Product SiteDocumentation Site

8.2. Configuring OpenSSH

In order to perform tasks described in this section, you must have superuser privileges. To obtain them, log in as root by typing:
su -

8.2.1. Configuration Files

There are two different sets of configuration files: those for client programs (that is, ssh, scp, and sftp), and those for the server (the sshd daemon).
System-wide SSH configuration information is stored in the /etc/ssh/ directory as described in Table 8.1, “System-wide configuration files”. User-specific SSH configuration information is stored in ~/.ssh/ within the user's home directory as described in Table 8.2, “User-specific configuration files”.
Table 8.1. System-wide configuration files
File Description
/etc/ssh/moduli Contains Diffie-Hellman groups used for the Diffie-Hellman key exchange which is critical for constructing a secure transport layer. When keys are exchanged at the beginning of an SSH session, a shared, secret value is created which cannot be determined by either party alone. This value is then used to provide host authentication.
/etc/ssh/ssh_config The default SSH client configuration file. Note that it is overridden by ~/.ssh/config if it exists.
/etc/ssh/sshd_config The configuration file for the sshd daemon.
/etc/ssh/ssh_host_ecdsa_key The ECDSA private key used by the sshd daemon.
/etc/ssh/ssh_host_ecdsa_key.pub The ECDSA public key used by the sshd daemon.
/etc/ssh/ssh_host_key The RSA private key used by the sshd daemon for version 1 of the SSH protocol.
/etc/ssh/ssh_host_key.pub The RSA public key used by the sshd daemon for version 1 of the SSH protocol.
/etc/ssh/ssh_host_rsa_key The RSA private key used by the sshd daemon for version 2 of the SSH protocol.
/etc/ssh/ssh_host_rsa_key.pub The RSA public key used by the sshd daemon for version 2 of the SSH protocol.
/etc/pam.d/sshd The PAM configuration file for the sshd daemon.
/etc/sysconfig/sshd Configuration file for the sshd service.

Table 8.2. User-specific configuration files
File Description
~/.ssh/authorized_keys Holds a list of authorized public keys for servers. When the client connects to a server, the server authenticates the client by checking its signed public key stored within this file.
~/.ssh/id_ecdsa Contains the ECDSA private key of the user.
~/.ssh/id_ecdsa.pub The ECDSA public key of the user.
~/.ssh/id_rsa The RSA private key used by ssh for version 2 of the SSH protocol.
~/.ssh/id_rsa.pub The RSA public key used by ssh for version 2 of the SSH protocol.
~/.ssh/identity The RSA private key used by ssh for version 1 of the SSH protocol.
~/.ssh/identity.pub The RSA public key used by ssh for version 1 of the SSH protocol.
~/.ssh/known_hosts Contains host keys of SSH servers accessed by the user. This file is very important for ensuring that the SSH client is connecting to the correct SSH server.

For information concerning various directives that can be used in the SSH configuration files, see the ssh_config(5) and sshd_config(5) manual pages.