1ssh_file(3) Erlang Module Definition ssh_file(3)
2
6 ssh_file - Default callback module for the client's and server's data‐
7 base operations in the ssh application
8
10 This module is the default callback handler for the client's and the
11 server's user and host "database" operations. All data, for instance
12 key pairs, are stored in files in the normal file system. This page
13 documents the files, where they are stored and configuration options
14 for this callback module.
15 The intention is to be compatible with the OpenSSH storage in files.
17 Therefore it mimics directories and filenames of OpenSSH.
18 Ssh_file implements the ssh_server_key_api and the ssh_client_key_api.
20 This enables the user to make an own interface using for example a
21 database handler.
22 Such another callback module could be used by setting the option key_cb
24 when starting a client or a server (with for example ssh:connect,
25 ssh:daemon of ssh:shell ).
26 Note:
28 The functions are Callbacks for the SSH app. They are not intended to
29 be called from the user's code!
30
33 Daemons
34 Daemons uses all files stored in the SYSDIR directory.
35 Optionaly, in case of publickey authorization, one or more of the re‐
37 mote user's public keys in the USERDIR directory are used. See the
38 files USERDIR/authorized_keys and USERDIR/authorized_keys2.
39 Clients
41 Clients uses all files stored in the USERDIR directory.
42 Directory contents
44 LOCALUSER:
45 The user name of the OS process running the Erlang virtual machine
46 (emulator).
47 SYSDIR:
49 This is the directory holding the server's files:
50 * ssh_host_dsa_key - private dss host key (optional)
52 * ssh_host_rsa_key - private rsa host key (optional)
54 * ssh_host_ecdsa_key - private ecdsa host key (optional)
56 * ssh_host_ed25519_key - private eddsa host key for curve 25519
58 (optional)
59 * ssh_host_ed448_key - private eddsa host key for curve 448 (op‐
61 tional)
62 The key files could be generated with OpenSSH's ssh-keygen command.
64 At least one host key must be defined. The default value of SYSDIR
66 is /etc/ssh.
67 For security reasons, this directory is normally accessible only to
69 the root user.
70 To change the SYSDIR, see the system_dir option.
72 USERDIR:
74 This is the directory holding the files:
75 * authorized_keys and, as second alternative authorized_keys2 - the
77 user's public keys are stored concatenated in one of those files.
78 It is composed of lines as for OpenSSH:
80 (options)? keytype base64-encoded-key comment
82 where
84 options :: option(,option)*
86 option :: % All options are skipped
87 keytype :: 'ssh-dsa'
88 | 'ssh-rsa'
89 | 'ssh-ecdsa-nistp256'
90 | 'ssh-ecdsa-nistp384'
91 | 'ssh-ecdsa-nistp521'
92 | 'ssh-ed25519'
93 | 'ssh-ed448'
94 base64-encoded-key :: % The user's public key
95 comment :: % Comments are skipped
96 * known_hosts - host keys from hosts visited concatenated. The file
99 is created and used by the client.
100 It is composed of lines as for OpenSSH:
102 (option)? pattern(,pattern)* keytype key (comment)?
104 where
106 option :: '@revoked'
108 pattern :: host | '[' host ']:' port
109 host :: ip-address | hostname | '*'
110 port :: portnumber | '*'
111 keytype :: 'ssh-dsa'
112 | 'ssh-rsa'
113 | 'ssh-ecdsa-nistp256'
114 | 'ssh-ecdsa-nistp384'
115 | 'ssh-ecdsa-nistp521'
116 | 'ssh-ed25519'
117 | 'ssh-ed448'
118 key :: % encoded key from eg ssh_host_*.pub
119 * id_dsa - private dss user key (optional)
122 * id_rsa - private rsa user key (optional)
124 * id_ecdsa - private ecdsa user key (optional)
126 * id_ed25519 - private eddsa user key for curve 25519 (optional)
128 * id_ed448 - private eddsa user key for curve 448 (optional)
130 The key files could be generated with OpenSSH's ssh-keygen command.
132 The default value of USERDIR is /home/LOCALUSER/.ssh.
134 To change the USERDIR, see the user_dir option
136
138 Options for the default ssh_file callback module
139 user_dir_common_option() = {user_dir, string()}
140 Sets the user directory.
142 user_dir_fun_common_option() = {user_dir_fun, user2dir()}
144 user2dir() =
146 fun((RemoteUserName :: string()) -> UserDir :: string())
147 Sets the user directory dynamically by evaluating the user2dir
149 function.
150 system_dir_daemon_option() = {system_dir, string()}
152 Sets the system directory.
154 pubkey_passphrase_client_options() =
156 {dsa_pass_phrase, string()} |
157 {rsa_pass_phrase, string()} |
158 {ecdsa_pass_phrase, string()}
159 If the user's DSA, RSA or ECDSA key is protected by a
161 passphrase, it can be supplied with thoose options.
162 Note that EdDSA passhrases (Curves 25519 and 448) are not imple‐
164 mented.
165 optimize_key_lookup() = {optimize, time | space}
167 Make the handling of large files fast by setting time, but this
169 will use more memory. The space variant shrinks the memory re‐
170 quirements, but with a higher time consumption.
171 To set it, set the option {key_cb, {ssh_file, [{optimize,Time‐
173 OrSpace}]} in the call of "ssh:connect/3, ssh:daemon/2 or simi‐
174 lar function call that initiates an ssh connection.
175
177 host_key(Algorithm, Options) -> Result
178 Types:
180 Algorithm = ssh:pubkey_alg()
182 Result = {ok, public_key:private_key()} | {error, term()}
183 Options = ssh_server_key_api:daemon_key_cb_options(none())
184 Types and description
186 See the api description in ssh_server_key_api, Mod‐
188 ule:host_key/2.
189 Options
191 * system_dir
193 Files
195 * SYSDIR/ssh_host_rsa_key
197 * SYSDIR/ssh_host_dsa_key
199 * SYSDIR/ssh_host_ecdsa_key
201 * SYSDIR/ssh_host_ed25519_key
203 * SYSDIR/ssh_host_ed448_keyc>
205 is_auth_key(Key, User, Options) -> boolean()
207 Types:
209 Key = public_key:public_key()
211 User = string()
212 Options =
213 ssh_server_key_api:daemon_key_cb_options(opti‐
214 mize_key_lookup())
215 Types and description
217 See the api description in ssh_server_key_api: Mod‐
219 ule:is_auth_key/3.
220 Options
222 * user_dir_fun
224 * user_dir
226 Files
228 * USERDIR/authorized_keys
230 * USERDIR/authorized_keys2
232 This functions discards all options in the begining of the lines
234 of thoose files when reading them.
235 add_host_key(Host, Port, Key, Options) -> Result
237 Types:
239 Host =
241 inet:ip_address() |
242 inet:hostname() |
243 [inet:ip_address() | inet:hostname()]
244 Port = inet:port_number()
245 Key = public_key:public_key()
246 Options = ssh_client_key_api:client_key_cb_options(none())
247 Result = ok | {error, term()}
248 Types and description
250 See the api description in ssh_client_key_api, Mod‐
252 ule:add_host_key/4.
253 Note that the alternative, the old Module:add_host_key/3 is no
255 longer supported by ssh_file.
256 Option
258 * user_dir
260 File
262 * USERDIR/known_hosts
264 is_host_key(Key, Host, Port, Algorithm, Options) -> Result
266 Types:
268 Key = public_key:public_key()
270 Host =
271 inet:ip_address() |
272 inet:hostname() |
273 [inet:ip_address() | inet:hostname()]
274 Port = inet:port_number()
275 Algorithm = ssh:pubkey_alg()
276 Options =
277 ssh_client_key_api:client_key_cb_options(opti‐
278 mize_key_lookup())
279 Result = boolean() | {error, term()}
280 Types and description
282 See the api description in ssh_client_key_api, Mod‐
284 ule:is_host_key/5.
285 Note that the alternative, the old Module:is_host_key/4 is no
287 longer supported by ssh_file.
288 Option
290 * user_dir
292 File
294 * USERDIR/known_hosts
296 user_key(Algorithm, Options) -> Result
298 Types:
300 Algorithm = ssh:pubkey_alg()
302 Result = {ok, public_key:private_key()} | {error, string()}
303 Options = ssh_client_key_api:client_key_cb_options(none())
304 Types and description
306 See the api description in ssh_client_key_api, Mod‐
308 ule:user_key/2.
309 Options
311 * user_dir
313 * dsa_pass_phrase
315 * rsa_pass_phrase
317 * ecdsa_pass_phrase
319 Note that EdDSA passhrases (Curves 25519 and 448) are not imple‐
321 mented.
322 Files
324 * USERDIR/id_dsa
326 * USERDIR/id_rsa
328 * USERDIR/id_ecdsa
330 * USERDIR/id_ed25519
332 * USERDIR/id_ed448
334 decode(SshBin, ssh2_pubkey) -> Key
336 decode(SshBin, rfc4716_key) -> ResultRfc4716
337 decode(SshBin, openssh_key) -> ResultOpenSsh
338 decode(SshBin, public_key) -> ResultRfc4716 | ResultOpenSsh
339 Types:
341 SshBin = binary()
343 ResultRfc4716 = [{Key, [{headers,Hdrs}]}] | Error
344 ResultOpenSsh = [{Key, [{comment,string()}]}] | Error
345 Key = public_key:public_key()
346 Hdrs = [{Tag::string(), Value::string()}]
347 Error = {error,term()}
348 Decodes an SSH file-binary.
350 If Type is public_key the binary can be either an RFC4716 public
352 key or an OpenSSH public key.
353 Note:
355 The following key types have been renamed from the deprecated
356 public_key:ssh_decode/2:
357 * rfc4716_public_key -> rfc4716_key
359 * openssh_public_key -> openssh_key
361 encode(Key, ssh2_pubkey) -> Result
363 encode(KeyAttrsRfc4716, rfc4716_key) -> Result
364 encode(KeyAttrsOpenSsh, openssh_key) -> Result
365 Types:
367 Key = public_key:public_key()
369 Result = binary() | Error
370 KeyAttrsRfc4716 = [{Key, [{headers,Hdrs}]}] | Error
371 KeyAttrsOpenSsh = [{Key, [{comment,string()}]}] | Error
372 Hdrs = [{Tag::string(), Value::string()}]
373 Error = {error,term()}
374 Encodes a list of SSH file entries (public keys and attributes)
376 to a binary.
377 Note:
379 The following key types have been renamed from the deprecated
380 public_key:ssh_encode/2:
381 * rfc4716_public_key -> rfc4716_key
383 * openssh_public_key -> openssh_key
385Ericsson AB ssh 4.12.5 ssh_file(3)