summaryrefslogtreecommitdiff
path: root/sshd.0
diff options
context:
space:
mode:
authorColin Watson <cjwatson@debian.org>2003-09-01 00:45:47 +0000
committerColin Watson <cjwatson@debian.org>2003-09-01 00:45:47 +0000
commitd984a3c6658e950881edcfb2aae464add93f68d4 (patch)
treeed2052b4001227cf8179393cba172ae470e6c097 /sshd.0
parent3e36f9f4fff8f5b573f163eecd12a677ce66fe89 (diff)
Import OpenSSH 3.4p1.
Diffstat (limited to 'sshd.0')
-rw-r--r--sshd.0542
1 files changed, 542 insertions, 0 deletions
diff --git a/sshd.0 b/sshd.0
new file mode 100644
index 000000000..cf9fc8ae6
--- /dev/null
+++ b/sshd.0
@@ -0,0 +1,542 @@
1SSHD(8) System Manager's Manual SSHD(8)
2
3NAME
4 sshd - OpenSSH SSH daemon
5
6SYNOPSIS
7 sshd [-deiqtD46] [-b bits] [-f config_file] [-g login_grace_time]
8 [-h host_key_file] [-k key_gen_time] [-o option] [-p port] [-u len]
9
10DESCRIPTION
11 sshd (SSH Daemon) is the daemon program for ssh(1). Together these proM--
12 grams replace rlogin and rsh, and provide secure encrypted communications
13 between two untrusted hosts over an insecure network. The programs are
14 intended to be as easy to install and use as possible.
15
16 sshd is the daemon that listens for connections from clients. It is norM--
17 mally started at boot from /etc/rc. It forks a new daemon for each
18 incoming connection. The forked daemons handle key exchange, encryption,
19 authentication, command execution, and data exchange. This implementaM--
20 tion of sshd supports both SSH protocol version 1 and 2 simultaneously.
21 sshd works as follows.
22
23 SSH protocol version 1
24
25 Each host has a host-specific RSA key (normally 1024 bits) used to idenM--
26 tify the host. Additionally, when the daemon starts, it generates a
27 server RSA key (normally 768 bits). This key is normally regenerated
28 every hour if it has been used, and is never stored on disk.
29
30 Whenever a client connects the daemon responds with its public host and
31 server keys. The client compares the RSA host key against its own
32 database to verify that it has not changed. The client then generates a
33 256 bit random number. It encrypts this random number using both the
34 host key and the server key, and sends the encrypted number to the
35 server. Both sides then use this random number as a session key which is
36 used to encrypt all further communications in the session. The rest of
37 the session is encrypted using a conventional cipher, currently Blowfish
38 or 3DES, with 3DES being used by default. The client selects the encrypM--
39 tion algorithm to use from those offered by the server.
40
41 Next, the server and the client enter an authentication dialog. The
42 client tries to authenticate itself using .rhosts authentication, .rhosts
43 authentication combined with RSA host authentication, RSA challenge-
44 response authentication, or password based authentication.
45
46 Rhosts authentication is normally disabled because it is fundamentally
47 insecure, but can be enabled in the server configuration file if desired.
48 System security is not improved unless rshd, rlogind, and rexecd are disM--
49 abled (thus completely disabling rlogin and rsh into the machine).
50
51 SSH protocol version 2
52
53 Version 2 works similarly: Each host has a host-specific key (RSA or DSA)
54 used to identify the host. However, when the daemon starts, it does not
55 generate a server key. Forward security is provided through a Diffie-
56 Hellman key agreement. This key agreement results in a shared session
57 key.
58
59 The rest of the session is encrypted using a symmetric cipher, currently
60 128 bit AES, Blowfish, 3DES, CAST128, Arcfour, 192 bit AES, or 256 bit
61 AES. The client selects the encryption algorithm to use from those
62 offered by the server. Additionally, session integrity is provided
63 through a cryptographic message authentication code (hmac-sha1 or hmac-
64 md5).
65
66 Protocol version 2 provides a public key based user (PubkeyAuthenticaM--
67 tion) or client host (HostbasedAuthentication) authentication method,
68 conventional password authentication and challenge response based methM--
69 ods.
70
71 Command execution and data forwarding
72
73 If the client successfully authenticates itself, a dialog for preparing
74 the session is entered. At this time the client may request things like
75 allocating a pseudo-tty, forwarding X11 connections, forwarding TCP/IP
76 connections, or forwarding the authentication agent connection over the
77 secure channel.
78
79 Finally, the client either requests a shell or execution of a command.
80 The sides then enter session mode. In this mode, either side may send
81 data at any time, and such data is forwarded to/from the shell or command
82 on the server side, and the user terminal in the client side.
83
84 When the user program terminates and all forwarded X11 and other connecM--
85 tions have been closed, the server sends command exit status to the
86 client, and both sides exit.
87
88 sshd can be configured using command-line options or a configuration
89 file. Command-line options override values specified in the configuraM--
90 tion file.
91
92 sshd rereads its configuration file when it receives a hangup signal,
93 SIGHUP, by executing itself with the name it was started as, i.e.,
94 /usr/sbin/sshd.
95
96 The options are as follows:
97
98 -b bits
99 Specifies the number of bits in the ephemeral protocol version 1
100 server key (default 768).
101
102 -d Debug mode. The server sends verbose debug output to the system
103 log, and does not put itself in the background. The server also
104 will not fork and will only process one connection. This option
105 is only intended for debugging for the server. Multiple -d
106 options increase the debugging level. Maximum is 3.
107
108 -e When this option is specified, sshd will send the output to the
109 standard error instead of the system log.
110
111 -f configuration_file
112 Specifies the name of the configuration file. The default is
113 /etc/ssh/sshd_config. sshd refuses to start if there is no conM--
114 figuration file.
115
116 -g login_grace_time
117 Gives the grace time for clients to authenticate themselves
118 (default 600 seconds). If the client fails to authenticate the
119 user within this many seconds, the server disconnects and exits.
120 A value of zero indicates no limit.
121
122 -h host_key_file
123 Specifies a file from which a host key is read. This option must
124 be given if sshd is not run as root (as the normal host key files
125 are normally not readable by anyone but root). The default is
126 /etc/ssh/ssh_host_key for protocol version 1, and
127 /etc/ssh/ssh_host_rsa_key and /etc/ssh/ssh_host_dsa_key for proM--
128 tocol version 2. It is possible to have multiple host key files
129 for the different protocol versions and host key algorithms.
130
131 -i Specifies that sshd is being run from inetd. sshd is normally
132 not run from inetd because it needs to generate the server key
133 before it can respond to the client, and this may take tens of
134 seconds. Clients would have to wait too long if the key was
135 regenerated every time. However, with small key sizes (e.g.,
136 512) using sshd from inetd may be feasible.
137
138 -k key_gen_time
139 Specifies how often the ephemeral protocol version 1 server key
140 is regenerated (default 3600 seconds, or one hour). The motivaM--
141 tion for regenerating the key fairly often is that the key is not
142 stored anywhere, and after about an hour, it becomes impossible
143 to recover the key for decrypting intercepted communications even
144 if the machine is cracked into or physically seized. A value of
145 zero indicates that the key will never be regenerated.
146
147 -o option
148 Can be used to give options in the format used in the configuraM--
149 tion file. This is useful for specifying options for which there
150 is no separate command-line flag.
151
152 -p port
153 Specifies the port on which the server listens for connections
154 (default 22). Multiple port options are permitted. Ports speciM--
155 fied in the configuration file are ignored when a command-line
156 port is specified.
157
158 -q Quiet mode. Nothing is sent to the system log. Normally the
159 beginning, authentication, and termination of each connection is
160 logged.
161
162 -t Test mode. Only check the validity of the configuration file and
163 sanity of the keys. This is useful for updating sshd reliably as
164 configuration options may change.
165
166 -u len This option is used to specify the size of the field in the utmp
167 structure that holds the remote host name. If the resolved host
168 name is longer than len, the dotted decimal value will be used
169 instead. This allows hosts with very long host names that overM--
170 flow this field to still be uniquely identified. Specifying -u0
171 indicates that only dotted decimal addresses should be put into
172 the utmp file. -u0 is also be used to prevent sshd from making
173 DNS requests unless the authentication mechanism or configuration
174 requires it. Authentication mechanisms that may require DNS
175 include RhostsAuthentication, RhostsRSAAuthentication,
176 HostbasedAuthentication and using a from="pattern-list" option in
177 a key file. Configuration options that require DNS include using
178 a USER@HOST pattern in AllowUsers or DenyUsers.
179
180 -D When this option is specified sshd will not detach and does not
181 become a daemon. This allows easy monitoring of sshd.
182
183 -4 Forces sshd to use IPv4 addresses only.
184
185 -6 Forces sshd to use IPv6 addresses only.
186
187CONFIGURATION FILE
188 sshd reads configuration data from /etc/ssh/sshd_config (or the file
189 specified with -f on the command line). The file format and configuraM--
190 tion options are described in sshd_config(5).
191
192LOGIN PROCESS
193 When a user successfully logs in, sshd does the following:
194
195 1. If the login is on a tty, and no command has been specified,
196 prints last login time and /etc/motd (unless prevented in the
197 configuration file or by $HOME/.hushlogin; see the FILES secM--
198 tion).
199
200 2. If the login is on a tty, records login time.
201
202 3. Checks /etc/nologin; if it exists, prints contents and quits
203 (unless root).
204
205 4. Changes to run with normal user privileges.
206
207 5. Sets up basic environment.
208
209 6. Reads $HOME/.ssh/environment if it exists.
210
211 7. Changes to user's home directory.
212
213 8. If $HOME/.ssh/rc exists, runs it; else if /etc/ssh/sshrc
214 exists, runs it; otherwise runs xauth. The ``rc'' files are
215 given the X11 authentication protocol and cookie in standard
216 input.
217
218 9. Runs user's shell or command.
219
220AUTHORIZED_KEYS FILE FORMAT
221 $HOME/.ssh/authorized_keys is the default file that lists the public keys
222 that are permitted for RSA authentication in protocol version 1 and for
223 public key authentication (PubkeyAuthentication) in protocol version 2.
224 AuthorizedKeysFile may be used to specify an alternative file.
225
226 Each line of the file contains one key (empty lines and lines starting
227 with a `#' are ignored as comments). Each RSA public key consists of the
228 following fields, separated by spaces: options, bits, exponent, modulus,
229 comment. Each protocol version 2 public key consists of: options, keyM--
230 type, base64 encoded key, comment. The options fields are optional; its
231 presence is determined by whether the line starts with a number or not
232 (the option field never starts with a number). The bits, exponent, moduM--
233 lus and comment fields give the RSA key for protocol version 1; the comM--
234 ment field is not used for anything (but may be convenient for the user
235 to identify the key). For protocol version 2 the keytype is ``ssh-dss''
236 or ``ssh-rsa''.
237
238 Note that lines in this file are usually several hundred bytes long
239 (because of the size of the RSA key modulus). You don't want to type
240 them in; instead, copy the identity.pub, id_dsa.pub or the id_rsa.pub
241 file and edit it.
242
243 sshd enforces a minimum RSA key modulus size for protocol 1 and protocol
244 2 keys of 768 bits.
245
246 The options (if present) consist of comma-separated option specificaM--
247 tions. No spaces are permitted, except within double quotes. The folM--
248 lowing option specifications are supported (note that option keywords are
249 case-insensitive):
250
251 from="pattern-list"
252 Specifies that in addition to RSA authentication, the canonical
253 name of the remote host must be present in the comma-separated
254 list of patterns (`*' and `'? serve as wildcards). The list may
255 also contain patterns negated by prefixing them with `'!; if the
256 canonical host name matches a negated pattern, the key is not
257 accepted. The purpose of this option is to optionally increase
258 security: RSA authentication by itself does not trust the network
259 or name servers or anything (but the key); however, if somebody
260 somehow steals the key, the key permits an intruder to log in
261 from anywhere in the world. This additional option makes using a
262 stolen key more difficult (name servers and/or routers would have
263 to be compromised in addition to just the key).
264
265 command="command"
266 Specifies that the command is executed whenever this key is used
267 for authentication. The command supplied by the user (if any) is
268 ignored. The command is run on a pty if the client requests a
269 pty; otherwise it is run without a tty. If a 8-bit clean channel
270 is required, one must not request a pty or should specify no-pty.
271 A quote may be included in the command by quoting it with a backM--
272 slash. This option might be useful to restrict certain RSA keys
273 to perform just a specific operation. An example might be a key
274 that permits remote backups but nothing else. Note that the
275 client may specify TCP/IP and/or X11 forwarding unless they are
276 explicitly prohibited. Note that this option applies to shell,
277 command or subsystem execution.
278
279 environment="NAME=value"
280 Specifies that the string is to be added to the environment when
281 logging in using this key. Environment variables set this way
282 override other default environment values. Multiple options of
283 this type are permitted. This option is automatically disabled
284 if UseLogin is enabled.
285
286 no-port-forwarding
287 Forbids TCP/IP forwarding when this key is used for authenticaM--
288 tion. Any port forward requests by the client will return an
289 error. This might be used, e.g., in connection with the command
290 option.
291
292 no-X11-forwarding
293 Forbids X11 forwarding when this key is used for authentication.
294 Any X11 forward requests by the client will return an error.
295
296 no-agent-forwarding
297 Forbids authentication agent forwarding when this key is used for
298 authentication.
299
300 no-pty Prevents tty allocation (a request to allocate a pty will fail).
301
302 permitopen="host:port"
303 Limit local ``ssh -L'' port forwarding such that it may only conM--
304 nect to the specified host and port. IPv6 addresses can be specM--
305 ified with an alternative syntax: host/port. Multiple permitopen
306 options may be applied separated by commas. No pattern matching
307 is performed on the specified hostnames, they must be literal
308 domains or addresses.
309
310 Examples
311 1024 33 12121...312314325 ylo@foo.bar
312
313 from="*.niksula.hut.fi,!pc.niksula.hut.fi" 1024 35 23...2334 ylo@niksula
314
315 command="dump /home",no-pty,no-port-forwarding 1024 33 23...2323
316 backup.hut.fi
317
318 permitopen="10.2.1.55:80",permitopen="10.2.1.56:25" 1024 33 23...2323
319
320SSH_KNOWN_HOSTS FILE FORMAT
321 The /etc/ssh/ssh_known_hosts, and $HOME/.ssh/known_hosts files contain
322 host public keys for all known hosts. The global file should be prepared
323 by the administrator (optional), and the per-user file is maintained
324 automatically: whenever the user connects from an unknown host its key is
325 added to the per-user file.
326
327 Each line in these files contains the following fields: hostnames, bits,
328 exponent, modulus, comment. The fields are separated by spaces.
329
330 Hostnames is a comma-separated list of patterns ('*' and '?' act as wildM--
331 cards); each pattern in turn is matched against the canonical host name
332 (when authenticating a client) or against the user-supplied name (when
333 authenticating a server). A pattern may also be preceded by `'! to
334 indicate negation: if the host name matches a negated pattern, it is not
335 accepted (by that line) even if it matched another pattern on the line.
336
337 Bits, exponent, and modulus are taken directly from the RSA host key;
338 they can be obtained, e.g., from /etc/ssh/ssh_host_key.pub. The optional
339 comment field continues to the end of the line, and is not used.
340
341 Lines starting with `#' and empty lines are ignored as comments.
342
343 When performing host authentication, authentication is accepted if any
344 matching line has the proper key. It is thus permissible (but not recomM--
345 mended) to have several lines or different host keys for the same names.
346 This will inevitably happen when short forms of host names from different
347 domains are put in the file. It is possible that the files contain conM--
348 flicting information; authentication is accepted if valid information can
349 be found from either file.
350
351 Note that the lines in these files are typically hundreds of characters
352 long, and you definitely don't want to type in the host keys by hand.
353 Rather, generate them by a script or by taking /etc/ssh/ssh_host_key.pub
354 and adding the host names at the front.
355
356 Examples
357
358 closenet,...,130.233.208.41 1024 37 159...93 closenet.hut.fi
359 cvs.openbsd.org,199.185.137.3 ssh-rsa AAAA1234.....=
360
361FILES
362 /etc/ssh/sshd_config
363 Contains configuration data for sshd. The file format and conM--
364 figuration options are described in sshd_config(5).
365
366 /etc/ssh/ssh_host_key, /etc/ssh/ssh_host_dsa_key,
367 /etc/ssh/ssh_host_rsa_key
368 These three files contain the private parts of the host keys.
369 These files should only be owned by root, readable only by root,
370 and not accessible to others. Note that sshd does not start if
371 this file is group/world-accessible.
372
373 /etc/ssh/ssh_host_key.pub, /etc/ssh/ssh_host_dsa_key.pub,
374 /etc/ssh/ssh_host_rsa_key.pub
375 These three files contain the public parts of the host keys.
376 These files should be world-readable but writable only by root.
377 Their contents should match the respective private parts. These
378 files are not really used for anything; they are provided for the
379 convenience of the user so their contents can be copied to known
380 hosts files. These files are created using ssh-keygen(1).
381
382 /etc/moduli
383 Contains Diffie-Hellman groups used for the "Diffie-Hellman Group
384 Exchange".
385
386 /var/empty
387 chroot(2) directory used by sshd during privilege separation in
388 the pre-authentication phase. The directory should not contain
389 any files and must be owned by root and not group or world-
390 writable.
391
392 /var/run/sshd.pid
393 Contains the process ID of the sshd listening for connections (if
394 there are several daemons running concurrently for different
395 ports, this contains the process ID of the one started last).
396 The content of this file is not sensitive; it can be world-readM--
397 able.
398
399 $HOME/.ssh/authorized_keys
400 Lists the public keys (RSA or DSA) that can be used to log into
401 the user's account. This file must be readable by root (which
402 may on some machines imply it being world-readable if the user's
403 home directory resides on an NFS volume). It is recommended that
404 it not be accessible by others. The format of this file is
405 described above. Users will place the contents of their
406 identity.pub, id_dsa.pub and/or id_rsa.pub files into this file,
407 as described in ssh-keygen(1).
408
409 /etc/ssh/ssh_known_hosts and $HOME/.ssh/known_hosts
410 These files are consulted when using rhosts with RSA host authenM--
411 tication or protocol version 2 hostbased authentication to check
412 the public key of the host. The key must be listed in one of
413 these files to be accepted. The client uses the same files to
414 verify that it is connecting to the correct remote host. These
415 files should be writable only by root/the owner.
416 /etc/ssh/ssh_known_hosts should be world-readable, and
417 $HOME/.ssh/known_hosts can but need not be world-readable.
418
419 /etc/nologin
420 If this file exists, sshd refuses to let anyone except root log
421 in. The contents of the file are displayed to anyone trying to
422 log in, and non-root connections are refused. The file should be
423 world-readable.
424
425 /etc/hosts.allow, /etc/hosts.deny
426 Access controls that should be enforced by tcp-wrappers are
427 defined here. Further details are described in hosts_access(5).
428
429 $HOME/.rhosts
430 This file contains host-username pairs, separated by a space, one
431 per line. The given user on the corresponding host is permitted
432 to log in without password. The same file is used by rlogind and
433 rshd. The file must be writable only by the user; it is recomM--
434 mended that it not be accessible by others.
435
436 If is also possible to use netgroups in the file. Either host or
437 user name may be of the form +@groupname to specify all hosts or
438 all users in the group.
439
440 $HOME/.shosts
441 For ssh, this file is exactly the same as for .rhosts. However,
442 this file is not used by rlogin and rshd, so using this permits
443 access using SSH only.
444
445 /etc/hosts.equiv
446 This file is used during .rhosts authentication. In the simplest
447 form, this file contains host names, one per line. Users on
448 those hosts are permitted to log in without a password, provided
449 they have the same user name on both machines. The host name may
450 also be followed by a user name; such users are permitted to log
451 in as any user on this machine (except root). Additionally, the
452 syntax ``+@group'' can be used to specify netgroups. Negated
453 entries start with `-'.
454
455 If the client host/user is successfully matched in this file,
456 login is automatically permitted provided the client and server
457 user names are the same. Additionally, successful RSA host
458 authentication is normally required. This file must be writable
459 only by root; it is recommended that it be world-readable.
460
461 Warning: It is almost never a good idea to use user names in
462 hosts.equiv. Beware that it really means that the named user(s)
463 can log in as anybody, which includes bin, daemon, adm, and other
464 accounts that own critical binaries and directories. Using a
465 user name practically grants the user root access. The only
466 valid use for user names that I can think of is in negative
467 entries.
468
469 Note that this warning also applies to rsh/rlogin.
470
471 /etc/shosts.equiv
472 This is processed exactly as /etc/hosts.equiv. However, this
473 file may be useful in environments that want to run both
474 rsh/rlogin and ssh.
475
476 $HOME/.ssh/environment
477 This file is read into the environment at login (if it exists).
478 It can only contain empty lines, comment lines (that start with
479 `#'), and assignment lines of the form name=value. The file
480 should be writable only by the user; it need not be readable by
481 anyone else.
482
483 $HOME/.ssh/rc
484 If this file exists, it is run with /bin/sh after reading the
485 environment files but before starting the user's shell or comM--
486 mand. It must not produce any output on stdout; stderr must be
487 used instead. If X11 forwarding is in use, it will receive the
488 "proto cookie" pair in its standard input (and DISPLAY in its
489 environment). The script must call xauth(1) because sshd will
490 not run xauth automatically to add X11 cookies.
491
492 The primary purpose of this file is to run any initialization
493 routines which may be needed before the user's home directory
494 becomes accessible; AFS is a particular example of such an enviM--
495 ronment.
496
497 This file will probably contain some initialization code followed
498 by something similar to:
499
500 if read proto cookie && [ -n "$DISPLAY" ]; then
501 if [ `echo $DISPLAY | cut -c1-10` = 'localhost:' ]; then
502 # X11UseLocalhost=yes
503 xauth add unix:`echo $DISPLAY |
504 cut -c11-` $proto $cookie
505 else
506 # X11UseLocalhost=no
507 xauth add $DISPLAY $proto $cookie
508 fi
509 fi
510
511 If this file does not exist, /etc/ssh/sshrc is run, and if that
512 does not exist either, xauth is used to add the cookie.
513
514 This file should be writable only by the user, and need not be
515 readable by anyone else.
516
517 /etc/ssh/sshrc
518 Like $HOME/.ssh/rc. This can be used to specify machine-specific
519 login-time initializations globally. This file should be
520 writable only by root, and should be world-readable.
521
522AUTHORS
523 OpenSSH is a derivative of the original and free ssh 1.2.12 release by
524 Tatu Ylonen. Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, Theo
525 de Raadt and Dug Song removed many bugs, re-added newer features and creM--
526 ated OpenSSH. Markus Friedl contributed the support for SSH protocol
527 versions 1.5 and 2.0. Niels Provos and Markus Friedl contributed support
528 for privilege separation.
529
530SEE ALSO
531 scp(1), sftp(1), ssh(1), ssh-add(1), ssh-agent(1), ssh-keygen(1),
532 login.conf(5), moduli(5), sshd_config(5), sftp-server(8)
533
534 T. Ylonen, T. Kivinen, M. Saarinen, T. Rinne, and S. Lehtinen, SSH
535 Protocol Architecture, draft-ietf-secsh-architecture-12.txt, January
536 2002, work in progress material.
537
538 M. Friedl, N. Provos, and W. A. Simpson, Diffie-Hellman Group Exchange
539 for the SSH Transport Layer Protocol, draft-ietf-secsh-dh-group-
540 exchange-02.txt, January 2002, work in progress material.
541
542BSD September 25, 1999 BSD
generated by cgit v1.2.3 (git 2.39.1) at 2024-06-01 12:46:38 +0000