OpenSSH Config Files

OpenSSH Config Files

Introduction

OpenSSH has two different sets of configuration files, one for the client programs (ssh, scp, and sftp) and the other for the server service (sshd), located in two different areas.
System-wide SSH configuration information is stored in /etc/ssh

File Description

primes Contains Diffie-Hellman groups used for the key exchange. Creates a shared secret value that cannot be determined by either party alone and is used to provide host authentication. This file is critical for constructing a secure transport layer.

ssh_config The system-wide SSH client configuration file used to direct the SSH client. If a user has her own configuration file available in her home directory (~/.ssh/config), then its values will override the values stored in /etc/ssh/ssh_config.

sshd_config The configuration file for sshd.

ssh_host_dsa_key The DSA private key used by sshd.

ssh_host_dsa_key.pub The DSA public key used by sshd.

ssh_host_key The RSA private key used by sshd for version 1 of the SSH protocol.

ssh_host_key.pub The RSA public key used by sshd for version 1 of the SSH protocol.

ssh_host_rsa_key The RSA private key used by sshd for version 2 of the SSH protocol.

ssh_host_rsa_key.pub The RSA public key used by sshd for version 2 of the SSH protocol.

User-specific SSH configuration information is stored in the user's home directory within the .ssh subdirectory.

File Description

authorized_keys2 The file that holds a list of "authorized" public keys. If a connecting user can prove that they know the private key which corresponds to any of these, then they are authenticated. Note, this is only an optional authentication method.

id_dsa Contains the DSA authentication identity of the user.

id_dsa.pub The DSA public key of the user.

id_rsa The RSA public key used by sshd for version 2 of the SSH protocol.

identity The RSA private key used by sshd for version 1 of the SSH protocol.

known_hosts2 Stores the DSA host keys of the servers a user logs into via SSH when the user elects to record them. If a server has its host keys legitimately altered, perhaps on a re-installation of Red Hat Linux, the user will be notified that the host key stored in the known_hosts2 file that corresponds with this host does not match. Then, the user must delete that host's key in known_hosts in order to store the new host key for that system. The known_hosts2 file is very important for ensuring that the client is connecting the correct server. If a host's key has changed, and you are not absolutely certain why it has changed, then you should contact the host's system administrator to make sure that the host has not be compromised.

File	Description
primes	Contains Diffie-Hellman groups used for the key exchange. Creates a shared secret value that cannot be determined by either party alone and is used to provide host authentication. This file is critical for constructing a secure transport layer.
ssh_config	The system-wide SSH client configuration file used to direct the SSH client. If a user has her own configuration file available in her home directory (~/.ssh/config), then its values will override the values stored in /etc/ssh/ssh_config.
sshd_config	The configuration file for sshd.
ssh_host_dsa_key	The DSA private key used by sshd.
ssh_host_dsa_key.pub	The DSA public key used by sshd.
ssh_host_key	The RSA private key used by sshd for version 1 of the SSH protocol.
ssh_host_key.pub	The RSA public key used by sshd for version 1 of the SSH protocol.
ssh_host_rsa_key	The RSA private key used by sshd for version 2 of the SSH protocol.
ssh_host_rsa_key.pub	The RSA public key used by sshd for version 2 of the SSH protocol.

File	Description
authorized_keys2	The file that holds a list of "authorized" public keys. If a connecting user can prove that they know the private key which corresponds to any of these, then they are authenticated. Note, this is only an optional authentication method.
id_dsa	Contains the DSA authentication identity of the user.
id_dsa.pub	The DSA public key of the user.
id_rsa	The RSA public key used by sshd for version 2 of the SSH protocol.
identity	The RSA private key used by sshd for version 1 of the SSH protocol.
known_hosts2	Stores the DSA host keys of the servers a user logs into via SSH when the user elects to record them. If a server has its host keys legitimately altered, perhaps on a re-installation of Red Hat Linux, the user will be notified that the host key stored in the known_hosts2 file that corresponds with this host does not match. Then, the user must delete that host's key in known_hosts in order to store the new host key for that system. The known_hosts2 file is very important for ensuring that the client is connecting the correct server. If a host's key has changed, and you are not absolutely certain why it has changed, then you should contact the host's system administrator to make sure that the host has not be compromised.