~/.rhosts
This file is used for host-based authentication (see
above). On some machines this file may need to be world-
readable if the user's home directory is on an NFS
partition, because sshd(8) reads it as root. Additionally,
this file must be owned by the user, and must not have
write permissions for anyone else. The recommended
permission for most machines is read/write for the user,
and not accessible by others.
~/.shosts
This file is used in exactly the same way as .rhosts, but
allows host-based authentication without permitting login
with rlogin/rsh.
~/.ssh/
This directory is the default location for all user-
specific configuration and authentication information.
There is no general requirement to keep the entire contents
of this directory secret, but the recommended permissions
are read/write/execute for the user, and not accessible by
others.
~/.ssh/authorized_keys
Lists the public keys (DSA, ECDSA, Ed25519, RSA) that can
be used for logging in as this user. The format of this
file is described in the sshd(8) manual page. This file is
not highly sensitive, but the recommended permissions are
read/write for the user, and not accessible by others.
~/.ssh/config
This is the per-user configuration file. The file format
and configuration options are described in ssh_config(5).
Because of the potential for abuse, this file must have
strict permissions: read/write for the user, and not
writable by others.
~/.ssh/environment
Contains additional definitions for environment variables;
see ENVIRONMENT, above.
~/.ssh/id_dsa
~/.ssh/id_ecdsa
~/.ssh/id_ecdsa_sk
~/.ssh/id_ed25519
~/.ssh/id_ed25519_sk
~/.ssh/id_rsa
Contains the private key for authentication. These files
contain sensitive data and should be readable by the user
but not accessible by others (read/write/execute). ssh
will simply ignore a private key file if it is accessible
by others. It is possible to specify a passphrase when
generating the key which will be used to encrypt the
sensitive part of this file using AES-128.
~/.ssh/id_dsa.pub
~/.ssh/id_ecdsa.pub
~/.ssh/id_ecdsa_sk.pub
~/.ssh/id_ed25519.pub
~/.ssh/id_ed25519_sk.pub
~/.ssh/id_rsa.pub
Contains the public key for authentication. These files
are not sensitive and can (but need not) be readable by
anyone.
~/.ssh/known_hosts
Contains a list of host keys for all hosts the user has
logged into that are not already in the systemwide list of
known host keys. See sshd(8) for further details of the
format of this file.
~/.ssh/rc
Commands in this file are executed by ssh when the user
logs in, just before the user's shell (or command) is
started. See the sshd(8) manual page for more information.
/etc/hosts.equiv
This file is for host-based authentication (see above). It
should only be writable by root.
/etc/shosts.equiv
This file is used in exactly the same way as hosts.equiv,
but allows host-based authentication without permitting
login with rlogin/rsh.
/etc/ssh/ssh_config
Systemwide configuration file. The file format and
configuration options are described in ssh_config(5).
/etc/ssh/ssh_host_key
/etc/ssh/ssh_host_dsa_key
/etc/ssh/ssh_host_ecdsa_key
/etc/ssh/ssh_host_ed25519_key
/etc/ssh/ssh_host_rsa_key
These files contain the private parts of the host keys and
are used for host-based authentication.
/etc/ssh/ssh_known_hosts
Systemwide list of known host keys. This file should be
prepared by the system administrator to contain the public
host keys of all machines in the organization. It should
be world-readable. See sshd(8) for further details of the
format of this file.
/etc/ssh/sshrc
Commands in this file are executed by ssh when the user
logs in, just before the user's shell (or command) is
started. See the sshd(8) manual page for more information.
