14.2. Configuring OpenSSH
14.2.1. Configuration Files
There are two different sets of configuration files: those for client programs (that is,
ssh, scp, and sftp), and those for the server (the sshd daemon).
System-wide SSH configuration information is stored in the
/etc/ssh/ directory as described in Table 14.1, “System-wide configuration files”. User-specific SSH configuration information is stored in ~/.ssh/ within the user's home directory as described in Table 14.2, “User-specific configuration files”.
| File | Description |
|---|---|
/etc/ssh/moduli | Contains Diffie-Hellman groups used for the Diffie-Hellman key exchange which is critical for constructing a secure transport layer. When keys are exchanged at the beginning of an SSH session, a shared, secret value is created which cannot be determined by either party alone. This value is then used to provide host authentication. |
/etc/ssh/ssh_config | The default SSH client configuration file. Note that it is overridden by ~/.ssh/config if it exists. |
/etc/ssh/sshd_config | The configuration file for the sshd daemon. |
/etc/ssh/ssh_host_dsa_key | The DSA private key used by the sshd daemon. |
/etc/ssh/ssh_host_dsa_key.pub | The DSA public key used by the sshd daemon. |
/etc/ssh/ssh_host_key | The RSA private key used by the sshd daemon for version 1 of the SSH protocol. |
/etc/ssh/ssh_host_key.pub | The RSA public key used by the sshd daemon for version 1 of the SSH protocol. |
/etc/ssh/ssh_host_rsa_key | The RSA private key used by the sshd daemon for version 2 of the SSH protocol. |
/etc/ssh/ssh_host_rsa_key.pub | The RSA public key used by the sshd daemon for version 2 of the SSH protocol. |
/etc/pam.d/sshd | The PAM configuration file for the sshd daemon. |
/etc/sysconfig/sshd | Configuration file for the sshd service. |
| File | Description |
|---|---|
~/.ssh/authorized_keys | Holds a list of authorized public keys for servers. When the client connects to a server, the server authenticates the client by checking its signed public key stored within this file. |
~/.ssh/id_dsa | Contains the DSA private key of the user. |
~/.ssh/id_dsa.pub | The DSA public key of the user. |
~/.ssh/id_rsa | The RSA private key used by ssh for version 2 of the SSH protocol. |
~/.ssh/id_rsa.pub | The RSA public key used by ssh for version 2 of the SSH protocol. |
~/.ssh/identity | The RSA private key used by ssh for version 1 of the SSH protocol. |
~/.ssh/identity.pub | The RSA public key used by ssh for version 1 of the SSH protocol. |
~/.ssh/known_hosts | Contains DSA host keys of SSH servers accessed by the user. This file is very important for ensuring that the SSH client is connecting the correct SSH server. |
For information concerning various directives that can be used in the SSH configuration files, see the
ssh_config(5) and sshd_config(5) manual pages.
