Domain hosting, cheap domain name & website promotion services
  

 Home
Red Hat Linux 7.3: The Official Red Hat Linux Reference Guide
PrevChapter 10. SSH ProtocolNext

OpenSSH Configuration Files

OpenSSH has two different sets of configuration files: one for client programs (ssh, scp, and sftp) and one for the server service (sshd).

System-wide SSH configuration information is stored in the /etc/ssh/ directory:

  • moduli — Contains Diffie-Hellman groups used for the Diffie-Hellman key exchange which is critical for constructing a secure transport layer. When keys are exchanged at the beginning of an SSH session, a shared, secret value is created which cannot be determined by either party alone. This value is then used to provide host authentication.

  • ssh_config — The system-wide default SSH client configuration file. It is overridden if one is also present in the user's home directory (~/.ssh/config).

  • sshd_config — The configuration file for sshd.

  • ssh_host_dsa_key — The DSA private key used by sshd.

  • ssh_host_dsa_key.pub — The DSA public key used by sshd.

  • ssh_host_key — The RSA private key used by sshd for version 1 of the SSH protocol.

  • ssh_host_key.pub — The RSA public key used by sshd for version 1 of the SSH protocol.

  • ssh_host_rsa_key — The RSA private key used by sshd for version 2 of the SSH protocol.

  • ssh_host_rsa_key.pub — The RSA public key used by sshd for version 2 of the SSH protocol.

User-specific SSH configuration information is stored in the user's home directory within the ~/.ssh/ directory:

  • authorized_keys — The file that holds a list of "authorized" public keys. If a connecting user can prove that they know the private key which corresponds to any of these, then they are authenticated. Note, this is only an optional authentication method.

  • id_dsa — Contains the DSA authentication identity of the user.

  • id_dsa.pub — The DSA public key of the user.

  • id_rsa — The RSA public key used by sshd for version 2 of the SSH protocol.

  • identity — The RSA private key used by sshd for version 1 of the SSH protocol.

  • known_hosts — This file contains DSA host keys of SSH servers accessed by the user. This file is very important for ensuring that the SSH client is connecting the correct SSH server. If a host's key has changed, and you are not absolutely certain why, you should contact the system administrator of the SSH server to make sure that the server has not been compromised. If a server's host keys are legitimately altered by a re-installation of Red Hat Linux the next time you log into that server you will be notified that the host key stored in the known_hosts file does not match. To connect to the server, the user must open the known_hosts file in a text editor and delete the key for that host. This allows the SSH client to create a new host key.

See the man pages for ssh and sshd for information concerning the various directives available in the SSH configuration files.

PrevHomeNext
Layers of SSH SecurityUpMore Than a Secure Shell
 

 

 

 

Buy domain name by 895cheap-domain.com |  Web site ranking and promotion 

Disclaimer: For authoritative source or latest update to this documentation, please refer to http://www.redhat.com/docs/manuals/linux/

 

 
Quotes: Be not afraid of greatness: some are born great, some achieve greatness, and some have greatness thrust upon them.In everyone's life, at some time, our inner fire goes out. It is then burst into flame by an encounter with another human being. We should all be thankful for those people who rekindle the inner spirit.