Windows PowerShell command on Get-command ssh-keysign
MyWebUniversity

Manual Pages for UNIX Operating System command usage for man ssh-keysign




System Administration Commands                    ssh-keysign(1M)





NAME

     ssh-keysign - ssh helper program for host-based  authentica-

     tion


SYNOPSIS

     ssh-keysign




DESCRIPTION

     ssh-keysign is used by ssh(1) to access the local host  keys

     and  generate  the  digital  signature required during host-

     based authentication with SSH protocol version 2. This  sig-

     nature is of data that includes, among other items, the name
     of the client host and the name of the client user.



     ssh-keysign is disabled by default and can be  enabled  only

     in  the global client configuration file /etc/ssh/ssh_config

     by setting HostbasedAuthentication to yes.



     ssh-keysign is not intended to be invoked by the  user,  but

     from ssh. See ssh(1) and sshd(1M) for more information about

     host-based authentication.


FILES

     /etc/ssh/ssh_config          Controls whether ssh-keysign is

                                  enabled.



     /etc/ssh/ssh_host_dsa_key    These files contain the private

     /etc/ssh/ssh_host_rsa_key    parts  of the host keys used to

                                  generate the digital signature.
                                  They  should  be owned by root,
                                  readable only by root, and  not
                                  accessible  to  others. Because
                                  they are readable only by root,

                                  ssh-keysign   must  be  set-uid

                                  root if host-based  authentica-

                                  tion is used.


SECURITY

     ssh-keysign will not  sign  host-based  authentication  data

     under the following conditions:

         o    If the HostbasedAuthentication client configuration

              parameter is not set to yes in /etc/ssh/ssh_config.

              This  setting  cannot  be   overriden   in   users'

              ~/.ssh/ssh_config files.


         o    If   the   client   hostname   and   username    in




SunOS 5.11           Last change: 9 Jun 2004                    1








System Administration Commands                    ssh-keysign(1M)





              /etc/ssh/ssh_config  do  not  match  the  canonical

              hostname of the client where ssh-keysign is invoked

              and the name of the user invoking ssh-keysign.




     In spite of ssh-keysign's restrictions on  the  contents  of

     the  host-based authentication data, there remains the abil-

     ity of users to use  it  as  an  avenue  for  obtaining  the

     client's  private  host  keys.  For  this  reason host-based

     authentication is turned off by default.


ATTRIBUTES

     See attributes(5) for descriptions of the  following  attri-

     butes:




     ____________________________________________________________

    |       ATTRIBUTE TYPE        |       ATTRIBUTE VALUE       |

    |_____________________________|_____________________________|

    | Availability                | network/ssh                 |

    |_____________________________|_____________________________|

    | Interface Stability         | Committed                   |

    |_____________________________|_____________________________|




SEE ALSO

     ssh(1), sshd(1M), ssh_config(4), attributes(5)


AUTHORS
     Markus Friedl, markus@openbsd.org

HISTORY

     ssh-keysign first appeared in Ox 3.2.























SunOS 5.11           Last change: 9 Jun 2004                    2



Contact us      |      About us      |      Term of use      |       Copyright © 2000-2019 MyWebUniversity.com ™