Show Contents / Index / Search

Files Used by the Client

$HOME/.ssh2/ssh2_config

User-specific configuration file. The format is the same as the system-wide configuration file. Recommended permissions = 644.

/etc/ssh2/ssh2_config

System-wide configuration file. This file is installed when you install Reflection for Secure IT. The installed file shows default values as commented out lines. Edit this file to change system-wide settings. For information about keywords and supported values, see ssh2_config(5). Recommended permissions = 644.

$HOME/.ssh2/hostkeys/key_*.pub

This directory contains the public keys of hosts trusted by the current user. By default, keys are added automatically to this location when the user answers `yes' in response to an unknown host prompt. (This behavior can be changed using the StrictHostKeyChecking keyword in the configuration file.) Starting with version 7.0, host keys use the following file name format:

key_port_host,IP.pub

Where port is the port used for the ssh connection, host is the host name, and IP is the host IP address.

Earlier versions used key_port_host.pub, and this format is still supported.

/etc/ssh2/hostkeys/key_*.pub

System-wide known hosts. Hosts with keys in this list are trusted for all users of the computer. No keys are installed to this location automatically. To add a system-wide trusted host, create this directory and put a copy of the host public key in it. Use the file name format described above for $HOME/.ssh2/hostkeys/key_*.pub.

$HOME/.ssh2/identification

An identification file is required if you use public keys or certificates for user authentication. (This is the default file name and location. You can redefine the name and/or location of the identification file on the ssh command line using -i or in the configuration file using the IdentificationFile keyword.) The identification file contains a list of one or more private keys held by a client user. Any listed key can be used by the client for user authentication. If more than one key is listed, the client tries the first key in the list, then continues trying the other keys in order. If no path information is provided, the client looks for listed keys in $HOME/.ssh2/. This file should have user-only write access (permissions = 600 or 644).

For standard keys use the following syntax to add keys to the list:

IdKey <keyname>

For example:

IdKey id_dsa_2048_a

For keys associated with n X.509 certificate use the following syntax.

CertKey <keyname>

The associated certificate must be in the same directory as the specified key and use the same base name with a .crt file extension.

Related Topics

Client Configuration Files