---|
| 356 | <varlistentry id="ssh-agent">
|
---|
| 357 | <term><command>ssh-agent</command></term>
|
---|
| 358 | <listitem>
|
---|
| 359 | <para>is an authentication agent that can store private keys.</para>
|
---|
| 360 | <indexterm zone="openssh ssh-agent">
|
---|
| 361 | <primary sortas="b-ssh-agent">ssh-agent</primary>
|
---|
| 362 | </indexterm>
|
---|
| 363 | </listitem>
|
---|
| 364 | </varlistentry>
|
---|
| 365 |
|
---|
| 366 | <varlistentry id="ssh-keygen">
|
---|
| 367 | <term><command>ssh-keygen</command></term>
|
---|
| 368 | <listitem>
|
---|
| 369 | <para>is a key generation tool.</para>
|
---|
| 370 | <indexterm zone="openssh ssh-keygen">
|
---|
| 371 | <primary sortas="b-ssh-keygen">ssh-keygen</primary>
|
---|
| 372 | </indexterm>
|
---|
| 373 | </listitem>
|
---|
| 374 | </varlistentry>
|
---|
| 375 |
|
---|
| 376 | <varlistentry id="ssh-keyscan">
|
---|
| 377 | <term><command>ssh-keyscan</command></term>
|
---|
| 378 | <listitem>
|
---|
| 379 | <para>is a utility for gathering public host keys from a
|
---|
| 380 | number of hosts.</para>
|
---|
| 381 | <indexterm zone="openssh ssh-keyscan">
|
---|
| 382 | <primary sortas="b-ssh-keyscan">ssh-keyscan</primary>
|
---|
| 383 | </indexterm>
|
---|
| 384 | </listitem>
|
---|
| 385 | </varlistentry>
|
---|
| 386 |
|
---|
| 387 | <varlistentry id="ssh-keysign">
|
---|
| 388 | <term><command>ssh-keysign</command></term>
|
---|
| 389 | <listitem>
|
---|
| 390 | <para>is used by <command>ssh</command> to access the local host
|
---|
| 391 | keys and generate the digital signature required during hostbased
|
---|
[0c6194bb] | 392 | authentication with SSH protocol version 2. This program is not normally
|
---|
| 393 | called directly by the user.</para>
|
---|
[e4e0d060] | 394 | <indexterm zone="openssh ssh-keysign">
|
---|
| 395 | <primary sortas="b-ssh-keysign">ssh-keysign</primary>
|
---|
| 396 | </indexterm>
|
---|
| 397 | </listitem>
|
---|
| 398 | </varlistentry>
|
---|
| 399 |
|
---|
| 400 | </variablelist>
|
---|
| 401 |
|
---|
| 402 | </sect2>
|
---|
| 403 |
|
---|
| 404 | </sect1>
|
---|