ssh-keysign(8) — Linux manual page


SSH-KEYSIGN(8)           System Manager's Manual          SSH-KEYSIGN(8)

NAME         top

       ssh-keysign — OpenSSH helper for host-based authentication

SYNOPSIS         top


DESCRIPTION         top

       ssh-keysign is used by ssh(1) to access the local host keys and
       generate the digital signature required during host-based

       ssh-keysign is disabled by default and can only be enabled in the
       global client configuration file /etc/ssh/ssh_config by setting
       EnableSSHKeysign to “yes”.

       ssh-keysign is not intended to be invoked by the user, but from
       ssh(1).  See ssh(1) and sshd(8) for more information about host-
       based authentication.

FILES         top

               Controls whether ssh-keysign is enabled.

               These files contain the private parts of the host keys
               used to generate the digital signature.  They should be
               owned by root, readable only by root, and not accessible
               to others.  Since they are readable only by root,
               ssh-keysign must be set-uid root if host-based
               authentication is used.

               If these files exist, they are assumed to contain public
               certificate information corresponding with the private
               keys above.

SEE ALSO         top

       ssh(1), ssh-keygen(1), ssh_config(5), sshd(8)

HISTORY         top

       ssh-keysign first appeared in OpenBSD 3.2.

AUTHORS         top

       Markus Friedl <>

COLOPHON         top

       This page is part of the openssh (Portable OpenSSH) project.
       Information about the project can be found at  If you have a bug report
       for this manual page, see ⟨⟩.
       This page was obtained from the tarball openssh-9.7p1.tar.gz
       fetched from
       ⟨⟩ on
       2024-06-14.  If you discover any rendering problems in this HTML
       version of the page, or you believe there is a better or more up-
       to-date source for the page, or you have corrections or
       improvements to the information in this COLOPHON (which is not
       part of the original manual page), send a mail to

GNU                          March 31, 2022               SSH-KEYSIGN(8)