Understanding OpenSSH Configuration Files

OpenSSH clients and servers have several configuration files. Global configuration files are stored in the /etc/ssh directory. User configuration files are stored in an .ssh directory in user home directories (~/.ssh).

/etc/ssh: Global Files

The following are brief descriptions of the global configuration files under /etc/ssh directory.

# ls -lrt /etc/ssh
total 156
-rw-------  1 root root 125811 Aug  7 13:40 moduli
-rw-r--r--. 1 root root    382 Aug  9 00:39 ssh_host_rsa_key.pub
-rw-------. 1 root root   1675 Aug  9 00:39 ssh_host_rsa_key
-rw-r--r--. 1 root root    627 Aug  9 00:39 ssh_host_key.pub
-rw-------. 1 root root    963 Aug  9 00:39 ssh_host_key
-rw-r--r--. 1 root root    590 Aug  9 00:39 ssh_host_dsa_key.pub
-rw-------. 1 root root    668 Aug  9 00:39 ssh_host_dsa_key
-rw-r--r--. 1 root root   2103 Aug  9 00:40 ssh_config
-rw-------. 1 root root   3949 Aug  9 00:40 sshd_config
File Purpose
moduli Contains key exchange information used to establish a secure connection
ssh_config The default OpenSSH client configuration file. Entries are overridden by a user’s ~/.ssh/config file.
sshd_config The configuration file for the sshd daemon
ssh_host_ecdsa_key The ECDSA private key used by the sshd daemon
ssh_host_ecdsa_key.pub The ECDSA public key used by the sshd daemon
ssh_host_key The RSA private key for version SSH1
ssh_host_key.pub The RSA public key for version SSH1
ssh_host_rsa_key The RSA private key for version SSH2
ssh_host_rsa_key.pub The RSA public key for version SSH2

There is also a PAM configuration file for the sshd daemon, /etc/pam.d/sshd, and a configuration file for the sshd service, /etc/sysconfig/sshd.

~/.ssh: User Files

OpenSSH creates the ~/.ssh directory and the known_hosts file automatically when you connect to a remote system. The following are brief descriptions of the user-specific configuration files:

File Purpose
authorized_keys Contains a list of authorized public keys for SSH servers. The server authenticates the client by checking its signed public key within this file.
id_ecdsa The ECDSA private key of the user
id_ecdsa.pub The ECDSA public key of the user
id_rsa The RSA private key for version SSH2
id_rsa.pub The RSA public key for version SSH2
identity The RSA private key for version SSH1
identity.pub The RSA public key for version SSH1
known_hosts Contains host keys of SSH servers accessed by the user. OpenSSH automatically adds entries each time the user connects to a new server.
Related Post