blob: d2c4db55b51b122bcd8f7768734e08b41d6bf8b4 [file] [log] [blame]
Ben Lindstrom9f049032002-06-21 00:59:05 +00001.\"
2.\" Author: Tatu Ylonen <ylo@cs.hut.fi>
3.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
4.\" All rights reserved
5.\"
6.\" As far as I am concerned, the code I have written for this software
7.\" can be used freely for any purpose. Any derived versions of this
8.\" software must be clearly marked as such, and if the derived work is
9.\" incompatible with the protocol description in the RFC file, it must be
10.\" called by a name other than "ssh" or "Secure Shell".
11.\"
12.\" Copyright (c) 1999,2000 Markus Friedl. All rights reserved.
13.\" Copyright (c) 1999 Aaron Campbell. All rights reserved.
14.\" Copyright (c) 1999 Theo de Raadt. All rights reserved.
15.\"
16.\" Redistribution and use in source and binary forms, with or without
17.\" modification, are permitted provided that the following conditions
18.\" are met:
19.\" 1. Redistributions of source code must retain the above copyright
20.\" notice, this list of conditions and the following disclaimer.
21.\" 2. Redistributions in binary form must reproduce the above copyright
22.\" notice, this list of conditions and the following disclaimer in the
23.\" documentation and/or other materials provided with the distribution.
24.\"
25.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
26.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
27.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
28.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
29.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
30.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
31.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
32.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
33.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
34.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
35.\"
Damien Milleraa5b3f82012-12-03 09:50:54 +110036.\" $OpenBSD: sshd_config.5,v 1.150 2012/12/02 20:46:11 djm Exp $
37.Dd $Mdocdate: December 2 2012 $
Ben Lindstrom9f049032002-06-21 00:59:05 +000038.Dt SSHD_CONFIG 5
39.Os
40.Sh NAME
41.Nm sshd_config
42.Nd OpenSSH SSH daemon configuration file
43.Sh SYNOPSIS
Damien Millerd94fc722007-01-05 16:29:30 +110044.Nm /etc/ssh/sshd_config
Ben Lindstrom9f049032002-06-21 00:59:05 +000045.Sh DESCRIPTION
Damien Millerf4f22b52006-03-15 11:57:25 +110046.Xr sshd 8
Ben Lindstrom9f049032002-06-21 00:59:05 +000047reads configuration data from
48.Pa /etc/ssh/sshd_config
49(or the file specified with
50.Fl f
51on the command line).
52The file contains keyword-argument pairs, one per line.
53Lines starting with
54.Ql #
55and empty lines are interpreted as comments.
Damien Miller306d1182006-03-15 12:05:59 +110056Arguments may optionally be enclosed in double quotes
57.Pq \&"
58in order to represent arguments containing spaces.
Ben Lindstrom9f049032002-06-21 00:59:05 +000059.Pp
60The possible
61keywords and their meanings are as follows (note that
62keywords are case-insensitive and arguments are case-sensitive):
63.Bl -tag -width Ds
Darren Tucker46bc0752004-05-02 22:11:30 +100064.It Cm AcceptEnv
65Specifies what environment variables sent by the client will be copied into
66the session's
67.Xr environ 7 .
68See
69.Cm SendEnv
70in
71.Xr ssh_config 5
72for how to configure the client.
Darren Tucker1e0c9bf2004-05-02 22:12:48 +100073Note that environment passing is only supported for protocol 2.
Darren Tucker46bc0752004-05-02 22:11:30 +100074Variables are specified by name, which may contain the wildcard characters
Damien Miller208f1ed2006-03-15 11:56:03 +110075.Ql *
Darren Tucker46bc0752004-05-02 22:11:30 +100076and
77.Ql \&? .
Darren Tucker1e0c9bf2004-05-02 22:12:48 +100078Multiple environment variables may be separated by whitespace or spread
Darren Tucker46bc0752004-05-02 22:11:30 +100079across multiple
80.Cm AcceptEnv
81directives.
Darren Tucker1e0c9bf2004-05-02 22:12:48 +100082Be warned that some environment variables could be used to bypass restricted
Darren Tucker46bc0752004-05-02 22:11:30 +100083user environments.
84For this reason, care should be taken in the use of this directive.
85The default is not to accept any environment variables.
Darren Tucker0f383232005-01-20 10:57:56 +110086.It Cm AddressFamily
87Specifies which address family should be used by
Damien Millerf4f22b52006-03-15 11:57:25 +110088.Xr sshd 8 .
Darren Tucker0f383232005-01-20 10:57:56 +110089Valid arguments are
90.Dq any ,
91.Dq inet
Damien Miller5b0d63f2006-03-15 11:56:56 +110092(use IPv4 only), or
Darren Tucker0f383232005-01-20 10:57:56 +110093.Dq inet6
94(use IPv6 only).
95The default is
96.Dq any .
Damien Millere9890192008-05-19 14:59:02 +100097.It Cm AllowAgentForwarding
98Specifies whether
99.Xr ssh-agent 1
100forwarding is permitted.
101The default is
102.Dq yes .
103Note that disabling agent forwarding does not improve security
104unless users are also denied shell access, as they can always install
105their own forwarders.
Ben Lindstrom9f049032002-06-21 00:59:05 +0000106.It Cm AllowGroups
107This keyword can be followed by a list of group name patterns, separated
108by spaces.
109If specified, login is allowed only for users whose primary
110group or supplementary group list matches one of the patterns.
Ben Lindstrom9f049032002-06-21 00:59:05 +0000111Only group names are valid; a numerical group ID is not recognized.
112By default, login is allowed for all groups.
Damien Millerac73e512006-03-15 11:58:49 +1100113The allow/deny directives are processed in the following order:
114.Cm DenyUsers ,
115.Cm AllowUsers ,
116.Cm DenyGroups ,
117and finally
118.Cm AllowGroups .
Damien Miller0c2079d2006-03-15 11:54:21 +1100119.Pp
120See
121.Sx PATTERNS
122in
123.Xr ssh_config 5
124for more information on patterns.
Ben Lindstrom9f049032002-06-21 00:59:05 +0000125.It Cm AllowTcpForwarding
126Specifies whether TCP forwarding is permitted.
Damien Milleraa5b3f82012-12-03 09:50:54 +1100127The available options are
128.Dq yes
129or
130.Dq all
131to allow TCP forwarding,
132.Dq no
133to prevent all TCP forwarding,
134.Dq local
135to allow local (from the perspective of
136.Xr ssh 1 ) forwarding only or
137.Dq remote
138to allow remote forwarding only.
Ben Lindstrom9f049032002-06-21 00:59:05 +0000139The default is
140.Dq yes .
141Note that disabling TCP forwarding does not improve security unless
142users are also denied shell access, as they can always install their
143own forwarders.
Ben Lindstrom9f049032002-06-21 00:59:05 +0000144.It Cm AllowUsers
145This keyword can be followed by a list of user name patterns, separated
146by spaces.
Damien Miller5a93add2003-01-24 11:34:52 +1100147If specified, login is allowed only for user names that
Ben Lindstrom9f049032002-06-21 00:59:05 +0000148match one of the patterns.
Ben Lindstrom9f049032002-06-21 00:59:05 +0000149Only user names are valid; a numerical user ID is not recognized.
150By default, login is allowed for all users.
151If the pattern takes the form USER@HOST then USER and HOST
152are separately checked, restricting logins to particular
153users from particular hosts.
Damien Millerac73e512006-03-15 11:58:49 +1100154The allow/deny directives are processed in the following order:
155.Cm DenyUsers ,
156.Cm AllowUsers ,
157.Cm DenyGroups ,
158and finally
159.Cm AllowGroups .
Damien Miller0c2079d2006-03-15 11:54:21 +1100160.Pp
161See
162.Sx PATTERNS
163in
164.Xr ssh_config 5
165for more information on patterns.
Damien Millera6e3f012012-11-04 23:21:40 +1100166.It Cm AuthenticationMethods
167Specifies the authentication methods that must be successfully completed
168for a user to be granted access.
169This option must be followed by one or more comma-separated lists of
170authentication method names.
171Successful authentication requires completion of every method in at least
172one of these lists.
173.Pp
174For example, an argument of
175.Dq publickey,password publickey,keyboard-interactive
176would require the user to complete public key authentication, followed by
177either password or keyboard interactive authentication.
178Only methods that are next in one or more lists are offered at each stage,
179so for this example, it would not be possible to attempt password or
180keyboard-interactive authentication before public key.
181.Pp
182This option is only available for SSH protocol 2 and will yield a fatal
183error if enabled if protocol 1 is also enabled.
184Note that each authentication method listed should also be explicitly enabled
185in the configuration.
186The default is not to require multiple authentication; successful completion
187of a single authentication method is sufficient.
Damien Miller09d3e122012-10-31 08:58:58 +1100188.It Cm AuthorizedKeysCommand
Damien Millerf33580e2012-11-04 22:22:52 +1100189Specifies a program to be used to look up the user's public keys.
Damien Miller09d3e122012-10-31 08:58:58 +1100190The program will be invoked with a single argument of the username
191being authenticated, and should produce on standard output zero or
Damien Millerf33580e2012-11-04 22:22:52 +1100192more lines of authorized_keys output (see
193.Sx AUTHORIZED_KEYS
194in
195.Xr sshd 8 ) .
Damien Miller09d3e122012-10-31 08:58:58 +1100196If a key supplied by AuthorizedKeysCommand does not successfully authenticate
197and authorize the user then public key authentication continues using the usual
198.Cm AuthorizedKeysFile
199files.
200By default, no AuthorizedKeysCommand is run.
201.It Cm AuthorizedKeysCommandUser
202Specifies the user under whose account the AuthorizedKeysCommand is run.
Damien Miller09d3e122012-10-31 08:58:58 +1100203It is recommended to use a dedicated user that has no other role on the host
204than running authorized keys commands.
Ben Lindstrom9f049032002-06-21 00:59:05 +0000205.It Cm AuthorizedKeysFile
206Specifies the file that contains the public keys that can be used
207for user authentication.
Damien Miller6018a362010-07-02 13:35:19 +1000208The format is described in the
209.Sx AUTHORIZED_KEYS FILE FORMAT
210section of
211.Xr sshd 8 .
Ben Lindstrom9f049032002-06-21 00:59:05 +0000212.Cm AuthorizedKeysFile
213may contain tokens of the form %T which are substituted during connection
Damien Miller5b0d63f2006-03-15 11:56:56 +1100214setup.
Damien Millerfbf486b2003-05-23 18:44:23 +1000215The following tokens are defined: %% is replaced by a literal '%',
Damien Miller5b0d63f2006-03-15 11:56:56 +1100216%h is replaced by the home directory of the user being authenticated, and
Ben Lindstrom9f049032002-06-21 00:59:05 +0000217%u is replaced by the username of that user.
218After expansion,
219.Cm AuthorizedKeysFile
220is taken to be an absolute path or one relative to the user's home
221directory.
Damien Millerb9132fc2011-05-29 21:41:40 +1000222Multiple files may be listed, separated by whitespace.
223The default is
224.Dq .ssh/authorized_keys .ssh/authorized_keys2 .
Damien Miller30da3442010-05-10 11:58:03 +1000225.It Cm AuthorizedPrincipalsFile
226Specifies a file that lists principal names that are accepted for
227certificate authentication.
228When using certificates signed by a key listed in
229.Cm TrustedUserCAKeys ,
230this file lists names, one of which must appear in the certificate for it
231to be accepted for authentication.
Damien Millerd59dab82010-07-02 13:37:17 +1000232Names are listed one per line preceded by key options (as described
Damien Miller6018a362010-07-02 13:35:19 +1000233in
234.Sx AUTHORIZED_KEYS FILE FORMAT
235in
Damien Millerd59dab82010-07-02 13:37:17 +1000236.Xr sshd 8 ) .
Damien Miller6018a362010-07-02 13:35:19 +1000237Empty lines and comments starting with
Damien Miller30da3442010-05-10 11:58:03 +1000238.Ql #
239are ignored.
240.Pp
241.Cm AuthorizedPrincipalsFile
242may contain tokens of the form %T which are substituted during connection
243setup.
244The following tokens are defined: %% is replaced by a literal '%',
245%h is replaced by the home directory of the user being authenticated, and
246%u is replaced by the username of that user.
247After expansion,
248.Cm AuthorizedPrincipalsFile
249is taken to be an absolute path or one relative to the user's home
250directory.
251.Pp
Damien Miller8fef9eb2012-04-22 11:25:10 +1000252The default is
253.Dq none ,
254i.e. not to use a principals file \(en in this case, the username
Damien Miller30da3442010-05-10 11:58:03 +1000255of the user must appear in a certificate's principals list for it to be
256accepted.
257Note that
258.Cm AuthorizedPrincipalsFile
259is only used when authentication proceeds using a CA listed in
260.Cm TrustedUserCAKeys
261and is not consulted for certification authorities trusted via
262.Pa ~/.ssh/authorized_keys ,
263though the
264.Cm principals=
265key option offers a similar facility (see
266.Xr sshd 8
267for details).
Ben Lindstrom9f049032002-06-21 00:59:05 +0000268.It Cm Banner
Ben Lindstrom9f049032002-06-21 00:59:05 +0000269The contents of the specified file are sent to the remote user before
270authentication is allowed.
Damien Miller4890e532007-09-17 11:57:38 +1000271If the argument is
272.Dq none
273then no banner is displayed.
Ben Lindstrom9f049032002-06-21 00:59:05 +0000274This option is only available for protocol version 2.
275By default, no banner is displayed.
Ben Lindstrom9f049032002-06-21 00:59:05 +0000276.It Cm ChallengeResponseAuthentication
Damien Miller9c7bf8d2009-08-28 10:27:08 +1000277Specifies whether challenge-response authentication is allowed (e.g. via
278PAM or though authentication styles supported in
279.Xr login.conf 5 )
Ben Lindstrom9f049032002-06-21 00:59:05 +0000280The default is
281.Dq yes .
Damien Millerd8cb1f12008-02-10 22:40:12 +1100282.It Cm ChrootDirectory
Darren Tuckerb8c884a2010-01-08 18:53:43 +1100283Specifies the pathname of a directory to
Damien Millerd8cb1f12008-02-10 22:40:12 +1100284.Xr chroot 2
285to after authentication.
Darren Tuckerb8c884a2010-01-08 18:53:43 +1100286All components of the pathname must be root-owned directories that are
Damien Millerd8cb1f12008-02-10 22:40:12 +1100287not writable by any other user or group.
Darren Tucker51dbe502009-06-21 17:56:51 +1000288After the chroot,
289.Xr sshd 8
290changes the working directory to the user's home directory.
Damien Millerd8cb1f12008-02-10 22:40:12 +1100291.Pp
Darren Tuckerb8c884a2010-01-08 18:53:43 +1100292The pathname may contain the following tokens that are expanded at runtime once
Damien Millerd8cb1f12008-02-10 22:40:12 +1100293the connecting user has been authenticated: %% is replaced by a literal '%',
294%h is replaced by the home directory of the user being authenticated, and
295%u is replaced by the username of that user.
296.Pp
297The
298.Cm ChrootDirectory
299must contain the necessary files and directories to support the
Darren Tuckeraf501cf2009-06-21 17:53:04 +1000300user's session.
Damien Millerd8cb1f12008-02-10 22:40:12 +1100301For an interactive session this requires at least a shell, typically
302.Xr sh 1 ,
303and basic
304.Pa /dev
305nodes such as
306.Xr null 4 ,
307.Xr zero 4 ,
308.Xr stdin 4 ,
309.Xr stdout 4 ,
310.Xr stderr 4 ,
311.Xr arandom 4
312and
313.Xr tty 4
314devices.
315For file transfer sessions using
Darren Tuckerf92077f2009-06-21 17:56:25 +1000316.Dq sftp ,
Damien Millerd8cb1f12008-02-10 22:40:12 +1100317no additional configuration of the environment is necessary if the
Darren Tuckerf92077f2009-06-21 17:56:25 +1000318in-process sftp server is used,
319though sessions which use logging do require
Darren Tucker00fcd712009-06-21 17:56:00 +1000320.Pa /dev/log
321inside the chroot directory (see
322.Xr sftp-server 8
323for details).
Damien Millerd8cb1f12008-02-10 22:40:12 +1100324.Pp
325The default is not to
326.Xr chroot 2 .
Ben Lindstrom9f049032002-06-21 00:59:05 +0000327.It Cm Ciphers
328Specifies the ciphers allowed for protocol version 2.
329Multiple ciphers must be comma-separated.
Damien Miller05202ff2004-06-15 10:30:39 +1000330The supported ciphers are
331.Dq 3des-cbc ,
332.Dq aes128-cbc ,
333.Dq aes192-cbc ,
334.Dq aes256-cbc ,
335.Dq aes128-ctr ,
336.Dq aes192-ctr ,
337.Dq aes256-ctr ,
Damien Miller3710f272005-05-26 12:19:17 +1000338.Dq arcfour128 ,
339.Dq arcfour256 ,
Damien Miller05202ff2004-06-15 10:30:39 +1000340.Dq arcfour ,
341.Dq blowfish-cbc ,
342and
343.Dq cast128-cbc .
Damien Miller5b0d63f2006-03-15 11:56:56 +1100344The default is:
345.Bd -literal -offset 3n
Damien Miller9aa72ba2009-01-28 16:34:00 +1100346aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,
347aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,
348aes256-cbc,arcfour
Ben Lindstrom9f049032002-06-21 00:59:05 +0000349.Ed
Ben Lindstrom9f049032002-06-21 00:59:05 +0000350.It Cm ClientAliveCountMax
Damien Millerb7977702006-01-03 18:47:31 +1100351Sets the number of client alive messages (see below) which may be
Ben Lindstrom9f049032002-06-21 00:59:05 +0000352sent without
Damien Miller5b0d63f2006-03-15 11:56:56 +1100353.Xr sshd 8
Damien Millerfbf486b2003-05-23 18:44:23 +1000354receiving any messages back from the client.
355If this threshold is reached while client alive messages are being sent,
Damien Miller5b0d63f2006-03-15 11:56:56 +1100356sshd will disconnect the client, terminating the session.
Damien Millerfbf486b2003-05-23 18:44:23 +1000357It is important to note that the use of client alive messages is very
358different from
Damien Miller12c150e2003-12-17 16:31:10 +1100359.Cm TCPKeepAlive
Damien Millerfbf486b2003-05-23 18:44:23 +1000360(below).
361The client alive messages are sent through the encrypted channel
362and therefore will not be spoofable.
363The TCP keepalive option enabled by
Damien Miller12c150e2003-12-17 16:31:10 +1100364.Cm TCPKeepAlive
Damien Millerfbf486b2003-05-23 18:44:23 +1000365is spoofable.
366The client alive mechanism is valuable when the client or
Ben Lindstrom9f049032002-06-21 00:59:05 +0000367server depend on knowing when a connection has become inactive.
368.Pp
Damien Millerfbf486b2003-05-23 18:44:23 +1000369The default value is 3.
370If
Ben Lindstrom9f049032002-06-21 00:59:05 +0000371.Cm ClientAliveInterval
Damien Millerb7977702006-01-03 18:47:31 +1100372(see below) is set to 15, and
Ben Lindstrom9f049032002-06-21 00:59:05 +0000373.Cm ClientAliveCountMax
Damien Miller5b0d63f2006-03-15 11:56:56 +1100374is left at the default, unresponsive SSH clients
Ben Lindstrom9f049032002-06-21 00:59:05 +0000375will be disconnected after approximately 45 seconds.
Damien Millercc3e8ba2006-03-15 12:06:55 +1100376This option applies to protocol version 2 only.
Damien Miller1594ad52005-05-26 12:12:19 +1000377.It Cm ClientAliveInterval
378Sets a timeout interval in seconds after which if no data has been received
379from the client,
Damien Miller5b0d63f2006-03-15 11:56:56 +1100380.Xr sshd 8
Damien Miller1594ad52005-05-26 12:12:19 +1000381will send a message through the encrypted
382channel to request a response from the client.
383The default
384is 0, indicating that these messages will not be sent to the client.
385This option applies to protocol version 2 only.
Ben Lindstrom9f049032002-06-21 00:59:05 +0000386.It Cm Compression
Damien Miller9786e6e2005-07-26 21:54:56 +1000387Specifies whether compression is allowed, or delayed until
388the user has authenticated successfully.
Ben Lindstrom9f049032002-06-21 00:59:05 +0000389The argument must be
Damien Miller9786e6e2005-07-26 21:54:56 +1000390.Dq yes ,
391.Dq delayed ,
Ben Lindstrom9f049032002-06-21 00:59:05 +0000392or
393.Dq no .
394The default is
Damien Miller9786e6e2005-07-26 21:54:56 +1000395.Dq delayed .
Ben Lindstrom9f049032002-06-21 00:59:05 +0000396.It Cm DenyGroups
397This keyword can be followed by a list of group name patterns, separated
398by spaces.
399Login is disallowed for users whose primary group or supplementary
400group list matches one of the patterns.
Ben Lindstrom9f049032002-06-21 00:59:05 +0000401Only group names are valid; a numerical group ID is not recognized.
402By default, login is allowed for all groups.
Damien Millerac73e512006-03-15 11:58:49 +1100403The allow/deny directives are processed in the following order:
404.Cm DenyUsers ,
405.Cm AllowUsers ,
406.Cm DenyGroups ,
407and finally
408.Cm AllowGroups .
Damien Miller0c2079d2006-03-15 11:54:21 +1100409.Pp
410See
411.Sx PATTERNS
412in
413.Xr ssh_config 5
414for more information on patterns.
Ben Lindstrom9f049032002-06-21 00:59:05 +0000415.It Cm DenyUsers
416This keyword can be followed by a list of user name patterns, separated
417by spaces.
418Login is disallowed for user names that match one of the patterns.
Ben Lindstrom9f049032002-06-21 00:59:05 +0000419Only user names are valid; a numerical user ID is not recognized.
420By default, login is allowed for all users.
421If the pattern takes the form USER@HOST then USER and HOST
422are separately checked, restricting logins to particular
423users from particular hosts.
Damien Millerac73e512006-03-15 11:58:49 +1100424The allow/deny directives are processed in the following order:
425.Cm DenyUsers ,
426.Cm AllowUsers ,
427.Cm DenyGroups ,
428and finally
429.Cm AllowGroups .
Damien Miller0c2079d2006-03-15 11:54:21 +1100430.Pp
431See
432.Sx PATTERNS
433in
434.Xr ssh_config 5
435for more information on patterns.
Damien Millere2754432006-07-24 14:06:47 +1000436.It Cm ForceCommand
437Forces the execution of the command specified by
438.Cm ForceCommand ,
Damien Millera1b48cc2008-03-27 11:02:02 +1100439ignoring any command supplied by the client and
440.Pa ~/.ssh/rc
441if present.
Damien Millere2754432006-07-24 14:06:47 +1000442The command is invoked by using the user's login shell with the -c option.
443This applies to shell, command, or subsystem execution.
444It is most useful inside a
445.Cm Match
446block.
447The command originally supplied by the client is available in the
448.Ev SSH_ORIGINAL_COMMAND
449environment variable.
Damien Millercdb6e652008-02-10 22:47:24 +1100450Specifying a command of
451.Dq internal-sftp
452will force the use of an in-process sftp server that requires no support
453files when used with
454.Cm ChrootDirectory .
Ben Lindstrom9f049032002-06-21 00:59:05 +0000455.It Cm GatewayPorts
456Specifies whether remote hosts are allowed to connect to ports
457forwarded for the client.
458By default,
Damien Miller5b0d63f2006-03-15 11:56:56 +1100459.Xr sshd 8
Damien Miller495dca32003-04-01 21:42:14 +1000460binds remote port forwardings to the loopback address.
461This prevents other remote hosts from connecting to forwarded ports.
Ben Lindstrom9f049032002-06-21 00:59:05 +0000462.Cm GatewayPorts
Damien Miller5b0d63f2006-03-15 11:56:56 +1100463can be used to specify that sshd
Damien Millerf91ee4c2005-03-01 21:24:33 +1100464should allow remote port forwardings to bind to non-loopback addresses, thus
465allowing other hosts to connect.
466The argument may be
467.Dq no
468to force remote port forwardings to be available to the local host only,
Ben Lindstrom9f049032002-06-21 00:59:05 +0000469.Dq yes
Damien Millerf91ee4c2005-03-01 21:24:33 +1100470to force remote port forwardings to bind to the wildcard address, or
471.Dq clientspecified
472to allow the client to select the address to which the forwarding is bound.
Ben Lindstrom9f049032002-06-21 00:59:05 +0000473The default is
474.Dq no .
Darren Tucker0efd1552003-08-26 11:49:55 +1000475.It Cm GSSAPIAuthentication
Damien Miller9b7b03b2003-09-02 22:57:05 +1000476Specifies whether user authentication based on GSSAPI is allowed.
Damien Millera8e06ce2003-11-21 23:48:55 +1100477The default is
Darren Tucker0efd1552003-08-26 11:49:55 +1000478.Dq no .
479Note that this option applies to protocol version 2 only.
480.It Cm GSSAPICleanupCredentials
481Specifies whether to automatically destroy the user's credentials cache
482on logout.
483The default is
484.Dq yes .
485Note that this option applies to protocol version 2 only.
Ben Lindstrom9f049032002-06-21 00:59:05 +0000486.It Cm HostbasedAuthentication
487Specifies whether rhosts or /etc/hosts.equiv authentication together
488with successful public key client host authentication is allowed
Damien Miller1faa7132006-03-15 11:55:31 +1100489(host-based authentication).
Ben Lindstrom9f049032002-06-21 00:59:05 +0000490This option is similar to
491.Cm RhostsRSAAuthentication
492and applies to protocol version 2 only.
493The default is
494.Dq no .
Damien Millerb594f382006-08-30 11:06:34 +1000495.It Cm HostbasedUsesNameFromPacketOnly
496Specifies whether or not the server will attempt to perform a reverse
497name lookup when matching the name in the
498.Pa ~/.shosts ,
499.Pa ~/.rhosts ,
500and
501.Pa /etc/hosts.equiv
502files during
503.Cm HostbasedAuthentication .
504A setting of
505.Dq yes
506means that
507.Xr sshd 8
508uses the name supplied by the client rather than
509attempting to resolve the name from the TCP connection itself.
510The default is
511.Dq no .
Damien Miller0a80ca12010-02-27 07:55:05 +1100512.It Cm HostCertificate
513Specifies a file containing a public host certificate.
514The certificate's public key must match a private host key already specified
515by
516.Cm HostKey .
517The default behaviour of
518.Xr sshd 8
519is not to load any certificates.
Ben Lindstrom9f049032002-06-21 00:59:05 +0000520.It Cm HostKey
521Specifies a file containing a private host key
522used by SSH.
523The default is
524.Pa /etc/ssh/ssh_host_key
525for protocol version 1, and
Damien Millereb8b60e2010-08-31 22:41:14 +1000526.Pa /etc/ssh/ssh_host_dsa_key ,
527.Pa /etc/ssh/ssh_host_ecdsa_key
Ben Lindstrom9f049032002-06-21 00:59:05 +0000528and
Damien Millereb8b60e2010-08-31 22:41:14 +1000529.Pa /etc/ssh/ssh_host_rsa_key
Ben Lindstrom9f049032002-06-21 00:59:05 +0000530for protocol version 2.
531Note that
Damien Miller5b0d63f2006-03-15 11:56:56 +1100532.Xr sshd 8
Ben Lindstrom9f049032002-06-21 00:59:05 +0000533will refuse to use a file if it is group/world-accessible.
534It is possible to have multiple host key files.
535.Dq rsa1
536keys are used for version 1 and
Damien Millereb8b60e2010-08-31 22:41:14 +1000537.Dq dsa ,
538.Dq ecdsa
Ben Lindstrom9f049032002-06-21 00:59:05 +0000539or
540.Dq rsa
541are used for version 2 of the SSH protocol.
542.It Cm IgnoreRhosts
543Specifies that
544.Pa .rhosts
545and
546.Pa .shosts
547files will not be used in
Ben Lindstrom9f049032002-06-21 00:59:05 +0000548.Cm RhostsRSAAuthentication
549or
550.Cm HostbasedAuthentication .
551.Pp
552.Pa /etc/hosts.equiv
553and
554.Pa /etc/shosts.equiv
555are still used.
556The default is
557.Dq yes .
558.It Cm IgnoreUserKnownHosts
559Specifies whether
Damien Miller5b0d63f2006-03-15 11:56:56 +1100560.Xr sshd 8
Ben Lindstrom9f049032002-06-21 00:59:05 +0000561should ignore the user's
Damien Miller167ea5d2005-05-26 12:04:02 +1000562.Pa ~/.ssh/known_hosts
Ben Lindstrom9f049032002-06-21 00:59:05 +0000563during
564.Cm RhostsRSAAuthentication
565or
566.Cm HostbasedAuthentication .
567The default is
568.Dq no .
Damien Miller0dac6fb2010-11-20 15:19:38 +1100569.It Cm IPQoS
570Specifies the IPv4 type-of-service or DSCP class for the connection.
571Accepted values are
572.Dq af11 ,
573.Dq af12 ,
574.Dq af13 ,
Damien Millerf6e758c2011-09-22 21:37:13 +1000575.Dq af21 ,
Damien Miller0dac6fb2010-11-20 15:19:38 +1100576.Dq af22 ,
577.Dq af23 ,
578.Dq af31 ,
579.Dq af32 ,
580.Dq af33 ,
581.Dq af41 ,
582.Dq af42 ,
583.Dq af43 ,
584.Dq cs0 ,
585.Dq cs1 ,
586.Dq cs2 ,
587.Dq cs3 ,
588.Dq cs4 ,
589.Dq cs5 ,
590.Dq cs6 ,
591.Dq cs7 ,
592.Dq ef ,
593.Dq lowdelay ,
594.Dq throughput ,
595.Dq reliability ,
596or a numeric value.
Damien Miller928362d2010-12-26 14:26:45 +1100597This option may take one or two arguments, separated by whitespace.
Damien Miller0dac6fb2010-11-20 15:19:38 +1100598If one argument is specified, it is used as the packet class unconditionally.
599If two values are specified, the first is automatically selected for
600interactive sessions and the second for non-interactive sessions.
601The default is
602.Dq lowdelay
603for interactive sessions and
604.Dq throughput
605for non-interactive sessions.
Ben Lindstrom9f049032002-06-21 00:59:05 +0000606.It Cm KerberosAuthentication
Damien Miller1a0c0b92003-09-02 22:51:17 +1000607Specifies whether the password provided by the user for
Ben Lindstrom9f049032002-06-21 00:59:05 +0000608.Cm PasswordAuthentication
Damien Miller1a0c0b92003-09-02 22:51:17 +1000609will be validated through the Kerberos KDC.
Ben Lindstrom9f049032002-06-21 00:59:05 +0000610To use this option, the server needs a
611Kerberos servtab which allows the verification of the KDC's identity.
Damien Miller5b0d63f2006-03-15 11:56:56 +1100612The default is
Ben Lindstrom9f049032002-06-21 00:59:05 +0000613.Dq no .
Damien Miller8448e662004-03-08 23:13:15 +1100614.It Cm KerberosGetAFSToken
Darren Tuckere2dd2d52005-10-03 18:19:06 +1000615If AFS is active and the user has a Kerberos 5 TGT, attempt to acquire
Damien Miller8448e662004-03-08 23:13:15 +1100616an AFS token before accessing the user's home directory.
Damien Miller5b0d63f2006-03-15 11:56:56 +1100617The default is
Damien Miller8448e662004-03-08 23:13:15 +1100618.Dq no .
Ben Lindstrom9f049032002-06-21 00:59:05 +0000619.It Cm KerberosOrLocalPasswd
Damien Miller5b0d63f2006-03-15 11:56:56 +1100620If password authentication through Kerberos fails then
Ben Lindstrom9f049032002-06-21 00:59:05 +0000621the password will be validated via any additional local mechanism
622such as
623.Pa /etc/passwd .
Damien Miller5b0d63f2006-03-15 11:56:56 +1100624The default is
Ben Lindstrom9f049032002-06-21 00:59:05 +0000625.Dq yes .
Ben Lindstrom9f049032002-06-21 00:59:05 +0000626.It Cm KerberosTicketCleanup
627Specifies whether to automatically destroy the user's ticket cache
628file on logout.
Damien Miller5b0d63f2006-03-15 11:56:56 +1100629The default is
Ben Lindstrom9f049032002-06-21 00:59:05 +0000630.Dq yes .
Damien Millerd5f62bf2010-09-24 22:11:14 +1000631.It Cm KexAlgorithms
632Specifies the available KEX (Key Exchange) algorithms.
633Multiple algorithms must be comma-separated.
634The default is
635.Dq ecdh-sha2-nistp256 ,
636.Dq ecdh-sha2-nistp384 ,
637.Dq ecdh-sha2-nistp521 ,
Damien Miller0a184732010-11-20 15:21:03 +1100638.Dq diffie-hellman-group-exchange-sha256 ,
Damien Millerd5f62bf2010-09-24 22:11:14 +1000639.Dq diffie-hellman-group-exchange-sha1 ,
640.Dq diffie-hellman-group14-sha1 ,
641.Dq diffie-hellman-group1-sha1 .
Ben Lindstrom9f049032002-06-21 00:59:05 +0000642.It Cm KeyRegenerationInterval
643In protocol version 1, the ephemeral server key is automatically regenerated
644after this many seconds (if it has been used).
645The purpose of regeneration is to prevent
646decrypting captured sessions by later breaking into the machine and
647stealing the keys.
648The key is never stored anywhere.
649If the value is 0, the key is never regenerated.
650The default is 3600 (seconds).
651.It Cm ListenAddress
652Specifies the local addresses
Damien Miller5b0d63f2006-03-15 11:56:56 +1100653.Xr sshd 8
Ben Lindstrom9f049032002-06-21 00:59:05 +0000654should listen on.
655The following forms may be used:
656.Pp
657.Bl -item -offset indent -compact
658.It
659.Cm ListenAddress
660.Sm off
661.Ar host No | Ar IPv4_addr No | Ar IPv6_addr
662.Sm on
663.It
664.Cm ListenAddress
665.Sm off
666.Ar host No | Ar IPv4_addr No : Ar port
667.Sm on
668.It
669.Cm ListenAddress
670.Sm off
671.Oo
672.Ar host No | Ar IPv6_addr Oc : Ar port
673.Sm on
674.El
675.Pp
676If
677.Ar port
678is not specified,
Damien Miller5b0d63f2006-03-15 11:56:56 +1100679sshd will listen on the address and all prior
Ben Lindstrom9f049032002-06-21 00:59:05 +0000680.Cm Port
Damien Millerfbf486b2003-05-23 18:44:23 +1000681options specified.
682The default is to listen on all local addresses.
Damien Miller495dca32003-04-01 21:42:14 +1000683Multiple
Ben Lindstrom9f049032002-06-21 00:59:05 +0000684.Cm ListenAddress
Damien Millerfbf486b2003-05-23 18:44:23 +1000685options are permitted.
686Additionally, any
Ben Lindstrom9f049032002-06-21 00:59:05 +0000687.Cm Port
Damien Miller5b0d63f2006-03-15 11:56:56 +1100688options must precede this option for non-port qualified addresses.
Ben Lindstrom9f049032002-06-21 00:59:05 +0000689.It Cm LoginGraceTime
690The server disconnects after this time if the user has not
691successfully logged in.
692If the value is 0, there is no time limit.
Damien Millerc1348632002-09-05 14:35:14 +1000693The default is 120 seconds.
Ben Lindstrom9f049032002-06-21 00:59:05 +0000694.It Cm LogLevel
695Gives the verbosity level that is used when logging messages from
Damien Millerf4f22b52006-03-15 11:57:25 +1100696.Xr sshd 8 .
Ben Lindstrom9f049032002-06-21 00:59:05 +0000697The possible values are:
Damien Miller5b0d63f2006-03-15 11:56:56 +1100698QUIET, FATAL, ERROR, INFO, VERBOSE, DEBUG, DEBUG1, DEBUG2, and DEBUG3.
Damien Miller495dca32003-04-01 21:42:14 +1000699The default is INFO.
700DEBUG and DEBUG1 are equivalent.
701DEBUG2 and DEBUG3 each specify higher levels of debugging output.
702Logging with a DEBUG level violates the privacy of users and is not recommended.
Ben Lindstrom9f049032002-06-21 00:59:05 +0000703.It Cm MACs
704Specifies the available MAC (message authentication code) algorithms.
705The MAC algorithm is used in protocol version 2
706for data integrity protection.
707Multiple algorithms must be comma-separated.
Damien Miller5b0d63f2006-03-15 11:56:56 +1100708The default is:
Damien Miller22b7b492007-06-11 14:07:12 +1000709.Bd -literal -offset indent
Darren Tucker427e4092012-10-05 11:02:39 +1000710hmac-md5,hmac-sha1,umac-64@openssh.com,umac-128@openssh.com,
Darren Tuckerecbf14a2012-07-02 18:53:37 +1000711hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,
712hmac-sha1-96,hmac-md5-96
Damien Miller22b7b492007-06-11 14:07:12 +1000713.Ed
Darren Tucker45150472006-07-12 22:34:17 +1000714.It Cm Match
Damien Millerd04f3572006-07-24 13:46:50 +1000715Introduces a conditional block.
Damien Miller8c234032006-07-24 14:05:08 +1000716If all of the criteria on the
Darren Tucker45150472006-07-12 22:34:17 +1000717.Cm Match
Damien Miller8c234032006-07-24 14:05:08 +1000718line are satisfied, the keywords on the following lines override those
719set in the global section of the config file, until either another
Darren Tucker45150472006-07-12 22:34:17 +1000720.Cm Match
Damien Miller8c234032006-07-24 14:05:08 +1000721line or the end of the file.
Darren Tucker7a3935d2008-06-10 22:59:10 +1000722.Pp
Damien Millerd04f3572006-07-24 13:46:50 +1000723The arguments to
Darren Tucker45150472006-07-12 22:34:17 +1000724.Cm Match
Damien Miller8c234032006-07-24 14:05:08 +1000725are one or more criteria-pattern pairs.
Darren Tucker45150472006-07-12 22:34:17 +1000726The available criteria are
727.Cm User ,
Damien Miller565ca3f2006-08-19 00:23:15 +1000728.Cm Group ,
Darren Tucker45150472006-07-12 22:34:17 +1000729.Cm Host ,
Darren Tuckerfbcf8272012-05-19 19:37:01 +1000730.Cm LocalAddress ,
731.Cm LocalPort ,
Darren Tucker45150472006-07-12 22:34:17 +1000732and
733.Cm Address .
Darren Tucker7a3935d2008-06-10 22:59:10 +1000734The match patterns may consist of single entries or comma-separated
735lists and may use the wildcard and negation operators described in the
Darren Tuckerb06cc4a2008-06-10 22:59:53 +1000736.Sx PATTERNS
Darren Tucker7a3935d2008-06-10 22:59:10 +1000737section of
Darren Tuckerb06cc4a2008-06-10 22:59:53 +1000738.Xr ssh_config 5 .
Darren Tucker7a3935d2008-06-10 22:59:10 +1000739.Pp
740The patterns in an
741.Cm Address
742criteria may additionally contain addresses to match in CIDR
Darren Tucker6a2a4002008-06-10 23:03:04 +1000743address/masklen format, e.g.\&
Darren Tucker7a3935d2008-06-10 22:59:10 +1000744.Dq 192.0.2.0/24
745or
746.Dq 3ffe:ffff::/32 .
747Note that the mask length provided must be consistent with the address -
748it is an error to specify a mask length that is too long for the address
Darren Tucker6a2a4002008-06-10 23:03:04 +1000749or one with bits set in this host portion of the address.
750For example,
Darren Tucker7a3935d2008-06-10 22:59:10 +1000751.Dq 192.0.2.0/33
752and
Darren Tucker6a2a4002008-06-10 23:03:04 +1000753.Dq 192.0.2.0/8
Darren Tucker7a3935d2008-06-10 22:59:10 +1000754respectively.
755.Pp
Darren Tucker45150472006-07-12 22:34:17 +1000756Only a subset of keywords may be used on the lines following a
757.Cm Match
758keyword.
759Available keywords are
Damien Millerf8268502012-06-20 21:54:15 +1000760.Cm AcceptEnv ,
Damien Miller17819012009-01-28 16:20:17 +1100761.Cm AllowAgentForwarding ,
Damien Millerf8268502012-06-20 21:54:15 +1000762.Cm AllowGroups ,
Damien Miller9b439df2006-07-24 14:04:00 +1000763.Cm AllowTcpForwarding ,
Damien Millerc24da772012-06-20 21:53:58 +1000764.Cm AllowUsers ,
Damien Millera6e3f012012-11-04 23:21:40 +1100765.Cm AuthenticationMethods ,
Damien Miller09d3e122012-10-31 08:58:58 +1100766.Cm AuthorizedKeysCommand ,
767.Cm AuthorizedKeysCommandUser ,
Damien Millerf33580e2012-11-04 22:22:52 +1100768.Cm AuthorizedKeysFile ,
Damien Millerab6de352010-06-26 09:38:45 +1000769.Cm AuthorizedPrincipalsFile ,
Darren Tucker1629c072007-02-19 22:25:37 +1100770.Cm Banner ,
Damien Miller797e3d12008-05-19 14:27:42 +1000771.Cm ChrootDirectory ,
Damien Millerc24da772012-06-20 21:53:58 +1000772.Cm DenyGroups ,
773.Cm DenyUsers ,
Damien Millere2754432006-07-24 14:06:47 +1000774.Cm ForceCommand ,
Damien Millerc24da772012-06-20 21:53:58 +1000775.Cm GatewayPorts ,
Damien Millerf8268502012-06-20 21:54:15 +1000776.Cm GSSAPIAuthentication ,
Damien Miller25434de2008-05-19 14:29:08 +1000777.Cm HostbasedAuthentication ,
Damien Millerab6de352010-06-26 09:38:45 +1000778.Cm HostbasedUsesNameFromPacketOnly ,
Darren Tucker1d75f222007-03-01 21:31:28 +1100779.Cm KbdInteractiveAuthentication ,
Damien Miller5737e362007-03-06 21:21:18 +1100780.Cm KerberosAuthentication ,
Damien Miller307c1d12008-06-16 07:56:20 +1000781.Cm MaxAuthTries ,
Damien Millerc62a5af2008-06-16 07:55:46 +1000782.Cm MaxSessions ,
Darren Tucker1629c072007-02-19 22:25:37 +1100783.Cm PasswordAuthentication ,
Damien Miller51bde602008-11-03 19:23:10 +1100784.Cm PermitEmptyPasswords ,
Damien Millerd1de9952006-07-24 14:05:48 +1000785.Cm PermitOpen ,
Darren Tucker15f94272008-01-01 20:36:56 +1100786.Cm PermitRootLogin ,
Damien Millerab6de352010-06-26 09:38:45 +1000787.Cm PermitTunnel ,
Darren Tucker1477ea12009-10-07 08:36:05 +1100788.Cm PubkeyAuthentication ,
Damien Millerc24da772012-06-20 21:53:58 +1000789.Cm RhostsRSAAuthentication ,
Damien Millerf8268502012-06-20 21:54:15 +1000790.Cm RSAAuthentication ,
Damien Millerd1de9952006-07-24 14:05:48 +1000791.Cm X11DisplayOffset ,
Damien Miller19913842009-02-23 10:53:58 +1100792.Cm X11Forwarding
Darren Tucker45150472006-07-12 22:34:17 +1000793and
Damien Miller0296ae82009-02-23 11:00:24 +1100794.Cm X11UseLocalHost .
Darren Tucker89413db2004-05-24 10:36:23 +1000795.It Cm MaxAuthTries
796Specifies the maximum number of authentication attempts permitted per
Damien Miller26213e52004-06-30 22:39:34 +1000797connection.
798Once the number of failures reaches half this value,
799additional failures are logged.
800The default is 6.
Damien Miller7207f642008-05-19 15:34:50 +1000801.It Cm MaxSessions
802Specifies the maximum number of open sessions permitted per network connection.
803The default is 10.
Ben Lindstrom9f049032002-06-21 00:59:05 +0000804.It Cm MaxStartups
805Specifies the maximum number of concurrent unauthenticated connections to the
Damien Miller5b0d63f2006-03-15 11:56:56 +1100806SSH daemon.
Ben Lindstrom9f049032002-06-21 00:59:05 +0000807Additional connections will be dropped until authentication succeeds or the
808.Cm LoginGraceTime
809expires for a connection.
810The default is 10.
811.Pp
812Alternatively, random early drop can be enabled by specifying
813the three colon separated values
814.Dq start:rate:full
Damien Miller208f1ed2006-03-15 11:56:03 +1100815(e.g. "10:30:60").
Damien Millerf4f22b52006-03-15 11:57:25 +1100816.Xr sshd 8
Ben Lindstrom9f049032002-06-21 00:59:05 +0000817will refuse connection attempts with a probability of
818.Dq rate/100
819(30%)
820if there are currently
821.Dq start
822(10)
823unauthenticated connections.
824The probability increases linearly and all connection attempts
825are refused if the number of unauthenticated connections reaches
826.Dq full
827(60).
828.It Cm PasswordAuthentication
829Specifies whether password authentication is allowed.
830The default is
831.Dq yes .
832.It Cm PermitEmptyPasswords
833When password authentication is allowed, it specifies whether the
834server allows login to accounts with empty password strings.
835The default is
836.Dq no .
Damien Miller9b439df2006-07-24 14:04:00 +1000837.It Cm PermitOpen
838Specifies the destinations to which TCP port forwarding is permitted.
839The forwarding specification must be one of the following forms:
840.Pp
841.Bl -item -offset indent -compact
842.It
843.Cm PermitOpen
844.Sm off
845.Ar host : port
846.Sm on
847.It
848.Cm PermitOpen
849.Sm off
850.Ar IPv4_addr : port
851.Sm on
852.It
853.Cm PermitOpen
854.Sm off
855.Ar \&[ IPv6_addr \&] : port
856.Sm on
857.El
858.Pp
Damien Millera765cf42006-07-24 14:08:13 +1000859Multiple forwards may be specified by separating them with whitespace.
Damien Miller9b439df2006-07-24 14:04:00 +1000860An argument of
861.Dq any
862can be used to remove all restrictions and permit any forwarding requests.
Darren Tuckerba9ea322012-05-19 19:37:33 +1000863An argument of
864.Dq none
865can be used to prohibit all forwarding requests.
Damien Miller65bc2c42006-07-24 14:04:16 +1000866By default all port forwarding requests are permitted.
Ben Lindstrom9f049032002-06-21 00:59:05 +0000867.It Cm PermitRootLogin
Darren Tuckerb3509012005-01-20 11:01:46 +1100868Specifies whether root can log in using
Ben Lindstrom9f049032002-06-21 00:59:05 +0000869.Xr ssh 1 .
870The argument must be
871.Dq yes ,
872.Dq without-password ,
Damien Miller5b0d63f2006-03-15 11:56:56 +1100873.Dq forced-commands-only ,
Ben Lindstrom9f049032002-06-21 00:59:05 +0000874or
875.Dq no .
876The default is
877.Dq yes .
878.Pp
879If this option is set to
Damien Miller5b0d63f2006-03-15 11:56:56 +1100880.Dq without-password ,
Darren Tucker9dca0992005-02-01 19:16:45 +1100881password authentication is disabled for root.
Ben Lindstrom9f049032002-06-21 00:59:05 +0000882.Pp
883If this option is set to
Damien Miller5b0d63f2006-03-15 11:56:56 +1100884.Dq forced-commands-only ,
Ben Lindstrom9f049032002-06-21 00:59:05 +0000885root login with public key authentication will be allowed,
886but only if the
887.Ar command
888option has been specified
889(which may be useful for taking remote backups even if root login is
Damien Millerfbf486b2003-05-23 18:44:23 +1000890normally not allowed).
891All other authentication methods are disabled for root.
Ben Lindstrom9f049032002-06-21 00:59:05 +0000892.Pp
893If this option is set to
Damien Miller5b0d63f2006-03-15 11:56:56 +1100894.Dq no ,
Darren Tuckerb3509012005-01-20 11:01:46 +1100895root is not allowed to log in.
Damien Millerd27b9472005-12-13 19:29:02 +1100896.It Cm PermitTunnel
897Specifies whether
898.Xr tun 4
899device forwarding is allowed.
Damien Miller7b58e802005-12-13 19:33:19 +1100900The argument must be
901.Dq yes ,
Damien Miller991dba42006-07-10 20:16:27 +1000902.Dq point-to-point
903(layer 3),
904.Dq ethernet
905(layer 2), or
Damien Miller7b58e802005-12-13 19:33:19 +1100906.Dq no .
Damien Miller991dba42006-07-10 20:16:27 +1000907Specifying
908.Dq yes
909permits both
910.Dq point-to-point
911and
912.Dq ethernet .
Damien Millerd27b9472005-12-13 19:29:02 +1100913The default is
914.Dq no .
Ben Lindstrom5d860f02002-08-01 01:28:38 +0000915.It Cm PermitUserEnvironment
916Specifies whether
917.Pa ~/.ssh/environment
Ben Lindstrombd9bf382002-08-20 18:54:20 +0000918and
Ben Lindstrom5d860f02002-08-01 01:28:38 +0000919.Cm environment=
920options in
921.Pa ~/.ssh/authorized_keys
Ben Lindstrombd9bf382002-08-20 18:54:20 +0000922are processed by
Damien Miller5b0d63f2006-03-15 11:56:56 +1100923.Xr sshd 8 .
Ben Lindstrom5d860f02002-08-01 01:28:38 +0000924The default is
925.Dq no .
Ben Lindstrombd9bf382002-08-20 18:54:20 +0000926Enabling environment processing may enable users to bypass access
927restrictions in some configurations using mechanisms such as
928.Ev LD_PRELOAD .
Ben Lindstrom9f049032002-06-21 00:59:05 +0000929.It Cm PidFile
Ben Lindstrom959de992002-06-23 00:35:25 +0000930Specifies the file that contains the process ID of the
Damien Millerf4f22b52006-03-15 11:57:25 +1100931SSH daemon.
Ben Lindstrom9f049032002-06-21 00:59:05 +0000932The default is
933.Pa /var/run/sshd.pid .
934.It Cm Port
935Specifies the port number that
Damien Miller5b0d63f2006-03-15 11:56:56 +1100936.Xr sshd 8
Ben Lindstrom9f049032002-06-21 00:59:05 +0000937listens on.
938The default is 22.
939Multiple options of this type are permitted.
940See also
941.Cm ListenAddress .
942.It Cm PrintLastLog
943Specifies whether
Damien Miller5b0d63f2006-03-15 11:56:56 +1100944.Xr sshd 8
Darren Tucker7cc5c232004-11-05 20:06:59 +1100945should print the date and time of the last user login when a user logs
946in interactively.
Ben Lindstrom9f049032002-06-21 00:59:05 +0000947The default is
948.Dq yes .
949.It Cm PrintMotd
950Specifies whether
Damien Miller5b0d63f2006-03-15 11:56:56 +1100951.Xr sshd 8
Ben Lindstrom9f049032002-06-21 00:59:05 +0000952should print
953.Pa /etc/motd
954when a user logs in interactively.
955(On some systems it is also printed by the shell,
956.Pa /etc/profile ,
957or equivalent.)
958The default is
959.Dq yes .
960.It Cm Protocol
961Specifies the protocol versions
Damien Miller5b0d63f2006-03-15 11:56:56 +1100962.Xr sshd 8
Ben Lindstrom9c445542002-07-11 03:59:18 +0000963supports.
Ben Lindstrom9f049032002-06-21 00:59:05 +0000964The possible values are
Damien Miller5b0d63f2006-03-15 11:56:56 +1100965.Sq 1
Ben Lindstrom9f049032002-06-21 00:59:05 +0000966and
Damien Miller5b0d63f2006-03-15 11:56:56 +1100967.Sq 2 .
Ben Lindstrom9f049032002-06-21 00:59:05 +0000968Multiple versions must be comma-separated.
969The default is
Darren Tucker7a4a7652009-10-11 21:51:40 +1100970.Sq 2 .
Ben Lindstrom9c445542002-07-11 03:59:18 +0000971Note that the order of the protocol list does not indicate preference,
972because the client selects among multiple protocol versions offered
973by the server.
974Specifying
975.Dq 2,1
976is identical to
977.Dq 1,2 .
Ben Lindstrom9f049032002-06-21 00:59:05 +0000978.It Cm PubkeyAuthentication
979Specifies whether public key authentication is allowed.
980The default is
981.Dq yes .
982Note that this option applies to protocol version 2 only.
Damien Miller1aed65e2010-03-04 21:53:35 +1100983.It Cm RevokedKeys
984Specifies a list of revoked public keys.
985Keys listed in this file will be refused for public key authentication.
986Note that if this file is not readable, then public key authentication will
987be refused for all users.
Ben Lindstrom9f049032002-06-21 00:59:05 +0000988.It Cm RhostsRSAAuthentication
989Specifies whether rhosts or /etc/hosts.equiv authentication together
990with successful RSA host authentication is allowed.
991The default is
992.Dq no .
993This option applies to protocol version 1 only.
994.It Cm RSAAuthentication
995Specifies whether pure RSA authentication is allowed.
996The default is
997.Dq yes .
998This option applies to protocol version 1 only.
999.It Cm ServerKeyBits
1000Defines the number of bits in the ephemeral protocol version 1 server key.
Darren Tucker7499b0c2008-07-02 22:35:43 +10001001The minimum value is 512, and the default is 1024.
Ben Lindstrom9f049032002-06-21 00:59:05 +00001002.It Cm StrictModes
1003Specifies whether
Damien Miller5b0d63f2006-03-15 11:56:56 +11001004.Xr sshd 8
Ben Lindstrom9f049032002-06-21 00:59:05 +00001005should check file modes and ownership of the
1006user's files and home directory before accepting login.
1007This is normally desirable because novices sometimes accidentally leave their
1008directory or files world-writable.
1009The default is
1010.Dq yes .
Darren Tuckerf788a912010-01-08 17:06:47 +11001011Note that this does not apply to
1012.Cm ChrootDirectory ,
1013whose permissions and ownership are checked unconditionally.
Ben Lindstrom9f049032002-06-21 00:59:05 +00001014.It Cm Subsystem
Damien Miller208f1ed2006-03-15 11:56:03 +11001015Configures an external subsystem (e.g. file transfer daemon).
Damien Miller917f9b62006-07-10 20:36:47 +10001016Arguments should be a subsystem name and a command (with optional arguments)
1017to execute upon subsystem request.
Damien Millerd8cb1f12008-02-10 22:40:12 +11001018.Pp
Ben Lindstrom9f049032002-06-21 00:59:05 +00001019The command
1020.Xr sftp-server 8
1021implements the
1022.Dq sftp
1023file transfer subsystem.
Damien Millerd8cb1f12008-02-10 22:40:12 +11001024.Pp
1025Alternately the name
1026.Dq internal-sftp
1027implements an in-process
1028.Dq sftp
1029server.
1030This may simplify configurations using
1031.Cm ChrootDirectory
1032to force a different filesystem root on clients.
1033.Pp
Ben Lindstrom9f049032002-06-21 00:59:05 +00001034By default no subsystems are defined.
1035Note that this option applies to protocol version 2 only.
1036.It Cm SyslogFacility
1037Gives the facility code that is used when logging messages from
Damien Millerf4f22b52006-03-15 11:57:25 +11001038.Xr sshd 8 .
Ben Lindstrom9f049032002-06-21 00:59:05 +00001039The possible values are: DAEMON, USER, AUTH, LOCAL0, LOCAL1, LOCAL2,
1040LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7.
1041The default is AUTH.
Damien Miller12c150e2003-12-17 16:31:10 +11001042.It Cm TCPKeepAlive
1043Specifies whether the system should send TCP keepalive messages to the
1044other side.
1045If they are sent, death of the connection or crash of one
1046of the machines will be properly noticed.
1047However, this means that
1048connections will die if the route is down temporarily, and some people
1049find it annoying.
1050On the other hand, if TCP keepalives are not sent,
1051sessions may hang indefinitely on the server, leaving
1052.Dq ghost
1053users and consuming server resources.
1054.Pp
1055The default is
1056.Dq yes
1057(to send TCP keepalive messages), and the server will notice
1058if the network goes down or the client host crashes.
1059This avoids infinitely hanging sessions.
1060.Pp
1061To disable TCP keepalive messages, the value should be set to
1062.Dq no .
Damien Miller1aed65e2010-03-04 21:53:35 +11001063.It Cm TrustedUserCAKeys
1064Specifies a file containing public keys of certificate authorities that are
Damien Millerc6db99e2010-03-05 10:41:45 +11001065trusted to sign user certificates for authentication.
Damien Miller72b33822010-03-05 07:39:01 +11001066Keys are listed one per line; empty lines and comments starting with
Damien Miller1aed65e2010-03-04 21:53:35 +11001067.Ql #
1068are allowed.
1069If a certificate is presented for authentication and has its signing CA key
1070listed in this file, then it may be used for authentication for any user
1071listed in the certificate's principals list.
1072Note that certificates that lack a list of principals will not be permitted
1073for authentication using
1074.Cm TrustedUserCAKeys .
Damien Miller72b33822010-03-05 07:39:01 +11001075For more details on certificates, see the
Damien Miller1aed65e2010-03-04 21:53:35 +11001076.Sx CERTIFICATES
1077section in
1078.Xr ssh-keygen 1 .
Damien Miller3a961dc2003-06-03 10:25:48 +10001079.It Cm UseDNS
1080Specifies whether
Damien Miller5b0d63f2006-03-15 11:56:56 +11001081.Xr sshd 8
Darren Tucker83d5a982005-03-31 21:33:50 +10001082should look up the remote host name and check that
Damien Miller3a961dc2003-06-03 10:25:48 +10001083the resolved host name for the remote IP address maps back to the
1084very same IP address.
1085The default is
1086.Dq yes .
Ben Lindstrom9f049032002-06-21 00:59:05 +00001087.It Cm UseLogin
1088Specifies whether
1089.Xr login 1
1090is used for interactive login sessions.
1091The default is
1092.Dq no .
1093Note that
1094.Xr login 1
1095is never used for remote command execution.
1096Note also, that if this is enabled,
1097.Cm X11Forwarding
1098will be disabled because
1099.Xr login 1
1100does not know how to handle
1101.Xr xauth 1
Damien Miller495dca32003-04-01 21:42:14 +10001102cookies.
1103If
Ben Lindstrom9f049032002-06-21 00:59:05 +00001104.Cm UsePrivilegeSeparation
1105is specified, it will be disabled after authentication.
Damien Miller2e193e22003-05-14 15:13:03 +10001106.It Cm UsePAM
Darren Tucker1dcff9a2004-05-13 16:51:40 +10001107Enables the Pluggable Authentication Module interface.
1108If set to
1109.Dq yes
1110this will enable PAM authentication using
1111.Cm ChallengeResponseAuthentication
Darren Tuckera4904f72006-02-23 21:35:30 +11001112and
1113.Cm PasswordAuthentication
1114in addition to PAM account and session module processing for all
1115authentication types.
Darren Tucker1dcff9a2004-05-13 16:51:40 +10001116.Pp
1117Because PAM challenge-response authentication usually serves an equivalent
1118role to password authentication, you should disable either
1119.Cm PasswordAuthentication
1120or
1121.Cm ChallengeResponseAuthentication.
1122.Pp
1123If
1124.Cm UsePAM
1125is enabled, you will not be able to run
1126.Xr sshd 8
1127as a non-root user.
1128The default is
Darren Tucker6c0c0702003-10-09 14:13:53 +10001129.Dq no .
Ben Lindstrom9f049032002-06-21 00:59:05 +00001130.It Cm UsePrivilegeSeparation
1131Specifies whether
Damien Miller5b0d63f2006-03-15 11:56:56 +11001132.Xr sshd 8
Ben Lindstrom9f049032002-06-21 00:59:05 +00001133separates privileges by creating an unprivileged child process
Damien Miller495dca32003-04-01 21:42:14 +10001134to deal with incoming network traffic.
1135After successful authentication, another process will be created that has
1136the privilege of the authenticated user.
1137The goal of privilege separation is to prevent privilege
Ben Lindstrom9f049032002-06-21 00:59:05 +00001138escalation by containing any corruption within the unprivileged processes.
1139The default is
1140.Dq yes .
Damien Miller69ff1df2011-06-23 08:30:03 +10001141If
1142.Cm UsePrivilegeSeparation
1143is set to
1144.Dq sandbox
1145then the pre-authentication unprivileged process is subject to additional
1146restrictions.
Damien Miller23528812012-04-22 11:24:43 +10001147.It Cm VersionAddendum
1148Optionally specifies additional text to append to the SSH protocol banner
1149sent by the server upon connection.
1150The default is
1151.Dq none .
Ben Lindstrom9f049032002-06-21 00:59:05 +00001152.It Cm X11DisplayOffset
1153Specifies the first display number available for
Damien Miller5b0d63f2006-03-15 11:56:56 +11001154.Xr sshd 8 Ns 's
Ben Lindstrom9f049032002-06-21 00:59:05 +00001155X11 forwarding.
Damien Miller5b0d63f2006-03-15 11:56:56 +11001156This prevents sshd from interfering with real X11 servers.
Ben Lindstrom9f049032002-06-21 00:59:05 +00001157The default is 10.
1158.It Cm X11Forwarding
1159Specifies whether X11 forwarding is permitted.
Damien Miller101c4a72002-09-19 11:51:21 +10001160The argument must be
1161.Dq yes
1162or
1163.Dq no .
Ben Lindstrom9f049032002-06-21 00:59:05 +00001164The default is
1165.Dq no .
Damien Miller101c4a72002-09-19 11:51:21 +10001166.Pp
1167When X11 forwarding is enabled, there may be additional exposure to
1168the server and to client displays if the
Damien Miller5b0d63f2006-03-15 11:56:56 +11001169.Xr sshd 8
Damien Miller101c4a72002-09-19 11:51:21 +10001170proxy display is configured to listen on the wildcard address (see
1171.Cm X11UseLocalhost
Damien Miller5b0d63f2006-03-15 11:56:56 +11001172below), though this is not the default.
Damien Miller101c4a72002-09-19 11:51:21 +10001173Additionally, the authentication spoofing and authentication data
1174verification and substitution occur on the client side.
1175The security risk of using X11 forwarding is that the client's X11
Damien Miller5b0d63f2006-03-15 11:56:56 +11001176display server may be exposed to attack when the SSH client requests
Damien Miller101c4a72002-09-19 11:51:21 +10001177forwarding (see the warnings for
1178.Cm ForwardX11
1179in
Damien Millerf1ce5052003-06-11 22:04:39 +10001180.Xr ssh_config 5 ) .
Damien Miller101c4a72002-09-19 11:51:21 +10001181A system administrator may have a stance in which they want to
1182protect clients that may expose themselves to attack by unwittingly
1183requesting X11 forwarding, which can warrant a
1184.Dq no
1185setting.
1186.Pp
1187Note that disabling X11 forwarding does not prevent users from
1188forwarding X11 traffic, as users can always install their own forwarders.
Ben Lindstrom9f049032002-06-21 00:59:05 +00001189X11 forwarding is automatically disabled if
1190.Cm UseLogin
1191is enabled.
1192.It Cm X11UseLocalhost
1193Specifies whether
Damien Miller5b0d63f2006-03-15 11:56:56 +11001194.Xr sshd 8
Ben Lindstrom9f049032002-06-21 00:59:05 +00001195should bind the X11 forwarding server to the loopback address or to
Damien Miller495dca32003-04-01 21:42:14 +10001196the wildcard address.
1197By default,
Damien Miller5b0d63f2006-03-15 11:56:56 +11001198sshd binds the forwarding server to the loopback address and sets the
Ben Lindstrom9f049032002-06-21 00:59:05 +00001199hostname part of the
1200.Ev DISPLAY
1201environment variable to
1202.Dq localhost .
Ben Lindstrom15b61202002-08-20 18:44:24 +00001203This prevents remote hosts from connecting to the proxy display.
Ben Lindstrom9f049032002-06-21 00:59:05 +00001204However, some older X11 clients may not function with this
1205configuration.
1206.Cm X11UseLocalhost
1207may be set to
1208.Dq no
1209to specify that the forwarding server should be bound to the wildcard
1210address.
1211The argument must be
1212.Dq yes
1213or
1214.Dq no .
1215The default is
1216.Dq yes .
1217.It Cm XAuthLocation
Damien Miller05913ba2002-09-04 16:51:03 +10001218Specifies the full pathname of the
Ben Lindstrom9f049032002-06-21 00:59:05 +00001219.Xr xauth 1
1220program.
1221The default is
1222.Pa /usr/X11R6/bin/xauth .
1223.El
Damien Millere3beba22006-03-15 11:59:25 +11001224.Sh TIME FORMATS
Damien Millerf4f22b52006-03-15 11:57:25 +11001225.Xr sshd 8
Ben Lindstrom9f049032002-06-21 00:59:05 +00001226command-line arguments and configuration file options that specify time
1227may be expressed using a sequence of the form:
1228.Sm off
Ben Lindstrom1f8cf4f2002-08-20 18:43:27 +00001229.Ar time Op Ar qualifier ,
Ben Lindstrom9f049032002-06-21 00:59:05 +00001230.Sm on
1231where
1232.Ar time
1233is a positive integer value and
1234.Ar qualifier
1235is one of the following:
1236.Pp
1237.Bl -tag -width Ds -compact -offset indent
Damien Miller393821a2006-07-24 14:04:53 +10001238.It Aq Cm none
Ben Lindstrom9f049032002-06-21 00:59:05 +00001239seconds
1240.It Cm s | Cm S
1241seconds
1242.It Cm m | Cm M
1243minutes
1244.It Cm h | Cm H
1245hours
1246.It Cm d | Cm D
1247days
1248.It Cm w | Cm W
1249weeks
1250.El
1251.Pp
1252Each member of the sequence is added together to calculate
1253the total time value.
1254.Pp
1255Time format examples:
1256.Pp
1257.Bl -tag -width Ds -compact -offset indent
1258.It 600
1259600 seconds (10 minutes)
1260.It 10m
126110 minutes
1262.It 1h30m
12631 hour 30 minutes (90 minutes)
1264.El
1265.Sh FILES
1266.Bl -tag -width Ds
1267.It Pa /etc/ssh/sshd_config
1268Contains configuration data for
Damien Millerf4f22b52006-03-15 11:57:25 +11001269.Xr sshd 8 .
Ben Lindstrom9f049032002-06-21 00:59:05 +00001270This file should be writable by root only, but it is recommended
1271(though not necessary) that it be world-readable.
1272.El
Damien Millerf1ce5052003-06-11 22:04:39 +10001273.Sh SEE ALSO
1274.Xr sshd 8
Ben Lindstrom9f049032002-06-21 00:59:05 +00001275.Sh AUTHORS
1276OpenSSH is a derivative of the original and free
1277ssh 1.2.12 release by Tatu Ylonen.
1278Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos,
1279Theo de Raadt and Dug Song
1280removed many bugs, re-added newer features and
1281created OpenSSH.
1282Markus Friedl contributed the support for SSH
1283protocol versions 1.5 and 2.0.
1284Niels Provos and Markus Friedl contributed support
1285for privilege separation.