linux-from-scratch/glfs
1
0
Fork 0
mirror of https://github.com/Zeckmathederg/glfs.git synced 2025-01-23 22:42:14 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity

openssh-6.0p1

Browse Source 
git-svn-id: svn://svn.linuxfromscratch.org/BLFS/trunk/BOOK@10073 af4574ff-66df-0310-9fd7-8a98e5e911e0
This commit is contained in:
Andrew Benton 2012-05-03 19:24:30 +00:00
parent 5a9e610f1b
commit 3a3731160b
4 changed files with 244 additions and 158 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
general.ent
View File

@ -126,7 +126,7 @@ $Date$
<!ENTITY mitkrb-version "1.10.1">
<!ENTITY nettle-version "2.4">
<!ENTITY nss-version "3.13.4">
<!ENTITY openssh-version "5.9p1">
<!ENTITY openssh-version "6.0p1">
<!ENTITY openssl-version "1.0.1a">
<!-- version no longer used, we take whatever mozilla is offering
<!ENTITY ca-bundle-version "3.12.11.0"> -->

3
introduction/welcome/changelog.xml
View File

@ -53,6 +53,9 @@
<listitem>
<para>[abenton] - Added Ntfs-3g 2012.1.15.</para>
</listitem>
<listitem>
<para>[abenton] - Updated Openssh to 6.0p1.</para>
</listitem>
</itemizedlist>
</listitem>

393
postlfs/security/openssh.xml
View File

@ -4,12 +4,14 @@
<!ENTITY % general-entities SYSTEM "../../general.ent">
%general-entities;
<!ENTITY openssh-download-http "http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-&openssh-version;.tar.gz">
<!ENTITY openssh-download-ftp "ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-&openssh-version;.tar.gz">
<!ENTITY openssh-md5sum "afe17eee7e98d3b8550cc349834a85d0">
<!ENTITY openssh-download-http
"http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-&openssh-version;.tar.gz">
<!ENTITY openssh-download-ftp
"ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-&openssh-version;.tar.gz">
<!ENTITY openssh-md5sum "3c9347aa67862881c5da3f3b1c08da7b">
<!ENTITY openssh-size "1.1 MB">
<!ENTITY openssh-buildsize "44 MB">
<!ENTITY openssh-time "3.5 SBU (including the test suite)">
<!ENTITY openssh-buildsize "31 MB">
<!ENTITY openssh-time "0.6 SBU">
]>
<sect1 id="openssh" xreflabel="OpenSSH-&openssh-version;">
@ -22,14 +24,16 @@
<title>OpenSSH-&openssh-version;</title>
<para>The <application>OpenSSH</application> package contains
<command>ssh</command> clients and the <command>sshd</command> daemon.
This is useful for encrypting authentication and subsequent traffic
over a network. The <command>ssh</command> and <command>scp</command>
commands are secure implementions of <command>telnet</command> and
<command>rcp</command> respectively.</para>
<para>
The <application>OpenSSH</application> package contains
<command>ssh</command> clients and the <command>sshd</command> daemon. This
is useful for encrypting authentication and subsequent traffic over a
network. The <command>ssh</command> and <command>scp</command> commands are
secure implementions of <command>telnet</command> and <command>rcp</command>
respectively.
</para>
&lfs70_checked;
&lfs71_checked;
<indexterm zone="openssh">
<primary sortas="a-OpenSSH">OpenSSH</primary>
@ -41,22 +45,34 @@
<bridgehead renderas="sect3">Package Information</bridgehead>
<itemizedlist spacing="compact">
<listitem>
<para>Download (HTTP): <ulink url="&openssh-download-http;"/></para>
<para>
Download (HTTP): <ulink url="&openssh-download-http;"/>
</para>
</listitem>
<listitem>
<para>Download (FTP): <ulink url="&openssh-download-ftp;"/></para>
<para>
Download (FTP): <ulink url="&openssh-download-ftp;"/>
</para>
</listitem>
<listitem>
<para>Download MD5 sum: &openssh-md5sum;</para>
<para>
Download MD5 sum: &openssh-md5sum;
</para>
</listitem>
<listitem>
<para>Download size: &openssh-size;</para>
<para>
Download size: &openssh-size;
</para>
</listitem>
<listitem>
<para>Estimated disk space required: &openssh-buildsize;</para>
<para>
Estimated disk space required: &openssh-buildsize;
</para>
</listitem>
<listitem>
<para>Estimated build time: &openssh-time;</para>
<para>
Estimated build time: &openssh-time;
</para>
</listitem>
</itemizedlist>
@ -66,36 +82,40 @@
<para role="required"><xref linkend="openssl"/></para>
<bridgehead renderas="sect4">Optional</bridgehead>
<para role="optional"><xref linkend="linux-pam"/>,
<xref linkend="tcpwrappers"/>,
<xref linkend="x-window-system"/>,
<xref linkend="mitkrb"/>,
<ulink url="http://www.thrysoee.dk/editline/">libedit</ulink>
(provides a command-line history feature to <command>sftp</command>),
<ulink url="http://www.opensc-project.org/">OpenSC</ulink>, and
<ulink
url="http://www.citi.umich.edu/projects/smartcard/sectok.html">libsectok</ulink></para>
<para role="optional">
<xref linkend="linux-pam"/>,
<xref linkend="tcpwrappers"/>,
<xref linkend="x-window-system"/>,
<xref linkend="mitkrb"/>,
<ulink url="http://www.thrysoee.dk/editline/">libedit</ulink>
(provides a command-line history feature to <command>sftp</command>),
<ulink url="http://www.opensc-project.org/">OpenSC</ulink> and
<ulink url="http://www.citi.umich.edu/projects/smartcard/sectok.html">libsectok</ulink>
</para>
<bridgehead renderas="sect4">Optional Runtime (Used only to gather entropy)</bridgehead>
<para role="optional"><xref linkend="icedtea6"/> or <xref linkend="jdk"/>,
<xref linkend="net-tools"/>, and
<xref linkend="sysstat"/>.</para>
<para condition="html" role="usernotes">User Notes:
<ulink url='&blfs-wiki;/OpenSSH'/></para>
<para role="optional">
<xref linkend="icedtea6"/> or <xref linkend="jdk"/>,
<xref linkend="net-tools"/> and
<xref linkend="sysstat"/>.
</para>
<para condition="html" role="usernotes">
User Notes: <ulink url='&blfs-wiki;/OpenSSH'/>
</para>
</sect2>
<sect2 role="installation">
<title>Installation of OpenSSH</title>
<para><application>OpenSSH</application> runs as two processes when
connecting to other computers. The first process is a privileged process
and controls the issuance of privileges as necessary. The second process
communicates with the network. Additional installation steps are necessary
to set up the proper environment, which are performed by issuing the
following commands as the <systemitem class="username">root</systemitem>
user:</para>
<para>
<application>OpenSSH</application> runs as two processes when connecting
to other computers. The first process is a privileged process and controls
the issuance of privileges as necessary. The second process communicates
with the network. Additional installation steps are necessary to set up
the proper environment, which are performed by issuing the following
commands as the <systemitem class="username">root</systemitem> user:
</para>
<screen role="root"><userinput>install -v -m700 -d /var/lib/sshd &amp;&amp;
chown -v root:sys /var/lib/sshd &amp;&amp;
@ -103,108 +123,118 @@ groupadd -g 50 sshd &amp;&amp;
useradd -c 'sshd PrivSep' -d /var/lib/sshd -g sshd \
-s /bin/false -u 50 sshd</userinput></screen>
<para><application>OpenSSH</application> is very sensitive to changes in
the linked <application>OpenSSL</application> libraries. If you recompile
<application>OpenSSL</application>, <application>OpenSSH</application> may
fail to start up. An alternative is to link against the static
<application>OpenSSL</application> library. To link against the static
library, execute the following command:</para>
<para>
<application>OpenSSH</application> is very sensitive to changes in the
linked <application>OpenSSL</application> libraries. If you recompile
<application>OpenSSL</application>, <application>OpenSSH</application> may
fail to start up. An alternative is to link against the static
<application>OpenSSL</application> library. To link against the static
library, execute the following command:
</para>
<screen><userinput>sed -i 's@-lcrypto@/usr/lib/libcrypto.a -ldl@' configure</userinput></screen>
<para>Install <application>OpenSSH</application> by running
the following commands:</para>
<para>
Install <application>OpenSSH</application> by running the following
commands:
</para>
<screen><userinput>sed -i.bak '/K5LIBS=/s/ -ldes//' configure &amp;&amp;
./configure --prefix=/usr \
--sysconfdir=/etc/ssh \
--datadir=/usr/share/sshd \
--libexecdir=/usr/lib/openssh \
--with-md5-passwords \
--with-privsep-path=/var/lib/sshd &amp;&amp;
make</userinput></screen>
<para>If you linked <application>tcp_wrappers</application> into the
build using the <option>--with-tcp-wrappers</option> parameter, ensure
you add 127.0.0.1 to the sshd line in <filename>/etc/hosts.allow</filename>
if you have a restrictive <filename>/etc/hosts.deny</filename> file, or the
test suite will fail. Additionally, the testsuite requires an installed
copy of <command>scp</command> to complete the multiplexing tests. To
run the test suite, first copy the scp program to
<filename class="directory">/usr/bin</filename>, making sure that you
back up any existing copy first.</para>
<para>
If you linked <application>tcp_wrappers</application> into the build using
the <option>--with-tcp-wrappers</option> parameter, ensure you add
127.0.0.1 to the sshd line in <filename>/etc/hosts.allow</filename> if you
have a restrictive <filename>/etc/hosts.deny</filename> file, or the test
suite will fail. Additionally, the testsuite requires an installed copy of
<command>scp</command> to complete the multiplexing tests. To run the test
suite, first copy the scp program to
<filename class="directory">/usr/bin</filename>, making sure that you back
up any existing copy first.
</para>
<para>To run the test suite, issue the following commands:</para>
<para>
To run the test suite, issue the following commands:
</para>
<screen role="root"><userinput>make tests 2&gt;&amp;1 | tee check.log
grep FATAL check.log</userinput></screen>
<para>If the above command produces no 'FATAL' errors, then proceed
with the installation, as the
<systemitem class="username">root</systemitem> user:</para>
<para>
If the above command produces no 'FATAL' errors, then proceed with the
installation, as the <systemitem class="username">root</systemitem> user:
</para>
<screen role="root"><userinput>make install &amp;&amp;
install -v -m755 -d /usr/share/doc/openssh-&openssh-version; &amp;&amp;
install -v -m644 INSTALL LICENCE OVERVIEW README* \
/usr/share/doc/openssh-&openssh-version;</userinput></screen>
</sect2>
<sect2 role="commands">
<title>Command Explanations</title>
<para><command>sed -i.bak '/K5LIBS=/s/ -ldes//' configure</command>:
This command fixes a build crash if you used the
<option>--with-kerberos5</option> parameter and you built the
<application>Heimdal</application> package in accordance with the BLFS
instructions. The command is harmless in all other instances.</para>
<para><parameter>--sysconfdir=/etc/ssh</parameter>: This prevents
the configuration files from being installed in
<filename class="directory">/usr/etc</filename>.</para>
<para><parameter>--datadir=/usr/share/sshd</parameter>: This switch
puts the Ssh.bin file (used for SmartCard authentication) in
<filename class="directory">/usr/share/sshd</filename>.</para>
<para><parameter>--with-md5-passwords</parameter>: This is required
with the default configuration of Shadow password suite in LFS.</para>
<para><parameter>--libexecdir=/usr/lib/openssh</parameter>: This parameter
changes the installation path of some programs to
<filename class="directory">/usr/lib/openssh</filename> instead of
<filename class="directory">/usr/libexec</filename>.</para>
<para><parameter>--with-pam</parameter>: This parameter enables
<application>Linux-PAM</application> support in the build.</para>
<para><parameter>--with-xauth=/usr/bin/xauth</parameter>: Set the
default location for the <command>xauth</command> binary for X
authentication. Change the location if <command>xauth</command> will
be installed to a different path. This can also be controlled from
<filename>sshd_config</filename> with the XAuthLocation keyword.
You can omit this switch if <application>Xorg</application> is already
installed.
<para>
<command>sed -i.bak '/K5LIBS=/s/ -ldes//' configure</command>: This sed
fixes a build crash if you used the <option>--with-kerberos5</option>
option. The command is harmless in all other instances.
</para>
<para><parameter>--with-kerberos5=/usr</parameter>: This option is used to
include Heimdal support in the build.</para>
<para>
<parameter>--sysconfdir=/etc/ssh</parameter>: This prevents the
configuration files from being installed in
<filename class="directory">/usr/etc</filename>.
</para>
<para>
<parameter>--datadir=/usr/share/sshd</parameter>: This switch puts the
Ssh.bin file (used for SmartCard authentication) in
<filename class="directory">/usr/share/sshd</filename>.
</para>
<para>
<parameter>--with-md5-passwords</parameter>: This enables the use of MD5
passwords.
</para>
<para>
<parameter>--with-pam</parameter>: This parameter enables
<application>Linux-PAM</application> support in the build.
</para>
<para>
<parameter>--with-xauth=/usr/bin/xauth</parameter>: Set the default
location for the <command>xauth</command> binary for X authentication.
Change the location if <command>xauth</command> will be installed to a
different path. This can also be controlled from
<filename>sshd_config</filename> with the XAuthLocation keyword. You can
omit this switch if <application>Xorg</application> is already installed.
</para>
<para>
<parameter>--with-kerberos5=/usr</parameter>: This option is used to
include Kerberos 5 support in the build.
</para>
</sect2>
<sect2 role="configuration">
<title>Configuring OpenSSH</title>
<para>If you are only going to use the <command>ssh</command> or
<command>scp</command> clients, no configuration or boot scripts are
required.</para>
<sect3 id="openssh-config">
<title>Config Files</title>
<para><filename>~/.ssh/*</filename>,
<para>
<filename>~/.ssh/*</filename>,
<filename>/etc/ssh/ssh_config</filename>, and
<filename>/etc/ssh/sshd_config</filename></para>
<filename>/etc/ssh/sshd_config</filename>
</para>
<indexterm zone="openssh openssh-config">
<primary sortas="e-AA.ssh">~/.ssh/*</primary>
@ -218,49 +248,83 @@ install -v -m644 INSTALL LICENCE OVERVIEW README* \
<primary sortas="e-etc-ssh-sshd_config">/etc/ssh/sshd_config</primary>
</indexterm>
<para>There are no required changes to any of these files. However,
you may wish to view the <filename class='directory'>/etc/ssh/</filename>
files and make any changes appropriate for the security of your system.
One recommended change is that you disable
<systemitem class='username'>root</systemitem> login via
<command>ssh</command>. Execute the following command as the
<systemitem class='username'>root</systemitem> user to disable
<systemitem class='username'>root</systemitem> login via
<command>ssh</command>:</para>
<para>
There are no required changes to any of these files. However,
you may wish to view the
<filename class='directory'>/etc/ssh/</filename> files and make any
changes appropriate for the security of your system. One recommended
change is that you disable
<systemitem class='username'>root</systemitem> login via
<command>ssh</command>. Execute the following command as the
<systemitem class='username'>root</systemitem> user to disable
<systemitem class='username'>root</systemitem> login via
<command>ssh</command>:
</para>
<screen role="root"><userinput>echo "PermitRootLogin no" &gt;&gt; /etc/ssh/sshd_config</userinput></screen>
<para>If you added <application>LinuxPAM</application> support, then you
will need to add a configuration file for
<application>sshd</application> and enable use of
<application>LinuxPAM</application>. Issue the following commands as the
<systemitem class='username'>root</systemitem> user:</para>
<para>
If you want to be able to log in without typing in your password, first
create ~/.ssh/id_rsa and ~/.ssh/id_rsa.pub with
<command>ssh-keygen</command> and then copy ~/.ssh/id_rsa.pub to
~/.ssh/authorized_keys on the remote computer that you want to log into.
You'll need to change REMOTE_HOSTNAME for the hostname of the remote
computer and you'll also need to enter you password for the ssh command
to succeed:
</para>
<screen><userinput>ssh-keygen &amp;&amp;
public_key="$(cat ~/.ssh/id_rsa.pub)" &amp;&amp;
ssh REMOTE_HOSTNAME "echo ${public_key} &gt;&gt; ~/.ssh/authorized_keys" &amp;&amp;
unset public_key</userinput></screen>
<para>
Once you've got passwordless logins working it's actually more secure
than logging in with a password (as the private key is much longer than
most people's passwords). If you would like to now disable password
logins, as the <systemitem class="username">root</systemitem> user:
</para>
<screen role="root"><userinput>echo "PasswordAuthentication no" >> /etc/ssh/sshd_config &amp;&amp;
echo "ChallengeResponseAuthentication no" >> /etc/ssh/sshd_config</userinput></screen>
<para>
If you added <application>LinuxPAM</application> support and you want
ssh to use it then you will need to add a configuration file for
<application>sshd</application> and enable use of
<application>LinuxPAM</application>. Note, ssh only uses PAM to check
passwords, if you've disabled password logins these commands are not
needed. If you want to use PAM issue the following commands as the
<systemitem class='username'>root</systemitem> user:
</para>
<screen role="root"><userinput>sed 's@d/login@d/sshd@g' /etc/pam.d/login &gt; /etc/pam.d/sshd &amp;&amp;
chmod 644 /etc/pam.d/sshd &amp;&amp;
echo "USEPAM yes" &gt;&gt; /etc/ssh/sshd_config</userinput></screen>
<para>Additional configuration information can be found in the man
pages for <command>sshd</command>, <command>ssh</command> and
<command>ssh-agent</command>.</para>
<para>
Additional configuration information can be found in the man
pages for <command>sshd</command>, <command>ssh</command> and
<command>ssh-agent</command>.
</para>
</sect3>
<sect3 id="openssh-init">
<title>Boot Script</title>
<para>To start the SSH server at system boot, install the
<para>
To start the SSH server at system boot, install the
<filename>/etc/rc.d/init.d/sshd</filename> init script included
in the <xref linkend="bootscripts"/> package.</para>
in the <xref linkend="bootscripts"/> package.
</para>
<indexterm zone="openssh openssh-init">
<primary sortas="f-sshd">sshd</primary>
</indexterm>
<screen role="root"><userinput>make install-sshd</userinput></screen>
</sect3>
</sect2>
<sect2 role="content">
@ -268,15 +332,19 @@ echo "USEPAM yes" &gt;&gt; /etc/ssh/sshd_config</userinput></screen>
<segmentedlist>
<segtitle>Installed Programs</segtitle>
<segtitle>Installed Libraries</segtitle>
<segtitle>Installed Directories</segtitle>
<seglistitem>
<seg>scp, sftp, sftp-server, slogin, ssh, sshd, ssh-add, ssh-agent,
ssh-keygen, ssh-keyscan, and ssh-keysign</seg>
<seg>None</seg>
<seg>/etc/ssh, /var/lib/sshd, /usr/lib/openssh, and
/usr/share/doc/openssh-&openssh-version;</seg>
<seg>
scp, sftp, sftp-server, slogin, ssh, sshd, ssh-add, ssh-agent,
ssh-keygen, ssh-keyscan and ssh-keysign.
</seg>
<seg>
/etc/ssh,
/var/lib/sshd,
/usr/lib/openssh and
/usr/share/doc/openssh-&openssh-version;.
</seg>
</seglistitem>
</segmentedlist>
@ -288,8 +356,10 @@ echo "USEPAM yes" &gt;&gt; /etc/ssh/sshd_config</userinput></screen>
<varlistentry id="scp">
<term><command>scp</command></term>
<listitem>
<para>is a file copy program that acts like <command>rcp</command>
except it uses an encrypted protocol.</para>
<para>
is a file copy program that acts like <command>rcp</command> except
it uses an encrypted protocol.
</para>
<indexterm zone="openssh scp">
<primary sortas="b-scp">scp</primary>
</indexterm>
@ -299,8 +369,9 @@ echo "USEPAM yes" &gt;&gt; /etc/ssh/sshd_config</userinput></screen>
<varlistentry id="sftp">
<term><command>sftp</command></term>
<listitem>
<para>is an FTP-like program that works over
SSH1 and SSH2 protocols.</para>
<para>
is an FTP-like program that works over the SSH1 and SSH2 protocols.
</para>
<indexterm zone="openssh sftp">
<primary sortas="b-sftp">sftp</primary>
</indexterm>
@ -310,8 +381,10 @@ echo "USEPAM yes" &gt;&gt; /etc/ssh/sshd_config</userinput></screen>
<varlistentry id="sftp-server">
<term><command>sftp-server</command></term>
<listitem>
<para>is an SFTP server subsystem. This program is not normally
called directly by the user.</para>
<para>
is an SFTP server subsystem. This program is not normally called
directly by the user.
</para>
<indexterm zone="openssh sftp-server">
<primary sortas="b-sftp-server">sftp-server</primary>
</indexterm>
@ -321,7 +394,9 @@ echo "USEPAM yes" &gt;&gt; /etc/ssh/sshd_config</userinput></screen>
<varlistentry id="slogin">
<term><command>slogin</command></term>
<listitem>
<para>is a symlink to <command>ssh</command>.</para>
<para>
is a symlink to <command>ssh</command>.
</para>
<indexterm zone="openssh slogin">
<primary sortas="g-slogin">slogin</primary>
</indexterm>
@ -331,8 +406,10 @@ echo "USEPAM yes" &gt;&gt; /etc/ssh/sshd_config</userinput></screen>
<varlistentry id="ssh">
<term><command>ssh</command></term>
<listitem>
<para>is an <command>rlogin</command>/<command>rsh</command>-like
client program except it uses an encrypted protocol.</para>
<para>
is an <command>rlogin</command>/<command>rsh</command>-like client
program except it uses an encrypted protocol.
</para>
<indexterm zone="openssh ssh">
<primary sortas="b-ssh">ssh</primary>
</indexterm>
@ -342,8 +419,9 @@ echo "USEPAM yes" &gt;&gt; /etc/ssh/sshd_config</userinput></screen>
<varlistentry id="sshd">
<term><command>sshd</command></term>
<listitem>
<para>is a daemon that listens for <command>ssh</command> login
requests.</para>
<para>
is a daemon that listens for <command>ssh</command> login requests.
</para>
<indexterm zone="openssh sshd">
<primary sortas="b-sshd">sshd</primary>
</indexterm>
@ -353,8 +431,9 @@ echo "USEPAM yes" &gt;&gt; /etc/ssh/sshd_config</userinput></screen>
<varlistentry id="ssh-add">
<term><command>ssh-add</command></term>
<listitem>
<para>is a tool which adds keys to the
<command>ssh-agent</command>.</para>
<para>
is a tool which adds keys to the <command>ssh-agent</command>.
</para>
<indexterm zone="openssh ssh-add">
<primary sortas="b-ssh-add">ssh-add</primary>
</indexterm>
@ -364,7 +443,9 @@ echo "USEPAM yes" &gt;&gt; /etc/ssh/sshd_config</userinput></screen>
<varlistentry id="ssh-agent">
<term><command>ssh-agent</command></term>
<listitem>
<para>is an authentication agent that can store private keys.</para>
<para>
is an authentication agent that can store private keys.
</para>
<indexterm zone="openssh ssh-agent">
<primary sortas="b-ssh-agent">ssh-agent</primary>
</indexterm>
@ -374,7 +455,9 @@ echo "USEPAM yes" &gt;&gt; /etc/ssh/sshd_config</userinput></screen>
<varlistentry id="ssh-keygen">
<term><command>ssh-keygen</command></term>
<listitem>
<para>is a key generation tool.</para>
<para>
is a key generation tool.
</para>
<indexterm zone="openssh ssh-keygen">
<primary sortas="b-ssh-keygen">ssh-keygen</primary>
</indexterm>
@ -384,8 +467,9 @@ echo "USEPAM yes" &gt;&gt; /etc/ssh/sshd_config</userinput></screen>
<varlistentry id="ssh-keyscan">
<term><command>ssh-keyscan</command></term>
<listitem>
<para>is a utility for gathering public host keys from a
number of hosts.</para>
<para>
is a utility for gathering public host keys from a number of hosts.
</para>
<indexterm zone="openssh ssh-keyscan">
<primary sortas="b-ssh-keyscan">ssh-keyscan</primary>
</indexterm>
@ -395,18 +479,17 @@ echo "USEPAM yes" &gt;&gt; /etc/ssh/sshd_config</userinput></screen>
<varlistentry id="ssh-keysign">
<term><command>ssh-keysign</command></term>
<listitem>
<para>is used by <command>ssh</command> to access the local host
keys and generate the digital signature required during hostbased
authentication with SSH protocol version 2. This program is not normally
called directly by the user.</para>
<para>
is used by <command>ssh</command> to access the local host keys and
generate the digital signature required during hostbased
authentication with SSH protocol version 2. This program is not
normally called directly by the user.
</para>
<indexterm zone="openssh ssh-keysign">
<primary sortas="b-ssh-keysign">ssh-keysign</primary>
</indexterm>
</listitem>
</varlistentry>
</variablelist>
</sect2>
</sect1>

4
xsoft/other/rox-filer.xml
View File

@ -207,8 +207,8 @@ chmod 755 /path/to/hostname/AppRun</userinput></screen>
If you use a desktop environment like
<application>Gnome</application> or <application>KDE</application> you
may like to create a <filename>rox.desktop</filename> file so that
<application>rox-filer</application> appears in the panel's menus. As the
<systemitem class="username">root</systemitem> user:
<application>rox-filer</application> appears in the panel's menus. As
the <systemitem class="username">root</systemitem> user:
</para>
<screen role="root"><userinput>ln -s ../rox/.DirIcon /usr/share/pixmaps/rox.png &amp;&amp;