blob: 6f38a260aa4e075b5d74bb9de4366f86b2a068b0 [file] [log] [blame]
Ben Lindstrom9f049032002-06-21 00:59:05 +00001.\" -*- nroff -*-
2.\"
3.\" Author: Tatu Ylonen <ylo@cs.hut.fi>
4.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
5.\" All rights reserved
6.\"
7.\" As far as I am concerned, the code I have written for this software
8.\" can be used freely for any purpose. Any derived versions of this
9.\" software must be clearly marked as such, and if the derived work is
10.\" incompatible with the protocol description in the RFC file, it must be
11.\" called by a name other than "ssh" or "Secure Shell".
12.\"
13.\" Copyright (c) 1999,2000 Markus Friedl. All rights reserved.
14.\" Copyright (c) 1999 Aaron Campbell. All rights reserved.
15.\" Copyright (c) 1999 Theo de Raadt. All rights reserved.
16.\"
17.\" Redistribution and use in source and binary forms, with or without
18.\" modification, are permitted provided that the following conditions
19.\" are met:
20.\" 1. Redistributions of source code must retain the above copyright
21.\" notice, this list of conditions and the following disclaimer.
22.\" 2. Redistributions in binary form must reproduce the above copyright
23.\" notice, this list of conditions and the following disclaimer in the
24.\" documentation and/or other materials provided with the distribution.
25.\"
26.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
27.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
28.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
29.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
30.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
31.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
32.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
33.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
34.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
35.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
36.\"
Damien Miller495dca32003-04-01 21:42:14 +100037.\" $OpenBSD: sshd_config.5,v 1.15 2003/03/28 10:11:43 jmc Exp $
Ben Lindstrom9f049032002-06-21 00:59:05 +000038.Dd September 25, 1999
39.Dt SSHD_CONFIG 5
40.Os
41.Sh NAME
42.Nm sshd_config
43.Nd OpenSSH SSH daemon configuration file
44.Sh SYNOPSIS
45.Bl -tag -width Ds -compact
46.It Pa /etc/ssh/sshd_config
47.El
48.Sh DESCRIPTION
49.Nm sshd
50reads configuration data from
51.Pa /etc/ssh/sshd_config
52(or the file specified with
53.Fl f
54on the command line).
55The file contains keyword-argument pairs, one per line.
56Lines starting with
57.Ql #
58and empty lines are interpreted as comments.
59.Pp
60The possible
61keywords and their meanings are as follows (note that
62keywords are case-insensitive and arguments are case-sensitive):
63.Bl -tag -width Ds
64.It Cm AFSTokenPassing
65Specifies whether an AFS token may be forwarded to the server.
66Default is
67.Dq no .
68.It Cm AllowGroups
69This keyword can be followed by a list of group name patterns, separated
70by spaces.
71If specified, login is allowed only for users whose primary
72group or supplementary group list matches one of the patterns.
73.Ql \&*
74and
75.Ql ?
76can be used as
77wildcards in the patterns.
78Only group names are valid; a numerical group ID is not recognized.
79By default, login is allowed for all groups.
80.Pp
81.It Cm AllowTcpForwarding
82Specifies whether TCP forwarding is permitted.
83The default is
84.Dq yes .
85Note that disabling TCP forwarding does not improve security unless
86users are also denied shell access, as they can always install their
87own forwarders.
88.Pp
89.It Cm AllowUsers
90This keyword can be followed by a list of user name patterns, separated
91by spaces.
Damien Miller5a93add2003-01-24 11:34:52 +110092If specified, login is allowed only for user names that
Ben Lindstrom9f049032002-06-21 00:59:05 +000093match one of the patterns.
94.Ql \&*
95and
96.Ql ?
97can be used as
98wildcards in the patterns.
99Only user names are valid; a numerical user ID is not recognized.
100By default, login is allowed for all users.
101If the pattern takes the form USER@HOST then USER and HOST
102are separately checked, restricting logins to particular
103users from particular hosts.
104.Pp
105.It Cm AuthorizedKeysFile
106Specifies the file that contains the public keys that can be used
107for user authentication.
108.Cm AuthorizedKeysFile
109may contain tokens of the form %T which are substituted during connection
110set-up. The following tokens are defined: %% is replaced by a literal '%',
111%h is replaced by the home directory of the user being authenticated and
112%u is replaced by the username of that user.
113After expansion,
114.Cm AuthorizedKeysFile
115is taken to be an absolute path or one relative to the user's home
116directory.
117The default is
118.Dq .ssh/authorized_keys .
119.It Cm Banner
120In some jurisdictions, sending a warning message before authentication
121may be relevant for getting legal protection.
122The contents of the specified file are sent to the remote user before
123authentication is allowed.
124This option is only available for protocol version 2.
125By default, no banner is displayed.
126.Pp
127.It Cm ChallengeResponseAuthentication
128Specifies whether challenge response authentication is allowed.
129All authentication styles from
130.Xr login.conf 5
131are supported.
132The default is
133.Dq yes .
134.It Cm Ciphers
135Specifies the ciphers allowed for protocol version 2.
136Multiple ciphers must be comma-separated.
137The default is
138.Pp
139.Bd -literal
140 ``aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,
141 aes192-cbc,aes256-cbc''
142.Ed
143.It Cm ClientAliveInterval
144Sets a timeout interval in seconds after which if no data has been received
145from the client,
146.Nm sshd
147will send a message through the encrypted
148channel to request a response from the client.
149The default
150is 0, indicating that these messages will not be sent to the client.
151This option applies to protocol version 2 only.
152.It Cm ClientAliveCountMax
153Sets the number of client alive messages (see above) which may be
154sent without
155.Nm sshd
156receiving any messages back from the client. If this threshold is
157reached while client alive messages are being sent,
158.Nm sshd
159will disconnect the client, terminating the session. It is important
160to note that the use of client alive messages is very different from
161.Cm KeepAlive
162(below). The client alive messages are sent through the
163encrypted channel and therefore will not be spoofable. The TCP keepalive
164option enabled by
165.Cm KeepAlive
166is spoofable. The client alive mechanism is valuable when the client or
167server depend on knowing when a connection has become inactive.
168.Pp
169The default value is 3. If
170.Cm ClientAliveInterval
171(above) is set to 15, and
172.Cm ClientAliveCountMax
173is left at the default, unresponsive ssh clients
174will be disconnected after approximately 45 seconds.
175.It Cm Compression
176Specifies whether compression is allowed.
177The argument must be
178.Dq yes
179or
180.Dq no .
181The default is
182.Dq yes .
183.It Cm DenyGroups
184This keyword can be followed by a list of group name patterns, separated
185by spaces.
186Login is disallowed for users whose primary group or supplementary
187group list matches one of the patterns.
188.Ql \&*
189and
190.Ql ?
191can be used as
192wildcards in the patterns.
193Only group names are valid; a numerical group ID is not recognized.
194By default, login is allowed for all groups.
195.Pp
196.It Cm DenyUsers
197This keyword can be followed by a list of user name patterns, separated
198by spaces.
199Login is disallowed for user names that match one of the patterns.
200.Ql \&*
201and
202.Ql ?
203can be used as wildcards in the patterns.
204Only user names are valid; a numerical user ID is not recognized.
205By default, login is allowed for all users.
206If the pattern takes the form USER@HOST then USER and HOST
207are separately checked, restricting logins to particular
208users from particular hosts.
209.It Cm GatewayPorts
210Specifies whether remote hosts are allowed to connect to ports
211forwarded for the client.
212By default,
213.Nm sshd
Damien Miller495dca32003-04-01 21:42:14 +1000214binds remote port forwardings to the loopback address.
215This prevents other remote hosts from connecting to forwarded ports.
Ben Lindstrom9f049032002-06-21 00:59:05 +0000216.Cm GatewayPorts
217can be used to specify that
218.Nm sshd
219should bind remote port forwardings to the wildcard address,
220thus allowing remote hosts to connect to forwarded ports.
221The argument must be
222.Dq yes
223or
224.Dq no .
225The default is
226.Dq no .
227.It Cm HostbasedAuthentication
228Specifies whether rhosts or /etc/hosts.equiv authentication together
229with successful public key client host authentication is allowed
230(hostbased authentication).
231This option is similar to
232.Cm RhostsRSAAuthentication
233and applies to protocol version 2 only.
234The default is
235.Dq no .
236.It Cm HostKey
237Specifies a file containing a private host key
238used by SSH.
239The default is
240.Pa /etc/ssh/ssh_host_key
241for protocol version 1, and
242.Pa /etc/ssh/ssh_host_rsa_key
243and
244.Pa /etc/ssh/ssh_host_dsa_key
245for protocol version 2.
246Note that
247.Nm sshd
248will refuse to use a file if it is group/world-accessible.
249It is possible to have multiple host key files.
250.Dq rsa1
251keys are used for version 1 and
252.Dq dsa
253or
254.Dq rsa
255are used for version 2 of the SSH protocol.
256.It Cm IgnoreRhosts
257Specifies that
258.Pa .rhosts
259and
260.Pa .shosts
261files will not be used in
262.Cm RhostsAuthentication ,
263.Cm RhostsRSAAuthentication
264or
265.Cm HostbasedAuthentication .
266.Pp
267.Pa /etc/hosts.equiv
268and
269.Pa /etc/shosts.equiv
270are still used.
271The default is
272.Dq yes .
273.It Cm IgnoreUserKnownHosts
274Specifies whether
275.Nm sshd
276should ignore the user's
277.Pa $HOME/.ssh/known_hosts
278during
279.Cm RhostsRSAAuthentication
280or
281.Cm HostbasedAuthentication .
282The default is
283.Dq no .
284.It Cm KeepAlive
285Specifies whether the system should send TCP keepalive messages to the
286other side.
287If they are sent, death of the connection or crash of one
288of the machines will be properly noticed.
289However, this means that
290connections will die if the route is down temporarily, and some people
291find it annoying.
292On the other hand, if keepalives are not sent,
293sessions may hang indefinitely on the server, leaving
294.Dq ghost
295users and consuming server resources.
296.Pp
297The default is
298.Dq yes
299(to send keepalives), and the server will notice
300if the network goes down or the client host crashes.
301This avoids infinitely hanging sessions.
302.Pp
303To disable keepalives, the value should be set to
304.Dq no .
305.It Cm KerberosAuthentication
306Specifies whether Kerberos authentication is allowed.
307This can be in the form of a Kerberos ticket, or if
Ben Lindstrom9f049032002-06-21 00:59:05 +0000308.Cm PasswordAuthentication
309is yes, the password provided by the user will be validated through
310the Kerberos KDC.
311To use this option, the server needs a
312Kerberos servtab which allows the verification of the KDC's identity.
313Default is
314.Dq no .
315.It Cm KerberosOrLocalPasswd
316If set then if password authentication through Kerberos fails then
317the password will be validated via any additional local mechanism
318such as
319.Pa /etc/passwd .
320Default is
321.Dq yes .
322.It Cm KerberosTgtPassing
323Specifies whether a Kerberos TGT may be forwarded to the server.
324Default is
325.Dq no ,
326as this only works when the Kerberos KDC is actually an AFS kaserver.
327.It Cm KerberosTicketCleanup
328Specifies whether to automatically destroy the user's ticket cache
329file on logout.
330Default is
331.Dq yes .
332.It Cm KeyRegenerationInterval
333In protocol version 1, the ephemeral server key is automatically regenerated
334after this many seconds (if it has been used).
335The purpose of regeneration is to prevent
336decrypting captured sessions by later breaking into the machine and
337stealing the keys.
338The key is never stored anywhere.
339If the value is 0, the key is never regenerated.
340The default is 3600 (seconds).
341.It Cm ListenAddress
342Specifies the local addresses
343.Nm sshd
344should listen on.
345The following forms may be used:
346.Pp
347.Bl -item -offset indent -compact
348.It
349.Cm ListenAddress
350.Sm off
351.Ar host No | Ar IPv4_addr No | Ar IPv6_addr
352.Sm on
353.It
354.Cm ListenAddress
355.Sm off
356.Ar host No | Ar IPv4_addr No : Ar port
357.Sm on
358.It
359.Cm ListenAddress
360.Sm off
361.Oo
362.Ar host No | Ar IPv6_addr Oc : Ar port
363.Sm on
364.El
365.Pp
366If
367.Ar port
368is not specified,
369.Nm sshd
370will listen on the address and all prior
371.Cm Port
372options specified. The default is to listen on all local
Damien Miller495dca32003-04-01 21:42:14 +1000373addresses.
374Multiple
Ben Lindstrom9f049032002-06-21 00:59:05 +0000375.Cm ListenAddress
376options are permitted. Additionally, any
377.Cm Port
378options must precede this option for non port qualified addresses.
379.It Cm LoginGraceTime
380The server disconnects after this time if the user has not
381successfully logged in.
382If the value is 0, there is no time limit.
Damien Millerc1348632002-09-05 14:35:14 +1000383The default is 120 seconds.
Ben Lindstrom9f049032002-06-21 00:59:05 +0000384.It Cm LogLevel
385Gives the verbosity level that is used when logging messages from
386.Nm sshd .
387The possible values are:
388QUIET, FATAL, ERROR, INFO, VERBOSE, DEBUG, DEBUG1, DEBUG2 and DEBUG3.
Damien Miller495dca32003-04-01 21:42:14 +1000389The default is INFO.
390DEBUG and DEBUG1 are equivalent.
391DEBUG2 and DEBUG3 each specify higher levels of debugging output.
392Logging with a DEBUG level violates the privacy of users and is not recommended.
Ben Lindstrom9f049032002-06-21 00:59:05 +0000393.It Cm MACs
394Specifies the available MAC (message authentication code) algorithms.
395The MAC algorithm is used in protocol version 2
396for data integrity protection.
397Multiple algorithms must be comma-separated.
398The default is
399.Dq hmac-md5,hmac-sha1,hmac-ripemd160,hmac-sha1-96,hmac-md5-96 .
400.It Cm MaxStartups
401Specifies the maximum number of concurrent unauthenticated connections to the
402.Nm sshd
403daemon.
404Additional connections will be dropped until authentication succeeds or the
405.Cm LoginGraceTime
406expires for a connection.
407The default is 10.
408.Pp
409Alternatively, random early drop can be enabled by specifying
410the three colon separated values
411.Dq start:rate:full
412(e.g., "10:30:60").
413.Nm sshd
414will refuse connection attempts with a probability of
415.Dq rate/100
416(30%)
417if there are currently
418.Dq start
419(10)
420unauthenticated connections.
421The probability increases linearly and all connection attempts
422are refused if the number of unauthenticated connections reaches
423.Dq full
424(60).
Damien Miller136d4412002-06-26 23:05:16 +1000425.It Cm PAMAuthenticationViaKbdInt
426Specifies whether PAM challenge response authentication is allowed. This
427allows the use of most PAM challenge response authentication modules, but
428it will allow password authentication regardless of whether
429.Cm PasswordAuthentication
430is enabled.
Ben Lindstrom9f049032002-06-21 00:59:05 +0000431.It Cm PasswordAuthentication
432Specifies whether password authentication is allowed.
433The default is
434.Dq yes .
435.It Cm PermitEmptyPasswords
436When password authentication is allowed, it specifies whether the
437server allows login to accounts with empty password strings.
438The default is
439.Dq no .
440.It Cm PermitRootLogin
441Specifies whether root can login using
442.Xr ssh 1 .
443The argument must be
444.Dq yes ,
445.Dq without-password ,
446.Dq forced-commands-only
447or
448.Dq no .
449The default is
450.Dq yes .
451.Pp
452If this option is set to
453.Dq without-password
454password authentication is disabled for root.
455.Pp
456If this option is set to
457.Dq forced-commands-only
458root login with public key authentication will be allowed,
459but only if the
460.Ar command
461option has been specified
462(which may be useful for taking remote backups even if root login is
463normally not allowed). All other authentication methods are disabled
464for root.
465.Pp
466If this option is set to
467.Dq no
468root is not allowed to login.
Ben Lindstrom5d860f02002-08-01 01:28:38 +0000469.It Cm PermitUserEnvironment
470Specifies whether
471.Pa ~/.ssh/environment
Ben Lindstrombd9bf382002-08-20 18:54:20 +0000472and
Ben Lindstrom5d860f02002-08-01 01:28:38 +0000473.Cm environment=
474options in
475.Pa ~/.ssh/authorized_keys
Ben Lindstrombd9bf382002-08-20 18:54:20 +0000476are processed by
477.Nm sshd .
Ben Lindstrom5d860f02002-08-01 01:28:38 +0000478The default is
479.Dq no .
Ben Lindstrombd9bf382002-08-20 18:54:20 +0000480Enabling environment processing may enable users to bypass access
481restrictions in some configurations using mechanisms such as
482.Ev LD_PRELOAD .
Ben Lindstrom9f049032002-06-21 00:59:05 +0000483.It Cm PidFile
Ben Lindstrom959de992002-06-23 00:35:25 +0000484Specifies the file that contains the process ID of the
Ben Lindstrom9f049032002-06-21 00:59:05 +0000485.Nm sshd
486daemon.
487The default is
488.Pa /var/run/sshd.pid .
489.It Cm Port
490Specifies the port number that
491.Nm sshd
492listens on.
493The default is 22.
494Multiple options of this type are permitted.
495See also
496.Cm ListenAddress .
497.It Cm PrintLastLog
498Specifies whether
499.Nm sshd
500should print the date and time when the user last logged in.
501The default is
502.Dq yes .
503.It Cm PrintMotd
504Specifies whether
505.Nm sshd
506should print
507.Pa /etc/motd
508when a user logs in interactively.
509(On some systems it is also printed by the shell,
510.Pa /etc/profile ,
511or equivalent.)
512The default is
513.Dq yes .
514.It Cm Protocol
515Specifies the protocol versions
516.Nm sshd
Ben Lindstrom9c445542002-07-11 03:59:18 +0000517supports.
Ben Lindstrom9f049032002-06-21 00:59:05 +0000518The possible values are
519.Dq 1
520and
521.Dq 2 .
522Multiple versions must be comma-separated.
523The default is
524.Dq 2,1 .
Ben Lindstrom9c445542002-07-11 03:59:18 +0000525Note that the order of the protocol list does not indicate preference,
526because the client selects among multiple protocol versions offered
527by the server.
528Specifying
529.Dq 2,1
530is identical to
531.Dq 1,2 .
Ben Lindstrom9f049032002-06-21 00:59:05 +0000532.It Cm PubkeyAuthentication
533Specifies whether public key authentication is allowed.
534The default is
535.Dq yes .
536Note that this option applies to protocol version 2 only.
537.It Cm RhostsAuthentication
538Specifies whether authentication using rhosts or /etc/hosts.equiv
539files is sufficient.
540Normally, this method should not be permitted because it is insecure.
541.Cm RhostsRSAAuthentication
542should be used
543instead, because it performs RSA-based host authentication in addition
544to normal rhosts or /etc/hosts.equiv authentication.
545The default is
546.Dq no .
547This option applies to protocol version 1 only.
548.It Cm RhostsRSAAuthentication
549Specifies whether rhosts or /etc/hosts.equiv authentication together
550with successful RSA host authentication is allowed.
551The default is
552.Dq no .
553This option applies to protocol version 1 only.
554.It Cm RSAAuthentication
555Specifies whether pure RSA authentication is allowed.
556The default is
557.Dq yes .
558This option applies to protocol version 1 only.
559.It Cm ServerKeyBits
560Defines the number of bits in the ephemeral protocol version 1 server key.
561The minimum value is 512, and the default is 768.
562.It Cm StrictModes
563Specifies whether
564.Nm sshd
565should check file modes and ownership of the
566user's files and home directory before accepting login.
567This is normally desirable because novices sometimes accidentally leave their
568directory or files world-writable.
569The default is
570.Dq yes .
571.It Cm Subsystem
572Configures an external subsystem (e.g., file transfer daemon).
573Arguments should be a subsystem name and a command to execute upon subsystem
574request.
575The command
576.Xr sftp-server 8
577implements the
578.Dq sftp
579file transfer subsystem.
580By default no subsystems are defined.
581Note that this option applies to protocol version 2 only.
582.It Cm SyslogFacility
583Gives the facility code that is used when logging messages from
584.Nm sshd .
585The possible values are: DAEMON, USER, AUTH, LOCAL0, LOCAL1, LOCAL2,
586LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7.
587The default is AUTH.
588.It Cm UseLogin
589Specifies whether
590.Xr login 1
591is used for interactive login sessions.
592The default is
593.Dq no .
594Note that
595.Xr login 1
596is never used for remote command execution.
597Note also, that if this is enabled,
598.Cm X11Forwarding
599will be disabled because
600.Xr login 1
601does not know how to handle
602.Xr xauth 1
Damien Miller495dca32003-04-01 21:42:14 +1000603cookies.
604If
Ben Lindstrom9f049032002-06-21 00:59:05 +0000605.Cm UsePrivilegeSeparation
606is specified, it will be disabled after authentication.
607.It Cm UsePrivilegeSeparation
608Specifies whether
609.Nm sshd
610separates privileges by creating an unprivileged child process
Damien Miller495dca32003-04-01 21:42:14 +1000611to deal with incoming network traffic.
612After successful authentication, another process will be created that has
613the privilege of the authenticated user.
614The goal of privilege separation is to prevent privilege
Ben Lindstrom9f049032002-06-21 00:59:05 +0000615escalation by containing any corruption within the unprivileged processes.
616The default is
617.Dq yes .
618.It Cm VerifyReverseMapping
619Specifies whether
620.Nm sshd
621should try to verify the remote host name and check that
622the resolved host name for the remote IP address maps back to the
623very same IP address.
624The default is
625.Dq no .
626.It Cm X11DisplayOffset
627Specifies the first display number available for
628.Nm sshd Ns 's
629X11 forwarding.
630This prevents
631.Nm sshd
632from interfering with real X11 servers.
633The default is 10.
634.It Cm X11Forwarding
635Specifies whether X11 forwarding is permitted.
Damien Miller101c4a72002-09-19 11:51:21 +1000636The argument must be
637.Dq yes
638or
639.Dq no .
Ben Lindstrom9f049032002-06-21 00:59:05 +0000640The default is
641.Dq no .
Damien Miller101c4a72002-09-19 11:51:21 +1000642.Pp
643When X11 forwarding is enabled, there may be additional exposure to
644the server and to client displays if the
645.Nm sshd
646proxy display is configured to listen on the wildcard address (see
647.Cm X11UseLocalhost
648below), however this is not the default.
649Additionally, the authentication spoofing and authentication data
650verification and substitution occur on the client side.
651The security risk of using X11 forwarding is that the client's X11
652display server may be exposed to attack when the ssh client requests
653forwarding (see the warnings for
654.Cm ForwardX11
655in
656.Xr ssh_config 5 ).
657A system administrator may have a stance in which they want to
658protect clients that may expose themselves to attack by unwittingly
659requesting X11 forwarding, which can warrant a
660.Dq no
661setting.
662.Pp
663Note that disabling X11 forwarding does not prevent users from
664forwarding X11 traffic, as users can always install their own forwarders.
Ben Lindstrom9f049032002-06-21 00:59:05 +0000665X11 forwarding is automatically disabled if
666.Cm UseLogin
667is enabled.
668.It Cm X11UseLocalhost
669Specifies whether
670.Nm sshd
671should bind the X11 forwarding server to the loopback address or to
Damien Miller495dca32003-04-01 21:42:14 +1000672the wildcard address.
673By default,
Ben Lindstrom9f049032002-06-21 00:59:05 +0000674.Nm sshd
675binds the forwarding server to the loopback address and sets the
676hostname part of the
677.Ev DISPLAY
678environment variable to
679.Dq localhost .
Ben Lindstrom15b61202002-08-20 18:44:24 +0000680This prevents remote hosts from connecting to the proxy display.
Ben Lindstrom9f049032002-06-21 00:59:05 +0000681However, some older X11 clients may not function with this
682configuration.
683.Cm X11UseLocalhost
684may be set to
685.Dq no
686to specify that the forwarding server should be bound to the wildcard
687address.
688The argument must be
689.Dq yes
690or
691.Dq no .
692The default is
693.Dq yes .
694.It Cm XAuthLocation
Damien Miller05913ba2002-09-04 16:51:03 +1000695Specifies the full pathname of the
Ben Lindstrom9f049032002-06-21 00:59:05 +0000696.Xr xauth 1
697program.
698The default is
699.Pa /usr/X11R6/bin/xauth .
700.El
701.Ss Time Formats
702.Pp
703.Nm sshd
704command-line arguments and configuration file options that specify time
705may be expressed using a sequence of the form:
706.Sm off
Ben Lindstrom1f8cf4f2002-08-20 18:43:27 +0000707.Ar time Op Ar qualifier ,
Ben Lindstrom9f049032002-06-21 00:59:05 +0000708.Sm on
709where
710.Ar time
711is a positive integer value and
712.Ar qualifier
713is one of the following:
714.Pp
715.Bl -tag -width Ds -compact -offset indent
716.It Cm <none>
717seconds
718.It Cm s | Cm S
719seconds
720.It Cm m | Cm M
721minutes
722.It Cm h | Cm H
723hours
724.It Cm d | Cm D
725days
726.It Cm w | Cm W
727weeks
728.El
729.Pp
730Each member of the sequence is added together to calculate
731the total time value.
732.Pp
733Time format examples:
734.Pp
735.Bl -tag -width Ds -compact -offset indent
736.It 600
737600 seconds (10 minutes)
738.It 10m
73910 minutes
740.It 1h30m
7411 hour 30 minutes (90 minutes)
742.El
743.Sh FILES
744.Bl -tag -width Ds
745.It Pa /etc/ssh/sshd_config
746Contains configuration data for
747.Nm sshd .
748This file should be writable by root only, but it is recommended
749(though not necessary) that it be world-readable.
750.El
751.Sh AUTHORS
752OpenSSH is a derivative of the original and free
753ssh 1.2.12 release by Tatu Ylonen.
754Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos,
755Theo de Raadt and Dug Song
756removed many bugs, re-added newer features and
757created OpenSSH.
758Markus Friedl contributed the support for SSH
759protocol versions 1.5 and 2.0.
760Niels Provos and Markus Friedl contributed support
761for privilege separation.
762.Sh SEE ALSO
763.Xr sshd 8