ssh-keysign is used by ssh(1) to access the local host keys and
generate the digital signature required during host-based
ssh-keysign is disabled by default and can only be enabled in the
global client configuration file /etc/ssh/ssh_config by setting
EnableSSHKeysign to “yes”.
ssh-keysign is not intended to be invoked by the user, but from
ssh(1). See ssh(1) and sshd(8) for more information about host-
Controls whether ssh-keysign is enabled.
These files contain the private parts of the host keys used
to generate the digital signature. They should be owned by
root, readable only by root, and not accessible to others.
Since they are readable only by root, ssh-keysign must be
set-uid root if host-based authentication is used.
If these files exist they are assumed to contain public
certificate information corresponding with the private keys
This page is part of the openssh (Portable OpenSSH) project.
Information about the project can be found at
http://www.openssh.com/portable.html. If you have a bug report for
this manual page, see ⟨http://www.openssh.com/report.html⟩. This
page was obtained from the tarball openssh-8.6p1.tar.gz fetched
from ⟨http://ftp.eu.openbsd.org/pub/OpenBSD/OpenSSH/portable/⟩ on
2021-06-20. If you discover any rendering problems in this HTML
version of the page, or you believe there is a better or more up-
to-date source for the page, or you have corrections or
improvements to the information in this COLOPHON (which is not part
of the original manual page), send a mail to firstname.lastname@example.org
BSD November 30, 2019 BSD