| .\" $OpenBSD: ssh-keysign.8,v 1.6 2003/03/28 10:11:43 jmc Exp $ |
| .\" |
| .\" Copyright (c) 2002 Markus Friedl. All rights reserved. |
| .\" |
| .\" Redistribution and use in source and binary forms, with or without |
| .\" modification, are permitted provided that the following conditions |
| .\" are met: |
| .\" 1. Redistributions of source code must retain the above copyright |
| .\" notice, this list of conditions and the following disclaimer. |
| .\" 2. Redistributions in binary form must reproduce the above copyright |
| .\" notice, this list of conditions and the following disclaimer in the |
| .\" documentation and/or other materials provided with the distribution. |
| .\" |
| .\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR |
| .\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES |
| .\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. |
| .\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, |
| .\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT |
| .\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, |
| .\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY |
| .\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT |
| .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
| .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
| .\" |
| .Dd May 24, 2002 |
| .Dt SSH-KEYSIGN 8 |
| .Os |
| .Sh NAME |
| .Nm ssh-keysign |
| .Nd ssh helper program for hostbased authentication |
| .Sh SYNOPSIS |
| .Nm |
| .Sh DESCRIPTION |
| .Nm |
| is used by |
| .Xr ssh 1 |
| to access the local host keys and generate the digital signature |
| required during hostbased authentication with SSH protocol version 2. |
| .Pp |
| .Nm |
| is disabled by default and can only be enabled in the |
| global client configuration file |
| .Pa /etc/ssh/ssh_config |
| by setting |
| .Cm EnableSSHKeysign |
| to |
| .Dq yes . |
| .Pp |
| .Nm |
| is not intended to be invoked by the user, but from |
| .Xr ssh 1 . |
| See |
| .Xr ssh 1 |
| and |
| .Xr sshd 8 |
| for more information about hostbased authentication. |
| .Sh FILES |
| .Bl -tag -width Ds |
| .It Pa /etc/ssh/ssh_config |
| Controls whether |
| .Nm |
| is enabled. |
| .It Pa /etc/ssh/ssh_host_dsa_key, /etc/ssh/ssh_host_rsa_key |
| These files contain the private parts of the host keys used to |
| generate the digital signature. |
| They should be owned by root, readable only by root, and not |
| accessible to others. |
| Since they are readable only by root, |
| .Nm |
| must be set-uid root if hostbased authentication is used. |
| .El |
| .Sh SEE ALSO |
| .Xr ssh 1 , |
| .Xr ssh-keygen 1 , |
| .Xr ssh_config 5 , |
| .Xr sshd 8 |
| .Sh AUTHORS |
| Markus Friedl <markus@openbsd.org> |
| .Sh HISTORY |
| .Nm |
| first appeared in |
| .Ox 3.2 . |