diff options
author | Colin Watson <cjwatson@debian.org> | 2009-12-29 21:34:25 +0000 |
---|---|---|
committer | Colin Watson <cjwatson@debian.org> | 2009-12-29 21:34:25 +0000 |
commit | fa585019a79ebcb4e0202b1c33f87ff1c5c9ce1c (patch) | |
tree | 28fc9a13eaab935e4de055b561b333d67387a934 /sshd.8 | |
parent | 04942aa41fa94ec6f2c3ce1d348f600f31bb7c78 (diff) | |
parent | 3e2e0ac10674d77618c4c7339e18b83ced247492 (diff) |
import openssh-4.3p2-gsskex-20060223.patch
Diffstat (limited to 'sshd.8')
-rw-r--r-- | sshd.8 | 255 |
1 files changed, 129 insertions, 126 deletions
@@ -34,7 +34,7 @@ | |||
34 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 34 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
35 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 35 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
36 | .\" | 36 | .\" |
37 | .\" $OpenBSD: sshd.8,v 1.208 2005/06/08 03:50:00 djm Exp $ | 37 | .\" $OpenBSD: sshd.8,v 1.215 2006/02/01 09:11:41 jmc Exp $ |
38 | .Dd September 25, 1999 | 38 | .Dd September 25, 1999 |
39 | .Dt SSHD 8 | 39 | .Dt SSHD 8 |
40 | .Os | 40 | .Os |
@@ -56,16 +56,14 @@ | |||
56 | .Ek | 56 | .Ek |
57 | .Sh DESCRIPTION | 57 | .Sh DESCRIPTION |
58 | .Nm | 58 | .Nm |
59 | (SSH Daemon) is the daemon program for | 59 | (OpenSSH Daemon) is the daemon program for |
60 | .Xr ssh 1 . | 60 | .Xr ssh 1 . |
61 | Together these programs replace rlogin and rsh, and | 61 | Together these programs replace rlogin and rsh, and |
62 | provide secure encrypted communications between two untrusted hosts | 62 | provide secure encrypted communications between two untrusted hosts |
63 | over an insecure network. | 63 | over an insecure network. |
64 | The programs are intended to be as easy to | ||
65 | install and use as possible. | ||
66 | .Pp | 64 | .Pp |
67 | .Nm | 65 | .Nm |
68 | is the daemon that listens for connections from clients. | 66 | listens for connections from clients. |
69 | It is normally started at boot from | 67 | It is normally started at boot from |
70 | .Pa /etc/rc . | 68 | .Pa /etc/rc . |
71 | It forks a new | 69 | It forks a new |
@@ -73,119 +71,13 @@ daemon for each incoming connection. | |||
73 | The forked daemons handle | 71 | The forked daemons handle |
74 | key exchange, encryption, authentication, command execution, | 72 | key exchange, encryption, authentication, command execution, |
75 | and data exchange. | 73 | and data exchange. |
76 | This implementation of | ||
77 | .Nm | ||
78 | supports both SSH protocol version 1 and 2 simultaneously. | ||
79 | .Nm | ||
80 | works as follows: | ||
81 | .Ss SSH protocol version 1 | ||
82 | Each host has a host-specific RSA key | ||
83 | (normally 2048 bits) used to identify the host. | ||
84 | Additionally, when | ||
85 | the daemon starts, it generates a server RSA key (normally 768 bits). | ||
86 | This key is normally regenerated every hour if it has been used, and | ||
87 | is never stored on disk. | ||
88 | .Pp | ||
89 | Whenever a client connects, the daemon responds with its public | ||
90 | host and server keys. | ||
91 | The client compares the | ||
92 | RSA host key against its own database to verify that it has not changed. | ||
93 | The client then generates a 256-bit random number. | ||
94 | It encrypts this | ||
95 | random number using both the host key and the server key, and sends | ||
96 | the encrypted number to the server. | ||
97 | Both sides then use this | ||
98 | random number as a session key which is used to encrypt all further | ||
99 | communications in the session. | ||
100 | The rest of the session is encrypted | ||
101 | using a conventional cipher, currently Blowfish or 3DES, with 3DES | ||
102 | being used by default. | ||
103 | The client selects the encryption algorithm | ||
104 | to use from those offered by the server. | ||
105 | .Pp | ||
106 | Next, the server and the client enter an authentication dialog. | ||
107 | The client tries to authenticate itself using | ||
108 | .Em .rhosts | ||
109 | authentication combined with RSA host | ||
110 | authentication, RSA challenge-response authentication, or password | ||
111 | based authentication. | ||
112 | .Pp | ||
113 | Regardless of the authentication type, the account is checked to | ||
114 | ensure that it is accessible. An account is not accessible if it is | ||
115 | locked, listed in | ||
116 | .Cm DenyUsers | ||
117 | or its group is listed in | ||
118 | .Cm DenyGroups | ||
119 | \&. The definition of a locked account is system dependant. Some platforms | ||
120 | have their own account database (eg AIX) and some modify the passwd field ( | ||
121 | .Ql \&*LK\&* | ||
122 | on Solaris, | ||
123 | .Ql \&* | ||
124 | on HP-UX, containing | ||
125 | .Ql Nologin | ||
126 | on Tru64 and a leading | ||
127 | .Ql \&!! | ||
128 | on Linux). If there is a requirement to disable password authentication | ||
129 | for the account while allowing still public-key, then the passwd field | ||
130 | should be set to something other than these values (eg | ||
131 | .Ql NP | ||
132 | or | ||
133 | .Ql \&*NP\&* | ||
134 | ). | ||
135 | .Pp | ||
136 | .Nm rshd , | ||
137 | .Nm rlogind , | ||
138 | and | ||
139 | .Nm rexecd | ||
140 | are disabled (thus completely disabling | ||
141 | .Xr rlogin | ||
142 | and | ||
143 | .Xr rsh | ||
144 | into the machine). | ||
145 | .Ss SSH protocol version 2 | ||
146 | Version 2 works similarly: | ||
147 | Each host has a host-specific key (RSA or DSA) used to identify the host. | ||
148 | However, when the daemon starts, it does not generate a server key. | ||
149 | Forward security is provided through a Diffie-Hellman key agreement. | ||
150 | This key agreement results in a shared session key. | ||
151 | .Pp | ||
152 | The rest of the session is encrypted using a symmetric cipher, currently | ||
153 | 128-bit AES, Blowfish, 3DES, CAST128, Arcfour, 192-bit AES, or 256-bit AES. | ||
154 | The client selects the encryption algorithm | ||
155 | to use from those offered by the server. | ||
156 | Additionally, session integrity is provided | ||
157 | through a cryptographic message authentication code | ||
158 | (hmac-sha1 or hmac-md5). | ||
159 | .Pp | ||
160 | Protocol version 2 provides a public key based | ||
161 | user (PubkeyAuthentication) or | ||
162 | client host (HostbasedAuthentication) authentication method, | ||
163 | conventional password authentication and challenge response based methods. | ||
164 | .Ss Command execution and data forwarding | ||
165 | If the client successfully authenticates itself, a dialog for | ||
166 | preparing the session is entered. | ||
167 | At this time the client may request | ||
168 | things like allocating a pseudo-tty, forwarding X11 connections, | ||
169 | forwarding TCP/IP connections, or forwarding the authentication agent | ||
170 | connection over the secure channel. | ||
171 | .Pp | ||
172 | Finally, the client either requests a shell or execution of a command. | ||
173 | The sides then enter session mode. | ||
174 | In this mode, either side may send | ||
175 | data at any time, and such data is forwarded to/from the shell or | ||
176 | command on the server side, and the user terminal in the client side. | ||
177 | .Pp | ||
178 | When the user program terminates and all forwarded X11 and other | ||
179 | connections have been closed, the server sends command exit status to | ||
180 | the client, and both sides exit. | ||
181 | .Pp | 74 | .Pp |
182 | .Nm | 75 | .Nm |
183 | can be configured using command-line options or a configuration file | 76 | can be configured using command-line options or a configuration file |
184 | (by default | 77 | (by default |
185 | .Xr sshd_config 5 ) . | 78 | .Xr sshd_config 5 ) ; |
186 | Command-line options override values specified in the | 79 | command-line options override values specified in the |
187 | configuration file. | 80 | configuration file. |
188 | .Pp | ||
189 | .Nm | 81 | .Nm |
190 | rereads its configuration file when it receives a hangup signal, | 82 | rereads its configuration file when it receives a hangup signal, |
191 | .Dv SIGHUP , | 83 | .Dv SIGHUP , |
@@ -285,8 +177,12 @@ For full details of the options, and their values, see | |||
285 | Specifies the port on which the server listens for connections | 177 | Specifies the port on which the server listens for connections |
286 | (default 22). | 178 | (default 22). |
287 | Multiple port options are permitted. | 179 | Multiple port options are permitted. |
288 | Ports specified in the configuration file are ignored when a | 180 | Ports specified in the configuration file with the |
289 | command-line port is specified. | 181 | .Cm Port |
182 | option are ignored when a command-line port is specified. | ||
183 | Ports specified using the | ||
184 | .Cm ListenAddress | ||
185 | option override command-line ports. | ||
290 | .It Fl q | 186 | .It Fl q |
291 | Quiet mode. | 187 | Quiet mode. |
292 | Nothing is sent to the system log. | 188 | Nothing is sent to the system log. |
@@ -321,7 +217,7 @@ from making DNS requests unless the authentication | |||
321 | mechanism or configuration requires it. | 217 | mechanism or configuration requires it. |
322 | Authentication mechanisms that may require DNS include | 218 | Authentication mechanisms that may require DNS include |
323 | .Cm RhostsRSAAuthentication , | 219 | .Cm RhostsRSAAuthentication , |
324 | .Cm HostbasedAuthentication | 220 | .Cm HostbasedAuthentication , |
325 | and using a | 221 | and using a |
326 | .Cm from="pattern-list" | 222 | .Cm from="pattern-list" |
327 | option in a key file. | 223 | option in a key file. |
@@ -331,15 +227,114 @@ USER@HOST pattern in | |||
331 | or | 227 | or |
332 | .Cm DenyUsers . | 228 | .Cm DenyUsers . |
333 | .El | 229 | .El |
334 | .Sh CONFIGURATION FILE | 230 | .Sh AUTHENTICATION |
335 | .Nm | 231 | The OpenSSH SSH daemon supports SSH protocols 1 and 2. |
336 | reads configuration data from | 232 | Both protocols are supported by default, |
337 | .Pa /etc/ssh/sshd_config | 233 | though this can be changed via the |
338 | (or the file specified with | 234 | .Cm Protocol |
339 | .Fl f | 235 | option in |
340 | on the command line). | ||
341 | The file format and configuration options are described in | ||
342 | .Xr sshd_config 5 . | 236 | .Xr sshd_config 5 . |
237 | Protocol 2 supports both RSA and DSA keys; | ||
238 | protocol 1 only supports RSA keys. | ||
239 | For both protocols, | ||
240 | each host has a host-specific key, | ||
241 | normally 2048 bits, | ||
242 | used to identify the host. | ||
243 | .Pp | ||
244 | Forward security for protocol 1 is provided through | ||
245 | an additional server key, | ||
246 | normally 768 bits, | ||
247 | generated when the server starts. | ||
248 | This key is normally regenerated every hour if it has been used, and | ||
249 | is never stored on disk. | ||
250 | Whenever a client connects, the daemon responds with its public | ||
251 | host and server keys. | ||
252 | The client compares the | ||
253 | RSA host key against its own database to verify that it has not changed. | ||
254 | The client then generates a 256-bit random number. | ||
255 | It encrypts this | ||
256 | random number using both the host key and the server key, and sends | ||
257 | the encrypted number to the server. | ||
258 | Both sides then use this | ||
259 | random number as a session key which is used to encrypt all further | ||
260 | communications in the session. | ||
261 | The rest of the session is encrypted | ||
262 | using a conventional cipher, currently Blowfish or 3DES, with 3DES | ||
263 | being used by default. | ||
264 | The client selects the encryption algorithm | ||
265 | to use from those offered by the server. | ||
266 | .Pp | ||
267 | For protocol 2, | ||
268 | forward security is provided through a Diffie-Hellman key agreement. | ||
269 | This key agreement results in a shared session key. | ||
270 | The rest of the session is encrypted using a symmetric cipher, currently | ||
271 | 128-bit AES, Blowfish, 3DES, CAST128, Arcfour, 192-bit AES, or 256-bit AES. | ||
272 | The client selects the encryption algorithm | ||
273 | to use from those offered by the server. | ||
274 | Additionally, session integrity is provided | ||
275 | through a cryptographic message authentication code | ||
276 | (hmac-sha1 or hmac-md5). | ||
277 | .Pp | ||
278 | Finally, the server and the client enter an authentication dialog. | ||
279 | The client tries to authenticate itself using | ||
280 | host-based authentication, | ||
281 | public key authentication, | ||
282 | challenge-response authentication, | ||
283 | or password authentication. | ||
284 | .Pp | ||
285 | Regardless of the authentication type, the account is checked to | ||
286 | ensure that it is accessible. An account is not accessible if it is | ||
287 | locked, listed in | ||
288 | .Cm DenyUsers | ||
289 | or its group is listed in | ||
290 | .Cm DenyGroups | ||
291 | \&. The definition of a locked account is system dependant. Some platforms | ||
292 | have their own account database (eg AIX) and some modify the passwd field ( | ||
293 | .Ql \&*LK\&* | ||
294 | on Solaris and UnixWare, | ||
295 | .Ql \&* | ||
296 | on HP-UX, containing | ||
297 | .Ql Nologin | ||
298 | on Tru64, | ||
299 | a leading | ||
300 | .Ql \&*LOCKED\&* | ||
301 | on FreeBSD and a leading | ||
302 | .Ql \&!! | ||
303 | on Linux). If there is a requirement to disable password authentication | ||
304 | for the account while allowing still public-key, then the passwd field | ||
305 | should be set to something other than these values (eg | ||
306 | .Ql NP | ||
307 | or | ||
308 | .Ql \&*NP\&* | ||
309 | ). | ||
310 | .Pp | ||
311 | System security is not improved unless | ||
312 | .Nm rshd , | ||
313 | .Nm rlogind , | ||
314 | and | ||
315 | .Nm rexecd | ||
316 | are disabled (thus completely disabling | ||
317 | .Xr rlogin | ||
318 | and | ||
319 | .Xr rsh | ||
320 | into the machine). | ||
321 | .Sh COMMAND EXECUTION AND DATA FORWARDING | ||
322 | If the client successfully authenticates itself, a dialog for | ||
323 | preparing the session is entered. | ||
324 | At this time the client may request | ||
325 | things like allocating a pseudo-tty, forwarding X11 connections, | ||
326 | forwarding TCP connections, or forwarding the authentication agent | ||
327 | connection over the secure channel. | ||
328 | .Pp | ||
329 | Finally, the client either requests a shell or execution of a command. | ||
330 | The sides then enter session mode. | ||
331 | In this mode, either side may send | ||
332 | data at any time, and such data is forwarded to/from the shell or | ||
333 | command on the server side, and the user terminal in the client side. | ||
334 | .Pp | ||
335 | When the user program terminates and all forwarded X11 and other | ||
336 | connections have been closed, the server sends command exit status to | ||
337 | the client, and both sides exit. | ||
343 | .Sh LOGIN PROCESS | 338 | .Sh LOGIN PROCESS |
344 | When a user successfully logs in, | 339 | When a user successfully logs in, |
345 | .Nm | 340 | .Nm |
@@ -473,7 +468,7 @@ A quote may be included in the command by quoting it with a backslash. | |||
473 | This option might be useful | 468 | This option might be useful |
474 | to restrict certain public keys to perform just a specific operation. | 469 | to restrict certain public keys to perform just a specific operation. |
475 | An example might be a key that permits remote backups but nothing else. | 470 | An example might be a key that permits remote backups but nothing else. |
476 | Note that the client may specify TCP/IP and/or X11 | 471 | Note that the client may specify TCP and/or X11 |
477 | forwarding unless they are explicitly prohibited. | 472 | forwarding unless they are explicitly prohibited. |
478 | Note that this option applies to shell, command or subsystem execution. | 473 | Note that this option applies to shell, command or subsystem execution. |
479 | .It Cm environment="NAME=value" | 474 | .It Cm environment="NAME=value" |
@@ -490,7 +485,7 @@ This option is automatically disabled if | |||
490 | .Cm UseLogin | 485 | .Cm UseLogin |
491 | is enabled. | 486 | is enabled. |
492 | .It Cm no-port-forwarding | 487 | .It Cm no-port-forwarding |
493 | Forbids TCP/IP forwarding when this key is used for authentication. | 488 | Forbids TCP forwarding when this key is used for authentication. |
494 | Any port forward requests by the client will return an error. | 489 | Any port forward requests by the client will return an error. |
495 | This might be used, e.g., in connection with the | 490 | This might be used, e.g., in connection with the |
496 | .Cm command | 491 | .Cm command |
@@ -515,6 +510,12 @@ Multiple | |||
515 | options may be applied separated by commas. | 510 | options may be applied separated by commas. |
516 | No pattern matching is performed on the specified hostnames, | 511 | No pattern matching is performed on the specified hostnames, |
517 | they must be literal domains or addresses. | 512 | they must be literal domains or addresses. |
513 | .It Cm tunnel="n" | ||
514 | Force a | ||
515 | .Xr tun 4 | ||
516 | device on the server. | ||
517 | Without this option, the next available device will be used if | ||
518 | the client requests a tunnel. | ||
518 | .El | 519 | .El |
519 | .Ss Examples | 520 | .Ss Examples |
520 | 1024 33 12121...312314325 ylo@foo.bar | 521 | 1024 33 12121...312314325 ylo@foo.bar |
@@ -524,6 +525,8 @@ from="*.niksula.hut.fi,!pc.niksula.hut.fi" 1024 35 23...2334 ylo@niksula | |||
524 | command="dump /home",no-pty,no-port-forwarding 1024 33 23...2323 backup.hut.fi | 525 | command="dump /home",no-pty,no-port-forwarding 1024 33 23...2323 backup.hut.fi |
525 | .Pp | 526 | .Pp |
526 | permitopen="10.2.1.55:80",permitopen="10.2.1.56:25" 1024 33 23...2323 | 527 | permitopen="10.2.1.55:80",permitopen="10.2.1.56:25" 1024 33 23...2323 |
528 | .Pp | ||
529 | tunnel="0",command="sh /etc/netstart tun0" ssh-rsa AAAA...== reyk@openbsd.org | ||
527 | .Sh SSH_KNOWN_HOSTS FILE FORMAT | 530 | .Sh SSH_KNOWN_HOSTS FILE FORMAT |
528 | The | 531 | The |
529 | .Pa /etc/ssh/ssh_known_hosts | 532 | .Pa /etc/ssh/ssh_known_hosts |