Mac Developer Library Developer
Search

 

This manual page is for Mac OS X version 10.9

If you are running a different version of Mac OS X, view the documentation locally:

  • In Terminal, using the man(1) command

Reading manual pages

Manual pages are intended as a quick reference for people who already understand a technology.

  • To learn how the manual is organized or to learn about command syntax, read the manual page for manpages(5).

  • For more information about this technology, look for other documentation in the Apple Developer Library.

  • For general information about writing shell scripts, read Shell Scripting Primer.




SSH-KEYSIGN(8)            BSD System Manager's Manual           SSH-KEYSIGN(8)

NAME
     ssh-keysign -- ssh helper program for host-based authentication

SYNOPSIS
     ssh-keysign

DESCRIPTION
     ssh-keysign is used by ssh(1) to access the local host keys and generate the digital signature required
     during host-based authentication with SSH protocol version 2.

     ssh-keysign is disabled by default and can only be enabled in the global client configuration file
     /etc/ssh/ssh_config by setting EnableSSHKeysign to ``yes''.

     ssh-keysign is not intended to be invoked by the user, but from ssh(1).  See ssh(1) and sshd(8) for
     more information about host-based authentication.

FILES
     /etc/ssh/ssh_config
             Controls whether ssh-keysign is enabled.

     /etc/ssh/ssh_host_dsa_key
     /etc/ssh/ssh_host_ecdsa_key
     /etc/ssh/ssh_host_rsa_key
             These files contain the private parts of the host keys used to generate the digital signature.
             They should be owned by root, readable only by root, and not accessible to others.  Since they
             are readable only by root, ssh-keysign must be set-uid root if host-based authentication is
             used.  Note that ssh-keysign is not set-uid by default on Mac OS X.

     /etc/ssh/ssh_host_dsa_key-cert.pub
     /etc/ssh/ssh_host_ecdsa_key-cert.pub
     /etc/ssh/ssh_host_rsa_key-cert.pub
             If these files exist they are assumed to contain public certificate information corresponding
             with the private keys above.

SEE ALSO
     ssh(1), ssh-keygen(1), ssh_config(5), sshd(8)

HISTORY
     ssh-keysign first appeared in OpenBSD 3.2.

AUTHORS
     Markus Friedl <markus@openbsd.org>

BSD                            October 11, 2013                            BSD

Reporting Problems

The way to report a problem with this manual page depends on the type of problem:

Content errors
Report errors in the content of this documentation to the OpenSSH project.
Bug reports
Report bugs in the functionality of the described tool or API to Apple through Bug Reporter and to the OpenSSH project through their bug reporting page.
Formatting problems
Report formatting mistakes in the online version of these pages with the feedback links below.

Feedback