diff options
Diffstat (limited to 'sshd.8')
-rw-r--r-- | sshd.8 | 125 |
1 files changed, 34 insertions, 91 deletions
@@ -33,8 +33,8 @@ | |||
33 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 33 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
34 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 34 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
35 | .\" | 35 | .\" |
36 | .\" $OpenBSD: sshd.8,v 1.284 2016/02/17 07:38:19 jmc Exp $ | 36 | .\" $OpenBSD: sshd.8,v 1.287 2016/11/30 02:57:40 djm Exp $ |
37 | .Dd $Mdocdate: February 17 2016 $ | 37 | .Dd $Mdocdate: November 30 2016 $ |
38 | .Dt SSHD 8 | 38 | .Dt SSHD 8 |
39 | .Os | 39 | .Os |
40 | .Sh NAME | 40 | .Sh NAME |
@@ -44,14 +44,12 @@ | |||
44 | .Nm sshd | 44 | .Nm sshd |
45 | .Bk -words | 45 | .Bk -words |
46 | .Op Fl 46DdeiqTt | 46 | .Op Fl 46DdeiqTt |
47 | .Op Fl b Ar bits | ||
48 | .Op Fl C Ar connection_spec | 47 | .Op Fl C Ar connection_spec |
49 | .Op Fl c Ar host_certificate_file | 48 | .Op Fl c Ar host_certificate_file |
50 | .Op Fl E Ar log_file | 49 | .Op Fl E Ar log_file |
51 | .Op Fl f Ar config_file | 50 | .Op Fl f Ar config_file |
52 | .Op Fl g Ar login_grace_time | 51 | .Op Fl g Ar login_grace_time |
53 | .Op Fl h Ar host_key_file | 52 | .Op Fl h Ar host_key_file |
54 | .Op Fl k Ar key_gen_time | ||
55 | .Op Fl o Ar option | 53 | .Op Fl o Ar option |
56 | .Op Fl p Ar port | 54 | .Op Fl p Ar port |
57 | .Op Fl u Ar len | 55 | .Op Fl u Ar len |
@@ -99,9 +97,6 @@ to use IPv4 addresses only. | |||
99 | Forces | 97 | Forces |
100 | .Nm | 98 | .Nm |
101 | to use IPv6 addresses only. | 99 | to use IPv6 addresses only. |
102 | .It Fl b Ar bits | ||
103 | Specifies the number of bits in the ephemeral protocol version 1 | ||
104 | server key (default 1024). | ||
105 | .It Fl C Ar connection_spec | 100 | .It Fl C Ar connection_spec |
106 | Specify the connection parameters to use for the | 101 | Specify the connection parameters to use for the |
107 | .Fl T | 102 | .Fl T |
@@ -172,36 +167,18 @@ This option must be given if | |||
172 | is not run as root (as the normal | 167 | is not run as root (as the normal |
173 | host key files are normally not readable by anyone but root). | 168 | host key files are normally not readable by anyone but root). |
174 | The default is | 169 | The default is |
175 | .Pa /etc/ssh/ssh_host_key | ||
176 | for protocol version 1, and | ||
177 | .Pa /etc/ssh/ssh_host_dsa_key , | 170 | .Pa /etc/ssh/ssh_host_dsa_key , |
178 | .Pa /etc/ssh/ssh_host_ecdsa_key . | 171 | .Pa /etc/ssh/ssh_host_ecdsa_key , |
179 | .Pa /etc/ssh/ssh_host_ed25519_key | 172 | .Pa /etc/ssh/ssh_host_ed25519_key |
180 | and | 173 | and |
181 | .Pa /etc/ssh/ssh_host_rsa_key | 174 | .Pa /etc/ssh/ssh_host_rsa_key . |
182 | for protocol version 2. | ||
183 | It is possible to have multiple host key files for | 175 | It is possible to have multiple host key files for |
184 | the different protocol versions and host key algorithms. | 176 | the different host key algorithms. |
185 | .It Fl i | 177 | .It Fl i |
186 | Specifies that | 178 | Specifies that |
187 | .Nm | 179 | .Nm |
188 | is being run from | 180 | is being run from |
189 | .Xr inetd 8 . | 181 | .Xr inetd 8 . |
190 | If SSH protocol 1 is enabled, | ||
191 | .Nm | ||
192 | should not normally be run | ||
193 | from inetd because it needs to generate the server key before it can | ||
194 | respond to the client, and this may take some time. | ||
195 | Clients may have to wait too long if the key was regenerated every time. | ||
196 | .It Fl k Ar key_gen_time | ||
197 | Specifies how often the ephemeral protocol version 1 server key is | ||
198 | regenerated (default 3600 seconds, or one hour). | ||
199 | The motivation for regenerating the key fairly | ||
200 | often is that the key is not stored anywhere, and after about an hour | ||
201 | it becomes impossible to recover the key for decrypting intercepted | ||
202 | communications even if the machine is cracked into or physically | ||
203 | seized. | ||
204 | A value of zero indicates that the key will never be regenerated. | ||
205 | .It Fl o Ar option | 182 | .It Fl o Ar option |
206 | Can be used to give options in the format used in the configuration file. | 183 | Can be used to give options in the format used in the configuration file. |
207 | This is useful for specifying options for which there is no separate | 184 | This is useful for specifying options for which there is no separate |
@@ -260,8 +237,7 @@ may also be used to prevent | |||
260 | from making DNS requests unless the authentication | 237 | from making DNS requests unless the authentication |
261 | mechanism or configuration requires it. | 238 | mechanism or configuration requires it. |
262 | Authentication mechanisms that may require DNS include | 239 | Authentication mechanisms that may require DNS include |
263 | .Cm RhostsRSAAuthentication , | 240 | .Cm HostbasedAuthentication |
264 | .Cm HostbasedAuthentication , | ||
265 | and using a | 241 | and using a |
266 | .Cm from="pattern-list" | 242 | .Cm from="pattern-list" |
267 | option in a key file. | 243 | option in a key file. |
@@ -272,42 +248,14 @@ or | |||
272 | .Cm DenyUsers . | 248 | .Cm DenyUsers . |
273 | .El | 249 | .El |
274 | .Sh AUTHENTICATION | 250 | .Sh AUTHENTICATION |
275 | The OpenSSH SSH daemon supports SSH protocols 1 and 2. | 251 | The OpenSSH SSH daemon supports SSH protocol 2 only. |
276 | The default is to use protocol 2 only, | ||
277 | though this can be changed via the | ||
278 | .Cm Protocol | ||
279 | option in | ||
280 | .Xr sshd_config 5 . | ||
281 | Protocol 1 should not be used | ||
282 | and is only offered to support legacy devices. | ||
283 | .Pp | ||
284 | Each host has a host-specific key, | 252 | Each host has a host-specific key, |
285 | used to identify the host. | 253 | used to identify the host. |
286 | Partial forward security for protocol 1 is provided through | ||
287 | an additional server key, | ||
288 | normally 1024 bits, | ||
289 | generated when the server starts. | ||
290 | This key is normally regenerated every hour if it has been used, and | ||
291 | is never stored on disk. | ||
292 | Whenever a client connects, the daemon responds with its public | 254 | Whenever a client connects, the daemon responds with its public |
293 | host and server keys. | 255 | host key. |
294 | The client compares the | 256 | The client compares the |
295 | RSA host key against its own database to verify that it has not changed. | 257 | host key against its own database to verify that it has not changed. |
296 | The client then generates a 256-bit random number. | 258 | Forward security is provided through a Diffie-Hellman key agreement. |
297 | It encrypts this | ||
298 | random number using both the host key and the server key, and sends | ||
299 | the encrypted number to the server. | ||
300 | Both sides then use this | ||
301 | random number as a session key which is used to encrypt all further | ||
302 | communications in the session. | ||
303 | The rest of the session is encrypted | ||
304 | using a conventional cipher, currently Blowfish or 3DES, with 3DES | ||
305 | being used by default. | ||
306 | The client selects the encryption algorithm | ||
307 | to use from those offered by the server. | ||
308 | .Pp | ||
309 | For protocol 2, | ||
310 | forward security is provided through a Diffie-Hellman key agreement. | ||
311 | This key agreement results in a shared session key. | 259 | This key agreement results in a shared session key. |
312 | The rest of the session is encrypted using a symmetric cipher, currently | 260 | The rest of the session is encrypted using a symmetric cipher, currently |
313 | 128-bit AES, Blowfish, 3DES, CAST128, Arcfour, 192-bit AES, or 256-bit AES. | 261 | 128-bit AES, Blowfish, 3DES, CAST128, Arcfour, 192-bit AES, or 256-bit AES. |
@@ -480,32 +428,25 @@ key (empty lines and lines starting with a | |||
480 | .Ql # | 428 | .Ql # |
481 | are ignored as | 429 | are ignored as |
482 | comments). | 430 | comments). |
483 | Protocol 1 public keys consist of the following space-separated fields: | 431 | Public keys consist of the following space-separated fields: |
484 | options, bits, exponent, modulus, comment. | ||
485 | Protocol 2 public key consist of: | ||
486 | options, keytype, base64-encoded key, comment. | 432 | options, keytype, base64-encoded key, comment. |
487 | The options field is optional; | 433 | The options field is optional. |
488 | its presence is determined by whether the line starts | 434 | The keytype is |
489 | with a number or not (the options field never starts with a number). | ||
490 | The bits, exponent, modulus, and comment fields give the RSA key for | ||
491 | protocol version 1; the | ||
492 | comment field is not used for anything (but may be convenient for the | ||
493 | user to identify the key). | ||
494 | For protocol version 2 the keytype is | ||
495 | .Dq ecdsa-sha2-nistp256 , | 435 | .Dq ecdsa-sha2-nistp256 , |
496 | .Dq ecdsa-sha2-nistp384 , | 436 | .Dq ecdsa-sha2-nistp384 , |
497 | .Dq ecdsa-sha2-nistp521 , | 437 | .Dq ecdsa-sha2-nistp521 , |
498 | .Dq ssh-ed25519 , | 438 | .Dq ssh-ed25519 , |
499 | .Dq ssh-dss | 439 | .Dq ssh-dss |
500 | or | 440 | or |
501 | .Dq ssh-rsa . | 441 | .Dq ssh-rsa ; |
442 | the comment field is not used for anything (but may be convenient for the | ||
443 | user to identify the key). | ||
502 | .Pp | 444 | .Pp |
503 | Note that lines in this file are usually several hundred bytes long | 445 | Note that lines in this file can be several hundred bytes long |
504 | (because of the size of the public key encoding) up to a limit of | 446 | (because of the size of the public key encoding) up to a limit of |
505 | 8 kilobytes, which permits DSA keys up to 8 kilobits and RSA | 447 | 8 kilobytes, which permits DSA keys up to 8 kilobits and RSA |
506 | keys up to 16 kilobits. | 448 | keys up to 16 kilobits. |
507 | You don't want to type them in; instead, copy the | 449 | You don't want to type them in; instead, copy the |
508 | .Pa identity.pub , | ||
509 | .Pa id_dsa.pub , | 450 | .Pa id_dsa.pub , |
510 | .Pa id_ecdsa.pub , | 451 | .Pa id_ecdsa.pub , |
511 | .Pa id_ed25519.pub , | 452 | .Pa id_ed25519.pub , |
@@ -514,8 +455,7 @@ or the | |||
514 | file and edit it. | 455 | file and edit it. |
515 | .Pp | 456 | .Pp |
516 | .Nm | 457 | .Nm |
517 | enforces a minimum RSA key modulus size for protocol 1 | 458 | enforces a minimum RSA key modulus size of 768 bits. |
518 | and protocol 2 keys of 768 bits. | ||
519 | .Pp | 459 | .Pp |
520 | The options (if present) consist of comma-separated option | 460 | The options (if present) consist of comma-separated option |
521 | specifications. | 461 | specifications. |
@@ -544,19 +484,27 @@ If an 8-bit clean channel is required, | |||
544 | one must not request a pty or should specify | 484 | one must not request a pty or should specify |
545 | .Cm no-pty . | 485 | .Cm no-pty . |
546 | A quote may be included in the command by quoting it with a backslash. | 486 | A quote may be included in the command by quoting it with a backslash. |
487 | .Pp | ||
547 | This option might be useful | 488 | This option might be useful |
548 | to restrict certain public keys to perform just a specific operation. | 489 | to restrict certain public keys to perform just a specific operation. |
549 | An example might be a key that permits remote backups but nothing else. | 490 | An example might be a key that permits remote backups but nothing else. |
550 | Note that the client may specify TCP and/or X11 | 491 | Note that the client may specify TCP and/or X11 |
551 | forwarding unless they are explicitly prohibited. | 492 | forwarding unless they are explicitly prohibited, e.g. using the |
493 | .Cm restrict | ||
494 | key option. | ||
495 | .Pp | ||
552 | The command originally supplied by the client is available in the | 496 | The command originally supplied by the client is available in the |
553 | .Ev SSH_ORIGINAL_COMMAND | 497 | .Ev SSH_ORIGINAL_COMMAND |
554 | environment variable. | 498 | environment variable. |
555 | Note that this option applies to shell, command or subsystem execution. | 499 | Note that this option applies to shell, command or subsystem execution. |
556 | Also note that this command may be superseded by either a | 500 | Also note that this command may be superseded by a |
557 | .Xr sshd_config 5 | 501 | .Xr sshd_config 5 |
558 | .Cm ForceCommand | 502 | .Cm ForceCommand |
559 | directive or a command embedded in a certificate. | 503 | directive. |
504 | .Pp | ||
505 | If a command is specified and a forced-command is embedded in a certificate | ||
506 | used for authentication, then the certificate will be accepted only if the | ||
507 | two commands are identical. | ||
560 | .It Cm environment="NAME=value" | 508 | .It Cm environment="NAME=value" |
561 | Specifies that the string is to be added to the environment when | 509 | Specifies that the string is to be added to the environment when |
562 | logging in using this key. | 510 | logging in using this key. |
@@ -567,9 +515,6 @@ Environment processing is disabled by default and is | |||
567 | controlled via the | 515 | controlled via the |
568 | .Cm PermitUserEnvironment | 516 | .Cm PermitUserEnvironment |
569 | option. | 517 | option. |
570 | This option is automatically disabled if | ||
571 | .Cm UseLogin | ||
572 | is enabled. | ||
573 | .It Cm from="pattern-list" | 518 | .It Cm from="pattern-list" |
574 | Specifies that in addition to public key authentication, either the canonical | 519 | Specifies that in addition to public key authentication, either the canonical |
575 | name of the remote host or its IP address must be present in the | 520 | name of the remote host or its IP address must be present in the |
@@ -693,7 +638,7 @@ maintained automatically: whenever the user connects from an unknown host, | |||
693 | its key is added to the per-user file. | 638 | its key is added to the per-user file. |
694 | .Pp | 639 | .Pp |
695 | Each line in these files contains the following fields: markers (optional), | 640 | Each line in these files contains the following fields: markers (optional), |
696 | hostnames, bits, exponent, modulus, comment. | 641 | hostnames, keytype, base64-encoded key, comment. |
697 | The fields are separated by spaces. | 642 | The fields are separated by spaces. |
698 | .Pp | 643 | .Pp |
699 | The marker is optional, but if it is present then it must be one of | 644 | The marker is optional, but if it is present then it must be one of |
@@ -734,9 +679,9 @@ character. | |||
734 | Only one hashed hostname may appear on a single line and none of the above | 679 | Only one hashed hostname may appear on a single line and none of the above |
735 | negation or wildcard operators may be applied. | 680 | negation or wildcard operators may be applied. |
736 | .Pp | 681 | .Pp |
737 | Bits, exponent, and modulus are taken directly from the RSA host key; they | 682 | The keytype and base64-encoded key are taken directly from the host key; they |
738 | can be obtained, for example, from | 683 | can be obtained, for example, from |
739 | .Pa /etc/ssh/ssh_host_key.pub . | 684 | .Pa /etc/ssh/ssh_host_rsa_key.pub . |
740 | The optional comment field continues to the end of the line, and is not used. | 685 | The optional comment field continues to the end of the line, and is not used. |
741 | .Pp | 686 | .Pp |
742 | Lines starting with | 687 | Lines starting with |
@@ -775,8 +720,8 @@ Note that the lines in these files are typically hundreds of characters | |||
775 | long, and you definitely don't want to type in the host keys by hand. | 720 | long, and you definitely don't want to type in the host keys by hand. |
776 | Rather, generate them by a script, | 721 | Rather, generate them by a script, |
777 | .Xr ssh-keyscan 1 | 722 | .Xr ssh-keyscan 1 |
778 | or by taking | 723 | or by taking, for example, |
779 | .Pa /etc/ssh/ssh_host_key.pub | 724 | .Pa /etc/ssh/ssh_host_rsa_key.pub |
780 | and adding the host names at the front. | 725 | and adding the host names at the front. |
781 | .Xr ssh-keygen 1 | 726 | .Xr ssh-keygen 1 |
782 | also offers some basic automated editing for | 727 | also offers some basic automated editing for |
@@ -921,7 +866,6 @@ This file is used in exactly the same way as | |||
921 | but allows host-based authentication without permitting login with | 866 | but allows host-based authentication without permitting login with |
922 | rlogin/rsh. | 867 | rlogin/rsh. |
923 | .Pp | 868 | .Pp |
924 | .It Pa /etc/ssh/ssh_host_key | ||
925 | .It Pa /etc/ssh/ssh_host_dsa_key | 869 | .It Pa /etc/ssh/ssh_host_dsa_key |
926 | .It Pa /etc/ssh/ssh_host_ecdsa_key | 870 | .It Pa /etc/ssh/ssh_host_ecdsa_key |
927 | .It Pa /etc/ssh/ssh_host_ed25519_key | 871 | .It Pa /etc/ssh/ssh_host_ed25519_key |
@@ -933,7 +877,6 @@ Note that | |||
933 | .Nm | 877 | .Nm |
934 | does not start if these files are group/world-accessible. | 878 | does not start if these files are group/world-accessible. |
935 | .Pp | 879 | .Pp |
936 | .It Pa /etc/ssh/ssh_host_key.pub | ||
937 | .It Pa /etc/ssh/ssh_host_dsa_key.pub | 880 | .It Pa /etc/ssh/ssh_host_dsa_key.pub |
938 | .It Pa /etc/ssh/ssh_host_ecdsa_key.pub | 881 | .It Pa /etc/ssh/ssh_host_ecdsa_key.pub |
939 | .It Pa /etc/ssh/ssh_host_ed25519_key.pub | 882 | .It Pa /etc/ssh/ssh_host_ed25519_key.pub |