OpenSSH has two different sets of configuration files: one for
client programs (ssh, scp, and
sftp) and one for the server daemon
(sshd).
System-wide SSH configuration information is stored in the
/etc/ssh/ directory:
moduli — Contains Diffie-Hellman
groups used for the Diffie-Hellman key exchange which is critical
for constructing a secure transport layer. When keys are exchanged
at the beginning of an SSH session, a shared, secret value is created
which cannot be determined by either party alone. This value is then
used to provide host authentication.
ssh_config — The system-wide default
SSH client configuration file. It is overridden if one is also
present in the user's home directory
(~/.ssh/config).
sshd_config — The configuration file
for the sshd daemon.
ssh_host_dsa_key — The DSA private key
used by the sshd daemon.
ssh_host_dsa_key.pub — The DSA public key
used by the sshd daemon.
ssh_host_key — The RSA private key
used by the sshd daemon for version 1 of the SSH
protocol.
ssh_host_key.pub — The RSA public key
used by the sshd daemon for version 1 of the SSH
protocol.
ssh_host_rsa_key — The RSA private
key used by the sshd daemon for version 2 of the
SSH protocol.
ssh_host_rsa_key.pub — The RSA public
key used by the sshd for version 2 of the SSH
protocol.
User-specific SSH configuration information is stored in the user's home
directory within the ~/.ssh/ directory:
authorized_keys — This file holds a
list of authorized public keys for servers. When the client connects
to a server, the server authenticates the client by checking its
signed public key stored within this file.
id_dsa — Contains the DSA private key
of the user.
id_dsa.pub — The DSA public key of the
user.
id_rsa — The RSA private key used by
ssh for version 2 of the SSH protocol.
id_rsa.pub — The RSA public key used by
ssh for version 2 of the SSH protocol
identity — The RSA private key used by
ssh for version 1 of the SSH protocol.
identity.pub — The RSA public key
used by ssh for version 1 of the SSH protocol.
known_hosts — This file
contains DSA host keys of SSH servers accessed by the user. This
file is very important for ensuring that the SSH client is
connecting the correct SSH server.
| Important |
---|
| If an SSH server's host key has changed, the client notifys the
user that the connection cannot proceed until the server's host
key is deleted from the known_hosts file
using a text editor. Before doing this, however, contact the
system administrator of the SSH server to verify the server is not
compromised.
|
Refer to the ssh_config and
sshd_config man pages for information concerning the
various directives available in the SSH configuration files.