Follow Techotopia on Twitter

On-line Guides
All Guides
eBook Store
iOS / Android
Linux for Beginners
Office Productivity
Linux Installation
Linux Security
Linux Utilities
Linux Virtualization
Linux Kernel
System/Network Admin
Programming
Scripting Languages
Development Tools
Web Development
GUI Toolkits/Desktop
Databases
Mail Systems
openSolaris
Eclipse Documentation
Techotopia.com
Virtuatopia.com

How To Guides
Virtualization
General System Admin
Linux Security
Linux Filesystems
Web Servers
Graphics & Desktop
PC Hardware
Windows
Problem Solutions

  




 

 

NOTE: CentOS Enterprise Linux 5 is built from the Red Hat Enterprise Linux source code. Other than logo and name changes CentOS Enterprise Linux 5 is compatible with the equivalent Red Hat version. This document applies equally to both Red Hat and CentOS Enterprise Linux 5.

17.5. OpenSSH Configuration Files

OpenSSH has two different sets of configuration files: one for client programs (ssh, scp, and sftp) and one for the server daemon (sshd).

System-wide SSH configuration information is stored in the /etc/ssh/ directory:

  • moduli — Contains Diffie-Hellman groups used for the Diffie-Hellman key exchange which is critical for constructing a secure transport layer. When keys are exchanged at the beginning of an SSH session, a shared, secret value is created which cannot be determined by either party alone. This value is then used to provide host authentication.

  • ssh_config — The system-wide default SSH client configuration file. It is overridden if one is also present in the user's home directory (~/.ssh/config).

  • sshd_config — The configuration file for the sshd daemon.

  • ssh_host_dsa_key — The DSA private key used by the sshd daemon.

  • ssh_host_dsa_key.pub — The DSA public key used by the sshd daemon.

  • ssh_host_key — The RSA private key used by the sshd daemon for version 1 of the SSH protocol.

  • ssh_host_key.pub — The RSA public key used by the sshd daemon for version 1 of the SSH protocol.

  • ssh_host_rsa_key — The RSA private key used by the sshd daemon for version 2 of the SSH protocol.

  • ssh_host_rsa_key.pub — The RSA public key used by the sshd for version 2 of the SSH protocol.

User-specific SSH configuration information is stored in the user's home directory within the ~/.ssh/ directory:

  • authorized_keys — This file holds a list of authorized public keys for servers. When the client connects to a server, the server authenticates the client by checking its signed public key stored within this file.

  • id_dsa — Contains the DSA private key of the user.

  • id_dsa.pub — The DSA public key of the user.

  • id_rsa — The RSA private key used by ssh for version 2 of the SSH protocol.

  • id_rsa.pub — The RSA public key used by ssh for version 2 of the SSH protocol

  • identity — The RSA private key used by ssh for version 1 of the SSH protocol.

  • identity.pub — The RSA public key used by ssh for version 1 of the SSH protocol.

  • known_hosts — This file contains DSA host keys of SSH servers accessed by the user. This file is very important for ensuring that the SSH client is connecting the correct SSH server.

    Important

    If an SSH server's host key has changed, the client notifies the user that the connection cannot proceed until the server's host key is deleted from the known_hosts file using a text editor. Before doing this, however, contact the system administrator of the SSH server to verify the server is not compromised.

Refer to the ssh_config and sshd_config man pages for information concerning the various directives available in the SSH configuration files.


 
 
  Published under the terms of the GNU General Public License Design by Interspire