HP OpenVMS Systems Documentation

Content starts here

Server Directories and Files

  Table of Contents

  Glossary

  Index

TCPIP$SSH_DEVICE:[TCPIP$SSH]

Function: Default directory of TCPIP$SSH account

Creation: During SSH server configuration

Scope: Systemwide

Use: By running instances of the server and client processes

TCPIP$SSH_DEVICE:[TCPIP$SSH.SSH2]

Function: Contains multiple SSH files and subdirectories.

Creation: During SSH server configuration

Scope: Systemwide

Use: By running instances of the server and client processes

TCPIP$SSH_DEVICE:[TCPIP$SSH.SSH2]SSHD2_CONFIG.

Function: Server configuration file

Creation: During SSH server configuration by extracting a template file from the TCP/IP kit. The system manager edits the file as necessary.

Scope: Systemwide

Use: Read by a starting server process; also read by the client for host-based authentication.

TCPIP$SSH_DEVICE:[TCPIP$SSH.SSH2]HOSTKEY.

Function: Contains the private part of the host key pair. This file is owned by the system account and has system read access only.

Creation: Together with the public part of the host key pair during SSH server configuration (if requested). The new key can be created any time by a system manager running the key-generation utility, SSH_KEYGEN, which creates both keys.

Scope: Systemwide

Use: By the server, when connection from a client is requested.

TCPIP$SSH_DEVICE:[TCPIP$SSH.SSH2]HOSTKEY.PUB

Function: Contains the public part of the host key. This file is writable by the system account only and readable by world.

Creation: Together with the private part of the host key during SSH server configuration (if requested). The new key can be created any time by a system manager running the key generation utility, SSH_KEYGEN, which creates both keys).

Scope: Systemwide

Use: Server host identification. Required on the SSH client in the [username.SSH2.KNOWNHOSTS] directory in order to use any authentication method. Also required on the server for host-based authentication.

TCPIP$SSH_DEVICE:[TCPIP$SSH.SSH2]SHOSTS.EQUIV

Function: List of trusted hosts.

Creation: An empty directory is created during SSH server configuration. The system manager populates the file.

Scope: Systemwide

Use: As a systemwide list of trusted hosts checked by a server for host-based authentication.

TCPIP$SSH_DEVICE:[TCPIP$SSH.SSH2.KNOWNHOSTS]

Function: Systemwide directory that contains public keys of all remote client hosts that might attempt to connect to the server using host-based authentication.

Creation: An empty file is created during SSH server configuration. It is populated by the system manager as necessary by copying files from client hosts.

Scope: Systemwide

Use: The server gets public keys of remote client hosts from this directory when it it processing a request for a host-based authentication connection.

SYS$LOGIN:SHOSTS.

Function: List of trusted hosts

Creation: By the user, if necessary

Scope: User specific

Use: As a user-specific list of trusted hosts, checked by the server for host-based authentication. The server checks this list after it checks the systemwide SHOSTS.EQUIV, enabling the user to allow access by hosts that are not in the systemwide list.

SYS$LOGIN:[SSH2]

Function: Contains multiple SSH files and subdirectories.

Creation: By the user, if necessary

Scope: User specific

Use: By running the server

SYS$LOGIN:[SSH2.KNOWNHOSTS]

Function: A user-specific directory that contains public keys of all remote client hosts that might try to connect to the server using host-based authentication.

Creation: By the user, if necessary. The user populates the directory by copying files from client hosts.

Scope: User specific

Use: The server gets public keys of remote client hosts from this directory when it is processing a request for a host-based authentication connection. The file from this directory is used if another file with the same name exists in the systemwide directory.

SYS$SYSLOGIN:[SSH2]AUTHORIZATION

Function: Contains information that allows the server to identify the user for public-key authentication.

Creation: By the user, if necessary. The user populates this file by copying files from the client hosts.

Scope: User specific

Use: The server uses the information in this file to identify the user.