ssh-keysign(8) — Linux manual page


SSH-KEYSIGN(8)           System Manager's Manual          SSH-KEYSIGN(8)

NAME         top

       ssh-keysign — OpenSSH helper for host-based authentication

SYNOPSIS         top

DESCRIPTION         top

       is used by ssh(1) to access the local host keys and generate the
       digital signature required during host-based authentication.

       is disabled by default and can only be enabled in the global
       client configuration file /etc/ssh/ssh_config by setting
       EnableSSHKeysign to “yes”.

       is not intended to be invoked by the user, but from ssh(1).  See
       ssh(1) and sshd(8) for more information about host-based

FILES         top

               Controls whether is enabled.

               These files contain the private parts of the host keys
               used to generate the digital signature.  They should be
               owned by root, readable only by root, and not accessible
               to others.  Since they are readable only by root, must be
               set-uid root if host-based authentication is used.

               If these files exist, they are assumed to contain public
               certificate information corresponding with the private
               keys above.

SEE ALSO         top

       ssh(1), ssh-keygen(1), ssh_config(5), sshd(8)

HISTORY         top

       first appeared in OpenBSD 3.2.

AUTHORS         top

       Markus Friedl <>

COLOPHON         top

       This page is part of the openssh (Portable OpenSSH) project.
       Information about the project can be found at  If you have a bug report
       for this manual page, see ⟨⟩.
       This page was obtained from the tarball openssh-9.6p1.tar.gz
       fetched from
       ⟨⟩ on
       2023-12-22.  If you discover any rendering problems in this HTML
       version of the page, or you believe there is a better or more up-
       to-date source for the page, or you have corrections or
       improvements to the information in this COLOPHON (which is not
       part of the original manual page), send a mail to

GNU                          March 31, 2022               SSH-KEYSIGN(8)