[deployment-guide/comm-rel: 19/41] Updated the Configuration Files section.
dsilas
dsilas at fedoraproject.org
Fri Jul 16 08:53:28 UTC 2010
commit 099e66ab033310cb85025562de6078312cd7414d
Author: Jaromir Hradilek <jhradile at redhat.com>
Date: Mon Jul 12 16:14:07 2010 +0200
Updated the Configuration Files section.
en-US/OpenSSH.xml | 315 +++++++++++++++++++++++++++++++++--------------------
1 files changed, 197 insertions(+), 118 deletions(-)
---
diff --git a/en-US/OpenSSH.xml b/en-US/OpenSSH.xml
index 87cfe89..08e946e 100644
--- a/en-US/OpenSSH.xml
+++ b/en-US/OpenSSH.xml
@@ -269,6 +269,203 @@
</section>
</section>
</section>
+ <section id="s1-ssh-configuration">
+ <title>Configuration Files</title>
+ <indexterm>
+ <primary>SSH protocol</primary>
+ <secondary>configuration files</secondary>
+ </indexterm>
+ <indexterm>
+ <primary>OpenSSH</primary>
+ <secondary>configuration files for</secondary>
+ </indexterm>
+ <para>
+ There are two different sets of configuration files: those for client programs (that is, <command>ssh</command>, <command>scp</command>, and <command>sftp</command>), and those for the server (the <command>sshd</command> daemon).
+ </para>
+ <para>
+ System-wide SSH configuration information is stored in the <filename>/etc/ssh/</filename> directory. See <xref linkend="table-ssh-configuration-system" /> for a description of its content.
+ </para>
+ <table id="table-ssh-configuration-system">
+ <title>System-wide configuration files</title>
+ <tgroup cols="2">
+ <colspec colname="filename" colnum="1" colwidth="30*" />
+ <colspec colname="description" colnum="2" colwidth="50*" />
+ <thead>
+ <row>
+ <entry>Configuration File</entry>
+ <entry>Description</entry>
+ </row>
+ </thead>
+ <tbody>
+ <row>
+ <entry>
+ <filename>/etc/ssh/moduli</filename>
+ </entry>
+ <entry>
+ Contains Diffie-Hellman groups used for the Diffie-Hellman key exchange which is critical for constructing a secure transport layer. When keys are exchanged at the beginning of an SSH session, a shared, secret value is created which cannot be determined by either party alone. This value is then used to provide host authentication.
+ </entry>
+ </row>
+ <row>
+ <entry>
+ <filename>/etc/ssh/ssh_config</filename>
+ </entry>
+ <entry>
+ The default SSH client configuration file. Note that it is overridden by <filename>~/.ssh/config</filename> if it exists.
+ </entry>
+ </row>
+ <row>
+ <entry>
+ <filename>/etc/ssh/sshd_config</filename>
+ </entry>
+ <entry>
+ The configuration file for the <command>sshd</command> daemon.
+ </entry>
+ </row>
+ <row>
+ <entry>
+ <filename>/etc/ssh/ssh_host_dsa_key</filename>
+ </entry>
+ <entry>
+ The DSA private key used by the <command>sshd</command> daemon.
+ </entry>
+ </row>
+ <row>
+ <entry>
+ <filename>/etc/ssh/ssh_host_dsa_key.pub</filename>
+ </entry>
+ <entry>
+ The DSA public key used by the <command>sshd</command> daemon.
+ </entry>
+ </row>
+ <row>
+ <entry>
+ <filename>/etc/ssh/ssh_host_key</filename>
+ </entry>
+ <entry>
+ The RSA private key used by the <command>sshd</command> daemon for version 1 of the SSH protocol.
+ </entry>
+ </row>
+ <row>
+ <entry>
+ <filename>/etc/ssh/ssh_host_key.pub</filename>
+ </entry>
+ <entry>
+ The RSA public key used by the <command>sshd</command> daemon for version 1 of the SSH protocol.
+ </entry>
+ </row>
+ <row>
+ <entry>
+ <filename>/etc/ssh/ssh_host_rsa_key</filename>
+ </entry>
+ <entry>
+ The RSA private key used by the <command>sshd</command> daemon for version 2 of the SSH protocol.
+ </entry>
+ </row>
+ <row>
+ <entry>
+ <filename>/etc/ssh/ssh_host_rsa_key.pub</filename>
+ </entry>
+ <entry>
+ The RSA public key used by the <command>sshd</command> for version 2 of the SSH protocol.
+ </entry>
+ </row>
+ </tbody>
+ </tgroup>
+ </table>
+ <para>
+ User-specific SSH configuration information is stored in the user's home directory within the <filename>~/.ssh/</filename> directory. See <xref linkend="table-ssh-configuration-user" /> for a description of its content.
+ </para>
+ <table id="table-ssh-configuration-user">
+ <title>User-specific configuration files</title>
+ <tgroup cols="2">
+ <colspec colname="filename" colnum="1" colwidth="30*" />
+ <colspec colname="description" colnum="2" colwidth="50*" />
+ <thead>
+ <row>
+ <entry>Configuration File</entry>
+ <entry>Description</entry>
+ </row>
+ </thead>
+ <tbody>
+ <row>
+ <entry>
+ <filename>~/.ssh/authorized_keys</filename>
+ </entry>
+ <entry>
+ Holds a list of authorized public keys for servers. When the client connects to a server, the server authenticates the client by checking its signed public key stored within this file.
+ </entry>
+ </row>
+ <row>
+ <entry>
+ <filename>~/.ssh/id_dsa</filename>
+ </entry>
+ <entry>
+ Contains the DSA private key of the user.
+ </entry>
+ </row>
+ <row>
+ <entry>
+ <filename>~/.ssh/id_dsa.pub</filename>
+ </entry>
+ <entry>
+ The DSA public key of the user.
+ </entry>
+ </row>
+ <row>
+ <entry>
+ <filename>~/.ssh/id_rsa</filename>
+ </entry>
+ <entry>
+ The RSA private key used by <command>ssh</command> for version 2 of the SSH protocol.
+ </entry>
+ </row>
+ <row>
+ <entry>
+ <filename>~/.ssh/id_rsa.pub</filename>
+ </entry>
+ <entry>
+ The RSA public key used by <command>ssh</command> for version 2 of the SSH protocol
+ </entry>
+ </row>
+ <row>
+ <entry>
+ <filename>~/.ssh/identity</filename>
+ </entry>
+ <entry>
+ The RSA private key used by <command>ssh</command> for version 1 of the SSH protocol.
+ </entry>
+ </row>
+ <row>
+ <entry>
+ <filename>~/.ssh/identity.pub</filename>
+ </entry>
+ <entry>
+ The RSA public key used by <command>ssh</command> for version 1 of the SSH protocol.
+ </entry>
+ </row>
+ <row>
+ <entry>
+ <filename>~/.ssh/known_hosts</filename>
+ </entry>
+ <entry>
+ Contains DSA host keys of SSH servers accessed by the user. This file is very important for ensuring that the SSH client is connecting the correct SSH server.
+ </entry>
+ </row>
+ </tbody>
+ </tgroup>
+ </table>
+ <!-- TODO: Move this to the ssh command section
+ <important>
+ <title>Important</title>
+ <para>
+ If an SSH server's host key has changed, the client notifies the user that the connection cannot proceed until the server's host key is deleted from the <filename>known_hosts</filename> file using a text editor. Before doing this, however, contact the system administrator of the SSH server to verify the server is not compromised.
+ </para>
+ </important>
+ -->
+ <para>
+ Refer to the <command>ssh_config</command> and <command>sshd_config</command> man pages for information concerning the various directives available in the SSH configuration files.
+ </para>
+ </section>
<section id="s1-openssh-server-config">
<title>Configuring an OpenSSH Server</title>
<indexterm>
@@ -352,124 +549,6 @@ It is also possible that the RSA host key has just been changed.</screen>
</para>
</section>
</section>
- <section id="s1-ssh-configfiles">
- <title>OpenSSH Configuration Files</title>
- <indexterm>
- <primary>SSH protocol</primary>
- <secondary>configuration files</secondary>
- </indexterm>
- <indexterm>
- <primary>OpenSSH</primary>
- <secondary>configuration files for</secondary>
- </indexterm>
- <para>
- OpenSSH has two different sets of configuration files: one for client programs (<command>ssh</command>, <command>scp</command>, and <command>sftp</command>) and one for the server daemon (<command>sshd</command>).
- </para>
- <para>
- System-wide SSH configuration information is stored in the <filename>/etc/ssh/</filename> directory:
- </para>
- <itemizedlist>
- <listitem>
- <para>
- <filename>moduli</filename> — Contains Diffie-Hellman groups used for the Diffie-Hellman key exchange which is critical for constructing a secure transport layer. When keys are exchanged at the beginning of an SSH session, a shared, secret value is created which cannot be determined by either party alone. This value is then used to provide host authentication.
- </para>
- </listitem>
- <listitem>
- <para>
- <filename>ssh_config</filename> — The system-wide default SSH client configuration file. It is overridden if one is also present in the user's home directory (<filename>~/.ssh/config</filename>).
- </para>
- </listitem>
- <listitem>
- <para>
- <filename>sshd_config</filename> — The configuration file for the <command>sshd</command> daemon.
- </para>
- </listitem>
- <listitem>
- <para>
- <filename>ssh_host_dsa_key</filename> — The DSA private key used by the <command>sshd</command> daemon.
- </para>
- </listitem>
- <listitem>
- <para>
- <filename>ssh_host_dsa_key.pub</filename> — The DSA public key used by the <command>sshd</command> daemon.
- </para>
- </listitem>
- <listitem>
- <para>
- <filename>ssh_host_key</filename> — The RSA private key used by the <command>sshd</command> daemon for version 1 of the SSH protocol.
- </para>
- </listitem>
- <listitem>
- <para>
- <filename>ssh_host_key.pub</filename> — The RSA public key used by the <command>sshd</command> daemon for version 1 of the SSH protocol.
- </para>
- </listitem>
- <listitem>
- <para>
- <filename>ssh_host_rsa_key</filename> — The RSA private key used by the <command>sshd</command> daemon for version 2 of the SSH protocol.
- </para>
- </listitem>
- <listitem>
- <para>
- <filename>ssh_host_rsa_key.pub</filename> — The RSA public key used by the <command>sshd</command> for version 2 of the SSH protocol.
- </para>
- </listitem>
- </itemizedlist>
- <para>
- User-specific SSH configuration information is stored in the user's home directory within the <filename>~/.ssh/</filename> directory:
- </para>
- <itemizedlist>
- <listitem>
- <para>
- <filename>authorized_keys</filename> — This file holds a list of authorized public keys for servers. When the client connects to a server, the server authenticates the client by checking its signed public key stored within this file.
- </para>
- </listitem>
- <listitem>
- <para>
- <filename>id_dsa</filename> — Contains the DSA private key of the user.
- </para>
- </listitem>
- <listitem>
- <para>
- <filename>id_dsa.pub</filename> — The DSA public key of the user.
- </para>
- </listitem>
- <listitem>
- <para>
- <filename>id_rsa</filename> — The RSA private key used by <command>ssh</command> for version 2 of the SSH protocol.
- </para>
- </listitem>
- <listitem>
- <para>
- <filename>id_rsa.pub</filename> — The RSA public key used by <command>ssh</command> for version 2 of the SSH protocol
- </para>
- </listitem>
- <listitem>
- <para>
- <filename>identity</filename> — The RSA private key used by <command>ssh</command> for version 1 of the SSH protocol.
- </para>
- </listitem>
- <listitem>
- <para>
- <filename>identity.pub</filename> — The RSA public key used by <command>ssh</command> for version 1 of the SSH protocol.
- </para>
- </listitem>
- <listitem>
- <para>
- <filename>known_hosts</filename> — This file contains DSA host keys of SSH servers accessed by the user. This file is very important for ensuring that the SSH client is connecting the correct SSH server.
- </para>
- <important>
- <title>Important</title>
- <para>
- If an SSH server's host key has changed, the client notifies the user that the connection cannot proceed until the server's host key is deleted from the <filename>known_hosts</filename> file using a text editor. Before doing this, however, contact the system administrator of the SSH server to verify the server is not compromised.
- </para>
- </important>
- </listitem>
- </itemizedlist>
- <para>
- Refer to the <command>ssh_config</command> and <command>sshd_config</command> man pages for information concerning the various directives available in the SSH configuration files.
- </para>
- </section>
<section id="s1-openssh-client-config">
<title>Configuring an OpenSSH Client</title>
<indexterm>
More information about the docs-commits
mailing list