• authorized_keys — This file holds a list of authorized public keys for servers. When theclient connects to a server, the server authenticates the client by checking its signed publickey stored within this file.• id_dsa — Contains the DSA private key of the user.• id_dsa.pub — The DSA public key of the user.• id_rsa — The RSA private key used by ssh for version 2 of the SSH protocol.• id_rsa.pub — The RSA public key used by ssh for version 2 of the SSH protocol• identity — The RSA private key used by ssh for version 1 of the SSH protocol.• identity.pub — The RSA public key used by ssh for version 1 of the SSH protocol.• known_hosts — This file contains DSA host keys of SSH servers accessed by the user. Thisfile is very important for ensuring that the SSH client is connecting the correct SSH server.ImportantIf an SSH server's host key has changed, the client notifys the user that theconnection cannot proceed until the server's host key is deleted from theknown_hosts file using a text editor. Before doing this, however, contact thesystem administrator of the SSH server to verify the server is not compromised.Refer to the ssh_config and sshd_config man pages for information concerning the variousdirectives available in the SSH configuration files.5. More Than a Secure ShellA secure command line interface is just the beginning of the many ways SSH can be used.Given the proper amount of bandwidth, X11 sessions can be directed over an SSH channel. Or,by using TCP/IP forwarding, previously insecure port connections between systems can bemapped to specific SSH channels.5.1. X11 ForwardingOpening an X11 session over an established SSH connection is as easy as running an Xprogram on a local machine. When an X program is run from the secure shell prompt, the SSHclient and server create a new secure channel, and the X program data is sent over thatchannel to the client machine transparently.X11 forwarding can be very useful. For example, X11 forwarding can be used to create asecure, interactive session with up2date. To do this, connect to the server using ssh and type:up2date &Chapter 20. SSH Protocol360
