Changeset 3a37311 for postlfs/security
- Timestamp:
- 05/03/2012 07:24:30 PM (12 years ago)
- Branches:
- 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 12.0, 12.1, 12.2, 7.10, 7.4, 7.5, 7.6, 7.6-blfs, 7.6-systemd, 7.7, 7.8, 7.9, 8.0, 8.1, 8.2, 8.3, 8.4, 9.0, 9.1, basic, bdubbs/svn, elogind, gimp3, gnome, kde5-13430, kde5-14269, kde5-14686, kea, ken/TL2024, ken/inkscape-core-mods, ken/tuningfonts, krejzi/svn, lazarus, lxqt, nosym, perl-modules, plabs/newcss, plabs/python-mods, python3.11, qt5new, rahul/power-profiles-daemon, renodr/vulkan-addition, systemd-11177, systemd-13485, trunk, upgradedb, xry111/for-12.3, xry111/intltool, xry111/llvm18, xry111/soup3, xry111/spidermonkey128, xry111/test-20220226, xry111/xf86-video-removal
- Children:
- ea3e0afa
- Parents:
- 5a9e610
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
postlfs/security/openssh.xml
r5a9e610 r3a37311 5 5 %general-entities; 6 6 7 <!ENTITY openssh-download-http "http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-&openssh-version;.tar.gz"> 8 <!ENTITY openssh-download-ftp "ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-&openssh-version;.tar.gz"> 9 <!ENTITY openssh-md5sum "afe17eee7e98d3b8550cc349834a85d0"> 7 <!ENTITY openssh-download-http 8 "http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-&openssh-version;.tar.gz"> 9 <!ENTITY openssh-download-ftp 10 "ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-&openssh-version;.tar.gz"> 11 <!ENTITY openssh-md5sum "3c9347aa67862881c5da3f3b1c08da7b"> 10 12 <!ENTITY openssh-size "1.1 MB"> 11 <!ENTITY openssh-buildsize " 44MB">12 <!ENTITY openssh-time " 3.5 SBU (including the test suite)">13 <!ENTITY openssh-buildsize "31 MB"> 14 <!ENTITY openssh-time "0.6 SBU"> 13 15 ]> 14 16 … … 23 25 <title>OpenSSH-&openssh-version;</title> 24 26 25 <para>The <application>OpenSSH</application> package contains 26 <command>ssh</command> clients and the <command>sshd</command> daemon. 27 This is useful for encrypting authentication and subsequent traffic 28 over a network. The <command>ssh</command> and <command>scp</command> 29 commands are secure implementions of <command>telnet</command> and 30 <command>rcp</command> respectively.</para> 31 32 &lfs70_checked; 27 <para> 28 The <application>OpenSSH</application> package contains 29 <command>ssh</command> clients and the <command>sshd</command> daemon. This 30 is useful for encrypting authentication and subsequent traffic over a 31 network. The <command>ssh</command> and <command>scp</command> commands are 32 secure implementions of <command>telnet</command> and <command>rcp</command> 33 respectively. 34 </para> 35 36 &lfs71_checked; 33 37 34 38 <indexterm zone="openssh"> … … 42 46 <itemizedlist spacing="compact"> 43 47 <listitem> 44 <para>Download (HTTP): <ulink url="&openssh-download-http;"/></para> 45 </listitem> 46 <listitem> 47 <para>Download (FTP): <ulink url="&openssh-download-ftp;"/></para> 48 </listitem> 49 <listitem> 50 <para>Download MD5 sum: &openssh-md5sum;</para> 51 </listitem> 52 <listitem> 53 <para>Download size: &openssh-size;</para> 54 </listitem> 55 <listitem> 56 <para>Estimated disk space required: &openssh-buildsize;</para> 57 </listitem> 58 <listitem> 59 <para>Estimated build time: &openssh-time;</para> 48 <para> 49 Download (HTTP): <ulink url="&openssh-download-http;"/> 50 </para> 51 </listitem> 52 <listitem> 53 <para> 54 Download (FTP): <ulink url="&openssh-download-ftp;"/> 55 </para> 56 </listitem> 57 <listitem> 58 <para> 59 Download MD5 sum: &openssh-md5sum; 60 </para> 61 </listitem> 62 <listitem> 63 <para> 64 Download size: &openssh-size; 65 </para> 66 </listitem> 67 <listitem> 68 <para> 69 Estimated disk space required: &openssh-buildsize; 70 </para> 71 </listitem> 72 <listitem> 73 <para> 74 Estimated build time: &openssh-time; 75 </para> 60 76 </listitem> 61 77 </itemizedlist> … … 67 83 68 84 <bridgehead renderas="sect4">Optional</bridgehead> 69 <para role="optional"><xref linkend="linux-pam"/>, 70 <xref linkend="tcpwrappers"/>, 71 <xref linkend="x-window-system"/>, 72 <xref linkend="mitkrb"/>, 73 <ulink url="http://www.thrysoee.dk/editline/">libedit</ulink> 74 (provides a command-line history feature to <command>sftp</command>), 75 <ulink url="http://www.opensc-project.org/">OpenSC</ulink>, and 76 <ulink 77 url="http://www.citi.umich.edu/projects/smartcard/sectok.html">libsectok</ulink></para> 85 <para role="optional"> 86 <xref linkend="linux-pam"/>, 87 <xref linkend="tcpwrappers"/>, 88 <xref linkend="x-window-system"/>, 89 <xref linkend="mitkrb"/>, 90 <ulink url="http://www.thrysoee.dk/editline/">libedit</ulink> 91 (provides a command-line history feature to <command>sftp</command>), 92 <ulink url="http://www.opensc-project.org/">OpenSC</ulink> and 93 <ulink url="http://www.citi.umich.edu/projects/smartcard/sectok.html">libsectok</ulink> 94 </para> 78 95 79 96 <bridgehead renderas="sect4">Optional Runtime (Used only to gather entropy)</bridgehead> 80 <para role="optional"><xref linkend="icedtea6"/> or <xref linkend="jdk"/>, 81 <xref linkend="net-tools"/>, and 82 <xref linkend="sysstat"/>.</para> 83 84 <para condition="html" role="usernotes">User Notes: 85 <ulink url='&blfs-wiki;/OpenSSH'/></para> 86 97 <para role="optional"> 98 <xref linkend="icedtea6"/> or <xref linkend="jdk"/>, 99 <xref linkend="net-tools"/> and 100 <xref linkend="sysstat"/>. 101 </para> 102 103 <para condition="html" role="usernotes"> 104 User Notes: <ulink url='&blfs-wiki;/OpenSSH'/> 105 </para> 87 106 </sect2> 88 107 … … 90 109 <title>Installation of OpenSSH</title> 91 110 92 <para><application>OpenSSH</application> runs as two processes when 93 connecting to other computers. The first process is a privileged process 94 and controls the issuance of privileges as necessary. The second process 95 communicates with the network. Additional installation steps are necessary 96 to set up the proper environment, which are performed by issuing the 97 following commands as the <systemitem class="username">root</systemitem> 98 user:</para> 111 <para> 112 <application>OpenSSH</application> runs as two processes when connecting 113 to other computers. The first process is a privileged process and controls 114 the issuance of privileges as necessary. The second process communicates 115 with the network. Additional installation steps are necessary to set up 116 the proper environment, which are performed by issuing the following 117 commands as the <systemitem class="username">root</systemitem> user: 118 </para> 99 119 100 120 <screen role="root"><userinput>install -v -m700 -d /var/lib/sshd && … … 104 124 -s /bin/false -u 50 sshd</userinput></screen> 105 125 106 <para><application>OpenSSH</application> is very sensitive to changes in 107 the linked <application>OpenSSL</application> libraries. If you recompile 108 <application>OpenSSL</application>, <application>OpenSSH</application> may 109 fail to start up. An alternative is to link against the static 110 <application>OpenSSL</application> library. To link against the static 111 library, execute the following command:</para> 126 <para> 127 <application>OpenSSH</application> is very sensitive to changes in the 128 linked <application>OpenSSL</application> libraries. If you recompile 129 <application>OpenSSL</application>, <application>OpenSSH</application> may 130 fail to start up. An alternative is to link against the static 131 <application>OpenSSL</application> library. To link against the static 132 library, execute the following command: 133 </para> 112 134 113 135 <screen><userinput>sed -i 's@-lcrypto@/usr/lib/libcrypto.a -ldl@' configure</userinput></screen> 114 136 115 <para>Install <application>OpenSSH</application> by running 116 the following commands:</para> 137 <para> 138 Install <application>OpenSSH</application> by running the following 139 commands: 140 </para> 117 141 118 142 <screen><userinput>sed -i.bak '/K5LIBS=/s/ -ldes//' configure && … … 120 144 --sysconfdir=/etc/ssh \ 121 145 --datadir=/usr/share/sshd \ 122 --libexecdir=/usr/lib/openssh \123 146 --with-md5-passwords \ 124 147 --with-privsep-path=/var/lib/sshd && 125 148 make</userinput></screen> 126 149 127 <para>If you linked <application>tcp_wrappers</application> into the 128 build using the <option>--with-tcp-wrappers</option> parameter, ensure 129 you add 127.0.0.1 to the sshd line in <filename>/etc/hosts.allow</filename> 130 if you have a restrictive <filename>/etc/hosts.deny</filename> file, or the 131 test suite will fail. Additionally, the testsuite requires an installed 132 copy of <command>scp</command> to complete the multiplexing tests. To 133 run the test suite, first copy the scp program to 134 <filename class="directory">/usr/bin</filename>, making sure that you 135 back up any existing copy first.</para> 136 137 <para>To run the test suite, issue the following commands:</para> 150 <para> 151 If you linked <application>tcp_wrappers</application> into the build using 152 the <option>--with-tcp-wrappers</option> parameter, ensure you add 153 127.0.0.1 to the sshd line in <filename>/etc/hosts.allow</filename> if you 154 have a restrictive <filename>/etc/hosts.deny</filename> file, or the test 155 suite will fail. Additionally, the testsuite requires an installed copy of 156 <command>scp</command> to complete the multiplexing tests. To run the test 157 suite, first copy the scp program to 158 <filename class="directory">/usr/bin</filename>, making sure that you back 159 up any existing copy first. 160 </para> 161 162 <para> 163 To run the test suite, issue the following commands: 164 </para> 138 165 139 166 <screen role="root"><userinput>make tests 2>&1 | tee check.log 140 167 grep FATAL check.log</userinput></screen> 141 168 142 <para>If the above command produces no 'FATAL' errors, then proceed 143 with the installation, as the 144 <systemitem class="username">root</systemitem> user:</para> 169 <para> 170 If the above command produces no 'FATAL' errors, then proceed with the 171 installation, as the <systemitem class="username">root</systemitem> user: 172 </para> 145 173 146 174 <screen role="root"><userinput>make install && … … 148 176 install -v -m644 INSTALL LICENCE OVERVIEW README* \ 149 177 /usr/share/doc/openssh-&openssh-version;</userinput></screen> 150 151 178 </sect2> 152 179 … … 154 181 <title>Command Explanations</title> 155 182 156 <para><command>sed -i.bak '/K5LIBS=/s/ -ldes//' configure</command>: 157 This command fixes a build crash if you used the 158 <option>--with-kerberos5</option> parameter and you built the 159 <application>Heimdal</application> package in accordance with the BLFS 160 instructions. The command is harmless in all other instances.</para> 161 162 <para><parameter>--sysconfdir=/etc/ssh</parameter>: This prevents 163 the configuration files from being installed in 164 <filename class="directory">/usr/etc</filename>.</para> 165 166 <para><parameter>--datadir=/usr/share/sshd</parameter>: This switch 167 puts the Ssh.bin file (used for SmartCard authentication) in 168 <filename class="directory">/usr/share/sshd</filename>.</para> 169 170 <para><parameter>--with-md5-passwords</parameter>: This is required 171 with the default configuration of Shadow password suite in LFS.</para> 172 173 <para><parameter>--libexecdir=/usr/lib/openssh</parameter>: This parameter 174 changes the installation path of some programs to 175 <filename class="directory">/usr/lib/openssh</filename> instead of 176 <filename class="directory">/usr/libexec</filename>.</para> 177 178 <para><parameter>--with-pam</parameter>: This parameter enables 179 <application>Linux-PAM</application> support in the build.</para> 180 181 <para><parameter>--with-xauth=/usr/bin/xauth</parameter>: Set the 182 default location for the <command>xauth</command> binary for X 183 authentication. Change the location if <command>xauth</command> will 184 be installed to a different path. This can also be controlled from 185 <filename>sshd_config</filename> with the XAuthLocation keyword. 186 You can omit this switch if <application>Xorg</application> is already 187 installed. 188 </para> 189 190 <para><parameter>--with-kerberos5=/usr</parameter>: This option is used to 191 include Heimdal support in the build.</para> 183 <para> 184 <command>sed -i.bak '/K5LIBS=/s/ -ldes//' configure</command>: This sed 185 fixes a build crash if you used the <option>--with-kerberos5</option> 186 option. The command is harmless in all other instances. 187 </para> 188 189 <para> 190 <parameter>--sysconfdir=/etc/ssh</parameter>: This prevents the 191 configuration files from being installed in 192 <filename class="directory">/usr/etc</filename>. 193 </para> 194 195 <para> 196 <parameter>--datadir=/usr/share/sshd</parameter>: This switch puts the 197 Ssh.bin file (used for SmartCard authentication) in 198 <filename class="directory">/usr/share/sshd</filename>. 199 </para> 200 201 <para> 202 <parameter>--with-md5-passwords</parameter>: This enables the use of MD5 203 passwords. 204 </para> 205 206 <para> 207 <parameter>--with-pam</parameter>: This parameter enables 208 <application>Linux-PAM</application> support in the build. 209 </para> 210 211 <para> 212 <parameter>--with-xauth=/usr/bin/xauth</parameter>: Set the default 213 location for the <command>xauth</command> binary for X authentication. 214 Change the location if <command>xauth</command> will be installed to a 215 different path. This can also be controlled from 216 <filename>sshd_config</filename> with the XAuthLocation keyword. You can 217 omit this switch if <application>Xorg</application> is already installed. 218 </para> 219 220 <para> 221 <parameter>--with-kerberos5=/usr</parameter>: This option is used to 222 include Kerberos 5 support in the build. 223 </para> 192 224 193 225 </sect2> … … 196 228 <title>Configuring OpenSSH</title> 197 229 198 <para>If you are only going to use the <command>ssh</command> or199 <command>scp</command> clients, no configuration or boot scripts are200 required.</para>201 202 230 <sect3 id="openssh-config"> 203 231 <title>Config Files</title> 204 232 205 <para><filename>~/.ssh/*</filename>, 233 <para> 234 <filename>~/.ssh/*</filename>, 206 235 <filename>/etc/ssh/ssh_config</filename>, and 207 <filename>/etc/ssh/sshd_config</filename></para> 236 <filename>/etc/ssh/sshd_config</filename> 237 </para> 208 238 209 239 <indexterm zone="openssh openssh-config"> … … 219 249 </indexterm> 220 250 221 <para>There are no required changes to any of these files. However, 222 you may wish to view the <filename class='directory'>/etc/ssh/</filename> 223 files and make any changes appropriate for the security of your system. 224 One recommended change is that you disable 225 <systemitem class='username'>root</systemitem> login via 226 <command>ssh</command>. Execute the following command as the 227 <systemitem class='username'>root</systemitem> user to disable 228 <systemitem class='username'>root</systemitem> login via 229 <command>ssh</command>:</para> 251 <para> 252 There are no required changes to any of these files. However, 253 you may wish to view the 254 <filename class='directory'>/etc/ssh/</filename> files and make any 255 changes appropriate for the security of your system. One recommended 256 change is that you disable 257 <systemitem class='username'>root</systemitem> login via 258 <command>ssh</command>. Execute the following command as the 259 <systemitem class='username'>root</systemitem> user to disable 260 <systemitem class='username'>root</systemitem> login via 261 <command>ssh</command>: 262 </para> 230 263 231 264 <screen role="root"><userinput>echo "PermitRootLogin no" >> /etc/ssh/sshd_config</userinput></screen> 232 265 233 <para>If you added <application>LinuxPAM</application> support, then you 234 will need to add a configuration file for 235 <application>sshd</application> and enable use of 236 <application>LinuxPAM</application>. Issue the following commands as the 237 <systemitem class='username'>root</systemitem> user:</para> 266 <para> 267 If you want to be able to log in without typing in your password, first 268 create ~/.ssh/id_rsa and ~/.ssh/id_rsa.pub with 269 <command>ssh-keygen</command> and then copy ~/.ssh/id_rsa.pub to 270 ~/.ssh/authorized_keys on the remote computer that you want to log into. 271 You'll need to change REMOTE_HOSTNAME for the hostname of the remote 272 computer and you'll also need to enter you password for the ssh command 273 to succeed: 274 </para> 275 276 <screen><userinput>ssh-keygen && 277 public_key="$(cat ~/.ssh/id_rsa.pub)" && 278 ssh REMOTE_HOSTNAME "echo ${public_key} >> ~/.ssh/authorized_keys" && 279 unset public_key</userinput></screen> 280 281 <para> 282 Once you've got passwordless logins working it's actually more secure 283 than logging in with a password (as the private key is much longer than 284 most people's passwords). If you would like to now disable password 285 logins, as the <systemitem class="username">root</systemitem> user: 286 </para> 287 288 289 <screen role="root"><userinput>echo "PasswordAuthentication no" >> /etc/ssh/sshd_config && 290 echo "ChallengeResponseAuthentication no" >> /etc/ssh/sshd_config</userinput></screen> 291 292 <para> 293 If you added <application>LinuxPAM</application> support and you want 294 ssh to use it then you will need to add a configuration file for 295 <application>sshd</application> and enable use of 296 <application>LinuxPAM</application>. Note, ssh only uses PAM to check 297 passwords, if you've disabled password logins these commands are not 298 needed. If you want to use PAM issue the following commands as the 299 <systemitem class='username'>root</systemitem> user: 300 </para> 238 301 239 302 <screen role="root"><userinput>sed 's@d/login@d/sshd@g' /etc/pam.d/login > /etc/pam.d/sshd && … … 241 304 echo "USEPAM yes" >> /etc/ssh/sshd_config</userinput></screen> 242 305 243 <para>Additional configuration information can be found in the man 244 pages for <command>sshd</command>, <command>ssh</command> and 245 <command>ssh-agent</command>.</para> 246 306 <para> 307 Additional configuration information can be found in the man 308 pages for <command>sshd</command>, <command>ssh</command> and 309 <command>ssh-agent</command>. 310 </para> 247 311 </sect3> 248 312 … … 250 314 <title>Boot Script</title> 251 315 252 <para>To start the SSH server at system boot, install the 316 <para> 317 To start the SSH server at system boot, install the 253 318 <filename>/etc/rc.d/init.d/sshd</filename> init script included 254 in the <xref linkend="bootscripts"/> package.</para> 319 in the <xref linkend="bootscripts"/> package. 320 </para> 255 321 256 322 <indexterm zone="openssh openssh-init"> … … 259 325 260 326 <screen role="root"><userinput>make install-sshd</userinput></screen> 261 262 327 </sect3> 263 264 328 </sect2> 265 329 … … 269 333 <segmentedlist> 270 334 <segtitle>Installed Programs</segtitle> 271 <segtitle>Installed Libraries</segtitle>272 335 <segtitle>Installed Directories</segtitle> 273 336 274 337 <seglistitem> 275 <seg>scp, sftp, sftp-server, slogin, ssh, sshd, ssh-add, ssh-agent, 276 ssh-keygen, ssh-keyscan, and ssh-keysign</seg> 277 <seg>None</seg> 278 <seg>/etc/ssh, /var/lib/sshd, /usr/lib/openssh, and 279 /usr/share/doc/openssh-&openssh-version;</seg> 338 <seg> 339 scp, sftp, sftp-server, slogin, ssh, sshd, ssh-add, ssh-agent, 340 ssh-keygen, ssh-keyscan and ssh-keysign. 341 </seg> 342 <seg> 343 /etc/ssh, 344 /var/lib/sshd, 345 /usr/lib/openssh and 346 /usr/share/doc/openssh-&openssh-version;. 347 </seg> 280 348 </seglistitem> 281 349 </segmentedlist> … … 289 357 <term><command>scp</command></term> 290 358 <listitem> 291 <para>is a file copy program that acts like <command>rcp</command> 292 except it uses an encrypted protocol.</para> 359 <para> 360 is a file copy program that acts like <command>rcp</command> except 361 it uses an encrypted protocol. 362 </para> 293 363 <indexterm zone="openssh scp"> 294 364 <primary sortas="b-scp">scp</primary> … … 300 370 <term><command>sftp</command></term> 301 371 <listitem> 302 <para>is an FTP-like program that works over 303 SSH1 and SSH2 protocols.</para> 372 <para> 373 is an FTP-like program that works over the SSH1 and SSH2 protocols. 374 </para> 304 375 <indexterm zone="openssh sftp"> 305 376 <primary sortas="b-sftp">sftp</primary> … … 311 382 <term><command>sftp-server</command></term> 312 383 <listitem> 313 <para>is an SFTP server subsystem. This program is not normally 314 called directly by the user.</para> 384 <para> 385 is an SFTP server subsystem. This program is not normally called 386 directly by the user. 387 </para> 315 388 <indexterm zone="openssh sftp-server"> 316 389 <primary sortas="b-sftp-server">sftp-server</primary> … … 322 395 <term><command>slogin</command></term> 323 396 <listitem> 324 <para>is a symlink to <command>ssh</command>.</para> 397 <para> 398 is a symlink to <command>ssh</command>. 399 </para> 325 400 <indexterm zone="openssh slogin"> 326 401 <primary sortas="g-slogin">slogin</primary> … … 332 407 <term><command>ssh</command></term> 333 408 <listitem> 334 <para>is an <command>rlogin</command>/<command>rsh</command>-like 335 client program except it uses an encrypted protocol.</para> 409 <para> 410 is an <command>rlogin</command>/<command>rsh</command>-like client 411 program except it uses an encrypted protocol. 412 </para> 336 413 <indexterm zone="openssh ssh"> 337 414 <primary sortas="b-ssh">ssh</primary> … … 343 420 <term><command>sshd</command></term> 344 421 <listitem> 345 <para>is a daemon that listens for <command>ssh</command> login 346 requests.</para> 422 <para> 423 is a daemon that listens for <command>ssh</command> login requests. 424 </para> 347 425 <indexterm zone="openssh sshd"> 348 426 <primary sortas="b-sshd">sshd</primary> … … 354 432 <term><command>ssh-add</command></term> 355 433 <listitem> 356 <para>is a tool which adds keys to the 357 <command>ssh-agent</command>.</para> 434 <para> 435 is a tool which adds keys to the <command>ssh-agent</command>. 436 </para> 358 437 <indexterm zone="openssh ssh-add"> 359 438 <primary sortas="b-ssh-add">ssh-add</primary> … … 365 444 <term><command>ssh-agent</command></term> 366 445 <listitem> 367 <para>is an authentication agent that can store private keys.</para> 446 <para> 447 is an authentication agent that can store private keys. 448 </para> 368 449 <indexterm zone="openssh ssh-agent"> 369 450 <primary sortas="b-ssh-agent">ssh-agent</primary> … … 375 456 <term><command>ssh-keygen</command></term> 376 457 <listitem> 377 <para>is a key generation tool.</para> 458 <para> 459 is a key generation tool. 460 </para> 378 461 <indexterm zone="openssh ssh-keygen"> 379 462 <primary sortas="b-ssh-keygen">ssh-keygen</primary> … … 385 468 <term><command>ssh-keyscan</command></term> 386 469 <listitem> 387 <para>is a utility for gathering public host keys from a 388 number of hosts.</para> 470 <para> 471 is a utility for gathering public host keys from a number of hosts. 472 </para> 389 473 <indexterm zone="openssh ssh-keyscan"> 390 474 <primary sortas="b-ssh-keyscan">ssh-keyscan</primary> … … 396 480 <term><command>ssh-keysign</command></term> 397 481 <listitem> 398 <para>is used by <command>ssh</command> to access the local host 399 keys and generate the digital signature required during hostbased 400 authentication with SSH protocol version 2. This program is not normally 401 called directly by the user.</para> 482 <para> 483 is used by <command>ssh</command> to access the local host keys and 484 generate the digital signature required during hostbased 485 authentication with SSH protocol version 2. This program is not 486 normally called directly by the user. 487 </para> 402 488 <indexterm zone="openssh ssh-keysign"> 403 489 <primary sortas="b-ssh-keysign">ssh-keysign</primary> … … 405 491 </listitem> 406 492 </varlistentry> 407 408 493 </variablelist> 409 410 494 </sect2> 411 412 495 </sect1>
Note:
See TracChangeset
for help on using the changeset viewer.