diff options
author | Colin Watson <cjwatson@debian.org> | 2003-09-01 18:33:32 +0000 |
---|---|---|
committer | Colin Watson <cjwatson@debian.org> | 2003-09-01 18:33:32 +0000 |
commit | 58bfa257481a1c6938ada9bbd38801cc45633fb0 (patch) | |
tree | 385160ff5c19376a1e1bfd34fcf5c91cff42908e /sshd_config.0 | |
parent | ae225aa5594655e3fa5685b4dd7f2ae0e1a5e2d7 (diff) | |
parent | 58657d96514cd6f16d82add8d6f4adbb36765758 (diff) |
Import OpenSSH 3.6p1.
Diffstat (limited to 'sshd_config.0')
-rw-r--r-- | sshd_config.0 | 469 |
1 files changed, 469 insertions, 0 deletions
diff --git a/sshd_config.0 b/sshd_config.0 new file mode 100644 index 000000000..e234efdb4 --- /dev/null +++ b/sshd_config.0 | |||
@@ -0,0 +1,469 @@ | |||
1 | SSHD_CONFIG(5) BSD File Formats Manual SSHD_CONFIG(5) | ||
2 | |||
3 | ^[[1mNAME^[[0m | ||
4 | ^[[1msshd_config ^[[22mM-bMM-^R OpenSSH SSH daemon configuration file | ||
5 | |||
6 | ^[[1mSYNOPSIS^[[0m | ||
7 | ^[[4m/etc/ssh/sshd_config^[[0m | ||
8 | |||
9 | ^[[1mDESCRIPTION^[[0m | ||
10 | ^[[1msshd ^[[22mreads configuration data from ^[[4m/etc/ssh/sshd_config^[[24m (or the file | ||
11 | specified with ^[[1mM-bMM-^Rf ^[[22mon the command line). The file contains keywordM-bM-^@M-^ParguM-bM-^@M-^P | ||
12 | ment pairs, one per line. Lines starting with M-bM-^@M-^X#M-bM-^@M-^Y and empty lines are | ||
13 | interpreted as comments. | ||
14 | |||
15 | The possible keywords and their meanings are as follows (note that keyM-bM-^@M-^P | ||
16 | words are caseM-bM-^@M-^Pinsensitive and arguments are caseM-bM-^@M-^Psensitive): | ||
17 | |||
18 | ^[[1mAFSTokenPassing^[[0m | ||
19 | Specifies whether an AFS token may be forwarded to the server. | ||
20 | Default is M-bM-^@M-^\noM-bM-^@M-^]. | ||
21 | |||
22 | ^[[1mAllowGroups^[[0m | ||
23 | This keyword can be followed by a list of group name patterns, | ||
24 | separated by spaces. If specified, login is allowed only for | ||
25 | users whose primary group or supplementary group list matches one | ||
26 | of the patterns. M-bM-^@M-^X*M-bM-^@M-^Y and M-bM-^@M-^XM-bM-^@M-^Y? can be used as wildcards in the | ||
27 | patterns. Only group names are valid; a numerical group ID is | ||
28 | not recognized. By default, login is allowed for all groups. | ||
29 | |||
30 | ^[[1mAllowTcpForwarding^[[0m | ||
31 | Specifies whether TCP forwarding is permitted. The default is | ||
32 | M-bM-^@M-^\yesM-bM-^@M-^]. Note that disabling TCP forwarding does not improve secuM-bM-^@M-^P | ||
33 | rity unless users are also denied shell access, as they can | ||
34 | always install their own forwarders. | ||
35 | |||
36 | ^[[1mAllowUsers^[[0m | ||
37 | This keyword can be followed by a list of user name patterns, | ||
38 | separated by spaces. If specified, login is allowed only for | ||
39 | user names that match one of the patterns. M-bM-^@M-^X*M-bM-^@M-^Y and M-bM-^@M-^XM-bM-^@M-^Y? can be | ||
40 | used as wildcards in the patterns. Only user names are valid; a | ||
41 | numerical user ID is not recognized. By default, login is | ||
42 | allowed for all users. If the pattern takes the form USER@HOST | ||
43 | then USER and HOST are separately checked, restricting logins to | ||
44 | particular users from particular hosts. | ||
45 | |||
46 | ^[[1mAuthorizedKeysFile^[[0m | ||
47 | Specifies the file that contains the public keys that can be used | ||
48 | for user authentication. ^[[1mAuthorizedKeysFile ^[[22mmay contain tokens | ||
49 | of the form %T which are substituted during connection setM-bM-^@M-^Pup. | ||
50 | The following tokens are defined: %% is replaced by a literal | ||
51 | M-bM-^@M-^Y%M-bM-^@M-^Y, %h is replaced by the home directory of the user being | ||
52 | authenticated and %u is replaced by the username of that user. | ||
53 | After expansion, ^[[1mAuthorizedKeysFile ^[[22mis taken to be an absolute | ||
54 | path or one relative to the userM-bM-^@M-^Ys home directory. The default | ||
55 | is M-bM-^@M-^\.ssh/authorized_keysM-bM-^@M-^]. | ||
56 | |||
57 | ^[[1mBanner ^[[22mIn some jurisdictions, sending a warning message before authentiM-bM-^@M-^P | ||
58 | cation may be relevant for getting legal protection. The conM-bM-^@M-^P | ||
59 | tents of the specified file are sent to the remote user before | ||
60 | authentication is allowed. This option is only available for | ||
61 | protocol version 2. By default, no banner is displayed. | ||
62 | |||
63 | ^[[1mChallengeResponseAuthentication^[[0m | ||
64 | Specifies whether challenge response authentication is allowed. | ||
65 | All authentication styles from login.conf(5) are supported. The | ||
66 | default is M-bM-^@M-^\yesM-bM-^@M-^]. | ||
67 | |||
68 | ^[[1mCiphers^[[0m | ||
69 | Specifies the ciphers allowed for protocol version 2. Multiple | ||
70 | ciphers must be commaM-bM-^@M-^Pseparated. The default is | ||
71 | |||
72 | M-bM-^@M-^XM-bM-^@M-^Xaes128M-bM-^@M-^Pcbc,3desM-bM-^@M-^Pcbc,blowfishM-bM-^@M-^Pcbc,cast128M-bM-^@M-^Pcbc,arcfour, | ||
73 | aes192M-bM-^@M-^Pcbc,aes256M-bM-^@M-^PcbcM-bM-^@M-^YM-bM-^@M-^Y | ||
74 | |||
75 | ^[[1mClientAliveInterval^[[0m | ||
76 | Sets a timeout interval in seconds after which if no data has | ||
77 | been received from the client, ^[[1msshd ^[[22mwill send a message through | ||
78 | the encrypted channel to request a response from the client. The | ||
79 | default is 0, indicating that these messages will not be sent to | ||
80 | the client. This option applies to protocol version 2 only. | ||
81 | |||
82 | ^[[1mClientAliveCountMax^[[0m | ||
83 | Sets the number of client alive messages (see above) which may be | ||
84 | sent without ^[[1msshd ^[[22mreceiving any messages back from the client. If | ||
85 | this threshold is reached while client alive messages are being | ||
86 | sent, ^[[1msshd ^[[22mwill disconnect the client, terminating the session. | ||
87 | It is important to note that the use of client alive messages is | ||
88 | very different from ^[[1mKeepAlive ^[[22m(below). The client alive messages | ||
89 | are sent through the encrypted channel and therefore will not be | ||
90 | spoofable. The TCP keepalive option enabled by ^[[1mKeepAlive ^[[22mis | ||
91 | spoofable. The client alive mechanism is valuable when the client | ||
92 | or server depend on knowing when a connection has become inacM-bM-^@M-^P | ||
93 | tive. | ||
94 | |||
95 | The default value is 3. If ^[[1mClientAliveInterval ^[[22m(above) is set to | ||
96 | 15, and ^[[1mClientAliveCountMax ^[[22mis left at the default, unresponsive | ||
97 | ssh clients will be disconnected after approximately 45 seconds. | ||
98 | |||
99 | ^[[1mCompression^[[0m | ||
100 | Specifies whether compression is allowed. The argument must be | ||
101 | M-bM-^@M-^\yesM-bM-^@M-^] or M-bM-^@M-^\noM-bM-^@M-^]. The default is M-bM-^@M-^\yesM-bM-^@M-^]. | ||
102 | |||
103 | ^[[1mDenyGroups^[[0m | ||
104 | This keyword can be followed by a list of group name patterns, | ||
105 | separated by spaces. Login is disallowed for users whose primary | ||
106 | group or supplementary group list matches one of the patterns. | ||
107 | M-bM-^@M-^X*M-bM-^@M-^Y and M-bM-^@M-^XM-bM-^@M-^Y? can be used as wildcards in the patterns. Only | ||
108 | group names are valid; a numerical group ID is not recognized. | ||
109 | By default, login is allowed for all groups. | ||
110 | |||
111 | ^[[1mDenyUsers^[[0m | ||
112 | This keyword can be followed by a list of user name patterns, | ||
113 | separated by spaces. Login is disallowed for user names that | ||
114 | match one of the patterns. M-bM-^@M-^X*M-bM-^@M-^Y and M-bM-^@M-^XM-bM-^@M-^Y? can be used as wildcards | ||
115 | in the patterns. Only user names are valid; a numerical user ID | ||
116 | is not recognized. By default, login is allowed for all users. | ||
117 | If the pattern takes the form USER@HOST then USER and HOST are | ||
118 | separately checked, restricting logins to particular users from | ||
119 | particular hosts. | ||
120 | |||
121 | ^[[1mGatewayPorts^[[0m | ||
122 | Specifies whether remote hosts are allowed to connect to ports | ||
123 | forwarded for the client. By default, ^[[1msshd ^[[22mbinds remote port | ||
124 | forwardings to the loopback address. This prevents other remote | ||
125 | hosts from connecting to forwarded ports. ^[[1mGatewayPorts ^[[22mcan be | ||
126 | used to specify that ^[[1msshd ^[[22mshould bind remote port forwardings to | ||
127 | the wildcard address, thus allowing remote hosts to connect to | ||
128 | forwarded ports. The argument must be M-bM-^@M-^\yesM-bM-^@M-^] or M-bM-^@M-^\noM-bM-^@M-^]. The | ||
129 | default is M-bM-^@M-^\noM-bM-^@M-^]. | ||
130 | |||
131 | ^[[1mHostbasedAuthentication^[[0m | ||
132 | Specifies whether rhosts or /etc/hosts.equiv authentication | ||
133 | together with successful public key client host authentication is | ||
134 | allowed (hostbased authentication). This option is similar to | ||
135 | ^[[1mRhostsRSAAuthentication ^[[22mand applies to protocol version 2 only. | ||
136 | The default is M-bM-^@M-^\noM-bM-^@M-^]. | ||
137 | |||
138 | ^[[1mHostKey^[[0m | ||
139 | Specifies a file containing a private host key used by SSH. The | ||
140 | default is ^[[4m/etc/ssh/ssh_host_key^[[24m for protocol version 1, and | ||
141 | ^[[4m/etc/ssh/ssh_host_rsa_key^[[24m and ^[[4m/etc/ssh/ssh_host_dsa_key^[[24m for proM-bM-^@M-^P | ||
142 | tocol version 2. Note that ^[[1msshd ^[[22mwill refuse to use a file if it | ||
143 | is group/worldM-bM-^@M-^Paccessible. It is possible to have multiple host | ||
144 | key files. M-bM-^@M-^\rsa1M-bM-^@M-^] keys are used for version 1 and M-bM-^@M-^\dsaM-bM-^@M-^] or M-bM-^@M-^\rsaM-bM-^@M-^] | ||
145 | are used for version 2 of the SSH protocol. | ||
146 | |||
147 | ^[[1mIgnoreRhosts^[[0m | ||
148 | Specifies that ^[[4m.rhosts^[[24m and ^[[4m.shosts^[[24m files will not be used in | ||
149 | ^[[1mRhostsAuthentication^[[22m, ^[[1mRhostsRSAAuthentication ^[[22mor | ||
150 | ^[[1mHostbasedAuthentication^[[22m. | ||
151 | |||
152 | ^[[4m/etc/hosts.equiv^[[24m and ^[[4m/etc/shosts.equiv^[[24m are still used. The | ||
153 | default is M-bM-^@M-^\yesM-bM-^@M-^]. | ||
154 | |||
155 | ^[[1mIgnoreUserKnownHosts^[[0m | ||
156 | Specifies whether ^[[1msshd ^[[22mshould ignore the userM-bM-^@M-^Ys | ||
157 | ^[[4m$HOME/.ssh/known_hosts^[[24m during ^[[1mRhostsRSAAuthentication ^[[22mor | ||
158 | ^[[1mHostbasedAuthentication^[[22m. The default is M-bM-^@M-^\noM-bM-^@M-^]. | ||
159 | |||
160 | ^[[1mKeepAlive^[[0m | ||
161 | Specifies whether the system should send TCP keepalive messages | ||
162 | to the other side. If they are sent, death of the connection or | ||
163 | crash of one of the machines will be properly noticed. However, | ||
164 | this means that connections will die if the route is down temM-bM-^@M-^P | ||
165 | porarily, and some people find it annoying. On the other hand, | ||
166 | if keepalives are not sent, sessions may hang indefinitely on the | ||
167 | server, leaving M-bM-^@M-^\ghostM-bM-^@M-^] users and consuming server resources. | ||
168 | |||
169 | The default is M-bM-^@M-^\yesM-bM-^@M-^] (to send keepalives), and the server will | ||
170 | notice if the network goes down or the client host crashes. This | ||
171 | avoids infinitely hanging sessions. | ||
172 | |||
173 | To disable keepalives, the value should be set to M-bM-^@M-^\noM-bM-^@M-^]. | ||
174 | |||
175 | ^[[1mKerberosAuthentication^[[0m | ||
176 | Specifies whether Kerberos authentication is allowed. This can | ||
177 | be in the form of a Kerberos ticket, or if ^[[1mPasswordAuthentication^[[0m | ||
178 | is yes, the password provided by the user will be validated | ||
179 | through the Kerberos KDC. To use this option, the server needs a | ||
180 | Kerberos servtab which allows the verification of the KDCM-bM-^@M-^Ys idenM-bM-^@M-^P | ||
181 | tity. Default is M-bM-^@M-^\noM-bM-^@M-^]. | ||
182 | |||
183 | ^[[1mKerberosOrLocalPasswd^[[0m | ||
184 | If set then if password authentication through Kerberos fails | ||
185 | then the password will be validated via any additional local | ||
186 | mechanism such as ^[[4m/etc/passwd^[[24m. Default is M-bM-^@M-^\yesM-bM-^@M-^]. | ||
187 | |||
188 | ^[[1mKerberosTgtPassing^[[0m | ||
189 | Specifies whether a Kerberos TGT may be forwarded to the server. | ||
190 | Default is M-bM-^@M-^\noM-bM-^@M-^], as this only works when the Kerberos KDC is | ||
191 | actually an AFS kaserver. | ||
192 | |||
193 | ^[[1mKerberosTicketCleanup^[[0m | ||
194 | Specifies whether to automatically destroy the userM-bM-^@M-^Ys ticket | ||
195 | cache file on logout. Default is M-bM-^@M-^\yesM-bM-^@M-^]. | ||
196 | |||
197 | ^[[1mKeyRegenerationInterval^[[0m | ||
198 | In protocol version 1, the ephemeral server key is automatically | ||
199 | regenerated after this many seconds (if it has been used). The | ||
200 | purpose of regeneration is to prevent decrypting captured sesM-bM-^@M-^P | ||
201 | sions by later breaking into the machine and stealing the keys. | ||
202 | The key is never stored anywhere. If the value is 0, the key is | ||
203 | never regenerated. The default is 3600 (seconds). | ||
204 | |||
205 | ^[[1mListenAddress^[[0m | ||
206 | Specifies the local addresses ^[[1msshd ^[[22mshould listen on. The followM-bM-^@M-^P | ||
207 | ing forms may be used: | ||
208 | |||
209 | ^[[1mListenAddress ^[[4m^[[22mhost^[[24m|^[[4mIPv4_addr^[[24m|^[[4mIPv6_addr^[[0m | ||
210 | ^[[1mListenAddress ^[[4m^[[22mhost^[[24m|^[[4mIPv4_addr^[[24m:^[[4mport^[[0m | ||
211 | ^[[1mListenAddress ^[[22m[^[[4mhost^[[24m|^[[4mIPv6_addr^[[24m]:^[[4mport^[[0m | ||
212 | |||
213 | If ^[[4mport^[[24m is not specified, ^[[1msshd ^[[22mwill listen on the address and all | ||
214 | prior ^[[1mPort ^[[22moptions specified. The default is to listen on all | ||
215 | local addresses. Multiple ^[[1mListenAddress ^[[22moptions are permitted. | ||
216 | Additionally, any ^[[1mPort ^[[22moptions must precede this option for non | ||
217 | port qualified addresses. | ||
218 | |||
219 | ^[[1mLoginGraceTime^[[0m | ||
220 | The server disconnects after this time if the user has not sucM-bM-^@M-^P | ||
221 | cessfully logged in. If the value is 0, there is no time limit. | ||
222 | The default is 120 seconds. | ||
223 | |||
224 | ^[[1mLogLevel^[[0m | ||
225 | Gives the verbosity level that is used when logging messages from | ||
226 | ^[[1msshd^[[22m. The possible values are: QUIET, FATAL, ERROR, INFO, VERM-bM-^@M-^P | ||
227 | BOSE, DEBUG, DEBUG1, DEBUG2 and DEBUG3. The default is INFO. | ||
228 | DEBUG and DEBUG1 are equivalent. DEBUG2 and DEBUG3 each specify | ||
229 | higher levels of debugging output. Logging with a DEBUG level | ||
230 | violates the privacy of users and is not recommended. | ||
231 | |||
232 | ^[[1mMACs ^[[22mSpecifies the available MAC (message authentication code) algoM-bM-^@M-^P | ||
233 | rithms. The MAC algorithm is used in protocol version 2 for data | ||
234 | integrity protection. Multiple algorithms must be commaM-bM-^@M-^PsepaM-bM-^@M-^P | ||
235 | rated. The default is | ||
236 | M-bM-^@M-^\hmacM-bM-^@M-^Pmd5,hmacM-bM-^@M-^Psha1,hmacM-bM-^@M-^Pripemd160,hmacM-bM-^@M-^Psha1M-bM-^@M-^P96,hmacM-bM-^@M-^Pmd5M-bM-^@M-^P96M-bM-^@M-^]. | ||
237 | |||
238 | ^[[1mMaxStartups^[[0m | ||
239 | Specifies the maximum number of concurrent unauthenticated conM-bM-^@M-^P | ||
240 | nections to the ^[[1msshd ^[[22mdaemon. Additional connections will be | ||
241 | dropped until authentication succeeds or the ^[[1mLoginGraceTime^[[0m | ||
242 | expires for a connection. The default is 10. | ||
243 | |||
244 | Alternatively, random early drop can be enabled by specifying the | ||
245 | three colon separated values M-bM-^@M-^\start:rate:fullM-bM-^@M-^] (e.g., | ||
246 | "10:30:60"). ^[[1msshd ^[[22mwill refuse connection attempts with a probaM-bM-^@M-^P | ||
247 | bility of M-bM-^@M-^\rate/100M-bM-^@M-^] (30%) if there are currently M-bM-^@M-^\startM-bM-^@M-^] (10) | ||
248 | unauthenticated connections. The probability increases linearly | ||
249 | and all connection attempts are refused if the number of unauM-bM-^@M-^P | ||
250 | thenticated connections reaches M-bM-^@M-^\fullM-bM-^@M-^] (60). | ||
251 | |||
252 | ^[[1mPAMAuthenticationViaKbdInt^[[0m | ||
253 | Specifies whether PAM challenge response authentication is | ||
254 | allowed. This allows the use of most PAM challenge response | ||
255 | authentication modules, but it will allow password authentication | ||
256 | regardless of whether ^[[1mPasswordAuthentication ^[[22mis enabled. | ||
257 | |||
258 | ^[[1mPasswordAuthentication^[[0m | ||
259 | Specifies whether password authentication is allowed. The | ||
260 | default is M-bM-^@M-^\yesM-bM-^@M-^]. | ||
261 | |||
262 | ^[[1mPermitEmptyPasswords^[[0m | ||
263 | When password authentication is allowed, it specifies whether the | ||
264 | server allows login to accounts with empty password strings. The | ||
265 | default is M-bM-^@M-^\noM-bM-^@M-^]. | ||
266 | |||
267 | ^[[1mPermitRootLogin^[[0m | ||
268 | Specifies whether root can login using ssh(1). The argument must | ||
269 | be M-bM-^@M-^\yesM-bM-^@M-^], M-bM-^@M-^\withoutM-bM-^@M-^PpasswordM-bM-^@M-^], M-bM-^@M-^\forcedM-bM-^@M-^PcommandsM-bM-^@M-^PonlyM-bM-^@M-^] or M-bM-^@M-^\noM-bM-^@M-^]. | ||
270 | The default is M-bM-^@M-^\yesM-bM-^@M-^]. | ||
271 | |||
272 | If this option is set to M-bM-^@M-^\withoutM-bM-^@M-^PpasswordM-bM-^@M-^] password authenticaM-bM-^@M-^P | ||
273 | tion is disabled for root. | ||
274 | |||
275 | If this option is set to M-bM-^@M-^\forcedM-bM-^@M-^PcommandsM-bM-^@M-^PonlyM-bM-^@M-^] root login with | ||
276 | public key authentication will be allowed, but only if the | ||
277 | ^[[4mcommand^[[24m option has been specified (which may be useful for taking | ||
278 | remote backups even if root login is normally not allowed). All | ||
279 | other authentication methods are disabled for root. | ||
280 | |||
281 | If this option is set to M-bM-^@M-^\noM-bM-^@M-^] root is not allowed to login. | ||
282 | |||
283 | ^[[1mPermitUserEnvironment^[[0m | ||
284 | Specifies whether ^[[4m~/.ssh/environment^[[24m and ^[[1menvironment= ^[[22moptions in | ||
285 | ^[[4m~/.ssh/authorized_keys^[[24m are processed by ^[[1msshd^[[22m. The default is | ||
286 | M-bM-^@M-^\noM-bM-^@M-^]. Enabling environment processing may enable users to bypass | ||
287 | access restrictions in some configurations using mechanisms such | ||
288 | as LD_PRELOAD. | ||
289 | |||
290 | ^[[1mPidFile^[[0m | ||
291 | Specifies the file that contains the process ID of the ^[[1msshd ^[[22mdaeM-bM-^@M-^P | ||
292 | mon. The default is ^[[4m/var/run/sshd.pid^[[24m. | ||
293 | |||
294 | ^[[1mPort ^[[22mSpecifies the port number that ^[[1msshd ^[[22mlistens on. The default is | ||
295 | 22. Multiple options of this type are permitted. See also | ||
296 | ^[[1mListenAddress^[[22m. | ||
297 | |||
298 | ^[[1mPrintLastLog^[[0m | ||
299 | Specifies whether ^[[1msshd ^[[22mshould print the date and time when the | ||
300 | user last logged in. The default is M-bM-^@M-^\yesM-bM-^@M-^]. | ||
301 | |||
302 | ^[[1mPrintMotd^[[0m | ||
303 | Specifies whether ^[[1msshd ^[[22mshould print ^[[4m/etc/motd^[[24m when a user logs in | ||
304 | interactively. (On some systems it is also printed by the shell, | ||
305 | ^[[4m/etc/profile^[[24m, or equivalent.) The default is M-bM-^@M-^\yesM-bM-^@M-^]. | ||
306 | |||
307 | ^[[1mProtocol^[[0m | ||
308 | Specifies the protocol versions ^[[1msshd ^[[22msupports. The possible valM-bM-^@M-^P | ||
309 | ues are M-bM-^@M-^\1M-bM-^@M-^] and M-bM-^@M-^\2M-bM-^@M-^]. Multiple versions must be commaM-bM-^@M-^Pseparated. | ||
310 | The default is M-bM-^@M-^\2,1M-bM-^@M-^]. Note that the order of the protocol list | ||
311 | does not indicate preference, because the client selects among | ||
312 | multiple protocol versions offered by the server. Specifying | ||
313 | M-bM-^@M-^\2,1M-bM-^@M-^] is identical to M-bM-^@M-^\1,2M-bM-^@M-^]. | ||
314 | |||
315 | ^[[1mPubkeyAuthentication^[[0m | ||
316 | Specifies whether public key authentication is allowed. The | ||
317 | default is M-bM-^@M-^\yesM-bM-^@M-^]. Note that this option applies to protocol verM-bM-^@M-^P | ||
318 | sion 2 only. | ||
319 | |||
320 | ^[[1mRhostsAuthentication^[[0m | ||
321 | Specifies whether authentication using rhosts or /etc/hosts.equiv | ||
322 | files is sufficient. Normally, this method should not be permitM-bM-^@M-^P | ||
323 | ted because it is insecure. ^[[1mRhostsRSAAuthentication ^[[22mshould be | ||
324 | used instead, because it performs RSAM-bM-^@M-^Pbased host authentication | ||
325 | in addition to normal rhosts or /etc/hosts.equiv authentication. | ||
326 | The default is M-bM-^@M-^\noM-bM-^@M-^]. This option applies to protocol version 1 | ||
327 | only. | ||
328 | |||
329 | ^[[1mRhostsRSAAuthentication^[[0m | ||
330 | Specifies whether rhosts or /etc/hosts.equiv authentication | ||
331 | together with successful RSA host authentication is allowed. The | ||
332 | default is M-bM-^@M-^\noM-bM-^@M-^]. This option applies to protocol version 1 only. | ||
333 | |||
334 | ^[[1mRSAAuthentication^[[0m | ||
335 | Specifies whether pure RSA authentication is allowed. The | ||
336 | default is M-bM-^@M-^\yesM-bM-^@M-^]. This option applies to protocol version 1 | ||
337 | only. | ||
338 | |||
339 | ^[[1mServerKeyBits^[[0m | ||
340 | Defines the number of bits in the ephemeral protocol version 1 | ||
341 | server key. The minimum value is 512, and the default is 768. | ||
342 | |||
343 | ^[[1mStrictModes^[[0m | ||
344 | Specifies whether ^[[1msshd ^[[22mshould check file modes and ownership of | ||
345 | the userM-bM-^@M-^Ys files and home directory before accepting login. This | ||
346 | is normally desirable because novices sometimes accidentally | ||
347 | leave their directory or files worldM-bM-^@M-^Pwritable. The default is | ||
348 | M-bM-^@M-^\yesM-bM-^@M-^]. | ||
349 | |||
350 | ^[[1mSubsystem^[[0m | ||
351 | Configures an external subsystem (e.g., file transfer daemon). | ||
352 | Arguments should be a subsystem name and a command to execute | ||
353 | upon subsystem request. The command sftpM-bM-^@M-^Pserver(8) implements | ||
354 | the M-bM-^@M-^\sftpM-bM-^@M-^] file transfer subsystem. By default no subsystems are | ||
355 | defined. Note that this option applies to protocol version 2 | ||
356 | only. | ||
357 | |||
358 | ^[[1mSyslogFacility^[[0m | ||
359 | Gives the facility code that is used when logging messages from | ||
360 | ^[[1msshd^[[22m. The possible values are: DAEMON, USER, AUTH, LOCAL0, | ||
361 | LOCAL1, LOCAL2, LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7. The | ||
362 | default is AUTH. | ||
363 | |||
364 | ^[[1mUseLogin^[[0m | ||
365 | Specifies whether login(1) is used for interactive login sesM-bM-^@M-^P | ||
366 | sions. The default is M-bM-^@M-^\noM-bM-^@M-^]. Note that login(1) is never used | ||
367 | for remote command execution. Note also, that if this is | ||
368 | enabled, ^[[1mX11Forwarding ^[[22mwill be disabled because login(1) does not | ||
369 | know how to handle xauth(1) cookies. If ^[[1mUsePrivilegeSeparation^[[0m | ||
370 | is specified, it will be disabled after authentication. | ||
371 | |||
372 | ^[[1mUsePrivilegeSeparation^[[0m | ||
373 | Specifies whether ^[[1msshd ^[[22mseparates privileges by creating an | ||
374 | unprivileged child process to deal with incoming network traffic. | ||
375 | After successful authentication, another process will be created | ||
376 | that has the privilege of the authenticated user. The goal of | ||
377 | privilege separation is to prevent privilege escalation by conM-bM-^@M-^P | ||
378 | taining any corruption within the unprivileged processes. The | ||
379 | default is M-bM-^@M-^\yesM-bM-^@M-^]. | ||
380 | |||
381 | ^[[1mVerifyReverseMapping^[[0m | ||
382 | Specifies whether ^[[1msshd ^[[22mshould try to verify the remote host name | ||
383 | and check that the resolved host name for the remote IP address | ||
384 | maps back to the very same IP address. The default is M-bM-^@M-^\noM-bM-^@M-^]. | ||
385 | |||
386 | ^[[1mX11DisplayOffset^[[0m | ||
387 | Specifies the first display number available for ^[[1msshd^[[22mM-bM-^@M-^Ys X11 forM-bM-^@M-^P | ||
388 | warding. This prevents ^[[1msshd ^[[22mfrom interfering with real X11 | ||
389 | servers. The default is 10. | ||
390 | |||
391 | ^[[1mX11Forwarding^[[0m | ||
392 | Specifies whether X11 forwarding is permitted. The argument must | ||
393 | be M-bM-^@M-^\yesM-bM-^@M-^] or M-bM-^@M-^\noM-bM-^@M-^]. The default is M-bM-^@M-^\noM-bM-^@M-^]. | ||
394 | |||
395 | When X11 forwarding is enabled, there may be additional exposure | ||
396 | to the server and to client displays if the ^[[1msshd ^[[22mproxy display is | ||
397 | configured to listen on the wildcard address (see ^[[1mX11UseLocalhost^[[0m | ||
398 | below), however this is not the default. Additionally, the | ||
399 | authentication spoofing and authentication data verification and | ||
400 | substitution occur on the client side. The security risk of | ||
401 | using X11 forwarding is that the clientM-bM-^@M-^Ys X11 display server may | ||
402 | be exposed to attack when the ssh client requests forwarding (see | ||
403 | the warnings for ^[[1mForwardX11 ^[[22min ssh_config(5) ). A system adminisM-bM-^@M-^P | ||
404 | trator may have a stance in which they want to protect clients | ||
405 | that may expose themselves to attack by unwittingly requesting | ||
406 | X11 forwarding, which can warrant a M-bM-^@M-^\noM-bM-^@M-^] setting. | ||
407 | |||
408 | Note that disabling X11 forwarding does not prevent users from | ||
409 | forwarding X11 traffic, as users can always install their own | ||
410 | forwarders. X11 forwarding is automatically disabled if ^[[1mUseLogin^[[0m | ||
411 | is enabled. | ||
412 | |||
413 | ^[[1mX11UseLocalhost^[[0m | ||
414 | Specifies whether ^[[1msshd ^[[22mshould bind the X11 forwarding server to | ||
415 | the loopback address or to the wildcard address. By default, | ||
416 | ^[[1msshd ^[[22mbinds the forwarding server to the loopback address and sets | ||
417 | the hostname part of the DISPLAY environment variable to | ||
418 | M-bM-^@M-^\localhostM-bM-^@M-^]. This prevents remote hosts from connecting to the | ||
419 | proxy display. However, some older X11 clients may not function | ||
420 | with this configuration. ^[[1mX11UseLocalhost ^[[22mmay be set to M-bM-^@M-^\noM-bM-^@M-^] to | ||
421 | specify that the forwarding server should be bound to the wildM-bM-^@M-^P | ||
422 | card address. The argument must be M-bM-^@M-^\yesM-bM-^@M-^] or M-bM-^@M-^\noM-bM-^@M-^]. The default | ||
423 | is M-bM-^@M-^\yesM-bM-^@M-^]. | ||
424 | |||
425 | ^[[1mXAuthLocation^[[0m | ||
426 | Specifies the full pathname of the xauth(1) program. The default | ||
427 | is ^[[4m/usr/X11R6/bin/xauth^[[24m. | ||
428 | |||
429 | ^[[1mTime Formats^[[0m | ||
430 | |||
431 | ^[[1msshd ^[[22mcommandM-bM-^@M-^Pline arguments and configuration file options that specify | ||
432 | time may be expressed using a sequence of the form: ^[[4mtime^[[24m[^[[4mqualifier^[[24m], | ||
433 | where ^[[4mtime^[[24m is a positive integer value and ^[[4mqualifier^[[24m is one of the folM-bM-^@M-^P | ||
434 | lowing: | ||
435 | |||
436 | ^[[1m<none> ^[[22mseconds | ||
437 | ^[[1ms ^[[22m| ^[[1mS ^[[22mseconds | ||
438 | ^[[1mm ^[[22m| ^[[1mM ^[[22mminutes | ||
439 | ^[[1mh ^[[22m| ^[[1mH ^[[22mhours | ||
440 | ^[[1md ^[[22m| ^[[1mD ^[[22mdays | ||
441 | ^[[1mw ^[[22m| ^[[1mW ^[[22mweeks | ||
442 | |||
443 | Each member of the sequence is added together to calculate the total time | ||
444 | value. | ||
445 | |||
446 | Time format examples: | ||
447 | |||
448 | 600 600 seconds (10 minutes) | ||
449 | 10m 10 minutes | ||
450 | 1h30m 1 hour 30 minutes (90 minutes) | ||
451 | |||
452 | ^[[1mFILES^[[0m | ||
453 | /etc/ssh/sshd_config | ||
454 | Contains configuration data for ^[[1msshd^[[22m. This file should be | ||
455 | writable by root only, but it is recommended (though not necesM-bM-^@M-^P | ||
456 | sary) that it be worldM-bM-^@M-^Preadable. | ||
457 | |||
458 | ^[[1mAUTHORS^[[0m | ||
459 | OpenSSH is a derivative of the original and free ssh 1.2.12 release by | ||
460 | Tatu Ylonen. Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, Theo | ||
461 | de Raadt and Dug Song removed many bugs, reM-bM-^@M-^Padded newer features and creM-bM-^@M-^P | ||
462 | ated OpenSSH. Markus Friedl contributed the support for SSH protocol | ||
463 | versions 1.5 and 2.0. Niels Provos and Markus Friedl contributed support | ||
464 | for privilege separation. | ||
465 | |||
466 | ^[[1mSEE ALSO^[[0m | ||
467 | sshd(8) | ||
468 | |||
469 | BSD September 25, 1999 BSD | ||