Domain hosting, buy domain names & web page promotion services
  

 Home
Red Hat Linux 8.0: The Official Red Hat Linux Reference Guide
PrevChapter 9. SSH ProtocolNext

OpenSSH Configuration Files

OpenSSH has two different sets of configuration files: one for client programs (ssh, scp, and sftp) and one for the server daemon (sshd).

System-wide SSH configuration information is stored in the /etc/ssh/ directory:

  • moduli — Contains Diffie-Hellman groups used for the Diffie-Hellman key exchange which is critical for constructing a secure transport layer. When keys are exchanged at the beginning of an SSH session, a shared, secret value is created which cannot be determined by either party alone. This value is then used to provide host authentication.

  • ssh_config — The system-wide default SSH client configuration file. It is overridden if one is also present in the user's home directory (~/.ssh/config).

  • sshd_config — The configuration file for the sshd daemon.

  • ssh_host_dsa_key — The DSA private key used by the sshd daemon.

  • ssh_host_dsa_key.pub — The DSA public key used by the sshd daemon.

  • ssh_host_key — The RSA private key used by the sshd daemon for version 1 of the SSH protocol.

  • ssh_host_key.pub — The RSA public key used by the sshd daemon for version 1 of the SSH protocol.

  • ssh_host_rsa_key — The RSA private key used by the sshd daemon for version 2 of the SSH protocol.

  • ssh_host_rsa_key.pub — The RSA public key used by the sshd for version 2 of the SSH protocol.

User-specific SSH configuration information is stored in the user's home directory within the ~/.ssh/ directory:

  • authorized_keys — This file holds a list of "authorized" public keys for servers. When the client connects to a server, the server authenticates the client by checking its signed public key stored within this file. This is an optional authentication method.

  • id_dsa — Contains the DSA authentication identity of the user.

  • id_dsa.pub — The DSA public key of the user.

  • id_rsa — The RSA public key used by sshd for version 2 of the SSH protocol.

  • identity — The RSA private key used by sshd for version 1 of the SSH protocol.

  • known_hosts — This file contains DSA host keys of SSH servers accessed by the user. This file is very important for ensuring that the SSH client is connecting the correct SSH server. If a host's key has changed, and you are not absolutely certain why, you should contact the system administrator of the SSH server to make sure that the server has not been compromised. If a server's host keys are legitimately altered by a re-installation of Red Hat Linux the next time you log into that server you will be notified that the host key stored in the known_hosts file does not match. To connect to the server, the user must open the known_hosts file in a text editor and delete the key for that host. This allows the SSH client to create a new host key.

See the man pages for ssh and sshd for information concerning the various directives available in the SSH configuration files.

PrevHomeNext
Layers of SSH SecurityUpMore Than a Secure Shell
 

 

 

 

Buy domain name by 895cheap-domain.com |  Web site ranking and promotion 

Disclaimer: For authoritative source or latest update to this documentation, please refer to http://www.redhat.com/docs/manuals/linux/

 
Quotes: The quality of a person's life is in direct proportion to their commitment to excellence, regardless of their chosen field of endeavor.