OpenSSH Configuration Files
OpenSSH has two different sets of configuration files: one for client programs (ssh, scp, and sftp) and one for the server daemon (sshd).
ssh obtains configuration data from the following sources in the following order:
1. command-line options
2. user’s configuration file (~/.ssh/config)
3. system-wide configuration file (/etc/ssh/ssh_config)
For each parameter, the first obtained value will be used.
System-wide SSH configuration information is stored in the /etc/ssh/ directory
• moduli — Contains Diffie-Hellman groups used for the Diffie-Hellman key exchange which is critical for constructing a secure transport layer. When keys are exchanged at the beginning of an SSH session, a shared, secret value is created which cannot be determined by either party alone. This value is then used to provide host authentication.
• ssh_config — The system-wide default SSH client configuration file. It is overridden if one is also present in the user's home directory (~/.ssh/config).
• sshd_config — The configuration file for the sshd daemon.
• ssh_host_dsa_key — The DSA private key used by the sshd daemon.
• ssh_host_dsa_key.pub — The DSA public key used by the sshd daemon.
• ssh_host_key — The RSA private key used by the sshd daemon for version 1 of the SSH protocol.
• ssh_host_key.pub — The RSA public key used by the sshd daemon for version 1 of the SSH protocol.
• ssh_host_rsa_key — The RSA private key used by the sshd daemon for version 2 of the SSH protocol.
• ssh_host_rsa_key.pub — The RSA public key used by the sshd for version 2 of the SSH protocol.
User-specific SSH configuration information is stored in the user's home directory within the ~/.ssh/ directory:
• authorized_keys — This file holds a list of authorized public keys for servers. When the client connects to a server, the server authenticates the client by checking its signed public key stored within this file.
• id_dsa — Contains the DSA private key of the user.
• id_dsa.pub — The DSA public key of the user.
• id_rsa — The RSA private key used by ssh for version 2 of the SSH protocol.
• id_rsa.pub — The RSA public key used by ssh for version 2 of the SSH protocol
• identity — The RSA private key used by ssh for version 1 of the SSH protocol.
• identity.pub — The RSA public key used by ssh for version 1 of the SSH protocol.
• known_hosts — This file contains DSA host keys of SSH servers accessed by the user. This file is very important for ensuring that the SSH client is connecting the correct SSH server. If the host public key is changed on a remote host, the client will show a warning message as shown below.
[root@RHEL04 .ssh]# ssh root@192.168.1.105
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that the RSA host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
b2:2c:6f:90:9a:fd:18:6e:01:d2:03:66:be:7d:9c:6e.
Please contact your system administrator.
Add correct host key in /root/.ssh/known_hosts to get rid of this message.
Offending key in /root/.ssh/known_hosts:1
RSA host key for 192.168.1.105 has changed and you have requested strict checking.
Host key verification failed.