ssh(1) - OpenBSD manual pages

Tags

Top Highlights

• logging into a remote machine and for executing commands on a remote machine. It is intended to provide secure encrypted communications between two untrusted hosts over an insecure network. X11 connections, arbitrary TCP ports and UNIX-domain sockets can also be forwarded over the secure channel.

• the default location for all user-specific configuration and authentication information. There is no general requirement to keep the entire contents of this directory secret, but the recommended permissions are read/write/execute for the user, and not accessible by others.

• the public keys (DSA, ECDSA, Ed25519, RSA) that can be used for logging in as this user.

• per-user configuration file. The file format and configuration options are described in ssh_config(5). Because of the potential for abuse, this file must have strict permissions: read/write for the user, and not writable by others.

• the private key for authentication. These files contain sensitive data and should be readable by the user but not accessible by others (read/write/execute). ssh will simply ignore a private key file if it is accessible by others.

• public key for authentication. These files are not sensitive and can (but need not) be readable by anyone.

• a list of host keys for all hosts the user has logged into that are not already in the systemwide list of known host keys.

• Systemwide configuration file. The file format and configuration options are described in ssh_config(5).

• Systemwide list of known host keys. This file should be prepared by the system administrator to contain the public host keys of all machines in the organization. It should be world-readable.