| blob | 9cf66ce59761b0c7cf1c08064f243546fc0912e0 |
1 .TH SSH-KEYSIGN 8 "December 7 2013 " ""
2 .SH NAME
3 \fBssh-keysign\fP
4 \- ssh helper program for host-based authentication
5 .SH SYNOPSIS
6 .br
7 \fBssh-keysign\fP
8 .SH DESCRIPTION
9 \fBssh-keysign\fP
10 is used by
11 \fBssh\fP(1)
12 to access the local host keys and generate the digital signature
13 required during host-based authentication with SSH protocol version 2.
15 \fBssh-keysign\fP
16 is disabled by default and can only be enabled in the
17 global client configuration file
18 \fI/etc/ssh/ssh_config\fP
19 by setting
20 \fBEnableSSHKeysign\fP
21 to
22 ``yes''.
24 \fBssh-keysign\fP
25 is not intended to be invoked by the user, but from
26 \fBssh\fP(1).
27 See
28 \fBssh\fP(1)
29 and
30 \fBsshd\fP(8)
31 for more information about host-based authentication.
32 .SH FILES
33 .TP
34 .B /etc/ssh/ssh_config
35 Controls whether
36 \fBssh-keysign\fP
37 is enabled.
39 .TP
40 .B /etc/ssh/ssh_host_dsa_key
41 .TP
42 .B /etc/ssh/ssh_host_ecdsa_key
43 .TP
44 .B /etc/ssh/ssh_host_ed25519_key
45 .TP
46 .B /etc/ssh/ssh_host_rsa_key
47 These files contain the private parts of the host keys used to
48 generate the digital signature.
49 They should be owned by root, readable only by root, and not
50 accessible to others.
51 Since they are readable only by root,
52 \fBssh-keysign\fP
53 must be set-uid root if host-based authentication is used.
55 .TP
56 .B /etc/ssh/ssh_host_dsa_key-cert.pub
57 .TP
58 .B /etc/ssh/ssh_host_ecdsa_key-cert.pub
59 .TP
60 .B /etc/ssh/ssh_host_ed25519_key-cert.pub
61 .TP
62 .B /etc/ssh/ssh_host_rsa_key-cert.pub
63 If these files exist they are assumed to contain public certificate
64 information corresponding with the private keys above.
65 .SH SEE ALSO
66 \fBssh\fP(1),
67 \fBssh-keygen\fP(1),
68 \fBssh_config\fP(5),
69 \fBsshd\fP(8)
70 .SH HISTORY
71 \fBssh-keysign\fP
72 first appeared in
73 OpenBSD 3.2 .
74 .SH AUTHORS
76 Markus Friedl <Mt markus@openbsd.org>