1255767Sdes/* $OpenBSD: pathnames.h,v 1.23 2013/04/05 00:31:49 djm Exp $ */ 276259Sgreen 376259Sgreen/* 476259Sgreen * Author: Tatu Ylonen <ylo@cs.hut.fi> 576259Sgreen * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 676259Sgreen * All rights reserved 776259Sgreen * 876259Sgreen * As far as I am concerned, the code I have written for this software 976259Sgreen * can be used freely for any purpose. Any derived versions of this 1076259Sgreen * software must be clearly marked as such, and if the derived work is 1176259Sgreen * incompatible with the protocol description in the RFC file, it must be 1276259Sgreen * called by a name other than "ssh" or "Secure Shell". 1376259Sgreen */ 1476259Sgreen 1592559Sdes#define ETCDIR "/etc" 1698941Sdes 1798941Sdes#ifndef SSHDIR 1892559Sdes#define SSHDIR ETCDIR "/ssh" 1998941Sdes#endif 2098941Sdes 2198941Sdes#ifndef _PATH_SSH_PIDDIR 2276259Sgreen#define _PATH_SSH_PIDDIR "/var/run" 2398941Sdes#endif 2476259Sgreen 2576259Sgreen/* 2676259Sgreen * System-wide file containing host keys of known hosts. This file should be 2776259Sgreen * world-readable. 2876259Sgreen */ 2992559Sdes#define _PATH_SSH_SYSTEM_HOSTFILE SSHDIR "/ssh_known_hosts" 3092559Sdes/* backward compat for protocol 2 */ 3192559Sdes#define _PATH_SSH_SYSTEM_HOSTFILE2 SSHDIR "/ssh_known_hosts2" 3276259Sgreen 3376259Sgreen/* 3476259Sgreen * Of these, ssh_host_key must be readable only by root, whereas ssh_config 3576259Sgreen * should be world-readable. 3676259Sgreen */ 3792559Sdes#define _PATH_SERVER_CONFIG_FILE SSHDIR "/sshd_config" 3892559Sdes#define _PATH_HOST_CONFIG_FILE SSHDIR "/ssh_config" 3992559Sdes#define _PATH_HOST_KEY_FILE SSHDIR "/ssh_host_key" 4092559Sdes#define _PATH_HOST_DSA_KEY_FILE SSHDIR "/ssh_host_dsa_key" 41221420Sdes#define _PATH_HOST_ECDSA_KEY_FILE SSHDIR "/ssh_host_ecdsa_key" 4292559Sdes#define _PATH_HOST_RSA_KEY_FILE SSHDIR "/ssh_host_rsa_key" 4392559Sdes#define _PATH_DH_MODULI SSHDIR "/moduli" 4492559Sdes/* Backwards compatibility */ 4592559Sdes#define _PATH_DH_PRIMES SSHDIR "/primes" 4676259Sgreen 4798941Sdes#ifndef _PATH_SSH_PROGRAM 4876259Sgreen#define _PATH_SSH_PROGRAM "/usr/bin/ssh" 4998941Sdes#endif 5076259Sgreen 5176259Sgreen/* 5276259Sgreen * The process id of the daemon listening for connections is saved here to 5376259Sgreen * make it easier to kill the correct daemon when necessary. 5476259Sgreen */ 5576259Sgreen#define _PATH_SSH_DAEMON_PID_FILE _PATH_SSH_PIDDIR "/sshd.pid" 5676259Sgreen 5776259Sgreen/* 58192595Sdes * The directory in user's home directory in which the files reside. The 5976259Sgreen * directory should be world-readable (though not all files are). 6076259Sgreen */ 6176259Sgreen#define _PATH_SSH_USER_DIR ".ssh" 6276259Sgreen 6376259Sgreen/* 6476259Sgreen * Per-user file containing host keys of known hosts. This file need not be 6576259Sgreen * readable by anyone except the user him/herself, though this does not 6676259Sgreen * contain anything particularly secret. 6776259Sgreen */ 68255767Sdes#define _PATH_SSH_USER_HOSTFILE "~/" _PATH_SSH_USER_DIR "/known_hosts" 6992559Sdes/* backward compat for protocol 2 */ 70255767Sdes#define _PATH_SSH_USER_HOSTFILE2 "~/" _PATH_SSH_USER_DIR "/known_hosts2" 7176259Sgreen 7276259Sgreen/* 7376259Sgreen * Name of the default file containing client-side authentication key. This 7476259Sgreen * file should only be readable by the user him/herself. 7576259Sgreen */ 76255767Sdes#define _PATH_SSH_CLIENT_IDENTITY _PATH_SSH_USER_DIR "/identity" 77255767Sdes#define _PATH_SSH_CLIENT_ID_DSA _PATH_SSH_USER_DIR "/id_dsa" 78255767Sdes#define _PATH_SSH_CLIENT_ID_ECDSA _PATH_SSH_USER_DIR "/id_ecdsa" 79255767Sdes#define _PATH_SSH_CLIENT_ID_RSA _PATH_SSH_USER_DIR "/id_rsa" 8076259Sgreen 8176259Sgreen/* 82192595Sdes * Configuration file in user's home directory. This file need not be 8376259Sgreen * readable by anyone but the user him/herself, but does not contain anything 84192595Sdes * particularly secret. If the user's home directory resides on an NFS 8576259Sgreen * volume where root is mapped to nobody, this may need to be world-readable. 8676259Sgreen */ 87255767Sdes#define _PATH_SSH_USER_CONFFILE _PATH_SSH_USER_DIR "/config" 8876259Sgreen 8976259Sgreen/* 9076259Sgreen * File containing a list of those rsa keys that permit logging in as this 9176259Sgreen * user. This file need not be readable by anyone but the user him/herself, 92192595Sdes * but does not contain anything particularly secret. If the user's home 9376259Sgreen * directory resides on an NFS volume where root is mapped to nobody, this 9476259Sgreen * may need to be world-readable. (This file is read by the daemon which is 9576259Sgreen * running as root.) 9676259Sgreen */ 97255767Sdes#define _PATH_SSH_USER_PERMITTED_KEYS _PATH_SSH_USER_DIR "/authorized_keys" 9892559Sdes 9992559Sdes/* backward compat for protocol v2 */ 100255767Sdes#define _PATH_SSH_USER_PERMITTED_KEYS2 _PATH_SSH_USER_DIR "/authorized_keys2" 10176259Sgreen 10276259Sgreen/* 10376259Sgreen * Per-user and system-wide ssh "rc" files. These files are executed with 10476259Sgreen * /bin/sh before starting the shell or command if they exist. They will be 10576259Sgreen * passed "proto cookie" as arguments if X11 forwarding with spoofing is in 10676259Sgreen * use. xauth will be run if neither of these exists. 10776259Sgreen */ 108255767Sdes#define _PATH_SSH_USER_RC _PATH_SSH_USER_DIR "/rc" 10992559Sdes#define _PATH_SSH_SYSTEM_RC SSHDIR "/sshrc" 11076259Sgreen 11176259Sgreen/* 11276259Sgreen * Ssh-only version of /etc/hosts.equiv. Additionally, the daemon may use 11376259Sgreen * ~/.rhosts and /etc/hosts.equiv if rhosts authentication is enabled. 11476259Sgreen */ 11592559Sdes#define _PATH_SSH_HOSTS_EQUIV SSHDIR "/shosts.equiv" 11676259Sgreen#define _PATH_RHOSTS_EQUIV "/etc/hosts.equiv" 11776259Sgreen 11876259Sgreen/* 11976259Sgreen * Default location of askpass 12076259Sgreen */ 12198941Sdes#ifndef _PATH_SSH_ASKPASS_DEFAULT 122169966Sdes#define _PATH_SSH_ASKPASS_DEFAULT "/usr/local/bin/ssh-askpass" 12398941Sdes#endif 12476259Sgreen 12598684Sdes/* Location of ssh-keysign for hostbased authentication */ 12698941Sdes#ifndef _PATH_SSH_KEY_SIGN 127137019Sdes#define _PATH_SSH_KEY_SIGN "/usr/libexec/ssh-keysign" 12898941Sdes#endif 12998684Sdes 130204917Sdes/* Location of ssh-pkcs11-helper to support keys in tokens */ 131204917Sdes#ifndef _PATH_SSH_PKCS11_HELPER 132204917Sdes#define _PATH_SSH_PKCS11_HELPER "/usr/libexec/ssh-pkcs11-helper" 133204917Sdes#endif 134204917Sdes 13592559Sdes/* xauth for X11 forwarding */ 13698941Sdes#ifndef _PATH_XAUTH 137169966Sdes#define _PATH_XAUTH "/usr/local/bin/xauth" 13898941Sdes#endif 13992559Sdes 14092559Sdes/* UNIX domain socket for X11 server; displaynum will replace %u */ 14198941Sdes#ifndef _PATH_UNIX_X 14292559Sdes#define _PATH_UNIX_X "/tmp/.X11-unix/X%u" 14398941Sdes#endif 14492559Sdes 14598941Sdes/* for scp */ 14698941Sdes#ifndef _PATH_CP 14798941Sdes#define _PATH_CP "cp" 14898941Sdes#endif 14998941Sdes 15076259Sgreen/* for sftp */ 15198941Sdes#ifndef _PATH_SFTP_SERVER 15276259Sgreen#define _PATH_SFTP_SERVER "/usr/libexec/sftp-server" 15398941Sdes#endif 15498684Sdes 15598684Sdes/* chroot directory for unprivileged user when UsePrivilegeSeparation=yes */ 15698941Sdes#ifndef _PATH_PRIVSEP_CHROOT_DIR 15798684Sdes#define _PATH_PRIVSEP_CHROOT_DIR "/var/empty" 15898941Sdes#endif 15998941Sdes 160126277Sdes/* for passwd change */ 161126277Sdes#ifndef _PATH_PASSWD_PROG 162126277Sdes#define _PATH_PASSWD_PROG "/usr/bin/passwd" 163126277Sdes#endif 164126277Sdes 16598941Sdes#ifndef _PATH_LS 16698941Sdes#define _PATH_LS "ls" 16798941Sdes#endif 16898941Sdes 16998941Sdes/* path to login program */ 17098941Sdes#ifndef LOGIN_PROGRAM 17198941Sdes# ifdef LOGIN_PROGRAM_FALLBACK 17298941Sdes# define LOGIN_PROGRAM LOGIN_PROGRAM_FALLBACK 17398941Sdes# else 17498941Sdes# define LOGIN_PROGRAM "/usr/bin/login" 17598941Sdes# endif 17698941Sdes#endif /* LOGIN_PROGRAM */ 17798941Sdes 17898941Sdes/* Askpass program define */ 17998941Sdes#ifndef ASKPASS_PROGRAM 18098941Sdes#define ASKPASS_PROGRAM "/usr/lib/ssh/ssh-askpass" 18198941Sdes#endif /* ASKPASS_PROGRAM */ 182