JavaScript is required to for searching.
Skip Navigation Links
Exit Print View
Oracle Solaris 11.1 Administration: Security Services     Oracle Solaris 11.1 Information Library
search filter icon
search icon

Document Information

Preface

Part I Security Overview

1.  Security Services (Overview)

Part II System, File, and Device Security

2.  Managing Machine Security (Overview)

3.  Controlling Access to Systems (Tasks)

4.  Virus Scanning Service (Tasks)

5.  Controlling Access to Devices (Tasks)

6.  Verifying File Integrity by Using BART (Tasks)

7.  Controlling Access to Files (Tasks)

Part III Roles, Rights Profiles, and Privileges

8.  Using Roles and Privileges (Overview)

9.  Using Role-Based Access Control (Tasks)

10.  Security Attributes in Oracle Solaris (Reference)

Part IV Cryptographic Services

11.  Cryptographic Framework (Overview)

12.  Cryptographic Framework (Tasks)

13.  Key Management Framework

Part V Authentication Services and Secure Communication

14.  Using Pluggable Authentication Modules

15.  Using Secure Shell

16.  Secure Shell (Reference)

A Typical Secure Shell Session

Session Characteristics in Secure Shell

Authentication and Key Exchange in Secure Shell

Acquiring GSS Credentials in Secure Shell

Command Execution and Data Forwarding in Secure Shell

Client and Server Configuration in Secure Shell

Client Configuration in Secure Shell

Server Configuration in Secure Shell

Keywords in Secure Shell

Host-Specific Parameters in Secure Shell

Secure Shell and Login Environment Variables

Maintaining Known Hosts in Secure Shell

Secure Shell Files

Secure Shell Commands

17.  Using Simple Authentication and Security Layer

18.  Network Services Authentication (Tasks)

Part VI Kerberos Service

19.  Introduction to the Kerberos Service

20.  Planning for the Kerberos Service

21.  Configuring the Kerberos Service (Tasks)

22.  Kerberos Error Messages and Troubleshooting

23.  Administering Kerberos Principals and Policies (Tasks)

24.  Using Kerberos Applications (Tasks)

25.  The Kerberos Service (Reference)

Part VII Auditing in Oracle Solaris

26.  Auditing (Overview)

27.  Planning for Auditing

28.  Managing Auditing (Tasks)

29.  Auditing (Reference)

Glossary

Index

Secure Shell Files

The following table shows the important Secure Shell files and the suggested file permissions.

Table 16-5 Secure Shell Files

File Name
Description
Suggested Permissions and Owner
/etc/ssh/sshd_config
Contains configuration data for sshd, the Secure Shell daemon.
-rw-r--r-- root
/etc/ssh/ssh_host_dsa_key or /etc/ssh/ssh_host_rsa_key
Contains the host private key.
-rw------- root
host-private-key.pub
Contains the host public key, for example, /etc/ssh/ssh_host_rsa_key.pub. Is used to copy the host key to the local known_hosts file.
-rw-r--r-- root
/system/volatile/sshd.pid
Contains the process ID of the Secure Shell daemon, sshd. If multiple daemons are running, the file contains the last daemon that was started.
-rw-r--r-- root
~/.ssh/authorized_keys
Holds the public keys of the user who is allowed to log in to the user account.
-rw-r--r-- username
/etc/ssh/ssh_known_hosts
Contains the host public keys for all hosts with which the client can communicate securely. The file is populated by the administrator.
-rw-r--r-- root
~/.ssh/known_hosts
Contains the host public keys for all hosts with which the client can communicate securely. The file is maintained automatically. Whenever the user connects with an unknown host, the remote host key is added to the file.
-rw-r--r-- username
/etc/default/login
Provides defaults for the sshd daemon when corresponding sshd_config parameters are not set.
-r--r--r-- root
/etc/nologin
If this file exists, the sshd daemon only permits root to log in. The contents of this file are displayed to users who are attempting to log in.
-rw-r--r-- root
~/.rhosts
Contains the host-user name pairs that specify the hosts to which the user can log in without a password. This file is also used by the rlogind and rshd daemons.
-rw-r--r-- username
~/.shosts
Contains the host-user name pairs that specify the hosts to which the user can log in without a password. This file is not used by other utilities. For more information, see the sshd(1M) man page in the FILES section.
-rw-r--r-- username
/etc/hosts.equiv
Contains the hosts that are used in .rhosts authentication. This file is also used by the rlogind and rshd daemons.
-rw-r--r-- root
/etc/ssh/shosts.equiv
Contains the hosts that are used in host-based authentication. This file is not used by other utilities.
-rw-r--r-- root
~/.ssh/environment
Contains initial assignments at login. By default, this file is not read. The PermitUserEnvironment keyword in the sshd_config file must be set to yes for this file to be read.
-rw-r--r-- username
~/.ssh/rc
Contains initialization routines that are run before the user shell starts. For a sample initialization routine, see the sshd(1M) man page.
-rw-r--r-- username
/etc/ssh/sshrc
Contains host-specific initialization routines that are specified by an administrator.
-rw-r--r-- root
/etc/ssh/ssh_config
Configures system settings on the client system.
-rw-r--r-- root
~/.ssh/config
Configures user settings which override system settings.
-rw-r--r-- username

Note - The sshd_config file can be overridden by a file from a site-customized package. For more information, see the definition of the overlay file attribute in the pkg(5) man page.


The following table lists the Secure Shell files that can be overridden by keywords or command options.

Table 16-6 Overrides for the Location of Secure Shell Files

File Name
Keyword Override
Command-Line Override
/etc/ssh/ssh_config
ssh -F config-file

scp -F config-file

~/.ssh/config
ssh -F config-file
/etc/ssh/host_rsa_key

/etc/ssh/host_dsa_key

HostKey
~/.ssh/identity

~/.ssh/id_dsa, ~/.ssh/id_rsa

IdentityFile
ssh -i id-file

scp -i id-file

~/.ssh/authorized_keys
AuthorizedKeysFile
/etc/ssh/ssh_known_hosts
GlobalKnownHostsFile
~/.ssh/known_hosts
UserKnownHostsFile

IgnoreUserKnownHosts