24.2 OpenSSH Configuration Files

24.2.1 OpenSSH User Configuration Files

The following OpenSSH global configuration files are located in /etc/ssh:

moduli

Contains key-exchange information that is used to set up a secure connection.

ssh_config

Contains default client configuration settings that can be overridden by the settings in a user’s ~/.ssh/config file.

ssh_host_dsa_key

Contains the DSA private key for SSH2.

ssh_host_dsa_key.pub

Contains the DSA public key for SSH2.

ssh_host_key

Contains the RSA private key for SSH1.

ssh_host_key.pub

Contains the RSA public key for SSH1.

ssh_host_rsa_key

Contains the RSA private key for SSH2.

ssh_host_rsa_key.pub

Contains the RSA public key for SSH2.

sshd_config

Contains configuration settings for sshd.

Other files can be configured in this directory. For details, see the sshd(8) manual page.

For more information, see the ssh_config(5), sshd(8), and sshd_config(5) manual pages.

24.2.1 OpenSSH User Configuration Files

To use the OpenSSH tools, a user must have an account on both the client and server systems. The accounts do not need to be configured identically on each system.

User configuration files are located in the .ssh directory in a user's home directory (~/.ssh) on both the client and server. OpenSSH creates this directory and the known_hosts file when the user first uses an OpenSSH utility to connect to a remote system.

24.2.1.1 User Configuration Files in ~/.ssh on the Client

On the client side, the ~/.ssh/known_hosts file contains the public host keys that OpenSSH has obtained from SSH servers. OpenSSH adds an entry for each new server to which a user connects.

In addition, the ~/.ssh directory usually contains one of the following pairs of key files:

id_dsa and id_dsa.pub

Contain a user's SSH2 DSA private and public keys.

id_rsa and id_rsa.pub

Contains a user's SSH2 RSA private and public keys. SSH2 RSA is most commonly used key-pair type.

identity and identity.pub

Contains a user's SSH1 RSA private and public keys.

Caution

The private key file can be readable and writable by the user but must not be accessible to other users.

The optional config file contains client configuration settings.

Caution

A config file can be readable and writable by the user but must not be accessible to other users.

For more information, see the ssh(1) and ssh-keygen(1) manual pages.

24.2.1.2 User Configuration Files in ~/.ssh on the Server

On the server side, the ~/.ssh directory usually contains the following files:

authorized_keys

Contains your authorized public keys. The server uses the signed public key in this file to authenticate a client.

config

Contains client configuration settings. This file is optional.

Caution

A config file can be readable and writable by the user but must not be accessible to other users.

environment

Contains definitions of environment variables. This file is optional.

rc

Contains commands that ssh executes when a user logs in, before the user’s shell or command runs. This file is optional.

For more information, see the ssh(1) and ssh_config(5) manual pages.