diff options
Diffstat (limited to 'sshd.0')
-rw-r--r-- | sshd.0 | 194 |
1 files changed, 93 insertions, 101 deletions
@@ -8,95 +8,20 @@ SYNOPSIS | |||
8 | [-h host_key_file] [-k key_gen_time] [-o option] [-p port] [-u len] | 8 | [-h host_key_file] [-k key_gen_time] [-o option] [-p port] [-u len] |
9 | 9 | ||
10 | DESCRIPTION | 10 | DESCRIPTION |
11 | sshd (SSH Daemon) is the daemon program for ssh(1). Together these pro- | 11 | sshd (OpenSSH Daemon) is the daemon program for ssh(1). Together these |
12 | grams replace rlogin and rsh, and provide secure encrypted communications | 12 | programs replace rlogin and rsh, and provide secure encrypted communica- |
13 | between two untrusted hosts over an insecure network. The programs are | 13 | tions between two untrusted hosts over an insecure network. |
14 | intended to be as easy to install and use as possible. | ||
15 | |||
16 | sshd is the daemon that listens for connections from clients. It is nor- | ||
17 | mally started at boot from /etc/rc. It forks a new daemon for each in- | ||
18 | coming connection. The forked daemons handle key exchange, encryption, | ||
19 | authentication, command execution, and data exchange. This implementa- | ||
20 | tion of sshd supports both SSH protocol version 1 and 2 simultaneously. | ||
21 | sshd works as follows: | ||
22 | |||
23 | SSH protocol version 1 | ||
24 | Each host has a host-specific RSA key (normally 2048 bits) used to iden- | ||
25 | tify the host. Additionally, when the daemon starts, it generates a | ||
26 | server RSA key (normally 768 bits). This key is normally regenerated ev- | ||
27 | ery hour if it has been used, and is never stored on disk. | ||
28 | |||
29 | Whenever a client connects, the daemon responds with its public host and | ||
30 | server keys. The client compares the RSA host key against its own | ||
31 | database to verify that it has not changed. The client then generates a | ||
32 | 256-bit random number. It encrypts this random number using both the | ||
33 | host key and the server key, and sends the encrypted number to the serv- | ||
34 | er. Both sides then use this random number as a session key which is | ||
35 | used to encrypt all further communications in the session. The rest of | ||
36 | the session is encrypted using a conventional cipher, currently Blowfish | ||
37 | or 3DES, with 3DES being used by default. The client selects the encryp- | ||
38 | tion algorithm to use from those offered by the server. | ||
39 | 14 | ||
40 | Next, the server and the client enter an authentication dialog. The | 15 | sshd listens for connections from clients. It is normally started at |
41 | client tries to authenticate itself using .rhosts authentication combined | 16 | boot from /etc/rc. It forks a new daemon for each incoming connection. |
42 | with RSA host authentication, RSA challenge-response authentication, or | 17 | The forked daemons handle key exchange, encryption, authentication, com- |
43 | password based authentication. | 18 | mand execution, and data exchange. |
44 | |||
45 | Regardless of the authentication type, the account is checked to ensure | ||
46 | that it is accessible. An account is not accessible if it is locked, | ||
47 | listed in DenyUsers or its group is listed in DenyGroups . The defini- | ||
48 | tion of a locked account is system dependant. Some platforms have their | ||
49 | own account database (eg AIX) and some modify the passwd field ( `*LK*' | ||
50 | on Solaris, `*' on HP-UX, containing `Nologin' on Tru64 and a leading | ||
51 | `!!' on Linux). If there is a requirement to disable password authenti- | ||
52 | cation for the account while allowing still public-key, then the passwd | ||
53 | field should be set to something other than these values (eg `NP' or | ||
54 | `*NP*' ). | ||
55 | |||
56 | rshd, rlogind, and rexecd are disabled (thus completely disabling rlogin | ||
57 | and rsh into the machine). | ||
58 | |||
59 | SSH protocol version 2 | ||
60 | Version 2 works similarly: Each host has a host-specific key (RSA or DSA) | ||
61 | used to identify the host. However, when the daemon starts, it does not | ||
62 | generate a server key. Forward security is provided through a Diffie- | ||
63 | Hellman key agreement. This key agreement results in a shared session | ||
64 | key. | ||
65 | |||
66 | The rest of the session is encrypted using a symmetric cipher, currently | ||
67 | 128-bit AES, Blowfish, 3DES, CAST128, Arcfour, 192-bit AES, or 256-bit | ||
68 | AES. The client selects the encryption algorithm to use from those of- | ||
69 | fered by the server. Additionally, session integrity is provided through | ||
70 | a cryptographic message authentication code (hmac-sha1 or hmac-md5). | ||
71 | |||
72 | Protocol version 2 provides a public key based user (PubkeyAuthentica- | ||
73 | tion) or client host (HostbasedAuthentication) authentication method, | ||
74 | conventional password authentication and challenge response based meth- | ||
75 | ods. | ||
76 | |||
77 | Command execution and data forwarding | ||
78 | If the client successfully authenticates itself, a dialog for preparing | ||
79 | the session is entered. At this time the client may request things like | ||
80 | allocating a pseudo-tty, forwarding X11 connections, forwarding TCP/IP | ||
81 | connections, or forwarding the authentication agent connection over the | ||
82 | secure channel. | ||
83 | |||
84 | Finally, the client either requests a shell or execution of a command. | ||
85 | The sides then enter session mode. In this mode, either side may send | ||
86 | data at any time, and such data is forwarded to/from the shell or command | ||
87 | on the server side, and the user terminal in the client side. | ||
88 | |||
89 | When the user program terminates and all forwarded X11 and other connec- | ||
90 | tions have been closed, the server sends command exit status to the | ||
91 | client, and both sides exit. | ||
92 | 19 | ||
93 | sshd can be configured using command-line options or a configuration file | 20 | sshd can be configured using command-line options or a configuration file |
94 | (by default sshd_config(5)). Command-line options override values speci- | 21 | (by default sshd_config(5)); command-line options override values speci- |
95 | fied in the configuration file. | 22 | fied in the configuration file. sshd rereads its configuration file when |
96 | 23 | it receives a hangup signal, SIGHUP, by executing itself with the name | |
97 | sshd rereads its configuration file when it receives a hangup signal, | 24 | and options it was started with, e.g., /usr/sbin/sshd. |
98 | SIGHUP, by executing itself with the name and options it was started | ||
99 | with, e.g., /usr/sbin/sshd. | ||
100 | 25 | ||
101 | The options are as follows: | 26 | The options are as follows: |
102 | 27 | ||
@@ -165,8 +90,9 @@ DESCRIPTION | |||
165 | -p port | 90 | -p port |
166 | Specifies the port on which the server listens for connections | 91 | Specifies the port on which the server listens for connections |
167 | (default 22). Multiple port options are permitted. Ports speci- | 92 | (default 22). Multiple port options are permitted. Ports speci- |
168 | fied in the configuration file are ignored when a command-line | 93 | fied in the configuration file with the Port option are ignored |
169 | port is specified. | 94 | when a command-line port is specified. Ports specified using the |
95 | ListenAddress option override command-line ports. | ||
170 | 96 | ||
171 | -q Quiet mode. Nothing is sent to the system log. Normally the be- | 97 | -q Quiet mode. Nothing is sent to the system log. Normally the be- |
172 | ginning, authentication, and termination of each connection is | 98 | ginning, authentication, and termination of each connection is |
@@ -185,15 +111,74 @@ DESCRIPTION | |||
185 | the utmp file. -u0 may also be used to prevent sshd from making | 111 | the utmp file. -u0 may also be used to prevent sshd from making |
186 | DNS requests unless the authentication mechanism or configuration | 112 | DNS requests unless the authentication mechanism or configuration |
187 | requires it. Authentication mechanisms that may require DNS in- | 113 | requires it. Authentication mechanisms that may require DNS in- |
188 | clude RhostsRSAAuthentication, HostbasedAuthentication and using | 114 | clude RhostsRSAAuthentication, HostbasedAuthentication, and using |
189 | a from="pattern-list" option in a key file. Configuration op- | 115 | a from="pattern-list" option in a key file. Configuration op- |
190 | tions that require DNS include using a USER@HOST pattern in | 116 | tions that require DNS include using a USER@HOST pattern in |
191 | AllowUsers or DenyUsers. | 117 | AllowUsers or DenyUsers. |
192 | 118 | ||
193 | CONFIGURATION FILE | 119 | AUTHENTICATION |
194 | sshd reads configuration data from /etc/ssh/sshd_config (or the file | 120 | The OpenSSH SSH daemon supports SSH protocols 1 and 2. Both protocols |
195 | specified with -f on the command line). The file format and configura- | 121 | are supported by default, though this can be changed via the Protocol op- |
196 | tion options are described in sshd_config(5). | 122 | tion in sshd_config(5). Protocol 2 supports both RSA and DSA keys; pro- |
123 | tocol 1 only supports RSA keys. For both protocols, each host has a | ||
124 | host-specific key, normally 2048 bits, used to identify the host. | ||
125 | |||
126 | Forward security for protocol 1 is provided through an additional server | ||
127 | key, normally 768 bits, generated when the server starts. This key is | ||
128 | normally regenerated every hour if it has been used, and is never stored | ||
129 | on disk. Whenever a client connects, the daemon responds with its public | ||
130 | host and server keys. The client compares the RSA host key against its | ||
131 | own database to verify that it has not changed. The client then gener- | ||
132 | ates a 256-bit random number. It encrypts this random number using both | ||
133 | the host key and the server key, and sends the encrypted number to the | ||
134 | server. Both sides then use this random number as a session key which is | ||
135 | used to encrypt all further communications in the session. The rest of | ||
136 | the session is encrypted using a conventional cipher, currently Blowfish | ||
137 | or 3DES, with 3DES being used by default. The client selects the encryp- | ||
138 | tion algorithm to use from those offered by the server. | ||
139 | |||
140 | For protocol 2, forward security is provided through a Diffie-Hellman key | ||
141 | agreement. This key agreement results in a shared session key. The rest | ||
142 | of the session is encrypted using a symmetric cipher, currently 128-bit | ||
143 | AES, Blowfish, 3DES, CAST128, Arcfour, 192-bit AES, or 256-bit AES. The | ||
144 | client selects the encryption algorithm to use from those offered by the | ||
145 | server. Additionally, session integrity is provided through a crypto- | ||
146 | graphic message authentication code (hmac-sha1 or hmac-md5). | ||
147 | |||
148 | Finally, the server and the client enter an authentication dialog. The | ||
149 | client tries to authenticate itself using host-based authentication, pub- | ||
150 | lic key authentication, challenge-response authentication, or password | ||
151 | authentication. | ||
152 | |||
153 | Regardless of the authentication type, the account is checked to ensure | ||
154 | that it is accessible. An account is not accessible if it is locked, | ||
155 | listed in DenyUsers or its group is listed in DenyGroups . The defini- | ||
156 | tion of a locked account is system dependant. Some platforms have their | ||
157 | own account database (eg AIX) and some modify the passwd field ( `*LK*' | ||
158 | on Solaris and UnixWare, `*' on HP-UX, containing `Nologin' on Tru64, a | ||
159 | leading `*LOCKED*' on FreeBSD and a leading `!!' on Linux). If there is | ||
160 | a requirement to disable password authentication for the account while | ||
161 | allowing still public-key, then the passwd field should be set to some- | ||
162 | thing other than these values (eg `NP' or `*NP*' ). | ||
163 | |||
164 | System security is not improved unless rshd, rlogind, and rexecd are dis- | ||
165 | abled (thus completely disabling rlogin and rsh into the machine). | ||
166 | |||
167 | COMMAND EXECUTION AND DATA FORWARDING | ||
168 | If the client successfully authenticates itself, a dialog for preparing | ||
169 | the session is entered. At this time the client may request things like | ||
170 | allocating a pseudo-tty, forwarding X11 connections, forwarding TCP con- | ||
171 | nections, or forwarding the authentication agent connection over the se- | ||
172 | cure channel. | ||
173 | |||
174 | Finally, the client either requests a shell or execution of a command. | ||
175 | The sides then enter session mode. In this mode, either side may send | ||
176 | data at any time, and such data is forwarded to/from the shell or command | ||
177 | on the server side, and the user terminal in the client side. | ||
178 | |||
179 | When the user program terminates and all forwarded X11 and other connec- | ||
180 | tions have been closed, the server sends command exit status to the | ||
181 | client, and both sides exit. | ||
197 | 182 | ||
198 | LOGIN PROCESS | 183 | LOGIN PROCESS |
199 | When a user successfully logs in, sshd does the following: | 184 | When a user successfully logs in, sshd does the following: |
@@ -280,9 +265,9 @@ AUTHORIZED_KEYS FILE FORMAT | |||
280 | backslash. This option might be useful to restrict certain pub- | 265 | backslash. This option might be useful to restrict certain pub- |
281 | lic keys to perform just a specific operation. An example might | 266 | lic keys to perform just a specific operation. An example might |
282 | be a key that permits remote backups but nothing else. Note that | 267 | be a key that permits remote backups but nothing else. Note that |
283 | the client may specify TCP/IP and/or X11 forwarding unless they | 268 | the client may specify TCP and/or X11 forwarding unless they are |
284 | are explicitly prohibited. Note that this option applies to | 269 | explicitly prohibited. Note that this option applies to shell, |
285 | shell, command or subsystem execution. | 270 | command or subsystem execution. |
286 | 271 | ||
287 | environment="NAME=value" | 272 | environment="NAME=value" |
288 | Specifies that the string is to be added to the environment when | 273 | Specifies that the string is to be added to the environment when |
@@ -293,10 +278,9 @@ AUTHORIZED_KEYS FILE FORMAT | |||
293 | This option is automatically disabled if UseLogin is enabled. | 278 | This option is automatically disabled if UseLogin is enabled. |
294 | 279 | ||
295 | no-port-forwarding | 280 | no-port-forwarding |
296 | Forbids TCP/IP forwarding when this key is used for authentica- | 281 | Forbids TCP forwarding when this key is used for authentication. |
297 | tion. Any port forward requests by the client will return an er- | 282 | Any port forward requests by the client will return an error. |
298 | ror. This might be used, e.g., in connection with the command | 283 | This might be used, e.g., in connection with the command option. |
299 | option. | ||
300 | 284 | ||
301 | no-X11-forwarding | 285 | no-X11-forwarding |
302 | Forbids X11 forwarding when this key is used for authentication. | 286 | Forbids X11 forwarding when this key is used for authentication. |
@@ -316,6 +300,11 @@ AUTHORIZED_KEYS FILE FORMAT | |||
316 | is performed on the specified hostnames, they must be literal do- | 300 | is performed on the specified hostnames, they must be literal do- |
317 | mains or addresses. | 301 | mains or addresses. |
318 | 302 | ||
303 | tunnel="n" | ||
304 | Force a tun(4) device on the server. Without this option, the | ||
305 | next available device will be used if the client requests a tun- | ||
306 | nel. | ||
307 | |||
319 | Examples | 308 | Examples |
320 | 1024 33 12121...312314325 ylo@foo.bar | 309 | 1024 33 12121...312314325 ylo@foo.bar |
321 | 310 | ||
@@ -326,6 +315,9 @@ AUTHORIZED_KEYS FILE FORMAT | |||
326 | 315 | ||
327 | permitopen="10.2.1.55:80",permitopen="10.2.1.56:25" 1024 33 23...2323 | 316 | permitopen="10.2.1.55:80",permitopen="10.2.1.56:25" 1024 33 23...2323 |
328 | 317 | ||
318 | tunnel="0",command="sh /etc/netstart tun0" ssh-rsa AAAA...== reyk@openb- | ||
319 | sd.org | ||
320 | |||
329 | SSH_KNOWN_HOSTS FILE FORMAT | 321 | SSH_KNOWN_HOSTS FILE FORMAT |
330 | The /etc/ssh/ssh_known_hosts and ~/.ssh/known_hosts files contain host | 322 | The /etc/ssh/ssh_known_hosts and ~/.ssh/known_hosts files contain host |
331 | public keys for all known hosts. The global file should be prepared by | 323 | public keys for all known hosts. The global file should be prepared by |
@@ -571,4 +563,4 @@ AUTHORS | |||
571 | versions 1.5 and 2.0. Niels Provos and Markus Friedl contributed support | 563 | versions 1.5 and 2.0. Niels Provos and Markus Friedl contributed support |
572 | for privilege separation. | 564 | for privilege separation. |
573 | 565 | ||
574 | OpenBSD 3.8 September 25, 1999 9 | 566 | OpenBSD 3.9 September 25, 1999 9 |