xref: /freebsd/crypto/openssh/pathnames.h (revision 7d8f797b725e3efc0a4256554654780df83c456c)
1 /* $OpenBSD: pathnames.h,v 1.24 2013/12/06 13:39:49 markus Exp $ */
2 /* $FreeBSD$ */
3 
4 /*
5  * Author: Tatu Ylonen <ylo@cs.hut.fi>
6  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
7  *                    All rights reserved
8  *
9  * As far as I am concerned, the code I have written for this software
10  * can be used freely for any purpose.  Any derived versions of this
11  * software must be clearly marked as such, and if the derived work is
12  * incompatible with the protocol description in the RFC file, it must be
13  * called by a name other than "ssh" or "Secure Shell".
14  */
15 
16 #define ETCDIR				"/etc"
17 
18 #ifndef SSHDIR
19 #define SSHDIR				ETCDIR "/ssh"
20 #endif
21 
22 #ifndef _PATH_SSH_PIDDIR
23 #define _PATH_SSH_PIDDIR		"/var/run"
24 #endif
25 
26 /*
27  * System-wide file containing host keys of known hosts.  This file should be
28  * world-readable.
29  */
30 #define _PATH_SSH_SYSTEM_HOSTFILE	SSHDIR "/ssh_known_hosts"
31 /* backward compat for protocol 2 */
32 #define _PATH_SSH_SYSTEM_HOSTFILE2	SSHDIR "/ssh_known_hosts2"
33 
34 /*
35  * Of these, ssh_host_key must be readable only by root, whereas ssh_config
36  * should be world-readable.
37  */
38 #define _PATH_SERVER_CONFIG_FILE	SSHDIR "/sshd_config"
39 #define _PATH_HOST_CONFIG_FILE		SSHDIR "/ssh_config"
40 #define _PATH_HOST_KEY_FILE		SSHDIR "/ssh_host_key"
41 #define _PATH_HOST_DSA_KEY_FILE		SSHDIR "/ssh_host_dsa_key"
42 #define _PATH_HOST_ECDSA_KEY_FILE	SSHDIR "/ssh_host_ecdsa_key"
43 #define _PATH_HOST_ED25519_KEY_FILE	SSHDIR "/ssh_host_ed25519_key"
44 #define _PATH_HOST_RSA_KEY_FILE		SSHDIR "/ssh_host_rsa_key"
45 #define _PATH_DH_MODULI			SSHDIR "/moduli"
46 /* Backwards compatibility */
47 #define _PATH_DH_PRIMES			SSHDIR "/primes"
48 
49 #ifndef _PATH_SSH_PROGRAM
50 #define _PATH_SSH_PROGRAM		"/usr/bin/ssh"
51 #endif
52 
53 /*
54  * The process id of the daemon listening for connections is saved here to
55  * make it easier to kill the correct daemon when necessary.
56  */
57 #define _PATH_SSH_DAEMON_PID_FILE	_PATH_SSH_PIDDIR "/sshd.pid"
58 
59 /*
60  * The directory in user's home directory in which the files reside. The
61  * directory should be world-readable (though not all files are).
62  */
63 #define _PATH_SSH_USER_DIR		".ssh"
64 
65 /*
66  * Per-user file containing host keys of known hosts.  This file need not be
67  * readable by anyone except the user him/herself, though this does not
68  * contain anything particularly secret.
69  */
70 #define _PATH_SSH_USER_HOSTFILE		"~/" _PATH_SSH_USER_DIR "/known_hosts"
71 /* backward compat for protocol 2 */
72 #define _PATH_SSH_USER_HOSTFILE2	"~/" _PATH_SSH_USER_DIR "/known_hosts2"
73 
74 /*
75  * Name of the default file containing client-side authentication key. This
76  * file should only be readable by the user him/herself.
77  */
78 #define _PATH_SSH_CLIENT_IDENTITY	_PATH_SSH_USER_DIR "/identity"
79 #define _PATH_SSH_CLIENT_ID_DSA		_PATH_SSH_USER_DIR "/id_dsa"
80 #define _PATH_SSH_CLIENT_ID_ECDSA	_PATH_SSH_USER_DIR "/id_ecdsa"
81 #define _PATH_SSH_CLIENT_ID_RSA		_PATH_SSH_USER_DIR "/id_rsa"
82 #define _PATH_SSH_CLIENT_ID_ED25519	_PATH_SSH_USER_DIR "/id_ed25519"
83 
84 /*
85  * Configuration file in user's home directory.  This file need not be
86  * readable by anyone but the user him/herself, but does not contain anything
87  * particularly secret.  If the user's home directory resides on an NFS
88  * volume where root is mapped to nobody, this may need to be world-readable.
89  */
90 #define _PATH_SSH_USER_CONFFILE		_PATH_SSH_USER_DIR "/config"
91 
92 /*
93  * File containing a list of those rsa keys that permit logging in as this
94  * user.  This file need not be readable by anyone but the user him/herself,
95  * but does not contain anything particularly secret.  If the user's home
96  * directory resides on an NFS volume where root is mapped to nobody, this
97  * may need to be world-readable.  (This file is read by the daemon which is
98  * running as root.)
99  */
100 #define _PATH_SSH_USER_PERMITTED_KEYS	_PATH_SSH_USER_DIR "/authorized_keys"
101 
102 /* backward compat for protocol v2 */
103 #define _PATH_SSH_USER_PERMITTED_KEYS2	_PATH_SSH_USER_DIR "/authorized_keys2"
104 
105 /*
106  * Per-user and system-wide ssh "rc" files.  These files are executed with
107  * /bin/sh before starting the shell or command if they exist.  They will be
108  * passed "proto cookie" as arguments if X11 forwarding with spoofing is in
109  * use.  xauth will be run if neither of these exists.
110  */
111 #define _PATH_SSH_USER_RC		_PATH_SSH_USER_DIR "/rc"
112 #define _PATH_SSH_SYSTEM_RC		SSHDIR "/sshrc"
113 
114 /*
115  * Ssh-only version of /etc/hosts.equiv.  Additionally, the daemon may use
116  * ~/.rhosts and /etc/hosts.equiv if rhosts authentication is enabled.
117  */
118 #define _PATH_SSH_HOSTS_EQUIV		SSHDIR "/shosts.equiv"
119 #define _PATH_RHOSTS_EQUIV		"/etc/hosts.equiv"
120 
121 /*
122  * Default location of askpass
123  */
124 #ifndef _PATH_SSH_ASKPASS_DEFAULT
125 #define _PATH_SSH_ASKPASS_DEFAULT	"/usr/local/bin/ssh-askpass"
126 #endif
127 
128 /* Location of ssh-keysign for hostbased authentication */
129 #ifndef _PATH_SSH_KEY_SIGN
130 #define _PATH_SSH_KEY_SIGN		"/usr/libexec/ssh-keysign"
131 #endif
132 
133 /* Location of ssh-pkcs11-helper to support keys in tokens */
134 #ifndef _PATH_SSH_PKCS11_HELPER
135 #define _PATH_SSH_PKCS11_HELPER		"/usr/libexec/ssh-pkcs11-helper"
136 #endif
137 
138 /* xauth for X11 forwarding */
139 #ifndef _PATH_XAUTH
140 #define _PATH_XAUTH			"/usr/local/bin/xauth"
141 #endif
142 
143 /* UNIX domain socket for X11 server; displaynum will replace %u */
144 #ifndef _PATH_UNIX_X
145 #define _PATH_UNIX_X "/tmp/.X11-unix/X%u"
146 #endif
147 
148 /* for scp */
149 #ifndef _PATH_CP
150 #define _PATH_CP			"cp"
151 #endif
152 
153 /* for sftp */
154 #ifndef _PATH_SFTP_SERVER
155 #define _PATH_SFTP_SERVER		"/usr/libexec/sftp-server"
156 #endif
157 
158 /* chroot directory for unprivileged user when UsePrivilegeSeparation=yes */
159 #ifndef _PATH_PRIVSEP_CHROOT_DIR
160 #define _PATH_PRIVSEP_CHROOT_DIR	"/var/empty"
161 #endif
162 
163 /* for passwd change */
164 #ifndef _PATH_PASSWD_PROG
165 #define _PATH_PASSWD_PROG             "/usr/bin/passwd"
166 #endif
167 
168 #ifndef _PATH_LS
169 #define _PATH_LS			"ls"
170 #endif
171 
172 /* path to login program */
173 #ifndef LOGIN_PROGRAM
174 # ifdef LOGIN_PROGRAM_FALLBACK
175 #  define LOGIN_PROGRAM         LOGIN_PROGRAM_FALLBACK
176 # else
177 #  define LOGIN_PROGRAM         "/usr/bin/login"
178 # endif
179 #endif /* LOGIN_PROGRAM */
180 
181 /* Askpass program define */
182 #ifndef ASKPASS_PROGRAM
183 #define ASKPASS_PROGRAM         "/usr/lib/ssh/ssh-askpass"
184 #endif /* ASKPASS_PROGRAM */
185