summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--ChangeLog6
-rw-r--r--ssh.1569
-rw-r--r--ssh_config.5621
-rw-r--r--sshd.8641
-rw-r--r--sshd_config.5711
5 files changed, 1356 insertions, 1192 deletions
diff --git a/ChangeLog b/ChangeLog
index 664f86266..7176fcb5e 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -35,6 +35,10 @@
35 make the monitor sync the transfer ssh1 session key; 35 make the monitor sync the transfer ssh1 session key;
36 transfer keycontext only for RC4 (this is still depends on EVP 36 transfer keycontext only for RC4 (this is still depends on EVP
37 implementation details and is broken). 37 implementation details and is broken).
38 - stevesk@cvs.openbsd.org 2002/06/20 19:56:07
39 [ssh.1 sshd.8]
40 move configuration file options from ssh.1/sshd.8 to
41 ssh_config.5/sshd_config.5; ok deraadt@ millert@
38 - (bal) Cygwin special handling of empty passwords wrong. Patch by 42 - (bal) Cygwin special handling of empty passwords wrong. Patch by
39 vinschen@redhat.com 43 vinschen@redhat.com
40 44
@@ -965,4 +969,4 @@
965 - (stevesk) entropy.c: typo in debug message 969 - (stevesk) entropy.c: typo in debug message
966 - (djm) ssh-keygen -i needs seeded RNG; report from markus@ 970 - (djm) ssh-keygen -i needs seeded RNG; report from markus@
967 971
968$Id: ChangeLog,v 1.2226 2002/06/21 00:43:42 mouring Exp $ 972$Id: ChangeLog,v 1.2227 2002/06/21 00:59:05 mouring Exp $
diff --git a/ssh.1 b/ssh.1
index 4bd0f0748..8ada41f29 100644
--- a/ssh.1
+++ b/ssh.1
@@ -34,7 +34,7 @@
34.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 34.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
35.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 35.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
36.\" 36.\"
37.\" $OpenBSD: ssh.1,v 1.157 2002/06/19 00:27:55 deraadt Exp $ 37.\" $OpenBSD: ssh.1,v 1.158 2002/06/20 19:56:07 stevesk Exp $
38.Dd September 25, 1999 38.Dd September 25, 1999
39.Dt SSH 1 39.Dt SSH 1
40.Os 40.Os
@@ -384,7 +384,7 @@ this mechanism is to prevent man-in-the-middle attacks which could
384otherwise be used to circumvent the encryption. 384otherwise be used to circumvent the encryption.
385The 385The
386.Cm StrictHostKeyChecking 386.Cm StrictHostKeyChecking
387option (see below) can be used to prevent logins to machines whose 387option can be used to prevent logins to machines whose
388host key is not known or has changed. 388host key is not known or has changed.
389.Pp 389.Pp
390The options are as follows: 390The options are as follows:
@@ -568,13 +568,13 @@ and the
568.Dq level 568.Dq level
569can be controlled by the 569can be controlled by the
570.Cm CompressionLevel 570.Cm CompressionLevel
571option (see below). 571option.
572Compression is desirable on modem lines and other 572Compression is desirable on modem lines and other
573slow connections, but will only slow down things on fast networks. 573slow connections, but will only slow down things on fast networks.
574The default value can be set on a host-by-host basis in the 574The default value can be set on a host-by-host basis in the
575configuration files; see the 575configuration files; see the
576.Cm Compression 576.Cm Compression
577option below. 577option.
578.It Fl F Ar configfile 578.It Fl F Ar configfile
579Specifies an alternative per-user configuration file. 579Specifies an alternative per-user configuration file.
580If a configuration file is given on the command line, 580If a configuration file is given on the command line,
@@ -649,547 +649,10 @@ to use IPv6 addresses only.
649.El 649.El
650.Sh CONFIGURATION FILES 650.Sh CONFIGURATION FILES
651.Nm 651.Nm
652obtains configuration data from the following sources in 652may additionally obtain configuration data from
653the following order: 653a per-user configuration file and a system-wide configuration file.
654command line options, user's configuration file 654The file format and configuration options are described in
655.Pq Pa $HOME/.ssh/config , 655.Xr ssh_config 5 .
656and system-wide configuration file
657.Pq Pa /etc/ssh/ssh_config .
658For each parameter, the first obtained value
659will be used.
660The configuration files contain sections bracketed by
661.Dq Host
662specifications, and that section is only applied for hosts that
663match one of the patterns given in the specification.
664The matched host name is the one given on the command line.
665.Pp
666Since the first obtained value for each parameter is used, more
667host-specific declarations should be given near the beginning of the
668file, and general defaults at the end.
669.Pp
670The configuration file has the following format:
671.Pp
672Empty lines and lines starting with
673.Ql #
674are comments.
675.Pp
676Otherwise a line is of the format
677.Dq keyword arguments .
678Configuration options may be separated by whitespace or
679optional whitespace and exactly one
680.Ql = ;
681the latter format is useful to avoid the need to quote whitespace
682when specifying configuration options using the
683.Nm ssh ,
684.Nm scp
685and
686.Nm sftp
687.Fl o
688option.
689.Pp
690The possible
691keywords and their meanings are as follows (note that
692keywords are case-insensitive and arguments are case-sensitive):
693.Bl -tag -width Ds
694.It Cm Host
695Restricts the following declarations (up to the next
696.Cm Host
697keyword) to be only for those hosts that match one of the patterns
698given after the keyword.
699.Ql \&*
700and
701.Ql ?
702can be used as wildcards in the
703patterns.
704A single
705.Ql \&*
706as a pattern can be used to provide global
707defaults for all hosts.
708The host is the
709.Ar hostname
710argument given on the command line (i.e., the name is not converted to
711a canonicalized host name before matching).
712.It Cm AFSTokenPassing
713Specifies whether to pass AFS tokens to remote host.
714The argument to this keyword must be
715.Dq yes
716or
717.Dq no .
718This option applies to protocol version 1 only.
719.It Cm BatchMode
720If set to
721.Dq yes ,
722passphrase/password querying will be disabled.
723This option is useful in scripts and other batch jobs where no user
724is present to supply the password.
725The argument must be
726.Dq yes
727or
728.Dq no .
729The default is
730.Dq no .
731.It Cm BindAddress
732Specify the interface to transmit from on machines with multiple
733interfaces or aliased addresses.
734Note that this option does not work if
735.Cm UsePrivilegedPort
736is set to
737.Dq yes .
738.It Cm ChallengeResponseAuthentication
739Specifies whether to use challenge response authentication.
740The argument to this keyword must be
741.Dq yes
742or
743.Dq no .
744The default is
745.Dq yes .
746.It Cm CheckHostIP
747If this flag is set to
748.Dq yes ,
749ssh will additionally check the host IP address in the
750.Pa known_hosts
751file.
752This allows ssh to detect if a host key changed due to DNS spoofing.
753If the option is set to
754.Dq no ,
755the check will not be executed.
756The default is
757.Dq yes .
758.It Cm Cipher
759Specifies the cipher to use for encrypting the session
760in protocol version 1.
761Currently,
762.Dq blowfish ,
763.Dq 3des ,
764and
765.Dq des
766are supported.
767.Ar des
768is only supported in the
769.Nm
770client for interoperability with legacy protocol 1 implementations
771that do not support the
772.Ar 3des
773cipher. Its use is strongly discouraged due to cryptographic
774weaknesses.
775The default is
776.Dq 3des .
777.It Cm Ciphers
778Specifies the ciphers allowed for protocol version 2
779in order of preference.
780Multiple ciphers must be comma-separated.
781The default is
782.Pp
783.Bd -literal
784 ``aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,
785 aes192-cbc,aes256-cbc''
786.Ed
787.It Cm ClearAllForwardings
788Specifies that all local, remote and dynamic port forwardings
789specified in the configuration files or on the command line be
790cleared. This option is primarily useful when used from the
791.Nm
792command line to clear port forwardings set in
793configuration files, and is automatically set by
794.Xr scp 1
795and
796.Xr sftp 1 .
797The argument must be
798.Dq yes
799or
800.Dq no .
801The default is
802.Dq no .
803.It Cm Compression
804Specifies whether to use compression.
805The argument must be
806.Dq yes
807or
808.Dq no .
809The default is
810.Dq no .
811.It Cm CompressionLevel
812Specifies the compression level to use if compression is enabled.
813The argument must be an integer from 1 (fast) to 9 (slow, best).
814The default level is 6, which is good for most applications.
815The meaning of the values is the same as in
816.Xr gzip 1 .
817Note that this option applies to protocol version 1 only.
818.It Cm ConnectionAttempts
819Specifies the number of tries (one per second) to make before exiting.
820The argument must be an integer.
821This may be useful in scripts if the connection sometimes fails.
822The default is 1.
823.It Cm DynamicForward
824Specifies that a TCP/IP port on the local machine be forwarded
825over the secure channel, and the application
826protocol is then used to determine where to connect to from the
827remote machine. The argument must be a port number.
828Currently the SOCKS4 protocol is supported, and
829.Nm
830will act as a SOCKS4 server.
831Multiple forwardings may be specified, and
832additional forwardings can be given on the command line. Only
833the superuser can forward privileged ports.
834.It Cm EscapeChar
835Sets the escape character (default:
836.Ql ~ ) .
837The escape character can also
838be set on the command line.
839The argument should be a single character,
840.Ql ^
841followed by a letter, or
842.Dq none
843to disable the escape
844character entirely (making the connection transparent for binary
845data).
846.It Cm ForwardAgent
847Specifies whether the connection to the authentication agent (if any)
848will be forwarded to the remote machine.
849The argument must be
850.Dq yes
851or
852.Dq no .
853The default is
854.Dq no .
855.It Cm ForwardX11
856Specifies whether X11 connections will be automatically redirected
857over the secure channel and
858.Ev DISPLAY
859set.
860The argument must be
861.Dq yes
862or
863.Dq no .
864The default is
865.Dq no .
866.It Cm GatewayPorts
867Specifies whether remote hosts are allowed to connect to local
868forwarded ports.
869By default,
870.Nm
871binds local port forwardings to the loopback address. This
872prevents other remote hosts from connecting to forwarded ports.
873.Cm GatewayPorts
874can be used to specify that
875.Nm
876should bind local port forwardings to the wildcard address,
877thus allowing remote hosts to connect to forwarded ports.
878The argument must be
879.Dq yes
880or
881.Dq no .
882The default is
883.Dq no .
884.It Cm GlobalKnownHostsFile
885Specifies a file to use for the global
886host key database instead of
887.Pa /etc/ssh/ssh_known_hosts .
888.It Cm HostbasedAuthentication
889Specifies whether to try rhosts based authentication with public key
890authentication.
891The argument must be
892.Dq yes
893or
894.Dq no .
895The default is
896.Dq no .
897This option applies to protocol version 2 only and
898is similar to
899.Cm RhostsRSAAuthentication .
900.It Cm HostKeyAlgorithms
901Specifies the protocol version 2 host key algorithms
902that the client wants to use in order of preference.
903The default for this option is:
904.Dq ssh-rsa,ssh-dss .
905.It Cm HostKeyAlias
906Specifies an alias that should be used instead of the
907real host name when looking up or saving the host key
908in the host key database files.
909This option is useful for tunneling ssh connections
910or for multiple servers running on a single host.
911.It Cm HostName
912Specifies the real host name to log into.
913This can be used to specify nicknames or abbreviations for hosts.
914Default is the name given on the command line.
915Numeric IP addresses are also permitted (both on the command line and in
916.Cm HostName
917specifications).
918.It Cm IdentityFile
919Specifies a file from which the user's RSA or DSA authentication identity
920is read. The default is
921.Pa $HOME/.ssh/identity
922for protocol version 1, and
923.Pa $HOME/.ssh/id_rsa
924and
925.Pa $HOME/.ssh/id_dsa
926for protocol version 2.
927Additionally, any identities represented by the authentication agent
928will be used for authentication.
929The file name may use the tilde
930syntax to refer to a user's home directory.
931It is possible to have
932multiple identity files specified in configuration files; all these
933identities will be tried in sequence.
934.It Cm KeepAlive
935Specifies whether the system should send TCP keepalive messages to the
936other side.
937If they are sent, death of the connection or crash of one
938of the machines will be properly noticed.
939However, this means that
940connections will die if the route is down temporarily, and some people
941find it annoying.
942.Pp
943The default is
944.Dq yes
945(to send keepalives), and the client will notice
946if the network goes down or the remote host dies.
947This is important in scripts, and many users want it too.
948.Pp
949To disable keepalives, the value should be set to
950.Dq no .
951.It Cm KerberosAuthentication
952Specifies whether Kerberos authentication will be used.
953The argument to this keyword must be
954.Dq yes
955or
956.Dq no .
957.It Cm KerberosTgtPassing
958Specifies whether a Kerberos TGT will be forwarded to the server.
959This will only work if the Kerberos server is actually an AFS kaserver.
960The argument to this keyword must be
961.Dq yes
962or
963.Dq no .
964.It Cm LocalForward
965Specifies that a TCP/IP port on the local machine be forwarded over
966the secure channel to the specified host and port from the remote machine.
967The first argument must be a port number, and the second must be
968.Ar host:port .
969IPv6 addresses can be specified with an alternative syntax:
970.Ar host/port .
971Multiple forwardings may be specified, and additional
972forwardings can be given on the command line.
973Only the superuser can forward privileged ports.
974.It Cm LogLevel
975Gives the verbosity level that is used when logging messages from
976.Nm ssh .
977The possible values are:
978QUIET, FATAL, ERROR, INFO, VERBOSE, DEBUG, DEBUG1, DEBUG2 and DEBUG3.
979The default is INFO. DEBUG and DEBUG1 are equivalent. DEBUG2
980and DEBUG3 each specify higher levels of verbose output.
981.It Cm MACs
982Specifies the MAC (message authentication code) algorithms
983in order of preference.
984The MAC algorithm is used in protocol version 2
985for data integrity protection.
986Multiple algorithms must be comma-separated.
987The default is
988.Dq hmac-md5,hmac-sha1,hmac-ripemd160,hmac-sha1-96,hmac-md5-96 .
989.It Cm NoHostAuthenticationForLocalhost
990This option can be used if the home directory is shared across machines.
991In this case localhost will refer to a different machine on each of
992the machines and the user will get many warnings about changed host keys.
993However, this option disables host authentication for localhost.
994The argument to this keyword must be
995.Dq yes
996or
997.Dq no .
998The default is to check the host key for localhost.
999.It Cm NumberOfPasswordPrompts
1000Specifies the number of password prompts before giving up.
1001The argument to this keyword must be an integer.
1002Default is 3.
1003.It Cm PasswordAuthentication
1004Specifies whether to use password authentication.
1005The argument to this keyword must be
1006.Dq yes
1007or
1008.Dq no .
1009The default is
1010.Dq yes .
1011.It Cm Port
1012Specifies the port number to connect on the remote host.
1013Default is 22.
1014.It Cm PreferredAuthentications
1015Specifies the order in which the client should try protocol 2
1016authentication methods. This allows a client to prefer one method (e.g.
1017.Cm keyboard-interactive )
1018over another method (e.g.
1019.Cm password )
1020The default for this option is:
1021.Dq hostbased,publickey,keyboard-interactive,password .
1022.It Cm Protocol
1023Specifies the protocol versions
1024.Nm
1025should support in order of preference.
1026The possible values are
1027.Dq 1
1028and
1029.Dq 2 .
1030Multiple versions must be comma-separated.
1031The default is
1032.Dq 2,1 .
1033This means that
1034.Nm
1035tries version 2 and falls back to version 1
1036if version 2 is not available.
1037.It Cm ProxyCommand
1038Specifies the command to use to connect to the server.
1039The command
1040string extends to the end of the line, and is executed with
1041.Pa /bin/sh .
1042In the command string,
1043.Ql %h
1044will be substituted by the host name to
1045connect and
1046.Ql %p
1047by the port.
1048The command can be basically anything,
1049and should read from its standard input and write to its standard output.
1050It should eventually connect an
1051.Xr sshd 8
1052server running on some machine, or execute
1053.Ic sshd -i
1054somewhere.
1055Host key management will be done using the
1056HostName of the host being connected (defaulting to the name typed by
1057the user).
1058Note that
1059.Cm CheckHostIP
1060is not available for connects with a proxy command.
1061.Pp
1062.It Cm PubkeyAuthentication
1063Specifies whether to try public key authentication.
1064The argument to this keyword must be
1065.Dq yes
1066or
1067.Dq no .
1068The default is
1069.Dq yes .
1070This option applies to protocol version 2 only.
1071.It Cm RemoteForward
1072Specifies that a TCP/IP port on the remote machine be forwarded over
1073the secure channel to the specified host and port from the local machine.
1074The first argument must be a port number, and the second must be
1075.Ar host:port .
1076IPv6 addresses can be specified with an alternative syntax:
1077.Ar host/port .
1078Multiple forwardings may be specified, and additional
1079forwardings can be given on the command line.
1080Only the superuser can forward privileged ports.
1081.It Cm RhostsAuthentication
1082Specifies whether to try rhosts based authentication.
1083Note that this
1084declaration only affects the client side and has no effect whatsoever
1085on security.
1086Most servers do not permit RhostsAuthentication because it
1087is not secure (see
1088.Cm RhostsRSAAuthentication ) .
1089The argument to this keyword must be
1090.Dq yes
1091or
1092.Dq no .
1093The default is
1094.Dq no .
1095This option applies to protocol version 1 only.
1096.It Cm RhostsRSAAuthentication
1097Specifies whether to try rhosts based authentication with RSA host
1098authentication.
1099The argument must be
1100.Dq yes
1101or
1102.Dq no .
1103The default is
1104.Dq no .
1105This option applies to protocol version 1 only and requires
1106.Nm
1107to be setuid root.
1108.It Cm RSAAuthentication
1109Specifies whether to try RSA authentication.
1110The argument to this keyword must be
1111.Dq yes
1112or
1113.Dq no .
1114RSA authentication will only be
1115attempted if the identity file exists, or an authentication agent is
1116running.
1117The default is
1118.Dq yes .
1119Note that this option applies to protocol version 1 only.
1120.It Cm SmartcardDevice
1121Specifies which smartcard device to use. The argument to this keyword is
1122the device
1123.Nm
1124should use to communicate with a smartcard used for storing the user's
1125private RSA key. By default, no device is specified and smartcard support
1126is not activated.
1127.It Cm StrictHostKeyChecking
1128If this flag is set to
1129.Dq yes ,
1130.Nm
1131will never automatically add host keys to the
1132.Pa $HOME/.ssh/known_hosts
1133file, and refuses to connect to hosts whose host key has changed.
1134This provides maximum protection against trojan horse attacks,
1135however, can be annoying when the
1136.Pa /etc/ssh/ssh_known_hosts
1137file is poorly maintained, or connections to new hosts are
1138frequently made.
1139This option forces the user to manually
1140add all new hosts.
1141If this flag is set to
1142.Dq no ,
1143.Nm
1144will automatically add new host keys to the
1145user known hosts files.
1146If this flag is set to
1147.Dq ask ,
1148new host keys
1149will be added to the user known host files only after the user
1150has confirmed that is what they really want to do, and
1151.Nm
1152will refuse to connect to hosts whose host key has changed.
1153The host keys of
1154known hosts will be verified automatically in all cases.
1155The argument must be
1156.Dq yes ,
1157.Dq no
1158or
1159.Dq ask .
1160The default is
1161.Dq ask .
1162.It Cm UsePrivilegedPort
1163Specifies whether to use a privileged port for outgoing connections.
1164The argument must be
1165.Dq yes
1166or
1167.Dq no .
1168The default is
1169.Dq no .
1170Note that this option must be set to
1171.Dq yes
1172if
1173.Cm RhostsAuthentication
1174and
1175.Cm RhostsRSAAuthentication
1176authentications are needed with older servers.
1177.It Cm User
1178Specifies the user to log in as.
1179This can be useful when a different user name is used on different machines.
1180This saves the trouble of
1181having to remember to give the user name on the command line.
1182.It Cm UserKnownHostsFile
1183Specifies a file to use for the user
1184host key database instead of
1185.Pa $HOME/.ssh/known_hosts .
1186.It Cm XAuthLocation
1187Specifies the location of the
1188.Xr xauth 1
1189program.
1190The default is
1191.Pa /usr/X11R6/bin/xauth .
1192.El
1193.Sh ENVIRONMENT 656.Sh ENVIRONMENT
1194.Nm 657.Nm
1195will normally set the following environment variables: 658will normally set the following environment variables:
@@ -1324,13 +787,8 @@ never used automatically and are not necessary; they are only provided for
1324the convenience of the user. 787the convenience of the user.
1325.It Pa $HOME/.ssh/config 788.It Pa $HOME/.ssh/config
1326This is the per-user configuration file. 789This is the per-user configuration file.
1327The format of this file is described above. 790The file format and configuration options are described in
1328This file is used by the 791.Xr ssh_config 5 .
1329.Nm
1330client.
1331This file does not usually contain any sensitive information,
1332but the recommended permissions are read/write for the user, and not
1333accessible by others.
1334.It Pa $HOME/.ssh/authorized_keys 792.It Pa $HOME/.ssh/authorized_keys
1335Lists the public keys (RSA/DSA) that can be used for logging in as this user. 793Lists the public keys (RSA/DSA) that can be used for logging in as this user.
1336The format of this file is described in the 794The format of this file is described in the
@@ -1365,10 +823,8 @@ checking the key, because someone with access to the name servers
1365would then be able to fool host authentication. 823would then be able to fool host authentication.
1366.It Pa /etc/ssh/ssh_config 824.It Pa /etc/ssh/ssh_config
1367Systemwide configuration file. 825Systemwide configuration file.
1368This file provides defaults for those 826The file format and configuration options are described in
1369values that are not specified in the user's configuration file, and 827.Xr ssh_config 5 .
1370for those users who do not have a configuration file.
1371This file must be world-readable.
1372.It Pa /etc/ssh/ssh_host_key, /etc/ssh/ssh_host_dsa_key, /etc/ssh/ssh_host_rsa_key 828.It Pa /etc/ssh/ssh_host_key, /etc/ssh/ssh_host_dsa_key, /etc/ssh/ssh_host_rsa_key
1373These three files contain the private parts of the host keys 829These three files contain the private parts of the host keys
1374and are used for 830and are used for
@@ -1496,6 +952,7 @@ protocol versions 1.5 and 2.0.
1496.Xr ssh-agent 1 , 952.Xr ssh-agent 1 ,
1497.Xr ssh-keygen 1 , 953.Xr ssh-keygen 1 ,
1498.Xr telnet 1 , 954.Xr telnet 1 ,
955.Xr ssh_config 4 ,
1499.Xr ssh-keysign 8, 956.Xr ssh-keysign 8,
1500.Xr sshd 8 957.Xr sshd 8
1501.Rs 958.Rs
diff --git a/ssh_config.5 b/ssh_config.5
new file mode 100644
index 000000000..53cb0fe97
--- /dev/null
+++ b/ssh_config.5
@@ -0,0 +1,621 @@
1.\" -*- nroff -*-
2.\"
3.\" Author: Tatu Ylonen <ylo@cs.hut.fi>
4.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
5.\" All rights reserved
6.\"
7.\" As far as I am concerned, the code I have written for this software
8.\" can be used freely for any purpose. Any derived versions of this
9.\" software must be clearly marked as such, and if the derived work is
10.\" incompatible with the protocol description in the RFC file, it must be
11.\" called by a name other than "ssh" or "Secure Shell".
12.\"
13.\" Copyright (c) 1999,2000 Markus Friedl. All rights reserved.
14.\" Copyright (c) 1999 Aaron Campbell. All rights reserved.
15.\" Copyright (c) 1999 Theo de Raadt. All rights reserved.
16.\"
17.\" Redistribution and use in source and binary forms, with or without
18.\" modification, are permitted provided that the following conditions
19.\" are met:
20.\" 1. Redistributions of source code must retain the above copyright
21.\" notice, this list of conditions and the following disclaimer.
22.\" 2. Redistributions in binary form must reproduce the above copyright
23.\" notice, this list of conditions and the following disclaimer in the
24.\" documentation and/or other materials provided with the distribution.
25.\"
26.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
27.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
28.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
29.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
30.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
31.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
32.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
33.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
34.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
35.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
36.\"
37.\" $OpenBSD: ssh_config.5,v 1.1 2002/06/20 19:56:07 stevesk Exp $
38.Dd September 25, 1999
39.Dt SSH_CONFIG 5
40.Os
41.Sh NAME
42.Nm ssh_config
43.Nd OpenSSH SSH client configuration files
44.Sh SYNOPSIS
45.Bl -tag -width Ds -compact
46.It Pa $HOME/.ssh/config
47.It Pa /etc/ssh/ssh_config
48.El
49.Sh DESCRIPTION
50.Nm ssh
51obtains configuration data from the following sources in
52the following order:
53command line options, user's configuration file
54.Pq Pa $HOME/.ssh/config ,
55and system-wide configuration file
56.Pq Pa /etc/ssh/ssh_config .
57.Pp
58For each parameter, the first obtained value
59will be used.
60The configuration files contain sections bracketed by
61.Dq Host
62specifications, and that section is only applied for hosts that
63match one of the patterns given in the specification.
64The matched host name is the one given on the command line.
65.Pp
66Since the first obtained value for each parameter is used, more
67host-specific declarations should be given near the beginning of the
68file, and general defaults at the end.
69.Pp
70The configuration file has the following format:
71.Pp
72Empty lines and lines starting with
73.Ql #
74are comments.
75.Pp
76Otherwise a line is of the format
77.Dq keyword arguments .
78Configuration options may be separated by whitespace or
79optional whitespace and exactly one
80.Ql = ;
81the latter format is useful to avoid the need to quote whitespace
82when specifying configuration options using the
83.Nm ssh ,
84.Nm scp
85and
86.Nm sftp
87.Fl o
88option.
89.Pp
90The possible
91keywords and their meanings are as follows (note that
92keywords are case-insensitive and arguments are case-sensitive):
93.Bl -tag -width Ds
94.It Cm Host
95Restricts the following declarations (up to the next
96.Cm Host
97keyword) to be only for those hosts that match one of the patterns
98given after the keyword.
99.Ql \&*
100and
101.Ql ?
102can be used as wildcards in the
103patterns.
104A single
105.Ql \&*
106as a pattern can be used to provide global
107defaults for all hosts.
108The host is the
109.Ar hostname
110argument given on the command line (i.e., the name is not converted to
111a canonicalized host name before matching).
112.It Cm AFSTokenPassing
113Specifies whether to pass AFS tokens to remote host.
114The argument to this keyword must be
115.Dq yes
116or
117.Dq no .
118This option applies to protocol version 1 only.
119.It Cm BatchMode
120If set to
121.Dq yes ,
122passphrase/password querying will be disabled.
123This option is useful in scripts and other batch jobs where no user
124is present to supply the password.
125The argument must be
126.Dq yes
127or
128.Dq no .
129The default is
130.Dq no .
131.It Cm BindAddress
132Specify the interface to transmit from on machines with multiple
133interfaces or aliased addresses.
134Note that this option does not work if
135.Cm UsePrivilegedPort
136is set to
137.Dq yes .
138.It Cm ChallengeResponseAuthentication
139Specifies whether to use challenge response authentication.
140The argument to this keyword must be
141.Dq yes
142or
143.Dq no .
144The default is
145.Dq yes .
146.It Cm CheckHostIP
147If this flag is set to
148.Dq yes ,
149ssh will additionally check the host IP address in the
150.Pa known_hosts
151file.
152This allows ssh to detect if a host key changed due to DNS spoofing.
153If the option is set to
154.Dq no ,
155the check will not be executed.
156The default is
157.Dq yes .
158.It Cm Cipher
159Specifies the cipher to use for encrypting the session
160in protocol version 1.
161Currently,
162.Dq blowfish ,
163.Dq 3des ,
164and
165.Dq des
166are supported.
167.Ar des
168is only supported in the
169.Nm ssh
170client for interoperability with legacy protocol 1 implementations
171that do not support the
172.Ar 3des
173cipher. Its use is strongly discouraged due to cryptographic
174weaknesses.
175The default is
176.Dq 3des .
177.It Cm Ciphers
178Specifies the ciphers allowed for protocol version 2
179in order of preference.
180Multiple ciphers must be comma-separated.
181The default is
182.Pp
183.Bd -literal
184 ``aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,
185 aes192-cbc,aes256-cbc''
186.Ed
187.It Cm ClearAllForwardings
188Specifies that all local, remote and dynamic port forwardings
189specified in the configuration files or on the command line be
190cleared. This option is primarily useful when used from the
191.Nm ssh
192command line to clear port forwardings set in
193configuration files, and is automatically set by
194.Xr scp 1
195and
196.Xr sftp 1 .
197The argument must be
198.Dq yes
199or
200.Dq no .
201The default is
202.Dq no .
203.It Cm Compression
204Specifies whether to use compression.
205The argument must be
206.Dq yes
207or
208.Dq no .
209The default is
210.Dq no .
211.It Cm CompressionLevel
212Specifies the compression level to use if compression is enabled.
213The argument must be an integer from 1 (fast) to 9 (slow, best).
214The default level is 6, which is good for most applications.
215The meaning of the values is the same as in
216.Xr gzip 1 .
217Note that this option applies to protocol version 1 only.
218.It Cm ConnectionAttempts
219Specifies the number of tries (one per second) to make before exiting.
220The argument must be an integer.
221This may be useful in scripts if the connection sometimes fails.
222The default is 1.
223.It Cm DynamicForward
224Specifies that a TCP/IP port on the local machine be forwarded
225over the secure channel, and the application
226protocol is then used to determine where to connect to from the
227remote machine. The argument must be a port number.
228Currently the SOCKS4 protocol is supported, and
229.Nm ssh
230will act as a SOCKS4 server.
231Multiple forwardings may be specified, and
232additional forwardings can be given on the command line. Only
233the superuser can forward privileged ports.
234.It Cm EscapeChar
235Sets the escape character (default:
236.Ql ~ ) .
237The escape character can also
238be set on the command line.
239The argument should be a single character,
240.Ql ^
241followed by a letter, or
242.Dq none
243to disable the escape
244character entirely (making the connection transparent for binary
245data).
246.It Cm ForwardAgent
247Specifies whether the connection to the authentication agent (if any)
248will be forwarded to the remote machine.
249The argument must be
250.Dq yes
251or
252.Dq no .
253The default is
254.Dq no .
255.It Cm ForwardX11
256Specifies whether X11 connections will be automatically redirected
257over the secure channel and
258.Ev DISPLAY
259set.
260The argument must be
261.Dq yes
262or
263.Dq no .
264The default is
265.Dq no .
266.It Cm GatewayPorts
267Specifies whether remote hosts are allowed to connect to local
268forwarded ports.
269By default,
270.Nm ssh
271binds local port forwardings to the loopback address. This
272prevents other remote hosts from connecting to forwarded ports.
273.Cm GatewayPorts
274can be used to specify that
275.Nm ssh
276should bind local port forwardings to the wildcard address,
277thus allowing remote hosts to connect to forwarded ports.
278The argument must be
279.Dq yes
280or
281.Dq no .
282The default is
283.Dq no .
284.It Cm GlobalKnownHostsFile
285Specifies a file to use for the global
286host key database instead of
287.Pa /etc/ssh/ssh_known_hosts .
288.It Cm HostbasedAuthentication
289Specifies whether to try rhosts based authentication with public key
290authentication.
291The argument must be
292.Dq yes
293or
294.Dq no .
295The default is
296.Dq no .
297This option applies to protocol version 2 only and
298is similar to
299.Cm RhostsRSAAuthentication .
300.It Cm HostKeyAlgorithms
301Specifies the protocol version 2 host key algorithms
302that the client wants to use in order of preference.
303The default for this option is:
304.Dq ssh-rsa,ssh-dss .
305.It Cm HostKeyAlias
306Specifies an alias that should be used instead of the
307real host name when looking up or saving the host key
308in the host key database files.
309This option is useful for tunneling ssh connections
310or for multiple servers running on a single host.
311.It Cm HostName
312Specifies the real host name to log into.
313This can be used to specify nicknames or abbreviations for hosts.
314Default is the name given on the command line.
315Numeric IP addresses are also permitted (both on the command line and in
316.Cm HostName
317specifications).
318.It Cm IdentityFile
319Specifies a file from which the user's RSA or DSA authentication identity
320is read. The default is
321.Pa $HOME/.ssh/identity
322for protocol version 1, and
323.Pa $HOME/.ssh/id_rsa
324and
325.Pa $HOME/.ssh/id_dsa
326for protocol version 2.
327Additionally, any identities represented by the authentication agent
328will be used for authentication.
329The file name may use the tilde
330syntax to refer to a user's home directory.
331It is possible to have
332multiple identity files specified in configuration files; all these
333identities will be tried in sequence.
334.It Cm KeepAlive
335Specifies whether the system should send TCP keepalive messages to the
336other side.
337If they are sent, death of the connection or crash of one
338of the machines will be properly noticed.
339However, this means that
340connections will die if the route is down temporarily, and some people
341find it annoying.
342.Pp
343The default is
344.Dq yes
345(to send keepalives), and the client will notice
346if the network goes down or the remote host dies.
347This is important in scripts, and many users want it too.
348.Pp
349To disable keepalives, the value should be set to
350.Dq no .
351.It Cm KerberosAuthentication
352Specifies whether Kerberos authentication will be used.
353The argument to this keyword must be
354.Dq yes
355or
356.Dq no .
357.It Cm KerberosTgtPassing
358Specifies whether a Kerberos TGT will be forwarded to the server.
359This will only work if the Kerberos server is actually an AFS kaserver.
360The argument to this keyword must be
361.Dq yes
362or
363.Dq no .
364.It Cm LocalForward
365Specifies that a TCP/IP port on the local machine be forwarded over
366the secure channel to the specified host and port from the remote machine.
367The first argument must be a port number, and the second must be
368.Ar host:port .
369IPv6 addresses can be specified with an alternative syntax:
370.Ar host/port .
371Multiple forwardings may be specified, and additional
372forwardings can be given on the command line.
373Only the superuser can forward privileged ports.
374.It Cm LogLevel
375Gives the verbosity level that is used when logging messages from
376.Nm ssh .
377The possible values are:
378QUIET, FATAL, ERROR, INFO, VERBOSE, DEBUG, DEBUG1, DEBUG2 and DEBUG3.
379The default is INFO. DEBUG and DEBUG1 are equivalent. DEBUG2
380and DEBUG3 each specify higher levels of verbose output.
381.It Cm MACs
382Specifies the MAC (message authentication code) algorithms
383in order of preference.
384The MAC algorithm is used in protocol version 2
385for data integrity protection.
386Multiple algorithms must be comma-separated.
387The default is
388.Dq hmac-md5,hmac-sha1,hmac-ripemd160,hmac-sha1-96,hmac-md5-96 .
389.It Cm NoHostAuthenticationForLocalhost
390This option can be used if the home directory is shared across machines.
391In this case localhost will refer to a different machine on each of
392the machines and the user will get many warnings about changed host keys.
393However, this option disables host authentication for localhost.
394The argument to this keyword must be
395.Dq yes
396or
397.Dq no .
398The default is to check the host key for localhost.
399.It Cm NumberOfPasswordPrompts
400Specifies the number of password prompts before giving up.
401The argument to this keyword must be an integer.
402Default is 3.
403.It Cm PasswordAuthentication
404Specifies whether to use password authentication.
405The argument to this keyword must be
406.Dq yes
407or
408.Dq no .
409The default is
410.Dq yes .
411.It Cm Port
412Specifies the port number to connect on the remote host.
413Default is 22.
414.It Cm PreferredAuthentications
415Specifies the order in which the client should try protocol 2
416authentication methods. This allows a client to prefer one method (e.g.
417.Cm keyboard-interactive )
418over another method (e.g.
419.Cm password )
420The default for this option is:
421.Dq hostbased,publickey,keyboard-interactive,password .
422.It Cm Protocol
423Specifies the protocol versions
424.Nm ssh
425should support in order of preference.
426The possible values are
427.Dq 1
428and
429.Dq 2 .
430Multiple versions must be comma-separated.
431The default is
432.Dq 2,1 .
433This means that
434.Nm ssh
435tries version 2 and falls back to version 1
436if version 2 is not available.
437.It Cm ProxyCommand
438Specifies the command to use to connect to the server.
439The command
440string extends to the end of the line, and is executed with
441.Pa /bin/sh .
442In the command string,
443.Ql %h
444will be substituted by the host name to
445connect and
446.Ql %p
447by the port.
448The command can be basically anything,
449and should read from its standard input and write to its standard output.
450It should eventually connect an
451.Xr sshd 8
452server running on some machine, or execute
453.Ic sshd -i
454somewhere.
455Host key management will be done using the
456HostName of the host being connected (defaulting to the name typed by
457the user).
458Note that
459.Cm CheckHostIP
460is not available for connects with a proxy command.
461.Pp
462.It Cm PubkeyAuthentication
463Specifies whether to try public key authentication.
464The argument to this keyword must be
465.Dq yes
466or
467.Dq no .
468The default is
469.Dq yes .
470This option applies to protocol version 2 only.
471.It Cm RemoteForward
472Specifies that a TCP/IP port on the remote machine be forwarded over
473the secure channel to the specified host and port from the local machine.
474The first argument must be a port number, and the second must be
475.Ar host:port .
476IPv6 addresses can be specified with an alternative syntax:
477.Ar host/port .
478Multiple forwardings may be specified, and additional
479forwardings can be given on the command line.
480Only the superuser can forward privileged ports.
481.It Cm RhostsAuthentication
482Specifies whether to try rhosts based authentication.
483Note that this
484declaration only affects the client side and has no effect whatsoever
485on security.
486Most servers do not permit RhostsAuthentication because it
487is not secure (see
488.Cm RhostsRSAAuthentication ) .
489The argument to this keyword must be
490.Dq yes
491or
492.Dq no .
493The default is
494.Dq no .
495This option applies to protocol version 1 only.
496.It Cm RhostsRSAAuthentication
497Specifies whether to try rhosts based authentication with RSA host
498authentication.
499The argument must be
500.Dq yes
501or
502.Dq no .
503The default is
504.Dq no .
505This option applies to protocol version 1 only and requires
506.Nm ssh
507to be setuid root.
508.It Cm RSAAuthentication
509Specifies whether to try RSA authentication.
510The argument to this keyword must be
511.Dq yes
512or
513.Dq no .
514RSA authentication will only be
515attempted if the identity file exists, or an authentication agent is
516running.
517The default is
518.Dq yes .
519Note that this option applies to protocol version 1 only.
520.It Cm SmartcardDevice
521Specifies which smartcard device to use. The argument to this keyword is
522the device
523.Nm ssh
524should use to communicate with a smartcard used for storing the user's
525private RSA key. By default, no device is specified and smartcard support
526is not activated.
527.It Cm StrictHostKeyChecking
528If this flag is set to
529.Dq yes ,
530.Nm ssh
531will never automatically add host keys to the
532.Pa $HOME/.ssh/known_hosts
533file, and refuses to connect to hosts whose host key has changed.
534This provides maximum protection against trojan horse attacks,
535however, can be annoying when the
536.Pa /etc/ssh/ssh_known_hosts
537file is poorly maintained, or connections to new hosts are
538frequently made.
539This option forces the user to manually
540add all new hosts.
541If this flag is set to
542.Dq no ,
543.Nm ssh
544will automatically add new host keys to the
545user known hosts files.
546If this flag is set to
547.Dq ask ,
548new host keys
549will be added to the user known host files only after the user
550has confirmed that is what they really want to do, and
551.Nm ssh
552will refuse to connect to hosts whose host key has changed.
553The host keys of
554known hosts will be verified automatically in all cases.
555The argument must be
556.Dq yes ,
557.Dq no
558or
559.Dq ask .
560The default is
561.Dq ask .
562.It Cm UsePrivilegedPort
563Specifies whether to use a privileged port for outgoing connections.
564The argument must be
565.Dq yes
566or
567.Dq no .
568The default is
569.Dq no .
570Note that this option must be set to
571.Dq yes
572if
573.Cm RhostsAuthentication
574and
575.Cm RhostsRSAAuthentication
576authentications are needed with older servers.
577.It Cm User
578Specifies the user to log in as.
579This can be useful when a different user name is used on different machines.
580This saves the trouble of
581having to remember to give the user name on the command line.
582.It Cm UserKnownHostsFile
583Specifies a file to use for the user
584host key database instead of
585.Pa $HOME/.ssh/known_hosts .
586.It Cm XAuthLocation
587Specifies the location of the
588.Xr xauth 1
589program.
590The default is
591.Pa /usr/X11R6/bin/xauth .
592.El
593.Sh FILES
594.Bl -tag -width Ds
595.It Pa $HOME/.ssh/config
596This is the per-user configuration file.
597The format of this file is described above.
598This file is used by the
599.Nm ssh
600client.
601This file does not usually contain any sensitive information,
602but the recommended permissions are read/write for the user, and not
603accessible by others.
604.It Pa /etc/ssh/ssh_config
605Systemwide configuration file.
606This file provides defaults for those
607values that are not specified in the user's configuration file, and
608for those users who do not have a configuration file.
609This file must be world-readable.
610.El
611.Sh AUTHORS
612OpenSSH is a derivative of the original and free
613ssh 1.2.12 release by Tatu Ylonen.
614Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos,
615Theo de Raadt and Dug Song
616removed many bugs, re-added newer features and
617created OpenSSH.
618Markus Friedl contributed the support for SSH
619protocol versions 1.5 and 2.0.
620.Sh SEE ALSO
621.Xr ssh 1
diff --git a/sshd.8 b/sshd.8
index aae973c5b..22f81432a 100644
--- a/sshd.8
+++ b/sshd.8
@@ -34,7 +34,7 @@
34.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 34.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
35.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 35.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
36.\" 36.\"
37.\" $OpenBSD: sshd.8,v 1.183 2002/05/29 03:06:30 stevesk Exp $ 37.\" $OpenBSD: sshd.8,v 1.184 2002/06/20 19:56:07 stevesk Exp $
38.Dd September 25, 1999 38.Dd September 25, 1999
39.Dt SSHD 8 39.Dt SSHD 8
40.Os 40.Os
@@ -320,638 +320,8 @@ reads configuration data from
320(or the file specified with 320(or the file specified with
321.Fl f 321.Fl f
322on the command line). 322on the command line).
323The file contains keyword-argument pairs, one per line. 323The file format and configuration options are described in
324Lines starting with 324.Xr sshd_config 5 .
325.Ql #
326and empty lines are interpreted as comments.
327.Pp
328The possible
329keywords and their meanings are as follows (note that
330keywords are case-insensitive and arguments are case-sensitive):
331.Bl -tag -width Ds
332.It Cm AFSTokenPassing
333Specifies whether an AFS token may be forwarded to the server.
334Default is
335.Dq no .
336.It Cm AllowGroups
337This keyword can be followed by a list of group name patterns, separated
338by spaces.
339If specified, login is allowed only for users whose primary
340group or supplementary group list matches one of the patterns.
341.Ql \&*
342and
343.Ql ?
344can be used as
345wildcards in the patterns.
346Only group names are valid; a numerical group ID is not recognized.
347By default, login is allowed for all groups.
348.Pp
349.It Cm AllowTcpForwarding
350Specifies whether TCP forwarding is permitted.
351The default is
352.Dq yes .
353Note that disabling TCP forwarding does not improve security unless
354users are also denied shell access, as they can always install their
355own forwarders.
356.Pp
357.It Cm AllowUsers
358This keyword can be followed by a list of user name patterns, separated
359by spaces.
360If specified, login is allowed only for users names that
361match one of the patterns.
362.Ql \&*
363and
364.Ql ?
365can be used as
366wildcards in the patterns.
367Only user names are valid; a numerical user ID is not recognized.
368By default, login is allowed for all users.
369If the pattern takes the form USER@HOST then USER and HOST
370are separately checked, restricting logins to particular
371users from particular hosts.
372.Pp
373.It Cm AuthorizedKeysFile
374Specifies the file that contains the public keys that can be used
375for user authentication.
376.Cm AuthorizedKeysFile
377may contain tokens of the form %T which are substituted during connection
378set-up. The following tokens are defined: %% is replaced by a literal '%',
379%h is replaced by the home directory of the user being authenticated and
380%u is replaced by the username of that user.
381After expansion,
382.Cm AuthorizedKeysFile
383is taken to be an absolute path or one relative to the user's home
384directory.
385The default is
386.Dq .ssh/authorized_keys .
387.It Cm Banner
388In some jurisdictions, sending a warning message before authentication
389may be relevant for getting legal protection.
390The contents of the specified file are sent to the remote user before
391authentication is allowed.
392This option is only available for protocol version 2.
393By default, no banner is displayed.
394.Pp
395.It Cm ChallengeResponseAuthentication
396Specifies whether challenge response authentication is allowed.
397All authentication styles from
398.Xr login.conf 5
399are supported.
400The default is
401.Dq yes .
402.It Cm Ciphers
403Specifies the ciphers allowed for protocol version 2.
404Multiple ciphers must be comma-separated.
405The default is
406.Pp
407.Bd -literal
408 ``aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,
409 aes192-cbc,aes256-cbc''
410.Ed
411.It Cm ClientAliveInterval
412Sets a timeout interval in seconds after which if no data has been received
413from the client,
414.Nm
415will send a message through the encrypted
416channel to request a response from the client.
417The default
418is 0, indicating that these messages will not be sent to the client.
419This option applies to protocol version 2 only.
420.It Cm ClientAliveCountMax
421Sets the number of client alive messages (see above) which may be
422sent without
423.Nm
424receiving any messages back from the client. If this threshold is
425reached while client alive messages are being sent,
426.Nm
427will disconnect the client, terminating the session. It is important
428to note that the use of client alive messages is very different from
429.Cm KeepAlive
430(below). The client alive messages are sent through the
431encrypted channel and therefore will not be spoofable. The TCP keepalive
432option enabled by
433.Cm KeepAlive
434is spoofable. The client alive mechanism is valuable when the client or
435server depend on knowing when a connection has become inactive.
436.Pp
437The default value is 3. If
438.Cm ClientAliveInterval
439(above) is set to 15, and
440.Cm ClientAliveCountMax
441is left at the default, unresponsive ssh clients
442will be disconnected after approximately 45 seconds.
443.It Cm DenyGroups
444This keyword can be followed by a list of group name patterns, separated
445by spaces.
446Login is disallowed for users whose primary group or supplementary
447group list matches one of the patterns.
448.Ql \&*
449and
450.Ql ?
451can be used as
452wildcards in the patterns.
453Only group names are valid; a numerical group ID is not recognized.
454By default, login is allowed for all groups.
455.Pp
456.It Cm DenyUsers
457This keyword can be followed by a list of user name patterns, separated
458by spaces.
459Login is disallowed for user names that match one of the patterns.
460.Ql \&*
461and
462.Ql ?
463can be used as wildcards in the patterns.
464Only user names are valid; a numerical user ID is not recognized.
465By default, login is allowed for all users.
466If the pattern takes the form USER@HOST then USER and HOST
467are separately checked, restricting logins to particular
468users from particular hosts.
469.It Cm GatewayPorts
470Specifies whether remote hosts are allowed to connect to ports
471forwarded for the client.
472By default,
473.Nm
474binds remote port forwardings to the loopback address. This
475prevents other remote hosts from connecting to forwarded ports.
476.Cm GatewayPorts
477can be used to specify that
478.Nm
479should bind remote port forwardings to the wildcard address,
480thus allowing remote hosts to connect to forwarded ports.
481The argument must be
482.Dq yes
483or
484.Dq no .
485The default is
486.Dq no .
487.It Cm HostbasedAuthentication
488Specifies whether rhosts or /etc/hosts.equiv authentication together
489with successful public key client host authentication is allowed
490(hostbased authentication).
491This option is similar to
492.Cm RhostsRSAAuthentication
493and applies to protocol version 2 only.
494The default is
495.Dq no .
496.It Cm HostKey
497Specifies a file containing a private host key
498used by SSH.
499The default is
500.Pa /etc/ssh/ssh_host_key
501for protocol version 1, and
502.Pa /etc/ssh/ssh_host_rsa_key
503and
504.Pa /etc/ssh/ssh_host_dsa_key
505for protocol version 2.
506Note that
507.Nm
508will refuse to use a file if it is group/world-accessible.
509It is possible to have multiple host key files.
510.Dq rsa1
511keys are used for version 1 and
512.Dq dsa
513or
514.Dq rsa
515are used for version 2 of the SSH protocol.
516.It Cm IgnoreRhosts
517Specifies that
518.Pa .rhosts
519and
520.Pa .shosts
521files will not be used in
522.Cm RhostsAuthentication ,
523.Cm RhostsRSAAuthentication
524or
525.Cm HostbasedAuthentication .
526.Pp
527.Pa /etc/hosts.equiv
528and
529.Pa /etc/shosts.equiv
530are still used.
531The default is
532.Dq yes .
533.It Cm IgnoreUserKnownHosts
534Specifies whether
535.Nm
536should ignore the user's
537.Pa $HOME/.ssh/known_hosts
538during
539.Cm RhostsRSAAuthentication
540or
541.Cm HostbasedAuthentication .
542The default is
543.Dq no .
544.It Cm KeepAlive
545Specifies whether the system should send TCP keepalive messages to the
546other side.
547If they are sent, death of the connection or crash of one
548of the machines will be properly noticed.
549However, this means that
550connections will die if the route is down temporarily, and some people
551find it annoying.
552On the other hand, if keepalives are not sent,
553sessions may hang indefinitely on the server, leaving
554.Dq ghost
555users and consuming server resources.
556.Pp
557The default is
558.Dq yes
559(to send keepalives), and the server will notice
560if the network goes down or the client host crashes.
561This avoids infinitely hanging sessions.
562.Pp
563To disable keepalives, the value should be set to
564.Dq no .
565.It Cm KerberosAuthentication
566Specifies whether Kerberos authentication is allowed.
567This can be in the form of a Kerberos ticket, or if
568.Cm PasswordAuthentication
569is yes, the password provided by the user will be validated through
570the Kerberos KDC.
571To use this option, the server needs a
572Kerberos servtab which allows the verification of the KDC's identity.
573Default is
574.Dq no .
575.It Cm KerberosOrLocalPasswd
576If set then if password authentication through Kerberos fails then
577the password will be validated via any additional local mechanism
578such as
579.Pa /etc/passwd .
580Default is
581.Dq yes .
582.It Cm KerberosTgtPassing
583Specifies whether a Kerberos TGT may be forwarded to the server.
584Default is
585.Dq no ,
586as this only works when the Kerberos KDC is actually an AFS kaserver.
587.It Cm KerberosTicketCleanup
588Specifies whether to automatically destroy the user's ticket cache
589file on logout.
590Default is
591.Dq yes .
592.It Cm KeyRegenerationInterval
593In protocol version 1, the ephemeral server key is automatically regenerated
594after this many seconds (if it has been used).
595The purpose of regeneration is to prevent
596decrypting captured sessions by later breaking into the machine and
597stealing the keys.
598The key is never stored anywhere.
599If the value is 0, the key is never regenerated.
600The default is 3600 (seconds).
601.It Cm ListenAddress
602Specifies the local addresses
603.Nm
604should listen on.
605The following forms may be used:
606.Pp
607.Bl -item -offset indent -compact
608.It
609.Cm ListenAddress
610.Sm off
611.Ar host No | Ar IPv4_addr No | Ar IPv6_addr
612.Sm on
613.It
614.Cm ListenAddress
615.Sm off
616.Ar host No | Ar IPv4_addr No : Ar port
617.Sm on
618.It
619.Cm ListenAddress
620.Sm off
621.Oo
622.Ar host No | Ar IPv6_addr Oc : Ar port
623.Sm on
624.El
625.Pp
626If
627.Ar port
628is not specified,
629.Nm
630will listen on the address and all prior
631.Cm Port
632options specified. The default is to listen on all local
633addresses. Multiple
634.Cm ListenAddress
635options are permitted. Additionally, any
636.Cm Port
637options must precede this option for non port qualified addresses.
638.It Cm LoginGraceTime
639The server disconnects after this time if the user has not
640successfully logged in.
641If the value is 0, there is no time limit.
642The default is 600 (seconds).
643.It Cm LogLevel
644Gives the verbosity level that is used when logging messages from
645.Nm sshd .
646The possible values are:
647QUIET, FATAL, ERROR, INFO, VERBOSE, DEBUG, DEBUG1, DEBUG2 and DEBUG3.
648The default is INFO. DEBUG and DEBUG1 are equivalent. DEBUG2
649and DEBUG3 each specify higher levels of debugging output.
650Logging with a DEBUG level violates the privacy of users
651and is not recommended.
652.It Cm MACs
653Specifies the available MAC (message authentication code) algorithms.
654The MAC algorithm is used in protocol version 2
655for data integrity protection.
656Multiple algorithms must be comma-separated.
657The default is
658.Dq hmac-md5,hmac-sha1,hmac-ripemd160,hmac-sha1-96,hmac-md5-96 .
659.It Cm MaxStartups
660Specifies the maximum number of concurrent unauthenticated connections to the
661.Nm
662daemon.
663Additional connections will be dropped until authentication succeeds or the
664.Cm LoginGraceTime
665expires for a connection.
666The default is 10.
667.Pp
668Alternatively, random early drop can be enabled by specifying
669the three colon separated values
670.Dq start:rate:full
671(e.g., "10:30:60").
672.Nm
673will refuse connection attempts with a probability of
674.Dq rate/100
675(30%)
676if there are currently
677.Dq start
678(10)
679unauthenticated connections.
680The probability increases linearly and all connection attempts
681are refused if the number of unauthenticated connections reaches
682.Dq full
683(60).
684.It Cm PAMAuthenticationViaKbdInt
685Specifies whether PAM challenge response authentication is allowed. This
686allows the use of most PAM challenge response authentication modules, but
687it will allow password authentication regardless of whether
688.Cm PasswordAuthentication
689is disabled.
690The default is
691.Dq no .
692.It Cm PasswordAuthentication
693Specifies whether password authentication is allowed.
694The default is
695.Dq yes .
696.It Cm PermitEmptyPasswords
697When password authentication is allowed, it specifies whether the
698server allows login to accounts with empty password strings.
699The default is
700.Dq no .
701.It Cm PermitRootLogin
702Specifies whether root can login using
703.Xr ssh 1 .
704The argument must be
705.Dq yes ,
706.Dq without-password ,
707.Dq forced-commands-only
708or
709.Dq no .
710The default is
711.Dq yes .
712.Pp
713If this option is set to
714.Dq without-password
715password authentication is disabled for root.
716.Pp
717If this option is set to
718.Dq forced-commands-only
719root login with public key authentication will be allowed,
720but only if the
721.Ar command
722option has been specified
723(which may be useful for taking remote backups even if root login is
724normally not allowed). All other authentication methods are disabled
725for root.
726.Pp
727If this option is set to
728.Dq no
729root is not allowed to login.
730.It Cm PidFile
731Specifies the file that contains the process identifier of the
732.Nm
733daemon.
734The default is
735.Pa /var/run/sshd.pid .
736.It Cm Port
737Specifies the port number that
738.Nm
739listens on.
740The default is 22.
741Multiple options of this type are permitted.
742See also
743.Cm ListenAddress .
744.It Cm PrintLastLog
745Specifies whether
746.Nm
747should print the date and time when the user last logged in.
748The default is
749.Dq yes .
750.It Cm PrintMotd
751Specifies whether
752.Nm
753should print
754.Pa /etc/motd
755when a user logs in interactively.
756(On some systems it is also printed by the shell,
757.Pa /etc/profile ,
758or equivalent.)
759The default is
760.Dq yes .
761.It Cm Protocol
762Specifies the protocol versions
763.Nm
764should support.
765The possible values are
766.Dq 1
767and
768.Dq 2 .
769Multiple versions must be comma-separated.
770The default is
771.Dq 2,1 .
772.It Cm PubkeyAuthentication
773Specifies whether public key authentication is allowed.
774The default is
775.Dq yes .
776Note that this option applies to protocol version 2 only.
777.It Cm RhostsAuthentication
778Specifies whether authentication using rhosts or /etc/hosts.equiv
779files is sufficient.
780Normally, this method should not be permitted because it is insecure.
781.Cm RhostsRSAAuthentication
782should be used
783instead, because it performs RSA-based host authentication in addition
784to normal rhosts or /etc/hosts.equiv authentication.
785The default is
786.Dq no .
787This option applies to protocol version 1 only.
788.It Cm RhostsRSAAuthentication
789Specifies whether rhosts or /etc/hosts.equiv authentication together
790with successful RSA host authentication is allowed.
791The default is
792.Dq no .
793This option applies to protocol version 1 only.
794.It Cm RSAAuthentication
795Specifies whether pure RSA authentication is allowed.
796The default is
797.Dq yes .
798This option applies to protocol version 1 only.
799.It Cm ServerKeyBits
800Defines the number of bits in the ephemeral protocol version 1 server key.
801The minimum value is 512, and the default is 768.
802.It Cm StrictModes
803Specifies whether
804.Nm
805should check file modes and ownership of the
806user's files and home directory before accepting login.
807This is normally desirable because novices sometimes accidentally leave their
808directory or files world-writable.
809The default is
810.Dq yes .
811.It Cm Subsystem
812Configures an external subsystem (e.g., file transfer daemon).
813Arguments should be a subsystem name and a command to execute upon subsystem
814request.
815The command
816.Xr sftp-server 8
817implements the
818.Dq sftp
819file transfer subsystem.
820By default no subsystems are defined.
821Note that this option applies to protocol version 2 only.
822.It Cm SyslogFacility
823Gives the facility code that is used when logging messages from
824.Nm sshd .
825The possible values are: DAEMON, USER, AUTH, LOCAL0, LOCAL1, LOCAL2,
826LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7.
827The default is AUTH.
828.It Cm UseLogin
829Specifies whether
830.Xr login 1
831is used for interactive login sessions.
832The default is
833.Dq no .
834Note that
835.Xr login 1
836is never used for remote command execution.
837Note also, that if this is enabled,
838.Cm X11Forwarding
839will be disabled because
840.Xr login 1
841does not know how to handle
842.Xr xauth 1
843cookies. If
844.Cm UsePrivilegeSeparation
845is specified, it will be disabled after authentication.
846.It Cm UsePrivilegeSeparation
847Specifies whether
848.Nm
849separated privileges by creating an unprivileged child process
850to deal with incoming network traffic. After successful authentication,
851another process will be created that has the privilege of the authenticated
852user. The goal of privilege separation is to prevent privilege
853escalation by containing any corruption within the unprivileged processes.
854The default is
855.Dq yes .
856.It Cm VerifyReverseMapping
857Specifies whether
858.Nm
859should try to verify the remote host name and check that
860the resolved host name for the remote IP address maps back to the
861very same IP address.
862The default is
863.Dq no .
864.It Cm X11DisplayOffset
865Specifies the first display number available for
866.Nm sshd Ns 's
867X11 forwarding.
868This prevents
869.Nm
870from interfering with real X11 servers.
871The default is 10.
872.It Cm X11Forwarding
873Specifies whether X11 forwarding is permitted.
874The default is
875.Dq no .
876Note that disabling X11 forwarding does not improve security in any
877way, as users can always install their own forwarders.
878X11 forwarding is automatically disabled if
879.Cm UseLogin
880is enabled.
881.It Cm X11UseLocalhost
882Specifies whether
883.Nm
884should bind the X11 forwarding server to the loopback address or to
885the wildcard address. By default,
886.Nm
887binds the forwarding server to the loopback address and sets the
888hostname part of the
889.Ev DISPLAY
890environment variable to
891.Dq localhost .
892This prevents remote hosts from connecting to the fake display.
893However, some older X11 clients may not function with this
894configuration.
895.Cm X11UseLocalhost
896may be set to
897.Dq no
898to specify that the forwarding server should be bound to the wildcard
899address.
900The argument must be
901.Dq yes
902or
903.Dq no .
904The default is
905.Dq yes .
906.It Cm XAuthLocation
907Specifies the location of the
908.Xr xauth 1
909program.
910The default is
911.Pa /usr/X11R6/bin/xauth .
912.El
913.Ss Time Formats
914.Pp
915.Nm
916command-line arguments and configuration file options that specify time
917may be expressed using a sequence of the form:
918.Sm off
919.Ar time Oo Ar qualifier Oc ,
920.Sm on
921where
922.Ar time
923is a positive integer value and
924.Ar qualifier
925is one of the following:
926.Pp
927.Bl -tag -width Ds -compact -offset indent
928.It Cm <none>
929seconds
930.It Cm s | Cm S
931seconds
932.It Cm m | Cm M
933minutes
934.It Cm h | Cm H
935hours
936.It Cm d | Cm D
937days
938.It Cm w | Cm W
939weeks
940.El
941.Pp
942Each member of the sequence is added together to calculate
943the total time value.
944.Pp
945Time format examples:
946.Pp
947.Bl -tag -width Ds -compact -offset indent
948.It 600
949600 seconds (10 minutes)
950.It 10m
95110 minutes
952.It 1h30m
9531 hour 30 minutes (90 minutes)
954.El
955.Sh LOGIN PROCESS 325.Sh LOGIN PROCESS
956When a user successfully logs in, 326When a user successfully logs in,
957.Nm 327.Nm
@@ -1187,8 +557,8 @@ cvs.openbsd.org,199.185.137.3 ssh-rsa AAAA1234.....=
1187.It Pa /etc/ssh/sshd_config 557.It Pa /etc/ssh/sshd_config
1188Contains configuration data for 558Contains configuration data for
1189.Nm sshd . 559.Nm sshd .
1190This file should be writable by root only, but it is recommended 560The file format and configuration options are described in
1191(though not necessary) that it be world-readable. 561.Xr sshd_config 5 .
1192.It Pa /etc/ssh/ssh_host_key, /etc/ssh/ssh_host_dsa_key, /etc/ssh/ssh_host_rsa_key 562.It Pa /etc/ssh/ssh_host_key, /etc/ssh/ssh_host_dsa_key, /etc/ssh/ssh_host_rsa_key
1193These three files contain the private parts of the host keys. 563These three files contain the private parts of the host keys.
1194These files should only be owned by root, readable only by root, and not 564These files should only be owned by root, readable only by root, and not
@@ -1389,6 +759,7 @@ for privilege separation.
1389.Xr ssh-keygen 1 , 759.Xr ssh-keygen 1 ,
1390.Xr login.conf 5 , 760.Xr login.conf 5 ,
1391.Xr moduli 5 , 761.Xr moduli 5 ,
762.Xr sshd_config 5 ,
1392.Xr sftp-server 8 763.Xr sftp-server 8
1393.Rs 764.Rs
1394.%A T. Ylonen 765.%A T. Ylonen
diff --git a/sshd_config.5 b/sshd_config.5
new file mode 100644
index 000000000..1aecd485b
--- /dev/null
+++ b/sshd_config.5
@@ -0,0 +1,711 @@
1.\" -*- nroff -*-
2.\"
3.\" Author: Tatu Ylonen <ylo@cs.hut.fi>
4.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
5.\" All rights reserved
6.\"
7.\" As far as I am concerned, the code I have written for this software
8.\" can be used freely for any purpose. Any derived versions of this
9.\" software must be clearly marked as such, and if the derived work is
10.\" incompatible with the protocol description in the RFC file, it must be
11.\" called by a name other than "ssh" or "Secure Shell".
12.\"
13.\" Copyright (c) 1999,2000 Markus Friedl. All rights reserved.
14.\" Copyright (c) 1999 Aaron Campbell. All rights reserved.
15.\" Copyright (c) 1999 Theo de Raadt. All rights reserved.
16.\"
17.\" Redistribution and use in source and binary forms, with or without
18.\" modification, are permitted provided that the following conditions
19.\" are met:
20.\" 1. Redistributions of source code must retain the above copyright
21.\" notice, this list of conditions and the following disclaimer.
22.\" 2. Redistributions in binary form must reproduce the above copyright
23.\" notice, this list of conditions and the following disclaimer in the
24.\" documentation and/or other materials provided with the distribution.
25.\"
26.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
27.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
28.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
29.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
30.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
31.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
32.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
33.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
34.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
35.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
36.\"
37.\" $OpenBSD: sshd_config.5,v 1.3 2002/06/20 23:37:12 markus Exp $
38.Dd September 25, 1999
39.Dt SSHD_CONFIG 5
40.Os
41.Sh NAME
42.Nm sshd_config
43.Nd OpenSSH SSH daemon configuration file
44.Sh SYNOPSIS
45.Bl -tag -width Ds -compact
46.It Pa /etc/ssh/sshd_config
47.El
48.Sh DESCRIPTION
49.Nm sshd
50reads configuration data from
51.Pa /etc/ssh/sshd_config
52(or the file specified with
53.Fl f
54on the command line).
55The file contains keyword-argument pairs, one per line.
56Lines starting with
57.Ql #
58and empty lines are interpreted as comments.
59.Pp
60The possible
61keywords and their meanings are as follows (note that
62keywords are case-insensitive and arguments are case-sensitive):
63.Bl -tag -width Ds
64.It Cm AFSTokenPassing
65Specifies whether an AFS token may be forwarded to the server.
66Default is
67.Dq no .
68.It Cm AllowGroups
69This keyword can be followed by a list of group name patterns, separated
70by spaces.
71If specified, login is allowed only for users whose primary
72group or supplementary group list matches one of the patterns.
73.Ql \&*
74and
75.Ql ?
76can be used as
77wildcards in the patterns.
78Only group names are valid; a numerical group ID is not recognized.
79By default, login is allowed for all groups.
80.Pp
81.It Cm AllowTcpForwarding
82Specifies whether TCP forwarding is permitted.
83The default is
84.Dq yes .
85Note that disabling TCP forwarding does not improve security unless
86users are also denied shell access, as they can always install their
87own forwarders.
88.Pp
89.It Cm AllowUsers
90This keyword can be followed by a list of user name patterns, separated
91by spaces.
92If specified, login is allowed only for users names that
93match one of the patterns.
94.Ql \&*
95and
96.Ql ?
97can be used as
98wildcards in the patterns.
99Only user names are valid; a numerical user ID is not recognized.
100By default, login is allowed for all users.
101If the pattern takes the form USER@HOST then USER and HOST
102are separately checked, restricting logins to particular
103users from particular hosts.
104.Pp
105.It Cm AuthorizedKeysFile
106Specifies the file that contains the public keys that can be used
107for user authentication.
108.Cm AuthorizedKeysFile
109may contain tokens of the form %T which are substituted during connection
110set-up. The following tokens are defined: %% is replaced by a literal '%',
111%h is replaced by the home directory of the user being authenticated and
112%u is replaced by the username of that user.
113After expansion,
114.Cm AuthorizedKeysFile
115is taken to be an absolute path or one relative to the user's home
116directory.
117The default is
118.Dq .ssh/authorized_keys .
119.It Cm Banner
120In some jurisdictions, sending a warning message before authentication
121may be relevant for getting legal protection.
122The contents of the specified file are sent to the remote user before
123authentication is allowed.
124This option is only available for protocol version 2.
125By default, no banner is displayed.
126.Pp
127.It Cm ChallengeResponseAuthentication
128Specifies whether challenge response authentication is allowed.
129All authentication styles from
130.Xr login.conf 5
131are supported.
132The default is
133.Dq yes .
134.It Cm Ciphers
135Specifies the ciphers allowed for protocol version 2.
136Multiple ciphers must be comma-separated.
137The default is
138.Pp
139.Bd -literal
140 ``aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,
141 aes192-cbc,aes256-cbc''
142.Ed
143.It Cm ClientAliveInterval
144Sets a timeout interval in seconds after which if no data has been received
145from the client,
146.Nm sshd
147will send a message through the encrypted
148channel to request a response from the client.
149The default
150is 0, indicating that these messages will not be sent to the client.
151This option applies to protocol version 2 only.
152.It Cm ClientAliveCountMax
153Sets the number of client alive messages (see above) which may be
154sent without
155.Nm sshd
156receiving any messages back from the client. If this threshold is
157reached while client alive messages are being sent,
158.Nm sshd
159will disconnect the client, terminating the session. It is important
160to note that the use of client alive messages is very different from
161.Cm KeepAlive
162(below). The client alive messages are sent through the
163encrypted channel and therefore will not be spoofable. The TCP keepalive
164option enabled by
165.Cm KeepAlive
166is spoofable. The client alive mechanism is valuable when the client or
167server depend on knowing when a connection has become inactive.
168.Pp
169The default value is 3. If
170.Cm ClientAliveInterval
171(above) is set to 15, and
172.Cm ClientAliveCountMax
173is left at the default, unresponsive ssh clients
174will be disconnected after approximately 45 seconds.
175.It Cm Compression
176Specifies whether compression is allowed.
177The argument must be
178.Dq yes
179or
180.Dq no .
181The default is
182.Dq yes .
183.It Cm DenyGroups
184This keyword can be followed by a list of group name patterns, separated
185by spaces.
186Login is disallowed for users whose primary group or supplementary
187group list matches one of the patterns.
188.Ql \&*
189and
190.Ql ?
191can be used as
192wildcards in the patterns.
193Only group names are valid; a numerical group ID is not recognized.
194By default, login is allowed for all groups.
195.Pp
196.It Cm DenyUsers
197This keyword can be followed by a list of user name patterns, separated
198by spaces.
199Login is disallowed for user names that match one of the patterns.
200.Ql \&*
201and
202.Ql ?
203can be used as wildcards in the patterns.
204Only user names are valid; a numerical user ID is not recognized.
205By default, login is allowed for all users.
206If the pattern takes the form USER@HOST then USER and HOST
207are separately checked, restricting logins to particular
208users from particular hosts.
209.It Cm GatewayPorts
210Specifies whether remote hosts are allowed to connect to ports
211forwarded for the client.
212By default,
213.Nm sshd
214binds remote port forwardings to the loopback address. This
215prevents other remote hosts from connecting to forwarded ports.
216.Cm GatewayPorts
217can be used to specify that
218.Nm sshd
219should bind remote port forwardings to the wildcard address,
220thus allowing remote hosts to connect to forwarded ports.
221The argument must be
222.Dq yes
223or
224.Dq no .
225The default is
226.Dq no .
227.It Cm HostbasedAuthentication
228Specifies whether rhosts or /etc/hosts.equiv authentication together
229with successful public key client host authentication is allowed
230(hostbased authentication).
231This option is similar to
232.Cm RhostsRSAAuthentication
233and applies to protocol version 2 only.
234The default is
235.Dq no .
236.It Cm HostKey
237Specifies a file containing a private host key
238used by SSH.
239The default is
240.Pa /etc/ssh/ssh_host_key
241for protocol version 1, and
242.Pa /etc/ssh/ssh_host_rsa_key
243and
244.Pa /etc/ssh/ssh_host_dsa_key
245for protocol version 2.
246Note that
247.Nm sshd
248will refuse to use a file if it is group/world-accessible.
249It is possible to have multiple host key files.
250.Dq rsa1
251keys are used for version 1 and
252.Dq dsa
253or
254.Dq rsa
255are used for version 2 of the SSH protocol.
256.It Cm IgnoreRhosts
257Specifies that
258.Pa .rhosts
259and
260.Pa .shosts
261files will not be used in
262.Cm RhostsAuthentication ,
263.Cm RhostsRSAAuthentication
264or
265.Cm HostbasedAuthentication .
266.Pp
267.Pa /etc/hosts.equiv
268and
269.Pa /etc/shosts.equiv
270are still used.
271The default is
272.Dq yes .
273.It Cm IgnoreUserKnownHosts
274Specifies whether
275.Nm sshd
276should ignore the user's
277.Pa $HOME/.ssh/known_hosts
278during
279.Cm RhostsRSAAuthentication
280or
281.Cm HostbasedAuthentication .
282The default is
283.Dq no .
284.It Cm KeepAlive
285Specifies whether the system should send TCP keepalive messages to the
286other side.
287If they are sent, death of the connection or crash of one
288of the machines will be properly noticed.
289However, this means that
290connections will die if the route is down temporarily, and some people
291find it annoying.
292On the other hand, if keepalives are not sent,
293sessions may hang indefinitely on the server, leaving
294.Dq ghost
295users and consuming server resources.
296.Pp
297The default is
298.Dq yes
299(to send keepalives), and the server will notice
300if the network goes down or the client host crashes.
301This avoids infinitely hanging sessions.
302.Pp
303To disable keepalives, the value should be set to
304.Dq no .
305.It Cm KerberosAuthentication
306Specifies whether Kerberos authentication is allowed.
307This can be in the form of a Kerberos ticket, or if
308.It Cm PAMAuthenticationViaKbdInt
309Specifies whether PAM challenge response authentication is allowed. This
310allows the use of most PAM challenge response authentication modules, but
311it will allow password authentication regardless of whether
312.Cm PasswordAuthentication
313is yes, the password provided by the user will be validated through
314the Kerberos KDC.
315To use this option, the server needs a
316Kerberos servtab which allows the verification of the KDC's identity.
317Default is
318.Dq no .
319.It Cm KerberosOrLocalPasswd
320If set then if password authentication through Kerberos fails then
321the password will be validated via any additional local mechanism
322such as
323.Pa /etc/passwd .
324Default is
325.Dq yes .
326.It Cm KerberosTgtPassing
327Specifies whether a Kerberos TGT may be forwarded to the server.
328Default is
329.Dq no ,
330as this only works when the Kerberos KDC is actually an AFS kaserver.
331.It Cm KerberosTicketCleanup
332Specifies whether to automatically destroy the user's ticket cache
333file on logout.
334Default is
335.Dq yes .
336.It Cm KeyRegenerationInterval
337In protocol version 1, the ephemeral server key is automatically regenerated
338after this many seconds (if it has been used).
339The purpose of regeneration is to prevent
340decrypting captured sessions by later breaking into the machine and
341stealing the keys.
342The key is never stored anywhere.
343If the value is 0, the key is never regenerated.
344The default is 3600 (seconds).
345.It Cm ListenAddress
346Specifies the local addresses
347.Nm sshd
348should listen on.
349The following forms may be used:
350.Pp
351.Bl -item -offset indent -compact
352.It
353.Cm ListenAddress
354.Sm off
355.Ar host No | Ar IPv4_addr No | Ar IPv6_addr
356.Sm on
357.It
358.Cm ListenAddress
359.Sm off
360.Ar host No | Ar IPv4_addr No : Ar port
361.Sm on
362.It
363.Cm ListenAddress
364.Sm off
365.Oo
366.Ar host No | Ar IPv6_addr Oc : Ar port
367.Sm on
368.El
369.Pp
370If
371.Ar port
372is not specified,
373.Nm sshd
374will listen on the address and all prior
375.Cm Port
376options specified. The default is to listen on all local
377addresses. Multiple
378.Cm ListenAddress
379options are permitted. Additionally, any
380.Cm Port
381options must precede this option for non port qualified addresses.
382.It Cm LoginGraceTime
383The server disconnects after this time if the user has not
384successfully logged in.
385If the value is 0, there is no time limit.
386The default is 600 (seconds).
387.It Cm LogLevel
388Gives the verbosity level that is used when logging messages from
389.Nm sshd .
390The possible values are:
391QUIET, FATAL, ERROR, INFO, VERBOSE, DEBUG, DEBUG1, DEBUG2 and DEBUG3.
392The default is INFO. DEBUG and DEBUG1 are equivalent. DEBUG2
393and DEBUG3 each specify higher levels of debugging output.
394Logging with a DEBUG level violates the privacy of users
395and is not recommended.
396.It Cm MACs
397Specifies the available MAC (message authentication code) algorithms.
398The MAC algorithm is used in protocol version 2
399for data integrity protection.
400Multiple algorithms must be comma-separated.
401The default is
402.Dq hmac-md5,hmac-sha1,hmac-ripemd160,hmac-sha1-96,hmac-md5-96 .
403.It Cm MaxStartups
404Specifies the maximum number of concurrent unauthenticated connections to the
405.Nm sshd
406daemon.
407Additional connections will be dropped until authentication succeeds or the
408.Cm LoginGraceTime
409expires for a connection.
410The default is 10.
411.Pp
412Alternatively, random early drop can be enabled by specifying
413the three colon separated values
414.Dq start:rate:full
415(e.g., "10:30:60").
416.Nm sshd
417will refuse connection attempts with a probability of
418.Dq rate/100
419(30%)
420if there are currently
421.Dq start
422(10)
423unauthenticated connections.
424The probability increases linearly and all connection attempts
425are refused if the number of unauthenticated connections reaches
426.Dq full
427(60).
428.It Cm PasswordAuthentication
429Specifies whether password authentication is allowed.
430The default is
431.Dq yes .
432.It Cm PermitEmptyPasswords
433When password authentication is allowed, it specifies whether the
434server allows login to accounts with empty password strings.
435The default is
436.Dq no .
437.It Cm PermitRootLogin
438Specifies whether root can login using
439.Xr ssh 1 .
440The argument must be
441.Dq yes ,
442.Dq without-password ,
443.Dq forced-commands-only
444or
445.Dq no .
446The default is
447.Dq yes .
448.Pp
449If this option is set to
450.Dq without-password
451password authentication is disabled for root.
452.Pp
453If this option is set to
454.Dq forced-commands-only
455root login with public key authentication will be allowed,
456but only if the
457.Ar command
458option has been specified
459(which may be useful for taking remote backups even if root login is
460normally not allowed). All other authentication methods are disabled
461for root.
462.Pp
463If this option is set to
464.Dq no
465root is not allowed to login.
466.It Cm PidFile
467Specifies the file that contains the process identifier of the
468.Nm sshd
469daemon.
470The default is
471.Pa /var/run/sshd.pid .
472.It Cm Port
473Specifies the port number that
474.Nm sshd
475listens on.
476The default is 22.
477Multiple options of this type are permitted.
478See also
479.Cm ListenAddress .
480.It Cm PrintLastLog
481Specifies whether
482.Nm sshd
483should print the date and time when the user last logged in.
484The default is
485.Dq yes .
486.It Cm PrintMotd
487Specifies whether
488.Nm sshd
489should print
490.Pa /etc/motd
491when a user logs in interactively.
492(On some systems it is also printed by the shell,
493.Pa /etc/profile ,
494or equivalent.)
495The default is
496.Dq yes .
497.It Cm Protocol
498Specifies the protocol versions
499.Nm sshd
500should support.
501The possible values are
502.Dq 1
503and
504.Dq 2 .
505Multiple versions must be comma-separated.
506The default is
507.Dq 2,1 .
508.It Cm PubkeyAuthentication
509Specifies whether public key authentication is allowed.
510The default is
511.Dq yes .
512Note that this option applies to protocol version 2 only.
513.It Cm RhostsAuthentication
514Specifies whether authentication using rhosts or /etc/hosts.equiv
515files is sufficient.
516Normally, this method should not be permitted because it is insecure.
517.Cm RhostsRSAAuthentication
518should be used
519instead, because it performs RSA-based host authentication in addition
520to normal rhosts or /etc/hosts.equiv authentication.
521The default is
522.Dq no .
523This option applies to protocol version 1 only.
524.It Cm RhostsRSAAuthentication
525Specifies whether rhosts or /etc/hosts.equiv authentication together
526with successful RSA host authentication is allowed.
527The default is
528.Dq no .
529This option applies to protocol version 1 only.
530.It Cm RSAAuthentication
531Specifies whether pure RSA authentication is allowed.
532The default is
533.Dq yes .
534This option applies to protocol version 1 only.
535.It Cm ServerKeyBits
536Defines the number of bits in the ephemeral protocol version 1 server key.
537The minimum value is 512, and the default is 768.
538.It Cm StrictModes
539Specifies whether
540.Nm sshd
541should check file modes and ownership of the
542user's files and home directory before accepting login.
543This is normally desirable because novices sometimes accidentally leave their
544directory or files world-writable.
545The default is
546.Dq yes .
547.It Cm Subsystem
548Configures an external subsystem (e.g., file transfer daemon).
549Arguments should be a subsystem name and a command to execute upon subsystem
550request.
551The command
552.Xr sftp-server 8
553implements the
554.Dq sftp
555file transfer subsystem.
556By default no subsystems are defined.
557Note that this option applies to protocol version 2 only.
558.It Cm SyslogFacility
559Gives the facility code that is used when logging messages from
560.Nm sshd .
561The possible values are: DAEMON, USER, AUTH, LOCAL0, LOCAL1, LOCAL2,
562LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7.
563The default is AUTH.
564.It Cm UseLogin
565Specifies whether
566.Xr login 1
567is used for interactive login sessions.
568The default is
569.Dq no .
570Note that
571.Xr login 1
572is never used for remote command execution.
573Note also, that if this is enabled,
574.Cm X11Forwarding
575will be disabled because
576.Xr login 1
577does not know how to handle
578.Xr xauth 1
579cookies. If
580.Cm UsePrivilegeSeparation
581is specified, it will be disabled after authentication.
582.It Cm UsePrivilegeSeparation
583Specifies whether
584.Nm sshd
585separates privileges by creating an unprivileged child process
586to deal with incoming network traffic. After successful authentication,
587another process will be created that has the privilege of the authenticated
588user. The goal of privilege separation is to prevent privilege
589escalation by containing any corruption within the unprivileged processes.
590The default is
591.Dq yes .
592.It Cm VerifyReverseMapping
593Specifies whether
594.Nm sshd
595should try to verify the remote host name and check that
596the resolved host name for the remote IP address maps back to the
597very same IP address.
598The default is
599.Dq no .
600.It Cm X11DisplayOffset
601Specifies the first display number available for
602.Nm sshd Ns 's
603X11 forwarding.
604This prevents
605.Nm sshd
606from interfering with real X11 servers.
607The default is 10.
608.It Cm X11Forwarding
609Specifies whether X11 forwarding is permitted.
610The default is
611.Dq no .
612Note that disabling X11 forwarding does not improve security in any
613way, as users can always install their own forwarders.
614X11 forwarding is automatically disabled if
615.Cm UseLogin
616is enabled.
617.It Cm X11UseLocalhost
618Specifies whether
619.Nm sshd
620should bind the X11 forwarding server to the loopback address or to
621the wildcard address. By default,
622.Nm sshd
623binds the forwarding server to the loopback address and sets the
624hostname part of the
625.Ev DISPLAY
626environment variable to
627.Dq localhost .
628This prevents remote hosts from connecting to the fake display.
629However, some older X11 clients may not function with this
630configuration.
631.Cm X11UseLocalhost
632may be set to
633.Dq no
634to specify that the forwarding server should be bound to the wildcard
635address.
636The argument must be
637.Dq yes
638or
639.Dq no .
640The default is
641.Dq yes .
642.It Cm XAuthLocation
643Specifies the location of the
644.Xr xauth 1
645program.
646The default is
647.Pa /usr/X11R6/bin/xauth .
648.El
649.Ss Time Formats
650.Pp
651.Nm sshd
652command-line arguments and configuration file options that specify time
653may be expressed using a sequence of the form:
654.Sm off
655.Ar time Oo Ar qualifier Oc ,
656.Sm on
657where
658.Ar time
659is a positive integer value and
660.Ar qualifier
661is one of the following:
662.Pp
663.Bl -tag -width Ds -compact -offset indent
664.It Cm <none>
665seconds
666.It Cm s | Cm S
667seconds
668.It Cm m | Cm M
669minutes
670.It Cm h | Cm H
671hours
672.It Cm d | Cm D
673days
674.It Cm w | Cm W
675weeks
676.El
677.Pp
678Each member of the sequence is added together to calculate
679the total time value.
680.Pp
681Time format examples:
682.Pp
683.Bl -tag -width Ds -compact -offset indent
684.It 600
685600 seconds (10 minutes)
686.It 10m
68710 minutes
688.It 1h30m
6891 hour 30 minutes (90 minutes)
690.El
691.Sh FILES
692.Bl -tag -width Ds
693.It Pa /etc/ssh/sshd_config
694Contains configuration data for
695.Nm sshd .
696This file should be writable by root only, but it is recommended
697(though not necessary) that it be world-readable.
698.El
699.Sh AUTHORS
700OpenSSH is a derivative of the original and free
701ssh 1.2.12 release by Tatu Ylonen.
702Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos,
703Theo de Raadt and Dug Song
704removed many bugs, re-added newer features and
705created OpenSSH.
706Markus Friedl contributed the support for SSH
707protocol versions 1.5 and 2.0.
708Niels Provos and Markus Friedl contributed support
709for privilege separation.
710.Sh SEE ALSO
711.Xr sshd 8