The OpenNET Project / Index page

[ новости /+++ | форум | wiki | теги | ]

Интерактивная система просмотра системных руководств (man-ов)

 ТемаНаборКатегория 
 
 [Cписок руководств | Печать]

sshd2 (8)
  • >> sshd2 (8) ( Solaris man: Команды системного администрирования )
  • 
    NAME
         sshd2 - secure shell daemon
    
    
    SYNOPSIS
         sshd2 [-d debug_level_spec] [-f config_file]
         [-h host_key_file] [-o options] [-p port] [-v]
         [-g login_grace_time] [-i] [-q]
    
    
    
    DESCRIPTION
         Sshd2 (Secure Shell Daemon) is the daemon program for  ssh2.
         Together,  these  programs  replace  the rlogin and rsh pro-
         grams, and provide secure encrypted  communications  between
         two  untrusted hosts over an insecure network.  The programs
         are intended to be as easy to install and use as possible.
    
         Sshd2 is normally started  at  boot  from  /etc/rc.local  or
         equivalent.  It forks a new daemon for each incoming connec-
         tion.  The forked daemons handle key  exchange,  encryption,
         authentication, command execution, and data exchange.
    
         Sshd2 can be configured using command-line options or a con-
         figuration   file.   Command-line  options  override  values
         specified in the configuration file.
    
    OPTIONS
         -d debug_level_spec
              Debug mode.  The server sends verbose debug  output  to
              stderr.  This option is only intended for debugging for
              the server.  The debugging level is either a number, or
              a      comma-separated      list     of     assignments
              "ModulePattern=debug_level".
    
         -f configuration_file
              Specifies the name  of  the  configuration  file.   The
              default is /etc/ssh2/sshd2_config.
    
         -h host_key_file
              Specifies the file from which  the  host  key  is  read
              (default  /etc/ssh2/hostkey).   If  sshd2 is not run as
              root,   the   default   host   key   file    will    be
              $HOME$/.ssh2/hostkey.
    
         -o 'option'
              Can be used to give options in the format used  in  the
              configuration  files.   This  is  useful for specifying
              options for which there  is  no  separate  command-line
              flag.   The option has the same format as a line in the
              configuration file.  Comment lines  are  not  currently
    
              accepted.
    
         -p port
              Specifies the port on which the server listens for con-
              nections. The default port is 22.
    
         -v   Enable verbose mode.  Display  verbose  debugging  mes-
              sages.  Equal to `-d 2'. This option can also be speci-
              fied in the configuration file.
    
         -q   Quiet mode.  Nothing is sent to the system  log.   Nor-
              mally the beginning, authentication, and termination of
              each connection is logged.  This  option  can  also  be
              specified in the configuration file.
    
         -g login_grace_time
              Gives the grace time for clients to authenticate  them-
              selves  (the  default  is  600 seconds).  If the client
              fails  to  authenticate  the  user  within  this   many
              seconds,  the server disconnects and exits.  A value of
              zero indicates no limit.
    
         -i   Specifies that sshd is being run from inetd.
    
         Sshd2 reads configuration data  from  /etc/ssh2/sshd2_config
         (or  the  file  specified with -f on the command line).  The
         file contains keyword-value  pairs,  one  per  line.   Lines
         starting  with  '#'  and empty lines are interpreted as com-
         ments.
    
         For the format of sshd2_config, see sshd2_config(5).
    
    
    LOGIN PROCESS
         When a user successfully logs in, sshd2 does the following:
    
         1.   Changes to run with normal user privileges.
    
         2.   Sets up basic environment.
    
         3.   Reads /etc/environment if it exists.
    
         4.   Changes to the user's home directory.
    
         5.   Runs the user's shell or command.
    
    
    SSH WITH TCP WRAPPERS
         When sshd2 is compiled with TCP wrappers libraries, then the
         hosts.allow/deny files also control who can connect to ports
         forwarded by sshd2.
    
         The program names in the hosts.allow/deny files are sshd2 or
         sshd   (depending   on  how  you  execute  sshd2),  sshdfwd-
         <portname>, sshdfwd-<portnumber>, and sshdfwd-X11  for  for-
         warded ports the ssh client or server is listening.
    
         If the port has a defined name, you must use it.
    
    
    FILES
         /etc/ssh2/sshd2_config
              Contains  configuration  data  for  sshd2.   This  file
              should  be writable by root only, but it is recommended
              (though not necessary) that it be world-readable.
    
         /etc/ssh2/hostkey
              Contains the private part of the host key.   This  file
              is  normally  created  automatically by "make install",
              but can also be created manually using  ssh-keygen2(1).
              This  file  should only be owned by root, readable only
              by root, and not accessible to others.
    
         /etc/ssh2/hostkey.pub
              Contains the public part of the host key.  This file is
              normally  created  automatically by "make install", but
              can also be created  manually.   This  file  should  be
              world-readable but writable only by root.  Its contents
              should match the private part.
    
         /etc/ssh2/random_seed
              This file contains a seed for the random number genera-
              tor.  This file should only be accessible by root.
    
         $HOME/.ssh2/authorization
              contains information on how the server will verify  the
              identity of an user. See ssh2(1) for more information.
    
         $HOME/.hushlogin
              If this file exists, sshd2 will not  print  information
              during login. (This is normally user's last login time,
              message of the day and mailcheck.)
    
    
         /etc/nologin
              If this file exists, sshd2 refuses to let anyone except
              root log in.  The contents of the file are displayed to
              anyone trying to log in, and non-root  connections  are
              refused.  The file should be world-readable.
    
    
         $HOME/.rhosts
              This file contains host-username pairs, separated by  a
              space,   one   per   line.    The  given  user  on  the
              corresponding host is permitted to log in without pass-
              word.   The  same  file  is  used  by rlogind and rshd.
              sshd2 differs from rlogind and rshd in that it requires
              public  host key authentication in addition to validat-
              ing the host name retrieved from domain  name  servers.
              The  file  must  be  writable  only  by the user; it is
              recommended that it not be accessible by others.
    
              It is also possible  to  use  netgroups  in  the  file.
              Either host or user name may be of the form +@groupname
              to specify all hosts or all users in the group.
    
         $HOME/.shosts
              For ssh2, this file is exactly the same as for .rhosts.
              However,  this  file is not used by rlogin and rshd, so
              using this permits access using ssh2 only.
    
         /etc/hosts.equiv
              This file is used during  .rhosts  authentication.   In
              its  simplest  form, this file contains host names, one
              per line.  Users on those hosts are permitted to log in
              without  a  password,  provided they have the same user
              name on both machines.  The host name may also be  fol-
              lowed  by  a user name; such users are permitted to log
              in as any user on this machine  (except  root).   Addi-
              tionally,  the  syntax  +@group  can be used to specify
              netgroups.  Negated entries start with '-'.
    
              If the client host/user is successfully matched in this
              file,  login  is  automatically  permitted provided the
              client and server user names are the  same.   Addition-
              ally,  successful host-based authentication is normally
              required.  This file must be writable only by root;  it
              is recommended that it be world-readable.
    
              Warning: It is almost never a good  idea  to  use  user
              names in hosts.equiv.  Beware that it really means that
              the named user(s) can log in as anybody, including bin,
              daemon,  adm,  and  other  accounts  that  own critical
              binaries and directories.  Using a  user  name  practi-
              cally  grants the user root access.  The only valid use
              for user names should be  in  negative  entries.   Note
              that this warning also applies to rsh/rlogin.
    
         /etc/shosts.equiv
              This is processed exactly as /etc/hosts.equiv. However,
              this  file  may  be useful in environments that want to
              run both rsh/rlogin and ssh2.
    
    
         $HOME/.ssh2/knownhosts/xxxxyyyy.pub
              These are the public host keys of  hosts  that  a  user
              wants  to  log in from using "hostbased"-authentication
              (equivalent with ssh1's RhostsRSAAuthentication). Also,
              a  user has to set up her/his $HOME/.shosts (which only
              ssh uses) or $HOME/.rhosts file  (insecure,  as  it  is
              used  by the r*-commands also). If username is the same
              in both hosts, it is adequate to put  the  public  host
              key  to /etc/ssh2/knownhosts and add the host's name to
              /etc/shosts.equiv (or /etc/hosts.equiv).
    
              xxxx denotes the host name (FQDN) and yyyy denotes  the
              public key algorithm of the key.
    
              For example, zappa.foo.fi's host key algorithm is  ssh-
              dss.  The  hostkey  would  be  named "zappa.foo.fi.ssh-
              dss.pub" in the knownhosts directory.
    
              Possible names for public key algorithms are  "ssh-dss"
              and "ssh-rsa" (without the quotes).
    
    
         /etc/ssh2/knownhosts/xxxxyyyy.pub
              As above, but system-wide. These can be  overridden  by
              the  user  by  putting  a  file  with  the same name to
              her/his $HOME/.ssh2/knownhosts directory.
    
    
    
    INSTALLATION
         Sshd2 is normally run as root.  If it is not run as root, it
         can  only  log in as the user it is running as, and password
         authentication may not work if the system uses shadow  pass-
         words.  An alternative host key file must also be used.
    
    
    AUTHORS
         SSH Communications Security Corp
    
         For more information, see http://www.ssh.com.
    
    
    SEE ALSO
         sshd2_config(5),  ssh2(1),  ssh-keygen2(1),   ssh-agent2(1),
         ssh-add2(1), scp2(1), sftp(1) rlogin(1), rsh(1), telnet(1)
    
    
    
    


    Поиск по тексту MAN-ов: 




    Спонсоры:
    Inferno Solutions
    Hosting by Hoster.ru
    Хостинг:

    Закладки на сайте
    Проследить за страницей
    Created 1996-2020 by Maxim Chirkov
    Добавить, Поддержать, Вебмастеру