Secure Shell Files

Language:

The following table shows the main Secure Shell files and the suggested file permissions.

Table 3 Secure Shell Files

Secure Shell File Name	Description	Suggested Permissions and Owner
`~/.rhosts`	Contains the host-user name pairs that specify the hosts to which the user can log in without a password. This file is also used by the `rlogind` and `rshd` daemons.	`-rw-r--r--` `username`
`~/.shosts`	Contains the host-user name pairs that specify the host systems to which the user can log in without a password. This file is not used by other utilities. For more information, see the `sshd` (1M) man page in the `FILES` section.	`-rw-r--r--` `username`
`~/.ssh/authorized_keys`	Holds the public keys of the user who is allowed to log in to the user account.	`-rw-r--r--` `username`
`~/.ssh/config`	Configures user settings which override system settings.	`-rw-r--r--` `username`
`~/.ssh/environment`	Contains initial assignments at login. By default, this file is not read. The `PermitUserEnvironment` keyword in the `sshd_config` file must be set to `yes` for this file to be read.	`-rw-r--r--` `username`
`/etc/hosts.equiv`	Contains the hosts that are used in `.rhosts` authentication. This file is also used by the `rlogind` and `rshd`daemons.	`-rw-r--r-- root`
`~/.ssh/known_hosts`	Contains the host public keys for all hosts with which the client can communicate securely. The file is maintained automatically. Whenever the user connects with an unknown host, the remote host key is added to the file.	`-rw-r--r--` `username`
`/etc/default/login`	Provides defaults for the `sshd` daemon when corresponding `sshd_config` parameters are not set.	`-r--r--r-- root`
`/etc/nologin`	If this file exists, the `sshd` daemon permits only `root` to log in. The contents of this file are displayed to users who are attempting to log in.	`-rw-r--r-- root`
`~/.ssh/rc`	Contains initialization routines that are run before the user shell starts. For a sample initialization routine, see the `sshd` (1M) man page.	`-rw-r--r--` `username`
`/etc/ssh/shosts.equiv`	Contains the hosts that are used in host-based authentication. This file is not used by other utilities.	`-rw-r--r-- root`
`/etc/ssh/ssh_config`	Configures system settings on the client system.	`-rw-r--r-- root`
`/etc/ssh/ssh_host_dsa_key` or `/etc/ssh/ssh_host_rsa_key`	Contains the host private key.	`-rw------- root`
`/etc/ssh_host_key.pub` or `/etc/ssh/ssh_host_dsa_key.pub` or `/etc/ssh/ssh_host_rsa_key.pub`	Contains the host public key, for example, `/etc/ssh/ssh_host_rsa_key.pub`. Used to copy the host key to the local `known_hosts` file.	`-rw-r--r-- root`
`/etc/ssh/ssh_known_hosts`	Contains the host public keys for all hosts with which the client can communicate securely. The file is populated by the administrator.	`-rw-r--r-- root`
`/etc/ssh/sshd_config`	Contains configuration data for `sshd`, the Secure Shell daemon.	`-rw-r--r-- root`
`/system/volatile/sshd.pid`	Contains the process ID of the Secure Shell daemon, `sshd`. If multiple daemons are running, the file contains the last daemon that was started.	`-rw-r--r-- root`
`/etc/ssh/sshrc`	Contains host-specific initialization routines that are specified by an administrator.	`-rw-r--r-- root`

Note - The sshd_config file can be overridden by a file from a site-customized package. For more information, see the definition of the overlay file attribute in the pkg(5) man page.