diff options
Diffstat (limited to 'sshd.8')
-rw-r--r-- | sshd.8 | 108 |
1 files changed, 23 insertions, 85 deletions
@@ -33,8 +33,8 @@ | |||
33 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 33 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
34 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 34 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
35 | .\" | 35 | .\" |
36 | .\" $OpenBSD: sshd.8,v 1.284 2016/02/17 07:38:19 jmc Exp $ | 36 | .\" $OpenBSD: sshd.8,v 1.285 2016/08/15 12:32:04 naddy Exp $ |
37 | .Dd $Mdocdate: February 17 2016 $ | 37 | .Dd $Mdocdate: August 15 2016 $ |
38 | .Dt SSHD 8 | 38 | .Dt SSHD 8 |
39 | .Os | 39 | .Os |
40 | .Sh NAME | 40 | .Sh NAME |
@@ -44,14 +44,12 @@ | |||
44 | .Nm sshd | 44 | .Nm sshd |
45 | .Bk -words | 45 | .Bk -words |
46 | .Op Fl 46DdeiqTt | 46 | .Op Fl 46DdeiqTt |
47 | .Op Fl b Ar bits | ||
48 | .Op Fl C Ar connection_spec | 47 | .Op Fl C Ar connection_spec |
49 | .Op Fl c Ar host_certificate_file | 48 | .Op Fl c Ar host_certificate_file |
50 | .Op Fl E Ar log_file | 49 | .Op Fl E Ar log_file |
51 | .Op Fl f Ar config_file | 50 | .Op Fl f Ar config_file |
52 | .Op Fl g Ar login_grace_time | 51 | .Op Fl g Ar login_grace_time |
53 | .Op Fl h Ar host_key_file | 52 | .Op Fl h Ar host_key_file |
54 | .Op Fl k Ar key_gen_time | ||
55 | .Op Fl o Ar option | 53 | .Op Fl o Ar option |
56 | .Op Fl p Ar port | 54 | .Op Fl p Ar port |
57 | .Op Fl u Ar len | 55 | .Op Fl u Ar len |
@@ -96,9 +94,6 @@ to use IPv4 addresses only. | |||
96 | Forces | 94 | Forces |
97 | .Nm | 95 | .Nm |
98 | to use IPv6 addresses only. | 96 | to use IPv6 addresses only. |
99 | .It Fl b Ar bits | ||
100 | Specifies the number of bits in the ephemeral protocol version 1 | ||
101 | server key (default 1024). | ||
102 | .It Fl C Ar connection_spec | 97 | .It Fl C Ar connection_spec |
103 | Specify the connection parameters to use for the | 98 | Specify the connection parameters to use for the |
104 | .Fl T | 99 | .Fl T |
@@ -169,36 +164,18 @@ This option must be given if | |||
169 | is not run as root (as the normal | 164 | is not run as root (as the normal |
170 | host key files are normally not readable by anyone but root). | 165 | host key files are normally not readable by anyone but root). |
171 | The default is | 166 | The default is |
172 | .Pa /etc/ssh/ssh_host_key | ||
173 | for protocol version 1, and | ||
174 | .Pa /etc/ssh/ssh_host_dsa_key , | 167 | .Pa /etc/ssh/ssh_host_dsa_key , |
175 | .Pa /etc/ssh/ssh_host_ecdsa_key . | 168 | .Pa /etc/ssh/ssh_host_ecdsa_key , |
176 | .Pa /etc/ssh/ssh_host_ed25519_key | 169 | .Pa /etc/ssh/ssh_host_ed25519_key |
177 | and | 170 | and |
178 | .Pa /etc/ssh/ssh_host_rsa_key | 171 | .Pa /etc/ssh/ssh_host_rsa_key . |
179 | for protocol version 2. | ||
180 | It is possible to have multiple host key files for | 172 | It is possible to have multiple host key files for |
181 | the different protocol versions and host key algorithms. | 173 | the different host key algorithms. |
182 | .It Fl i | 174 | .It Fl i |
183 | Specifies that | 175 | Specifies that |
184 | .Nm | 176 | .Nm |
185 | is being run from | 177 | is being run from |
186 | .Xr inetd 8 . | 178 | .Xr inetd 8 . |
187 | If SSH protocol 1 is enabled, | ||
188 | .Nm | ||
189 | should not normally be run | ||
190 | from inetd because it needs to generate the server key before it can | ||
191 | respond to the client, and this may take some time. | ||
192 | Clients may have to wait too long if the key was regenerated every time. | ||
193 | .It Fl k Ar key_gen_time | ||
194 | Specifies how often the ephemeral protocol version 1 server key is | ||
195 | regenerated (default 3600 seconds, or one hour). | ||
196 | The motivation for regenerating the key fairly | ||
197 | often is that the key is not stored anywhere, and after about an hour | ||
198 | it becomes impossible to recover the key for decrypting intercepted | ||
199 | communications even if the machine is cracked into or physically | ||
200 | seized. | ||
201 | A value of zero indicates that the key will never be regenerated. | ||
202 | .It Fl o Ar option | 179 | .It Fl o Ar option |
203 | Can be used to give options in the format used in the configuration file. | 180 | Can be used to give options in the format used in the configuration file. |
204 | This is useful for specifying options for which there is no separate | 181 | This is useful for specifying options for which there is no separate |
@@ -257,8 +234,7 @@ may also be used to prevent | |||
257 | from making DNS requests unless the authentication | 234 | from making DNS requests unless the authentication |
258 | mechanism or configuration requires it. | 235 | mechanism or configuration requires it. |
259 | Authentication mechanisms that may require DNS include | 236 | Authentication mechanisms that may require DNS include |
260 | .Cm RhostsRSAAuthentication , | 237 | .Cm HostbasedAuthentication |
261 | .Cm HostbasedAuthentication , | ||
262 | and using a | 238 | and using a |
263 | .Cm from="pattern-list" | 239 | .Cm from="pattern-list" |
264 | option in a key file. | 240 | option in a key file. |
@@ -269,42 +245,14 @@ or | |||
269 | .Cm DenyUsers . | 245 | .Cm DenyUsers . |
270 | .El | 246 | .El |
271 | .Sh AUTHENTICATION | 247 | .Sh AUTHENTICATION |
272 | The OpenSSH SSH daemon supports SSH protocols 1 and 2. | 248 | The OpenSSH SSH daemon supports SSH protocol 2 only. |
273 | The default is to use protocol 2 only, | ||
274 | though this can be changed via the | ||
275 | .Cm Protocol | ||
276 | option in | ||
277 | .Xr sshd_config 5 . | ||
278 | Protocol 1 should not be used | ||
279 | and is only offered to support legacy devices. | ||
280 | .Pp | ||
281 | Each host has a host-specific key, | 249 | Each host has a host-specific key, |
282 | used to identify the host. | 250 | used to identify the host. |
283 | Partial forward security for protocol 1 is provided through | ||
284 | an additional server key, | ||
285 | normally 1024 bits, | ||
286 | generated when the server starts. | ||
287 | This key is normally regenerated every hour if it has been used, and | ||
288 | is never stored on disk. | ||
289 | Whenever a client connects, the daemon responds with its public | 251 | Whenever a client connects, the daemon responds with its public |
290 | host and server keys. | 252 | host key. |
291 | The client compares the | 253 | The client compares the |
292 | RSA host key against its own database to verify that it has not changed. | 254 | host key against its own database to verify that it has not changed. |
293 | The client then generates a 256-bit random number. | 255 | Forward security is provided through a Diffie-Hellman key agreement. |
294 | It encrypts this | ||
295 | random number using both the host key and the server key, and sends | ||
296 | the encrypted number to the server. | ||
297 | Both sides then use this | ||
298 | random number as a session key which is used to encrypt all further | ||
299 | communications in the session. | ||
300 | The rest of the session is encrypted | ||
301 | using a conventional cipher, currently Blowfish or 3DES, with 3DES | ||
302 | being used by default. | ||
303 | The client selects the encryption algorithm | ||
304 | to use from those offered by the server. | ||
305 | .Pp | ||
306 | For protocol 2, | ||
307 | forward security is provided through a Diffie-Hellman key agreement. | ||
308 | This key agreement results in a shared session key. | 256 | This key agreement results in a shared session key. |
309 | The rest of the session is encrypted using a symmetric cipher, currently | 257 | The rest of the session is encrypted using a symmetric cipher, currently |
310 | 128-bit AES, Blowfish, 3DES, CAST128, Arcfour, 192-bit AES, or 256-bit AES. | 258 | 128-bit AES, Blowfish, 3DES, CAST128, Arcfour, 192-bit AES, or 256-bit AES. |
@@ -477,32 +425,25 @@ key (empty lines and lines starting with a | |||
477 | .Ql # | 425 | .Ql # |
478 | are ignored as | 426 | are ignored as |
479 | comments). | 427 | comments). |
480 | Protocol 1 public keys consist of the following space-separated fields: | 428 | Public keys consist of the following space-separated fields: |
481 | options, bits, exponent, modulus, comment. | ||
482 | Protocol 2 public key consist of: | ||
483 | options, keytype, base64-encoded key, comment. | 429 | options, keytype, base64-encoded key, comment. |
484 | The options field is optional; | 430 | The options field is optional. |
485 | its presence is determined by whether the line starts | 431 | The keytype is |
486 | with a number or not (the options field never starts with a number). | ||
487 | The bits, exponent, modulus, and comment fields give the RSA key for | ||
488 | protocol version 1; the | ||
489 | comment field is not used for anything (but may be convenient for the | ||
490 | user to identify the key). | ||
491 | For protocol version 2 the keytype is | ||
492 | .Dq ecdsa-sha2-nistp256 , | 432 | .Dq ecdsa-sha2-nistp256 , |
493 | .Dq ecdsa-sha2-nistp384 , | 433 | .Dq ecdsa-sha2-nistp384 , |
494 | .Dq ecdsa-sha2-nistp521 , | 434 | .Dq ecdsa-sha2-nistp521 , |
495 | .Dq ssh-ed25519 , | 435 | .Dq ssh-ed25519 , |
496 | .Dq ssh-dss | 436 | .Dq ssh-dss |
497 | or | 437 | or |
498 | .Dq ssh-rsa . | 438 | .Dq ssh-rsa ; |
439 | the comment field is not used for anything (but may be convenient for the | ||
440 | user to identify the key). | ||
499 | .Pp | 441 | .Pp |
500 | Note that lines in this file are usually several hundred bytes long | 442 | Note that lines in this file can be several hundred bytes long |
501 | (because of the size of the public key encoding) up to a limit of | 443 | (because of the size of the public key encoding) up to a limit of |
502 | 8 kilobytes, which permits DSA keys up to 8 kilobits and RSA | 444 | 8 kilobytes, which permits DSA keys up to 8 kilobits and RSA |
503 | keys up to 16 kilobits. | 445 | keys up to 16 kilobits. |
504 | You don't want to type them in; instead, copy the | 446 | You don't want to type them in; instead, copy the |
505 | .Pa identity.pub , | ||
506 | .Pa id_dsa.pub , | 447 | .Pa id_dsa.pub , |
507 | .Pa id_ecdsa.pub , | 448 | .Pa id_ecdsa.pub , |
508 | .Pa id_ed25519.pub , | 449 | .Pa id_ed25519.pub , |
@@ -511,8 +452,7 @@ or the | |||
511 | file and edit it. | 452 | file and edit it. |
512 | .Pp | 453 | .Pp |
513 | .Nm | 454 | .Nm |
514 | enforces a minimum RSA key modulus size for protocol 1 | 455 | enforces a minimum RSA key modulus size of 768 bits. |
515 | and protocol 2 keys of 768 bits. | ||
516 | .Pp | 456 | .Pp |
517 | The options (if present) consist of comma-separated option | 457 | The options (if present) consist of comma-separated option |
518 | specifications. | 458 | specifications. |
@@ -690,7 +630,7 @@ maintained automatically: whenever the user connects from an unknown host, | |||
690 | its key is added to the per-user file. | 630 | its key is added to the per-user file. |
691 | .Pp | 631 | .Pp |
692 | Each line in these files contains the following fields: markers (optional), | 632 | Each line in these files contains the following fields: markers (optional), |
693 | hostnames, bits, exponent, modulus, comment. | 633 | hostnames, keytype, base64-encoded key, comment. |
694 | The fields are separated by spaces. | 634 | The fields are separated by spaces. |
695 | .Pp | 635 | .Pp |
696 | The marker is optional, but if it is present then it must be one of | 636 | The marker is optional, but if it is present then it must be one of |
@@ -731,9 +671,9 @@ character. | |||
731 | Only one hashed hostname may appear on a single line and none of the above | 671 | Only one hashed hostname may appear on a single line and none of the above |
732 | negation or wildcard operators may be applied. | 672 | negation or wildcard operators may be applied. |
733 | .Pp | 673 | .Pp |
734 | Bits, exponent, and modulus are taken directly from the RSA host key; they | 674 | The keytype and base64-encoded key are taken directly from the host key; they |
735 | can be obtained, for example, from | 675 | can be obtained, for example, from |
736 | .Pa /etc/ssh/ssh_host_key.pub . | 676 | .Pa /etc/ssh/ssh_host_rsa_key.pub . |
737 | The optional comment field continues to the end of the line, and is not used. | 677 | The optional comment field continues to the end of the line, and is not used. |
738 | .Pp | 678 | .Pp |
739 | Lines starting with | 679 | Lines starting with |
@@ -772,8 +712,8 @@ Note that the lines in these files are typically hundreds of characters | |||
772 | long, and you definitely don't want to type in the host keys by hand. | 712 | long, and you definitely don't want to type in the host keys by hand. |
773 | Rather, generate them by a script, | 713 | Rather, generate them by a script, |
774 | .Xr ssh-keyscan 1 | 714 | .Xr ssh-keyscan 1 |
775 | or by taking | 715 | or by taking, for example, |
776 | .Pa /etc/ssh/ssh_host_key.pub | 716 | .Pa /etc/ssh/ssh_host_rsa_key.pub |
777 | and adding the host names at the front. | 717 | and adding the host names at the front. |
778 | .Xr ssh-keygen 1 | 718 | .Xr ssh-keygen 1 |
779 | also offers some basic automated editing for | 719 | also offers some basic automated editing for |
@@ -912,7 +852,6 @@ This file is used in exactly the same way as | |||
912 | but allows host-based authentication without permitting login with | 852 | but allows host-based authentication without permitting login with |
913 | rlogin/rsh. | 853 | rlogin/rsh. |
914 | .Pp | 854 | .Pp |
915 | .It Pa /etc/ssh/ssh_host_key | ||
916 | .It Pa /etc/ssh/ssh_host_dsa_key | 855 | .It Pa /etc/ssh/ssh_host_dsa_key |
917 | .It Pa /etc/ssh/ssh_host_ecdsa_key | 856 | .It Pa /etc/ssh/ssh_host_ecdsa_key |
918 | .It Pa /etc/ssh/ssh_host_ed25519_key | 857 | .It Pa /etc/ssh/ssh_host_ed25519_key |
@@ -924,7 +863,6 @@ Note that | |||
924 | .Nm | 863 | .Nm |
925 | does not start if these files are group/world-accessible. | 864 | does not start if these files are group/world-accessible. |
926 | .Pp | 865 | .Pp |
927 | .It Pa /etc/ssh/ssh_host_key.pub | ||
928 | .It Pa /etc/ssh/ssh_host_dsa_key.pub | 866 | .It Pa /etc/ssh/ssh_host_dsa_key.pub |
929 | .It Pa /etc/ssh/ssh_host_ecdsa_key.pub | 867 | .It Pa /etc/ssh/ssh_host_ecdsa_key.pub |
930 | .It Pa /etc/ssh/ssh_host_ed25519_key.pub | 868 | .It Pa /etc/ssh/ssh_host_ed25519_key.pub |