Secure Shell Files

The following table shows the important Secure Shell files and the suggested file permissions.

Table 18-5 Secure Shell Files

File Name	Description	Suggested Permissions and Owner
`/etc/ssh/sshd_config`	Contains configuration data for `sshd`, the Secure Shell daemon.	`-rw-r--r-- root`
`/etc/ssh/ssh_host_dsa_key` or `/etc/ssh/ssh_host_rsa_key`	Contains the host private key.	`-rw------- root`
`host-private-key.pub`	Contains the host public key, for example, `/etc/ssh/ssh_host_rsa_key.pub`. Is used to copy the host key to the local `known_hosts` file.	`-rw-r--r-- root`
`/system/volatile/sshd.pid`	Contains the process ID of the Secure Shell daemon, `sshd`. If multiple daemons are running, the file contains the last daemon that was started.	`-rw-r--r-- root`
`~/.ssh/authorized_keys`	Holds the public keys of the user who is allowed to log in to the user account.	`-rw-r--r--` `username`
`/etc/ssh/ssh_known_hosts`	Contains the host public keys for all hosts with which the client can communicate securely. The file is populated by the administrator.	`-rw-r--r-- root`
`~/.ssh/known_hosts`	Contains the host public keys for all hosts with which the client can communicate securely. The file is maintained automatically. Whenever the user connects with an unknown host, the remote host key is added to the file.	`-rw-r--r--` `username`
`/etc/default/login`	Provides defaults for the `sshd` daemon when corresponding `sshd_config` parameters are not set.	`-r--r--r-- root`
`/etc/nologin`	If this file exists, the `sshd` daemon only permits `root` to log in. The contents of this file are displayed to users who are attempting to log in.	`-rw-r--r-- root`
`~/.rhosts`	Contains the host-user name pairs that specify the hosts to which the user can log in without a password. This file is also used by the `rlogind` and `rshd` daemons.	`-rw-r--r--` `username`
`~/.shosts`	Contains the host-user name pairs that specify the hosts to which the user can log in without a password. This file is not used by other utilities. For more information, see the `sshd`(1M) man page in the `FILES` section.	`-rw-r--r--` `username`
`/etc/hosts.equiv`	Contains the hosts that are used in `.rhosts` authentication. This file is also used by the `rlogind` and `rshd` daemons.	`-rw-r--r-- root`
`/etc/ssh/shosts.equiv`	Contains the hosts that are used in host-based authentication. This file is not used by other utilities.	`-rw-r--r-- root`
`~/.ssh/environment`	Contains initial assignments at login. By default, this file is not read. The `PermitUserEnvironment` keyword in the `sshd_config` file must be set to `yes` for this file to be read.	`-rw-r--r--` `username`
`~/.ssh/rc`	Contains initialization routines that are run before the user shell starts. For a sample initialization routine, see the `sshd`(1M) man page.	`-rw-r--r--` `username`
`/etc/ssh/sshrc`	Contains host-specific initialization routines that are specified by an administrator.	`-rw-r--r-- root`
`/etc/ssh/ssh_config`	Configures system settings on the client system.	`-rw-r--r-- root`
`~/.ssh/config`	Configures user settings which override system settings.	`-rw-r--r--` `username`

The following table lists the Secure Shell files that can be overridden by keywords or command options.

Table 18-6 Overrides for the Location of Secure Shell Files

File Name	Keyword Override	Command-Line Override
`/etc/ssh/ssh_config`		`ssh -F` `config-file` `scp -F` `config-file`
`~/.ssh/config`		`ssh -F` `config-file`
`/etc/ssh/host_rsa_key` `/etc/ssh/host_dsa_key`	`HostKey`
`~/.ssh/identity` `~/.ssh/id_dsa`, `~/.ssh/id_rsa`	`IdentityFile`	`ssh -i` `id-file` `scp -i` `id-file`
`~/.ssh/authorized_keys`	`AuthorizedKeysFile`
`/etc/ssh/ssh_known_hosts`	`GlobalKnownHostsFile`
`~/.ssh/known_hosts`	`UserKnownHostsFile` `IgnoreUserKnownHosts`

Skip Navigation Links
Exit Print View
	Oracle Solaris Administration: Security Services Oracle Solaris 11 Information Library