20182018 Ericsson AB. All Rights Reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. ssh_file
ssh_file Default callback module for the client's and server's database operations in the ssh application

This module is the default callback handler for the client's and the server's user and host "database" operations. All data, for instance key pairs, are stored in files in the normal file system. This page documents the files, where they are stored and configuration options for this callback module.

The intention is to be compatible with the OpenSSH storage in files. Therefore it mimics directories and filenames of OpenSSH.

Ssh_file implements the ssh_server_key_api and the ssh_client_key_api. This enables the user to make an own interface using for example a database handler.

Such another callback module could be used by setting the option key_cb when starting a client or a server (with for example ssh:connect, ssh:daemon of ssh:shell ).

The functions are Callbacks for the SSH app. They are not intended to be called from the user's code!

Files, directories and who uses them
Daemons

Daemons uses all files stored in the SYSDIR directory.

Optionaly, in case of publickey authorization, one or more of the remote user's public keys in the USERDIR directory are used. See the files USERDIR/authorized_keys and USERDIR/authorized_keys2.

Clients

Clients uses all files stored in the USERDIR directory.

Directory contents LOCALUSER

The user name of the OS process running the Erlang virtual machine (emulator).

 SYSDIR

This is the directory holding the server's files:

ssh_host_dsa_key - private dss host key (optional) ssh_host_rsa_key - private rsa host key (optional) ssh_host_ecdsa_key - private ecdsa host key (optional) ssh_host_ed25519_key - private eddsa host key for curve 25519 (optional) ssh_host_ed448_key - private eddsa host key for curve 448 (optional)

At least one host key must be defined. The default value of SYSDIR is /etc/ssh.

For security reasons, this directory is normally accessible only to the root user.

To change the SYSDIR, see the system_dir option.

USERDIR

This is the directory holding the files:

authorized_keys and, as second alternative authorized_keys2 - the user's public keys are stored concatenated in one of those files. known_hosts - host keys from hosts visited concatenated. The file is created and used by the client. id_dsa - private dss user key (optional) id_rsa - private rsa user key (optional) id_ecdsa - private ecdsa user key (optional) id_ed25519 - private eddsa user key for curve 25519 (optional) id_ed448 - private eddsa user key for curve 448 (optional)

The default value of USERDIR is /home/LOCALUSER/.ssh.

To change the USERDIR, see the user_dir option

Options for the default ssh_file callback module

Sets the user directory.

Sets the user directory dynamically by evaluating the user2dir function.

Sets the system directory.

If the user's DSA, RSA or ECDSA key is protected by a passphrase, it can be supplied with thoose options.

Note that EdDSA passhrases (Curves 25519 and 448) are not implemented.

 host_key(Algorithm, DaemonOptions) -> {ok, Key} | {error, Reason}

Types and description

See the api description in ssh_server_key_api, Module:host_key/2.

Options

system_dir

Files

SYSDIR/ssh_host_rsa_key SYSDIR/ssh_host_dsa_key SYSDIR/ssh_host_ecdsa_key SYSDIR/ssh_host_ed25519_key SYSDIR/ssh_host_ed448_keyc> is_auth_key(PublicUserKey, User, DaemonOptions) -> Result

Types and description

See the api description in ssh_server_key_api: Module:is_auth_key/3.

Options

user_dir_fun user_dir

Files

USERDIR/authorized_keys USERDIR/authorized_keys2 add_host_key(HostNames, PublicHostKey, ConnectOptions) -> ok | {error, Reason}

Types and description

See the api description in ssh_client_key_api, Module:add_host_key/3.

Option

user_dir

File

USERDIR/known_hosts is_host_key(Key, Host, Algorithm, ConnectOptions) -> Result

Types and description

See the api description in ssh_client_key_api, Module:is_host_key/4.

Option

user_dir

File

USERDIR/known_hosts user_key(Algorithm, ConnectOptions) -> {ok, PrivateKey} | {error, Reason}

Types and description

See the api description in ssh_client_key_api, Module:user_key/2.

Options

user_dir dsa_pass_phrase rsa_pass_phrase ecdsa_pass_phrase

Note that EdDSA passhrases (Curves 25519 and 448) are not implemented.

Files

USERDIR/id_dsa USERDIR/id_rsa USERDIR/id_ecdsa USERDIR/id_ed25519 USERDIR/id_ed448