From d655a343837f4a05ca7a9683d57245734d7482ac Mon Sep 17 00:00:00 2001
From: Hans Nilsson
Date: Mon, 22 Oct 2018 16:12:02 +0200
Subject: ssh: Move some option's documentation to ssh_file user_dir
user_dir_fun (missing previously) *_passphrase system_dir
---
lib/ssh/doc/src/ssh.xml | 71 +++--------------------
lib/ssh/doc/src/ssh_app.xml | 7 ++-
lib/ssh/doc/src/ssh_file.xml | 122 +++++++++++++++++++++++++++++-----------
lib/ssh/doc/src/terminology.xml | 4 +-
lib/ssh/doc/src/using_ssh.xml | 11 ++--
lib/ssh/src/ssh.hrl | 14 ++---
lib/ssh/src/ssh_file.erl | 15 +++++
7 files changed, 131 insertions(+), 113 deletions(-)
(limited to 'lib')
diff --git a/lib/ssh/doc/src/ssh.xml b/lib/ssh/doc/src/ssh.xml
index e674991748..b75b4a33c2 100644
--- a/lib/ssh/doc/src/ssh.xml
+++ b/lib/ssh/doc/src/ssh.xml
@@ -99,8 +99,8 @@
The paths could easily be changed by options:
- user_dir and
- system_dir.
+ user_dir and
+ system_dir.
A completly different storage could be interfaced by writing call-back modules
using the behaviours
@@ -123,12 +123,12 @@
- ssh_host_ecdsa_key and ssh_host_ecdsa_key.pub
The host keys directory could be changed with the option
- system_dir.
+ system_dir.
- Optional: one or more User's public key in case of publickey authorization.
Default is to store them concatenated in the file .ssh/authorized_keys in the user's home directory.
The user keys directory could be changed with the option
- user_dir.
+ user_dir.
@@ -138,7 +138,7 @@
The keys and some other data are by default stored in files in the directory .ssh
in the user's home directory.
The directory could be changed with the option
- user_dir.
+ user_dir.
- Optional: a list of Host public key(s) for previously connected hosts. This list
@@ -192,27 +192,12 @@
If there is no public key of a specified type available, the corresponding entry is ignored.
Note that the available set is dependent on the underlying cryptolib and current user's public keys.
- See also the option user_dir
+
See also the option user_dir
for specifying the path to the user's keys.
-
-
-
- If the user's DSA, RSA or ECDSA key is protected by a passphrase, it can be
- supplied with thoose options.
-
-
- Those options can only be used if the module in
- key_cb
- handles that option. That is the case with the default value of the key_cb option.
-
-
-
-
-
@@ -226,7 +211,7 @@
This option guides the connect function on how to act when the connected server presents a Host
Key that the client has not seen before. The default is to ask the user with a question on stdio of whether to
accept or reject the new Host Key.
- See the option user_dir
+ See the option user_dir
for specifying the path to the file known_hosts where previously accepted Host Keys are recorded.
See also the option
key_cb
@@ -282,7 +267,7 @@
accept question the next time the same host is connected. If the option
key_cb
is not present, the key is saved in the file "known_hosts". See option
- user_dir for
+ user_dir for
the location of that file.
If false, the key is not saved and the key will still be unknown
@@ -484,24 +469,6 @@
- system_dir
- -
-
Sets the system directory, containing the host key files
- that identify the host keys for ssh. Defaults to
- /etc/ssh.
- For security reasons, this directory is normally accessible only to the root user.
- See also the option
- key_cb
- for the general way to handle keys.
-
-
- This option can only be used if the module in
- key_cb
- handles that option. That is the case with the default value of the key_cb option.
-
-
-
-
auth_method_kb_interactive_data
-
Sets the text strings that the daemon sends to the client for presentation to the user when
@@ -740,28 +707,6 @@
-
-
-
- Sets the user directory. That is, the directory containing ssh configuration
- files for the user, such as
- known_hosts, id_rsa, id_dsa>, id_ecdsa and authorized_key.
- Defaults to the directory normally referred to as ~/.ssh where ~ is the home directory of the user
- that the Erlang executes as.
-
- See also the option
- key_cb
- for the general way to handle keys.
-
-
- This option can only be used if the module in
- key_cb
- handles that option. That is the case with the default value of the key_cb option.
-
-
-
-
-
diff --git a/lib/ssh/doc/src/ssh_app.xml b/lib/ssh/doc/src/ssh_app.xml
index e80bb1853d..eb804e67dc 100644
--- a/lib/ssh/doc/src/ssh_app.xml
+++ b/lib/ssh/doc/src/ssh_app.xml
@@ -74,13 +74,18 @@
id_ecdsa_key,
known_hosts, and authorized_keys in ~/.ssh,
and for the host key files in /etc/ssh. These locations can be changed
- by the options user_dir and system_dir.
+ by the options
+ user_dir and
+ system_dir.
Public key handling can also be customized through a callback module that
implements the behaviors
ssh_client_key_api and
ssh_server_key_api.
+ See also the default callback module documentation in
+ ssh_file.
+
diff --git a/lib/ssh/doc/src/ssh_file.xml b/lib/ssh/doc/src/ssh_file.xml
index 910c6698fc..20dcb86fd6 100644
--- a/lib/ssh/doc/src/ssh_file.xml
+++ b/lib/ssh/doc/src/ssh_file.xml
@@ -34,37 +34,52 @@
This module is the default callback handler for the client's and the server's user and host "database" operations.
- The intention is to be compatible with the OpenSSH storage in files. Therefore it mimics directories and filenames
- of OpenSSH.
+ The intention is to be compatible with the
+ OpenSSH
+ storage in files. Therefore it mimics directories and filenames of
+ OpenSSH.
The functions are Callbacks for the SSH app. They are not intended to be called from the user's code!
-
- Making your own callback module
- Ssh_file implements the ssh_server_key_api and
- ssh_client_key_api.
- This enables the user to make an own interface using for example a database handler.
-
- Such another callback module could be used by setting the option
- key_cb
- when starting a client or a server (with for example
- ssh:connect,
- ssh:daemon of
- ssh:shell
- ).
-
-
+
+ Making your own callback module
+ Ssh_file implements the ssh_server_key_api and
+ ssh_client_key_api.
+ This enables the user to make an own interface using for example a database handler.
+
+ Such another callback module could be used by setting the option
+ key_cb
+ when starting a client or a server (with for example
+ ssh:connect,
+ ssh:daemon of
+ ssh:shell
+ ).
+
+
+
+
+ Daemons
+ Daemons uses all files stored in the SYSDIR directory and
+ optionaly one or more User's public key in case of publickey authorization.
+ The user's public keys are stored concatenated in the file
+ authorized_keys
+ in the
+ USERDIR directory.
+
+
+
+
+ Clients
+ Clients uses all files stored in the USERDIR directory.
+
+
Files, directories and conventions
-
-
LOCALUSER
- The user name of the OS process running the Erlang virtual machine (emulator).
@@ -78,6 +93,10 @@
At least one host key must be defined. The default value of SYSDIR is /etc/ssh.
+ For security reasons, this directory is normally accessible only to the root user.
+
+ To change the SYSDIR, see the system_dir option.
+
USERDIR
@@ -91,12 +110,51 @@
- id_ecdsa - private ecdsa user key (optional)
The default value of USERDIR is /home/LOCALUSER/.ssh.
- See also the user_dir common option.
-
+
+ To change the USERDIR, see the user_dir option
+
+
+
+ Options for the default ssh_file callback module
+
+
+
+ Sets the user directory.
+
+
+
+
+
+
+ Sets the user directory dynamically
+ by evaluating the function
+
+ fun(RemoteUser) -> USERDIR end
+
+
+
+
+
+
+ Sets the system directory.
+
+
+
+
+
+
+ If the user's DSA, RSA or ECDSA key is protected by a passphrase, it can be
+ supplied with thoose options.
+
+
+
+
+
+
host_key(Algorithm, DaemonOptions) -> {ok, Key} | {error, Reason}
@@ -108,7 +166,7 @@
Options
- - {system_dir, SYSDIR}
+ - system_dir
@@ -133,8 +191,8 @@
Options
- - {user_dir_fun, fun(RemoteUser) -> USERDIR end}
- - {user_dir, USERDIR}
+ - user_dir_fun
+ - user_dir
Files
@@ -155,7 +213,7 @@
Option
- - {user_dir, USERDIR}
+ - user_dir
File
@@ -175,7 +233,7 @@
Option
- - {user_dir, USERDIR}
+ - user_dir
File
@@ -195,10 +253,10 @@
Options
- - {user_dir, USERDIR}
- - {dsa_pass_phrase, PWD}
- - {rsa_pass_phrase, PWD}
- - {ecdsa_pass_phrase, PWD}
+ - user_dir
+ - dsa_pass_phrase
+ - rsa_pass_phrase
+ - ecdsa_pass_phrase
Files
diff --git a/lib/ssh/doc/src/terminology.xml b/lib/ssh/doc/src/terminology.xml
index 874a03b36e..db1e08970d 100644
--- a/lib/ssh/doc/src/terminology.xml
+++ b/lib/ssh/doc/src/terminology.xml
@@ -147,11 +147,11 @@
are searched in a directory found in the following order:
- If the option
- user_dir_fun
+ user_dir_fun
is defined, that fun is called and the returned directory is used,
- Else, If the option
- user_dir
+ user_dir
is defined, that directory is used,
- Else the subdirectory .ssh in the home directory of the user executing
diff --git a/lib/ssh/doc/src/using_ssh.xml b/lib/ssh/doc/src/using_ssh.xml
index 80662e9a70..4455d5ecc5 100644
--- a/lib/ssh/doc/src/using_ssh.xml
+++ b/lib/ssh/doc/src/using_ssh.xml
@@ -74,16 +74,17 @@
Running an Erlang ssh Daemon
-
The system_dir option must be a directory containing a host
- key file and it defaults to /etc/ssh. For details, see Section
- Configuration Files in ssh(6).
+
The
+ system_dir
+ option must be a directory containing a host key file and it defaults to /etc/ssh.
+ For details, see Section Configuration Files in ssh(6).
Normally, the /etc/ssh directory is only readable by root.
- The option user_dir defaults to directory users ~/.ssh.
+ The option user_dir
+ defaults to directory users ~/.ssh.
Step 1. To run the example without root privileges,
generate new keys and host keys:
diff --git a/lib/ssh/src/ssh.hrl b/lib/ssh/src/ssh.hrl
index 94b9f3a196..3ac74c4925 100644
--- a/lib/ssh/src/ssh.hrl
+++ b/lib/ssh/src/ssh.hrl
@@ -173,7 +173,7 @@
-type common_options() :: [ common_option() ].
-type common_option() ::
- user_dir_common_option()
+ ssh_file:user_dir_common_option()
| profile_common_option()
| max_idle_time_common_option()
| key_cb_common_option()
@@ -191,8 +191,6 @@
-define(COMMON_OPTION, common_option()).
-
--type user_dir_common_option() :: {user_dir, false | string()}.
-type profile_common_option() :: {profile, atom() }.
-type max_idle_time_common_option() :: {idle_time, timeout()}.
-type rekey_limit_common_option() :: {rekey_limit, Bytes::limit_bytes() |
@@ -223,14 +221,14 @@
{transport, {atom(),atom(),atom()} }
| {vsn, {non_neg_integer(),non_neg_integer()} }
| {tstflg, list(term())}
- | {user_dir_fun, fun()}
+ | ssh_file:user_dir_fun_common_option()
| {max_random_length_padding, non_neg_integer()} .
-type client_option() ::
pref_public_key_algs_client_option()
- | pubkey_passphrase_client_options()
+ | ssh_file:pubkey_passphrase_client_options()
| host_accepting_client_options()
| authentication_client_options()
| diffie_hellman_group_exchange_client_option()
@@ -246,10 +244,6 @@
-type pref_public_key_algs_client_option() :: {pref_public_key_algs, [pubkey_alg()] } .
--type pubkey_passphrase_client_options() :: {dsa_pass_phrase, string()}
- | {rsa_pass_phrase, string()}
- | {ecdsa_pass_phrase, string()} .
-
-type host_accepting_client_options() ::
{silently_accept_hosts, accept_hosts()}
| {user_interaction, boolean()}
@@ -311,7 +305,7 @@
-type send_ext_info_daemon_option() :: {send_ext_info, boolean()} .
-type authentication_daemon_options() ::
- {system_dir, string()}
+ ssh_file:system_dir_daemon_option()
| {auth_method_kb_interactive_data, prompt_texts() }
| {user_passwords, [{UserName::string(),Pwd::string()}]}
| {password, string()}
diff --git a/lib/ssh/src/ssh_file.erl b/lib/ssh/src/ssh_file.erl
index 832952ed52..954d5b68b6 100644
--- a/lib/ssh/src/ssh_file.erl
+++ b/lib/ssh/src/ssh_file.erl
@@ -39,6 +39,21 @@
is_auth_key/3]).
+-export_type([system_dir_daemon_option/0,
+ user_dir_common_option/0,
+ user_dir_fun_common_option/0,
+ pubkey_passphrase_client_options/0
+ ]).
+
+-type system_dir_daemon_option() :: {system_dir, string()}.
+-type user_dir_common_option() :: {user_dir, false | string()}.
+-type user_dir_fun_common_option() :: {user_dir_fun, fun()}.
+-type pubkey_passphrase_client_options() :: {dsa_pass_phrase, string()}
+ | {rsa_pass_phrase, string()}
+ | {ecdsa_pass_phrase, string()} .
+
+
+
-define(PERM_700, 8#700).
-define(PERM_644, 8#644).
--
cgit v1.2.3