ssh-keysign(8)

NAME

       ssh-keysign - ssh helper program for hostbased authentication

SYNOPSIS

       ssh-keysign

DESCRIPTION

       ssh-keysign  is used by ssh(1) to access the local host keys and gener-
       ate the digital signature required during hostbased authentication with
       SSH protocol version 2.

       ssh-keysign  is  disabled  by  default  and  can only be enabled in the
       global client configuration file /etc/ssh/ssh_config by  setting  Enab-
       leSSHKeysign to ``yes''.

       ssh-keysign is not intended to be invoked by the user, but from ssh(1).
       See ssh(1) and sshd(8) for more information about hostbased authentica-
       tion.

FILES

       /etc/ssh/ssh_config
              Controls whether ssh-keysign is enabled.

       /etc/ssh/ssh_host_dsa_key, /etc/ssh/ssh_host_rsa_key
              These  files  contain the private parts of the host keys used to
              generate the digital signature.  They should be owned  by  root,
              readable only by root, and not accessible to others.  Since they
              are readable only by root, ssh-keysign must be set-uid  root  if
              hostbased authentication is used.

SEE ALSO

       ssh(1), ssh-keygen(1), ssh_config(5), sshd(8)

HISTORY

       ssh-keysign first appeared in Ox 3.2 .

AUTHORS

       Markus Friedl <markus@openbsd.org>

                                 May 24, 2002                   SSH-KEYSIGN(8)