ssh_config - OpenSSH SSH client configuration files
List of Configuration files
For Key purposes
For Configuration purposes
a) ssh_config - SSH client configuration file (i.e. is used by the ssh program itself).
b) sshd_config - SSH daemon configuration file (i.e. is used by sshd)
User-specific configuration files
For Key purposes
~/.ssh/id_dsa Contains the DSA private key of the user.
~/.ssh/id_dsa.pub The DSA public key of the user.
~/.ssh/id_rsa The RSA private key used by ssh for version 2 of the SSH protocol.
~/.ssh/id_rsa.pub The RSA public key used by ssh for version 2 of the SSH protocol.
~/.ssh/identity The RSA private key used by ssh for version 1 of the SSH protocol.
~/.ssh/identity.pub The RSA public key used by ssh for version 1 of the SSH protocol.
~/.ssh/known_hosts Contains DSA host keys of SSH servers accessed by the user. For Configuration purposes
a) ssh_config - SSH client configuration file (i.e. is used by the ssh program itself).
c) /etc/pam.d/sshd- The PAM configuration file for the sshd daemon.
d) /etc/sysconfig/sshd - Configuration file for the sshd service.User-specific configuration files
a) ~/.ssh/authorized_keys Holds a list of authorized public keys for servers. When the client connects to a server, the server authenticates the client by checking its signed public key stored within this file.
More info About configuration files
ssh_config: configuration file for the ssh client on
the host machine you are running. For example, if you want to ssh to another
remote host machine, you use a SSH client. Every settings for this SSH client
will be using ssh_config, such as port number, protocol version and
encryption/MAC algorithms.
sshd_config: configuration file for the sshd daemon
(the program that listens to any incoming connection request to the ssh port)
on the host machine. That is to say, if someone wants to connect to your host machine
via SSH, their SSH client settings must match your sshd_config settings in
order to communicate with you, such as port number, version and so on.
For example, most times we change the SSH port number
for security reason. Take an example as follows:
For the SSH port number, ssh_config is manually set to
be 1000 (decided by the remote host), sshd_config is set to be 5555. If anyone
wants to connect to your host, they MUST set their ssh client port always to
1000. However, you will always use port 5555 as the default port (instead of
the 22) to connect to a remote machine. If the remote machine uses another port
or the standard port, you need to specify the port number in the command line,
ssh is the command you use to connect to remote machines - the client.
ssh is the command you use to connect to remote machines - the client.
sshd is the daemon that is running and allows others
to connect to the machine - the server.
Table 14.2. User-specific
configuration files
You can edit the /etc/sysconfig/sshd file and change
the AUTOCREATE_SERVER_KEYS variable:
AUTOCREATE_SERVER_KEYS=NO
or
AUTOCREATE_SERVER_KEYS=RSAONLY
1) sshYou can edit the /etc/sysconfig/sshd file and change the AUTOCREATE_SERVER_KEYS variable:
Table 14.2. User-specific configuration files
1) ssh-copy-id
ssh-copy-id - install your public key in a remote
machine’s authorized_keys
ssh-copy-id [-i [identity_file]] [user@]machine
ssh-copy-id
is a script that uses ssh to log into a remote
machine (presumably using a login password, so password authentication should be
enabled, unless you’ve done some clever use of multiple identiies) It also
changes the permissions of the remote user’s home, ~/.ssh, and
~/.ssh/authorized_keys to remove group writability (which would otherwise
prevent you from logging in.
AUTOCREATE_SERVER_KEYS=NO
or
AUTOCREATE_SERVER_KEYS=RSAONLY
No comments:
Post a Comment