diff options
Diffstat (limited to 'sshd.0')
| -rw-r--r-- | sshd.0 | 194 |
1 files changed, 93 insertions, 101 deletions
| @@ -8,95 +8,20 @@ SYNOPSIS | |||
| 8 | [-h host_key_file] [-k key_gen_time] [-o option] [-p port] [-u len] | 8 | [-h host_key_file] [-k key_gen_time] [-o option] [-p port] [-u len] |
| 9 | 9 | ||
| 10 | DESCRIPTION | 10 | DESCRIPTION |
| 11 | sshd (SSH Daemon) is the daemon program for ssh(1). Together these pro- | 11 | sshd (OpenSSH Daemon) is the daemon program for ssh(1). Together these |
| 12 | grams replace rlogin and rsh, and provide secure encrypted communications | 12 | programs replace rlogin and rsh, and provide secure encrypted communica- |
| 13 | between two untrusted hosts over an insecure network. The programs are | 13 | tions between two untrusted hosts over an insecure network. |
| 14 | intended to be as easy to install and use as possible. | ||
| 15 | |||
| 16 | sshd is the daemon that listens for connections from clients. It is nor- | ||
| 17 | mally started at boot from /etc/rc. It forks a new daemon for each in- | ||
| 18 | coming connection. The forked daemons handle key exchange, encryption, | ||
| 19 | authentication, command execution, and data exchange. This implementa- | ||
| 20 | tion of sshd supports both SSH protocol version 1 and 2 simultaneously. | ||
| 21 | sshd works as follows: | ||
| 22 | |||
| 23 | SSH protocol version 1 | ||
| 24 | Each host has a host-specific RSA key (normally 2048 bits) used to iden- | ||
| 25 | tify the host. Additionally, when the daemon starts, it generates a | ||
| 26 | server RSA key (normally 768 bits). This key is normally regenerated ev- | ||
| 27 | ery hour if it has been used, and is never stored on disk. | ||
| 28 | |||
| 29 | Whenever a client connects, the daemon responds with its public host and | ||
| 30 | server keys. The client compares the RSA host key against its own | ||
| 31 | database to verify that it has not changed. The client then generates a | ||
| 32 | 256-bit random number. It encrypts this random number using both the | ||
| 33 | host key and the server key, and sends the encrypted number to the serv- | ||
| 34 | er. Both sides then use this random number as a session key which is | ||
| 35 | used to encrypt all further communications in the session. The rest of | ||
| 36 | the session is encrypted using a conventional cipher, currently Blowfish | ||
| 37 | or 3DES, with 3DES being used by default. The client selects the encryp- | ||
| 38 | tion algorithm to use from those offered by the server. | ||
| 39 | 14 | ||
| 40 | Next, the server and the client enter an authentication dialog. The | 15 | sshd listens for connections from clients. It is normally started at |
| 41 | client tries to authenticate itself using .rhosts authentication combined | 16 | boot from /etc/rc. It forks a new daemon for each incoming connection. |
| 42 | with RSA host authentication, RSA challenge-response authentication, or | 17 | The forked daemons handle key exchange, encryption, authentication, com- |
| 43 | password based authentication. | 18 | mand execution, and data exchange. |
| 44 | |||
| 45 | Regardless of the authentication type, the account is checked to ensure | ||
| 46 | that it is accessible. An account is not accessible if it is locked, | ||
| 47 | listed in DenyUsers or its group is listed in DenyGroups . The defini- | ||
| 48 | tion of a locked account is system dependant. Some platforms have their | ||
| 49 | own account database (eg AIX) and some modify the passwd field ( `*LK*' | ||
| 50 | on Solaris, `*' on HP-UX, containing `Nologin' on Tru64 and a leading | ||
| 51 | `!!' on Linux). If there is a requirement to disable password authenti- | ||
| 52 | cation for the account while allowing still public-key, then the passwd | ||
| 53 | field should be set to something other than these values (eg `NP' or | ||
| 54 | `*NP*' ). | ||
| 55 | |||
| 56 | rshd, rlogind, and rexecd are disabled (thus completely disabling rlogin | ||
| 57 | and rsh into the machine). | ||
| 58 | |||
| 59 | SSH protocol version 2 | ||
| 60 | Version 2 works similarly: Each host has a host-specific key (RSA or DSA) | ||
| 61 | used to identify the host. However, when the daemon starts, it does not | ||
| 62 | generate a server key. Forward security is provided through a Diffie- | ||
| 63 | Hellman key agreement. This key agreement results in a shared session | ||
| 64 | key. | ||
| 65 | |||
| 66 | The rest of the session is encrypted using a symmetric cipher, currently | ||
| 67 | 128-bit AES, Blowfish, 3DES, CAST128, Arcfour, 192-bit AES, or 256-bit | ||
| 68 | AES. The client selects the encryption algorithm to use from those of- | ||
| 69 | fered by the server. Additionally, session integrity is provided through | ||
| 70 | a cryptographic message authentication code (hmac-sha1 or hmac-md5). | ||
| 71 | |||
| 72 | Protocol version 2 provides a public key based user (PubkeyAuthentica- | ||
| 73 | tion) or client host (HostbasedAuthentication) authentication method, | ||
| 74 | conventional password authentication and challenge response based meth- | ||
| 75 | ods. | ||
| 76 | |||
| 77 | Command execution and data forwarding | ||
| 78 | If the client successfully authenticates itself, a dialog for preparing | ||
| 79 | the session is entered. At this time the client may request things like | ||
| 80 | allocating a pseudo-tty, forwarding X11 connections, forwarding TCP/IP | ||
| 81 | connections, or forwarding the authentication agent connection over the | ||
| 82 | secure channel. | ||
| 83 | |||
| 84 | Finally, the client either requests a shell or execution of a command. | ||
| 85 | The sides then enter session mode. In this mode, either side may send | ||
| 86 | data at any time, and such data is forwarded to/from the shell or command | ||
| 87 | on the server side, and the user terminal in the client side. | ||
| 88 | |||
| 89 | When the user program terminates and all forwarded X11 and other connec- | ||
| 90 | tions have been closed, the server sends command exit status to the | ||
| 91 | client, and both sides exit. | ||
| 92 | 19 | ||
| 93 | sshd can be configured using command-line options or a configuration file | 20 | sshd can be configured using command-line options or a configuration file |
| 94 | (by default sshd_config(5)). Command-line options override values speci- | 21 | (by default sshd_config(5)); command-line options override values speci- |
| 95 | fied in the configuration file. | 22 | fied in the configuration file. sshd rereads its configuration file when |
| 96 | 23 | it receives a hangup signal, SIGHUP, by executing itself with the name | |
| 97 | sshd rereads its configuration file when it receives a hangup signal, | 24 | and options it was started with, e.g., /usr/sbin/sshd. |
| 98 | SIGHUP, by executing itself with the name and options it was started | ||
| 99 | with, e.g., /usr/sbin/sshd. | ||
| 100 | 25 | ||
| 101 | The options are as follows: | 26 | The options are as follows: |
| 102 | 27 | ||
| @@ -165,8 +90,9 @@ DESCRIPTION | |||
| 165 | -p port | 90 | -p port |
| 166 | Specifies the port on which the server listens for connections | 91 | Specifies the port on which the server listens for connections |
| 167 | (default 22). Multiple port options are permitted. Ports speci- | 92 | (default 22). Multiple port options are permitted. Ports speci- |
| 168 | fied in the configuration file are ignored when a command-line | 93 | fied in the configuration file with the Port option are ignored |
| 169 | port is specified. | 94 | when a command-line port is specified. Ports specified using the |
| 95 | ListenAddress option override command-line ports. | ||
| 170 | 96 | ||
| 171 | -q Quiet mode. Nothing is sent to the system log. Normally the be- | 97 | -q Quiet mode. Nothing is sent to the system log. Normally the be- |
| 172 | ginning, authentication, and termination of each connection is | 98 | ginning, authentication, and termination of each connection is |
| @@ -185,15 +111,74 @@ DESCRIPTION | |||
| 185 | the utmp file. -u0 may also be used to prevent sshd from making | 111 | the utmp file. -u0 may also be used to prevent sshd from making |
| 186 | DNS requests unless the authentication mechanism or configuration | 112 | DNS requests unless the authentication mechanism or configuration |
| 187 | requires it. Authentication mechanisms that may require DNS in- | 113 | requires it. Authentication mechanisms that may require DNS in- |
| 188 | clude RhostsRSAAuthentication, HostbasedAuthentication and using | 114 | clude RhostsRSAAuthentication, HostbasedAuthentication, and using |
| 189 | a from="pattern-list" option in a key file. Configuration op- | 115 | a from="pattern-list" option in a key file. Configuration op- |
| 190 | tions that require DNS include using a USER@HOST pattern in | 116 | tions that require DNS include using a USER@HOST pattern in |
| 191 | AllowUsers or DenyUsers. | 117 | AllowUsers or DenyUsers. |
| 192 | 118 | ||
| 193 | CONFIGURATION FILE | 119 | AUTHENTICATION |
| 194 | sshd reads configuration data from /etc/ssh/sshd_config (or the file | 120 | The OpenSSH SSH daemon supports SSH protocols 1 and 2. Both protocols |
| 195 | specified with -f on the command line). The file format and configura- | 121 | are supported by default, though this can be changed via the Protocol op- |
| 196 | tion options are described in sshd_config(5). | 122 | tion in sshd_config(5). Protocol 2 supports both RSA and DSA keys; pro- |
| 123 | tocol 1 only supports RSA keys. For both protocols, each host has a | ||
| 124 | host-specific key, normally 2048 bits, used to identify the host. | ||
| 125 | |||
| 126 | Forward security for protocol 1 is provided through an additional server | ||
| 127 | key, normally 768 bits, generated when the server starts. This key is | ||
| 128 | normally regenerated every hour if it has been used, and is never stored | ||
| 129 | on disk. Whenever a client connects, the daemon responds with its public | ||
| 130 | host and server keys. The client compares the RSA host key against its | ||
| 131 | own database to verify that it has not changed. The client then gener- | ||
| 132 | ates a 256-bit random number. It encrypts this random number using both | ||
| 133 | the host key and the server key, and sends the encrypted number to the | ||
| 134 | server. Both sides then use this random number as a session key which is | ||
| 135 | used to encrypt all further communications in the session. The rest of | ||
| 136 | the session is encrypted using a conventional cipher, currently Blowfish | ||
| 137 | or 3DES, with 3DES being used by default. The client selects the encryp- | ||
| 138 | tion algorithm to use from those offered by the server. | ||
| 139 | |||
| 140 | For protocol 2, forward security is provided through a Diffie-Hellman key | ||
| 141 | agreement. This key agreement results in a shared session key. The rest | ||
| 142 | of the session is encrypted using a symmetric cipher, currently 128-bit | ||
| 143 | AES, Blowfish, 3DES, CAST128, Arcfour, 192-bit AES, or 256-bit AES. The | ||
| 144 | client selects the encryption algorithm to use from those offered by the | ||
| 145 | server. Additionally, session integrity is provided through a crypto- | ||
| 146 | graphic message authentication code (hmac-sha1 or hmac-md5). | ||
| 147 | |||
| 148 | Finally, the server and the client enter an authentication dialog. The | ||
| 149 | client tries to authenticate itself using host-based authentication, pub- | ||
| 150 | lic key authentication, challenge-response authentication, or password | ||
| 151 | authentication. | ||
| 152 | |||
| 153 | Regardless of the authentication type, the account is checked to ensure | ||
| 154 | that it is accessible. An account is not accessible if it is locked, | ||
| 155 | listed in DenyUsers or its group is listed in DenyGroups . The defini- | ||
| 156 | tion of a locked account is system dependant. Some platforms have their | ||
| 157 | own account database (eg AIX) and some modify the passwd field ( `*LK*' | ||
| 158 | on Solaris and UnixWare, `*' on HP-UX, containing `Nologin' on Tru64, a | ||
| 159 | leading `*LOCKED*' on FreeBSD and a leading `!!' on Linux). If there is | ||
| 160 | a requirement to disable password authentication for the account while | ||
| 161 | allowing still public-key, then the passwd field should be set to some- | ||
| 162 | thing other than these values (eg `NP' or `*NP*' ). | ||
| 163 | |||
| 164 | System security is not improved unless rshd, rlogind, and rexecd are dis- | ||
| 165 | abled (thus completely disabling rlogin and rsh into the machine). | ||
| 166 | |||
| 167 | COMMAND EXECUTION AND DATA FORWARDING | ||
| 168 | If the client successfully authenticates itself, a dialog for preparing | ||
| 169 | the session is entered. At this time the client may request things like | ||
| 170 | allocating a pseudo-tty, forwarding X11 connections, forwarding TCP con- | ||
| 171 | nections, or forwarding the authentication agent connection over the se- | ||
| 172 | cure channel. | ||
| 173 | |||
| 174 | Finally, the client either requests a shell or execution of a command. | ||
| 175 | The sides then enter session mode. In this mode, either side may send | ||
| 176 | data at any time, and such data is forwarded to/from the shell or command | ||
| 177 | on the server side, and the user terminal in the client side. | ||
| 178 | |||
| 179 | When the user program terminates and all forwarded X11 and other connec- | ||
| 180 | tions have been closed, the server sends command exit status to the | ||
| 181 | client, and both sides exit. | ||
| 197 | 182 | ||
| 198 | LOGIN PROCESS | 183 | LOGIN PROCESS |
| 199 | When a user successfully logs in, sshd does the following: | 184 | When a user successfully logs in, sshd does the following: |
| @@ -280,9 +265,9 @@ AUTHORIZED_KEYS FILE FORMAT | |||
| 280 | backslash. This option might be useful to restrict certain pub- | 265 | backslash. This option might be useful to restrict certain pub- |
| 281 | lic keys to perform just a specific operation. An example might | 266 | lic keys to perform just a specific operation. An example might |
| 282 | be a key that permits remote backups but nothing else. Note that | 267 | be a key that permits remote backups but nothing else. Note that |
| 283 | the client may specify TCP/IP and/or X11 forwarding unless they | 268 | the client may specify TCP and/or X11 forwarding unless they are |
| 284 | are explicitly prohibited. Note that this option applies to | 269 | explicitly prohibited. Note that this option applies to shell, |
| 285 | shell, command or subsystem execution. | 270 | command or subsystem execution. |
| 286 | 271 | ||
| 287 | environment="NAME=value" | 272 | environment="NAME=value" |
| 288 | Specifies that the string is to be added to the environment when | 273 | Specifies that the string is to be added to the environment when |
| @@ -293,10 +278,9 @@ AUTHORIZED_KEYS FILE FORMAT | |||
| 293 | This option is automatically disabled if UseLogin is enabled. | 278 | This option is automatically disabled if UseLogin is enabled. |
| 294 | 279 | ||
| 295 | no-port-forwarding | 280 | no-port-forwarding |
| 296 | Forbids TCP/IP forwarding when this key is used for authentica- | 281 | Forbids TCP forwarding when this key is used for authentication. |
| 297 | tion. Any port forward requests by the client will return an er- | 282 | Any port forward requests by the client will return an error. |
| 298 | ror. This might be used, e.g., in connection with the command | 283 | This might be used, e.g., in connection with the command option. |
| 299 | option. | ||
| 300 | 284 | ||
| 301 | no-X11-forwarding | 285 | no-X11-forwarding |
| 302 | Forbids X11 forwarding when this key is used for authentication. | 286 | Forbids X11 forwarding when this key is used for authentication. |
| @@ -316,6 +300,11 @@ AUTHORIZED_KEYS FILE FORMAT | |||
| 316 | is performed on the specified hostnames, they must be literal do- | 300 | is performed on the specified hostnames, they must be literal do- |
| 317 | mains or addresses. | 301 | mains or addresses. |
| 318 | 302 | ||
| 303 | tunnel="n" | ||
| 304 | Force a tun(4) device on the server. Without this option, the | ||
| 305 | next available device will be used if the client requests a tun- | ||
| 306 | nel. | ||
| 307 | |||
| 319 | Examples | 308 | Examples |
| 320 | 1024 33 12121...312314325 ylo@foo.bar | 309 | 1024 33 12121...312314325 ylo@foo.bar |
| 321 | 310 | ||
| @@ -326,6 +315,9 @@ AUTHORIZED_KEYS FILE FORMAT | |||
| 326 | 315 | ||
| 327 | permitopen="10.2.1.55:80",permitopen="10.2.1.56:25" 1024 33 23...2323 | 316 | permitopen="10.2.1.55:80",permitopen="10.2.1.56:25" 1024 33 23...2323 |
| 328 | 317 | ||
| 318 | tunnel="0",command="sh /etc/netstart tun0" ssh-rsa AAAA...== reyk@openb- | ||
| 319 | sd.org | ||
| 320 | |||
| 329 | SSH_KNOWN_HOSTS FILE FORMAT | 321 | SSH_KNOWN_HOSTS FILE FORMAT |
| 330 | The /etc/ssh/ssh_known_hosts and ~/.ssh/known_hosts files contain host | 322 | The /etc/ssh/ssh_known_hosts and ~/.ssh/known_hosts files contain host |
| 331 | public keys for all known hosts. The global file should be prepared by | 323 | public keys for all known hosts. The global file should be prepared by |
| @@ -571,4 +563,4 @@ AUTHORS | |||
| 571 | versions 1.5 and 2.0. Niels Provos and Markus Friedl contributed support | 563 | versions 1.5 and 2.0. Niels Provos and Markus Friedl contributed support |
| 572 | for privilege separation. | 564 | for privilege separation. |
| 573 | 565 | ||
| 574 | OpenBSD 3.8 September 25, 1999 9 | 566 | OpenBSD 3.9 September 25, 1999 9 |