System Administration Guide: Security Services
Previous Next

Solaris Secure Shell Files

The following table shows the important Solaris Secure Shell files and the suggested file permissions.

Table 20-5 Solaris Secure Shell Files

File Name

Description

Suggested Permissions and Owner

/etc/ssh/sshd_config

Contains configuration data for sshd, the Solaris Secure Shell daemon.

-rw-r--r-- root

/etc/ssh/ssh_host_key

Contains the host private key (v1).

-rw-r--r-- root

/etc/ssh/ssh_host_dsa_key or /etc/ssh/ssh_host_rsa_key

Contains the host private key (v2).

-rw-r--r-- root

host-private-key.pub

Contains the host public key, for example, /etc/ssh/ssh_host_rsa_key.pub. Is used to copy the host key to the local known_hosts file.

-rw-r--r-- root

/var/run/sshd.pid

Contains the process ID of the Solaris Secure Shell daemon, sshd. If multiple daemons are running, the file contains the last daemon that was started.

-rw-r--r-- root

~/.ssh/authorized_keys

Holds the public keys of the user who is allowed to log in to the user account.

-rw-rw-r-- username

/etc/ssh/ssh_known_hosts

Contains the host public keys for all hosts with which the client can communicate securely. The file is populated by the administrator.

-rw-r--r-- root

~/.ssh/known_hosts

Contains the host public keys for all hosts with which the client can communicate securely. The file is maintained automatically. Whenever the user connects with an unknown host, the remote host key is added to the file.

-rw-r--r-- username

/etc/default/login

Provides defaults for the sshd daemon when corresponding sshd_config parameters are not set.

-r--r--r-- root

/etc/nologin

If this file exists, the sshd daemon only permits root to log in. The contents of this file are displayed to users who are attempting to log in.

-rw-r--r-- root

~/.rhosts

Contains the host-user name pairs that specify the hosts to which the user can log in without a password. This file is also used by the rlogind and rshd daemons.

-rw-r--r-- username

~/.shosts

Contains the host-user name pairs that specify the hosts to which the user can log in without a password. This file is not used by other utilities. For more information, see the sshd(1M)man page in the FILES section.

-rw-r--r-- username

/etc/hosts.equiv

Contains the hosts that are used in .rhosts authentication. This file is also used by the rlogind and rshd daemons.

-rw-r--r-- root

/etc/ssh/shosts.equiv

Contains the hosts that are used in host-based authentication. This file is not used by other utilities.

-rw-r--r-- root

~/.ssh/environment

Contains initial assignments at login. By default, this file is not read. The PermitUserEnvironment keyword in the sshd_config file must be set to yes for this file to be read.

-rw------- username

~/.ssh/rc

Contains initialization routines that are run before the user shell starts. For a sample initialization routine, see the sshd man page.

-rw------- username

/etc/ssh/sshrc

Contains host-specific initialization routines that are specified by an administrator.

-rw-r--r-- root

/etc/ssh/ssh_config

Configures system settings on the client system.

-rw-r--r-- root

~/.ssh/config

Configures user settings. Overrides system settings.

-rw------- username

The following table lists the Solaris Secure Shell files that can be overridden by keywords or command options.

Table 20-6 Overrides for the Location of Solaris Secure Shell Files

File Name

Keyword Override

Command-Line Override

/etc/ssh/ssh_config

ssh -F config-file

scp -F config-file

~/.ssh/config

ssh -F config-file

/etc/ssh/host_rsa_key

/etc/ssh/host_dsa_key

HostKey

~/.ssh/identity

~/.ssh/id_dsa ~/.ssh/id_rsa

IdentityFile

ssh -i id-file

scp -i id-file

~/.ssh/authorized_keys

AuthorizedKeysFile

/etc/ssh/ssh_known_hosts

GlobalKnownHostsFile

~/.ssh/known_hosts

UserKnownHostsFile

IgnoreUserKnownHosts

Previous Next