-
$HOME/.ssh2/ssh-socks-proxy-config.xml This is the user-specific configuration file used by ssh-socks-proxy.
The format of this file is described on the ssh-socks-proxy-config man
page (Appendix ssh-socks-proxy-config). This
file does not usually contain any sensitive information, but the recommended
permissions are read/write for the user, and not
accessible for others.
-
$HOME/.ssh2/random_seed This file is used for seeding the random number generator. It contains
sensitive data and its permissions should be read/write
for the user and not accessible for others. This file
is created the first time the program is run and it is updated
automatically. You should never need to read or modify this file.
-
$HOME/.ssh2/identification This file contains information on public keys and certificates
used for user authentication when contacting remote hosts.
If the identification file does not exist, the SOCKS Proxy attempts to
use each key found in the $HOME/.ssh2 directory. If the
identification file exists, the keys listed in it are attempted
first.
The identification file contains a list of private key filenames each
preceded by the keyword IdKey (or
CertKey). An example file is shown below:
This directs the SOCKS Proxy to use $HOME/.ssh2/mykey
when attempting login using public-key authentication.
The files are by default assumed to be in the
$HOME/.ssh2 directory, but also a path to the key file can be
given. The path can be absolute or relative to the $HOME/.ssh2
directory. If there is more than one IdKey, they are tried
in the order that they appear in the identification file.
-
$HOME/.ssh2/hostkeys This is the user-specific directory for storing the public keys of
server hosts. You are prompted to accept new or changed keys automatically
when you connect to a server, unless you have set
strict-host-key-checking to yes in the
ssh-socks-proxy-config.xml file. You should verify the key
fingerprint before accepting new or changed keys.
When the host key is received during the first connection to a remote
host (or when the host key has changed) and you choose to save the key, its
filename is stored in hashed format. The hashed host key format is a
security feature to make address harvesting on the hosts difficult.
If you are adding the keys manually, the keys should be named with
key_<port>_<host>.pub pattern, where
<port> is the port the Secure Shell server
is running on and <host> is the hostname
you use when connecting to the server (for example,
key_22_alpha.example.com.pub).
If both the hashed and clear-text format keys exist, the hashed format
takes precedence.
Note that the identification is different based on the host and port
the client is connecting to. For example, the short hostname
alpha is considered different from the fully
qualified domain name alpha.example.com. Also a
connection with an IP, for example 10.1.54.1, is
considered a different host, as is a connection to the same host but
different port, for example
alpha.example.com#222.
-
$HOME/.ssh2/hostkeys/salt This is the initialization file for hashed host key names.
-
/etc/ssh2/hostkeys If a host key is not found in the user-specific
$HOME/.ssh2/hostkeys directory, this is the next location to be
checked for all users. Host key files are not automatically put here but
they have to be updated manually by the system administrator
(root).
If the administrator obtains the host keys by connecting to each host,
the keys will be in the hashed format. In this case, also the
administrator's $HOME/.ssh2/hostkeys/salt file has to be copied
to the /etc/ssh2/hostkeys directory.
-
/etc/ssh2/hostkeys/salt This is the initialization file for hashed host key names. The file
has to be copied here manually by the same administrator that obtains the
host keys.
-
$HOME/.ssh/known_hosts
This is the default file used by OpenSSH clients that contains the
public key data of known server hosts. It is supported also by SSH Tectia Client from
version 5.1 onwards. The location of the file must be defined in
the ssh-socks-proxy-config.xml file by using the
known-hosts element. See the ssh-socks-proxy-config man page
(Appendix ssh-socks-proxy-config).
The file is never automatically updated by SSH Tectia Client. New host keys
are always stored in the SSH Tectia $HOME/.ssh2/hostkeys
directory.
The file contains one known host per row. The format of each row is
the following:
hostnames bits exponent modulus comment
|
The hostname(s) in the file must be in clear-text format. Hashed
hostnames are not supported.
For more information on the format of this file, see the OpenSSH
sshd man page.
-
$HOME/.ssh2/authorized_keys (on the server host) This directory is the default location used by SSH Tectia Server 5.x for the user
public keys that are authorized for login.
On SSH Tectia Server 5.x on Windows, the default directory for user
public keys is %USERPROFILE%\.ssh2\authorized_keys.
-
$HOME/.ssh2/authorization (on the server host) This is the default file used by SSH Tectia Server 4.x (and SSH Secure Shell
server 3.x) that lists the user public keys that are authorized for
login. The file can be optionally be used with SSH Tectia Server 5.x as well.
On Windows, the authorization file is by default located in
%USERPROFILE%\.ssh2\authorization.
For information on the format of this file, on SSH Tectia Server 4.x, see the
ssh2 man page, or on SSH Tectia Server 5.x, see the ssh-server man
page.
-
$HOME/.ssh/authorized_keys (on the server host)
This is the default file used by OpenSSH server that contains the user
public keys that are authorized for login.
For information on the format of this file, see the OpenSSH sshd
man page.
