Domain hosting, cheap domain name & website promotion services
  

 Home

Red Hat Linux 7.3: The Official Red Hat Linux Reference Guide
PrevChapter 10. SSH ProtocolNext

OpenSSH Configuration Files

OpenSSH has two different sets of configuration files: one for client programs (ssh, scp, and sftp) and one for the server service (sshd).

System-wide SSH configuration information is stored in the /etc/ssh/ directory:

  • moduli — Contains Diffie-Hellman groups used for the Diffie-Hellman key exchange which is critical for constructing a secure transport layer. When keys are exchanged at the beginning of an SSH session, a shared, secret value is created which cannot be determined by either party alone. This value is then used to provide host authentication.

  • ssh_config — The system-wide default SSH client configuration file. It is overridden if one is also present in the user's home directory (~/.ssh/config).

  • sshd_config — The configuration file for sshd.

  • ssh_host_dsa_key — The DSA private key used by sshd.

  • ssh_host_dsa_key.pub — The DSA public key used by sshd.

  • ssh_host_key — The RSA private key used by sshd for version 1 of the SSH protocol.

  • ssh_host_key.pub — The RSA public key used by sshd for version 1 of the SSH protocol.

  • ssh_host_rsa_key — The RSA private key used by sshd for version 2 of the SSH protocol.

  • ssh_host_rsa_key.pub — The RSA public key used by sshd for version 2 of the SSH protocol.

User-specific SSH configuration information is stored in the user's home directory within the ~/.ssh/ directory:

  • authorized_keys — The file that holds a list of "authorized" public keys. If a connecting user can prove that they know the private key which corresponds to any of these, then they are authenticated. Note, this is only an optional authentication method.

  • id_dsa — Contains the DSA authentication identity of the user.

  • id_dsa.pub — The DSA public key of the user.

  • id_rsa — The RSA public key used by sshd for version 2 of the SSH protocol.

  • identity — The RSA private key used by sshd for version 1 of the SSH protocol.

  • known_hosts — This file contains DSA host keys of SSH servers accessed by the user. This file is very important for ensuring that the SSH client is connecting the correct SSH server. If a host's key has changed, and you are not absolutely certain why, you should contact the system administrator of the SSH server to make sure that the server has not been compromised. If a server's host keys are legitimately altered by a re-installation of Red Hat Linux the next time you log into that server you will be notified that the host key stored in the known_hosts file does not match. To connect to the server, the user must open the known_hosts file in a text editor and delete the key for that host. This allows the SSH client to create a new host key.

See the man pages for ssh and sshd for information concerning the various directives available in the SSH configuration files.


PrevHomeNext
Layers of SSH SecurityUpMore Than a Secure Shell
 

 

 

 

Buy domain name by 895cheap-domain.com |  Web site ranking and promotion 

Disclaimer: For authoritative source or latest update to this documentation, please refer to http://www.redhat.com/docs/manuals/linux/

 

 
Quotes: The poor wish to be rich, the rich wish to be happy, the single wish to be married and the married wish to be dead.People who have attained things worth having in this world have worked while others have idled, have persevered while others gave up in despair, and have practiced early in life the valuable habits of self-denial, industry, and singleness of purpose. As a result, they enjoy in later life the success often erroneously attributed to good luck.