Go to main content

Managing Secure Shell Access in Oracle® Solaris 11.3

Exit Print View

Updated: October 2019
 
 

Secure Shell Files

The following table shows the main Secure Shell files and the suggested file permissions.

Table 3  Secure Shell Files
Secure Shell File Name
Description
Suggested Permissions and Owner
~/.rhosts
Contains the host-user name pairs that specify the hosts to which the user can log in without a password. This file is also used by the rlogind and rshd daemons.
-rw-r--r-- username
~/.shosts
Contains the host-user name pairs that specify the host systems to which the user can log in without a password. This file is not used by other utilities. For more information, see the sshd (1M) man page in the FILES section.
-rw-r--r-- username
~/.ssh/authorized_keys
Holds the public keys of the user who is allowed to log in to the user account.
-rw-r--r-- username
~/.ssh/config
Configures user settings which override system settings.
-rw-r--r-- username
~/.ssh/environment
Contains initial assignments at login. By default, this file is not read. The PermitUserEnvironment keyword in the sshd_config file must be set to yes for this file to be read.
-rw-r--r-- username
/etc/hosts.equiv
Contains the hosts that are used in .rhosts authentication. This file is also used by the rlogind and rshddaemons.
-rw-r--r-- root
~/.ssh/known_hosts
Contains the host public keys for all hosts with which the client can communicate securely. The file is maintained automatically. Whenever the user connects with an unknown host, the remote host key is added to the file.
-rw-r--r-- username
/etc/default/login
Provides defaults for the sshd daemon when corresponding sshd_config parameters are not set.
-r--r--r-- root
/etc/nologin
If this file exists, the sshd daemon permits only root to log in. The contents of this file are displayed to users who are attempting to log in.
-rw-r--r-- root
~/.ssh/rc
Contains initialization routines that are run before the user shell starts. For a sample initialization routine, see the sshd (1M) man page.
-rw-r--r-- username
/etc/ssh/shosts.equiv
Contains the hosts that are used in host-based authentication. This file is not used by other utilities.
-rw-r--r-- root
/etc/ssh/ssh_config
Configures system settings on the client system.
-rw-r--r-- root
/etc/ssh/ssh_host_dsa_key or /etc/ssh/ssh_host_rsa_key
Contains the host private key.
-rw------- root
/etc/ssh_host_key.pub or /etc/ssh/ssh_host_dsa_key.pub or /etc/ssh/ssh_host_rsa_key.pub
Contains the host public key, for example, /etc/ssh/ssh_host_rsa_key.pub. Used to copy the host key to the local known_hosts file.
-rw-r--r-- root
/etc/ssh/ssh_known_hosts
Contains the host public keys for all hosts with which the client can communicate securely. The file is populated by the administrator.
-rw-r--r-- root
/etc/ssh/sshd_config
Contains configuration data for sshd, the Secure Shell daemon.
-rw-r--r-- root
/system/volatile/sshd.pid
Contains the process ID of the Secure Shell daemon, sshd. If multiple daemons are running, the file contains the last daemon that was started.
-rw-r--r-- root
/etc/ssh/sshrc
Contains host-specific initialization routines that are specified by an administrator.
-rw-r--r-- root

Note - The sshd_config file can be overridden by a file from a site-customized package. For more information, see the definition of the overlay file attribute in the pkg(5) man page.