1ssh_file(3)                Erlang Module Definition                ssh_file(3)
2
3
4

NAME

6       ssh_file  - Default callback module for the client's and server's data‐
7       base operations in the ssh application
8

DESCRIPTION

10       This module is the default callback handler for the  client's  and  the
11       server's  user  and  host "database" operations. All data, for instance
12       key pairs, are stored in files in the normal  file  system.  This  page
13       documents  the  files,  where they are stored and configuration options
14       for this callback module.
15
16       The intention is to be compatible with the OpenSSH  storage  in  files.
17       Therefore it mimics directories and filenames of OpenSSH.
18
19       Ssh_file  implements the ssh_server_key_api and the ssh_client_key_api.
20       This enables the user to make an own  interface  using  for  example  a
21       database handler.
22
23       Such another callback module could be used by setting the option key_cb
24       when starting a client or  a  server  (with  for  example  ssh:connect,
25       ssh:daemon of ssh:shell ).
26
27   Note:
28       The  functions are Callbacks  for the SSH app. They are not intended to
29       be called from the user's code!
30
31

FILES, DIRECTORIES AND WHO USES THEM

33   Daemons
34       Daemons uses all files stored in the SYSDIR directory.
35
36       Optionaly, in case of publickey  authorization,  one  or  more  of  the
37       remote  user's  public  keys in the USERDIR directory are used. See the
38       files USERDIR/authorized_keys and USERDIR/authorized_keys2.
39
40   Clients
41       Clients uses all files stored in the USERDIR directory.
42
43   Directory contents
44         LOCALUSER:
45           The user name of the OS process running the Erlang virtual  machine
46           (emulator).
47
48         SYSDIR:
49           This is the directory holding the server's files:
50
51           * ssh_host_dsa_key - private dss host key (optional)
52
53           * ssh_host_rsa_key - private rsa host key (optional)
54
55           * ssh_host_ecdsa_key - private ecdsa host key (optional)
56
57           * ssh_host_ed25519_key  -  private  eddsa  host key for curve 25519
58             (optional)
59
60           * ssh_host_ed448_key  -  private  eddsa  host  key  for  curve  448
61             (optional)
62
63           At  least one host key must be defined. The default value of SYSDIR
64           is /etc/ssh.
65
66           For security reasons, this directory is normally accessible only to
67           the root user.
68
69           To change the SYSDIR, see the system_dir option.
70
71         USERDIR:
72           This is the directory holding the files:
73
74           * authorized_keys and, as second alternative authorized_keys2 - the
75             user's public keys are stored concatenated in one of those files.
76
77           * known_hosts - host keys from hosts visited concatenated. The file
78             is created and used by the client.
79
80           * id_dsa - private dss user key (optional)
81
82           * id_rsa - private rsa user key (optional)
83
84           * id_ecdsa - private ecdsa user key (optional)
85
86           * id_ed25519 - private eddsa user key for curve 25519 (optional)
87
88           * id_ed448 - private eddsa user key for curve 448 (optional)
89
90           The default value of USERDIR is /home/LOCALUSER/.ssh.
91
92           To change the USERDIR, see the user_dir option
93

DATA TYPES

95   Options for the default ssh_file callback module
96       user_dir_common_option() = {user_dir, string()}
97
98              Sets the user directory.
99
100       user_dir_fun_common_option() = {user_dir_fun, user2dir()}
101
102       user2dir() =
103           fun((RemoteUserName :: string()) -> UserDir :: string())
104
105              Sets  the  user directory dynamically by evaluating the user2dir
106              function.
107
108       system_dir_daemon_option() = {system_dir, string()}
109
110              Sets the system directory.
111
112       pubkey_passphrase_client_options() =
113           {dsa_pass_phrase, string()} |
114           {rsa_pass_phrase, string()} |
115           {ecdsa_pass_phrase, string()}
116
117              If  the  user's  DSA,  RSA  or  ECDSA  key  is  protected  by  a
118              passphrase, it can be supplied with thoose options.
119
120              Note that EdDSA passhrases (Curves 25519 and 448) are not imple‐
121              mented.
122

EXPORTS

124       host_key(Algorithm, DaemonOptions) -> {ok, Key} | {error, Reason}
125
126              Types and description
127
128              See   the   api   description   in   ssh_server_key_api,    Mod‐
129              ule:host_key/2.
130
131              Options
132
133                * system_dir
134
135              Files
136
137                * SYSDIR/ssh_host_rsa_key
138
139                * SYSDIR/ssh_host_dsa_key
140
141                * SYSDIR/ssh_host_ecdsa_key
142
143                * SYSDIR/ssh_host_ed25519_key
144
145                * SYSDIR/ssh_host_ed448_keyc>
146
147       is_auth_key(PublicUserKey, User, DaemonOptions) -> Result
148
149              Types and description
150
151              See    the   api   description   in   ssh_server_key_api:   Mod‐
152              ule:is_auth_key/3.
153
154              Options
155
156                * user_dir_fun
157
158                * user_dir
159
160              Files
161
162                * USERDIR/authorized_keys
163
164                * USERDIR/authorized_keys2
165
166       add_host_key(HostNames, PublicHostKey, ConnectOptions) -> ok |  {error,
167       Reason}
168
169              Types and description
170
171              See    the   api   description   in   ssh_client_key_api,   Mod‐
172              ule:add_host_key/3.
173
174              Option
175
176                * user_dir
177
178              File
179
180                * USERDIR/known_hosts
181
182       is_host_key(Key, Host, Algorithm, ConnectOptions) -> Result
183
184              Types and description
185
186              See   the   api   description   in   ssh_client_key_api,    Mod‐
187              ule:is_host_key/4.
188
189              Option
190
191                * user_dir
192
193              File
194
195                * USERDIR/known_hosts
196
197       user_key(Algorithm,  ConnectOptions) -> {ok, PrivateKey} | {error, Rea‐
198       son}
199
200              Types and description
201
202              See   the   api   description   in   ssh_client_key_api,    Mod‐
203              ule:user_key/2.
204
205              Options
206
207                * user_dir
208
209                * dsa_pass_phrase
210
211                * rsa_pass_phrase
212
213                * ecdsa_pass_phrase
214
215              Note that EdDSA passhrases (Curves 25519 and 448) are not imple‐
216              mented.
217
218              Files
219
220                * USERDIR/id_dsa
221
222                * USERDIR/id_rsa
223
224                * USERDIR/id_ecdsa
225
226                * USERDIR/id_ed25519
227
228                * USERDIR/id_ed448
229
230Ericsson AB                         ssh 4.9                        ssh_file(3)
Impressum