1*4a421b63SDag-Erling Smørgrav.\" $OpenBSD: ssh-keysign.8,v 1.12 2010/08/31 11:54:45 djm Exp $ 2545d5ecaSDag-Erling Smørgrav.\" 3545d5ecaSDag-Erling Smørgrav.\" Copyright (c) 2002 Markus Friedl. All rights reserved. 4545d5ecaSDag-Erling Smørgrav.\" 5545d5ecaSDag-Erling Smørgrav.\" Redistribution and use in source and binary forms, with or without 6545d5ecaSDag-Erling Smørgrav.\" modification, are permitted provided that the following conditions 7545d5ecaSDag-Erling Smørgrav.\" are met: 8545d5ecaSDag-Erling Smørgrav.\" 1. Redistributions of source code must retain the above copyright 9545d5ecaSDag-Erling Smørgrav.\" notice, this list of conditions and the following disclaimer. 10545d5ecaSDag-Erling Smørgrav.\" 2. Redistributions in binary form must reproduce the above copyright 11545d5ecaSDag-Erling Smørgrav.\" notice, this list of conditions and the following disclaimer in the 12545d5ecaSDag-Erling Smørgrav.\" documentation and/or other materials provided with the distribution. 13545d5ecaSDag-Erling Smørgrav.\" 14545d5ecaSDag-Erling Smørgrav.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 15545d5ecaSDag-Erling Smørgrav.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 16545d5ecaSDag-Erling Smørgrav.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 17545d5ecaSDag-Erling Smørgrav.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 18545d5ecaSDag-Erling Smørgrav.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 19545d5ecaSDag-Erling Smørgrav.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 20545d5ecaSDag-Erling Smørgrav.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 21545d5ecaSDag-Erling Smørgrav.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 22545d5ecaSDag-Erling Smørgrav.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 23545d5ecaSDag-Erling Smørgrav.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 24545d5ecaSDag-Erling Smørgrav.\" 25*4a421b63SDag-Erling Smørgrav.Dd August 31, 2010 26545d5ecaSDag-Erling Smørgrav.Dt SSH-KEYSIGN 8 27545d5ecaSDag-Erling Smørgrav.Os 28545d5ecaSDag-Erling Smørgrav.Sh NAME 29545d5ecaSDag-Erling Smørgrav.Nm ssh-keysign 30761efaa7SDag-Erling Smørgrav.Nd ssh helper program for host-based authentication 31545d5ecaSDag-Erling Smørgrav.Sh SYNOPSIS 32545d5ecaSDag-Erling Smørgrav.Nm 33545d5ecaSDag-Erling Smørgrav.Sh DESCRIPTION 34545d5ecaSDag-Erling Smørgrav.Nm 35545d5ecaSDag-Erling Smørgravis used by 36545d5ecaSDag-Erling Smørgrav.Xr ssh 1 37545d5ecaSDag-Erling Smørgravto access the local host keys and generate the digital signature 38761efaa7SDag-Erling Smørgravrequired during host-based authentication with SSH protocol version 2. 394b17dab0SDag-Erling Smørgrav.Pp 404b17dab0SDag-Erling Smørgrav.Nm 414b17dab0SDag-Erling Smørgravis disabled by default and can only be enabled in the 42d0c8c0bcSDag-Erling Smørgravglobal client configuration file 434b17dab0SDag-Erling Smørgrav.Pa /etc/ssh/ssh_config 444b17dab0SDag-Erling Smørgravby setting 45d0c8c0bcSDag-Erling Smørgrav.Cm EnableSSHKeysign 464b17dab0SDag-Erling Smørgravto 474b17dab0SDag-Erling Smørgrav.Dq yes . 484b17dab0SDag-Erling Smørgrav.Pp 49545d5ecaSDag-Erling Smørgrav.Nm 50545d5ecaSDag-Erling Smørgravis not intended to be invoked by the user, but from 51545d5ecaSDag-Erling Smørgrav.Xr ssh 1 . 52545d5ecaSDag-Erling SmørgravSee 53545d5ecaSDag-Erling Smørgrav.Xr ssh 1 54545d5ecaSDag-Erling Smørgravand 55545d5ecaSDag-Erling Smørgrav.Xr sshd 8 56761efaa7SDag-Erling Smørgravfor more information about host-based authentication. 57545d5ecaSDag-Erling Smørgrav.Sh FILES 58*4a421b63SDag-Erling Smørgrav.Bl -tag -width Ds -compact 594b17dab0SDag-Erling Smørgrav.It Pa /etc/ssh/ssh_config 604b17dab0SDag-Erling SmørgravControls whether 614b17dab0SDag-Erling Smørgrav.Nm 624b17dab0SDag-Erling Smørgravis enabled. 63*4a421b63SDag-Erling Smørgrav.Pp 64*4a421b63SDag-Erling Smørgrav.It Pa /etc/ssh/ssh_host_dsa_key 65*4a421b63SDag-Erling Smørgrav.It Pa /etc/ssh/ssh_host_ecdsa_key 66*4a421b63SDag-Erling Smørgrav.It Pa /etc/ssh/ssh_host_rsa_key 67545d5ecaSDag-Erling SmørgravThese files contain the private parts of the host keys used to 68d0c8c0bcSDag-Erling Smørgravgenerate the digital signature. 69d0c8c0bcSDag-Erling SmørgravThey should be owned by root, readable only by root, and not 70545d5ecaSDag-Erling Smørgravaccessible to others. 71545d5ecaSDag-Erling SmørgravSince they are readable only by root, 72545d5ecaSDag-Erling Smørgrav.Nm 73761efaa7SDag-Erling Smørgravmust be set-uid root if host-based authentication is used. 74*4a421b63SDag-Erling Smørgrav.Pp 75*4a421b63SDag-Erling Smørgrav.It Pa /etc/ssh/ssh_host_dsa_key-cert.pub 76*4a421b63SDag-Erling Smørgrav.It Pa /etc/ssh/ssh_host_ecdsa_key-cert.pub 77*4a421b63SDag-Erling Smørgrav.It Pa /etc/ssh/ssh_host_rsa_key-cert.pub 78e2f6069cSDag-Erling SmørgravIf these files exist they are assumed to contain public certificate 79e2f6069cSDag-Erling Smørgravinformation corresponding with the private keys above. 80545d5ecaSDag-Erling Smørgrav.El 81545d5ecaSDag-Erling Smørgrav.Sh SEE ALSO 82545d5ecaSDag-Erling Smørgrav.Xr ssh 1 , 83545d5ecaSDag-Erling Smørgrav.Xr ssh-keygen 1 , 844b17dab0SDag-Erling Smørgrav.Xr ssh_config 5 , 85545d5ecaSDag-Erling Smørgrav.Xr sshd 8 86545d5ecaSDag-Erling Smørgrav.Sh HISTORY 87545d5ecaSDag-Erling Smørgrav.Nm 88545d5ecaSDag-Erling Smørgravfirst appeared in 89545d5ecaSDag-Erling Smørgrav.Ox 3.2 . 90d95e11bfSDag-Erling Smørgrav.Sh AUTHORS 91d95e11bfSDag-Erling Smørgrav.An Markus Friedl Aq markus@openbsd.org 92