File Locations and Permissions on Unix

On Unix platforms, the Tectia Server files are located in the following directories and the named file permissions are required for them:

/etc/ssh2

Writable to root (must). Readable to world. The /etc/ssh2 directory is created with the correct permissions during installation.

/etc/ssh2/ssh-server-config.xml: the server configuration file (see ssh-server-config(5))
Writable to root (must). Readable to world.
/etc/ssh2/ssh-server-config-default.xml: a sample file that shows the hardcoded system defaults of the server configuration
/etc/ssh2/ssh-server-config-example.xml: a sample file with useful examples for the server configuration

/opt/tectia/share/auxdata/ssh-server-ng: the server configuration file DTD directory

	Note
	In Tectia Server 6.1 and earlier on Unix the default auxiliary data directory `auxdata` was located in `/etc/ssh2/ssh-tectia/`. If your server configuration file (`ssh-server-config.xml`) was created for Tectia Server version 6.1 or earlier, please update its DOCTYPE declaration to contain the current path to the server configuration file DTD directory: `/opt/tectia/share/auxdata/ssh-server-ng/`.

/etc/ssh2/hostkey: the default server host private key file
Writable to root (must). Readable to root (must).
/etc/ssh2/hostkey.pub: the default server host public key file
Writable to root (should). Readable to world.
/etc/ssh2/licenses: the license file directory (see Licensing)
/etc/ssh2/trusted_hosts: the directory for host public keys that are trusted for host-based authentication (see Host-Based User Authentication)
Writable to root (must). Readable to root (should).

/var/opt/tectia/random_seed: the seed file for the random number generator
Writable to root (must). Readable to root (must). Set the permissions read/writable to root at each update.
/opt/tectia/sbin: the system binaries such as ssh-server-g3
/opt/tectia/bin: the user binaries such as ssh-keygen-g3
/opt/tectia/man: Tectia Server man pages
/opt/tectia/libexec: library binaries
/opt/tectia/lib/sshsecsh: library binaries

The user-specific configurations are stored in each user's $HOME/.ssh2 directory.

Writable to user (must). Readable to user (should). The permission checking can be changed with configuration setting <auth-file-modes mask-bits="XXX"/>.

In the $HOME/.ssh2 directory:

$HOME/.ssh2/authorized_keys: the default directory for user public keys that are authorized for login
$HOME/.ssh2/authorization: (optional) the default authorization file for user public keys