man7.org > Linux > man-pages

Linux/UNIX system programming training

ssh-keysign(8) — Linux manual page

NAME | SYNOPSIS | DESCRIPTION | FILES | SEE ALSO | HISTORY | AUTHORS | COLOPHON 

SSH-KEYSIGN(8)            System Manager's Manual          SSH-KEYSIGN(8)

NAME         top

       ssh-keysign — OpenSSH helper for host-based authentication

SYNOPSIS         top

       ssh-keysign

DESCRIPTION         top

       ssh-keysign is used by ssh(1) to access the local host keys and
       generate the digital signature required during host-based
       authentication.

       ssh-keysign is disabled by default and can only be enabled in the
       global client configuration file /etc/ssh/ssh_config by setting
       EnableSSHKeysign to “yes”.

       ssh-keysign is not intended to be invoked by the user, but from
       ssh(1).  See ssh(1) and sshd(8) for more information about host-
       based authentication.

FILES         top

       /etc/ssh/ssh_config
               Controls whether ssh-keysign is enabled.

       /etc/ssh/ssh_host_ecdsa_key
       /etc/ssh/ssh_host_ed25519_key
       /etc/ssh/ssh_host_rsa_key
               These files contain the private parts of the host keys
               used to generate the digital signature.  They should be
               owned by root, readable only by root, and not accessible
               to others.  Since they are readable only by root,
               ssh-keysign must be set-uid root if host-based
               authentication is used.

       /etc/ssh/ssh_host_ecdsa_key-cert.pub
       /etc/ssh/ssh_host_ed25519_key-cert.pub
       /etc/ssh/ssh_host_rsa_key-cert.pub
               If these files exist, they are assumed to contain public
               certificate information corresponding with the private
               keys above.

SEE ALSO         top

       ssh(1), ssh-keygen(1), ssh_config(5), sshd(8)

HISTORY         top

       ssh-keysign first appeared in OpenBSD 3.2.

AUTHORS         top

       Markus Friedl <markus@openbsd.org>

COLOPHON         top

       This page is part of the openssh (Portable OpenSSH) project.
       Information about the project can be found at
       http://www.openssh.com/portable.html.  If you have a bug report
       for this manual page, see ⟨http://www.openssh.com/report.html⟩.
       This page was obtained from the tarball openssh-9.9p1.tar.gz
       fetched from
       ⟨http://ftp.eu.openbsd.org/pub/OpenBSD/OpenSSH/portable/⟩ on
       2025-02-02.  If you discover any rendering problems in this HTML
       version of the page, or you believe there is a better or more up-
       to-date source for the page, or you have corrections or
       improvements to the information in this COLOPHON (which is not
       part of the original manual page), send a mail to
       man-pages@man7.org

GNU                           June 17, 2024                SSH-KEYSIGN(8)

HTML rendering created 2025-02-02 by Michael Kerrisk, author of The Linux Programming Interface.

For details of in-depth Linux/UNIX system programming training courses that I teach, look here.

Hosting by jambit GmbH.

Cover of TLPI