Common/standard folders/files for SSH:

SSH folder

There are two folders, one is /etc/ssh, the other is ~/.ssh

You can easily tell that etc/ssh is for hostwide, while ~/.ssh is for user wide.

Here is SSH configuration data parsing order:

# Configuration data is parsed as follows:
#  1. command line options
#  2. user-specific file
#  3. system-wide file

User SSH files are stored in "~/.ssh"
The tilde ~ is an alias for the user home folder, e.g., /home/<your username>

SSH host wide files

/etc/ssh/sshd_config  ssh daemon configuration file

SSH config file

~/.ssh/config or /etc/ssh/ssh_config

ssh session configuration

SSH private key filename

~/.ssh/id_dsa   SSH2 private key file

~/.ssh/id_rsa    SSH private key file

SSH public key filename



The public key filename is the private key filename with .pub as the extension.

For how to use private/public key pair, see how to setup SSH passphrase free access

Stored server figerprints file


Stored (known) server fingerprints are written to known_hosts
This is used to detect "man in the middle" attacks. If the host fingerprint changes, SSH will report an error.

Authorized key file


The file authorized_keys is used to store public keys. Used to allow the user to maintain a collection of identity keys in one place (easier to backup and restore). The authorized_keys file is a collection of public keys, created by simply echoing out (cat) the contents of a public key, appending it to the bottom of the existing authorized_keys file.
SSH keys must have 600 or more restrictive permissions in place
If permissions are too open, SSH will report an error and refuse to run until you correct the security problem.

Other identifity files

You can generate multiple identifity files for different remote hosts/purposes, naming them as you want, then following the instruction Config multiple ssh identies on one client


Comments powered by CComment