blob: b5d925b87986f7c698fa2e3ffc79dba16f1a7376 [file] [log] [blame]
Damien Miller32aa1441999-10-29 09:15:49 +10001.\" -*- nroff -*-
2.\"
3.\" sshd.8.in
4.\"
5.\" Author: Tatu Ylonen <ylo@cs.hut.fi>
6.\"
7.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
8.\" All rights reserved
9.\"
10.\" Created: Sat Apr 22 21:55:14 1995 ylo
11.\"
Damien Miller34132e52000-01-14 15:45:46 +110012.\" $Id: sshd.8.in,v 1.2 2000/01/14 04:45:52 damien Exp $
Damien Miller32aa1441999-10-29 09:15:49 +100013.\"
14.Dd September 25, 1999
15.Dt SSHD 8
16.Os
17.Sh NAME
18.Nm sshd
19.Nd secure shell daemon
20.Sh SYNOPSIS
21.Nm sshd
Damien Miller34132e52000-01-14 15:45:46 +110022.Op Fl diqQ46
Damien Miller32aa1441999-10-29 09:15:49 +100023.Op Fl b Ar bits
24.Op Fl f Ar config_file
25.Op Fl g Ar login_grace_time
26.Op Fl h Ar host_key_file
27.Op Fl k Ar key_gen_time
28.Op Fl p Ar port
Damien Miller95def091999-11-25 00:26:21 +110029.Op Fl V Ar client_protocol_id
Damien Miller32aa1441999-10-29 09:15:49 +100030.Sh DESCRIPTION
31.Nm
32(Secure Shell Daemon) is the daemon program for
33.Xr ssh 1 .
34Together these programs replace rlogin and rsh programs, and
35provide secure encrypted communications between two untrusted hosts
36over an insecure network. The programs are intended to be as easy to
37install and use as possible.
38.Pp
39.Nm
40is the daemon that listens for connections from clients. It is
41normally started at boot from
42.Pa /etc/rc .
43It forks a new
44daemon for each incoming connection. The forked daemons handle
45key exchange, encryption, authentication, command execution,
46and data exchange.
47.Pp
48.Nm
49works as follows. Each host has a host-specific RSA key
50(normally 1024 bits) used to identify the host. Additionally, when
51the daemon starts, it generates a server RSA key (normally 768 bits).
52This key is normally regenerated every hour if it has been used, and
53is never stored on disk.
54.Pp
55Whenever a client connects the daemon, the daemon sends its host
56and server public keys to the client. The client compares the
57host key against its own database to verify that it has not changed.
58The client then generates a 256 bit random number. It encrypts this
59random number using both the host key and the server key, and sends
60the encrypted number to the server. Both sides then start to use this
61random number as a session key which is used to encrypt all further
62communications in the session. The rest of the session is encrypted
63using a conventional cipher, currently Blowfish and 3DES, with 3DES
64being is used by default. The client selects the encryption algorithm
65to use from those offered by the server.
66.Pp
67Next, the server and the client enter an authentication dialog. The
68client tries to authenticate itself using
69.Pa .rhosts
70authentication,
71.Pa .rhosts
72authentication combined with RSA host
73authentication, RSA challenge-response authentication, or password
74based authentication.
75.Pp
76Rhosts authentication is normally disabled
77because it is fundamentally insecure, but can be enabled in the server
78configuration file if desired. System security is not improved unless
79.Xr rshd 8 ,
80.Xr rlogind 8 ,
81.Xr rexecd 8 ,
82and
83.Xr rexd 8
84are disabled (thus completely disabling
85.Xr rlogin 1
86and
87.Xr rsh 1
88into that machine).
89.Pp
90If the client successfully authenticates itself, a dialog for
91preparing the session is entered. At this time the client may request
92things like allocating a pseudo-tty, forwarding X11 connections,
93forwarding TCP/IP connections, or forwarding the authentication agent
94connection over the secure channel.
95.Pp
96Finally, the client either requests a shell or execution of a command.
97The sides then enter session mode. In this mode, either side may send
98data at any time, and such data is forwarded to/from the shell or
99command on the server side, and the user terminal in the client side.
100.Pp
101When the user program terminates and all forwarded X11 and other
102connections have been closed, the server sends command exit status to
103the client, and both sides exit.
104.Pp
105.Nm
106can be configured using command-line options or a configuration
107file. Command-line options override values specified in the
108configuration file.
109.Pp
Damien Miller6162d121999-11-21 13:23:52 +1100110.Nm
111rereads its configuration file when it receives a hangup signal,
112.Dv SIGHUP .
113.Pp
Damien Miller32aa1441999-10-29 09:15:49 +1000114The options are as follows:
115.Bl -tag -width Ds
116.It Fl b Ar bits
117Specifies the number of bits in the server key (default 768).
118.Pp
119.It Fl d
120Debug mode. The server sends verbose debug output to the system
121log, and does not put itself in the background. The server also will
122not fork and will only process one connection. This option is only
123intended for debugging for the server.
124.It Fl f Ar configuration_file
125Specifies the name of the configuration file. The default is
Damien Millerc0d73901999-12-27 09:23:58 +1100126.Pa @sysconfdir@/sshd_config .
Damien Miller32aa1441999-10-29 09:15:49 +1000127.Nm
128refuses to start if there is no configuration file.
129.It Fl g Ar login_grace_time
130Gives the grace time for clients to authenticate themselves (default
131300 seconds). If the client fails to authenticate the user within
132this many seconds, the server disconnects and exits. A value of zero
133indicates no limit.
134.It Fl h Ar host_key_file
135Specifies the file from which the host key is read (default
Damien Millerc0d73901999-12-27 09:23:58 +1100136.Pa @sysconfdir@/ssh_host_key ) .
Damien Miller32aa1441999-10-29 09:15:49 +1000137This option must be given if
138.Nm
139is not run as root (as the normal
140host file is normally not readable by anyone but root).
141.It Fl i
142Specifies that
143.Nm
144is being run from inetd.
145.Nm
146is normally not run
147from inetd because it needs to generate the server key before it can
148respond to the client, and this may take tens of seconds. Clients
149would have to wait too long if the key was regenerated every time.
150However, with small key sizes (e.g. 512) using
151.Nm
152from inetd may
153be feasible.
154.It Fl k Ar key_gen_time
155Specifies how often the server key is regenerated (default 3600
156seconds, or one hour). The motivation for regenerating the key fairly
157often is that the key is not stored anywhere, and after about an hour,
158it becomes impossible to recover the key for decrypting intercepted
159communications even if the machine is cracked into or physically
160seized. A value of zero indicates that the key will never be regenerated.
161.It Fl p Ar port
162Specifies the port on which the server listens for connections
163(default 22).
164.It Fl q
165Quiet mode. Nothing is sent to the system log. Normally the beginning,
166authentication, and termination of each connection is logged.
167.It Fl Q
168Do not print an error message if RSA support is missing.
Damien Miller95def091999-11-25 00:26:21 +1100169.It Fl V Ar client_protocol_id
170SSH2 compatibility mode.
171When this options is specified
172.Nm
173assumes the client has sent the given version string
174and skips the
175Protocol Version Identification Exchange.
Damien Miller34132e52000-01-14 15:45:46 +1100176.It Fl 4
177Forces
178.Nm
179to use IPv4 addresses only.
180.It Fl 6
181Forces
182.Nm
183to use IPv6 addresses only.
Damien Miller32aa1441999-10-29 09:15:49 +1000184.El
185.Sh CONFIGURATION FILE
186.Nm
187reads configuration data from
Damien Millerc0d73901999-12-27 09:23:58 +1100188.Pa @sysconfdir@/sshd_config
Damien Miller32aa1441999-10-29 09:15:49 +1000189(or the file specified with
190.Fl f
191on the command line). The file
192contains keyword-value pairs, one per line. Lines starting with
193.Ql #
194and empty lines are interpreted as comments.
195.Pp
196The following keywords are possible.
197.Bl -tag -width Ds
198.It Cm AFSTokenPassing
199Specifies whether an AFS token may be forwarded to the server. Default is
200.Dq yes .
201.It Cm AllowGroups
202This keyword can be followed by a number of group names, separated
203by spaces. If specified, login is allowed only for users whose primary
204group matches one of the patterns.
205.Ql \&*
206and
207.Ql ?
208can be used as
209wildcards in the patterns. Only group names are valid, a numerical group
210id isn't recognized. By default login is allowed regardless of
211the primary group.
212.Pp
213.It Cm AllowUsers
214This keyword can be followed by a number of user names, separated
215by spaces. If specified, login is allowed only for users names that
216match one of the patterns.
217.Ql \&*
218and
219.Ql ?
220can be used as
221wildcards in the patterns. Only user names are valid, a numerical user
222id isn't recognized. By default login is allowed regardless of
223the user name.
224.Pp
225.It Cm CheckMail
226Specifies whether
227.Nm
228should check for new mail for interactive logins.
229The default is
230.Dq no .
231.It Cm DenyGroups
232This keyword can be followed by a number of group names, separated
233by spaces. Users whose primary group matches one of the patterns
234aren't allowed to log in.
235.Ql \&*
236and
237.Ql ?
238can be used as
239wildcards in the patterns. Only group names are valid, a numerical group
240id isn't recognized. By default login is allowed regardless of
241the primary group.
242.Pp
243.It Cm DenyUsers
244This keyword can be followed by a number of user names, separated
245by spaces. Login is allowed disallowed for user names that match
246one of the patterns.
247.Ql \&*
248and
249.Ql ?
250can be used as
251wildcards in the patterns. Only user names are valid, a numerical user
252id isn't recognized. By default login is allowed regardless of
253the user name.
Damien Miller32aa1441999-10-29 09:15:49 +1000254.It Cm HostKey
255Specifies the file containing the private host key (default
Damien Millerc0d73901999-12-27 09:23:58 +1100256.Pa @sysconfdir@/ssh_host_key ) .
Damien Miller32aa1441999-10-29 09:15:49 +1000257Note that
258.Nm
259does not start if this file is group/world-accessible.
260.It Cm IgnoreRhosts
261Specifies that rhosts and shosts files will not be used in
262authentication.
263.Pa /etc/hosts.equiv
264and
Damien Millerc0d73901999-12-27 09:23:58 +1100265.Pa @sysconfdir@/shosts.equiv
Damien Miller32aa1441999-10-29 09:15:49 +1000266are still used. The default is
267.Dq no .
Damien Miller32265091999-11-12 11:33:04 +1100268.It Cm IgnoreUserKnownHosts
269Specifies whether
270.Nm
271should ignore the user's
272.Pa $HOME/.ssh/known_hosts
273during
274.Cm RhostsRSAAuthentication .
275The default is
276.Dq no .
Damien Miller32aa1441999-10-29 09:15:49 +1000277.It Cm KeepAlive
278Specifies whether the system should send keepalive messages to the
279other side. If they are sent, death of the connection or crash of one
280of the machines will be properly noticed. However, this means that
281connections will die if the route is down temporarily, and some people
282find it annoying. On the other hand, if keepalives are not send,
283sessions may hang indefinitely on the server, leaving
284.Dq ghost
285users and consuming server resources.
286.Pp
287The default is
288.Dq yes
289(to send keepalives), and the server will notice
290if the network goes down or the client host reboots. This avoids
291infinitely hanging sessions.
292.Pp
293To disable keepalives, the value should be set to
294.Dq no
295in both the server and the client configuration files.
296.It Cm KerberosAuthentication
297Specifies whether Kerberos authentication is allowed. This can
298be in the form of a Kerberos ticket, or if
299.Cm PasswordAuthentication
300is yes, the password provided by the user will be validated through
301the Kerberos KDC. Default is
302.Dq yes .
303.It Cm KerberosOrLocalPasswd
304If set then if password authentication through Kerberos fails then
305the password will be validated via any additional local mechanism
306such as
307.Pa /etc/passwd
308or SecurID. Default is
309.Dq yes .
310.It Cm KerberosTgtPassing
311Specifies whether a Kerberos TGT may be forwarded to the server.
312Default is
313.Dq no ,
314as this only works when the Kerberos KDC is actually an AFS kaserver.
315.It Cm KerberosTicketCleanup
316Specifies whether to automatically destroy the user's ticket cache
317file on logout. Default is
318.Dq yes .
319.It Cm KeyRegenerationInterval
320The server key is automatically regenerated after this many seconds
321(if it has been used). The purpose of regeneration is to prevent
322decrypting captured sessions by later breaking into the machine and
323stealing the keys. The key is never stored anywhere. If the value is
3240, the key is never regenerated. The default is 3600
325(seconds).
326.It Cm ListenAddress
327Specifies what local address
328.Nm
329should listen on.
330The default is to listen to all local addresses.
Damien Miller34132e52000-01-14 15:45:46 +1100331Multiple options of this type are permitted.
332Additionally, the
333.Cm Ports
334options must precede this option.
Damien Miller32aa1441999-10-29 09:15:49 +1000335.It Cm LoginGraceTime
336The server disconnects after this time if the user has not
337successfully logged in. If the value is 0, there is no time limit.
338The default is 600 (seconds).
Damien Miller5ce662a1999-11-11 17:57:39 +1100339.It Cm LogLevel
340Gives the verbosity level that is used when logging messages from
341.Nm sshd .
342The possible values are:
Damien Miller95def091999-11-25 00:26:21 +1100343QUIET, FATAL, ERROR, INFO, VERBOSE and DEBUG.
Damien Miller5ce662a1999-11-11 17:57:39 +1100344The default is INFO.
345Logging with level DEBUG violates the privacy of users
346and is not recommended.
Damien Miller32aa1441999-10-29 09:15:49 +1000347.It Cm PasswordAuthentication
348Specifies whether password authentication is allowed.
349The default is
350.Dq yes .
351.It Cm PermitEmptyPasswords
352When password authentication is allowed, it specifies whether the
353server allows login to accounts with empty password strings. The default
354is
355.Dq yes .
356.It Cm PermitRootLogin
357Specifies whether the root can log in using
358.Xr ssh 1 .
359The argument must be
360.Dq yes ,
361.Dq without-password
362or
363.Dq no .
364The default is
365.Dq yes .
366If this options is set to
367.Dq without-password
368only password authentication is disabled for root.
369.Pp
370Root login with RSA authentication when the
371.Ar command
372option has been
373specified will be allowed regardless of the value of this setting
374(which may be useful for taking remote backups even if root login is
375normally not allowed).
376.It Cm Port
377Specifies the port number that
378.Nm
379listens on. The default is 22.
Damien Miller34132e52000-01-14 15:45:46 +1100380Multiple options of this type are permitted.
Damien Miller32aa1441999-10-29 09:15:49 +1000381.It Cm PrintMotd
382Specifies whether
383.Nm
384should print
385.Pa /etc/motd
386when a user logs in interactively. (On some systems it is also
387printed by the shell,
388.Pa /etc/profile ,
389or equivalent.) The default is
390.Dq yes .
Damien Miller32aa1441999-10-29 09:15:49 +1000391.It Cm RandomSeed
392Obsolete. Random number generation uses other techniques.
393.It Cm RhostsAuthentication
394Specifies whether authentication using rhosts or /etc/hosts.equiv
395files is sufficient. Normally, this method should not be permitted
396because it is insecure.
397.Cm RhostsRSAAuthentication
398should be used
399instead, because it performs RSA-based host authentication in addition
400to normal rhosts or /etc/hosts.equiv authentication.
401The default is
402.Dq no .
403.It Cm RhostsRSAAuthentication
404Specifies whether rhosts or /etc/hosts.equiv authentication together
405with successful RSA host authentication is allowed. The default is
406.Dq yes .
407.It Cm RSAAuthentication
408Specifies whether pure RSA authentication is allowed. The default is
409.Dq yes .
410.It Cm ServerKeyBits
411Defines the number of bits in the server key. The minimum value is
412512, and the default is 768.
413.It Cm SkeyAuthentication
414Specifies whether
415.Xr skey 1
416authentication is allowed. The default is
417.Dq yes .
418Note that s/key authentication is enabled only if
419.Cm PasswordAuthentication
420is allowed, too.
421.It Cm StrictModes
422Specifies whether
423.Nm
424should check file modes and ownership of the
425user's files and home directory before accepting login. This
426is normally desirable because novices sometimes accidentally leave their
427directory or files world-writable. The default is
428.Dq yes .
429.It Cm SyslogFacility
430Gives the facility code that is used when logging messages from
431.Nm sshd .
432The possible values are: DAEMON, USER, AUTH, LOCAL0, LOCAL1, LOCAL2,
433LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7. The default is AUTH.
434.It Cm UseLogin
435Specifies whether
436.Xr login 1
437is used. The default is
438.Dq no .
439.It Cm X11Forwarding
440Specifies whether X11 forwarding is permitted. The default is
441.Dq yes .
442Note that disabling X11 forwarding does not improve security in any
443way, as users can always install their own forwarders.
444.It Cm X11DisplayOffset
445Specifies the first display number available for
446.Nm sshd Ns 's
447X11 forwarding. This prevents
448.Nm
449from interfering with real X11 servers.
450.El
451.Sh LOGIN PROCESS
452When a user successfully logs in,
453.Nm
454does the following:
455.Bl -enum -offset indent
456.It
457If the login is on a tty, and no command has been specified,
458prints last login time and
459.Pa /etc/motd
460(unless prevented in the configuration file or by
461.Pa $HOME/.hushlogin ;
462see the
463.Sx FILES
464section).
465.It
466If the login is on a tty, records login time.
467.It
468Checks
469.Pa /etc/nologin ;
470if it exists, prints contents and quits
471(unless root).
472.It
473Changes to run with normal user privileges.
474.It
475Sets up basic environment.
476.It
477Reads
478.Pa $HOME/.ssh/environment
479if it exists.
480.It
481Changes to user's home directory.
482.It
483If
484.Pa $HOME/.ssh/rc
485exists, runs it; else if
Damien Millerc0d73901999-12-27 09:23:58 +1100486.Pa @sysconfdir@/sshrc
Damien Miller32aa1441999-10-29 09:15:49 +1000487exists, runs
488it; otherwise runs xauth. The
489.Dq rc
490files are given the X11
491authentication protocol and cookie in standard input.
492.It
493Runs user's shell or command.
494.El
495.Sh AUTHORIZED_KEYS FILE FORMAT
496The
497.Pa $HOME/.ssh/authorized_keys
498file lists the RSA keys that are
499permitted for RSA authentication. Each line of the file contains one
500key (empty lines and lines starting with a
501.Ql #
502are ignored as
503comments). Each line consists of the following fields, separated by
504spaces: options, bits, exponent, modulus, comment. The options field
505is optional; its presence is determined by whether the line starts
506with a number or not (the option field never starts with a number).
507The bits, exponent, modulus and comment fields give the RSA key; the
508comment field is not used for anything (but may be convenient for the
509user to identify the key).
510.Pp
511Note that lines in this file are usually several hundred bytes long
512(because of the size of the RSA key modulus). You don't want to type
513them in; instead, copy the
514.Pa identity.pub
515file and edit it.
516.Pp
517The options (if present) consists of comma-separated option
518specifications. No spaces are permitted, except within double quotes.
519The following option specifications are supported:
520.Bl -tag -width Ds
521.It Cm from="pattern-list"
522Specifies that in addition to RSA authentication, the canonical name
523of the remote host must be present in the comma-separated list of
524patterns ('*' and '?' serve as wildcards). The list may also contain
525patterns negated by prefixing them with '!'; if the canonical host
526name matches a negated pattern, the key is not accepted. The purpose
527of this option is to optionally increase security: RSA authentication
528by itself does not trust the network or name servers or anything (but
529the key); however, if somebody somehow steals the key, the key
530permits an intruder to log in from anywhere in the world. This
531additional option makes using a stolen key more difficult (name
532servers and/or routers would have to be compromised in addition to
533just the key).
534.It Cm command="command"
535Specifies that the command is executed whenever this key is used for
536authentication. The command supplied by the user (if any) is ignored.
537The command is run on a pty if the connection requests a pty;
538otherwise it is run without a tty. A quote may be included in the
539command by quoting it with a backslash. This option might be useful
540to restrict certain RSA keys to perform just a specific operation. An
541example might be a key that permits remote backups but nothing
542else. Notice that the client may specify TCP/IP and/or X11
543forwardings unless they are explicitly prohibited.
544.It Cm environment="NAME=value"
545Specifies that the string is to be added to the environment when
546logging in using this key. Environment variables set this way
547override other default environment values. Multiple options of this
548type are permitted.
549.It Cm no-port-forwarding
550Forbids TCP/IP forwarding when this key is used for authentication.
551Any port forward requests by the client will return an error. This
552might be used, e.g., in connection with the
553.Cm command
554option.
555.It Cm no-X11-forwarding
556Forbids X11 forwarding when this key is used for authentication.
557Any X11 forward requests by the client will return an error.
558.It Cm no-agent-forwarding
559Forbids authentication agent forwarding when this key is used for
560authentication.
561.It Cm no-pty
562Prevents tty allocation (a request to allocate a pty will fail).
563.El
564.Ss Examples
5651024 33 12121.\|.\|.\|312314325 ylo@foo.bar
566.Pp
567from="*.niksula.hut.fi,!pc.niksula.hut.fi" 1024 35 23.\|.\|.\|2334 ylo@niksula
568.Pp
569command="dump /home",no-pty,no-port-forwarding 1024 33 23.\|.\|.\|2323 backup.hut.fi
570.Sh SSH_KNOWN_HOSTS FILE FORMAT
571The
Damien Millerc0d73901999-12-27 09:23:58 +1100572.Pa @sysconfdir@/ssh_known_hosts
Damien Miller32aa1441999-10-29 09:15:49 +1000573and
574.Pa $HOME/.ssh/known_hosts
575files contain host public keys for all known hosts. The global file should
576be prepared by the admistrator (optional), and the per-user file is
577maintained automatically: whenever the user connects an unknown host
578its key is added to the per-user file.
579.Pp
580Each line in these files contains the following fields: hostnames,
581bits, exponent, modulus, comment. The fields are separated by spaces.
582.Pp
583Hostnames is a comma-separated list of patterns ('*' and '?' act as
584wildcards); each pattern in turn is matched against the canonical host
585name (when authenticating a client) or against the user-supplied
586name (when authenticating a server). A pattern may also be preceded
587by
588.Ql !
589to indicate negation: if the host name matches a negated
590pattern, it is not accepted (by that line) even if it matched another
591pattern on the line.
592.Pp
593Bits, exponent, and modulus are taken directly from the host key; they
594can be obtained, e.g., from
Damien Millerc0d73901999-12-27 09:23:58 +1100595.Pa @sysconfdir@/ssh_host_key.pub .
Damien Miller32aa1441999-10-29 09:15:49 +1000596The optional comment field continues to the end of the line, and is not used.
597.Pp
598Lines starting with
599.Ql #
600and empty lines are ignored as comments.
601.Pp
602When performing host authentication, authentication is accepted if any
603matching line has the proper key. It is thus permissible (but not
604recommended) to have several lines or different host keys for the same
605names. This will inevitably happen when short forms of host names
606from different domains are put in the file. It is possible
607that the files contain conflicting information; authentication is
608accepted if valid information can be found from either file.
609.Pp
610Note that the lines in these files are typically hundreds of characters
611long, and you definitely don't want to type in the host keys by hand.
612Rather, generate them by a script
613or by taking
Damien Millerc0d73901999-12-27 09:23:58 +1100614.Pa @sysconfdir@/ssh_host_key.pub
Damien Miller32aa1441999-10-29 09:15:49 +1000615and adding the host names at the front.
616.Ss Examples
617closenet,closenet.hut.fi,.\|.\|.\|,130.233.208.41 1024 37 159.\|.\|.93 closenet.hut.fi
618.Sh FILES
619.Bl -tag -width Ds
Damien Millerc0d73901999-12-27 09:23:58 +1100620.It Pa @sysconfdir@/sshd_config
Damien Miller32aa1441999-10-29 09:15:49 +1000621Contains configuration data for
622.Nm sshd .
623This file should be writable by root only, but it is recommended
624(though not necessary) that it be world-readable.
Damien Millerc0d73901999-12-27 09:23:58 +1100625.It Pa @sysconfdir@/ssh_host_key
Damien Miller32aa1441999-10-29 09:15:49 +1000626Contains the private part of the host key.
627This file should only be owned by root, readable only by root, and not
628accessible to others.
629Note that
630.Nm
631does not start if this file is group/world-accessible.
Damien Millerc0d73901999-12-27 09:23:58 +1100632.It Pa @sysconfdir@/ssh_host_key.pub
Damien Miller32aa1441999-10-29 09:15:49 +1000633Contains the public part of the host key.
634This file should be world-readable but writable only by
635root. Its contents should match the private part. This file is not
636really used for anything; it is only provided for the convenience of
637the user so its contents can be copied to known hosts files.
638These two files are created using
639.Xr ssh-keygen 1 .
640.It Pa /var/run/sshd.pid
641Contains the process ID of the
642.Nm
643listening for connections (if there are several daemons running
644concurrently for different ports, this contains the pid of the one
645started last). The contents of this file are not sensitive; it can be
646world-readable.
647.It Pa $HOME/.ssh/authorized_keys
648Lists the RSA keys that can be used to log into the user's account.
649This file must be readable by root (which may on some machines imply
650it being world-readable if the user's home directory resides on an NFS
651volume). It is recommended that it not be accessible by others. The
652format of this file is described above.
Damien Millerc0d73901999-12-27 09:23:58 +1100653.It Pa "@sysconfdir@_known_hosts" and "$HOME/.ssh/known_hosts"
Damien Miller5ce662a1999-11-11 17:57:39 +1100654These files are consulted when using rhosts with RSA host
Damien Miller32aa1441999-10-29 09:15:49 +1000655authentication to check the public key of the host. The key must be
Damien Miller33e511e1999-11-11 11:43:13 +1100656listed in one of these files to be accepted.
657The client uses the same files
Damien Miller32aa1441999-10-29 09:15:49 +1000658to verify that the remote host is the one we intended to
659connect. These files should be writable only by root/the owner.
Damien Millerc0d73901999-12-27 09:23:58 +1100660.Pa @sysconfdir@/ssh_known_hosts
Damien Miller32aa1441999-10-29 09:15:49 +1000661should be world-readable, and
662.Pa $HOME/.ssh/known_hosts
663can but need not be world-readable.
664.It Pa /etc/nologin
665If this file exists,
666.Nm
667refuses to let anyone except root log in. The contents of the file
668are displayed to anyone trying to log in, and non-root connections are
669refused. The file should be world-readable.
670.It Pa /etc/hosts.allow, /etc/hosts.deny
671If compiled with
672.Sy LIBWRAP
673support, tcp-wrappers access controls may be defined here as described in
674.Xr hosts_access 5 .
675.It Pa $HOME/.rhosts
676This file contains host-username pairs, separated by a space, one per
677line. The given user on the corresponding host is permitted to log in
678without password. The same file is used by rlogind and rshd.
679The file must
680be writable only by the user; it is recommended that it not be
681accessible by others.
682.Pp
683If is also possible to use netgroups in the file. Either host or user
684name may be of the form +@groupname to specify all hosts or all users
685in the group.
686.It Pa $HOME/.shosts
687For ssh,
688this file is exactly the same as for
689.Pa .rhosts .
690However, this file is
691not used by rlogin and rshd, so using this permits access using SSH only.
692.Pa /etc/hosts.equiv
693This file is used during
694.Pa .rhosts
695authentication. In the
696simplest form, this file contains host names, one per line. Users on
697those hosts are permitted to log in without a password, provided they
698have the same user name on both machines. The host name may also be
699followed by a user name; such users are permitted to log in as
700.Em any
701user on this machine (except root). Additionally, the syntax
702.Dq +@group
703can be used to specify netgroups. Negated entries start with
704.Ql \&- .
705.Pp
706If the client host/user is successfully matched in this file, login is
707automatically permitted provided the client and server user names are the
708same. Additionally, successful RSA host authentication is normally
709required. This file must be writable only by root; it is recommended
710that it be world-readable.
711.Pp
712.Sy "Warning: It is almost never a good idea to use user names in"
713.Pa hosts.equiv .
714Beware that it really means that the named user(s) can log in as
715.Em anybody ,
716which includes bin, daemon, adm, and other accounts that own critical
717binaries and directories. Using a user name practically grants the
718user root access. The only valid use for user names that I can think
719of is in negative entries.
720.Pp
721Note that this warning also applies to rsh/rlogin.
Damien Millerc0d73901999-12-27 09:23:58 +1100722.It Pa @sysconfdir@/shosts.equiv
Damien Miller32aa1441999-10-29 09:15:49 +1000723This is processed exactly as
724.Pa /etc/hosts.equiv .
725However, this file may be useful in environments that want to run both
726rsh/rlogin and ssh.
727.It Pa $HOME/.ssh/environment
728This file is read into the environment at login (if it exists). It
729can only contain empty lines, comment lines (that start with
730.Ql # ) ,
731and assignment lines of the form name=value. The file should be writable
732only by the user; it need not be readable by anyone else.
733.It Pa $HOME/.ssh/rc
734If this file exists, it is run with /bin/sh after reading the
735environment files but before starting the user's shell or command. If
736X11 spoofing is in use, this will receive the "proto cookie" pair in
737standard input (and
738.Ev DISPLAY
739in environment). This must call
740.Xr xauth 1
741in that case.
742.Pp
743The primary purpose of this file is to run any initialization routines
744which may be needed before the user's home directory becomes
745accessible; AFS is a particular example of such an environment.
746.Pp
747This file will probably contain some initialization code followed by
748something similar to: "if read proto cookie; then echo add $DISPLAY
749$proto $cookie | xauth -q -; fi".
750.Pp
751If this file does not exist,
Damien Millerc0d73901999-12-27 09:23:58 +1100752.Pa @sysconfdir@/sshrc
Damien Miller32aa1441999-10-29 09:15:49 +1000753is run, and if that
754does not exist either, xauth is used to store the cookie.
755.Pp
756This file should be writable only by the user, and need not be
757readable by anyone else.
Damien Millerc0d73901999-12-27 09:23:58 +1100758.It Pa @sysconfdir@/sshrc
Damien Miller32aa1441999-10-29 09:15:49 +1000759Like
760.Pa $HOME/.ssh/rc .
761This can be used to specify
762machine-specific login-time initializations globally. This file
763should be writable only by root, and should be world-readable.
764.Sh AUTHOR
765Tatu Ylonen <ylo@cs.hut.fi>
766.Pp
767Information about new releases, mailing lists, and other related
768issues can be found from the SSH WWW home page:
769.Pp
770.Dl http://www.cs.hut.fi/ssh.
771.Pp
772OpenSSH
773is a derivative of the original (free) ssh 1.2.12 release, but with bugs
774removed and newer features re-added. Rapidly after the 1.2.12 release,
775newer versions bore successively more restrictive licenses. This version
776of OpenSSH
777.Bl -bullet
778.It
779has all components of a restrictive nature (ie. patents, see
780.Xr ssl 8 )
781directly removed from the source code; any licensed or patented components
782are chosen from
783external libraries.
784.It
785has been updated to support ssh protocol 1.5.
786.It
787contains added support for
788.Xr kerberos 8
789authentication and ticket passing.
790.It
791supports one-time password authentication with
792.Xr skey 1 .
793.El
794.Pp
795The libraries described in
796.Xr ssl 8
797are required for proper operation.
798.Sh SEE ALSO
799.Xr rlogin 1 ,
800.Xr rsh 1 ,
801.Xr scp 1 ,
802.Xr ssh 1 ,
803.Xr ssh-add 1 ,
804.Xr ssh-agent 1 ,
805.Xr ssh-keygen 1 ,
806.Xr ssl 8