Web page hosting, cheap domain name & website promotion services
  

 Home
Red Hat Linux 7.2: The Official Red Hat Linux Reference Guide
PrevChapter 10. SSH ProtocolNext

OpenSSH Configuration Files

OpenSSH has two different sets of configuration files, one for the client programs (ssh, scp, and sftp) and the other for the server service (sshd), located in two different areas.

System-wide SSH configuration information is stored in the /etc/ssh directory:

  • primes — Contains Diffie-Hellman groups used for the Diffie-Hellman key exchange. Basically, this key exchange creates a shared secret value that cannot be determined by either party alone and is used to provide host authentication. This file is critical for constructing a secure transport layer.

  • ssh_config — The system-wide SSH client configuration file used to direct the SSH client. If a user has her own configuration file available in her home directory (~/.ssh/config), then its values will override the values stored in /etc/ssh/ssh_config.

  • sshd_config — The configuration file for sshd.

  • ssh_host_dsa_key — The DSA private key used by sshd.

  • ssh_host_dsa_key.pub — The DSA public key used by sshd.

  • ssh_host_key — The RSA private key used by sshd for version 1 of the SSH protocol.

  • ssh_host_key.pub — The RSA public key used by sshd for version 1 of the SSH protocol.

  • ssh_host_rsa_key — The RSA private key used by sshd for version 2 of the SSH protocol.

  • ssh_host_rsa_key.pub — The RSA public key used by sshd for version 2 of the SSH protocol.

User-specific SSH configuration information is stored in the user's home directory within the .ssh subdirectory:

  • authorized_keys2 — The file that holds a list of "authorized" public keys. If a connecting user can prove that they know the private key which corresponds to any of these, then they are authenticated. Note, this is only an optional authentication method.

  • id_dsa — Contains the DSA authentication identity of the user.

  • id_dsa.pub — The DSA public key of the user.

  • id_rsa — The RSA public key used by sshd for version 2 of the SSH protocol.

  • identity — The RSA private key used by sshd for version 1 of the SSH protocol.

  • known_hosts2 — Stores the DSA host keys of the servers a user logs into via SSH when the user elects to record them. If a server has its host keys legitimately altered, perhaps on a re-installation of Red Hat Linux, the user will be notified that the host key stored in the known_hosts2 file that corresponds with this host does not match. Then, the user must delete that host's key in known_hosts in order to store the new host key for that system. The known_hosts2 file is very important for ensuring that the client is connecting the correct server. If a host's key has changed, and you are not absolutely certain why it has changed, then you should contact the host's system administrator to make sure that the host has not be compromised.

See the man pages for ssh and sshd for information concerning the various directives available in the SSH configuration files.

PrevHomeNext
Layers of SSH SecurityUpMore Than a Secure Shell
 

 

 

 

Buy Cheap domains and domain register |  Cheap domain registration and transfer 

Disclaimer: For authoritative source or latest update to this documentation, please refer to http://www.redhat.com/docs/manuals/linux/

 

 
Quotes: To see a World in a Grain of Sand And a Heaven in a Wild Flower, Hold Infinity in the palm of your hand And Eternity in an hour.