- djm@cvs.openbsd.org 2005/04/21 06:17:50
[ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh.1 ssh_config.5 sshd.8]
[sshd_config.5] OpenSSH doesn't ever look at the $HOME environment
variable, so don't say that we do (bz #623); ok deraadt@
diff --git a/ssh.1 b/ssh.1
index 4cbab74..05d2234 100644
--- a/ssh.1
+++ b/ssh.1
@@ -34,7 +34,7 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.\" $OpenBSD: ssh.1,v 1.206 2005/04/14 12:30:30 jmc Exp $
+.\" $OpenBSD: ssh.1,v 1.207 2005/04/21 06:17:50 djm Exp $
.Dd September 25, 1999
.Dt SSH 1
.Os
@@ -109,9 +109,9 @@
.Pa /etc/shosts.equiv
on the remote machine, and the user names are
the same on both sides, or if the files
-.Pa $HOME/.rhosts
+.Pa ~/.rhosts
or
-.Pa $HOME/.shosts
+.Pa ~/.shosts
exist in the user's home directory on the
remote machine and contain a line containing the name of the client
machine and the name of the user on that machine, the user is
@@ -120,7 +120,7 @@
host key (see
.Pa /etc/ssh/ssh_known_hosts
and
-.Pa $HOME/.ssh/known_hosts
+.Pa ~/.ssh/known_hosts
in the
.Sx FILES
section), only then is login permitted.
@@ -128,7 +128,7 @@
spoofing, DNS spoofing and routing spoofing.
[Note to the administrator:
.Pa /etc/hosts.equiv ,
-.Pa $HOME/.rhosts ,
+.Pa ~/.rhosts ,
and the rlogin/rsh protocol in general, are inherently insecure and should be
disabled if security is desired.]
.Pp
@@ -144,7 +144,7 @@
The server knows the public key, and only the user knows the private key.
.Pp
The file
-.Pa $HOME/.ssh/authorized_keys
+.Pa ~/.ssh/authorized_keys
lists the public keys that are permitted for logging in.
When the user logs in, the
.Nm
@@ -165,18 +165,18 @@
The user creates his/her RSA key pair by running
.Xr ssh-keygen 1 .
This stores the private key in
-.Pa $HOME/.ssh/identity
+.Pa ~/.ssh/identity
and stores the public key in
-.Pa $HOME/.ssh/identity.pub
+.Pa ~/.ssh/identity.pub
in the user's home directory.
The user should then copy the
.Pa identity.pub
to
-.Pa $HOME/.ssh/authorized_keys
+.Pa ~/.ssh/authorized_keys
in his/her home directory on the remote machine (the
.Pa authorized_keys
file corresponds to the conventional
-.Pa $HOME/.rhosts
+.Pa ~/.rhosts
file, and has one key
per line, though the lines can be very long).
After this, the user can log in without giving the password.
@@ -206,12 +206,12 @@
The public key method is similar to RSA authentication described
in the previous section and allows the RSA or DSA algorithm to be used:
The client uses his private key,
-.Pa $HOME/.ssh/id_dsa
+.Pa ~/.ssh/id_dsa
or
-.Pa $HOME/.ssh/id_rsa ,
+.Pa ~/.ssh/id_rsa ,
to sign the session identifier and sends the result to the server.
The server checks whether the matching public key is listed in
-.Pa $HOME/.ssh/authorized_keys
+.Pa ~/.ssh/authorized_keys
and grants access if both the key is found and the signature is correct.
The session identifier is derived from a shared Diffie-Hellman value
and is only known to the client and the server.
@@ -365,7 +365,7 @@
automatically maintains and checks a database containing
identifications for all hosts it has ever been used with.
Host keys are stored in
-.Pa $HOME/.ssh/known_hosts
+.Pa ~/.ssh/known_hosts
in the user's home directory.
Additionally, the file
.Pa /etc/ssh/ssh_known_hosts
@@ -522,7 +522,7 @@
.Pq Pa /etc/ssh/ssh_config
will be ignored.
The default for the per-user configuration file is
-.Pa $HOME/.ssh/config .
+.Pa ~/.ssh/config .
.It Fl f
Requests
.Nm
@@ -548,11 +548,11 @@
Selects a file from which the identity (private key) for
RSA or DSA authentication is read.
The default is
-.Pa $HOME/.ssh/identity
+.Pa ~/.ssh/identity
for protocol version 1, and
-.Pa $HOME/.ssh/id_rsa
+.Pa ~/.ssh/id_rsa
and
-.Pa $HOME/.ssh/id_dsa
+.Pa ~/.ssh/id_dsa
for protocol version 2.
Identity files may also be specified on
a per-host basis in the configuration file.
@@ -941,7 +941,7 @@
Additionally,
.Nm
reads
-.Pa $HOME/.ssh/environment ,
+.Pa ~/.ssh/environment ,
and adds lines of the format
.Dq VARNAME=value
to the environment if the file exists and if users are allowed to
@@ -952,13 +952,13 @@
.Xr sshd_config 5 .
.Sh FILES
.Bl -tag -width Ds
-.It Pa $HOME/.ssh/known_hosts
+.It Pa ~/.ssh/known_hosts
Records host keys for all hosts the user has logged into that are not
in
.Pa /etc/ssh/ssh_known_hosts .
See
.Xr sshd 8 .
-.It Pa $HOME/.ssh/identity, $HOME/.ssh/id_dsa, $HOME/.ssh/id_rsa
+.It Pa ~/.ssh/identity, ~/.ssh/id_dsa, ~/.ssh/id_rsa
Contains the authentication identity of the user.
They are for protocol 1 RSA, protocol 2 DSA, and protocol 2 RSA, respectively.
These files
@@ -970,21 +970,21 @@
It is possible to specify a passphrase when
generating the key; the passphrase will be used to encrypt the
sensitive part of this file using 3DES.
-.It Pa $HOME/.ssh/identity.pub, $HOME/.ssh/id_dsa.pub, $HOME/.ssh/id_rsa.pub
+.It Pa ~/.ssh/identity.pub, ~/.ssh/id_dsa.pub, ~/.ssh/id_rsa.pub
Contains the public key for authentication (public part of the
identity file in human-readable form).
The contents of the
-.Pa $HOME/.ssh/identity.pub
+.Pa ~/.ssh/identity.pub
file should be added to the file
-.Pa $HOME/.ssh/authorized_keys
+.Pa ~/.ssh/authorized_keys
on all machines
where the user wishes to log in using protocol version 1 RSA authentication.
The contents of the
-.Pa $HOME/.ssh/id_dsa.pub
+.Pa ~/.ssh/id_dsa.pub
and
-.Pa $HOME/.ssh/id_rsa.pub
+.Pa ~/.ssh/id_rsa.pub
file should be added to
-.Pa $HOME/.ssh/authorized_keys
+.Pa ~/.ssh/authorized_keys
on all machines
where the user wishes to log in using protocol version 2 DSA/RSA authentication.
These files are not
@@ -992,13 +992,13 @@
These files are
never used automatically and are not necessary; they are only provided for
the convenience of the user.
-.It Pa $HOME/.ssh/config
+.It Pa ~/.ssh/config
This is the per-user configuration file.
The file format and configuration options are described in
.Xr ssh_config 5 .
Because of the potential for abuse, this file must have strict permissions:
read/write for the user, and not accessible by others.
-.It Pa $HOME/.ssh/authorized_keys
+.It Pa ~/.ssh/authorized_keys
Lists the public keys (RSA/DSA) that can be used for logging in as this user.
The format of this file is described in the
.Xr sshd 8
@@ -1058,7 +1058,7 @@
By default
.Nm
is not setuid root.
-.It Pa $HOME/.rhosts
+.It Pa ~/.rhosts
This file is used in
.Cm RhostsRSAAuthentication
and
@@ -1088,12 +1088,12 @@
If the server machine does not have the client's host key in
.Pa /etc/ssh/ssh_known_hosts ,
it can be stored in
-.Pa $HOME/.ssh/known_hosts .
+.Pa ~/.ssh/known_hosts .
The easiest way to do this is to
connect back to the client from the server machine using ssh; this
will automatically add the host key to
-.Pa $HOME/.ssh/known_hosts .
-.It Pa $HOME/.shosts
+.Pa ~/.ssh/known_hosts .
+.It Pa ~/.shosts
This file is used exactly the same way as
.Pa .rhosts .
The purpose for
@@ -1133,7 +1133,7 @@
See the
.Xr sshd 8
manual page for more information.
-.It Pa $HOME/.ssh/rc
+.It Pa ~/.ssh/rc
Commands in this file are executed by
.Nm
when the user logs in just before the user's shell (or command) is
@@ -1141,7 +1141,7 @@
See the
.Xr sshd 8
manual page for more information.
-.It Pa $HOME/.ssh/environment
+.It Pa ~/.ssh/environment
Contains additional definitions for environment variables, see section
.Sx ENVIRONMENT
above.