summaryrefslogtreecommitdiff
path: root/sshd.8
diff options
context:
space:
mode:
authorColin Watson <cjwatson@debian.org>2009-12-29 21:34:25 +0000
committerColin Watson <cjwatson@debian.org>2009-12-29 21:34:25 +0000
commitfa585019a79ebcb4e0202b1c33f87ff1c5c9ce1c (patch)
tree28fc9a13eaab935e4de055b561b333d67387a934 /sshd.8
parent04942aa41fa94ec6f2c3ce1d348f600f31bb7c78 (diff)
parent3e2e0ac10674d77618c4c7339e18b83ced247492 (diff)
import openssh-4.3p2-gsskex-20060223.patch
Diffstat (limited to 'sshd.8')
-rw-r--r--sshd.8255
1 files changed, 129 insertions, 126 deletions
diff --git a/sshd.8 b/sshd.8
index fdff4ac91..51d339b65 100644
--- a/sshd.8
+++ b/sshd.8
@@ -34,7 +34,7 @@
34.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 34.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
35.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 35.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
36.\" 36.\"
37.\" $OpenBSD: sshd.8,v 1.208 2005/06/08 03:50:00 djm Exp $ 37.\" $OpenBSD: sshd.8,v 1.215 2006/02/01 09:11:41 jmc Exp $
38.Dd September 25, 1999 38.Dd September 25, 1999
39.Dt SSHD 8 39.Dt SSHD 8
40.Os 40.Os
@@ -56,16 +56,14 @@
56.Ek 56.Ek
57.Sh DESCRIPTION 57.Sh DESCRIPTION
58.Nm 58.Nm
59(SSH Daemon) is the daemon program for 59(OpenSSH Daemon) is the daemon program for
60.Xr ssh 1 . 60.Xr ssh 1 .
61Together these programs replace rlogin and rsh, and 61Together these programs replace rlogin and rsh, and
62provide secure encrypted communications between two untrusted hosts 62provide secure encrypted communications between two untrusted hosts
63over an insecure network. 63over an insecure network.
64The programs are intended to be as easy to
65install and use as possible.
66.Pp 64.Pp
67.Nm 65.Nm
68is the daemon that listens for connections from clients. 66listens for connections from clients.
69It is normally started at boot from 67It is normally started at boot from
70.Pa /etc/rc . 68.Pa /etc/rc .
71It forks a new 69It forks a new
@@ -73,119 +71,13 @@ daemon for each incoming connection.
73The forked daemons handle 71The forked daemons handle
74key exchange, encryption, authentication, command execution, 72key exchange, encryption, authentication, command execution,
75and data exchange. 73and data exchange.
76This implementation of
77.Nm
78supports both SSH protocol version 1 and 2 simultaneously.
79.Nm
80works as follows:
81.Ss SSH protocol version 1
82Each host has a host-specific RSA key
83(normally 2048 bits) used to identify the host.
84Additionally, when
85the daemon starts, it generates a server RSA key (normally 768 bits).
86This key is normally regenerated every hour if it has been used, and
87is never stored on disk.
88.Pp
89Whenever a client connects, the daemon responds with its public
90host and server keys.
91The client compares the
92RSA host key against its own database to verify that it has not changed.
93The client then generates a 256-bit random number.
94It encrypts this
95random number using both the host key and the server key, and sends
96the encrypted number to the server.
97Both sides then use this
98random number as a session key which is used to encrypt all further
99communications in the session.
100The rest of the session is encrypted
101using a conventional cipher, currently Blowfish or 3DES, with 3DES
102being used by default.
103The client selects the encryption algorithm
104to use from those offered by the server.
105.Pp
106Next, the server and the client enter an authentication dialog.
107The client tries to authenticate itself using
108.Em .rhosts
109authentication combined with RSA host
110authentication, RSA challenge-response authentication, or password
111based authentication.
112.Pp
113Regardless of the authentication type, the account is checked to
114ensure that it is accessible. An account is not accessible if it is
115locked, listed in
116.Cm DenyUsers
117or its group is listed in
118.Cm DenyGroups
119\&. The definition of a locked account is system dependant. Some platforms
120have their own account database (eg AIX) and some modify the passwd field (
121.Ql \&*LK\&*
122on Solaris,
123.Ql \&*
124on HP-UX, containing
125.Ql Nologin
126on Tru64 and a leading
127.Ql \&!!
128on Linux). If there is a requirement to disable password authentication
129for the account while allowing still public-key, then the passwd field
130should be set to something other than these values (eg
131.Ql NP
132or
133.Ql \&*NP\&*
134).
135.Pp
136.Nm rshd ,
137.Nm rlogind ,
138and
139.Nm rexecd
140are disabled (thus completely disabling
141.Xr rlogin
142and
143.Xr rsh
144into the machine).
145.Ss SSH protocol version 2
146Version 2 works similarly:
147Each host has a host-specific key (RSA or DSA) used to identify the host.
148However, when the daemon starts, it does not generate a server key.
149Forward security is provided through a Diffie-Hellman key agreement.
150This key agreement results in a shared session key.
151.Pp
152The rest of the session is encrypted using a symmetric cipher, currently
153128-bit AES, Blowfish, 3DES, CAST128, Arcfour, 192-bit AES, or 256-bit AES.
154The client selects the encryption algorithm
155to use from those offered by the server.
156Additionally, session integrity is provided
157through a cryptographic message authentication code
158(hmac-sha1 or hmac-md5).
159.Pp
160Protocol version 2 provides a public key based
161user (PubkeyAuthentication) or
162client host (HostbasedAuthentication) authentication method,
163conventional password authentication and challenge response based methods.
164.Ss Command execution and data forwarding
165If the client successfully authenticates itself, a dialog for
166preparing the session is entered.
167At this time the client may request
168things like allocating a pseudo-tty, forwarding X11 connections,
169forwarding TCP/IP connections, or forwarding the authentication agent
170connection over the secure channel.
171.Pp
172Finally, the client either requests a shell or execution of a command.
173The sides then enter session mode.
174In this mode, either side may send
175data at any time, and such data is forwarded to/from the shell or
176command on the server side, and the user terminal in the client side.
177.Pp
178When the user program terminates and all forwarded X11 and other
179connections have been closed, the server sends command exit status to
180the client, and both sides exit.
181.Pp 74.Pp
182.Nm 75.Nm
183can be configured using command-line options or a configuration file 76can be configured using command-line options or a configuration file
184(by default 77(by default
185.Xr sshd_config 5 ) . 78.Xr sshd_config 5 ) ;
186Command-line options override values specified in the 79command-line options override values specified in the
187configuration file. 80configuration file.
188.Pp
189.Nm 81.Nm
190rereads its configuration file when it receives a hangup signal, 82rereads its configuration file when it receives a hangup signal,
191.Dv SIGHUP , 83.Dv SIGHUP ,
@@ -285,8 +177,12 @@ For full details of the options, and their values, see
285Specifies the port on which the server listens for connections 177Specifies the port on which the server listens for connections
286(default 22). 178(default 22).
287Multiple port options are permitted. 179Multiple port options are permitted.
288Ports specified in the configuration file are ignored when a 180Ports specified in the configuration file with the
289command-line port is specified. 181.Cm Port
182option are ignored when a command-line port is specified.
183Ports specified using the
184.Cm ListenAddress
185option override command-line ports.
290.It Fl q 186.It Fl q
291Quiet mode. 187Quiet mode.
292Nothing is sent to the system log. 188Nothing is sent to the system log.
@@ -321,7 +217,7 @@ from making DNS requests unless the authentication
321mechanism or configuration requires it. 217mechanism or configuration requires it.
322Authentication mechanisms that may require DNS include 218Authentication mechanisms that may require DNS include
323.Cm RhostsRSAAuthentication , 219.Cm RhostsRSAAuthentication ,
324.Cm HostbasedAuthentication 220.Cm HostbasedAuthentication ,
325and using a 221and using a
326.Cm from="pattern-list" 222.Cm from="pattern-list"
327option in a key file. 223option in a key file.
@@ -331,15 +227,114 @@ USER@HOST pattern in
331or 227or
332.Cm DenyUsers . 228.Cm DenyUsers .
333.El 229.El
334.Sh CONFIGURATION FILE 230.Sh AUTHENTICATION
335.Nm 231The OpenSSH SSH daemon supports SSH protocols 1 and 2.
336reads configuration data from 232Both protocols are supported by default,
337.Pa /etc/ssh/sshd_config 233though this can be changed via the
338(or the file specified with 234.Cm Protocol
339.Fl f 235option in
340on the command line).
341The file format and configuration options are described in
342.Xr sshd_config 5 . 236.Xr sshd_config 5 .
237Protocol 2 supports both RSA and DSA keys;
238protocol 1 only supports RSA keys.
239For both protocols,
240each host has a host-specific key,
241normally 2048 bits,
242used to identify the host.
243.Pp
244Forward security for protocol 1 is provided through
245an additional server key,
246normally 768 bits,
247generated when the server starts.
248This key is normally regenerated every hour if it has been used, and
249is never stored on disk.
250Whenever a client connects, the daemon responds with its public
251host and server keys.
252The client compares the
253RSA host key against its own database to verify that it has not changed.
254The client then generates a 256-bit random number.
255It encrypts this
256random number using both the host key and the server key, and sends
257the encrypted number to the server.
258Both sides then use this
259random number as a session key which is used to encrypt all further
260communications in the session.
261The rest of the session is encrypted
262using a conventional cipher, currently Blowfish or 3DES, with 3DES
263being used by default.
264The client selects the encryption algorithm
265to use from those offered by the server.
266.Pp
267For protocol 2,
268forward security is provided through a Diffie-Hellman key agreement.
269This key agreement results in a shared session key.
270The rest of the session is encrypted using a symmetric cipher, currently
271128-bit AES, Blowfish, 3DES, CAST128, Arcfour, 192-bit AES, or 256-bit AES.
272The client selects the encryption algorithm
273to use from those offered by the server.
274Additionally, session integrity is provided
275through a cryptographic message authentication code
276(hmac-sha1 or hmac-md5).
277.Pp
278Finally, the server and the client enter an authentication dialog.
279The client tries to authenticate itself using
280host-based authentication,
281public key authentication,
282challenge-response authentication,
283or password authentication.
284.Pp
285Regardless of the authentication type, the account is checked to
286ensure that it is accessible. An account is not accessible if it is
287locked, listed in
288.Cm DenyUsers
289or its group is listed in
290.Cm DenyGroups
291\&. The definition of a locked account is system dependant. Some platforms
292have their own account database (eg AIX) and some modify the passwd field (
293.Ql \&*LK\&*
294on Solaris and UnixWare,
295.Ql \&*
296on HP-UX, containing
297.Ql Nologin
298on Tru64,
299a leading
300.Ql \&*LOCKED\&*
301on FreeBSD and a leading
302.Ql \&!!
303on Linux). If there is a requirement to disable password authentication
304for the account while allowing still public-key, then the passwd field
305should be set to something other than these values (eg
306.Ql NP
307or
308.Ql \&*NP\&*
309).
310.Pp
311System security is not improved unless
312.Nm rshd ,
313.Nm rlogind ,
314and
315.Nm rexecd
316are disabled (thus completely disabling
317.Xr rlogin
318and
319.Xr rsh
320into the machine).
321.Sh COMMAND EXECUTION AND DATA FORWARDING
322If the client successfully authenticates itself, a dialog for
323preparing the session is entered.
324At this time the client may request
325things like allocating a pseudo-tty, forwarding X11 connections,
326forwarding TCP connections, or forwarding the authentication agent
327connection over the secure channel.
328.Pp
329Finally, the client either requests a shell or execution of a command.
330The sides then enter session mode.
331In this mode, either side may send
332data at any time, and such data is forwarded to/from the shell or
333command on the server side, and the user terminal in the client side.
334.Pp
335When the user program terminates and all forwarded X11 and other
336connections have been closed, the server sends command exit status to
337the client, and both sides exit.
343.Sh LOGIN PROCESS 338.Sh LOGIN PROCESS
344When a user successfully logs in, 339When a user successfully logs in,
345.Nm 340.Nm
@@ -473,7 +468,7 @@ A quote may be included in the command by quoting it with a backslash.
473This option might be useful 468This option might be useful
474to restrict certain public keys to perform just a specific operation. 469to restrict certain public keys to perform just a specific operation.
475An example might be a key that permits remote backups but nothing else. 470An example might be a key that permits remote backups but nothing else.
476Note that the client may specify TCP/IP and/or X11 471Note that the client may specify TCP and/or X11
477forwarding unless they are explicitly prohibited. 472forwarding unless they are explicitly prohibited.
478Note that this option applies to shell, command or subsystem execution. 473Note that this option applies to shell, command or subsystem execution.
479.It Cm environment="NAME=value" 474.It Cm environment="NAME=value"
@@ -490,7 +485,7 @@ This option is automatically disabled if
490.Cm UseLogin 485.Cm UseLogin
491is enabled. 486is enabled.
492.It Cm no-port-forwarding 487.It Cm no-port-forwarding
493Forbids TCP/IP forwarding when this key is used for authentication. 488Forbids TCP forwarding when this key is used for authentication.
494Any port forward requests by the client will return an error. 489Any port forward requests by the client will return an error.
495This might be used, e.g., in connection with the 490This might be used, e.g., in connection with the
496.Cm command 491.Cm command
@@ -515,6 +510,12 @@ Multiple
515options may be applied separated by commas. 510options may be applied separated by commas.
516No pattern matching is performed on the specified hostnames, 511No pattern matching is performed on the specified hostnames,
517they must be literal domains or addresses. 512they must be literal domains or addresses.
513.It Cm tunnel="n"
514Force a
515.Xr tun 4
516device on the server.
517Without this option, the next available device will be used if
518the client requests a tunnel.
518.El 519.El
519.Ss Examples 520.Ss Examples
5201024 33 12121...312314325 ylo@foo.bar 5211024 33 12121...312314325 ylo@foo.bar
@@ -524,6 +525,8 @@ from="*.niksula.hut.fi,!pc.niksula.hut.fi" 1024 35 23...2334 ylo@niksula
524command="dump /home",no-pty,no-port-forwarding 1024 33 23...2323 backup.hut.fi 525command="dump /home",no-pty,no-port-forwarding 1024 33 23...2323 backup.hut.fi
525.Pp 526.Pp
526permitopen="10.2.1.55:80",permitopen="10.2.1.56:25" 1024 33 23...2323 527permitopen="10.2.1.55:80",permitopen="10.2.1.56:25" 1024 33 23...2323
528.Pp
529tunnel="0",command="sh /etc/netstart tun0" ssh-rsa AAAA...== reyk@openbsd.org
527.Sh SSH_KNOWN_HOSTS FILE FORMAT 530.Sh SSH_KNOWN_HOSTS FILE FORMAT
528The 531The
529.Pa /etc/ssh/ssh_known_hosts 532.Pa /etc/ssh/ssh_known_hosts