14b17dab0SDag-Erling Smørgrav.\" $OpenBSD: ssh-keysign.8,v 1.3 2002/07/03 14:21:05 markus Exp $ 2545d5ecaSDag-Erling Smørgrav.\" 3545d5ecaSDag-Erling Smørgrav.\" Copyright (c) 2002 Markus Friedl. All rights reserved. 4545d5ecaSDag-Erling Smørgrav.\" 5545d5ecaSDag-Erling Smørgrav.\" Redistribution and use in source and binary forms, with or without 6545d5ecaSDag-Erling Smørgrav.\" modification, are permitted provided that the following conditions 7545d5ecaSDag-Erling Smørgrav.\" are met: 8545d5ecaSDag-Erling Smørgrav.\" 1. Redistributions of source code must retain the above copyright 9545d5ecaSDag-Erling Smørgrav.\" notice, this list of conditions and the following disclaimer. 10545d5ecaSDag-Erling Smørgrav.\" 2. Redistributions in binary form must reproduce the above copyright 11545d5ecaSDag-Erling Smørgrav.\" notice, this list of conditions and the following disclaimer in the 12545d5ecaSDag-Erling Smørgrav.\" documentation and/or other materials provided with the distribution. 13545d5ecaSDag-Erling Smørgrav.\" 14545d5ecaSDag-Erling Smørgrav.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 15545d5ecaSDag-Erling Smørgrav.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 16545d5ecaSDag-Erling Smørgrav.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 17545d5ecaSDag-Erling Smørgrav.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 18545d5ecaSDag-Erling Smørgrav.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 19545d5ecaSDag-Erling Smørgrav.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 20545d5ecaSDag-Erling Smørgrav.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 21545d5ecaSDag-Erling Smørgrav.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 22545d5ecaSDag-Erling Smørgrav.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 23545d5ecaSDag-Erling Smørgrav.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 24545d5ecaSDag-Erling Smørgrav.\" 25545d5ecaSDag-Erling Smørgrav.Dd May 24, 2002 26545d5ecaSDag-Erling Smørgrav.Dt SSH-KEYSIGN 8 27545d5ecaSDag-Erling Smørgrav.Os 28545d5ecaSDag-Erling Smørgrav.Sh NAME 29545d5ecaSDag-Erling Smørgrav.Nm ssh-keysign 30545d5ecaSDag-Erling Smørgrav.Nd ssh helper program for hostbased authentication 31545d5ecaSDag-Erling Smørgrav.Sh SYNOPSIS 32545d5ecaSDag-Erling Smørgrav.Nm 33545d5ecaSDag-Erling Smørgrav.Sh DESCRIPTION 34545d5ecaSDag-Erling Smørgrav.Nm 35545d5ecaSDag-Erling Smørgravis used by 36545d5ecaSDag-Erling Smørgrav.Xr ssh 1 37545d5ecaSDag-Erling Smørgravto access the local host keys and generate the digital signature 38545d5ecaSDag-Erling Smørgravrequired during hostbased authentication with SSH protocol version 2. 394b17dab0SDag-Erling Smørgrav.Pp 404b17dab0SDag-Erling Smørgrav.Nm 414b17dab0SDag-Erling Smørgravis disabled by default and can only be enabled in the 424b17dab0SDag-Erling Smørgravthe global client configuration file 434b17dab0SDag-Erling Smørgrav.Pa /etc/ssh/ssh_config 444b17dab0SDag-Erling Smørgravby setting 454b17dab0SDag-Erling Smørgrav.Cm HostbasedAuthentication 464b17dab0SDag-Erling Smørgravto 474b17dab0SDag-Erling Smørgrav.Dq yes . 484b17dab0SDag-Erling Smørgrav.Pp 49545d5ecaSDag-Erling Smørgrav.Nm 50545d5ecaSDag-Erling Smørgravis not intended to be invoked by the user, but from 51545d5ecaSDag-Erling Smørgrav.Xr ssh 1 . 52545d5ecaSDag-Erling SmørgravSee 53545d5ecaSDag-Erling Smørgrav.Xr ssh 1 54545d5ecaSDag-Erling Smørgravand 55545d5ecaSDag-Erling Smørgrav.Xr sshd 8 56545d5ecaSDag-Erling Smørgravfor more information about hostbased authentication. 57545d5ecaSDag-Erling Smørgrav.Sh FILES 58545d5ecaSDag-Erling Smørgrav.Bl -tag -width Ds 594b17dab0SDag-Erling Smørgrav.It Pa /etc/ssh/ssh_config 604b17dab0SDag-Erling SmørgravControls whether 614b17dab0SDag-Erling Smørgrav.Nm 624b17dab0SDag-Erling Smørgravis enabled. 63545d5ecaSDag-Erling Smørgrav.It Pa /etc/ssh/ssh_host_dsa_key, /etc/ssh/ssh_host_rsa_key 64545d5ecaSDag-Erling SmørgravThese files contain the private parts of the host keys used to 65545d5ecaSDag-Erling Smørgravgenerate the digital signature. They 66545d5ecaSDag-Erling Smørgravshould be owned by root, readable only by root, and not 67545d5ecaSDag-Erling Smørgravaccessible to others. 68545d5ecaSDag-Erling SmørgravSince they are readable only by root, 69545d5ecaSDag-Erling Smørgrav.Nm 70545d5ecaSDag-Erling Smørgravmust be set-uid root if hostbased authentication is used. 71545d5ecaSDag-Erling Smørgrav.El 72545d5ecaSDag-Erling Smørgrav.Sh SEE ALSO 73545d5ecaSDag-Erling Smørgrav.Xr ssh 1 , 74545d5ecaSDag-Erling Smørgrav.Xr ssh-keygen 1 , 754b17dab0SDag-Erling Smørgrav.Xr ssh_config 5 , 76545d5ecaSDag-Erling Smørgrav.Xr sshd 8 77545d5ecaSDag-Erling Smørgrav.Sh AUTHORS 78545d5ecaSDag-Erling SmørgravMarkus Friedl <markus@openbsd.org> 79545d5ecaSDag-Erling Smørgrav.Sh HISTORY 80545d5ecaSDag-Erling Smørgrav.Nm 81545d5ecaSDag-Erling Smørgravfirst appeared in 82545d5ecaSDag-Erling Smørgrav.Ox 3.2 . 83