blob: 314ecfb0e6703bb69a3b7814c80eb45ae59bbf86 [file] [log] [blame]
Ben Lindstrom9f049032002-06-21 00:59:05 +00001.\"
2.\" Author: Tatu Ylonen <ylo@cs.hut.fi>
3.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
4.\" All rights reserved
5.\"
6.\" As far as I am concerned, the code I have written for this software
7.\" can be used freely for any purpose. Any derived versions of this
8.\" software must be clearly marked as such, and if the derived work is
9.\" incompatible with the protocol description in the RFC file, it must be
10.\" called by a name other than "ssh" or "Secure Shell".
11.\"
12.\" Copyright (c) 1999,2000 Markus Friedl. All rights reserved.
13.\" Copyright (c) 1999 Aaron Campbell. All rights reserved.
14.\" Copyright (c) 1999 Theo de Raadt. All rights reserved.
15.\"
16.\" Redistribution and use in source and binary forms, with or without
17.\" modification, are permitted provided that the following conditions
18.\" are met:
19.\" 1. Redistributions of source code must retain the above copyright
20.\" notice, this list of conditions and the following disclaimer.
21.\" 2. Redistributions in binary form must reproduce the above copyright
22.\" notice, this list of conditions and the following disclaimer in the
23.\" documentation and/or other materials provided with the distribution.
24.\"
25.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
26.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
27.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
28.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
29.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
30.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
31.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
32.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
33.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
34.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
35.\"
Darren Tuckerecbf14a2012-07-02 18:53:37 +100036.\" $OpenBSD: sshd_config.5,v 1.144 2012/06/29 13:57:25 naddy Exp $
37.Dd $Mdocdate: June 29 2012 $
Ben Lindstrom9f049032002-06-21 00:59:05 +000038.Dt SSHD_CONFIG 5
39.Os
40.Sh NAME
41.Nm sshd_config
42.Nd OpenSSH SSH daemon configuration file
43.Sh SYNOPSIS
Damien Millerd94fc722007-01-05 16:29:30 +110044.Nm /etc/ssh/sshd_config
Ben Lindstrom9f049032002-06-21 00:59:05 +000045.Sh DESCRIPTION
Damien Millerf4f22b52006-03-15 11:57:25 +110046.Xr sshd 8
Ben Lindstrom9f049032002-06-21 00:59:05 +000047reads configuration data from
48.Pa /etc/ssh/sshd_config
49(or the file specified with
50.Fl f
51on the command line).
52The file contains keyword-argument pairs, one per line.
53Lines starting with
54.Ql #
55and empty lines are interpreted as comments.
Damien Miller306d1182006-03-15 12:05:59 +110056Arguments may optionally be enclosed in double quotes
57.Pq \&"
58in order to represent arguments containing spaces.
Ben Lindstrom9f049032002-06-21 00:59:05 +000059.Pp
60The possible
61keywords and their meanings are as follows (note that
62keywords are case-insensitive and arguments are case-sensitive):
63.Bl -tag -width Ds
Darren Tucker46bc0752004-05-02 22:11:30 +100064.It Cm AcceptEnv
65Specifies what environment variables sent by the client will be copied into
66the session's
67.Xr environ 7 .
68See
69.Cm SendEnv
70in
71.Xr ssh_config 5
72for how to configure the client.
Darren Tucker1e0c9bf2004-05-02 22:12:48 +100073Note that environment passing is only supported for protocol 2.
Darren Tucker46bc0752004-05-02 22:11:30 +100074Variables are specified by name, which may contain the wildcard characters
Damien Miller208f1ed2006-03-15 11:56:03 +110075.Ql *
Darren Tucker46bc0752004-05-02 22:11:30 +100076and
77.Ql \&? .
Darren Tucker1e0c9bf2004-05-02 22:12:48 +100078Multiple environment variables may be separated by whitespace or spread
Darren Tucker46bc0752004-05-02 22:11:30 +100079across multiple
80.Cm AcceptEnv
81directives.
Darren Tucker1e0c9bf2004-05-02 22:12:48 +100082Be warned that some environment variables could be used to bypass restricted
Darren Tucker46bc0752004-05-02 22:11:30 +100083user environments.
84For this reason, care should be taken in the use of this directive.
85The default is not to accept any environment variables.
Darren Tucker0f383232005-01-20 10:57:56 +110086.It Cm AddressFamily
87Specifies which address family should be used by
Damien Millerf4f22b52006-03-15 11:57:25 +110088.Xr sshd 8 .
Darren Tucker0f383232005-01-20 10:57:56 +110089Valid arguments are
90.Dq any ,
91.Dq inet
Damien Miller5b0d63f2006-03-15 11:56:56 +110092(use IPv4 only), or
Darren Tucker0f383232005-01-20 10:57:56 +110093.Dq inet6
94(use IPv6 only).
95The default is
96.Dq any .
Damien Millere9890192008-05-19 14:59:02 +100097.It Cm AllowAgentForwarding
98Specifies whether
99.Xr ssh-agent 1
100forwarding is permitted.
101The default is
102.Dq yes .
103Note that disabling agent forwarding does not improve security
104unless users are also denied shell access, as they can always install
105their own forwarders.
Ben Lindstrom9f049032002-06-21 00:59:05 +0000106.It Cm AllowGroups
107This keyword can be followed by a list of group name patterns, separated
108by spaces.
109If specified, login is allowed only for users whose primary
110group or supplementary group list matches one of the patterns.
Ben Lindstrom9f049032002-06-21 00:59:05 +0000111Only group names are valid; a numerical group ID is not recognized.
112By default, login is allowed for all groups.
Damien Millerac73e512006-03-15 11:58:49 +1100113The allow/deny directives are processed in the following order:
114.Cm DenyUsers ,
115.Cm AllowUsers ,
116.Cm DenyGroups ,
117and finally
118.Cm AllowGroups .
Damien Miller0c2079d2006-03-15 11:54:21 +1100119.Pp
120See
121.Sx PATTERNS
122in
123.Xr ssh_config 5
124for more information on patterns.
Ben Lindstrom9f049032002-06-21 00:59:05 +0000125.It Cm AllowTcpForwarding
126Specifies whether TCP forwarding is permitted.
127The default is
128.Dq yes .
129Note that disabling TCP forwarding does not improve security unless
130users are also denied shell access, as they can always install their
131own forwarders.
Ben Lindstrom9f049032002-06-21 00:59:05 +0000132.It Cm AllowUsers
133This keyword can be followed by a list of user name patterns, separated
134by spaces.
Damien Miller5a93add2003-01-24 11:34:52 +1100135If specified, login is allowed only for user names that
Ben Lindstrom9f049032002-06-21 00:59:05 +0000136match one of the patterns.
Ben Lindstrom9f049032002-06-21 00:59:05 +0000137Only user names are valid; a numerical user ID is not recognized.
138By default, login is allowed for all users.
139If the pattern takes the form USER@HOST then USER and HOST
140are separately checked, restricting logins to particular
141users from particular hosts.
Damien Millerac73e512006-03-15 11:58:49 +1100142The allow/deny directives are processed in the following order:
143.Cm DenyUsers ,
144.Cm AllowUsers ,
145.Cm DenyGroups ,
146and finally
147.Cm AllowGroups .
Damien Miller0c2079d2006-03-15 11:54:21 +1100148.Pp
149See
150.Sx PATTERNS
151in
152.Xr ssh_config 5
153for more information on patterns.
Ben Lindstrom9f049032002-06-21 00:59:05 +0000154.It Cm AuthorizedKeysFile
155Specifies the file that contains the public keys that can be used
156for user authentication.
Damien Miller6018a362010-07-02 13:35:19 +1000157The format is described in the
158.Sx AUTHORIZED_KEYS FILE FORMAT
159section of
160.Xr sshd 8 .
Ben Lindstrom9f049032002-06-21 00:59:05 +0000161.Cm AuthorizedKeysFile
162may contain tokens of the form %T which are substituted during connection
Damien Miller5b0d63f2006-03-15 11:56:56 +1100163setup.
Damien Millerfbf486b2003-05-23 18:44:23 +1000164The following tokens are defined: %% is replaced by a literal '%',
Damien Miller5b0d63f2006-03-15 11:56:56 +1100165%h is replaced by the home directory of the user being authenticated, and
Ben Lindstrom9f049032002-06-21 00:59:05 +0000166%u is replaced by the username of that user.
167After expansion,
168.Cm AuthorizedKeysFile
169is taken to be an absolute path or one relative to the user's home
170directory.
Damien Millerb9132fc2011-05-29 21:41:40 +1000171Multiple files may be listed, separated by whitespace.
172The default is
173.Dq .ssh/authorized_keys .ssh/authorized_keys2 .
Damien Miller30da3442010-05-10 11:58:03 +1000174.It Cm AuthorizedPrincipalsFile
175Specifies a file that lists principal names that are accepted for
176certificate authentication.
177When using certificates signed by a key listed in
178.Cm TrustedUserCAKeys ,
179this file lists names, one of which must appear in the certificate for it
180to be accepted for authentication.
Damien Millerd59dab82010-07-02 13:37:17 +1000181Names are listed one per line preceded by key options (as described
Damien Miller6018a362010-07-02 13:35:19 +1000182in
183.Sx AUTHORIZED_KEYS FILE FORMAT
184in
Damien Millerd59dab82010-07-02 13:37:17 +1000185.Xr sshd 8 ) .
Damien Miller6018a362010-07-02 13:35:19 +1000186Empty lines and comments starting with
Damien Miller30da3442010-05-10 11:58:03 +1000187.Ql #
188are ignored.
189.Pp
190.Cm AuthorizedPrincipalsFile
191may contain tokens of the form %T which are substituted during connection
192setup.
193The following tokens are defined: %% is replaced by a literal '%',
194%h is replaced by the home directory of the user being authenticated, and
195%u is replaced by the username of that user.
196After expansion,
197.Cm AuthorizedPrincipalsFile
198is taken to be an absolute path or one relative to the user's home
199directory.
200.Pp
Damien Miller8fef9eb2012-04-22 11:25:10 +1000201The default is
202.Dq none ,
203i.e. not to use a principals file \(en in this case, the username
Damien Miller30da3442010-05-10 11:58:03 +1000204of the user must appear in a certificate's principals list for it to be
205accepted.
206Note that
207.Cm AuthorizedPrincipalsFile
208is only used when authentication proceeds using a CA listed in
209.Cm TrustedUserCAKeys
210and is not consulted for certification authorities trusted via
211.Pa ~/.ssh/authorized_keys ,
212though the
213.Cm principals=
214key option offers a similar facility (see
215.Xr sshd 8
216for details).
Ben Lindstrom9f049032002-06-21 00:59:05 +0000217.It Cm Banner
Ben Lindstrom9f049032002-06-21 00:59:05 +0000218The contents of the specified file are sent to the remote user before
219authentication is allowed.
Damien Miller4890e532007-09-17 11:57:38 +1000220If the argument is
221.Dq none
222then no banner is displayed.
Ben Lindstrom9f049032002-06-21 00:59:05 +0000223This option is only available for protocol version 2.
224By default, no banner is displayed.
Ben Lindstrom9f049032002-06-21 00:59:05 +0000225.It Cm ChallengeResponseAuthentication
Damien Miller9c7bf8d2009-08-28 10:27:08 +1000226Specifies whether challenge-response authentication is allowed (e.g. via
227PAM or though authentication styles supported in
228.Xr login.conf 5 )
Ben Lindstrom9f049032002-06-21 00:59:05 +0000229The default is
230.Dq yes .
Damien Millerd8cb1f12008-02-10 22:40:12 +1100231.It Cm ChrootDirectory
Darren Tuckerb8c884a2010-01-08 18:53:43 +1100232Specifies the pathname of a directory to
Damien Millerd8cb1f12008-02-10 22:40:12 +1100233.Xr chroot 2
234to after authentication.
Darren Tuckerb8c884a2010-01-08 18:53:43 +1100235All components of the pathname must be root-owned directories that are
Damien Millerd8cb1f12008-02-10 22:40:12 +1100236not writable by any other user or group.
Darren Tucker51dbe502009-06-21 17:56:51 +1000237After the chroot,
238.Xr sshd 8
239changes the working directory to the user's home directory.
Damien Millerd8cb1f12008-02-10 22:40:12 +1100240.Pp
Darren Tuckerb8c884a2010-01-08 18:53:43 +1100241The pathname may contain the following tokens that are expanded at runtime once
Damien Millerd8cb1f12008-02-10 22:40:12 +1100242the connecting user has been authenticated: %% is replaced by a literal '%',
243%h is replaced by the home directory of the user being authenticated, and
244%u is replaced by the username of that user.
245.Pp
246The
247.Cm ChrootDirectory
248must contain the necessary files and directories to support the
Darren Tuckeraf501cf2009-06-21 17:53:04 +1000249user's session.
Damien Millerd8cb1f12008-02-10 22:40:12 +1100250For an interactive session this requires at least a shell, typically
251.Xr sh 1 ,
252and basic
253.Pa /dev
254nodes such as
255.Xr null 4 ,
256.Xr zero 4 ,
257.Xr stdin 4 ,
258.Xr stdout 4 ,
259.Xr stderr 4 ,
260.Xr arandom 4
261and
262.Xr tty 4
263devices.
264For file transfer sessions using
Darren Tuckerf92077f2009-06-21 17:56:25 +1000265.Dq sftp ,
Damien Millerd8cb1f12008-02-10 22:40:12 +1100266no additional configuration of the environment is necessary if the
Darren Tuckerf92077f2009-06-21 17:56:25 +1000267in-process sftp server is used,
268though sessions which use logging do require
Darren Tucker00fcd712009-06-21 17:56:00 +1000269.Pa /dev/log
270inside the chroot directory (see
271.Xr sftp-server 8
272for details).
Damien Millerd8cb1f12008-02-10 22:40:12 +1100273.Pp
274The default is not to
275.Xr chroot 2 .
Ben Lindstrom9f049032002-06-21 00:59:05 +0000276.It Cm Ciphers
277Specifies the ciphers allowed for protocol version 2.
278Multiple ciphers must be comma-separated.
Damien Miller05202ff2004-06-15 10:30:39 +1000279The supported ciphers are
280.Dq 3des-cbc ,
281.Dq aes128-cbc ,
282.Dq aes192-cbc ,
283.Dq aes256-cbc ,
284.Dq aes128-ctr ,
285.Dq aes192-ctr ,
286.Dq aes256-ctr ,
Damien Miller3710f272005-05-26 12:19:17 +1000287.Dq arcfour128 ,
288.Dq arcfour256 ,
Damien Miller05202ff2004-06-15 10:30:39 +1000289.Dq arcfour ,
290.Dq blowfish-cbc ,
291and
292.Dq cast128-cbc .
Damien Miller5b0d63f2006-03-15 11:56:56 +1100293The default is:
294.Bd -literal -offset 3n
Damien Miller9aa72ba2009-01-28 16:34:00 +1100295aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,
296aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,
297aes256-cbc,arcfour
Ben Lindstrom9f049032002-06-21 00:59:05 +0000298.Ed
Ben Lindstrom9f049032002-06-21 00:59:05 +0000299.It Cm ClientAliveCountMax
Damien Millerb7977702006-01-03 18:47:31 +1100300Sets the number of client alive messages (see below) which may be
Ben Lindstrom9f049032002-06-21 00:59:05 +0000301sent without
Damien Miller5b0d63f2006-03-15 11:56:56 +1100302.Xr sshd 8
Damien Millerfbf486b2003-05-23 18:44:23 +1000303receiving any messages back from the client.
304If this threshold is reached while client alive messages are being sent,
Damien Miller5b0d63f2006-03-15 11:56:56 +1100305sshd will disconnect the client, terminating the session.
Damien Millerfbf486b2003-05-23 18:44:23 +1000306It is important to note that the use of client alive messages is very
307different from
Damien Miller12c150e2003-12-17 16:31:10 +1100308.Cm TCPKeepAlive
Damien Millerfbf486b2003-05-23 18:44:23 +1000309(below).
310The client alive messages are sent through the encrypted channel
311and therefore will not be spoofable.
312The TCP keepalive option enabled by
Damien Miller12c150e2003-12-17 16:31:10 +1100313.Cm TCPKeepAlive
Damien Millerfbf486b2003-05-23 18:44:23 +1000314is spoofable.
315The client alive mechanism is valuable when the client or
Ben Lindstrom9f049032002-06-21 00:59:05 +0000316server depend on knowing when a connection has become inactive.
317.Pp
Damien Millerfbf486b2003-05-23 18:44:23 +1000318The default value is 3.
319If
Ben Lindstrom9f049032002-06-21 00:59:05 +0000320.Cm ClientAliveInterval
Damien Millerb7977702006-01-03 18:47:31 +1100321(see below) is set to 15, and
Ben Lindstrom9f049032002-06-21 00:59:05 +0000322.Cm ClientAliveCountMax
Damien Miller5b0d63f2006-03-15 11:56:56 +1100323is left at the default, unresponsive SSH clients
Ben Lindstrom9f049032002-06-21 00:59:05 +0000324will be disconnected after approximately 45 seconds.
Damien Millercc3e8ba2006-03-15 12:06:55 +1100325This option applies to protocol version 2 only.
Damien Miller1594ad52005-05-26 12:12:19 +1000326.It Cm ClientAliveInterval
327Sets a timeout interval in seconds after which if no data has been received
328from the client,
Damien Miller5b0d63f2006-03-15 11:56:56 +1100329.Xr sshd 8
Damien Miller1594ad52005-05-26 12:12:19 +1000330will send a message through the encrypted
331channel to request a response from the client.
332The default
333is 0, indicating that these messages will not be sent to the client.
334This option applies to protocol version 2 only.
Ben Lindstrom9f049032002-06-21 00:59:05 +0000335.It Cm Compression
Damien Miller9786e6e2005-07-26 21:54:56 +1000336Specifies whether compression is allowed, or delayed until
337the user has authenticated successfully.
Ben Lindstrom9f049032002-06-21 00:59:05 +0000338The argument must be
Damien Miller9786e6e2005-07-26 21:54:56 +1000339.Dq yes ,
340.Dq delayed ,
Ben Lindstrom9f049032002-06-21 00:59:05 +0000341or
342.Dq no .
343The default is
Damien Miller9786e6e2005-07-26 21:54:56 +1000344.Dq delayed .
Ben Lindstrom9f049032002-06-21 00:59:05 +0000345.It Cm DenyGroups
346This keyword can be followed by a list of group name patterns, separated
347by spaces.
348Login is disallowed for users whose primary group or supplementary
349group list matches one of the patterns.
Ben Lindstrom9f049032002-06-21 00:59:05 +0000350Only group names are valid; a numerical group ID is not recognized.
351By default, login is allowed for all groups.
Damien Millerac73e512006-03-15 11:58:49 +1100352The allow/deny directives are processed in the following order:
353.Cm DenyUsers ,
354.Cm AllowUsers ,
355.Cm DenyGroups ,
356and finally
357.Cm AllowGroups .
Damien Miller0c2079d2006-03-15 11:54:21 +1100358.Pp
359See
360.Sx PATTERNS
361in
362.Xr ssh_config 5
363for more information on patterns.
Ben Lindstrom9f049032002-06-21 00:59:05 +0000364.It Cm DenyUsers
365This keyword can be followed by a list of user name patterns, separated
366by spaces.
367Login is disallowed for user names that match one of the patterns.
Ben Lindstrom9f049032002-06-21 00:59:05 +0000368Only user names are valid; a numerical user ID is not recognized.
369By default, login is allowed for all users.
370If the pattern takes the form USER@HOST then USER and HOST
371are separately checked, restricting logins to particular
372users from particular hosts.
Damien Millerac73e512006-03-15 11:58:49 +1100373The allow/deny directives are processed in the following order:
374.Cm DenyUsers ,
375.Cm AllowUsers ,
376.Cm DenyGroups ,
377and finally
378.Cm AllowGroups .
Damien Miller0c2079d2006-03-15 11:54:21 +1100379.Pp
380See
381.Sx PATTERNS
382in
383.Xr ssh_config 5
384for more information on patterns.
Damien Millere2754432006-07-24 14:06:47 +1000385.It Cm ForceCommand
386Forces the execution of the command specified by
387.Cm ForceCommand ,
Damien Millera1b48cc2008-03-27 11:02:02 +1100388ignoring any command supplied by the client and
389.Pa ~/.ssh/rc
390if present.
Damien Millere2754432006-07-24 14:06:47 +1000391The command is invoked by using the user's login shell with the -c option.
392This applies to shell, command, or subsystem execution.
393It is most useful inside a
394.Cm Match
395block.
396The command originally supplied by the client is available in the
397.Ev SSH_ORIGINAL_COMMAND
398environment variable.
Damien Millercdb6e652008-02-10 22:47:24 +1100399Specifying a command of
400.Dq internal-sftp
401will force the use of an in-process sftp server that requires no support
402files when used with
403.Cm ChrootDirectory .
Ben Lindstrom9f049032002-06-21 00:59:05 +0000404.It Cm GatewayPorts
405Specifies whether remote hosts are allowed to connect to ports
406forwarded for the client.
407By default,
Damien Miller5b0d63f2006-03-15 11:56:56 +1100408.Xr sshd 8
Damien Miller495dca32003-04-01 21:42:14 +1000409binds remote port forwardings to the loopback address.
410This prevents other remote hosts from connecting to forwarded ports.
Ben Lindstrom9f049032002-06-21 00:59:05 +0000411.Cm GatewayPorts
Damien Miller5b0d63f2006-03-15 11:56:56 +1100412can be used to specify that sshd
Damien Millerf91ee4c2005-03-01 21:24:33 +1100413should allow remote port forwardings to bind to non-loopback addresses, thus
414allowing other hosts to connect.
415The argument may be
416.Dq no
417to force remote port forwardings to be available to the local host only,
Ben Lindstrom9f049032002-06-21 00:59:05 +0000418.Dq yes
Damien Millerf91ee4c2005-03-01 21:24:33 +1100419to force remote port forwardings to bind to the wildcard address, or
420.Dq clientspecified
421to allow the client to select the address to which the forwarding is bound.
Ben Lindstrom9f049032002-06-21 00:59:05 +0000422The default is
423.Dq no .
Darren Tucker0efd1552003-08-26 11:49:55 +1000424.It Cm GSSAPIAuthentication
Damien Miller9b7b03b2003-09-02 22:57:05 +1000425Specifies whether user authentication based on GSSAPI is allowed.
Damien Millera8e06ce2003-11-21 23:48:55 +1100426The default is
Darren Tucker0efd1552003-08-26 11:49:55 +1000427.Dq no .
428Note that this option applies to protocol version 2 only.
429.It Cm GSSAPICleanupCredentials
430Specifies whether to automatically destroy the user's credentials cache
431on logout.
432The default is
433.Dq yes .
434Note that this option applies to protocol version 2 only.
Ben Lindstrom9f049032002-06-21 00:59:05 +0000435.It Cm HostbasedAuthentication
436Specifies whether rhosts or /etc/hosts.equiv authentication together
437with successful public key client host authentication is allowed
Damien Miller1faa7132006-03-15 11:55:31 +1100438(host-based authentication).
Ben Lindstrom9f049032002-06-21 00:59:05 +0000439This option is similar to
440.Cm RhostsRSAAuthentication
441and applies to protocol version 2 only.
442The default is
443.Dq no .
Damien Millerb594f382006-08-30 11:06:34 +1000444.It Cm HostbasedUsesNameFromPacketOnly
445Specifies whether or not the server will attempt to perform a reverse
446name lookup when matching the name in the
447.Pa ~/.shosts ,
448.Pa ~/.rhosts ,
449and
450.Pa /etc/hosts.equiv
451files during
452.Cm HostbasedAuthentication .
453A setting of
454.Dq yes
455means that
456.Xr sshd 8
457uses the name supplied by the client rather than
458attempting to resolve the name from the TCP connection itself.
459The default is
460.Dq no .
Damien Miller0a80ca12010-02-27 07:55:05 +1100461.It Cm HostCertificate
462Specifies a file containing a public host certificate.
463The certificate's public key must match a private host key already specified
464by
465.Cm HostKey .
466The default behaviour of
467.Xr sshd 8
468is not to load any certificates.
Ben Lindstrom9f049032002-06-21 00:59:05 +0000469.It Cm HostKey
470Specifies a file containing a private host key
471used by SSH.
472The default is
473.Pa /etc/ssh/ssh_host_key
474for protocol version 1, and
Damien Millereb8b60e2010-08-31 22:41:14 +1000475.Pa /etc/ssh/ssh_host_dsa_key ,
476.Pa /etc/ssh/ssh_host_ecdsa_key
Ben Lindstrom9f049032002-06-21 00:59:05 +0000477and
Damien Millereb8b60e2010-08-31 22:41:14 +1000478.Pa /etc/ssh/ssh_host_rsa_key
Ben Lindstrom9f049032002-06-21 00:59:05 +0000479for protocol version 2.
480Note that
Damien Miller5b0d63f2006-03-15 11:56:56 +1100481.Xr sshd 8
Ben Lindstrom9f049032002-06-21 00:59:05 +0000482will refuse to use a file if it is group/world-accessible.
483It is possible to have multiple host key files.
484.Dq rsa1
485keys are used for version 1 and
Damien Millereb8b60e2010-08-31 22:41:14 +1000486.Dq dsa ,
487.Dq ecdsa
Ben Lindstrom9f049032002-06-21 00:59:05 +0000488or
489.Dq rsa
490are used for version 2 of the SSH protocol.
491.It Cm IgnoreRhosts
492Specifies that
493.Pa .rhosts
494and
495.Pa .shosts
496files will not be used in
Ben Lindstrom9f049032002-06-21 00:59:05 +0000497.Cm RhostsRSAAuthentication
498or
499.Cm HostbasedAuthentication .
500.Pp
501.Pa /etc/hosts.equiv
502and
503.Pa /etc/shosts.equiv
504are still used.
505The default is
506.Dq yes .
507.It Cm IgnoreUserKnownHosts
508Specifies whether
Damien Miller5b0d63f2006-03-15 11:56:56 +1100509.Xr sshd 8
Ben Lindstrom9f049032002-06-21 00:59:05 +0000510should ignore the user's
Damien Miller167ea5d2005-05-26 12:04:02 +1000511.Pa ~/.ssh/known_hosts
Ben Lindstrom9f049032002-06-21 00:59:05 +0000512during
513.Cm RhostsRSAAuthentication
514or
515.Cm HostbasedAuthentication .
516The default is
517.Dq no .
Damien Miller0dac6fb2010-11-20 15:19:38 +1100518.It Cm IPQoS
519Specifies the IPv4 type-of-service or DSCP class for the connection.
520Accepted values are
521.Dq af11 ,
522.Dq af12 ,
523.Dq af13 ,
Damien Millerf6e758c2011-09-22 21:37:13 +1000524.Dq af21 ,
Damien Miller0dac6fb2010-11-20 15:19:38 +1100525.Dq af22 ,
526.Dq af23 ,
527.Dq af31 ,
528.Dq af32 ,
529.Dq af33 ,
530.Dq af41 ,
531.Dq af42 ,
532.Dq af43 ,
533.Dq cs0 ,
534.Dq cs1 ,
535.Dq cs2 ,
536.Dq cs3 ,
537.Dq cs4 ,
538.Dq cs5 ,
539.Dq cs6 ,
540.Dq cs7 ,
541.Dq ef ,
542.Dq lowdelay ,
543.Dq throughput ,
544.Dq reliability ,
545or a numeric value.
Damien Miller928362d2010-12-26 14:26:45 +1100546This option may take one or two arguments, separated by whitespace.
Damien Miller0dac6fb2010-11-20 15:19:38 +1100547If one argument is specified, it is used as the packet class unconditionally.
548If two values are specified, the first is automatically selected for
549interactive sessions and the second for non-interactive sessions.
550The default is
551.Dq lowdelay
552for interactive sessions and
553.Dq throughput
554for non-interactive sessions.
Ben Lindstrom9f049032002-06-21 00:59:05 +0000555.It Cm KerberosAuthentication
Damien Miller1a0c0b92003-09-02 22:51:17 +1000556Specifies whether the password provided by the user for
Ben Lindstrom9f049032002-06-21 00:59:05 +0000557.Cm PasswordAuthentication
Damien Miller1a0c0b92003-09-02 22:51:17 +1000558will be validated through the Kerberos KDC.
Ben Lindstrom9f049032002-06-21 00:59:05 +0000559To use this option, the server needs a
560Kerberos servtab which allows the verification of the KDC's identity.
Damien Miller5b0d63f2006-03-15 11:56:56 +1100561The default is
Ben Lindstrom9f049032002-06-21 00:59:05 +0000562.Dq no .
Damien Miller8448e662004-03-08 23:13:15 +1100563.It Cm KerberosGetAFSToken
Darren Tuckere2dd2d52005-10-03 18:19:06 +1000564If AFS is active and the user has a Kerberos 5 TGT, attempt to acquire
Damien Miller8448e662004-03-08 23:13:15 +1100565an AFS token before accessing the user's home directory.
Damien Miller5b0d63f2006-03-15 11:56:56 +1100566The default is
Damien Miller8448e662004-03-08 23:13:15 +1100567.Dq no .
Ben Lindstrom9f049032002-06-21 00:59:05 +0000568.It Cm KerberosOrLocalPasswd
Damien Miller5b0d63f2006-03-15 11:56:56 +1100569If password authentication through Kerberos fails then
Ben Lindstrom9f049032002-06-21 00:59:05 +0000570the password will be validated via any additional local mechanism
571such as
572.Pa /etc/passwd .
Damien Miller5b0d63f2006-03-15 11:56:56 +1100573The default is
Ben Lindstrom9f049032002-06-21 00:59:05 +0000574.Dq yes .
Ben Lindstrom9f049032002-06-21 00:59:05 +0000575.It Cm KerberosTicketCleanup
576Specifies whether to automatically destroy the user's ticket cache
577file on logout.
Damien Miller5b0d63f2006-03-15 11:56:56 +1100578The default is
Ben Lindstrom9f049032002-06-21 00:59:05 +0000579.Dq yes .
Damien Millerd5f62bf2010-09-24 22:11:14 +1000580.It Cm KexAlgorithms
581Specifies the available KEX (Key Exchange) algorithms.
582Multiple algorithms must be comma-separated.
583The default is
584.Dq ecdh-sha2-nistp256 ,
585.Dq ecdh-sha2-nistp384 ,
586.Dq ecdh-sha2-nistp521 ,
Damien Miller0a184732010-11-20 15:21:03 +1100587.Dq diffie-hellman-group-exchange-sha256 ,
Damien Millerd5f62bf2010-09-24 22:11:14 +1000588.Dq diffie-hellman-group-exchange-sha1 ,
589.Dq diffie-hellman-group14-sha1 ,
590.Dq diffie-hellman-group1-sha1 .
Ben Lindstrom9f049032002-06-21 00:59:05 +0000591.It Cm KeyRegenerationInterval
592In protocol version 1, the ephemeral server key is automatically regenerated
593after this many seconds (if it has been used).
594The purpose of regeneration is to prevent
595decrypting captured sessions by later breaking into the machine and
596stealing the keys.
597The key is never stored anywhere.
598If the value is 0, the key is never regenerated.
599The default is 3600 (seconds).
600.It Cm ListenAddress
601Specifies the local addresses
Damien Miller5b0d63f2006-03-15 11:56:56 +1100602.Xr sshd 8
Ben Lindstrom9f049032002-06-21 00:59:05 +0000603should listen on.
604The following forms may be used:
605.Pp
606.Bl -item -offset indent -compact
607.It
608.Cm ListenAddress
609.Sm off
610.Ar host No | Ar IPv4_addr No | Ar IPv6_addr
611.Sm on
612.It
613.Cm ListenAddress
614.Sm off
615.Ar host No | Ar IPv4_addr No : Ar port
616.Sm on
617.It
618.Cm ListenAddress
619.Sm off
620.Oo
621.Ar host No | Ar IPv6_addr Oc : Ar port
622.Sm on
623.El
624.Pp
625If
626.Ar port
627is not specified,
Damien Miller5b0d63f2006-03-15 11:56:56 +1100628sshd will listen on the address and all prior
Ben Lindstrom9f049032002-06-21 00:59:05 +0000629.Cm Port
Damien Millerfbf486b2003-05-23 18:44:23 +1000630options specified.
631The default is to listen on all local addresses.
Damien Miller495dca32003-04-01 21:42:14 +1000632Multiple
Ben Lindstrom9f049032002-06-21 00:59:05 +0000633.Cm ListenAddress
Damien Millerfbf486b2003-05-23 18:44:23 +1000634options are permitted.
635Additionally, any
Ben Lindstrom9f049032002-06-21 00:59:05 +0000636.Cm Port
Damien Miller5b0d63f2006-03-15 11:56:56 +1100637options must precede this option for non-port qualified addresses.
Ben Lindstrom9f049032002-06-21 00:59:05 +0000638.It Cm LoginGraceTime
639The server disconnects after this time if the user has not
640successfully logged in.
641If the value is 0, there is no time limit.
Damien Millerc1348632002-09-05 14:35:14 +1000642The default is 120 seconds.
Ben Lindstrom9f049032002-06-21 00:59:05 +0000643.It Cm LogLevel
644Gives the verbosity level that is used when logging messages from
Damien Millerf4f22b52006-03-15 11:57:25 +1100645.Xr sshd 8 .
Ben Lindstrom9f049032002-06-21 00:59:05 +0000646The possible values are:
Damien Miller5b0d63f2006-03-15 11:56:56 +1100647QUIET, FATAL, ERROR, INFO, VERBOSE, DEBUG, DEBUG1, DEBUG2, and DEBUG3.
Damien Miller495dca32003-04-01 21:42:14 +1000648The default is INFO.
649DEBUG and DEBUG1 are equivalent.
650DEBUG2 and DEBUG3 each specify higher levels of debugging output.
651Logging with a DEBUG level violates the privacy of users and is not recommended.
Ben Lindstrom9f049032002-06-21 00:59:05 +0000652.It Cm MACs
653Specifies the available MAC (message authentication code) algorithms.
654The MAC algorithm is used in protocol version 2
655for data integrity protection.
656Multiple algorithms must be comma-separated.
Damien Miller5b0d63f2006-03-15 11:56:56 +1100657The default is:
Damien Miller22b7b492007-06-11 14:07:12 +1000658.Bd -literal -offset indent
659hmac-md5,hmac-sha1,umac-64@openssh.com,
Darren Tuckerecbf14a2012-07-02 18:53:37 +1000660hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,
661hmac-sha1-96,hmac-md5-96
Damien Miller22b7b492007-06-11 14:07:12 +1000662.Ed
Darren Tucker45150472006-07-12 22:34:17 +1000663.It Cm Match
Damien Millerd04f3572006-07-24 13:46:50 +1000664Introduces a conditional block.
Damien Miller8c234032006-07-24 14:05:08 +1000665If all of the criteria on the
Darren Tucker45150472006-07-12 22:34:17 +1000666.Cm Match
Damien Miller8c234032006-07-24 14:05:08 +1000667line are satisfied, the keywords on the following lines override those
668set in the global section of the config file, until either another
Darren Tucker45150472006-07-12 22:34:17 +1000669.Cm Match
Damien Miller8c234032006-07-24 14:05:08 +1000670line or the end of the file.
Darren Tucker7a3935d2008-06-10 22:59:10 +1000671.Pp
Damien Millerd04f3572006-07-24 13:46:50 +1000672The arguments to
Darren Tucker45150472006-07-12 22:34:17 +1000673.Cm Match
Damien Miller8c234032006-07-24 14:05:08 +1000674are one or more criteria-pattern pairs.
Darren Tucker45150472006-07-12 22:34:17 +1000675The available criteria are
676.Cm User ,
Damien Miller565ca3f2006-08-19 00:23:15 +1000677.Cm Group ,
Darren Tucker45150472006-07-12 22:34:17 +1000678.Cm Host ,
Darren Tuckerfbcf8272012-05-19 19:37:01 +1000679.Cm LocalAddress ,
680.Cm LocalPort ,
Darren Tucker45150472006-07-12 22:34:17 +1000681and
682.Cm Address .
Darren Tucker7a3935d2008-06-10 22:59:10 +1000683The match patterns may consist of single entries or comma-separated
684lists and may use the wildcard and negation operators described in the
Darren Tuckerb06cc4a2008-06-10 22:59:53 +1000685.Sx PATTERNS
Darren Tucker7a3935d2008-06-10 22:59:10 +1000686section of
Darren Tuckerb06cc4a2008-06-10 22:59:53 +1000687.Xr ssh_config 5 .
Darren Tucker7a3935d2008-06-10 22:59:10 +1000688.Pp
689The patterns in an
690.Cm Address
691criteria may additionally contain addresses to match in CIDR
Darren Tucker6a2a4002008-06-10 23:03:04 +1000692address/masklen format, e.g.\&
Darren Tucker7a3935d2008-06-10 22:59:10 +1000693.Dq 192.0.2.0/24
694or
695.Dq 3ffe:ffff::/32 .
696Note that the mask length provided must be consistent with the address -
697it is an error to specify a mask length that is too long for the address
Darren Tucker6a2a4002008-06-10 23:03:04 +1000698or one with bits set in this host portion of the address.
699For example,
Darren Tucker7a3935d2008-06-10 22:59:10 +1000700.Dq 192.0.2.0/33
701and
Darren Tucker6a2a4002008-06-10 23:03:04 +1000702.Dq 192.0.2.0/8
Darren Tucker7a3935d2008-06-10 22:59:10 +1000703respectively.
704.Pp
Darren Tucker45150472006-07-12 22:34:17 +1000705Only a subset of keywords may be used on the lines following a
706.Cm Match
707keyword.
708Available keywords are
Damien Millerf8268502012-06-20 21:54:15 +1000709.Cm AcceptEnv ,
Damien Miller17819012009-01-28 16:20:17 +1100710.Cm AllowAgentForwarding ,
Damien Millerf8268502012-06-20 21:54:15 +1000711.Cm AllowGroups ,
Damien Miller9b439df2006-07-24 14:04:00 +1000712.Cm AllowTcpForwarding ,
Damien Millerc24da772012-06-20 21:53:58 +1000713.Cm AllowUsers ,
Damien Millerab6de352010-06-26 09:38:45 +1000714.Cm AuthorizedKeysFile ,
715.Cm AuthorizedPrincipalsFile ,
Darren Tucker1629c072007-02-19 22:25:37 +1100716.Cm Banner ,
Damien Miller797e3d12008-05-19 14:27:42 +1000717.Cm ChrootDirectory ,
Damien Millerc24da772012-06-20 21:53:58 +1000718.Cm DenyGroups ,
719.Cm DenyUsers ,
Damien Millere2754432006-07-24 14:06:47 +1000720.Cm ForceCommand ,
Damien Millerc24da772012-06-20 21:53:58 +1000721.Cm GatewayPorts ,
Damien Millerf8268502012-06-20 21:54:15 +1000722.Cm GSSAPIAuthentication ,
Damien Miller25434de2008-05-19 14:29:08 +1000723.Cm HostbasedAuthentication ,
Damien Millerab6de352010-06-26 09:38:45 +1000724.Cm HostbasedUsesNameFromPacketOnly ,
Darren Tucker1d75f222007-03-01 21:31:28 +1100725.Cm KbdInteractiveAuthentication ,
Damien Miller5737e362007-03-06 21:21:18 +1100726.Cm KerberosAuthentication ,
Damien Miller307c1d12008-06-16 07:56:20 +1000727.Cm MaxAuthTries ,
Damien Millerc62a5af2008-06-16 07:55:46 +1000728.Cm MaxSessions ,
Darren Tucker1629c072007-02-19 22:25:37 +1100729.Cm PasswordAuthentication ,
Damien Miller51bde602008-11-03 19:23:10 +1100730.Cm PermitEmptyPasswords ,
Damien Millerd1de9952006-07-24 14:05:48 +1000731.Cm PermitOpen ,
Darren Tucker15f94272008-01-01 20:36:56 +1100732.Cm PermitRootLogin ,
Damien Millerab6de352010-06-26 09:38:45 +1000733.Cm PermitTunnel ,
Darren Tucker1477ea12009-10-07 08:36:05 +1100734.Cm PubkeyAuthentication ,
Damien Millerc24da772012-06-20 21:53:58 +1000735.Cm RhostsRSAAuthentication ,
Damien Millerf8268502012-06-20 21:54:15 +1000736.Cm RSAAuthentication ,
Damien Millerd1de9952006-07-24 14:05:48 +1000737.Cm X11DisplayOffset ,
Damien Miller19913842009-02-23 10:53:58 +1100738.Cm X11Forwarding
Darren Tucker45150472006-07-12 22:34:17 +1000739and
Damien Miller0296ae82009-02-23 11:00:24 +1100740.Cm X11UseLocalHost .
Darren Tucker89413db2004-05-24 10:36:23 +1000741.It Cm MaxAuthTries
742Specifies the maximum number of authentication attempts permitted per
Damien Miller26213e52004-06-30 22:39:34 +1000743connection.
744Once the number of failures reaches half this value,
745additional failures are logged.
746The default is 6.
Damien Miller7207f642008-05-19 15:34:50 +1000747.It Cm MaxSessions
748Specifies the maximum number of open sessions permitted per network connection.
749The default is 10.
Ben Lindstrom9f049032002-06-21 00:59:05 +0000750.It Cm MaxStartups
751Specifies the maximum number of concurrent unauthenticated connections to the
Damien Miller5b0d63f2006-03-15 11:56:56 +1100752SSH daemon.
Ben Lindstrom9f049032002-06-21 00:59:05 +0000753Additional connections will be dropped until authentication succeeds or the
754.Cm LoginGraceTime
755expires for a connection.
756The default is 10.
757.Pp
758Alternatively, random early drop can be enabled by specifying
759the three colon separated values
760.Dq start:rate:full
Damien Miller208f1ed2006-03-15 11:56:03 +1100761(e.g. "10:30:60").
Damien Millerf4f22b52006-03-15 11:57:25 +1100762.Xr sshd 8
Ben Lindstrom9f049032002-06-21 00:59:05 +0000763will refuse connection attempts with a probability of
764.Dq rate/100
765(30%)
766if there are currently
767.Dq start
768(10)
769unauthenticated connections.
770The probability increases linearly and all connection attempts
771are refused if the number of unauthenticated connections reaches
772.Dq full
773(60).
774.It Cm PasswordAuthentication
775Specifies whether password authentication is allowed.
776The default is
777.Dq yes .
778.It Cm PermitEmptyPasswords
779When password authentication is allowed, it specifies whether the
780server allows login to accounts with empty password strings.
781The default is
782.Dq no .
Damien Miller9b439df2006-07-24 14:04:00 +1000783.It Cm PermitOpen
784Specifies the destinations to which TCP port forwarding is permitted.
785The forwarding specification must be one of the following forms:
786.Pp
787.Bl -item -offset indent -compact
788.It
789.Cm PermitOpen
790.Sm off
791.Ar host : port
792.Sm on
793.It
794.Cm PermitOpen
795.Sm off
796.Ar IPv4_addr : port
797.Sm on
798.It
799.Cm PermitOpen
800.Sm off
801.Ar \&[ IPv6_addr \&] : port
802.Sm on
803.El
804.Pp
Damien Millera765cf42006-07-24 14:08:13 +1000805Multiple forwards may be specified by separating them with whitespace.
Damien Miller9b439df2006-07-24 14:04:00 +1000806An argument of
807.Dq any
808can be used to remove all restrictions and permit any forwarding requests.
Darren Tuckerba9ea322012-05-19 19:37:33 +1000809An argument of
810.Dq none
811can be used to prohibit all forwarding requests.
Damien Miller65bc2c42006-07-24 14:04:16 +1000812By default all port forwarding requests are permitted.
Ben Lindstrom9f049032002-06-21 00:59:05 +0000813.It Cm PermitRootLogin
Darren Tuckerb3509012005-01-20 11:01:46 +1100814Specifies whether root can log in using
Ben Lindstrom9f049032002-06-21 00:59:05 +0000815.Xr ssh 1 .
816The argument must be
817.Dq yes ,
818.Dq without-password ,
Damien Miller5b0d63f2006-03-15 11:56:56 +1100819.Dq forced-commands-only ,
Ben Lindstrom9f049032002-06-21 00:59:05 +0000820or
821.Dq no .
822The default is
823.Dq yes .
824.Pp
825If this option is set to
Damien Miller5b0d63f2006-03-15 11:56:56 +1100826.Dq without-password ,
Darren Tucker9dca0992005-02-01 19:16:45 +1100827password authentication is disabled for root.
Ben Lindstrom9f049032002-06-21 00:59:05 +0000828.Pp
829If this option is set to
Damien Miller5b0d63f2006-03-15 11:56:56 +1100830.Dq forced-commands-only ,
Ben Lindstrom9f049032002-06-21 00:59:05 +0000831root login with public key authentication will be allowed,
832but only if the
833.Ar command
834option has been specified
835(which may be useful for taking remote backups even if root login is
Damien Millerfbf486b2003-05-23 18:44:23 +1000836normally not allowed).
837All other authentication methods are disabled for root.
Ben Lindstrom9f049032002-06-21 00:59:05 +0000838.Pp
839If this option is set to
Damien Miller5b0d63f2006-03-15 11:56:56 +1100840.Dq no ,
Darren Tuckerb3509012005-01-20 11:01:46 +1100841root is not allowed to log in.
Damien Millerd27b9472005-12-13 19:29:02 +1100842.It Cm PermitTunnel
843Specifies whether
844.Xr tun 4
845device forwarding is allowed.
Damien Miller7b58e802005-12-13 19:33:19 +1100846The argument must be
847.Dq yes ,
Damien Miller991dba42006-07-10 20:16:27 +1000848.Dq point-to-point
849(layer 3),
850.Dq ethernet
851(layer 2), or
Damien Miller7b58e802005-12-13 19:33:19 +1100852.Dq no .
Damien Miller991dba42006-07-10 20:16:27 +1000853Specifying
854.Dq yes
855permits both
856.Dq point-to-point
857and
858.Dq ethernet .
Damien Millerd27b9472005-12-13 19:29:02 +1100859The default is
860.Dq no .
Ben Lindstrom5d860f02002-08-01 01:28:38 +0000861.It Cm PermitUserEnvironment
862Specifies whether
863.Pa ~/.ssh/environment
Ben Lindstrombd9bf382002-08-20 18:54:20 +0000864and
Ben Lindstrom5d860f02002-08-01 01:28:38 +0000865.Cm environment=
866options in
867.Pa ~/.ssh/authorized_keys
Ben Lindstrombd9bf382002-08-20 18:54:20 +0000868are processed by
Damien Miller5b0d63f2006-03-15 11:56:56 +1100869.Xr sshd 8 .
Ben Lindstrom5d860f02002-08-01 01:28:38 +0000870The default is
871.Dq no .
Ben Lindstrombd9bf382002-08-20 18:54:20 +0000872Enabling environment processing may enable users to bypass access
873restrictions in some configurations using mechanisms such as
874.Ev LD_PRELOAD .
Ben Lindstrom9f049032002-06-21 00:59:05 +0000875.It Cm PidFile
Ben Lindstrom959de992002-06-23 00:35:25 +0000876Specifies the file that contains the process ID of the
Damien Millerf4f22b52006-03-15 11:57:25 +1100877SSH daemon.
Ben Lindstrom9f049032002-06-21 00:59:05 +0000878The default is
879.Pa /var/run/sshd.pid .
880.It Cm Port
881Specifies the port number that
Damien Miller5b0d63f2006-03-15 11:56:56 +1100882.Xr sshd 8
Ben Lindstrom9f049032002-06-21 00:59:05 +0000883listens on.
884The default is 22.
885Multiple options of this type are permitted.
886See also
887.Cm ListenAddress .
888.It Cm PrintLastLog
889Specifies whether
Damien Miller5b0d63f2006-03-15 11:56:56 +1100890.Xr sshd 8
Darren Tucker7cc5c232004-11-05 20:06:59 +1100891should print the date and time of the last user login when a user logs
892in interactively.
Ben Lindstrom9f049032002-06-21 00:59:05 +0000893The default is
894.Dq yes .
895.It Cm PrintMotd
896Specifies whether
Damien Miller5b0d63f2006-03-15 11:56:56 +1100897.Xr sshd 8
Ben Lindstrom9f049032002-06-21 00:59:05 +0000898should print
899.Pa /etc/motd
900when a user logs in interactively.
901(On some systems it is also printed by the shell,
902.Pa /etc/profile ,
903or equivalent.)
904The default is
905.Dq yes .
906.It Cm Protocol
907Specifies the protocol versions
Damien Miller5b0d63f2006-03-15 11:56:56 +1100908.Xr sshd 8
Ben Lindstrom9c445542002-07-11 03:59:18 +0000909supports.
Ben Lindstrom9f049032002-06-21 00:59:05 +0000910The possible values are
Damien Miller5b0d63f2006-03-15 11:56:56 +1100911.Sq 1
Ben Lindstrom9f049032002-06-21 00:59:05 +0000912and
Damien Miller5b0d63f2006-03-15 11:56:56 +1100913.Sq 2 .
Ben Lindstrom9f049032002-06-21 00:59:05 +0000914Multiple versions must be comma-separated.
915The default is
Darren Tucker7a4a7652009-10-11 21:51:40 +1100916.Sq 2 .
Ben Lindstrom9c445542002-07-11 03:59:18 +0000917Note that the order of the protocol list does not indicate preference,
918because the client selects among multiple protocol versions offered
919by the server.
920Specifying
921.Dq 2,1
922is identical to
923.Dq 1,2 .
Ben Lindstrom9f049032002-06-21 00:59:05 +0000924.It Cm PubkeyAuthentication
925Specifies whether public key authentication is allowed.
926The default is
927.Dq yes .
928Note that this option applies to protocol version 2 only.
Damien Miller1aed65e2010-03-04 21:53:35 +1100929.It Cm RevokedKeys
930Specifies a list of revoked public keys.
931Keys listed in this file will be refused for public key authentication.
932Note that if this file is not readable, then public key authentication will
933be refused for all users.
Ben Lindstrom9f049032002-06-21 00:59:05 +0000934.It Cm RhostsRSAAuthentication
935Specifies whether rhosts or /etc/hosts.equiv authentication together
936with successful RSA host authentication is allowed.
937The default is
938.Dq no .
939This option applies to protocol version 1 only.
940.It Cm RSAAuthentication
941Specifies whether pure RSA authentication is allowed.
942The default is
943.Dq yes .
944This option applies to protocol version 1 only.
945.It Cm ServerKeyBits
946Defines the number of bits in the ephemeral protocol version 1 server key.
Darren Tucker7499b0c2008-07-02 22:35:43 +1000947The minimum value is 512, and the default is 1024.
Ben Lindstrom9f049032002-06-21 00:59:05 +0000948.It Cm StrictModes
949Specifies whether
Damien Miller5b0d63f2006-03-15 11:56:56 +1100950.Xr sshd 8
Ben Lindstrom9f049032002-06-21 00:59:05 +0000951should check file modes and ownership of the
952user's files and home directory before accepting login.
953This is normally desirable because novices sometimes accidentally leave their
954directory or files world-writable.
955The default is
956.Dq yes .
Darren Tuckerf788a912010-01-08 17:06:47 +1100957Note that this does not apply to
958.Cm ChrootDirectory ,
959whose permissions and ownership are checked unconditionally.
Ben Lindstrom9f049032002-06-21 00:59:05 +0000960.It Cm Subsystem
Damien Miller208f1ed2006-03-15 11:56:03 +1100961Configures an external subsystem (e.g. file transfer daemon).
Damien Miller917f9b62006-07-10 20:36:47 +1000962Arguments should be a subsystem name and a command (with optional arguments)
963to execute upon subsystem request.
Damien Millerd8cb1f12008-02-10 22:40:12 +1100964.Pp
Ben Lindstrom9f049032002-06-21 00:59:05 +0000965The command
966.Xr sftp-server 8
967implements the
968.Dq sftp
969file transfer subsystem.
Damien Millerd8cb1f12008-02-10 22:40:12 +1100970.Pp
971Alternately the name
972.Dq internal-sftp
973implements an in-process
974.Dq sftp
975server.
976This may simplify configurations using
977.Cm ChrootDirectory
978to force a different filesystem root on clients.
979.Pp
Ben Lindstrom9f049032002-06-21 00:59:05 +0000980By default no subsystems are defined.
981Note that this option applies to protocol version 2 only.
982.It Cm SyslogFacility
983Gives the facility code that is used when logging messages from
Damien Millerf4f22b52006-03-15 11:57:25 +1100984.Xr sshd 8 .
Ben Lindstrom9f049032002-06-21 00:59:05 +0000985The possible values are: DAEMON, USER, AUTH, LOCAL0, LOCAL1, LOCAL2,
986LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7.
987The default is AUTH.
Damien Miller12c150e2003-12-17 16:31:10 +1100988.It Cm TCPKeepAlive
989Specifies whether the system should send TCP keepalive messages to the
990other side.
991If they are sent, death of the connection or crash of one
992of the machines will be properly noticed.
993However, this means that
994connections will die if the route is down temporarily, and some people
995find it annoying.
996On the other hand, if TCP keepalives are not sent,
997sessions may hang indefinitely on the server, leaving
998.Dq ghost
999users and consuming server resources.
1000.Pp
1001The default is
1002.Dq yes
1003(to send TCP keepalive messages), and the server will notice
1004if the network goes down or the client host crashes.
1005This avoids infinitely hanging sessions.
1006.Pp
1007To disable TCP keepalive messages, the value should be set to
1008.Dq no .
Damien Miller1aed65e2010-03-04 21:53:35 +11001009.It Cm TrustedUserCAKeys
1010Specifies a file containing public keys of certificate authorities that are
Damien Millerc6db99e2010-03-05 10:41:45 +11001011trusted to sign user certificates for authentication.
Damien Miller72b33822010-03-05 07:39:01 +11001012Keys are listed one per line; empty lines and comments starting with
Damien Miller1aed65e2010-03-04 21:53:35 +11001013.Ql #
1014are allowed.
1015If a certificate is presented for authentication and has its signing CA key
1016listed in this file, then it may be used for authentication for any user
1017listed in the certificate's principals list.
1018Note that certificates that lack a list of principals will not be permitted
1019for authentication using
1020.Cm TrustedUserCAKeys .
Damien Miller72b33822010-03-05 07:39:01 +11001021For more details on certificates, see the
Damien Miller1aed65e2010-03-04 21:53:35 +11001022.Sx CERTIFICATES
1023section in
1024.Xr ssh-keygen 1 .
Damien Miller3a961dc2003-06-03 10:25:48 +10001025.It Cm UseDNS
1026Specifies whether
Damien Miller5b0d63f2006-03-15 11:56:56 +11001027.Xr sshd 8
Darren Tucker83d5a982005-03-31 21:33:50 +10001028should look up the remote host name and check that
Damien Miller3a961dc2003-06-03 10:25:48 +10001029the resolved host name for the remote IP address maps back to the
1030very same IP address.
1031The default is
1032.Dq yes .
Ben Lindstrom9f049032002-06-21 00:59:05 +00001033.It Cm UseLogin
1034Specifies whether
1035.Xr login 1
1036is used for interactive login sessions.
1037The default is
1038.Dq no .
1039Note that
1040.Xr login 1
1041is never used for remote command execution.
1042Note also, that if this is enabled,
1043.Cm X11Forwarding
1044will be disabled because
1045.Xr login 1
1046does not know how to handle
1047.Xr xauth 1
Damien Miller495dca32003-04-01 21:42:14 +10001048cookies.
1049If
Ben Lindstrom9f049032002-06-21 00:59:05 +00001050.Cm UsePrivilegeSeparation
1051is specified, it will be disabled after authentication.
Damien Miller2e193e22003-05-14 15:13:03 +10001052.It Cm UsePAM
Darren Tucker1dcff9a2004-05-13 16:51:40 +10001053Enables the Pluggable Authentication Module interface.
1054If set to
1055.Dq yes
1056this will enable PAM authentication using
1057.Cm ChallengeResponseAuthentication
Darren Tuckera4904f72006-02-23 21:35:30 +11001058and
1059.Cm PasswordAuthentication
1060in addition to PAM account and session module processing for all
1061authentication types.
Darren Tucker1dcff9a2004-05-13 16:51:40 +10001062.Pp
1063Because PAM challenge-response authentication usually serves an equivalent
1064role to password authentication, you should disable either
1065.Cm PasswordAuthentication
1066or
1067.Cm ChallengeResponseAuthentication.
1068.Pp
1069If
1070.Cm UsePAM
1071is enabled, you will not be able to run
1072.Xr sshd 8
1073as a non-root user.
1074The default is
Darren Tucker6c0c0702003-10-09 14:13:53 +10001075.Dq no .
Ben Lindstrom9f049032002-06-21 00:59:05 +00001076.It Cm UsePrivilegeSeparation
1077Specifies whether
Damien Miller5b0d63f2006-03-15 11:56:56 +11001078.Xr sshd 8
Ben Lindstrom9f049032002-06-21 00:59:05 +00001079separates privileges by creating an unprivileged child process
Damien Miller495dca32003-04-01 21:42:14 +10001080to deal with incoming network traffic.
1081After successful authentication, another process will be created that has
1082the privilege of the authenticated user.
1083The goal of privilege separation is to prevent privilege
Ben Lindstrom9f049032002-06-21 00:59:05 +00001084escalation by containing any corruption within the unprivileged processes.
1085The default is
1086.Dq yes .
Damien Miller69ff1df2011-06-23 08:30:03 +10001087If
1088.Cm UsePrivilegeSeparation
1089is set to
1090.Dq sandbox
1091then the pre-authentication unprivileged process is subject to additional
1092restrictions.
Damien Miller23528812012-04-22 11:24:43 +10001093.It Cm VersionAddendum
1094Optionally specifies additional text to append to the SSH protocol banner
1095sent by the server upon connection.
1096The default is
1097.Dq none .
Ben Lindstrom9f049032002-06-21 00:59:05 +00001098.It Cm X11DisplayOffset
1099Specifies the first display number available for
Damien Miller5b0d63f2006-03-15 11:56:56 +11001100.Xr sshd 8 Ns 's
Ben Lindstrom9f049032002-06-21 00:59:05 +00001101X11 forwarding.
Damien Miller5b0d63f2006-03-15 11:56:56 +11001102This prevents sshd from interfering with real X11 servers.
Ben Lindstrom9f049032002-06-21 00:59:05 +00001103The default is 10.
1104.It Cm X11Forwarding
1105Specifies whether X11 forwarding is permitted.
Damien Miller101c4a72002-09-19 11:51:21 +10001106The argument must be
1107.Dq yes
1108or
1109.Dq no .
Ben Lindstrom9f049032002-06-21 00:59:05 +00001110The default is
1111.Dq no .
Damien Miller101c4a72002-09-19 11:51:21 +10001112.Pp
1113When X11 forwarding is enabled, there may be additional exposure to
1114the server and to client displays if the
Damien Miller5b0d63f2006-03-15 11:56:56 +11001115.Xr sshd 8
Damien Miller101c4a72002-09-19 11:51:21 +10001116proxy display is configured to listen on the wildcard address (see
1117.Cm X11UseLocalhost
Damien Miller5b0d63f2006-03-15 11:56:56 +11001118below), though this is not the default.
Damien Miller101c4a72002-09-19 11:51:21 +10001119Additionally, the authentication spoofing and authentication data
1120verification and substitution occur on the client side.
1121The security risk of using X11 forwarding is that the client's X11
Damien Miller5b0d63f2006-03-15 11:56:56 +11001122display server may be exposed to attack when the SSH client requests
Damien Miller101c4a72002-09-19 11:51:21 +10001123forwarding (see the warnings for
1124.Cm ForwardX11
1125in
Damien Millerf1ce5052003-06-11 22:04:39 +10001126.Xr ssh_config 5 ) .
Damien Miller101c4a72002-09-19 11:51:21 +10001127A system administrator may have a stance in which they want to
1128protect clients that may expose themselves to attack by unwittingly
1129requesting X11 forwarding, which can warrant a
1130.Dq no
1131setting.
1132.Pp
1133Note that disabling X11 forwarding does not prevent users from
1134forwarding X11 traffic, as users can always install their own forwarders.
Ben Lindstrom9f049032002-06-21 00:59:05 +00001135X11 forwarding is automatically disabled if
1136.Cm UseLogin
1137is enabled.
1138.It Cm X11UseLocalhost
1139Specifies whether
Damien Miller5b0d63f2006-03-15 11:56:56 +11001140.Xr sshd 8
Ben Lindstrom9f049032002-06-21 00:59:05 +00001141should bind the X11 forwarding server to the loopback address or to
Damien Miller495dca32003-04-01 21:42:14 +10001142the wildcard address.
1143By default,
Damien Miller5b0d63f2006-03-15 11:56:56 +11001144sshd binds the forwarding server to the loopback address and sets the
Ben Lindstrom9f049032002-06-21 00:59:05 +00001145hostname part of the
1146.Ev DISPLAY
1147environment variable to
1148.Dq localhost .
Ben Lindstrom15b61202002-08-20 18:44:24 +00001149This prevents remote hosts from connecting to the proxy display.
Ben Lindstrom9f049032002-06-21 00:59:05 +00001150However, some older X11 clients may not function with this
1151configuration.
1152.Cm X11UseLocalhost
1153may be set to
1154.Dq no
1155to specify that the forwarding server should be bound to the wildcard
1156address.
1157The argument must be
1158.Dq yes
1159or
1160.Dq no .
1161The default is
1162.Dq yes .
1163.It Cm XAuthLocation
Damien Miller05913ba2002-09-04 16:51:03 +10001164Specifies the full pathname of the
Ben Lindstrom9f049032002-06-21 00:59:05 +00001165.Xr xauth 1
1166program.
1167The default is
1168.Pa /usr/X11R6/bin/xauth .
1169.El
Damien Millere3beba22006-03-15 11:59:25 +11001170.Sh TIME FORMATS
Damien Millerf4f22b52006-03-15 11:57:25 +11001171.Xr sshd 8
Ben Lindstrom9f049032002-06-21 00:59:05 +00001172command-line arguments and configuration file options that specify time
1173may be expressed using a sequence of the form:
1174.Sm off
Ben Lindstrom1f8cf4f2002-08-20 18:43:27 +00001175.Ar time Op Ar qualifier ,
Ben Lindstrom9f049032002-06-21 00:59:05 +00001176.Sm on
1177where
1178.Ar time
1179is a positive integer value and
1180.Ar qualifier
1181is one of the following:
1182.Pp
1183.Bl -tag -width Ds -compact -offset indent
Damien Miller393821a2006-07-24 14:04:53 +10001184.It Aq Cm none
Ben Lindstrom9f049032002-06-21 00:59:05 +00001185seconds
1186.It Cm s | Cm S
1187seconds
1188.It Cm m | Cm M
1189minutes
1190.It Cm h | Cm H
1191hours
1192.It Cm d | Cm D
1193days
1194.It Cm w | Cm W
1195weeks
1196.El
1197.Pp
1198Each member of the sequence is added together to calculate
1199the total time value.
1200.Pp
1201Time format examples:
1202.Pp
1203.Bl -tag -width Ds -compact -offset indent
1204.It 600
1205600 seconds (10 minutes)
1206.It 10m
120710 minutes
1208.It 1h30m
12091 hour 30 minutes (90 minutes)
1210.El
1211.Sh FILES
1212.Bl -tag -width Ds
1213.It Pa /etc/ssh/sshd_config
1214Contains configuration data for
Damien Millerf4f22b52006-03-15 11:57:25 +11001215.Xr sshd 8 .
Ben Lindstrom9f049032002-06-21 00:59:05 +00001216This file should be writable by root only, but it is recommended
1217(though not necessary) that it be world-readable.
1218.El
Damien Millerf1ce5052003-06-11 22:04:39 +10001219.Sh SEE ALSO
1220.Xr sshd 8
Ben Lindstrom9f049032002-06-21 00:59:05 +00001221.Sh AUTHORS
1222OpenSSH is a derivative of the original and free
1223ssh 1.2.12 release by Tatu Ylonen.
1224Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos,
1225Theo de Raadt and Dug Song
1226removed many bugs, re-added newer features and
1227created OpenSSH.
1228Markus Friedl contributed the support for SSH
1229protocol versions 1.5 and 2.0.
1230Niels Provos and Markus Friedl contributed support
1231for privilege separation.