summaryrefslogtreecommitdiff
path: root/sshd.0
diff options
context:
space:
mode:
Diffstat (limited to 'sshd.0')
-rw-r--r--sshd.0194
1 files changed, 93 insertions, 101 deletions
diff --git a/sshd.0 b/sshd.0
index 9a9613b54..040be6cad 100644
--- a/sshd.0
+++ b/sshd.0
@@ -8,95 +8,20 @@ SYNOPSIS
8 [-h host_key_file] [-k key_gen_time] [-o option] [-p port] [-u len] 8 [-h host_key_file] [-k key_gen_time] [-o option] [-p port] [-u len]
9 9
10DESCRIPTION 10DESCRIPTION
11 sshd (SSH Daemon) is the daemon program for ssh(1). Together these pro- 11 sshd (OpenSSH Daemon) is the daemon program for ssh(1). Together these
12 grams replace rlogin and rsh, and provide secure encrypted communications 12 programs replace rlogin and rsh, and provide secure encrypted communica-
13 between two untrusted hosts over an insecure network. The programs are 13 tions between two untrusted hosts over an insecure network.
14 intended to be as easy to install and use as possible.
15
16 sshd is the daemon that listens for connections from clients. It is nor-
17 mally started at boot from /etc/rc. It forks a new daemon for each in-
18 coming connection. The forked daemons handle key exchange, encryption,
19 authentication, command execution, and data exchange. This implementa-
20 tion of sshd supports both SSH protocol version 1 and 2 simultaneously.
21 sshd works as follows:
22
23 SSH protocol version 1
24 Each host has a host-specific RSA key (normally 2048 bits) used to iden-
25 tify the host. Additionally, when the daemon starts, it generates a
26 server RSA key (normally 768 bits). This key is normally regenerated ev-
27 ery hour if it has been used, and is never stored on disk.
28
29 Whenever a client connects, the daemon responds with its public host and
30 server keys. The client compares the RSA host key against its own
31 database to verify that it has not changed. The client then generates a
32 256-bit random number. It encrypts this random number using both the
33 host key and the server key, and sends the encrypted number to the serv-
34 er. Both sides then use this random number as a session key which is
35 used to encrypt all further communications in the session. The rest of
36 the session is encrypted using a conventional cipher, currently Blowfish
37 or 3DES, with 3DES being used by default. The client selects the encryp-
38 tion algorithm to use from those offered by the server.
39 14
40 Next, the server and the client enter an authentication dialog. The 15 sshd listens for connections from clients. It is normally started at
41 client tries to authenticate itself using .rhosts authentication combined 16 boot from /etc/rc. It forks a new daemon for each incoming connection.
42 with RSA host authentication, RSA challenge-response authentication, or 17 The forked daemons handle key exchange, encryption, authentication, com-
43 password based authentication. 18 mand execution, and data exchange.
44
45 Regardless of the authentication type, the account is checked to ensure
46 that it is accessible. An account is not accessible if it is locked,
47 listed in DenyUsers or its group is listed in DenyGroups . The defini-
48 tion of a locked account is system dependant. Some platforms have their
49 own account database (eg AIX) and some modify the passwd field ( `*LK*'
50 on Solaris, `*' on HP-UX, containing `Nologin' on Tru64 and a leading
51 `!!' on Linux). If there is a requirement to disable password authenti-
52 cation for the account while allowing still public-key, then the passwd
53 field should be set to something other than these values (eg `NP' or
54 `*NP*' ).
55
56 rshd, rlogind, and rexecd are disabled (thus completely disabling rlogin
57 and rsh into the machine).
58
59 SSH protocol version 2
60 Version 2 works similarly: Each host has a host-specific key (RSA or DSA)
61 used to identify the host. However, when the daemon starts, it does not
62 generate a server key. Forward security is provided through a Diffie-
63 Hellman key agreement. This key agreement results in a shared session
64 key.
65
66 The rest of the session is encrypted using a symmetric cipher, currently
67 128-bit AES, Blowfish, 3DES, CAST128, Arcfour, 192-bit AES, or 256-bit
68 AES. The client selects the encryption algorithm to use from those of-
69 fered by the server. Additionally, session integrity is provided through
70 a cryptographic message authentication code (hmac-sha1 or hmac-md5).
71
72 Protocol version 2 provides a public key based user (PubkeyAuthentica-
73 tion) or client host (HostbasedAuthentication) authentication method,
74 conventional password authentication and challenge response based meth-
75 ods.
76
77 Command execution and data forwarding
78 If the client successfully authenticates itself, a dialog for preparing
79 the session is entered. At this time the client may request things like
80 allocating a pseudo-tty, forwarding X11 connections, forwarding TCP/IP
81 connections, or forwarding the authentication agent connection over the
82 secure channel.
83
84 Finally, the client either requests a shell or execution of a command.
85 The sides then enter session mode. In this mode, either side may send
86 data at any time, and such data is forwarded to/from the shell or command
87 on the server side, and the user terminal in the client side.
88
89 When the user program terminates and all forwarded X11 and other connec-
90 tions have been closed, the server sends command exit status to the
91 client, and both sides exit.
92 19
93 sshd can be configured using command-line options or a configuration file 20 sshd can be configured using command-line options or a configuration file
94 (by default sshd_config(5)). Command-line options override values speci- 21 (by default sshd_config(5)); command-line options override values speci-
95 fied in the configuration file. 22 fied in the configuration file. sshd rereads its configuration file when
96 23 it receives a hangup signal, SIGHUP, by executing itself with the name
97 sshd rereads its configuration file when it receives a hangup signal, 24 and options it was started with, e.g., /usr/sbin/sshd.
98 SIGHUP, by executing itself with the name and options it was started
99 with, e.g., /usr/sbin/sshd.
100 25
101 The options are as follows: 26 The options are as follows:
102 27
@@ -165,8 +90,9 @@ DESCRIPTION
165 -p port 90 -p port
166 Specifies the port on which the server listens for connections 91 Specifies the port on which the server listens for connections
167 (default 22). Multiple port options are permitted. Ports speci- 92 (default 22). Multiple port options are permitted. Ports speci-
168 fied in the configuration file are ignored when a command-line 93 fied in the configuration file with the Port option are ignored
169 port is specified. 94 when a command-line port is specified. Ports specified using the
95 ListenAddress option override command-line ports.
170 96
171 -q Quiet mode. Nothing is sent to the system log. Normally the be- 97 -q Quiet mode. Nothing is sent to the system log. Normally the be-
172 ginning, authentication, and termination of each connection is 98 ginning, authentication, and termination of each connection is
@@ -185,15 +111,74 @@ DESCRIPTION
185 the utmp file. -u0 may also be used to prevent sshd from making 111 the utmp file. -u0 may also be used to prevent sshd from making
186 DNS requests unless the authentication mechanism or configuration 112 DNS requests unless the authentication mechanism or configuration
187 requires it. Authentication mechanisms that may require DNS in- 113 requires it. Authentication mechanisms that may require DNS in-
188 clude RhostsRSAAuthentication, HostbasedAuthentication and using 114 clude RhostsRSAAuthentication, HostbasedAuthentication, and using
189 a from="pattern-list" option in a key file. Configuration op- 115 a from="pattern-list" option in a key file. Configuration op-
190 tions that require DNS include using a USER@HOST pattern in 116 tions that require DNS include using a USER@HOST pattern in
191 AllowUsers or DenyUsers. 117 AllowUsers or DenyUsers.
192 118
193CONFIGURATION FILE 119AUTHENTICATION
194 sshd reads configuration data from /etc/ssh/sshd_config (or the file 120 The OpenSSH SSH daemon supports SSH protocols 1 and 2. Both protocols
195 specified with -f on the command line). The file format and configura- 121 are supported by default, though this can be changed via the Protocol op-
196 tion options are described in sshd_config(5). 122 tion in sshd_config(5). Protocol 2 supports both RSA and DSA keys; pro-
123 tocol 1 only supports RSA keys. For both protocols, each host has a
124 host-specific key, normally 2048 bits, used to identify the host.
125
126 Forward security for protocol 1 is provided through an additional server
127 key, normally 768 bits, generated when the server starts. This key is
128 normally regenerated every hour if it has been used, and is never stored
129 on disk. Whenever a client connects, the daemon responds with its public
130 host and server keys. The client compares the RSA host key against its
131 own database to verify that it has not changed. The client then gener-
132 ates a 256-bit random number. It encrypts this random number using both
133 the host key and the server key, and sends the encrypted number to the
134 server. Both sides then use this random number as a session key which is
135 used to encrypt all further communications in the session. The rest of
136 the session is encrypted using a conventional cipher, currently Blowfish
137 or 3DES, with 3DES being used by default. The client selects the encryp-
138 tion algorithm to use from those offered by the server.
139
140 For protocol 2, forward security is provided through a Diffie-Hellman key
141 agreement. This key agreement results in a shared session key. The rest
142 of the session is encrypted using a symmetric cipher, currently 128-bit
143 AES, Blowfish, 3DES, CAST128, Arcfour, 192-bit AES, or 256-bit AES. The
144 client selects the encryption algorithm to use from those offered by the
145 server. Additionally, session integrity is provided through a crypto-
146 graphic message authentication code (hmac-sha1 or hmac-md5).
147
148 Finally, the server and the client enter an authentication dialog. The
149 client tries to authenticate itself using host-based authentication, pub-
150 lic key authentication, challenge-response authentication, or password
151 authentication.
152
153 Regardless of the authentication type, the account is checked to ensure
154 that it is accessible. An account is not accessible if it is locked,
155 listed in DenyUsers or its group is listed in DenyGroups . The defini-
156 tion of a locked account is system dependant. Some platforms have their
157 own account database (eg AIX) and some modify the passwd field ( `*LK*'
158 on Solaris and UnixWare, `*' on HP-UX, containing `Nologin' on Tru64, a
159 leading `*LOCKED*' on FreeBSD and a leading `!!' on Linux). If there is
160 a requirement to disable password authentication for the account while
161 allowing still public-key, then the passwd field should be set to some-
162 thing other than these values (eg `NP' or `*NP*' ).
163
164 System security is not improved unless rshd, rlogind, and rexecd are dis-
165 abled (thus completely disabling rlogin and rsh into the machine).
166
167COMMAND EXECUTION AND DATA FORWARDING
168 If the client successfully authenticates itself, a dialog for preparing
169 the session is entered. At this time the client may request things like
170 allocating a pseudo-tty, forwarding X11 connections, forwarding TCP con-
171 nections, or forwarding the authentication agent connection over the se-
172 cure channel.
173
174 Finally, the client either requests a shell or execution of a command.
175 The sides then enter session mode. In this mode, either side may send
176 data at any time, and such data is forwarded to/from the shell or command
177 on the server side, and the user terminal in the client side.
178
179 When the user program terminates and all forwarded X11 and other connec-
180 tions have been closed, the server sends command exit status to the
181 client, and both sides exit.
197 182
198LOGIN PROCESS 183LOGIN PROCESS
199 When a user successfully logs in, sshd does the following: 184 When a user successfully logs in, sshd does the following:
@@ -280,9 +265,9 @@ AUTHORIZED_KEYS FILE FORMAT
280 backslash. This option might be useful to restrict certain pub- 265 backslash. This option might be useful to restrict certain pub-
281 lic keys to perform just a specific operation. An example might 266 lic keys to perform just a specific operation. An example might
282 be a key that permits remote backups but nothing else. Note that 267 be a key that permits remote backups but nothing else. Note that
283 the client may specify TCP/IP and/or X11 forwarding unless they 268 the client may specify TCP and/or X11 forwarding unless they are
284 are explicitly prohibited. Note that this option applies to 269 explicitly prohibited. Note that this option applies to shell,
285 shell, command or subsystem execution. 270 command or subsystem execution.
286 271
287 environment="NAME=value" 272 environment="NAME=value"
288 Specifies that the string is to be added to the environment when 273 Specifies that the string is to be added to the environment when
@@ -293,10 +278,9 @@ AUTHORIZED_KEYS FILE FORMAT
293 This option is automatically disabled if UseLogin is enabled. 278 This option is automatically disabled if UseLogin is enabled.
294 279
295 no-port-forwarding 280 no-port-forwarding
296 Forbids TCP/IP forwarding when this key is used for authentica- 281 Forbids TCP forwarding when this key is used for authentication.
297 tion. Any port forward requests by the client will return an er- 282 Any port forward requests by the client will return an error.
298 ror. This might be used, e.g., in connection with the command 283 This might be used, e.g., in connection with the command option.
299 option.
300 284
301 no-X11-forwarding 285 no-X11-forwarding
302 Forbids X11 forwarding when this key is used for authentication. 286 Forbids X11 forwarding when this key is used for authentication.
@@ -316,6 +300,11 @@ AUTHORIZED_KEYS FILE FORMAT
316 is performed on the specified hostnames, they must be literal do- 300 is performed on the specified hostnames, they must be literal do-
317 mains or addresses. 301 mains or addresses.
318 302
303 tunnel="n"
304 Force a tun(4) device on the server. Without this option, the
305 next available device will be used if the client requests a tun-
306 nel.
307
319 Examples 308 Examples
320 1024 33 12121...312314325 ylo@foo.bar 309 1024 33 12121...312314325 ylo@foo.bar
321 310
@@ -326,6 +315,9 @@ AUTHORIZED_KEYS FILE FORMAT
326 315
327 permitopen="10.2.1.55:80",permitopen="10.2.1.56:25" 1024 33 23...2323 316 permitopen="10.2.1.55:80",permitopen="10.2.1.56:25" 1024 33 23...2323
328 317
318 tunnel="0",command="sh /etc/netstart tun0" ssh-rsa AAAA...== reyk@openb-
319 sd.org
320
329SSH_KNOWN_HOSTS FILE FORMAT 321SSH_KNOWN_HOSTS FILE FORMAT
330 The /etc/ssh/ssh_known_hosts and ~/.ssh/known_hosts files contain host 322 The /etc/ssh/ssh_known_hosts and ~/.ssh/known_hosts files contain host
331 public keys for all known hosts. The global file should be prepared by 323 public keys for all known hosts. The global file should be prepared by
@@ -571,4 +563,4 @@ AUTHORS
571 versions 1.5 and 2.0. Niels Provos and Markus Friedl contributed support 563 versions 1.5 and 2.0. Niels Provos and Markus Friedl contributed support
572 for privilege separation. 564 for privilege separation.
573 565
574OpenBSD 3.8 September 25, 1999 9 566OpenBSD 3.9 September 25, 1999 9