Adam Langley | d059297 | 2015-03-30 14:49:51 -0700 | [diff] [blame] | 1 | SSHD(8) System Manager's Manual SSHD(8) |
Greg Hartman | bd77cf7 | 2015-02-25 13:21:06 -0800 | [diff] [blame] | 2 | |
| 3 | NAME |
Adam Langley | d059297 | 2015-03-30 14:49:51 -0700 | [diff] [blame] | 4 | sshd M-bM-^@M-^S OpenSSH SSH daemon |
Greg Hartman | bd77cf7 | 2015-02-25 13:21:06 -0800 | [diff] [blame] | 5 | |
| 6 | SYNOPSIS |
| 7 | sshd [-46DdeiqTt] [-b bits] [-C connection_spec] |
Adam Langley | d059297 | 2015-03-30 14:49:51 -0700 | [diff] [blame] | 8 | [-c host_certificate_file] [-E log_file] [-f config_file] |
| 9 | [-g login_grace_time] [-h host_key_file] [-k key_gen_time] |
| 10 | [-o option] [-p port] [-u len] |
Greg Hartman | bd77cf7 | 2015-02-25 13:21:06 -0800 | [diff] [blame] | 11 | |
| 12 | DESCRIPTION |
| 13 | sshd (OpenSSH Daemon) is the daemon program for ssh(1). Together these |
Adam Langley | d059297 | 2015-03-30 14:49:51 -0700 | [diff] [blame] | 14 | programs replace rlogin and rsh, and provide secure encrypted |
Greg Hartman | bd77cf7 | 2015-02-25 13:21:06 -0800 | [diff] [blame] | 15 | communications between two untrusted hosts over an insecure network. |
| 16 | |
| 17 | sshd listens for connections from clients. It is normally started at |
| 18 | boot from /etc/rc. It forks a new daemon for each incoming connection. |
| 19 | The forked daemons handle key exchange, encryption, authentication, |
| 20 | command execution, and data exchange. |
| 21 | |
| 22 | sshd can be configured using command-line options or a configuration file |
| 23 | (by default sshd_config(5)); command-line options override values |
| 24 | specified in the configuration file. sshd rereads its configuration file |
| 25 | when it receives a hangup signal, SIGHUP, by executing itself with the |
| 26 | name and options it was started with, e.g. /usr/sbin/sshd. |
| 27 | |
| 28 | The options are as follows: |
| 29 | |
| 30 | -4 Forces sshd to use IPv4 addresses only. |
| 31 | |
| 32 | -6 Forces sshd to use IPv6 addresses only. |
| 33 | |
| 34 | -b bits |
| 35 | Specifies the number of bits in the ephemeral protocol version 1 |
| 36 | server key (default 1024). |
| 37 | |
| 38 | -C connection_spec |
| 39 | Specify the connection parameters to use for the -T extended test |
| 40 | mode. If provided, any Match directives in the configuration |
| 41 | file that would apply to the specified user, host, and address |
| 42 | will be set before the configuration is written to standard |
| 43 | output. The connection parameters are supplied as keyword=value |
Adam Langley | d059297 | 2015-03-30 14:49:51 -0700 | [diff] [blame] | 44 | pairs. The keywords are M-bM-^@M-^\userM-bM-^@M-^], M-bM-^@M-^\hostM-bM-^@M-^], M-bM-^@M-^\laddrM-bM-^@M-^], M-bM-^@M-^\lportM-bM-^@M-^], and |
| 45 | M-bM-^@M-^\addrM-bM-^@M-^]. All are required and may be supplied in any order, |
| 46 | either with multiple -C options or as a comma-separated list. |
Greg Hartman | bd77cf7 | 2015-02-25 13:21:06 -0800 | [diff] [blame] | 47 | |
| 48 | -c host_certificate_file |
| 49 | Specifies a path to a certificate file to identify sshd during |
| 50 | key exchange. The certificate file must match a host key file |
| 51 | specified using the -h option or the HostKey configuration |
| 52 | directive. |
| 53 | |
| 54 | -D When this option is specified, sshd will not detach and does not |
| 55 | become a daemon. This allows easy monitoring of sshd. |
| 56 | |
| 57 | -d Debug mode. The server sends verbose debug output to standard |
| 58 | error, and does not put itself in the background. The server |
| 59 | also will not fork and will only process one connection. This |
| 60 | option is only intended for debugging for the server. Multiple |
| 61 | -d options increase the debugging level. Maximum is 3. |
| 62 | |
Adam Langley | d059297 | 2015-03-30 14:49:51 -0700 | [diff] [blame] | 63 | -E log_file |
| 64 | Append debug logs to log_file instead of the system log. |
| 65 | |
| 66 | -e Write debug logs to standard error instead of the system log. |
Greg Hartman | bd77cf7 | 2015-02-25 13:21:06 -0800 | [diff] [blame] | 67 | |
| 68 | -f config_file |
| 69 | Specifies the name of the configuration file. The default is |
| 70 | /etc/ssh/sshd_config. sshd refuses to start if there is no |
| 71 | configuration file. |
| 72 | |
| 73 | -g login_grace_time |
| 74 | Gives the grace time for clients to authenticate themselves |
| 75 | (default 120 seconds). If the client fails to authenticate the |
| 76 | user within this many seconds, the server disconnects and exits. |
| 77 | A value of zero indicates no limit. |
| 78 | |
| 79 | -h host_key_file |
| 80 | Specifies a file from which a host key is read. This option must |
| 81 | be given if sshd is not run as root (as the normal host key files |
| 82 | are normally not readable by anyone but root). The default is |
| 83 | /etc/ssh/ssh_host_key for protocol version 1, and |
Adam Langley | d059297 | 2015-03-30 14:49:51 -0700 | [diff] [blame] | 84 | /etc/ssh/ssh_host_dsa_key, /etc/ssh/ssh_host_ecdsa_key. |
| 85 | /etc/ssh/ssh_host_ed25519_key and /etc/ssh/ssh_host_rsa_key for |
| 86 | protocol version 2. It is possible to have multiple host key |
| 87 | files for the different protocol versions and host key |
| 88 | algorithms. |
Greg Hartman | bd77cf7 | 2015-02-25 13:21:06 -0800 | [diff] [blame] | 89 | |
| 90 | -i Specifies that sshd is being run from inetd(8). sshd is normally |
| 91 | not run from inetd because it needs to generate the server key |
| 92 | before it can respond to the client, and this may take tens of |
| 93 | seconds. Clients would have to wait too long if the key was |
| 94 | regenerated every time. However, with small key sizes (e.g. 512) |
| 95 | using sshd from inetd may be feasible. |
| 96 | |
| 97 | -k key_gen_time |
| 98 | Specifies how often the ephemeral protocol version 1 server key |
| 99 | is regenerated (default 3600 seconds, or one hour). The |
| 100 | motivation for regenerating the key fairly often is that the key |
| 101 | is not stored anywhere, and after about an hour it becomes |
| 102 | impossible to recover the key for decrypting intercepted |
| 103 | communications even if the machine is cracked into or physically |
| 104 | seized. A value of zero indicates that the key will never be |
| 105 | regenerated. |
| 106 | |
| 107 | -o option |
| 108 | Can be used to give options in the format used in the |
| 109 | configuration file. This is useful for specifying options for |
| 110 | which there is no separate command-line flag. For full details |
| 111 | of the options, and their values, see sshd_config(5). |
| 112 | |
| 113 | -p port |
| 114 | Specifies the port on which the server listens for connections |
| 115 | (default 22). Multiple port options are permitted. Ports |
| 116 | specified in the configuration file with the Port option are |
| 117 | ignored when a command-line port is specified. Ports specified |
| 118 | using the ListenAddress option override command-line ports. |
| 119 | |
| 120 | -q Quiet mode. Nothing is sent to the system log. Normally the |
| 121 | beginning, authentication, and termination of each connection is |
| 122 | logged. |
| 123 | |
| 124 | -T Extended test mode. Check the validity of the configuration |
| 125 | file, output the effective configuration to stdout and then exit. |
| 126 | Optionally, Match rules may be applied by specifying the |
| 127 | connection parameters using one or more -C options. |
| 128 | |
| 129 | -t Test mode. Only check the validity of the configuration file and |
| 130 | sanity of the keys. This is useful for updating sshd reliably as |
| 131 | configuration options may change. |
| 132 | |
| 133 | -u len This option is used to specify the size of the field in the utmp |
| 134 | structure that holds the remote host name. If the resolved host |
| 135 | name is longer than len, the dotted decimal value will be used |
| 136 | instead. This allows hosts with very long host names that |
| 137 | overflow this field to still be uniquely identified. Specifying |
| 138 | -u0 indicates that only dotted decimal addresses should be put |
| 139 | into the utmp file. -u0 may also be used to prevent sshd from |
| 140 | making DNS requests unless the authentication mechanism or |
| 141 | configuration requires it. Authentication mechanisms that may |
| 142 | require DNS include RhostsRSAAuthentication, |
| 143 | HostbasedAuthentication, and using a from="pattern-list" option |
| 144 | in a key file. Configuration options that require DNS include |
| 145 | using a USER@HOST pattern in AllowUsers or DenyUsers. |
| 146 | |
| 147 | AUTHENTICATION |
| 148 | The OpenSSH SSH daemon supports SSH protocols 1 and 2. The default is to |
| 149 | use protocol 2 only, though this can be changed via the Protocol option |
Adam Langley | d059297 | 2015-03-30 14:49:51 -0700 | [diff] [blame] | 150 | in sshd_config(5). Protocol 2 supports DSA, ECDSA, Ed25519 and RSA keys; |
| 151 | protocol 1 only supports RSA keys. For both protocols, each host has a |
| 152 | host-specific key, normally 2048 bits, used to identify the host. |
Greg Hartman | bd77cf7 | 2015-02-25 13:21:06 -0800 | [diff] [blame] | 153 | |
| 154 | Forward security for protocol 1 is provided through an additional server |
| 155 | key, normally 768 bits, generated when the server starts. This key is |
| 156 | normally regenerated every hour if it has been used, and is never stored |
| 157 | on disk. Whenever a client connects, the daemon responds with its public |
| 158 | host and server keys. The client compares the RSA host key against its |
| 159 | own database to verify that it has not changed. The client then |
| 160 | generates a 256-bit random number. It encrypts this random number using |
| 161 | both the host key and the server key, and sends the encrypted number to |
| 162 | the server. Both sides then use this random number as a session key |
| 163 | which is used to encrypt all further communications in the session. The |
| 164 | rest of the session is encrypted using a conventional cipher, currently |
| 165 | Blowfish or 3DES, with 3DES being used by default. The client selects |
| 166 | the encryption algorithm to use from those offered by the server. |
| 167 | |
| 168 | For protocol 2, forward security is provided through a Diffie-Hellman key |
| 169 | agreement. This key agreement results in a shared session key. The rest |
| 170 | of the session is encrypted using a symmetric cipher, currently 128-bit |
| 171 | AES, Blowfish, 3DES, CAST128, Arcfour, 192-bit AES, or 256-bit AES. The |
| 172 | client selects the encryption algorithm to use from those offered by the |
| 173 | server. Additionally, session integrity is provided through a |
| 174 | cryptographic message authentication code (hmac-md5, hmac-sha1, umac-64, |
Adam Langley | d059297 | 2015-03-30 14:49:51 -0700 | [diff] [blame] | 175 | umac-128, hmac-ripemd160, hmac-sha2-256 or hmac-sha2-512). |
Greg Hartman | bd77cf7 | 2015-02-25 13:21:06 -0800 | [diff] [blame] | 176 | |
| 177 | Finally, the server and the client enter an authentication dialog. The |
| 178 | client tries to authenticate itself using host-based authentication, |
| 179 | public key authentication, challenge-response authentication, or password |
| 180 | authentication. |
| 181 | |
| 182 | Regardless of the authentication type, the account is checked to ensure |
| 183 | that it is accessible. An account is not accessible if it is locked, |
| 184 | listed in DenyUsers or its group is listed in DenyGroups . The |
| 185 | definition of a locked account is system dependant. Some platforms have |
| 186 | their own account database (eg AIX) and some modify the passwd field ( |
Adam Langley | d059297 | 2015-03-30 14:49:51 -0700 | [diff] [blame] | 187 | M-bM-^@M-^X*LK*M-bM-^@M-^Y on Solaris and UnixWare, M-bM-^@M-^X*M-bM-^@M-^Y on HP-UX, containing M-bM-^@M-^XNologinM-bM-^@M-^Y on |
| 188 | Tru64, a leading M-bM-^@M-^X*LOCKED*M-bM-^@M-^Y on FreeBSD and a leading M-bM-^@M-^X!M-bM-^@M-^Y on most |
Greg Hartman | bd77cf7 | 2015-02-25 13:21:06 -0800 | [diff] [blame] | 189 | Linuxes). If there is a requirement to disable password authentication |
| 190 | for the account while allowing still public-key, then the passwd field |
Adam Langley | d059297 | 2015-03-30 14:49:51 -0700 | [diff] [blame] | 191 | should be set to something other than these values (eg M-bM-^@M-^XNPM-bM-^@M-^Y or M-bM-^@M-^X*NP*M-bM-^@M-^Y ). |
Greg Hartman | bd77cf7 | 2015-02-25 13:21:06 -0800 | [diff] [blame] | 192 | |
| 193 | If the client successfully authenticates itself, a dialog for preparing |
| 194 | the session is entered. At this time the client may request things like |
| 195 | allocating a pseudo-tty, forwarding X11 connections, forwarding TCP |
| 196 | connections, or forwarding the authentication agent connection over the |
| 197 | secure channel. |
| 198 | |
| 199 | After this, the client either requests a shell or execution of a command. |
| 200 | The sides then enter session mode. In this mode, either side may send |
| 201 | data at any time, and such data is forwarded to/from the shell or command |
| 202 | on the server side, and the user terminal in the client side. |
| 203 | |
| 204 | When the user program terminates and all forwarded X11 and other |
| 205 | connections have been closed, the server sends command exit status to the |
| 206 | client, and both sides exit. |
| 207 | |
| 208 | LOGIN PROCESS |
| 209 | When a user successfully logs in, sshd does the following: |
| 210 | |
| 211 | 1. If the login is on a tty, and no command has been specified, |
| 212 | prints last login time and /etc/motd (unless prevented in the |
| 213 | configuration file or by ~/.hushlogin; see the FILES section). |
| 214 | |
| 215 | 2. If the login is on a tty, records login time. |
| 216 | |
| 217 | 3. Checks /etc/nologin; if it exists, prints contents and quits |
| 218 | (unless root). |
| 219 | |
| 220 | 4. Changes to run with normal user privileges. |
| 221 | |
| 222 | 5. Sets up basic environment. |
| 223 | |
| 224 | 6. Reads the file ~/.ssh/environment, if it exists, and users are |
| 225 | allowed to change their environment. See the |
| 226 | PermitUserEnvironment option in sshd_config(5). |
| 227 | |
| 228 | 7. Changes to user's home directory. |
| 229 | |
Adam Langley | d059297 | 2015-03-30 14:49:51 -0700 | [diff] [blame] | 230 | 8. If ~/.ssh/rc exists and the sshd_config(5) PermitUserRC option |
| 231 | is set, runs it; else if /etc/ssh/sshrc exists, runs it; |
| 232 | otherwise runs xauth. The M-bM-^@M-^\rcM-bM-^@M-^] files are given the X11 |
| 233 | authentication protocol and cookie in standard input. See |
Greg Hartman | bd77cf7 | 2015-02-25 13:21:06 -0800 | [diff] [blame] | 234 | SSHRC, below. |
| 235 | |
| 236 | 9. Runs user's shell or command. |
| 237 | |
| 238 | SSHRC |
| 239 | If the file ~/.ssh/rc exists, sh(1) runs it after reading the environment |
| 240 | files but before starting the user's shell or command. It must not |
| 241 | produce any output on stdout; stderr must be used instead. If X11 |
| 242 | forwarding is in use, it will receive the "proto cookie" pair in its |
| 243 | standard input (and DISPLAY in its environment). The script must call |
| 244 | xauth(1) because sshd will not run xauth automatically to add X11 |
| 245 | cookies. |
| 246 | |
| 247 | The primary purpose of this file is to run any initialization routines |
| 248 | which may be needed before the user's home directory becomes accessible; |
| 249 | AFS is a particular example of such an environment. |
| 250 | |
| 251 | This file will probably contain some initialization code followed by |
| 252 | something similar to: |
| 253 | |
| 254 | if read proto cookie && [ -n "$DISPLAY" ]; then |
| 255 | if [ `echo $DISPLAY | cut -c1-10` = 'localhost:' ]; then |
| 256 | # X11UseLocalhost=yes |
| 257 | echo add unix:`echo $DISPLAY | |
| 258 | cut -c11-` $proto $cookie |
| 259 | else |
| 260 | # X11UseLocalhost=no |
| 261 | echo add $DISPLAY $proto $cookie |
| 262 | fi | xauth -q - |
| 263 | fi |
| 264 | |
| 265 | If this file does not exist, /etc/ssh/sshrc is run, and if that does not |
| 266 | exist either, xauth is used to add the cookie. |
| 267 | |
| 268 | AUTHORIZED_KEYS FILE FORMAT |
| 269 | AuthorizedKeysFile specifies the files containing public keys for public |
| 270 | key authentication; if none is specified, the default is |
| 271 | ~/.ssh/authorized_keys and ~/.ssh/authorized_keys2. Each line of the |
Adam Langley | d059297 | 2015-03-30 14:49:51 -0700 | [diff] [blame] | 272 | file contains one key (empty lines and lines starting with a M-bM-^@M-^X#M-bM-^@M-^Y are |
Greg Hartman | bd77cf7 | 2015-02-25 13:21:06 -0800 | [diff] [blame] | 273 | ignored as comments). Protocol 1 public keys consist of the following |
| 274 | space-separated fields: options, bits, exponent, modulus, comment. |
| 275 | Protocol 2 public key consist of: options, keytype, base64-encoded key, |
| 276 | comment. The options field is optional; its presence is determined by |
| 277 | whether the line starts with a number or not (the options field never |
| 278 | starts with a number). The bits, exponent, modulus, and comment fields |
| 279 | give the RSA key for protocol version 1; the comment field is not used |
| 280 | for anything (but may be convenient for the user to identify the key). |
Adam Langley | d059297 | 2015-03-30 14:49:51 -0700 | [diff] [blame] | 281 | For protocol version 2 the keytype is M-bM-^@M-^\ecdsa-sha2-nistp256M-bM-^@M-^], |
| 282 | M-bM-^@M-^\ecdsa-sha2-nistp384M-bM-^@M-^], M-bM-^@M-^\ecdsa-sha2-nistp521M-bM-^@M-^], M-bM-^@M-^\ssh-ed25519M-bM-^@M-^], M-bM-^@M-^\ssh-dssM-bM-^@M-^] or |
| 283 | M-bM-^@M-^\ssh-rsaM-bM-^@M-^]. |
Greg Hartman | bd77cf7 | 2015-02-25 13:21:06 -0800 | [diff] [blame] | 284 | |
| 285 | Note that lines in this file are usually several hundred bytes long |
| 286 | (because of the size of the public key encoding) up to a limit of 8 |
| 287 | kilobytes, which permits DSA keys up to 8 kilobits and RSA keys up to 16 |
| 288 | kilobits. You don't want to type them in; instead, copy the |
Adam Langley | d059297 | 2015-03-30 14:49:51 -0700 | [diff] [blame] | 289 | identity.pub, id_dsa.pub, id_ecdsa.pub, id_ed25519.pub, or the id_rsa.pub |
| 290 | file and edit it. |
Greg Hartman | bd77cf7 | 2015-02-25 13:21:06 -0800 | [diff] [blame] | 291 | |
| 292 | sshd enforces a minimum RSA key modulus size for protocol 1 and protocol |
| 293 | 2 keys of 768 bits. |
| 294 | |
| 295 | The options (if present) consist of comma-separated option |
| 296 | specifications. No spaces are permitted, except within double quotes. |
| 297 | The following option specifications are supported (note that option |
| 298 | keywords are case-insensitive): |
| 299 | |
| 300 | cert-authority |
| 301 | Specifies that the listed key is a certification authority (CA) |
| 302 | that is trusted to validate signed certificates for user |
| 303 | authentication. |
| 304 | |
| 305 | Certificates may encode access restrictions similar to these key |
| 306 | options. If both certificate restrictions and key options are |
| 307 | present, the most restrictive union of the two is applied. |
| 308 | |
| 309 | command="command" |
| 310 | Specifies that the command is executed whenever this key is used |
| 311 | for authentication. The command supplied by the user (if any) is |
| 312 | ignored. The command is run on a pty if the client requests a |
| 313 | pty; otherwise it is run without a tty. If an 8-bit clean |
| 314 | channel is required, one must not request a pty or should specify |
| 315 | no-pty. A quote may be included in the command by quoting it |
| 316 | with a backslash. This option might be useful to restrict |
| 317 | certain public keys to perform just a specific operation. An |
| 318 | example might be a key that permits remote backups but nothing |
| 319 | else. Note that the client may specify TCP and/or X11 forwarding |
| 320 | unless they are explicitly prohibited. The command originally |
| 321 | supplied by the client is available in the SSH_ORIGINAL_COMMAND |
| 322 | environment variable. Note that this option applies to shell, |
| 323 | command or subsystem execution. Also note that this command may |
| 324 | be superseded by either a sshd_config(5) ForceCommand directive |
| 325 | or a command embedded in a certificate. |
| 326 | |
| 327 | environment="NAME=value" |
| 328 | Specifies that the string is to be added to the environment when |
| 329 | logging in using this key. Environment variables set this way |
| 330 | override other default environment values. Multiple options of |
| 331 | this type are permitted. Environment processing is disabled by |
| 332 | default and is controlled via the PermitUserEnvironment option. |
| 333 | This option is automatically disabled if UseLogin is enabled. |
| 334 | |
| 335 | from="pattern-list" |
| 336 | Specifies that in addition to public key authentication, either |
| 337 | the canonical name of the remote host or its IP address must be |
| 338 | present in the comma-separated list of patterns. See PATTERNS in |
| 339 | ssh_config(5) for more information on patterns. |
| 340 | |
| 341 | In addition to the wildcard matching that may be applied to |
| 342 | hostnames or addresses, a from stanza may match IP addresses |
| 343 | using CIDR address/masklen notation. |
| 344 | |
| 345 | The purpose of this option is to optionally increase security: |
| 346 | public key authentication by itself does not trust the network or |
| 347 | name servers or anything (but the key); however, if somebody |
| 348 | somehow steals the key, the key permits an intruder to log in |
| 349 | from anywhere in the world. This additional option makes using a |
| 350 | stolen key more difficult (name servers and/or routers would have |
| 351 | to be compromised in addition to just the key). |
| 352 | |
| 353 | no-agent-forwarding |
| 354 | Forbids authentication agent forwarding when this key is used for |
| 355 | authentication. |
| 356 | |
| 357 | no-port-forwarding |
| 358 | Forbids TCP forwarding when this key is used for authentication. |
| 359 | Any port forward requests by the client will return an error. |
| 360 | This might be used, e.g. in connection with the command option. |
| 361 | |
| 362 | no-pty Prevents tty allocation (a request to allocate a pty will fail). |
| 363 | |
| 364 | no-user-rc |
| 365 | Disables execution of ~/.ssh/rc. |
| 366 | |
| 367 | no-X11-forwarding |
| 368 | Forbids X11 forwarding when this key is used for authentication. |
| 369 | Any X11 forward requests by the client will return an error. |
| 370 | |
| 371 | permitopen="host:port" |
Adam Langley | d059297 | 2015-03-30 14:49:51 -0700 | [diff] [blame] | 372 | Limit local port forwarding with ssh(1) -L such that it may only |
Greg Hartman | bd77cf7 | 2015-02-25 13:21:06 -0800 | [diff] [blame] | 373 | connect to the specified host and port. IPv6 addresses can be |
| 374 | specified by enclosing the address in square brackets. Multiple |
| 375 | permitopen options may be applied separated by commas. No |
| 376 | pattern matching is performed on the specified hostnames, they |
Adam Langley | d059297 | 2015-03-30 14:49:51 -0700 | [diff] [blame] | 377 | must be literal domains or addresses. A port specification of * |
| 378 | matches any port. |
Greg Hartman | bd77cf7 | 2015-02-25 13:21:06 -0800 | [diff] [blame] | 379 | |
| 380 | principals="principals" |
| 381 | On a cert-authority line, specifies allowed principals for |
| 382 | certificate authentication as a comma-separated list. At least |
| 383 | one name from the list must appear in the certificate's list of |
| 384 | principals for the certificate to be accepted. This option is |
| 385 | ignored for keys that are not marked as trusted certificate |
| 386 | signers using the cert-authority option. |
| 387 | |
| 388 | tunnel="n" |
| 389 | Force a tun(4) device on the server. Without this option, the |
| 390 | next available device will be used if the client requests a |
| 391 | tunnel. |
| 392 | |
| 393 | An example authorized_keys file: |
| 394 | |
| 395 | # Comments allowed at start of line |
| 396 | ssh-rsa AAAAB3Nza...LiPk== user@example.net |
| 397 | from="*.sales.example.net,!pc.sales.example.net" ssh-rsa |
| 398 | AAAAB2...19Q== john@example.net |
| 399 | command="dump /home",no-pty,no-port-forwarding ssh-dss |
| 400 | AAAAC3...51R== example.net |
| 401 | permitopen="192.0.2.1:80",permitopen="192.0.2.2:25" ssh-dss |
| 402 | AAAAB5...21S== |
| 403 | tunnel="0",command="sh /etc/netstart tun0" ssh-rsa AAAA...== |
| 404 | jane@example.net |
| 405 | |
| 406 | SSH_KNOWN_HOSTS FILE FORMAT |
| 407 | The /etc/ssh/ssh_known_hosts and ~/.ssh/known_hosts files contain host |
| 408 | public keys for all known hosts. The global file should be prepared by |
| 409 | the administrator (optional), and the per-user file is maintained |
| 410 | automatically: whenever the user connects from an unknown host, its key |
| 411 | is added to the per-user file. |
| 412 | |
| 413 | Each line in these files contains the following fields: markers |
| 414 | (optional), hostnames, bits, exponent, modulus, comment. The fields are |
| 415 | separated by spaces. |
| 416 | |
| 417 | The marker is optional, but if it is present then it must be one of |
Adam Langley | d059297 | 2015-03-30 14:49:51 -0700 | [diff] [blame] | 418 | M-bM-^@M-^\@cert-authorityM-bM-^@M-^], to indicate that the line contains a certification |
| 419 | authority (CA) key, or M-bM-^@M-^\@revokedM-bM-^@M-^], to indicate that the key contained on |
| 420 | the line is revoked and must not ever be accepted. Only one marker |
Greg Hartman | bd77cf7 | 2015-02-25 13:21:06 -0800 | [diff] [blame] | 421 | should be used on a key line. |
| 422 | |
Adam Langley | d059297 | 2015-03-30 14:49:51 -0700 | [diff] [blame] | 423 | Hostnames is a comma-separated list of patterns (M-bM-^@M-^X*M-bM-^@M-^Y and M-bM-^@M-^X?M-bM-^@M-^Y act as |
Greg Hartman | bd77cf7 | 2015-02-25 13:21:06 -0800 | [diff] [blame] | 424 | wildcards); each pattern in turn is matched against the canonical host |
| 425 | name (when authenticating a client) or against the user-supplied name |
Adam Langley | d059297 | 2015-03-30 14:49:51 -0700 | [diff] [blame] | 426 | (when authenticating a server). A pattern may also be preceded by M-bM-^@M-^X!M-bM-^@M-^Y to |
Greg Hartman | bd77cf7 | 2015-02-25 13:21:06 -0800 | [diff] [blame] | 427 | indicate negation: if the host name matches a negated pattern, it is not |
| 428 | accepted (by that line) even if it matched another pattern on the line. |
Adam Langley | d059297 | 2015-03-30 14:49:51 -0700 | [diff] [blame] | 429 | A hostname or address may optionally be enclosed within M-bM-^@M-^X[M-bM-^@M-^Y and M-bM-^@M-^X]M-bM-^@M-^Y |
| 430 | brackets then followed by M-bM-^@M-^X:M-bM-^@M-^Y and a non-standard port number. |
Greg Hartman | bd77cf7 | 2015-02-25 13:21:06 -0800 | [diff] [blame] | 431 | |
| 432 | Alternately, hostnames may be stored in a hashed form which hides host |
| 433 | names and addresses should the file's contents be disclosed. Hashed |
Adam Langley | d059297 | 2015-03-30 14:49:51 -0700 | [diff] [blame] | 434 | hostnames start with a M-bM-^@M-^X|M-bM-^@M-^Y character. Only one hashed hostname may |
Greg Hartman | bd77cf7 | 2015-02-25 13:21:06 -0800 | [diff] [blame] | 435 | appear on a single line and none of the above negation or wildcard |
| 436 | operators may be applied. |
| 437 | |
| 438 | Bits, exponent, and modulus are taken directly from the RSA host key; |
| 439 | they can be obtained, for example, from /etc/ssh/ssh_host_key.pub. The |
| 440 | optional comment field continues to the end of the line, and is not used. |
| 441 | |
Adam Langley | d059297 | 2015-03-30 14:49:51 -0700 | [diff] [blame] | 442 | Lines starting with M-bM-^@M-^X#M-bM-^@M-^Y and empty lines are ignored as comments. |
Greg Hartman | bd77cf7 | 2015-02-25 13:21:06 -0800 | [diff] [blame] | 443 | |
| 444 | When performing host authentication, authentication is accepted if any |
| 445 | matching line has the proper key; either one that matches exactly or, if |
| 446 | the server has presented a certificate for authentication, the key of the |
| 447 | certification authority that signed the certificate. For a key to be |
Adam Langley | d059297 | 2015-03-30 14:49:51 -0700 | [diff] [blame] | 448 | trusted as a certification authority, it must use the M-bM-^@M-^\@cert-authorityM-bM-^@M-^] |
Greg Hartman | bd77cf7 | 2015-02-25 13:21:06 -0800 | [diff] [blame] | 449 | marker described above. |
| 450 | |
| 451 | The known hosts file also provides a facility to mark keys as revoked, |
| 452 | for example when it is known that the associated private key has been |
Adam Langley | d059297 | 2015-03-30 14:49:51 -0700 | [diff] [blame] | 453 | stolen. Revoked keys are specified by including the M-bM-^@M-^\@revokedM-bM-^@M-^] marker at |
| 454 | the beginning of the key line, and are never accepted for authentication |
| 455 | or as certification authorities, but instead will produce a warning from |
| 456 | ssh(1) when they are encountered. |
Greg Hartman | bd77cf7 | 2015-02-25 13:21:06 -0800 | [diff] [blame] | 457 | |
| 458 | It is permissible (but not recommended) to have several lines or |
| 459 | different host keys for the same names. This will inevitably happen when |
| 460 | short forms of host names from different domains are put in the file. It |
| 461 | is possible that the files contain conflicting information; |
| 462 | authentication is accepted if valid information can be found from either |
| 463 | file. |
| 464 | |
| 465 | Note that the lines in these files are typically hundreds of characters |
| 466 | long, and you definitely don't want to type in the host keys by hand. |
| 467 | Rather, generate them by a script, ssh-keyscan(1) or by taking |
| 468 | /etc/ssh/ssh_host_key.pub and adding the host names at the front. |
| 469 | ssh-keygen(1) also offers some basic automated editing for |
| 470 | ~/.ssh/known_hosts including removing hosts matching a host name and |
| 471 | converting all host names to their hashed representations. |
| 472 | |
| 473 | An example ssh_known_hosts file: |
| 474 | |
| 475 | # Comments allowed at start of line |
| 476 | closenet,...,192.0.2.53 1024 37 159...93 closenet.example.net |
| 477 | cvs.example.net,192.0.2.10 ssh-rsa AAAA1234.....= |
| 478 | # A hashed hostname |
| 479 | |1|JfKTdBh7rNbXkVAQCRp4OQoPfmI=|USECr3SWf1JUPsms5AqfD5QfxkM= ssh-rsa |
| 480 | AAAA1234.....= |
| 481 | # A revoked key |
| 482 | @revoked * ssh-rsa AAAAB5W... |
| 483 | # A CA key, accepted for any host in *.mydomain.com or *.mydomain.org |
| 484 | @cert-authority *.mydomain.org,*.mydomain.com ssh-rsa AAAAB5W... |
| 485 | |
| 486 | FILES |
| 487 | ~/.hushlogin |
| 488 | This file is used to suppress printing the last login time and |
| 489 | /etc/motd, if PrintLastLog and PrintMotd, respectively, are |
| 490 | enabled. It does not suppress printing of the banner specified |
| 491 | by Banner. |
| 492 | |
| 493 | ~/.rhosts |
| 494 | This file is used for host-based authentication (see ssh(1) for |
| 495 | more information). On some machines this file may need to be |
| 496 | world-readable if the user's home directory is on an NFS |
| 497 | partition, because sshd reads it as root. Additionally, this |
| 498 | file must be owned by the user, and must not have write |
| 499 | permissions for anyone else. The recommended permission for most |
| 500 | machines is read/write for the user, and not accessible by |
| 501 | others. |
| 502 | |
| 503 | ~/.shosts |
| 504 | This file is used in exactly the same way as .rhosts, but allows |
| 505 | host-based authentication without permitting login with |
| 506 | rlogin/rsh. |
| 507 | |
| 508 | ~/.ssh/ |
| 509 | This directory is the default location for all user-specific |
| 510 | configuration and authentication information. There is no |
| 511 | general requirement to keep the entire contents of this directory |
| 512 | secret, but the recommended permissions are read/write/execute |
| 513 | for the user, and not accessible by others. |
| 514 | |
| 515 | ~/.ssh/authorized_keys |
Adam Langley | d059297 | 2015-03-30 14:49:51 -0700 | [diff] [blame] | 516 | Lists the public keys (DSA, ECDSA, Ed25519, RSA) that can be used |
| 517 | for logging in as this user. The format of this file is |
| 518 | described above. The content of the file is not highly |
| 519 | sensitive, but the recommended permissions are read/write for the |
| 520 | user, and not accessible by others. |
Greg Hartman | bd77cf7 | 2015-02-25 13:21:06 -0800 | [diff] [blame] | 521 | |
| 522 | If this file, the ~/.ssh directory, or the user's home directory |
| 523 | are writable by other users, then the file could be modified or |
| 524 | replaced by unauthorized users. In this case, sshd will not |
| 525 | allow it to be used unless the StrictModes option has been set to |
Adam Langley | d059297 | 2015-03-30 14:49:51 -0700 | [diff] [blame] | 526 | M-bM-^@M-^\noM-bM-^@M-^]. |
Greg Hartman | bd77cf7 | 2015-02-25 13:21:06 -0800 | [diff] [blame] | 527 | |
| 528 | ~/.ssh/environment |
| 529 | This file is read into the environment at login (if it exists). |
| 530 | It can only contain empty lines, comment lines (that start with |
Adam Langley | d059297 | 2015-03-30 14:49:51 -0700 | [diff] [blame] | 531 | M-bM-^@M-^X#M-bM-^@M-^Y), and assignment lines of the form name=value. The file |
Greg Hartman | bd77cf7 | 2015-02-25 13:21:06 -0800 | [diff] [blame] | 532 | should be writable only by the user; it need not be readable by |
| 533 | anyone else. Environment processing is disabled by default and |
| 534 | is controlled via the PermitUserEnvironment option. |
| 535 | |
| 536 | ~/.ssh/known_hosts |
| 537 | Contains a list of host keys for all hosts the user has logged |
| 538 | into that are not already in the systemwide list of known host |
| 539 | keys. The format of this file is described above. This file |
| 540 | should be writable only by root/the owner and can, but need not |
| 541 | be, world-readable. |
| 542 | |
| 543 | ~/.ssh/rc |
| 544 | Contains initialization routines to be run before the user's home |
| 545 | directory becomes accessible. This file should be writable only |
| 546 | by the user, and need not be readable by anyone else. |
| 547 | |
Greg Hartman | bd77cf7 | 2015-02-25 13:21:06 -0800 | [diff] [blame] | 548 | /etc/hosts.equiv |
| 549 | This file is for host-based authentication (see ssh(1)). It |
| 550 | should only be writable by root. |
| 551 | |
| 552 | /etc/moduli |
| 553 | Contains Diffie-Hellman groups used for the "Diffie-Hellman Group |
| 554 | Exchange". The file format is described in moduli(5). |
| 555 | |
| 556 | /etc/motd |
| 557 | See motd(5). |
| 558 | |
| 559 | /etc/nologin |
| 560 | If this file exists, sshd refuses to let anyone except root log |
| 561 | in. The contents of the file are displayed to anyone trying to |
| 562 | log in, and non-root connections are refused. The file should be |
| 563 | world-readable. |
| 564 | |
| 565 | /etc/shosts.equiv |
| 566 | This file is used in exactly the same way as hosts.equiv, but |
| 567 | allows host-based authentication without permitting login with |
| 568 | rlogin/rsh. |
| 569 | |
| 570 | /etc/ssh/ssh_host_key |
| 571 | /etc/ssh/ssh_host_dsa_key |
| 572 | /etc/ssh/ssh_host_ecdsa_key |
Adam Langley | d059297 | 2015-03-30 14:49:51 -0700 | [diff] [blame] | 573 | /etc/ssh/ssh_host_ed25519_key |
Greg Hartman | bd77cf7 | 2015-02-25 13:21:06 -0800 | [diff] [blame] | 574 | /etc/ssh/ssh_host_rsa_key |
Adam Langley | d059297 | 2015-03-30 14:49:51 -0700 | [diff] [blame] | 575 | These files contain the private parts of the host keys. These |
| 576 | files should only be owned by root, readable only by root, and |
| 577 | not accessible to others. Note that sshd does not start if these |
| 578 | files are group/world-accessible. |
Greg Hartman | bd77cf7 | 2015-02-25 13:21:06 -0800 | [diff] [blame] | 579 | |
| 580 | /etc/ssh/ssh_host_key.pub |
| 581 | /etc/ssh/ssh_host_dsa_key.pub |
| 582 | /etc/ssh/ssh_host_ecdsa_key.pub |
Adam Langley | d059297 | 2015-03-30 14:49:51 -0700 | [diff] [blame] | 583 | /etc/ssh/ssh_host_ed25519_key.pub |
Greg Hartman | bd77cf7 | 2015-02-25 13:21:06 -0800 | [diff] [blame] | 584 | /etc/ssh/ssh_host_rsa_key.pub |
Adam Langley | d059297 | 2015-03-30 14:49:51 -0700 | [diff] [blame] | 585 | These files contain the public parts of the host keys. These |
| 586 | files should be world-readable but writable only by root. Their |
| 587 | contents should match the respective private parts. These files |
| 588 | are not really used for anything; they are provided for the |
Greg Hartman | bd77cf7 | 2015-02-25 13:21:06 -0800 | [diff] [blame] | 589 | convenience of the user so their contents can be copied to known |
| 590 | hosts files. These files are created using ssh-keygen(1). |
| 591 | |
| 592 | /etc/ssh/ssh_known_hosts |
| 593 | Systemwide list of known host keys. This file should be prepared |
| 594 | by the system administrator to contain the public host keys of |
| 595 | all machines in the organization. The format of this file is |
| 596 | described above. This file should be writable only by root/the |
| 597 | owner and should be world-readable. |
| 598 | |
| 599 | /etc/ssh/sshd_config |
| 600 | Contains configuration data for sshd. The file format and |
| 601 | configuration options are described in sshd_config(5). |
| 602 | |
| 603 | /etc/ssh/sshrc |
| 604 | Similar to ~/.ssh/rc, it can be used to specify machine-specific |
| 605 | login-time initializations globally. This file should be |
| 606 | writable only by root, and should be world-readable. |
| 607 | |
| 608 | /var/empty |
| 609 | chroot(2) directory used by sshd during privilege separation in |
| 610 | the pre-authentication phase. The directory should not contain |
| 611 | any files and must be owned by root and not group or world- |
| 612 | writable. |
| 613 | |
| 614 | /var/run/sshd.pid |
| 615 | Contains the process ID of the sshd listening for connections (if |
| 616 | there are several daemons running concurrently for different |
| 617 | ports, this contains the process ID of the one started last). |
| 618 | The content of this file is not sensitive; it can be world- |
| 619 | readable. |
| 620 | |
| 621 | SEE ALSO |
| 622 | scp(1), sftp(1), ssh(1), ssh-add(1), ssh-agent(1), ssh-keygen(1), |
Adam Langley | d059297 | 2015-03-30 14:49:51 -0700 | [diff] [blame] | 623 | ssh-keyscan(1), chroot(2), login.conf(5), moduli(5), sshd_config(5), |
| 624 | inetd(8), sftp-server(8) |
Greg Hartman | bd77cf7 | 2015-02-25 13:21:06 -0800 | [diff] [blame] | 625 | |
| 626 | AUTHORS |
| 627 | OpenSSH is a derivative of the original and free ssh 1.2.12 release by |
| 628 | Tatu Ylonen. Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, Theo |
| 629 | de Raadt and Dug Song removed many bugs, re-added newer features and |
| 630 | created OpenSSH. Markus Friedl contributed the support for SSH protocol |
| 631 | versions 1.5 and 2.0. Niels Provos and Markus Friedl contributed support |
| 632 | for privilege separation. |
| 633 | |
Adam Langley | d059297 | 2015-03-30 14:49:51 -0700 | [diff] [blame] | 634 | OpenBSD 5.7 November 15, 2014 OpenBSD 5.7 |