2015-01-05 16:09:55 +00:00
|
|
|
SSH-KEYSIGN(8) System Manager's Manual SSH-KEYSIGN(8)
|
2008-07-23 09:15:38 +00:00
|
|
|
|
|
|
|
NAME
|
2021-02-14 21:04:52 +00:00
|
|
|
ssh-keysign M-bM-^@M-^S OpenSSH helper for host-based authentication
|
2008-07-23 09:15:38 +00:00
|
|
|
|
|
|
|
SYNOPSIS
|
|
|
|
ssh-keysign
|
|
|
|
|
|
|
|
DESCRIPTION
|
|
|
|
ssh-keysign is used by ssh(1) to access the local host keys and generate
|
2016-03-10 20:10:25 +00:00
|
|
|
the digital signature required during host-based authentication.
|
2008-07-23 09:15:38 +00:00
|
|
|
|
|
|
|
ssh-keysign is disabled by default and can only be enabled in the global
|
|
|
|
client configuration file /etc/ssh/ssh_config by setting EnableSSHKeysign
|
2015-07-02 13:15:34 +00:00
|
|
|
to M-bM-^@M-^\yesM-bM-^@M-^].
|
2008-07-23 09:15:38 +00:00
|
|
|
|
|
|
|
ssh-keysign is not intended to be invoked by the user, but from ssh(1).
|
2010-11-08 10:45:44 +00:00
|
|
|
See ssh(1) and sshd(8) for more information about host-based
|
|
|
|
authentication.
|
2008-07-23 09:15:38 +00:00
|
|
|
|
|
|
|
FILES
|
|
|
|
/etc/ssh/ssh_config
|
|
|
|
Controls whether ssh-keysign is enabled.
|
|
|
|
|
2011-02-17 11:47:40 +00:00
|
|
|
/etc/ssh/ssh_host_ecdsa_key
|
2014-01-30 10:56:49 +00:00
|
|
|
/etc/ssh/ssh_host_ed25519_key
|
2011-02-17 11:47:40 +00:00
|
|
|
/etc/ssh/ssh_host_rsa_key
|
2008-07-23 09:15:38 +00:00
|
|
|
These files contain the private parts of the host keys used to
|
|
|
|
generate the digital signature. They should be owned by root,
|
|
|
|
readable only by root, and not accessible to others. Since they
|
|
|
|
are readable only by root, ssh-keysign must be set-uid root if
|
|
|
|
host-based authentication is used.
|
|
|
|
|
2011-02-17 11:47:40 +00:00
|
|
|
/etc/ssh/ssh_host_ecdsa_key-cert.pub
|
2014-01-30 10:56:49 +00:00
|
|
|
/etc/ssh/ssh_host_ed25519_key-cert.pub
|
2011-02-17 11:47:40 +00:00
|
|
|
/etc/ssh/ssh_host_rsa_key-cert.pub
|
2022-04-08 17:19:17 +00:00
|
|
|
If these files exist, they are assumed to contain public
|
2010-11-08 10:45:44 +00:00
|
|
|
certificate information corresponding with the private keys
|
|
|
|
above.
|
|
|
|
|
2008-07-23 09:15:38 +00:00
|
|
|
SEE ALSO
|
|
|
|
ssh(1), ssh-keygen(1), ssh_config(5), sshd(8)
|
|
|
|
|
|
|
|
HISTORY
|
|
|
|
ssh-keysign first appeared in OpenBSD 3.2.
|
|
|
|
|
|
|
|
AUTHORS
|
|
|
|
Markus Friedl <markus@openbsd.org>
|
|
|
|
|
2024-07-01 14:01:36 +00:00
|
|
|
OpenBSD 7.5 June 17, 2024 OpenBSD 7.5
|