pathnames.h revision 181097
11844Swollman/* $OpenBSD: pathnames.h,v 1.16 2006/03/25 22:22:43 djm Exp $ */ 250476Speter 31844Swollman/* 41638Srgrimes * Author: Tatu Ylonen <ylo@cs.hut.fi> 594940Sru * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 61638Srgrimes * All rights reserved 742915Sjdp * 842915Sjdp * As far as I am concerned, the code I have written for this software 942915Sjdp * can be used freely for any purpose. Any derived versions of this 1042915Sjdp * software must be clearly marked as such, and if the derived work is 1142915Sjdp * incompatible with the protocol description in the RFC file, it must be 1242915Sjdp * called by a name other than "ssh" or "Secure Shell". 1342915Sjdp */ 1442915Sjdp 1542915Sjdp#define ETCDIR "/etc" 1699362Sru 1742915Sjdp#ifndef SSHDIR 1829141Speter#define SSHDIR ETCDIR "/ssh" 19100375Sru#endif 20100332Sru 21100332Sru#ifndef _PATH_SSH_PIDDIR 2242915Sjdp#define _PATH_SSH_PIDDIR "/var/run" 2342915Sjdp#endif 2442915Sjdp 2542915Sjdp/* 2642915Sjdp * System-wide file containing host keys of known hosts. This file should be 2742915Sjdp * world-readable. 2842915Sjdp */ 2929141Speter#define _PATH_SSH_SYSTEM_HOSTFILE SSHDIR "/ssh_known_hosts" 302827Sjkh/* backward compat for protocol 2 */ 312827Sjkh#define _PATH_SSH_SYSTEM_HOSTFILE2 SSHDIR "/ssh_known_hosts2" 322827Sjkh 332827Sjkh/* 342827Sjkh * Of these, ssh_host_key must be readable only by root, whereas ssh_config 351638Srgrimes * should be world-readable. 362827Sjkh */ 371638Srgrimes#define _PATH_SERVER_CONFIG_FILE SSHDIR "/sshd_config" 3843055Sjdp#define _PATH_HOST_CONFIG_FILE SSHDIR "/ssh_config" 3918529Sbde#define _PATH_HOST_KEY_FILE SSHDIR "/ssh_host_key" 4031809Sbde#define _PATH_HOST_DSA_KEY_FILE SSHDIR "/ssh_host_dsa_key" 4118529Sbde#define _PATH_HOST_RSA_KEY_FILE SSHDIR "/ssh_host_rsa_key" 421638Srgrimes#define _PATH_DH_MODULI SSHDIR "/moduli" 4342450Sjdp/* Backwards compatibility */ 441638Srgrimes#define _PATH_DH_PRIMES SSHDIR "/primes" 4595064Sobrien 461638Srgrimes#ifndef _PATH_SSH_PROGRAM 4796512Sru#define _PATH_SSH_PROGRAM "/usr/bin/ssh" 4896512Sru#endif 4996512Sru 5096512Sru/* 5196512Sru * The process id of the daemon listening for connections is saved here to 5296512Sru * make it easier to kill the correct daemon when necessary. 5396512Sru */ 5496512Sru#define _PATH_SSH_DAEMON_PID_FILE _PATH_SSH_PIDDIR "/sshd.pid" 5592491Smarkm 5692491Smarkm/* 5792553Sru * The directory in user\'s home directory in which the files reside. The 5892491Smarkm * directory should be world-readable (though not all files are). 5992491Smarkm */ 6092553Sru#define _PATH_SSH_USER_DIR ".ssh" 6192553Sru 6292491Smarkm/* 631638Srgrimes * Per-user file containing host keys of known hosts. This file need not be 641844Swollman * readable by anyone except the user him/herself, though this does not 6538186Speter * contain anything particularly secret. 6638186Speter */ 671638Srgrimes#define _PATH_SSH_USER_HOSTFILE "~/.ssh/known_hosts" 681638Srgrimes/* backward compat for protocol 2 */ 6924761Sjdp#define _PATH_SSH_USER_HOSTFILE2 "~/.ssh/known_hosts2" 7038186Speter 7138186Speter/* 721638Srgrimes * Name of the default file containing client-side authentication key. This 7342450Sjdp * file should only be readable by the user him/herself. 741844Swollman */ 7596258Sobrien#define _PATH_SSH_CLIENT_IDENTITY ".ssh/identity" 7638186Speter#define _PATH_SSH_CLIENT_ID_DSA ".ssh/id_dsa" 771844Swollman#define _PATH_SSH_CLIENT_ID_RSA ".ssh/id_rsa" 7836673Sdt 791844Swollman/* 8038186Speter * Configuration file in user\'s home directory. This file need not be 8138186Speter * readable by anyone but the user him/herself, but does not contain anything 821844Swollman * particularly secret. If the user\'s home directory resides on an NFS 8336673Sdt * volume where root is mapped to nobody, this may need to be world-readable. 8424761Sjdp */ 8538186Speter#define _PATH_SSH_USER_CONFFILE ".ssh/config" 8638186Speter 871844Swollman/* 8842450Sjdp * File containing a list of those rsa keys that permit logging in as this 891844Swollman * user. This file need not be readable by anyone but the user him/herself, 9096258Sobrien * but does not contain anything particularly secret. If the user\'s home 9138186Speter * directory resides on an NFS volume where root is mapped to nobody, this 921844Swollman * may need to be world-readable. (This file is read by the daemon which is 931844Swollman * running as root.) 941844Swollman */ 9538186Speter#define _PATH_SSH_USER_PERMITTED_KEYS ".ssh/authorized_keys" 9638186Speter 971844Swollman/* backward compat for protocol v2 */ 981844Swollman#define _PATH_SSH_USER_PERMITTED_KEYS2 ".ssh/authorized_keys2" 9924761Sjdp 10038186Speter/* 10138186Speter * Per-user and system-wide ssh "rc" files. These files are executed with 1021844Swollman * /bin/sh before starting the shell or command if they exist. They will be 10342450Sjdp * passed "proto cookie" as arguments if X11 forwarding with spoofing is in 1041844Swollman * use. xauth will be run if neither of these exists. 10596258Sobrien */ 10638186Speter#define _PATH_SSH_USER_RC ".ssh/rc" 1071844Swollman#define _PATH_SSH_SYSTEM_RC SSHDIR "/sshrc" 10836054Sbde 10936054Sbde/* 11038186Speter * Ssh-only version of /etc/hosts.equiv. Additionally, the daemon may use 11138186Speter * ~/.rhosts and /etc/hosts.equiv if rhosts authentication is enabled. 11236054Sbde */ 11336054Sbde#define _PATH_SSH_HOSTS_EQUIV SSHDIR "/shosts.equiv" 11436054Sbde#define _PATH_RHOSTS_EQUIV "/etc/hosts.equiv" 11538186Speter 11638186Speter/* 11736054Sbde * Default location of askpass 11842450Sjdp */ 11936054Sbde#ifndef _PATH_SSH_ASKPASS_DEFAULT 12096258Sobrien#define _PATH_SSH_ASKPASS_DEFAULT "/usr/local/bin/ssh-askpass" 12138186Speter#endif 12236054Sbde 12395251Sru/* Location of ssh-keysign for hostbased authentication */ 12497101Sru#ifndef _PATH_SSH_KEY_SIGN 12517510Speter#define _PATH_SSH_KEY_SIGN "/usr/libexec/ssh-keysign" 12696258Sobrien#endif 12738186Speter 1281638Srgrimes/* xauth for X11 forwarding */ 12995251Sru#ifndef _PATH_XAUTH 13097101Sru#define _PATH_XAUTH "/usr/local/bin/xauth" 13117510Speter#endif 13296258Sobrien 13338186Speter/* UNIX domain socket for X11 server; displaynum will replace %u */ 1341638Srgrimes#ifndef _PATH_UNIX_X 13595251Sru#define _PATH_UNIX_X "/tmp/.X11-unix/X%u" 13697101Sru#endif 13795216Smarkm 13838186Speter/* for scp */ 13938186Speter#ifndef _PATH_CP 1401638Srgrimes#define _PATH_CP "cp" 1411844Swollman#endif 14297101Sru 14396258Sobrien/* for sftp */ 14438186Speter#ifndef _PATH_SFTP_SERVER 1451844Swollman#define _PATH_SFTP_SERVER "/usr/libexec/sftp-server" 1461844Swollman#endif 14797101Sru 14896258Sobrien/* chroot directory for unprivileged user when UsePrivilegeSeparation=yes */ 14938186Speter#ifndef _PATH_PRIVSEP_CHROOT_DIR 1501844Swollman#define _PATH_PRIVSEP_CHROOT_DIR "/var/empty" 15142450Sjdp#endif 15297101Sru 15395216Smarkm/* for passwd change */ 15438186Speter#ifndef _PATH_PASSWD_PROG 15538186Speter#define _PATH_PASSWD_PROG "/usr/bin/passwd" 1561844Swollman#endif 15796512Sru 1581638Srgrimes#ifndef _PATH_LS 15999362Sru#define _PATH_LS "ls" 16099362Sru#endif 16199362Sru 16299362Sru/* path to login program */ 16396512Sru#ifndef LOGIN_PROGRAM 16496512Sru# ifdef LOGIN_PROGRAM_FALLBACK 1651638Srgrimes# define LOGIN_PROGRAM LOGIN_PROGRAM_FALLBACK 16696512Sru# else 16796512Sru# define LOGIN_PROGRAM "/usr/bin/login" 16896512Sru# endif 16996512Sru#endif /* LOGIN_PROGRAM */ 17096512Sru 17199362Sru/* Askpass program define */ 1721638Srgrimes#ifndef ASKPASS_PROGRAM 17396512Sru#define ASKPASS_PROGRAM "/usr/lib/ssh/ssh-askpass" 17495114Sobrien#endif /* ASKPASS_PROGRAM */ 17599362Sru