9.2. An OpenSSH Configuration

In order to perform tasks described in this section, you must have superuser privileges. To obtain them, log in as root by typing:

~]$ su -
Password:

9.2.1. Configuration Files

There are two different sets of configuration files: those for client programs (that is, ssh, scp, and sftp), and those for the server (the sshd daemon).

System-wide SSH configuration information is stored in the /etc/ssh/ directory. See Table 9.1, “System-wide configuration files” for a description of its content.

Table 9.1. System-wide configuration files

Configuration File	Description
`/etc/ssh/moduli`	Contains Diffie-Hellman groups used for the Diffie-Hellman key exchange which is critical for constructing a secure transport layer. When keys are exchanged at the beginning of an SSH session, a shared, secret value is created which cannot be determined by either party alone. This value is then used to provide host authentication.
`/etc/ssh/ssh_config`	The default SSH client configuration file. Note that it is overridden by `~/.ssh/config` if it exists.
`/etc/ssh/sshd_config`	The configuration file for the `sshd` daemon.
`/etc/ssh/ssh_host_dsa_key`	The DSA private key used by the `sshd` daemon.
`/etc/ssh/ssh_host_dsa_key.pub`	The DSA public key used by the `sshd` daemon.
`/etc/ssh/ssh_host_key`	The RSA private key used by the `sshd` daemon for version 1 of the SSH protocol.
`/etc/ssh/ssh_host_key.pub`	The RSA public key used by the `sshd` daemon for version 1 of the SSH protocol.
`/etc/ssh/ssh_host_rsa_key`	The RSA private key used by the `sshd` daemon for version 2 of the SSH protocol.
`/etc/ssh/ssh_host_rsa_key.pub`	The RSA public key used by the `sshd` for version 2 of the SSH protocol.

User-specific SSH configuration information is stored in the user's home directory within the ~/.ssh/ directory. See Table 9.2, “User-specific configuration files” for a description of its content.

Table 9.2. User-specific configuration files

Configuration File	Description
`~/.ssh/authorized_keys`	Holds a list of authorized public keys for servers. When the client connects to a server, the server authenticates the client by checking its signed public key stored within this file.
`~/.ssh/id_dsa`	Contains the DSA private key of the user.
`~/.ssh/id_dsa.pub`	The DSA public key of the user.
`~/.ssh/id_rsa`	The RSA private key used by `ssh` for version 2 of the SSH protocol.
`~/.ssh/id_rsa.pub`	The RSA public key used by `ssh` for version 2 of the SSH protocol
`~/.ssh/identity`	The RSA private key used by `ssh` for version 1 of the SSH protocol.
`~/.ssh/identity.pub`	The RSA public key used by `ssh` for version 1 of the SSH protocol.
`~/.ssh/known_hosts`	Contains DSA host keys of SSH servers accessed by the user. This file is very important for ensuring that the SSH client is connecting the correct SSH server.

Refer to the ssh_config and sshd_config man pages for information concerning the various directives available in the SSH configuration files.