diff options
| -rw-r--r-- | etc/changelist | 18 | ||||
| -rw-r--r-- | etc/mtree/4.4BSD.dist | 7 | ||||
| -rw-r--r-- | etc/mtree/4.4BSD.root | 8 | ||||
| -rw-r--r-- | etc/mtree/special | 4 | ||||
| -rw-r--r-- | etc/rc | 14 | ||||
| -rw-r--r-- | usr.bin/ssh/Makefile | 6 | ||||
| -rw-r--r-- | usr.bin/ssh/README | 2 | ||||
| -rw-r--r-- | usr.bin/ssh/pathnames.h | 19 | ||||
| -rw-r--r-- | usr.bin/ssh/session.c | 10 | ||||
| -rw-r--r-- | usr.bin/ssh/ssh-keyscan.1 | 4 | ||||
| -rw-r--r-- | usr.bin/ssh/ssh.1 | 26 | ||||
| -rw-r--r-- | usr.bin/ssh/sshd.8 | 38 | ||||
| -rw-r--r-- | usr.bin/ssh/sshd_config | 10 |
13 files changed, 90 insertions, 76 deletions
diff --git a/etc/changelist b/etc/changelist index fd689fe6eb8..afb0cd4c003 100644 --- a/etc/changelist +++ b/etc/changelist @@ -1,4 +1,4 @@ -# $OpenBSD: changelist,v 1.22 2001/10/14 02:17:05 millert Exp $ +# $OpenBSD: changelist,v 1.23 2002/02/09 17:37:34 deraadt Exp $ # # List of files which the security script backs up and checks # for modifications. @@ -77,14 +77,14 @@ /etc/shosts.equiv /etc/slip.hosts /etc/slip.login -/etc/ssh_config -+/etc/ssh_host_dsa_key -/etc/ssh_host_dsa_key.pub -+/etc/ssh_host_rsa_key -/etc/ssh_host_rsa_key.pub -+/etc/ssh_host_key -/etc/ssh_host_key.pub -/etc/sshd_config +/etc/ssh/ssh_config ++/etc/ssh/ssh_host_dsa_key +/etc/ssh/ssh_host_dsa_key.pub ++/etc/ssh/ssh_host_rsa_key +/etc/ssh/ssh_host_rsa_key.pub ++/etc/ssh/ssh_host_key +/etc/ssh/ssh_host_key.pub +/etc/ssh/sshd_config /etc/sudoers /etc/syslog.conf /etc/sysctl.conf diff --git a/etc/mtree/4.4BSD.dist b/etc/mtree/4.4BSD.dist index 98dbb5f43e2..945aabd034a 100644 --- a/etc/mtree/4.4BSD.dist +++ b/etc/mtree/4.4BSD.dist @@ -1,4 +1,4 @@ -# $OpenBSD: 4.4BSD.dist,v 1.118 2002/02/07 23:12:33 art Exp $ +# $OpenBSD: 4.4BSD.dist,v 1.119 2002/02/09 17:37:34 deraadt Exp $ /set type=dir uname=root gname=wheel mode=0755 # . @@ -104,6 +104,11 @@ sliphome # ./etc/sliphome .. +# ./etc/ssh +ssh +# ./etc/ssh +.. + # ./etc/ssl ssl diff --git a/etc/mtree/4.4BSD.root b/etc/mtree/4.4BSD.root index 1e54d45c6ae..4ab9e9d8593 100644 --- a/etc/mtree/4.4BSD.root +++ b/etc/mtree/4.4BSD.root @@ -1,4 +1,4 @@ -# $OpenBSD: 4.4BSD.root,v 1.7 2001/09/21 22:14:03 deraadt Exp $ +# $OpenBSD: 4.4BSD.root,v 1.8 2002/02/09 17:37:34 deraadt Exp $ # $NetBSD: 4.4BSD.root,v 1.2 1996/05/12 23:30:32 thorpej Exp $ # # user: bostic @@ -115,6 +115,12 @@ sliphome type=dir # ./etc/sliphome .. +# ./etc/ssh +/set type=file gname=wheel uname=root mode=0755 +ssh type=dir +# ./etc/ssh +.. + # ./etc .. diff --git a/etc/mtree/special b/etc/mtree/special index 09fab85fd5a..1f9f8d60537 100644 --- a/etc/mtree/special +++ b/etc/mtree/special @@ -1,4 +1,4 @@ -# $OpenBSD: special,v 1.38 2001/09/11 19:03:55 millert Exp $ +# $OpenBSD: special,v 1.39 2002/02/09 17:37:34 deraadt Exp $ # $NetBSD: special,v 1.4 1996/05/08 21:30:18 pk Exp $ # @(#)special 8.2 (Berkeley) 1/23/94 # @@ -70,6 +70,7 @@ security type=file mode=0644 uname=root gname=wheel shells type=file mode=0644 uname=root gname=wheel skeykeys type=file mode=0600 uname=root gname=wheel optional spwd.db type=file mode=0600 uname=root gname=wheel +ssh type=dir mode=0755 uname=root gname=wheel optional ignore ssh_config type=file mode=0644 uname=root gname=wheel ssh_host_dsa_key type=file mode=0600 uname=root gname=wheel optional ssh_host_dsa_key.pub type=file mode=0644 uname=root gname=wheel optional @@ -78,6 +79,7 @@ ssh_host_key.pub type=file mode=0644 uname=root gname=wheel optional ssh_host_rsa_key type=file mode=0600 uname=root gname=wheel optional ssh_host_rsa_key.pub type=file mode=0644 uname=root gname=wheel optional sshd_config type=file mode=0644 uname=root gname=wheel +.. #ssh syslog.conf type=file mode=0644 uname=root gname=wheel ttys type=file mode=0644 uname=root gname=wheel weekly type=file mode=0644 uname=root gname=wheel @@ -1,4 +1,4 @@ -# $OpenBSD: rc,v 1.188 2002/01/08 12:04:43 tholo Exp $ +# $OpenBSD: rc,v 1.189 2002/02/09 17:37:34 deraadt Exp $ # System startup script run by init on autoboot # or after single-user. @@ -382,25 +382,25 @@ if [ -f /sbin/ldconfig ]; then ldconfig $shlib_dirs fi -if [ ! -f /etc/ssh_host_dsa_key ]; then +if [ ! -f /etc/ssh/ssh_host_dsa_key ]; then echo -n "ssh-keygen: generating new DSA host key... " - if /usr/bin/ssh-keygen -q -t dsa -f /etc/ssh_host_dsa_key -N ''; then + if /usr/bin/ssh-keygen -q -t dsa -f /etc/ssh/ssh_host_dsa_key -N ''; then echo done. else echo failed. fi fi -if [ ! -f /etc/ssh_host_rsa_key ]; then +if [ ! -f /etc/ssh/ssh_host_rsa_key ]; then echo -n "ssh-keygen: generating new RSA host key... " - if /usr/bin/ssh-keygen -q -t rsa -f /etc/ssh_host_rsa_key -N ''; then + if /usr/bin/ssh-keygen -q -t rsa -f /etc/ssh/ssh_host_rsa_key -N ''; then echo done. else echo failed. fi fi -if [ ! -f /etc/ssh_host_key ]; then +if [ ! -f /etc/ssh/ssh_host_key ]; then echo -n "ssh-keygen: generating new RSA1 host key... " - if /usr/bin/ssh-keygen -q -t rsa1 -f /etc/ssh_host_key -N ''; then + if /usr/bin/ssh-keygen -q -t rsa1 -f /etc/ssh/ssh_host_key -N ''; then echo done. else echo failed. diff --git a/usr.bin/ssh/Makefile b/usr.bin/ssh/Makefile index 3cd0837d8aa..f1f871e8292 100644 --- a/usr.bin/ssh/Makefile +++ b/usr.bin/ssh/Makefile @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile,v 1.9 2001/06/28 21:55:27 markus Exp $ +# $OpenBSD: Makefile,v 1.10 2002/02/09 17:37:34 deraadt Exp $ .include <bsd.own.mk> @@ -7,8 +7,8 @@ SUBDIR= lib ssh sshd ssh-add ssh-keygen ssh-agent scp sftp-server \ distribution: install -C -o root -g wheel -m 0644 ${.CURDIR}/ssh_config \ - ${DESTDIR}/etc/ssh_config + ${DESTDIR}/etc/ssh/ssh_config install -C -o root -g wheel -m 0644 ${.CURDIR}/sshd_config \ - ${DESTDIR}/etc/sshd_config + ${DESTDIR}/etc/ssh/sshd_config .include <bsd.subdir.mk> diff --git a/usr.bin/ssh/README b/usr.bin/ssh/README index 4e75d62495e..c13098b318e 100644 --- a/usr.bin/ssh/README +++ b/usr.bin/ssh/README @@ -14,7 +14,7 @@ To extract and install this release on your OpenBSD system use: # make depend # make # make install - # cp ssh_config sshd_config /etc + # cp ssh_config sshd_config /etc/ssh OpenSSH is a derivative of the original and free ssh 1.2.12 release by Tatu Ylonen. Aaron Campbell, Bob Beck, Markus Friedl, Niels diff --git a/usr.bin/ssh/pathnames.h b/usr.bin/ssh/pathnames.h index a19604734e5..b45131208e4 100644 --- a/usr.bin/ssh/pathnames.h +++ b/usr.bin/ssh/pathnames.h @@ -1,4 +1,4 @@ -/* $OpenBSD: pathnames.h,v 1.10 2001/12/08 17:49:28 stevesk Exp $ */ +/* $OpenBSD: pathnames.h,v 1.11 2002/02/09 17:37:34 deraadt Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> @@ -13,25 +13,26 @@ */ #define ETCDIR "/etc" +#define SSHDIR ETCDIR "/ssh" #define _PATH_SSH_PIDDIR "/var/run" /* * System-wide file containing host keys of known hosts. This file should be * world-readable. */ -#define _PATH_SSH_SYSTEM_HOSTFILE ETCDIR "/ssh_known_hosts" +#define _PATH_SSH_SYSTEM_HOSTFILE SSHDIR "/ssh_known_hosts" /* backward compat for protocol 2 */ -#define _PATH_SSH_SYSTEM_HOSTFILE2 ETCDIR "/ssh_known_hosts2" +#define _PATH_SSH_SYSTEM_HOSTFILE2 SSHDIR "/ssh_known_hosts2" /* * Of these, ssh_host_key must be readable only by root, whereas ssh_config * should be world-readable. */ -#define _PATH_SERVER_CONFIG_FILE ETCDIR "/sshd_config" -#define _PATH_HOST_CONFIG_FILE ETCDIR "/ssh_config" -#define _PATH_HOST_KEY_FILE ETCDIR "/ssh_host_key" -#define _PATH_HOST_DSA_KEY_FILE ETCDIR "/ssh_host_dsa_key" -#define _PATH_HOST_RSA_KEY_FILE ETCDIR "/ssh_host_rsa_key" +#define _PATH_SERVER_CONFIG_FILE SSHDIR "/sshd_config" +#define _PATH_HOST_CONFIG_FILE SSHDIR "/ssh_config" +#define _PATH_HOST_KEY_FILE SSHDIR "/ssh_host_key" +#define _PATH_HOST_DSA_KEY_FILE SSHDIR "/ssh_host_dsa_key" +#define _PATH_HOST_RSA_KEY_FILE SSHDIR "/ssh_host_rsa_key" #define _PATH_DH_MODULI ETCDIR "/moduli" /* Backwards compatibility */ #define _PATH_DH_PRIMES ETCDIR "/primes" @@ -95,7 +96,7 @@ * use. xauth will be run if neither of these exists. */ #define _PATH_SSH_USER_RC ".ssh/rc" -#define _PATH_SSH_SYSTEM_RC ETCDIR "/sshrc" +#define _PATH_SSH_SYSTEM_RC SSHDIR "/sshrc" /* * Ssh-only version of /etc/hosts.equiv. Additionally, the daemon may use diff --git a/usr.bin/ssh/session.c b/usr.bin/ssh/session.c index 3d1644f0dcc..d98cfa9eea2 100644 --- a/usr.bin/ssh/session.c +++ b/usr.bin/ssh/session.c @@ -33,7 +33,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: session.c,v 1.124 2002/02/06 14:37:22 markus Exp $"); +RCSID("$OpenBSD: session.c,v 1.125 2002/02/09 17:37:34 deraadt Exp $"); #include "ssh.h" #include "ssh1.h" @@ -973,8 +973,8 @@ do_child(Session *s, const char *command) close(i); /* - * Must take new environment into use so that .ssh/rc, /etc/sshrc and - * xauth are run in the proper environment. + * Must take new environment into use so that .ssh/rc, + * /etc/ssh/sshrc and xauth are run in the proper environment. */ environ = env; @@ -1001,8 +1001,8 @@ do_child(Session *s, const char *command) } /* - * Run $HOME/.ssh/rc, /etc/sshrc, or xauth (whichever is found first - * in this order). + * Run $HOME/.ssh/rc, /etc/ssh/sshrc, or xauth (whichever is found + * first in this order). */ if (!options.use_login) { /* ignore _PATH_SSH_USER_RC for subsystems */ diff --git a/usr.bin/ssh/ssh-keyscan.1 b/usr.bin/ssh/ssh-keyscan.1 index 17f73406e75..8a6ee139037 100644 --- a/usr.bin/ssh/ssh-keyscan.1 +++ b/usr.bin/ssh/ssh-keyscan.1 @@ -1,4 +1,4 @@ -.\" $OpenBSD: ssh-keyscan.1,v 1.12 2001/09/05 06:23:07 deraadt Exp $ +.\" $OpenBSD: ssh-keyscan.1,v 1.13 2002/02/09 17:37:34 deraadt Exp $ .\" .\" Copyright 1995, 1996 by David Mazieres <dm@lcs.mit.edu>. .\" @@ -138,7 +138,7 @@ is either or .Dq ssh-dsa . .Pp -.Pa /etc/ssh_known_hosts +.Pa /etc/ssh/ssh_known_hosts .Sh BUGS It generates "Connection closed by remote host" messages on the consoles of all the machines it scans if the server is older than version 2.9. diff --git a/usr.bin/ssh/ssh.1 b/usr.bin/ssh/ssh.1 index c44f4ae2c96..180383aaa0b 100644 --- a/usr.bin/ssh/ssh.1 +++ b/usr.bin/ssh/ssh.1 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh.1,v 1.146 2002/02/03 22:35:57 stevesk Exp $ +.\" $OpenBSD: ssh.1,v 1.147 2002/02/09 17:37:34 deraadt Exp $ .Dd September 25, 1999 .Dt SSH 1 .Os @@ -126,7 +126,7 @@ or .Pa /etc/shosts.equiv , and if additionally the server can verify the client's host key (see -.Pa /etc/ssh_known_hosts +.Pa /etc/ssh/ssh_known_hosts and .Pa $HOME/.ssh/known_hosts in the @@ -365,7 +365,7 @@ Host keys are stored in .Pa $HOME/.ssh/known_hosts in the user's home directory. Additionally, the file -.Pa /etc/ssh_known_hosts +.Pa /etc/ssh/ssh_known_hosts is automatically checked for known hosts. Any new hosts are automatically added to the user's file. If a host's identification @@ -574,7 +574,7 @@ option below. Specifies an alternative per-user configuration file. If a configuration file is given on the command line, the system-wide configuration file -.Pq Pa /etc/ssh_config +.Pq Pa /etc/ssh/ssh_config will be ignored. The default for the per-user configuration file is .Pa $HOME/.ssh/config . @@ -649,7 +649,7 @@ the following order: command line options, user's configuration file .Pq Pa $HOME/.ssh/config , and system-wide configuration file -.Pq Pa /etc/ssh_config . +.Pq Pa /etc/ssh/ssh_config . For each parameter, the first obtained value will be used. The configuration files contain sections bracketed by @@ -887,7 +887,7 @@ The default is .It Cm GlobalKnownHostsFile Specifies a file to use for the global host key database instead of -.Pa /etc/ssh_known_hosts . +.Pa /etc/ssh/ssh_known_hosts . .It Cm HostbasedAuthentication Specifies whether to try rhosts based authentication with public key authentication. @@ -1145,7 +1145,7 @@ will never automatically add host keys to the file, and refuses to connect to hosts whose host key has changed. This provides maximum protection against trojan horse attacks, however, can be annoying when the -.Pa /etc/ssh_known_hosts +.Pa /etc/ssh/ssh_known_hosts file is poorly maintained, or connections to new hosts are frequently made. This option forces the user to manually @@ -1313,7 +1313,7 @@ to the environment. .It Pa $HOME/.ssh/known_hosts Records host keys for all hosts the user has logged into that are not in -.Pa /etc/ssh_known_hosts . +.Pa /etc/ssh/ssh_known_hosts . See .Xr sshd 8 . .It Pa $HOME/.ssh/identity, $HOME/.ssh/id_dsa, $HOME/.ssh/id_rsa @@ -1368,7 +1368,7 @@ In the simplest form the format is the same as the .pub identity files. This file is not highly sensitive, but the recommended permissions are read/write for the user, and not accessible by others. -.It Pa /etc/ssh_known_hosts +.It Pa /etc/ssh/ssh_known_hosts Systemwide list of known host keys. This file should be prepared by the system administrator to contain the public host keys of all machines in the @@ -1391,13 +1391,13 @@ to verify the client host when logging in; other names are needed because does not convert the user-supplied name to a canonical name before checking the key, because someone with access to the name servers would then be able to fool host authentication. -.It Pa /etc/ssh_config +.It Pa /etc/ssh/ssh_config Systemwide configuration file. This file provides defaults for those values that are not specified in the user's configuration file, and for those users who do not have a configuration file. This file must be world-readable. -.It Pa /etc/ssh_host_key, /etc/ssh_host_dsa_key, /etc/ssh_host_rsa_key +.It Pa /etc/ssh/ssh_host_key, /etc/ssh/ssh_host_dsa_key, /etc/ssh/ssh_host_rsa_key These three files contain the private parts of the host keys and are used for .Cm RhostsRSAAuthentication @@ -1432,7 +1432,7 @@ Note that by default will be installed so that it requires successful RSA host authentication before permitting \s+2.\s0rhosts authentication. If the server machine does not have the client's host key in -.Pa /etc/ssh_known_hosts , +.Pa /etc/ssh/ssh_known_hosts , it can be stored in .Pa $HOME/.ssh/known_hosts . The easiest way to do this is to @@ -1469,7 +1469,7 @@ This file is processed exactly as This file may be useful to permit logins using .Nm but not using rsh/rlogin. -.It Pa /etc/sshrc +.It Pa /etc/ssh/sshrc Commands in this file are executed by .Nm when the user logs in just before the user's shell (or command) is started. diff --git a/usr.bin/ssh/sshd.8 b/usr.bin/ssh/sshd.8 index 5020105bc7a..78d3e68e2e4 100644 --- a/usr.bin/ssh/sshd.8 +++ b/usr.bin/ssh/sshd.8 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd.8,v 1.166 2002/02/03 22:35:57 stevesk Exp $ +.\" $OpenBSD: sshd.8,v 1.167 2002/02/09 17:37:34 deraadt Exp $ .Dd September 25, 1999 .Dt SSHD 8 .Os @@ -198,7 +198,7 @@ will send the output to the standard error instead of the system log. .It Fl f Ar configuration_file Specifies the name of the configuration file. The default is -.Pa /etc/sshd_config . +.Pa /etc/ssh/sshd_config . .Nm refuses to start if there is no configuration file. .It Fl g Ar login_grace_time @@ -214,11 +214,11 @@ This option must be given if is not run as root (as the normal host key files are normally not readable by anyone but root). The default is -.Pa /etc/ssh_host_key +.Pa /etc/ssh/ssh_host_key for protocol version 1, and -.Pa /etc/ssh_host_rsa_key +.Pa /etc/ssh/ssh_host_rsa_key and -.Pa /etc/ssh_host_dsa_key +.Pa /etc/ssh/ssh_host_dsa_key for protocol version 2. It is possible to have multiple host key files for the different protocol versions and host key algorithms. @@ -311,7 +311,7 @@ to use IPv6 addresses only. .Sh CONFIGURATION FILE .Nm reads configuration data from -.Pa /etc/sshd_config +.Pa /etc/ssh/sshd_config (or the file specified with .Fl f on the command line). @@ -488,11 +488,11 @@ The default is Specifies a file containing a private host key used by SSH. The default is -.Pa /etc/ssh_host_key +.Pa /etc/ssh/ssh_host_key for protocol version 1, and -.Pa /etc/ssh_host_rsa_key +.Pa /etc/ssh/ssh_host_rsa_key and -.Pa /etc/ssh_host_dsa_key +.Pa /etc/ssh/ssh_host_dsa_key for protocol version 2. Note that .Nm @@ -1095,7 +1095,7 @@ command="dump /home",no-pty,no-port-forwarding 1024 33 23.\|.\|.\|2323 backup.hu permitopen="10.2.1.55:80",permitopen="10.2.1.56:25" 1024 33 23.\|.\|.\|2323 .Sh SSH_KNOWN_HOSTS FILE FORMAT The -.Pa /etc/ssh_known_hosts , +.Pa /etc/ssh/ssh_known_hosts , and .Pa $HOME/.ssh/known_hosts files contain host public keys for all known hosts. @@ -1120,7 +1120,7 @@ pattern on the line. .Pp Bits, exponent, and modulus are taken directly from the RSA host key; they can be obtained, e.g., from -.Pa /etc/ssh_host_key.pub . +.Pa /etc/ssh/ssh_host_key.pub . The optional comment field continues to the end of the line, and is not used. .Pp Lines starting with @@ -1142,7 +1142,7 @@ Note that the lines in these files are typically hundreds of characters long, and you definitely don't want to type in the host keys by hand. Rather, generate them by a script or by taking -.Pa /etc/ssh_host_key.pub +.Pa /etc/ssh/ssh_host_key.pub and adding the host names at the front. .Ss Examples .Bd -literal @@ -1151,19 +1151,19 @@ cvs.openbsd.org,199.185.137.3 ssh-rsa AAAA1234.....= .Ed .Sh FILES .Bl -tag -width Ds -.It Pa /etc/sshd_config +.It Pa /etc/ssh/sshd_config Contains configuration data for .Nm sshd . This file should be writable by root only, but it is recommended (though not necessary) that it be world-readable. -.It Pa /etc/ssh_host_key, /etc/ssh_host_dsa_key, /etc/ssh_host_rsa_key +.It Pa /etc/ssh/ssh_host_key, /etc/ssh/ssh_host_dsa_key, /etc/ssh/ssh_host_rsa_key These three files contain the private parts of the host keys. These files should only be owned by root, readable only by root, and not accessible to others. Note that .Nm does not start if this file is group/world-accessible. -.It Pa /etc/ssh_host_key.pub, /etc/ssh_host_dsa_key.pub, /etc/ssh_host_rsa_key.pub +.It Pa /etc/ssh/ssh_host_key.pub, /etc/ssh/ssh_host_dsa_key.pub, /etc/ssh/ssh_host_rsa_key.pub These three files contain the public parts of the host keys. These files should be world-readable but writable only by root. @@ -1196,7 +1196,7 @@ and/or .Pa id_rsa.pub files into this file, as described in .Xr ssh-keygen 1 . -.It Pa "/etc/ssh_known_hosts" and "$HOME/.ssh/known_hosts" +.It Pa "/etc/ssh/ssh_known_hosts" and "$HOME/.ssh/known_hosts" These files are consulted when using rhosts with RSA host authentication or protocol version 2 hostbased authentication to check the public key of the host. @@ -1204,7 +1204,7 @@ The key must be listed in one of these files to be accepted. The client uses the same files to verify that it is connecting to the correct remote host. These files should be writable only by root/the owner. -.Pa /etc/ssh_known_hosts +.Pa /etc/ssh/ssh_known_hosts should be world-readable, and .Pa $HOME/.ssh/known_hosts can but need not be world-readable. @@ -1312,13 +1312,13 @@ something similar to: .Ed .Pp If this file does not exist, -.Pa /etc/sshrc +.Pa /etc/ssh/sshrc is run, and if that does not exist either, xauth is used to store the cookie. .Pp This file should be writable only by the user, and need not be readable by anyone else. -.It Pa /etc/sshrc +.It Pa /etc/ssh/sshrc Like .Pa $HOME/.ssh/rc . This can be used to specify diff --git a/usr.bin/ssh/sshd_config b/usr.bin/ssh/sshd_config index f68373904c2..f999906a378 100644 --- a/usr.bin/ssh/sshd_config +++ b/usr.bin/ssh/sshd_config @@ -1,4 +1,4 @@ -# $OpenBSD: sshd_config,v 1.46 2002/01/29 14:32:03 markus Exp $ +# $OpenBSD: sshd_config,v 1.47 2002/02/09 17:37:34 deraadt Exp $ # This is the sshd server system-wide configuration file. See sshd(8) # for more information. @@ -14,10 +14,10 @@ #ListenAddress :: # HostKey for protocol version 1 -#HostKey /etc/ssh_host_key +#HostKey /etc/ssh/ssh_host_key # HostKeys for protocol version 2 -#HostKey /etc/ssh_host_rsa_key -#HostKey /etc/ssh_host_dsa_key +#HostKey /etc/ssh/ssh_host_rsa_key +#HostKey /etc/ssh/ssh_host_dsa_key # Lifetime and size of ephemeral version 1 server key #KeyRegenerationInterval 3600 @@ -42,7 +42,7 @@ #RhostsAuthentication no # Don't read the user's ~/.rhosts and ~/.shosts files #IgnoreRhosts yes -# For this to work you will also need host keys in /etc/ssh_known_hosts +# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts #RhostsRSAAuthentication no # similar for protocol version 2 #HostbasedAuthentication no |