{
    "mode": "man",
    "parameter": "ssh-keysign",
    "section": "8",
    "url": "https://www.chedong.com/phpMan.php/man/ssh-keysign/8/json",
    "generated": "2026-06-10T06:21:36Z",
    "synopsis": "",
    "sections": {
        "NAME": {
            "content": "ssh-keysign — OpenSSH helper for host-based authentication\n",
            "subsections": []
        },
        "SYNOPSIS": {
            "content": "",
            "subsections": [
                {
                    "name": "ssh-keysign",
                    "content": ""
                }
            ]
        },
        "DESCRIPTION": {
            "content": "ssh-keysign is used by ssh(1) to access the local host keys and generate the digital signature\nrequired during host-based authentication.\n\nssh-keysign is disabled by default and can only be enabled in the global client configuration\nfile /etc/ssh/sshconfig by setting EnableSSHKeysign to “yes”.\n\nssh-keysign is not intended to be invoked by the user, but from ssh(1).  See ssh(1) and sshd(8)\nfor more information about host-based authentication.\n",
            "subsections": []
        },
        "FILES": {
            "content": "/etc/ssh/sshconfig\nControls whether ssh-keysign is enabled.\n\n/etc/ssh/sshhostdsakey\n/etc/ssh/sshhostecdsakey\n/etc/ssh/sshhosted25519key\n/etc/ssh/sshhostrsakey\nThese files contain the private parts of the host keys used to generate the digital\nsignature.  They should be owned by root, readable only by root, and not accessible to\nothers.  Since they are readable only by root, ssh-keysign must be set-uid root if\nhost-based authentication is used.\n\n/etc/ssh/sshhostdsakey-cert.pub\n/etc/ssh/sshhostecdsakey-cert.pub\n/etc/ssh/sshhosted25519key-cert.pub\n/etc/ssh/sshhostrsakey-cert.pub\nIf these files exist they are assumed to contain public certificate information corre‐\nsponding with the private keys above.\n",
            "subsections": []
        },
        "SEE ALSO": {
            "content": "ssh(1), ssh-keygen(1), sshconfig(5), sshd(8)\n",
            "subsections": []
        },
        "HISTORY": {
            "content": "ssh-keysign first appeared in OpenBSD 3.2.\n",
            "subsections": []
        },
        "AUTHORS": {
            "content": "Markus Friedl <markus@openbsd.org>\n\nBSD                            November 30, 2019                           BSD",
            "subsections": []
        }
    },
    "summary": "ssh-keysign — OpenSSH helper for host-based authentication",
    "flags": [],
    "examples": [],
    "see_also": [
        {
            "name": "ssh",
            "section": "1",
            "url": "https://www.chedong.com/phpMan.php/man/ssh/1/json"
        },
        {
            "name": "ssh-keygen",
            "section": "1",
            "url": "https://www.chedong.com/phpMan.php/man/ssh-keygen/1/json"
        },
        {
            "name": "sshconfig",
            "section": "5",
            "url": "https://www.chedong.com/phpMan.php/man/sshconfig/5/json"
        },
        {
            "name": "sshd",
            "section": "8",
            "url": "https://www.chedong.com/phpMan.php/man/sshd/8/json"
        }
    ]
}