diff options
| author | Colin Watson <cjwatson@debian.org> | 2010-03-31 10:46:28 +0100 |
|---|---|---|
| committer | Colin Watson <cjwatson@debian.org> | 2010-03-31 10:46:28 +0100 |
| commit | efd3d4522636ae029488c2e9730b60c88e257d2e (patch) | |
| tree | 31e02ac3f16090ce8c53448677356b2b7f423683 /sshd.0 | |
| parent | bbec4db36d464ea1d464a707625125f9fd5c7b5e (diff) | |
| parent | d1a87e462e1db89f19cd960588d0c6b287cb5ccc (diff) | |
* New upstream release (LP: #535029).
- After a transition period of about 10 years, this release disables SSH
protocol 1 by default. Clients and servers that need to use the
legacy protocol must explicitly enable it in ssh_config / sshd_config
or on the command-line.
- Remove the libsectok/OpenSC-based smartcard code and add support for
PKCS#11 tokens. This support is enabled by default in the Debian
packaging, since it now doesn't involve additional library
dependencies (closes: #231472, LP: #16918).
- Add support for certificate authentication of users and hosts using a
new, minimal OpenSSH certificate format (closes: #482806).
- Added a 'netcat mode' to ssh(1): "ssh -W host:port ...".
- Add the ability to revoke keys in sshd(8) and ssh(1). (For the Debian
package, this overlaps with the key blacklisting facility added in
openssh 1:4.7p1-9, but with different file formats and slightly
different scopes; for the moment, I've roughly merged the two.)
- Various multiplexing improvements, including support for requesting
port-forwardings via the multiplex protocol (closes: #360151).
- Allow setting an explicit umask on the sftp-server(8) commandline to
override whatever default the user has (closes: #496843).
- Many sftp client improvements, including tab-completion, more options,
and recursive transfer support for get/put (LP: #33378). The old
mget/mput commands never worked properly and have been removed
(closes: #270399, #428082).
- Do not prompt for a passphrase if we fail to open a keyfile, and log
the reason why the open failed to debug (closes: #431538).
- Prevent sftp from crashing when given a "-" without a command. Also,
allow whitespace to follow a "-" (closes: #531561).
Diffstat (limited to 'sshd.0')
| -rw-r--r-- | sshd.0 | 93 |
1 files changed, 68 insertions, 25 deletions
| @@ -4,9 +4,9 @@ NAME | |||
| 4 | sshd - OpenSSH SSH daemon | 4 | sshd - OpenSSH SSH daemon |
| 5 | 5 | ||
| 6 | SYNOPSIS | 6 | SYNOPSIS |
| 7 | sshd [-46DdeiqTt] [-b bits] [-C connection_spec] [-f config_file] | 7 | sshd [-46DdeiqTt] [-b bits] [-C connection_spec] |
| 8 | [-g login_grace_time] [-h host_key_file] [-k key_gen_time] | 8 | [-c host_certificate_file] [-f config_file] [-g login_grace_time] |
| 9 | [-o option] [-p port] [-u len] | 9 | [-h host_key_file] [-k key_gen_time] [-o option] [-p port] [-u len] |
| 10 | 10 | ||
| 11 | DESCRIPTION | 11 | DESCRIPTION |
| 12 | sshd (OpenSSH Daemon) is the daemon program for ssh(1). Together these | 12 | sshd (OpenSSH Daemon) is the daemon program for ssh(1). Together these |
| @@ -44,14 +44,20 @@ DESCRIPTION | |||
| 44 | are required and may be supplied in any order, either with multi- | 44 | are required and may be supplied in any order, either with multi- |
| 45 | ple -C options or as a comma-separated list. | 45 | ple -C options or as a comma-separated list. |
| 46 | 46 | ||
| 47 | -c host_certificate_file | ||
| 48 | Specifies a path to a certificate file to identify sshd during | ||
| 49 | key exchange. The certificate file must match a host key file | ||
| 50 | specified using the -h option or the HostKey configuration direc- | ||
| 51 | tive. | ||
| 52 | |||
| 47 | -D When this option is specified, sshd will not detach and does not | 53 | -D When this option is specified, sshd will not detach and does not |
| 48 | become a daemon. This allows easy monitoring of sshd. | 54 | become a daemon. This allows easy monitoring of sshd. |
| 49 | 55 | ||
| 50 | -d Debug mode. The server sends verbose debug output to the system | 56 | -d Debug mode. The server sends verbose debug output to standard |
| 51 | log, and does not put itself in the background. The server also | 57 | error, and does not put itself in the background. The server al- |
| 52 | will not fork and will only process one connection. This option | 58 | so will not fork and will only process one connection. This op- |
| 53 | is only intended for debugging for the server. Multiple -d op- | 59 | tion is only intended for debugging for the server. Multiple -d |
| 54 | tions increase the debugging level. Maximum is 3. | 60 | options increase the debugging level. Maximum is 3. |
| 55 | 61 | ||
| 56 | -e When this option is specified, sshd will send the output to the | 62 | -e When this option is specified, sshd will send the output to the |
| 57 | standard error instead of the system log. | 63 | standard error instead of the system log. |
| @@ -133,11 +139,11 @@ DESCRIPTION | |||
| 133 | AllowUsers or DenyUsers. | 139 | AllowUsers or DenyUsers. |
| 134 | 140 | ||
| 135 | AUTHENTICATION | 141 | AUTHENTICATION |
| 136 | The OpenSSH SSH daemon supports SSH protocols 1 and 2. Both protocols | 142 | The OpenSSH SSH daemon supports SSH protocols 1 and 2. The default is to |
| 137 | are supported by default, though this can be changed via the Protocol op- | 143 | use protocol 2 only, though this can be changed via the Protocol option |
| 138 | tion in sshd_config(5). Protocol 2 supports both RSA and DSA keys; pro- | 144 | in sshd_config(5). Protocol 2 supports both RSA and DSA keys; protocol 1 |
| 139 | tocol 1 only supports RSA keys. For both protocols, each host has a | 145 | only supports RSA keys. For both protocols, each host has a host-specif- |
| 140 | host-specific key, normally 2048 bits, used to identify the host. | 146 | ic key, normally 2048 bits, used to identify the host. |
| 141 | 147 | ||
| 142 | Forward security for protocol 1 is provided through an additional server | 148 | Forward security for protocol 1 is provided through an additional server |
| 143 | key, normally 768 bits, generated when the server starts. This key is | 149 | key, normally 768 bits, generated when the server starts. This key is |
| @@ -280,6 +286,15 @@ AUTHORIZED_KEYS FILE FORMAT | |||
| 280 | lowing option specifications are supported (note that option keywords are | 286 | lowing option specifications are supported (note that option keywords are |
| 281 | case-insensitive): | 287 | case-insensitive): |
| 282 | 288 | ||
| 289 | cert-authority | ||
| 290 | Specifies that the listed key is a certification authority (CA) | ||
| 291 | that is trusted to validate signed certificates for user authen- | ||
| 292 | tication. | ||
| 293 | |||
| 294 | Certificates may encode access restrictions similar to these key | ||
| 295 | options. If both certificate restrictions and key options are | ||
| 296 | present, the most restrictive union of the two is applied. | ||
| 297 | |||
| 283 | command="command" | 298 | command="command" |
| 284 | Specifies that the command is executed whenever this key is used | 299 | Specifies that the command is executed whenever this key is used |
| 285 | for authentication. The command supplied by the user (if any) is | 300 | for authentication. The command supplied by the user (if any) is |
| @@ -294,7 +309,9 @@ AUTHORIZED_KEYS FILE FORMAT | |||
| 294 | explicitly prohibited. The command originally supplied by the | 309 | explicitly prohibited. The command originally supplied by the |
| 295 | client is available in the SSH_ORIGINAL_COMMAND environment vari- | 310 | client is available in the SSH_ORIGINAL_COMMAND environment vari- |
| 296 | able. Note that this option applies to shell, command or subsys- | 311 | able. Note that this option applies to shell, command or subsys- |
| 297 | tem execution. | 312 | tem execution. Also note that this command may be superseded by |
| 313 | either a sshd_config(5) ForceCommand directive or a command em- | ||
| 314 | bedded in a certificate. | ||
| 298 | 315 | ||
| 299 | environment="NAME=value" | 316 | environment="NAME=value" |
| 300 | Specifies that the string is to be added to the environment when | 317 | Specifies that the string is to be added to the environment when |
| @@ -373,8 +390,15 @@ SSH_KNOWN_HOSTS FILE FORMAT | |||
| 373 | matically: whenever the user connects from an unknown host, its key is | 390 | matically: whenever the user connects from an unknown host, its key is |
| 374 | added to the per-user file. | 391 | added to the per-user file. |
| 375 | 392 | ||
| 376 | Each line in these files contains the following fields: hostnames, bits, | 393 | Each line in these files contains the following fields: markers (option- |
| 377 | exponent, modulus, comment. The fields are separated by spaces. | 394 | al), hostnames, bits, exponent, modulus, comment. The fields are sepa- |
| 395 | rated by spaces. | ||
| 396 | |||
| 397 | The marker is optional, but if it is present then it must be one of | ||
| 398 | ``@cert-authority'', to indicate that the line contains a certification | ||
| 399 | authority (CA) key, or ``@revoked'', to indicate that the key contained | ||
| 400 | on the line is revoked and must not ever be accepted. Only one marker | ||
| 401 | should be used on a key line. | ||
| 378 | 402 | ||
| 379 | Hostnames is a comma-separated list of patterns (`*' and `?' act as wild- | 403 | Hostnames is a comma-separated list of patterns (`*' and `?' act as wild- |
| 380 | cards); each pattern in turn is matched against the canonical host name | 404 | cards); each pattern in turn is matched against the canonical host name |
| @@ -398,17 +422,32 @@ SSH_KNOWN_HOSTS FILE FORMAT | |||
| 398 | Lines starting with `#' and empty lines are ignored as comments. | 422 | Lines starting with `#' and empty lines are ignored as comments. |
| 399 | 423 | ||
| 400 | When performing host authentication, authentication is accepted if any | 424 | When performing host authentication, authentication is accepted if any |
| 401 | matching line has the proper key. It is thus permissible (but not recom- | 425 | matching line has the proper key; either one that matches exactly or, if |
| 402 | mended) to have several lines or different host keys for the same names. | 426 | the server has presented a certificate for authentication, the key of the |
| 403 | This will inevitably happen when short forms of host names from different | 427 | certification authority that signed the certificate. For a key to be |
| 404 | domains are put in the file. It is possible that the files contain con- | 428 | trusted as a certification authority, it must use the ``@cert-authority'' |
| 405 | flicting information; authentication is accepted if valid information can | 429 | marker described above. |
| 406 | be found from either file. | 430 | |
| 431 | The known hosts file also provides a facility to mark keys as revoked, | ||
| 432 | for example when it is known that the associated private key has been | ||
| 433 | stolen. Revoked keys are specified by including the ``@revoked'' marker | ||
| 434 | at the beginning of the key line, and are never accepted for authentica- | ||
| 435 | tion or as certification authorities, but instead will produce a warning | ||
| 436 | from ssh(1) when they are encountered. | ||
| 437 | |||
| 438 | It is permissible (but not recommended) to have several lines or differ- | ||
| 439 | ent host keys for the same names. This will inevitably happen when short | ||
| 440 | forms of host names from different domains are put in the file. It is | ||
| 441 | possible that the files contain conflicting information; authentication | ||
| 442 | is accepted if valid information can be found from either file. | ||
| 407 | 443 | ||
| 408 | Note that the lines in these files are typically hundreds of characters | 444 | Note that the lines in these files are typically hundreds of characters |
| 409 | long, and you definitely don't want to type in the host keys by hand. | 445 | long, and you definitely don't want to type in the host keys by hand. |
| 410 | Rather, generate them by a script or by taking /etc/ssh/ssh_host_key.pub | 446 | Rather, generate them by a script, ssh-keyscan(1) or by taking |
| 411 | and adding the host names at the front. | 447 | /etc/ssh/ssh_host_key.pub and adding the host names at the front. |
| 448 | ssh-keygen(1) also offers some basic automated editing for | ||
| 449 | ~/.ssh/known_hosts including removing hosts matching a host name and con- | ||
| 450 | verting all host names to their hashed representations. | ||
| 412 | 451 | ||
| 413 | An example ssh_known_hosts file: | 452 | An example ssh_known_hosts file: |
| 414 | 453 | ||
| @@ -418,6 +457,10 @@ SSH_KNOWN_HOSTS FILE FORMAT | |||
| 418 | # A hashed hostname | 457 | # A hashed hostname |
| 419 | |1|JfKTdBh7rNbXkVAQCRp4OQoPfmI=|USECr3SWf1JUPsms5AqfD5QfxkM= ssh-rsa | 458 | |1|JfKTdBh7rNbXkVAQCRp4OQoPfmI=|USECr3SWf1JUPsms5AqfD5QfxkM= ssh-rsa |
| 420 | AAAA1234.....= | 459 | AAAA1234.....= |
| 460 | # A revoked key | ||
| 461 | @revoked * ssh-rsa AAAAB5W... | ||
| 462 | # A CA key, accepted for any host in *.mydomain.com or *.mydomain.org | ||
| 463 | @cert-authority *.mydomain.org,*.mydomain.com ssh-rsa AAAAB5W... | ||
| 421 | 464 | ||
| 422 | FILES | 465 | FILES |
| 423 | ~/.hushlogin | 466 | ~/.hushlogin |
| @@ -571,4 +614,4 @@ CAVEATS | |||
| 571 | System security is not improved unless rshd, rlogind, and rexecd are dis- | 614 | System security is not improved unless rshd, rlogind, and rexecd are dis- |
| 572 | abled (thus completely disabling rlogin and rsh into the machine). | 615 | abled (thus completely disabling rlogin and rsh into the machine). |
| 573 | 616 | ||
| 574 | OpenBSD 4.6 March 26, 2009 9 | 617 | OpenBSD 4.6 March 5, 2010 10 |