- (djm) OpenBSD CVS Sync

   - deraadt@cvs.openbsd.org 2002/02/09 17:37:34
     [pathnames.h session.c ssh.1 sshd.8 sshd_config ssh-keyscan.1]
     move ssh config files to /etc/ssh
 - (djm) Adjust portable Makefile.in tnd ssh-rand-helper.c o match

9 files changed, 79 insertions, 70 deletions

diff --git a/ChangeLog b/ChangeLog
index 5256d6d6..9936026b 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,10 @@
+20020210
+ - (djm) OpenBSD CVS Sync
+   - deraadt@cvs.openbsd.org 2002/02/09 17:37:34
+     [pathnames.h session.c ssh.1 sshd.8 sshd_config ssh-keyscan.1]
+     move ssh config files to /etc/ssh
+ - (djm) Adjust portable Makefile.in tnd ssh-rand-helper.c o match
+
 20020208
  - (djm) OpenBSD CVS Sync
    - markus@cvs.openbsd.org 2002/02/04 12:15:25
@@ -7534,4 +7541,4 @@
  - Wrote replacements for strlcpy and mkdtemp
  - Released 1.0pre1
 
-$Id: ChangeLog,v 1.1836 2002/02/08 11:07:33 djm Exp $
+$Id: ChangeLog,v 1.1837 2002/02/10 07:32:28 djm Exp $
diff --git a/Makefile.in b/Makefile.in
index 73538eac..54bb6955 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -1,4 +1,4 @@
-# $Id: Makefile.in,v 1.194 2002/01/23 23:26:44 stevesk Exp $
+# $Id: Makefile.in,v 1.195 2002/02/10 07:32:29 djm Exp $
 
 prefix=@prefix@
 exec_prefix=@exec_prefix@
@@ -19,7 +19,7 @@ SSH_PROGRAM=@bindir@/ssh
 ASKPASS_PROGRAM=$(libexecdir)/ssh-askpass
 SFTP_SERVER=$(libexecdir)/sftp-server
 
-PATHS= -DETCDIR=\"$(sysconfdir)\" \
+PATHS= -DSSHDIR=\"$(sysconfdir)\" \
 	-D_PATH_SSH_PROGRAM=\"$(SSH_PROGRAM)\" \
 	-D_PATH_SSH_ASKPASS_DEFAULT=\"$(ASKPASS_PROGRAM)\" \
 	-D_PATH_SFTP_SERVER=\"$(SFTP_SERVER)\" \
@@ -62,17 +62,17 @@ CONFIGFILES=sshd_config.out ssh_config.out moduli.out
 CONFIGFILES_IN=sshd_config ssh_config moduli
 
 PATHSUBS	= \
-	-D/etc/ssh_config=$(sysconfdir)/ssh_config \
-	-D/etc/ssh_known_hosts=$(sysconfdir)/ssh_known_hosts \
-	-D/etc/sshd_config=$(sysconfdir)/sshd_config \
+	-D/etc/ssh/ssh_config=$(sysconfdir)/ssh_config \
+	-D/etc/ssh/ssh_known_hosts=$(sysconfdir)/ssh_known_hosts \
+	-D/etc/ssh/sshd_config=$(sysconfdir)/sshd_config \
 	-D/usr/libexec=$(libexecdir) \
 	-D/etc/shosts.equiv=$(sysconfdir)/shosts.equiv \
-	-D/etc/ssh_host_key=$(sysconfdir)/ssh_host_key \
-	-D/etc/ssh_host_dsa_key=$(sysconfdir)/ssh_host_dsa_key \
-	-D/etc/ssh_host_rsa_key=$(sysconfdir)/ssh_host_rsa_key \
+	-D/etc/ssh/ssh_host_key=$(sysconfdir)/ssh_host_key \
+	-D/etc/ssh/ssh_host_dsa_key=$(sysconfdir)/ssh_host_dsa_key \
+	-D/etc/ssh/ssh_host_rsa_key=$(sysconfdir)/ssh_host_rsa_key \
 	-D/var/run/sshd.pid=$(piddir)/sshd.pid \
-	-D/etc/moduli=$(sysconfdir)/moduli \
-	-D/etc/sshrc=$(sysconfdir)/sshrc \
+	-D/etc/ssh/moduli=$(sysconfdir)/moduli \
+	-D/etc/ssh/sshrc=$(sysconfdir)/sshrc \
 	-D/usr/X11R6/bin/xauth=$(XAUTH_PATH) \
 	-D/usr/bin:/bin:/usr/sbin:/sbin=@user_path@
 
diff --git a/pathnames.h b/pathnames.h
index feb2d0cf..002c313a 100644
--- a/pathnames.h
+++ b/pathnames.h
@@ -1,4 +1,4 @@
-/*	$OpenBSD: pathnames.h,v 1.10 2001/12/08 17:49:28 stevesk Exp $	*/
+/*	$OpenBSD: pathnames.h,v 1.11 2002/02/09 17:37:34 deraadt Exp $	*/
 
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -12,8 +12,10 @@
  * called by a name other than "ssh" or "Secure Shell".
  */
 
-#ifndef ETCDIR
 #define ETCDIR				"/etc"
+
+#ifndef SSHDIR
+#define SSHDIR				ETCDIR "/ssh"
 #endif
 
 #ifndef _PATH_SSH_PIDDIR
@@ -24,22 +26,22 @@
  * System-wide file containing host keys of known hosts.  This file should be
  * world-readable.
  */
-#define _PATH_SSH_SYSTEM_HOSTFILE	ETCDIR "/ssh_known_hosts"
+#define _PATH_SSH_SYSTEM_HOSTFILE	SSHDIR "/ssh_known_hosts"
 /* backward compat for protocol 2 */
-#define _PATH_SSH_SYSTEM_HOSTFILE2	ETCDIR "/ssh_known_hosts2"
+#define _PATH_SSH_SYSTEM_HOSTFILE2	SSHDIR "/ssh_known_hosts2"
 
 /*
  * Of these, ssh_host_key must be readable only by root, whereas ssh_config
  * should be world-readable.
  */
-#define _PATH_SERVER_CONFIG_FILE	ETCDIR "/sshd_config"
-#define _PATH_HOST_CONFIG_FILE		ETCDIR "/ssh_config"
-#define _PATH_HOST_KEY_FILE		ETCDIR "/ssh_host_key"
-#define _PATH_HOST_DSA_KEY_FILE		ETCDIR "/ssh_host_dsa_key"
-#define _PATH_HOST_RSA_KEY_FILE		ETCDIR "/ssh_host_rsa_key"
-#define _PATH_DH_MODULI			ETCDIR "/moduli"
+#define _PATH_SERVER_CONFIG_FILE	SSHDIR "/sshd_config"
+#define _PATH_HOST_CONFIG_FILE		SSHDIR "/ssh_config"
+#define _PATH_HOST_KEY_FILE		SSHDIR "/ssh_host_key"
+#define _PATH_HOST_DSA_KEY_FILE		SSHDIR "/ssh_host_dsa_key"
+#define _PATH_HOST_RSA_KEY_FILE		SSHDIR "/ssh_host_rsa_key"
+#define _PATH_DH_MODULI			SSHDIR "/moduli"
 /* Backwards compatibility */
-#define _PATH_DH_PRIMES			ETCDIR "/primes"
+#define _PATH_DH_PRIMES			SSHDIR "/primes"
 
 #ifndef _PATH_SSH_PROGRAM
 #define _PATH_SSH_PROGRAM		"/usr/bin/ssh"
@@ -102,13 +104,13 @@
  * use.  xauth will be run if neither of these exists.
  */
 #define _PATH_SSH_USER_RC		".ssh/rc"
-#define _PATH_SSH_SYSTEM_RC		ETCDIR "/sshrc"
+#define _PATH_SSH_SYSTEM_RC		SSHDIR "/sshrc"
 
 /*
  * Ssh-only version of /etc/hosts.equiv.  Additionally, the daemon may use
  * ~/.rhosts and /etc/hosts.equiv if rhosts authentication is enabled.
  */
-#define _PATH_SSH_HOSTS_EQUIV		ETCDIR "/shosts.equiv"
+#define _PATH_SSH_HOSTS_EQUIV		SSHDIR "/shosts.equiv"
 #define _PATH_RHOSTS_EQUIV		"/etc/hosts.equiv"
 
 /*
diff --git a/session.c b/session.c
index 431936ac..441ff8cd 100644
--- a/session.c
+++ b/session.c
@@ -33,7 +33,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: session.c,v 1.124 2002/02/06 14:37:22 markus Exp $");
+RCSID("$OpenBSD: session.c,v 1.125 2002/02/09 17:37:34 deraadt Exp $");
 
 #include "ssh.h"
 #include "ssh1.h"
@@ -1324,8 +1324,8 @@ do_child(Session *s, const char *command)
 		close(i);
 
 	/*
-	 * Must take new environment into use so that .ssh/rc, /etc/sshrc and
-	 * xauth are run in the proper environment.
+	 * Must take new environment into use so that .ssh/rc,
+	 * /etc/ssh/sshrc and xauth are run in the proper environment.
 	 */
 	environ = env;
 
@@ -1352,8 +1352,8 @@ do_child(Session *s, const char *command)
 	}
 
 	/*
-	 * Run $HOME/.ssh/rc, /etc/sshrc, or xauth (whichever is found first
-	 * in this order).
+	 * Run $HOME/.ssh/rc, /etc/ssh/sshrc, or xauth (whichever is found
+	 * first in this order).
 	 */
 	if (!options.use_login) {
 		/* ignore _PATH_SSH_USER_RC for subsystems */
diff --git a/ssh-keyscan.1 b/ssh-keyscan.1
index 17f73406..8a6ee139 100644
--- a/ssh-keyscan.1
+++ b/ssh-keyscan.1
@@ -1,4 +1,4 @@
-.\"	$OpenBSD: ssh-keyscan.1,v 1.12 2001/09/05 06:23:07 deraadt Exp $
+.\"	$OpenBSD: ssh-keyscan.1,v 1.13 2002/02/09 17:37:34 deraadt Exp $
 .\"
 .\" Copyright 1995, 1996 by David Mazieres <dm@lcs.mit.edu>.
 .\"
@@ -138,7 +138,7 @@ is either
 or
 .Dq ssh-dsa .
 .Pp
-.Pa /etc/ssh_known_hosts
+.Pa /etc/ssh/ssh_known_hosts
 .Sh BUGS
 It generates "Connection closed by remote host" messages on the consoles
 of all the machines it scans if the server is older than version 2.9.
diff --git a/ssh-rand-helper.c b/ssh-rand-helper.c
index 3aab6667..07856e5c 100644
--- a/ssh-rand-helper.c
+++ b/ssh-rand-helper.c
@@ -39,7 +39,7 @@
 #include "pathnames.h"
 #include "log.h"
 
-RCSID("$Id: ssh-rand-helper.c,v 1.4 2002/01/22 10:58:28 djm Exp $");
+RCSID("$Id: ssh-rand-helper.c,v 1.5 2002/02/10 07:32:30 djm Exp $");
 
 /* Number of bytes we write out */
 #define OUTPUT_SEED_SIZE	48
@@ -60,7 +60,7 @@ RCSID("$Id: ssh-rand-helper.c,v 1.4 2002/01/22 10:58:28 djm Exp $");
 
 /* Path to PRNG commands list */
 #ifndef SSH_PRNG_COMMAND_FILE
-# define SSH_PRNG_COMMAND_FILE   ETCDIR "/ssh_prng_cmds"
+# define SSH_PRNG_COMMAND_FILE   SSHDIR "/ssh_prng_cmds"
 #endif
 
 
diff --git a/ssh.1 b/ssh.1
index c44f4ae2..180383aa 100644
--- a/ssh.1
+++ b/ssh.1
@@ -34,7 +34,7 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: ssh.1,v 1.146 2002/02/03 22:35:57 stevesk Exp $
+.\" $OpenBSD: ssh.1,v 1.147 2002/02/09 17:37:34 deraadt Exp $
 .Dd September 25, 1999
 .Dt SSH 1
 .Os
@@ -126,7 +126,7 @@ or
 .Pa /etc/shosts.equiv ,
 and if additionally the server can verify the client's
 host key (see
-.Pa /etc/ssh_known_hosts
+.Pa /etc/ssh/ssh_known_hosts
 and
 .Pa $HOME/.ssh/known_hosts
 in the
@@ -365,7 +365,7 @@ Host keys are stored in
 .Pa $HOME/.ssh/known_hosts
 in the user's home directory.
 Additionally, the file
-.Pa /etc/ssh_known_hosts
+.Pa /etc/ssh/ssh_known_hosts
 is automatically checked for known hosts.
 Any new hosts are automatically added to the user's file.
 If a host's identification
@@ -574,7 +574,7 @@ option below.
 Specifies an alternative per-user configuration file.
 If a configuration file is given on the command line,
 the system-wide configuration file
-.Pq Pa /etc/ssh_config
+.Pq Pa /etc/ssh/ssh_config
 will be ignored.
 The default for the per-user configuration file is
 .Pa $HOME/.ssh/config .
@@ -649,7 +649,7 @@ the following order:
 command line options, user's configuration file
 .Pq Pa $HOME/.ssh/config ,
 and system-wide configuration file
-.Pq Pa /etc/ssh_config .
+.Pq Pa /etc/ssh/ssh_config .
 For each parameter, the first obtained value
 will be used.
 The configuration files contain sections bracketed by
@@ -887,7 +887,7 @@ The default is
 .It Cm GlobalKnownHostsFile
 Specifies a file to use for the global
 host key database instead of
-.Pa /etc/ssh_known_hosts .
+.Pa /etc/ssh/ssh_known_hosts .
 .It Cm HostbasedAuthentication
 Specifies whether to try rhosts based authentication with public key
 authentication.
@@ -1145,7 +1145,7 @@ will never automatically add host keys to the
 file, and refuses to connect to hosts whose host key has changed.
 This provides maximum protection against trojan horse attacks,
 however, can be annoying when the
-.Pa /etc/ssh_known_hosts
+.Pa /etc/ssh/ssh_known_hosts
 file is poorly maintained, or connections to new hosts are
 frequently made.
 This option forces the user to manually
@@ -1313,7 +1313,7 @@ to the environment.
 .It Pa $HOME/.ssh/known_hosts
 Records host keys for all hosts the user has logged into that are not
 in
-.Pa /etc/ssh_known_hosts .
+.Pa /etc/ssh/ssh_known_hosts .
 See
 .Xr sshd 8 .
 .It Pa $HOME/.ssh/identity, $HOME/.ssh/id_dsa, $HOME/.ssh/id_rsa
@@ -1368,7 +1368,7 @@ In the simplest form the format is the same as the .pub
 identity files.
 This file is not highly sensitive, but the recommended
 permissions are read/write for the user, and not accessible by others.
-.It Pa /etc/ssh_known_hosts
+.It Pa /etc/ssh/ssh_known_hosts
 Systemwide list of known host keys.
 This file should be prepared by the
 system administrator to contain the public host keys of all machines in the
@@ -1391,13 +1391,13 @@ to verify the client host when logging in; other names are needed because
 does not convert the user-supplied name to a canonical name before
 checking the key, because someone with access to the name servers
 would then be able to fool host authentication.
-.It Pa /etc/ssh_config
+.It Pa /etc/ssh/ssh_config
 Systemwide configuration file.
 This file provides defaults for those
 values that are not specified in the user's configuration file, and
 for those users who do not have a configuration file.
 This file must be world-readable.
-.It Pa /etc/ssh_host_key, /etc/ssh_host_dsa_key, /etc/ssh_host_rsa_key
+.It Pa /etc/ssh/ssh_host_key, /etc/ssh/ssh_host_dsa_key, /etc/ssh/ssh_host_rsa_key
 These three files contain the private parts of the host keys
 and are used for
 .Cm RhostsRSAAuthentication
@@ -1432,7 +1432,7 @@ Note that by default
 will be installed so that it requires successful RSA host
 authentication before permitting \s+2.\s0rhosts authentication.
 If the server machine does not have the client's host key in
-.Pa /etc/ssh_known_hosts ,
+.Pa /etc/ssh/ssh_known_hosts ,
 it can be stored in
 .Pa $HOME/.ssh/known_hosts .
 The easiest way to do this is to
@@ -1469,7 +1469,7 @@ This file is processed exactly as
 This file may be useful to permit logins using
 .Nm
 but not using rsh/rlogin.
-.It Pa /etc/sshrc
+.It Pa /etc/ssh/sshrc
 Commands in this file are executed by
 .Nm
 when the user logs in just before the user's shell (or command) is started.
diff --git a/sshd.8 b/sshd.8
index ea5dd03e..ca024a56 100644
--- a/sshd.8
+++ b/sshd.8
@@ -34,7 +34,7 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: sshd.8,v 1.166 2002/02/03 22:35:57 stevesk Exp $
+.\" $OpenBSD: sshd.8,v 1.167 2002/02/09 17:37:34 deraadt Exp $
 .Dd September 25, 1999
 .Dt SSHD 8
 .Os
@@ -198,7 +198,7 @@ will send the output to the standard error instead of the system log.
 .It Fl f Ar configuration_file
 Specifies the name of the configuration file.
 The default is
-.Pa /etc/sshd_config .
+.Pa /etc/ssh/sshd_config .
 .Nm
 refuses to start if there is no configuration file.
 .It Fl g Ar login_grace_time
@@ -214,11 +214,11 @@ This option must be given if
 is not run as root (as the normal
 host key files are normally not readable by anyone but root).
 The default is
-.Pa /etc/ssh_host_key
+.Pa /etc/ssh/ssh_host_key
 for protocol version 1, and
-.Pa /etc/ssh_host_rsa_key
+.Pa /etc/ssh/ssh_host_rsa_key
 and
-.Pa /etc/ssh_host_dsa_key
+.Pa /etc/ssh/ssh_host_dsa_key
 for protocol version 2.
 It is possible to have multiple host key files for
 the different protocol versions and host key algorithms.
@@ -311,7 +311,7 @@ to use IPv6 addresses only.
 .Sh CONFIGURATION FILE
 .Nm
 reads configuration data from
-.Pa /etc/sshd_config
+.Pa /etc/ssh/sshd_config
 (or the file specified with
 .Fl f
 on the command line).
@@ -488,11 +488,11 @@ The default is
 Specifies a file containing a private host key
 used by SSH.
 The default is
-.Pa /etc/ssh_host_key
+.Pa /etc/ssh/ssh_host_key
 for protocol version 1, and
-.Pa /etc/ssh_host_rsa_key
+.Pa /etc/ssh/ssh_host_rsa_key
 and
-.Pa /etc/ssh_host_dsa_key
+.Pa /etc/ssh/ssh_host_dsa_key
 for protocol version 2.
 Note that
 .Nm
@@ -1103,7 +1103,7 @@ command="dump /home",no-pty,no-port-forwarding 1024 33 23.\|.\|.\|2323 backup.hu
 permitopen="10.2.1.55:80",permitopen="10.2.1.56:25" 1024 33 23.\|.\|.\|2323
 .Sh SSH_KNOWN_HOSTS FILE FORMAT
 The
-.Pa /etc/ssh_known_hosts ,
+.Pa /etc/ssh/ssh_known_hosts ,
 and
 .Pa $HOME/.ssh/known_hosts
 files contain host public keys for all known hosts.
@@ -1128,7 +1128,7 @@ pattern on the line.
 .Pp
 Bits, exponent, and modulus are taken directly from the RSA host key; they
 can be obtained, e.g., from
-.Pa /etc/ssh_host_key.pub .
+.Pa /etc/ssh/ssh_host_key.pub .
 The optional comment field continues to the end of the line, and is not used.
 .Pp
 Lines starting with
@@ -1150,7 +1150,7 @@ Note that the lines in these files are typically hundreds of characters
 long, and you definitely don't want to type in the host keys by hand.
 Rather, generate them by a script
 or by taking
-.Pa /etc/ssh_host_key.pub
+.Pa /etc/ssh/ssh_host_key.pub
 and adding the host names at the front.
 .Ss Examples
 .Bd -literal
@@ -1159,19 +1159,19 @@ cvs.openbsd.org,199.185.137.3 ssh-rsa AAAA1234.....=
 .Ed
 .Sh FILES
 .Bl -tag -width Ds
-.It Pa /etc/sshd_config
+.It Pa /etc/ssh/sshd_config
 Contains configuration data for
 .Nm sshd .
 This file should be writable by root only, but it is recommended
 (though not necessary) that it be world-readable.
-.It Pa /etc/ssh_host_key, /etc/ssh_host_dsa_key, /etc/ssh_host_rsa_key
+.It Pa /etc/ssh/ssh_host_key, /etc/ssh/ssh_host_dsa_key, /etc/ssh/ssh_host_rsa_key
 These three files contain the private parts of the host keys.
 These files should only be owned by root, readable only by root, and not
 accessible to others.
 Note that
 .Nm
 does not start if this file is group/world-accessible.
-.It Pa /etc/ssh_host_key.pub, /etc/ssh_host_dsa_key.pub, /etc/ssh_host_rsa_key.pub
+.It Pa /etc/ssh/ssh_host_key.pub, /etc/ssh/ssh_host_dsa_key.pub, /etc/ssh/ssh_host_rsa_key.pub
 These three files contain the public parts of the host keys.
 These files should be world-readable but writable only by
 root.
@@ -1204,7 +1204,7 @@ and/or
 .Pa id_rsa.pub
 files into this file, as described in
 .Xr ssh-keygen 1 .
-.It Pa "/etc/ssh_known_hosts" and "$HOME/.ssh/known_hosts"
+.It Pa "/etc/ssh/ssh_known_hosts" and "$HOME/.ssh/known_hosts"
 These files are consulted when using rhosts with RSA host
 authentication or protocol version 2 hostbased authentication
 to check the public key of the host.
@@ -1212,7 +1212,7 @@ The key must be listed in one of these files to be accepted.
 The client uses the same files
 to verify that it is connecting to the correct remote host.
 These files should be writable only by root/the owner.
-.Pa /etc/ssh_known_hosts
+.Pa /etc/ssh/ssh_known_hosts
 should be world-readable, and
 .Pa $HOME/.ssh/known_hosts
 can but need not be world-readable.
@@ -1320,13 +1320,13 @@ something similar to:
 .Ed
 .Pp
 If this file does not exist,
-.Pa /etc/sshrc
+.Pa /etc/ssh/sshrc
 is run, and if that
 does not exist either, xauth is used to store the cookie.
 .Pp
 This file should be writable only by the user, and need not be
 readable by anyone else.
-.It Pa /etc/sshrc
+.It Pa /etc/ssh/sshrc
 Like
 .Pa $HOME/.ssh/rc .
 This can be used to specify
diff --git a/sshd_config b/sshd_config
index ee2e6ac8..e05e24cc 100644
--- a/sshd_config
+++ b/sshd_config
@@ -1,4 +1,4 @@
-#	$OpenBSD: sshd_config,v 1.46 2002/01/29 14:32:03 markus Exp $
+#	$OpenBSD: sshd_config,v 1.47 2002/02/09 17:37:34 deraadt Exp $
 
 # This is the sshd server system-wide configuration file.  See sshd(8)
 # for more information.
@@ -16,10 +16,10 @@
 #ListenAddress ::
 
 # HostKey for protocol version 1
-#HostKey /etc/ssh_host_key
+#HostKey /etc/ssh/ssh_host_key
 # HostKeys for protocol version 2
-#HostKey /etc/ssh_host_rsa_key
-#HostKey /etc/ssh_host_dsa_key
+#HostKey /etc/ssh/ssh_host_rsa_key
+#HostKey /etc/ssh/ssh_host_dsa_key
 
 # Lifetime and size of ephemeral version 1 server key
 #KeyRegenerationInterval 3600
@@ -44,7 +44,7 @@
 #RhostsAuthentication no
 # Don't read the user's ~/.rhosts and ~/.shosts files
 #IgnoreRhosts yes
-# For this to work you will also need host keys in /etc/ssh_known_hosts
+# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
 #RhostsRSAAuthentication no
 # similar for protocol version 2
 #HostbasedAuthentication no