blob: a474d2fd15486841b4906ac557c432dfeacebc76 [file] [log] [blame]
Damien Miller32aa1441999-10-29 09:15:49 +10001.\" -*- nroff -*-
2.\"
Damien Miller32aa1441999-10-29 09:15:49 +10003.\" Author: Tatu Ylonen <ylo@cs.hut.fi>
Damien Miller32aa1441999-10-29 09:15:49 +10004.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
5.\" All rights reserved
6.\"
Damien Millere4340be2000-09-16 13:29:08 +11007.\" As far as I am concerned, the code I have written for this software
8.\" can be used freely for any purpose. Any derived versions of this
9.\" software must be clearly marked as such, and if the derived work is
10.\" incompatible with the protocol description in the RFC file, it must be
11.\" called by a name other than "ssh" or "Secure Shell".
Damien Miller32aa1441999-10-29 09:15:49 +100012.\"
Damien Millere4340be2000-09-16 13:29:08 +110013.\" Copyright (c) 1999,2000 Markus Friedl. All rights reserved.
14.\" Copyright (c) 1999 Aaron Campbell. All rights reserved.
15.\" Copyright (c) 1999 Theo de Raadt. All rights reserved.
16.\"
17.\" Redistribution and use in source and binary forms, with or without
18.\" modification, are permitted provided that the following conditions
19.\" are met:
20.\" 1. Redistributions of source code must retain the above copyright
21.\" notice, this list of conditions and the following disclaimer.
22.\" 2. Redistributions in binary form must reproduce the above copyright
23.\" notice, this list of conditions and the following disclaimer in the
24.\" documentation and/or other materials provided with the distribution.
25.\"
26.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
27.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
28.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
29.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
30.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
31.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
32.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
33.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
34.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
35.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
Damien Miller32aa1441999-10-29 09:15:49 +100036.\"
37.Dd September 25, 1999
38.Dt SSHD 8
39.Os
40.Sh NAME
41.Nm sshd
42.Nd secure shell daemon
43.Sh SYNOPSIS
44.Nm sshd
Damien Miller34132e52000-01-14 15:45:46 +110045.Op Fl diqQ46
Damien Miller32aa1441999-10-29 09:15:49 +100046.Op Fl b Ar bits
47.Op Fl f Ar config_file
48.Op Fl g Ar login_grace_time
49.Op Fl h Ar host_key_file
50.Op Fl k Ar key_gen_time
51.Op Fl p Ar port
Damien Miller942da032000-08-18 13:59:06 +100052.Op Fl u Ar len
Damien Miller95def091999-11-25 00:26:21 +110053.Op Fl V Ar client_protocol_id
Damien Miller22c77262000-04-13 12:26:34 +100054.Sh DESCRIPTION
Damien Miller32aa1441999-10-29 09:15:49 +100055.Nm
Damien Miller22c77262000-04-13 12:26:34 +100056(Secure Shell Daemon) is the daemon program for
Damien Miller32aa1441999-10-29 09:15:49 +100057.Xr ssh 1 .
Damien Miller35dabd02000-05-01 21:10:33 +100058Together these programs replace rlogin and rsh, and
Damien Miller32aa1441999-10-29 09:15:49 +100059provide secure encrypted communications between two untrusted hosts
Damien Miller450a7a12000-03-26 13:04:51 +100060over an insecure network.
61The programs are intended to be as easy to
Damien Miller32aa1441999-10-29 09:15:49 +100062install and use as possible.
63.Pp
64.Nm
Damien Miller450a7a12000-03-26 13:04:51 +100065is the daemon that listens for connections from clients.
Damien Miller22c77262000-04-13 12:26:34 +100066It is normally started at boot from
Damien Miller32aa1441999-10-29 09:15:49 +100067.Pa /etc/rc .
68It forks a new
Damien Miller450a7a12000-03-26 13:04:51 +100069daemon for each incoming connection.
70The forked daemons handle
Damien Miller32aa1441999-10-29 09:15:49 +100071key exchange, encryption, authentication, command execution,
72and data exchange.
Damien Millere247cc42000-05-07 12:03:14 +100073This implementation of
74.Nm
75supports both SSH protocol version 1 and 2 simultaneously.
Damien Miller32aa1441999-10-29 09:15:49 +100076.Nm
Damien Miller450a7a12000-03-26 13:04:51 +100077works as follows.
Damien Millere247cc42000-05-07 12:03:14 +100078.Pp
79.Ss SSH protocol version 1
80.Pp
Damien Miller450a7a12000-03-26 13:04:51 +100081Each host has a host-specific RSA key
82(normally 1024 bits) used to identify the host.
83Additionally, when
Damien Miller32aa1441999-10-29 09:15:49 +100084the daemon starts, it generates a server RSA key (normally 768 bits).
85This key is normally regenerated every hour if it has been used, and
86is never stored on disk.
87.Pp
Damien Miller35dabd02000-05-01 21:10:33 +100088Whenever a client connects the daemon responds with its public
89host and server keys.
Damien Miller450a7a12000-03-26 13:04:51 +100090The client compares the
Damien Millere247cc42000-05-07 12:03:14 +100091RSA host key against its own database to verify that it has not changed.
Damien Miller450a7a12000-03-26 13:04:51 +100092The client then generates a 256 bit random number.
93It encrypts this
Damien Miller32aa1441999-10-29 09:15:49 +100094random number using both the host key and the server key, and sends
Damien Miller450a7a12000-03-26 13:04:51 +100095the encrypted number to the server.
Damien Miller35dabd02000-05-01 21:10:33 +100096Both sides then use this
Damien Miller32aa1441999-10-29 09:15:49 +100097random number as a session key which is used to encrypt all further
Damien Miller450a7a12000-03-26 13:04:51 +100098communications in the session.
99The rest of the session is encrypted
Damien Miller35dabd02000-05-01 21:10:33 +1000100using a conventional cipher, currently Blowfish or 3DES, with 3DES
Damien Millerb38eff82000-04-01 11:09:21 +1000101being used by default.
Damien Miller450a7a12000-03-26 13:04:51 +1000102The client selects the encryption algorithm
Damien Miller32aa1441999-10-29 09:15:49 +1000103to use from those offered by the server.
104.Pp
Damien Miller450a7a12000-03-26 13:04:51 +1000105Next, the server and the client enter an authentication dialog.
106The client tries to authenticate itself using
Damien Miller32aa1441999-10-29 09:15:49 +1000107.Pa .rhosts
108authentication,
109.Pa .rhosts
110authentication combined with RSA host
111authentication, RSA challenge-response authentication, or password
112based authentication.
113.Pp
114Rhosts authentication is normally disabled
115because it is fundamentally insecure, but can be enabled in the server
Damien Miller450a7a12000-03-26 13:04:51 +1000116configuration file if desired.
117System security is not improved unless
Damien Miller32aa1441999-10-29 09:15:49 +1000118.Xr rshd 8 ,
119.Xr rlogind 8 ,
120.Xr rexecd 8 ,
121and
122.Xr rexd 8
123are disabled (thus completely disabling
124.Xr rlogin 1
125and
126.Xr rsh 1
Damien Miller35dabd02000-05-01 21:10:33 +1000127into the machine).
Damien Miller32aa1441999-10-29 09:15:49 +1000128.Pp
Damien Millere247cc42000-05-07 12:03:14 +1000129.Ss SSH protocol version 2
130.Pp
Damien Miller942da032000-08-18 13:59:06 +1000131Version 2 works similarly:
Damien Millere247cc42000-05-07 12:03:14 +1000132Each host has a host-specific DSA key used to identify the host.
133However, when the daemon starts, it does not generate a server key.
134Forward security is provided through a Diffie-Hellman key agreement.
135This key agreement results in a shared session key.
136The rest of the session is encrypted
137using a symmetric cipher, currently
138Blowfish, 3DES or CAST128 in CBC mode or Arcfour.
139The client selects the encryption algorithm
140to use from those offered by the server.
141Additionally, session integrity is provided
Damien Miller30c3d422000-05-09 11:02:59 +1000142through a cryptographic message authentication code
Damien Millere247cc42000-05-07 12:03:14 +1000143(hmac-sha1 or hmac-md5).
144.Pp
145Protocol version 2 provides a public key based
146user authentication method (DSAAuthentication)
147and conventional password authentication.
148.Pp
149.Ss Command execution and data forwarding
150.Pp
Damien Miller32aa1441999-10-29 09:15:49 +1000151If the client successfully authenticates itself, a dialog for
Damien Miller450a7a12000-03-26 13:04:51 +1000152preparing the session is entered.
153At this time the client may request
Damien Miller32aa1441999-10-29 09:15:49 +1000154things like allocating a pseudo-tty, forwarding X11 connections,
155forwarding TCP/IP connections, or forwarding the authentication agent
156connection over the secure channel.
157.Pp
158Finally, the client either requests a shell or execution of a command.
Damien Miller450a7a12000-03-26 13:04:51 +1000159The sides then enter session mode.
160In this mode, either side may send
Damien Miller32aa1441999-10-29 09:15:49 +1000161data at any time, and such data is forwarded to/from the shell or
162command on the server side, and the user terminal in the client side.
163.Pp
164When the user program terminates and all forwarded X11 and other
165connections have been closed, the server sends command exit status to
166the client, and both sides exit.
167.Pp
168.Nm
169can be configured using command-line options or a configuration
Damien Miller450a7a12000-03-26 13:04:51 +1000170file.
171Command-line options override values specified in the
Damien Miller32aa1441999-10-29 09:15:49 +1000172configuration file.
173.Pp
Damien Miller6162d121999-11-21 13:23:52 +1100174.Nm
175rereads its configuration file when it receives a hangup signal,
176.Dv SIGHUP .
177.Pp
Damien Miller32aa1441999-10-29 09:15:49 +1000178The options are as follows:
179.Bl -tag -width Ds
180.It Fl b Ar bits
181Specifies the number of bits in the server key (default 768).
182.Pp
183.It Fl d
Damien Miller450a7a12000-03-26 13:04:51 +1000184Debug mode.
185The server sends verbose debug output to the system
186log, and does not put itself in the background.
187The server also will not fork and will only process one connection.
188This option is only intended for debugging for the server.
Damien Miller874d77b2000-10-14 16:23:11 +1100189Multiple -d options increases the debugging level.
190Maximum is 3.
Damien Miller32aa1441999-10-29 09:15:49 +1000191.It Fl f Ar configuration_file
Damien Miller450a7a12000-03-26 13:04:51 +1000192Specifies the name of the configuration file.
193The default is
Damien Miller886c63a2000-01-20 23:13:36 +1100194.Pa /etc/sshd_config .
Damien Miller32aa1441999-10-29 09:15:49 +1000195.Nm
196refuses to start if there is no configuration file.
197.It Fl g Ar login_grace_time
198Gives the grace time for clients to authenticate themselves (default
Damien Miller450a7a12000-03-26 13:04:51 +1000199300 seconds).
200If the client fails to authenticate the user within
201this many seconds, the server disconnects and exits.
202A value of zero indicates no limit.
Damien Miller32aa1441999-10-29 09:15:49 +1000203.It Fl h Ar host_key_file
Damien Millere247cc42000-05-07 12:03:14 +1000204Specifies the file from which the RSA host key is read (default
Damien Miller886c63a2000-01-20 23:13:36 +1100205.Pa /etc/ssh_host_key ) .
Damien Miller32aa1441999-10-29 09:15:49 +1000206This option must be given if
207.Nm
208is not run as root (as the normal
209host file is normally not readable by anyone but root).
210.It Fl i
211Specifies that
212.Nm
Damien Miller22c77262000-04-13 12:26:34 +1000213is being run from inetd.
Damien Miller32aa1441999-10-29 09:15:49 +1000214.Nm
215is normally not run
216from inetd because it needs to generate the server key before it can
Damien Miller450a7a12000-03-26 13:04:51 +1000217respond to the client, and this may take tens of seconds.
218Clients would have to wait too long if the key was regenerated every time.
Damien Miller7684ee12000-03-17 23:40:15 +1100219However, with small key sizes (e.g., 512) using
Damien Miller32aa1441999-10-29 09:15:49 +1000220.Nm
221from inetd may
222be feasible.
223.It Fl k Ar key_gen_time
224Specifies how often the server key is regenerated (default 3600
Damien Miller450a7a12000-03-26 13:04:51 +1000225seconds, or one hour).
226The motivation for regenerating the key fairly
Damien Miller32aa1441999-10-29 09:15:49 +1000227often is that the key is not stored anywhere, and after about an hour,
228it becomes impossible to recover the key for decrypting intercepted
229communications even if the machine is cracked into or physically
Damien Miller450a7a12000-03-26 13:04:51 +1000230seized.
231A value of zero indicates that the key will never be regenerated.
Damien Miller32aa1441999-10-29 09:15:49 +1000232.It Fl p Ar port
233Specifies the port on which the server listens for connections
234(default 22).
235.It Fl q
Damien Miller450a7a12000-03-26 13:04:51 +1000236Quiet mode.
237Nothing is sent to the system log.
238Normally the beginning,
Damien Miller32aa1441999-10-29 09:15:49 +1000239authentication, and termination of each connection is logged.
Damien Miller942da032000-08-18 13:59:06 +1000240.It Fl u Ar len
241This option is used to specify the size of the field
242in the
243.Li utmp
244structure that holds the remote host name.
245If the resolved host name is longer than
246.Ar len ,
247the dotted decimal value will be used instead.
248This allows hosts with very long host names that
249overflow this field to still be uniquely identified.
250Specifying
251.Fl u0
252indicates that only dotted decimal addresses
253should be put into the
254.Pa utmp
255file.
Damien Miller32aa1441999-10-29 09:15:49 +1000256.It Fl Q
257Do not print an error message if RSA support is missing.
Damien Miller95def091999-11-25 00:26:21 +1100258.It Fl V Ar client_protocol_id
Damien Miller874d77b2000-10-14 16:23:11 +1100259SSH-2 compatibility mode.
Damien Miller35dabd02000-05-01 21:10:33 +1000260When this option is specified
Damien Miller95def091999-11-25 00:26:21 +1100261.Nm
Damien Miller35dabd02000-05-01 21:10:33 +1000262assumes the client has sent the supplied version string
Damien Miller95def091999-11-25 00:26:21 +1100263and skips the
264Protocol Version Identification Exchange.
Damien Miller874d77b2000-10-14 16:23:11 +1100265This option is not intended to be called directly.
Damien Miller34132e52000-01-14 15:45:46 +1100266.It Fl 4
267Forces
268.Nm
269to use IPv4 addresses only.
270.It Fl 6
271Forces
272.Nm
273to use IPv6 addresses only.
Damien Miller32aa1441999-10-29 09:15:49 +1000274.El
275.Sh CONFIGURATION FILE
276.Nm
Damien Miller22c77262000-04-13 12:26:34 +1000277reads configuration data from
Damien Miller886c63a2000-01-20 23:13:36 +1100278.Pa /etc/sshd_config
Damien Miller32aa1441999-10-29 09:15:49 +1000279(or the file specified with
280.Fl f
Damien Miller450a7a12000-03-26 13:04:51 +1000281on the command line).
282The file contains keyword-value pairs, one per line.
283Lines starting with
Damien Miller32aa1441999-10-29 09:15:49 +1000284.Ql #
285and empty lines are interpreted as comments.
286.Pp
287The following keywords are possible.
288.Bl -tag -width Ds
289.It Cm AFSTokenPassing
Damien Miller450a7a12000-03-26 13:04:51 +1000290Specifies whether an AFS token may be forwarded to the server.
291Default is
Damien Miller32aa1441999-10-29 09:15:49 +1000292.Dq yes .
293.It Cm AllowGroups
294This keyword can be followed by a number of group names, separated
Damien Miller450a7a12000-03-26 13:04:51 +1000295by spaces.
296If specified, login is allowed only for users whose primary
Damien Miller32aa1441999-10-29 09:15:49 +1000297group matches one of the patterns.
298.Ql \&*
299and
300.Ql ?
301can be used as
Damien Miller450a7a12000-03-26 13:04:51 +1000302wildcards in the patterns.
Damien Miller942da032000-08-18 13:59:06 +1000303Only group names are valid; a numerical group ID isn't recognized.
Damien Miller450a7a12000-03-26 13:04:51 +1000304By default login is allowed regardless of the primary group.
Damien Miller32aa1441999-10-29 09:15:49 +1000305.Pp
Damien Miller50a41ed2000-10-16 12:14:42 +1100306.It Cm AllowTcpForwarding
307Specifies whether TCP forwarding is permitted.
308The default is
309.Dq yes .
310Note that disabling TCP forwarding does not improve security unless
311users are also denied shell access, as they can always install their
312own forwarders.
313.Pp
Damien Miller32aa1441999-10-29 09:15:49 +1000314.It Cm AllowUsers
315This keyword can be followed by a number of user names, separated
Damien Miller450a7a12000-03-26 13:04:51 +1000316by spaces.
317If specified, login is allowed only for users names that
Damien Miller32aa1441999-10-29 09:15:49 +1000318match one of the patterns.
319.Ql \&*
320and
321.Ql ?
322can be used as
Damien Miller450a7a12000-03-26 13:04:51 +1000323wildcards in the patterns.
Damien Miller942da032000-08-18 13:59:06 +1000324Only user names are valid; a numerical user ID isn't recognized.
Damien Miller450a7a12000-03-26 13:04:51 +1000325By default login is allowed regardless of the user name.
Damien Miller32aa1441999-10-29 09:15:49 +1000326.Pp
Damien Miller22c77262000-04-13 12:26:34 +1000327.It Cm Ciphers
328Specifies the ciphers allowed for protocol version 2.
329Multiple ciphers must be comma-separated.
330The default is
Damien Miller30c3d422000-05-09 11:02:59 +1000331.Dq 3des-cbc,blowfish-cbc,arcfour,cast128-cbc .
Damien Miller32aa1441999-10-29 09:15:49 +1000332.It Cm CheckMail
333Specifies whether
334.Nm
335should check for new mail for interactive logins.
336The default is
337.Dq no .
338.It Cm DenyGroups
339This keyword can be followed by a number of group names, separated
Damien Miller450a7a12000-03-26 13:04:51 +1000340by spaces.
341Users whose primary group matches one of the patterns
Damien Miller32aa1441999-10-29 09:15:49 +1000342aren't allowed to log in.
343.Ql \&*
344and
345.Ql ?
346can be used as
Damien Miller450a7a12000-03-26 13:04:51 +1000347wildcards in the patterns.
Damien Miller942da032000-08-18 13:59:06 +1000348Only group names are valid; a numerical group ID isn't recognized.
Damien Miller450a7a12000-03-26 13:04:51 +1000349By default login is allowed regardless of the primary group.
Damien Miller32aa1441999-10-29 09:15:49 +1000350.Pp
351.It Cm DenyUsers
352This keyword can be followed by a number of user names, separated
Damien Miller450a7a12000-03-26 13:04:51 +1000353by spaces.
354Login is disallowed for user names that match one of the patterns.
Damien Miller32aa1441999-10-29 09:15:49 +1000355.Ql \&*
356and
357.Ql ?
Damien Miller450a7a12000-03-26 13:04:51 +1000358can be used as wildcards in the patterns.
Damien Miller942da032000-08-18 13:59:06 +1000359Only user names are valid; a numerical user ID isn't recognized.
Damien Miller450a7a12000-03-26 13:04:51 +1000360By default login is allowed regardless of the user name.
Damien Millere247cc42000-05-07 12:03:14 +1000361.It Cm DSAAuthentication
362Specifies whether DSA authentication is allowed.
363The default is
364.Dq yes .
365Note that this option applies to protocol version 2 only.
366.It Cm GatewayPorts
367Specifies whether remote hosts are allowed to connect to ports
368forwarded for the client.
369The argument must be
370.Dq yes
371or
372.Dq no .
373The default is
374.Dq no .
Damien Miller942da032000-08-18 13:59:06 +1000375.It Cm HostDSAKey
Damien Millere247cc42000-05-07 12:03:14 +1000376Specifies the file containing the private DSA host key (default
377.Pa /etc/ssh_host_dsa_key )
378used by SSH protocol 2.0.
Damien Miller32aa1441999-10-29 09:15:49 +1000379Note that
380.Nm
Damien Miller30c3d422000-05-09 11:02:59 +1000381disables protocol 2.0 if this file is group/world-accessible.
Damien Millere247cc42000-05-07 12:03:14 +1000382.It Cm HostKey
383Specifies the file containing the private RSA host key (default
384.Pa /etc/ssh_host_key )
385used by SSH protocols 1.3 and 1.5.
386Note that
387.Nm
Damien Miller30c3d422000-05-09 11:02:59 +1000388disables protocols 1.3 and 1.5 if this file is group/world-accessible.
Damien Miller32aa1441999-10-29 09:15:49 +1000389.It Cm IgnoreRhosts
Damien Miller98c7ad62000-03-09 21:27:49 +1100390Specifies that
391.Pa .rhosts
Damien Miller22c77262000-04-13 12:26:34 +1000392and
Damien Miller98c7ad62000-03-09 21:27:49 +1100393.Pa .shosts
394files will not be used in authentication.
Damien Miller32aa1441999-10-29 09:15:49 +1000395.Pa /etc/hosts.equiv
396and
Damien Miller22c77262000-04-13 12:26:34 +1000397.Pa /etc/shosts.equiv
Damien Miller450a7a12000-03-26 13:04:51 +1000398are still used.
Damien Miller22c77262000-04-13 12:26:34 +1000399The default is
Damien Miller98c7ad62000-03-09 21:27:49 +1100400.Dq yes .
Damien Miller32265091999-11-12 11:33:04 +1100401.It Cm IgnoreUserKnownHosts
402Specifies whether
403.Nm
404should ignore the user's
405.Pa $HOME/.ssh/known_hosts
406during
407.Cm RhostsRSAAuthentication .
408The default is
409.Dq no .
Damien Miller32aa1441999-10-29 09:15:49 +1000410.It Cm KeepAlive
411Specifies whether the system should send keepalive messages to the
Damien Miller450a7a12000-03-26 13:04:51 +1000412other side.
413If they are sent, death of the connection or crash of one
414of the machines will be properly noticed.
415However, this means that
Damien Miller32aa1441999-10-29 09:15:49 +1000416connections will die if the route is down temporarily, and some people
Damien Miller450a7a12000-03-26 13:04:51 +1000417find it annoying.
Damien Miller30c3d422000-05-09 11:02:59 +1000418On the other hand, if keepalives are not sent,
Damien Miller32aa1441999-10-29 09:15:49 +1000419sessions may hang indefinitely on the server, leaving
420.Dq ghost
421users and consuming server resources.
422.Pp
423The default is
424.Dq yes
425(to send keepalives), and the server will notice
Damien Miller450a7a12000-03-26 13:04:51 +1000426if the network goes down or the client host reboots.
427This avoids infinitely hanging sessions.
Damien Miller32aa1441999-10-29 09:15:49 +1000428.Pp
429To disable keepalives, the value should be set to
430.Dq no
431in both the server and the client configuration files.
432.It Cm KerberosAuthentication
Damien Miller450a7a12000-03-26 13:04:51 +1000433Specifies whether Kerberos authentication is allowed.
434This can be in the form of a Kerberos ticket, or if
Damien Miller32aa1441999-10-29 09:15:49 +1000435.Cm PasswordAuthentication
436is yes, the password provided by the user will be validated through
Damien Miller874d77b2000-10-14 16:23:11 +1100437the Kerberos KDC.
438To use this option, the server needs a
Damien Miller942da032000-08-18 13:59:06 +1000439Kerberos servtab which allows the verification of the KDC's identity.
Damien Miller450a7a12000-03-26 13:04:51 +1000440Default is
Damien Miller32aa1441999-10-29 09:15:49 +1000441.Dq yes .
442.It Cm KerberosOrLocalPasswd
443If set then if password authentication through Kerberos fails then
444the password will be validated via any additional local mechanism
445such as
Damien Miller62cee002000-09-23 17:15:56 +1100446.Pa /etc/passwd .
Damien Miller450a7a12000-03-26 13:04:51 +1000447Default is
Damien Miller32aa1441999-10-29 09:15:49 +1000448.Dq yes .
449.It Cm KerberosTgtPassing
450Specifies whether a Kerberos TGT may be forwarded to the server.
Damien Miller22c77262000-04-13 12:26:34 +1000451Default is
Damien Miller32aa1441999-10-29 09:15:49 +1000452.Dq no ,
453as this only works when the Kerberos KDC is actually an AFS kaserver.
454.It Cm KerberosTicketCleanup
455Specifies whether to automatically destroy the user's ticket cache
Damien Miller450a7a12000-03-26 13:04:51 +1000456file on logout.
457Default is
Damien Miller32aa1441999-10-29 09:15:49 +1000458.Dq yes .
459.It Cm KeyRegenerationInterval
460The server key is automatically regenerated after this many seconds
Damien Miller450a7a12000-03-26 13:04:51 +1000461(if it has been used).
462The purpose of regeneration is to prevent
Damien Miller32aa1441999-10-29 09:15:49 +1000463decrypting captured sessions by later breaking into the machine and
Damien Miller450a7a12000-03-26 13:04:51 +1000464stealing the keys.
465The key is never stored anywhere.
466If the value is 0, the key is never regenerated.
467The default is 3600 (seconds).
Damien Miller32aa1441999-10-29 09:15:49 +1000468.It Cm ListenAddress
469Specifies what local address
470.Nm
471should listen on.
472The default is to listen to all local addresses.
Damien Miller34132e52000-01-14 15:45:46 +1100473Multiple options of this type are permitted.
474Additionally, the
475.Cm Ports
476options must precede this option.
Damien Miller32aa1441999-10-29 09:15:49 +1000477.It Cm LoginGraceTime
478The server disconnects after this time if the user has not
Damien Miller450a7a12000-03-26 13:04:51 +1000479successfully logged in.
480If the value is 0, there is no time limit.
Damien Miller32aa1441999-10-29 09:15:49 +1000481The default is 600 (seconds).
Damien Miller5ce662a1999-11-11 17:57:39 +1100482.It Cm LogLevel
483Gives the verbosity level that is used when logging messages from
484.Nm sshd .
485The possible values are:
Damien Miller95def091999-11-25 00:26:21 +1100486QUIET, FATAL, ERROR, INFO, VERBOSE and DEBUG.
Damien Miller5ce662a1999-11-11 17:57:39 +1100487The default is INFO.
488Logging with level DEBUG violates the privacy of users
489and is not recommended.
Damien Miller37023962000-07-11 17:31:38 +1000490.It Cm MaxStartups
491Specifies the maximum number of concurrent unauthenticated connections to the
492.Nm
493daemon.
494Additional connections will be dropped until authentication succeeds or the
495.Cm LoginGraceTime
496expires for a connection.
497The default is 10.
Damien Miller942da032000-08-18 13:59:06 +1000498.Pp
499Alternatively, random early drop can be enabled by specifying
500the three colon separated values
501.Dq start:rate:full
Damien Miller874d77b2000-10-14 16:23:11 +1100502(e.g., "10:30:60").
Damien Miller942da032000-08-18 13:59:06 +1000503.Nm
504will refuse connection attempts with a probabillity of
505.Dq rate/100
506(30%)
507if there are currently
508.Dq start
509(10)
510unauthenticated connections.
511The probabillity increases linearly and all connection attempts
512are refused if the number of unauthenticated connections reaches
513.Dq full
514(60).
Damien Miller32aa1441999-10-29 09:15:49 +1000515.It Cm PasswordAuthentication
516Specifies whether password authentication is allowed.
517The default is
518.Dq yes .
Damien Miller942da032000-08-18 13:59:06 +1000519Note that this option applies to both protocol versions 1 and 2.
Damien Miller32aa1441999-10-29 09:15:49 +1000520.It Cm PermitEmptyPasswords
521When password authentication is allowed, it specifies whether the
Damien Miller450a7a12000-03-26 13:04:51 +1000522server allows login to accounts with empty password strings.
523The default is
Damien Miller98c7ad62000-03-09 21:27:49 +1100524.Dq no .
Damien Miller32aa1441999-10-29 09:15:49 +1000525.It Cm PermitRootLogin
526Specifies whether the root can log in using
527.Xr ssh 1 .
528The argument must be
529.Dq yes ,
530.Dq without-password
531or
532.Dq no .
533The default is
534.Dq yes .
535If this options is set to
536.Dq without-password
537only password authentication is disabled for root.
538.Pp
539Root login with RSA authentication when the
540.Ar command
541option has been
542specified will be allowed regardless of the value of this setting
543(which may be useful for taking remote backups even if root login is
544normally not allowed).
Damien Miller6f83b8e2000-05-02 09:23:45 +1000545.It Cm PidFile
546Specifies the file that contains the process identifier of the
547.Nm
548daemon.
549The default is
550.Pa /var/run/sshd.pid .
Damien Miller32aa1441999-10-29 09:15:49 +1000551.It Cm Port
552Specifies the port number that
553.Nm
Damien Miller450a7a12000-03-26 13:04:51 +1000554listens on.
555The default is 22.
Damien Miller34132e52000-01-14 15:45:46 +1100556Multiple options of this type are permitted.
Damien Miller32aa1441999-10-29 09:15:49 +1000557.It Cm PrintMotd
558Specifies whether
559.Nm
Damien Miller22c77262000-04-13 12:26:34 +1000560should print
Damien Miller32aa1441999-10-29 09:15:49 +1000561.Pa /etc/motd
Damien Miller450a7a12000-03-26 13:04:51 +1000562when a user logs in interactively.
563(On some systems it is also printed by the shell,
Damien Miller32aa1441999-10-29 09:15:49 +1000564.Pa /etc/profile ,
Damien Miller450a7a12000-03-26 13:04:51 +1000565or equivalent.)
566The default is
Damien Miller32aa1441999-10-29 09:15:49 +1000567.Dq yes .
Damien Miller22c77262000-04-13 12:26:34 +1000568.It Cm Protocol
569Specifies the protocol versions
570.Nm
571should support.
572The possible values are
573.Dq 1
574and
575.Dq 2 .
576Multiple versions must be comma-separated.
577The default is
578.Dq 1 .
Damien Miller32aa1441999-10-29 09:15:49 +1000579.It Cm RandomSeed
Damien Miller450a7a12000-03-26 13:04:51 +1000580Obsolete.
581Random number generation uses other techniques.
Damien Miller32aa1441999-10-29 09:15:49 +1000582.It Cm RhostsAuthentication
583Specifies whether authentication using rhosts or /etc/hosts.equiv
Damien Miller450a7a12000-03-26 13:04:51 +1000584files is sufficient.
585Normally, this method should not be permitted because it is insecure.
Damien Miller32aa1441999-10-29 09:15:49 +1000586.Cm RhostsRSAAuthentication
587should be used
588instead, because it performs RSA-based host authentication in addition
589to normal rhosts or /etc/hosts.equiv authentication.
590The default is
591.Dq no .
592.It Cm RhostsRSAAuthentication
593Specifies whether rhosts or /etc/hosts.equiv authentication together
Damien Miller450a7a12000-03-26 13:04:51 +1000594with successful RSA host authentication is allowed.
595The default is
Damien Miller98c7ad62000-03-09 21:27:49 +1100596.Dq no .
Damien Miller32aa1441999-10-29 09:15:49 +1000597.It Cm RSAAuthentication
Damien Miller450a7a12000-03-26 13:04:51 +1000598Specifies whether pure RSA authentication is allowed.
599The default is
Damien Miller32aa1441999-10-29 09:15:49 +1000600.Dq yes .
Damien Millere247cc42000-05-07 12:03:14 +1000601Note that this option applies to protocol version 1 only.
Damien Miller32aa1441999-10-29 09:15:49 +1000602.It Cm ServerKeyBits
Damien Miller450a7a12000-03-26 13:04:51 +1000603Defines the number of bits in the server key.
604The minimum value is 512, and the default is 768.
Damien Miller32aa1441999-10-29 09:15:49 +1000605.It Cm SkeyAuthentication
606Specifies whether
Damien Miller22c77262000-04-13 12:26:34 +1000607.Xr skey 1
Damien Miller450a7a12000-03-26 13:04:51 +1000608authentication is allowed.
609The default is
Damien Miller32aa1441999-10-29 09:15:49 +1000610.Dq yes .
611Note that s/key authentication is enabled only if
612.Cm PasswordAuthentication
613is allowed, too.
614.It Cm StrictModes
615Specifies whether
616.Nm
617should check file modes and ownership of the
Damien Miller450a7a12000-03-26 13:04:51 +1000618user's files and home directory before accepting login.
619This is normally desirable because novices sometimes accidentally leave their
620directory or files world-writable.
621The default is
Damien Miller32aa1441999-10-29 09:15:49 +1000622.Dq yes .
Damien Millerf6d9e222000-06-18 14:50:44 +1000623.It Cm Subsystem
Damien Miller874d77b2000-10-14 16:23:11 +1100624Configures an external subsystem (e.g., file transfer daemon).
625Arguments should be a subsystem name and a command to execute upon subsystem
626request.
Damien Miller7b28dc52000-09-05 13:34:53 +1100627The command
628.Xr sftp-server 8
629implements the
630.Dq sftp
631file transfer subsystem.
Damien Millerf6d9e222000-06-18 14:50:44 +1000632By default no subsystems are defined.
633Note that this option applies to protocol version 2 only.
Damien Miller32aa1441999-10-29 09:15:49 +1000634.It Cm SyslogFacility
635Gives the facility code that is used when logging messages from
636.Nm sshd .
637The possible values are: DAEMON, USER, AUTH, LOCAL0, LOCAL1, LOCAL2,
Damien Miller450a7a12000-03-26 13:04:51 +1000638LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7.
639The default is AUTH.
Damien Miller32aa1441999-10-29 09:15:49 +1000640.It Cm UseLogin
641Specifies whether
642.Xr login 1
Damien Millerd3a18572000-06-07 19:55:44 +1000643is used for interactive login sessions.
644Note that
645.Xr login 1
Damien Miller942da032000-08-18 13:59:06 +1000646is never used for remote command execution.
Damien Miller450a7a12000-03-26 13:04:51 +1000647The default is
Damien Miller32aa1441999-10-29 09:15:49 +1000648.Dq no .
Damien Miller32aa1441999-10-29 09:15:49 +1000649.It Cm X11DisplayOffset
650Specifies the first display number available for
651.Nm sshd Ns 's
Damien Miller450a7a12000-03-26 13:04:51 +1000652X11 forwarding.
653This prevents
Damien Miller32aa1441999-10-29 09:15:49 +1000654.Nm
655from interfering with real X11 servers.
Damien Miller98c7ad62000-03-09 21:27:49 +1100656The default is 10.
Damien Miller396691a2000-01-20 22:44:08 +1100657.It Cm X11Forwarding
Damien Miller450a7a12000-03-26 13:04:51 +1000658Specifies whether X11 forwarding is permitted.
659The default is
Damien Miller98c7ad62000-03-09 21:27:49 +1100660.Dq no .
Damien Miller396691a2000-01-20 22:44:08 +1100661Note that disabling X11 forwarding does not improve security in any
662way, as users can always install their own forwarders.
Damien Millerd3a18572000-06-07 19:55:44 +1000663.It Cm XAuthLocation
664Specifies the location of the
665.Xr xauth 1
666program.
667The default is
668.Pa /usr/X11R6/bin/xauth .
Damien Miller32aa1441999-10-29 09:15:49 +1000669.El
670.Sh LOGIN PROCESS
671When a user successfully logs in,
672.Nm
673does the following:
674.Bl -enum -offset indent
675.It
676If the login is on a tty, and no command has been specified,
Damien Miller22c77262000-04-13 12:26:34 +1000677prints last login time and
Damien Miller32aa1441999-10-29 09:15:49 +1000678.Pa /etc/motd
679(unless prevented in the configuration file or by
680.Pa $HOME/.hushlogin ;
681see the
Damien Miller22c77262000-04-13 12:26:34 +1000682.Sx FILES
Damien Miller32aa1441999-10-29 09:15:49 +1000683section).
684.It
685If the login is on a tty, records login time.
686.It
687Checks
688.Pa /etc/nologin ;
689if it exists, prints contents and quits
690(unless root).
691.It
692Changes to run with normal user privileges.
693.It
694Sets up basic environment.
695.It
696Reads
697.Pa $HOME/.ssh/environment
698if it exists.
699.It
700Changes to user's home directory.
701.It
702If
703.Pa $HOME/.ssh/rc
704exists, runs it; else if
Damien Miller886c63a2000-01-20 23:13:36 +1100705.Pa /etc/sshrc
Damien Miller32aa1441999-10-29 09:15:49 +1000706exists, runs
Damien Miller450a7a12000-03-26 13:04:51 +1000707it; otherwise runs xauth.
708The
Damien Miller32aa1441999-10-29 09:15:49 +1000709.Dq rc
710files are given the X11
711authentication protocol and cookie in standard input.
712.It
713Runs user's shell or command.
714.El
715.Sh AUTHORIZED_KEYS FILE FORMAT
Damien Miller22c77262000-04-13 12:26:34 +1000716The
Damien Miller32aa1441999-10-29 09:15:49 +1000717.Pa $HOME/.ssh/authorized_keys
718file lists the RSA keys that are
Damien Millere247cc42000-05-07 12:03:14 +1000719permitted for RSA authentication in SSH protocols 1.3 and 1.5
Damien Miller30c3d422000-05-09 11:02:59 +1000720Similarly, the
Damien Millere247cc42000-05-07 12:03:14 +1000721.Pa $HOME/.ssh/authorized_keys2
722file lists the DSA keys that are
723permitted for DSA authentication in SSH protocol 2.0.
Damien Miller450a7a12000-03-26 13:04:51 +1000724Each line of the file contains one
Damien Miller32aa1441999-10-29 09:15:49 +1000725key (empty lines and lines starting with a
726.Ql #
727are ignored as
Damien Miller450a7a12000-03-26 13:04:51 +1000728comments).
729Each line consists of the following fields, separated by
730spaces: options, bits, exponent, modulus, comment.
731The options field
Damien Miller32aa1441999-10-29 09:15:49 +1000732is optional; its presence is determined by whether the line starts
733with a number or not (the option field never starts with a number).
734The bits, exponent, modulus and comment fields give the RSA key; the
735comment field is not used for anything (but may be convenient for the
736user to identify the key).
737.Pp
738Note that lines in this file are usually several hundred bytes long
Damien Miller450a7a12000-03-26 13:04:51 +1000739(because of the size of the RSA key modulus).
740You don't want to type them in; instead, copy the
Damien Miller32aa1441999-10-29 09:15:49 +1000741.Pa identity.pub
742file and edit it.
743.Pp
Damien Miller942da032000-08-18 13:59:06 +1000744The options (if present) consist of comma-separated option
Damien Miller450a7a12000-03-26 13:04:51 +1000745specifications.
746No spaces are permitted, except within double quotes.
Damien Miller32aa1441999-10-29 09:15:49 +1000747The following option specifications are supported:
748.Bl -tag -width Ds
749.It Cm from="pattern-list"
750Specifies that in addition to RSA authentication, the canonical name
751of the remote host must be present in the comma-separated list of
Damien Miller450a7a12000-03-26 13:04:51 +1000752patterns
753.Pf ( Ql *
754and
755.Ql ?
756serve as wildcards).
757The list may also contain
758patterns negated by prefixing them with
759.Ql ! ;
760if the canonical host name matches a negated pattern, the key is not accepted.
761The purpose
Damien Miller32aa1441999-10-29 09:15:49 +1000762of this option is to optionally increase security: RSA authentication
763by itself does not trust the network or name servers or anything (but
764the key); however, if somebody somehow steals the key, the key
Damien Miller450a7a12000-03-26 13:04:51 +1000765permits an intruder to log in from anywhere in the world.
766This additional option makes using a stolen key more difficult (name
Damien Miller32aa1441999-10-29 09:15:49 +1000767servers and/or routers would have to be compromised in addition to
768just the key).
769.It Cm command="command"
770Specifies that the command is executed whenever this key is used for
Damien Miller450a7a12000-03-26 13:04:51 +1000771authentication.
772The command supplied by the user (if any) is ignored.
Damien Miller32aa1441999-10-29 09:15:49 +1000773The command is run on a pty if the connection requests a pty;
Damien Miller450a7a12000-03-26 13:04:51 +1000774otherwise it is run without a tty.
775A quote may be included in the command by quoting it with a backslash.
776This option might be useful
777to restrict certain RSA keys to perform just a specific operation.
778An example might be a key that permits remote backups but nothing else.
Damien Miller30c3d422000-05-09 11:02:59 +1000779Note that the client may specify TCP/IP and/or X11
780forwarding unless they are explicitly prohibited.
Damien Miller32aa1441999-10-29 09:15:49 +1000781.It Cm environment="NAME=value"
782Specifies that the string is to be added to the environment when
Damien Miller450a7a12000-03-26 13:04:51 +1000783logging in using this key.
784Environment variables set this way
785override other default environment values.
786Multiple options of this type are permitted.
Damien Miller32aa1441999-10-29 09:15:49 +1000787.It Cm no-port-forwarding
788Forbids TCP/IP forwarding when this key is used for authentication.
Damien Miller450a7a12000-03-26 13:04:51 +1000789Any port forward requests by the client will return an error.
790This might be used, e.g., in connection with the
Damien Miller32aa1441999-10-29 09:15:49 +1000791.Cm command
792option.
793.It Cm no-X11-forwarding
794Forbids X11 forwarding when this key is used for authentication.
795Any X11 forward requests by the client will return an error.
796.It Cm no-agent-forwarding
797Forbids authentication agent forwarding when this key is used for
798authentication.
799.It Cm no-pty
800Prevents tty allocation (a request to allocate a pty will fail).
801.El
802.Ss Examples
8031024 33 12121.\|.\|.\|312314325 ylo@foo.bar
804.Pp
805from="*.niksula.hut.fi,!pc.niksula.hut.fi" 1024 35 23.\|.\|.\|2334 ylo@niksula
806.Pp
807command="dump /home",no-pty,no-port-forwarding 1024 33 23.\|.\|.\|2323 backup.hut.fi
808.Sh SSH_KNOWN_HOSTS FILE FORMAT
Damien Miller22c77262000-04-13 12:26:34 +1000809The
Damien Millere247cc42000-05-07 12:03:14 +1000810.Pa /etc/ssh_known_hosts ,
811.Pa /etc/ssh_known_hosts2 ,
812.Pa $HOME/.ssh/known_hosts ,
Damien Miller22c77262000-04-13 12:26:34 +1000813and
Damien Millere247cc42000-05-07 12:03:14 +1000814.Pa $HOME/.ssh/known_hosts2
Damien Miller450a7a12000-03-26 13:04:51 +1000815files contain host public keys for all known hosts.
816The global file should
817be prepared by the administrator (optional), and the per-user file is
Damien Miller942da032000-08-18 13:59:06 +1000818maintained automatically: whenever the user connects from an unknown host
Damien Miller450a7a12000-03-26 13:04:51 +1000819its key is added to the per-user file.
Damien Miller32aa1441999-10-29 09:15:49 +1000820.Pp
821Each line in these files contains the following fields: hostnames,
Damien Miller450a7a12000-03-26 13:04:51 +1000822bits, exponent, modulus, comment.
823The fields are separated by spaces.
Damien Miller32aa1441999-10-29 09:15:49 +1000824.Pp
825Hostnames is a comma-separated list of patterns ('*' and '?' act as
826wildcards); each pattern in turn is matched against the canonical host
827name (when authenticating a client) or against the user-supplied
Damien Miller450a7a12000-03-26 13:04:51 +1000828name (when authenticating a server).
829A pattern may also be preceded by
Damien Miller32aa1441999-10-29 09:15:49 +1000830.Ql !
831to indicate negation: if the host name matches a negated
832pattern, it is not accepted (by that line) even if it matched another
833pattern on the line.
834.Pp
Damien Millere247cc42000-05-07 12:03:14 +1000835Bits, exponent, and modulus are taken directly from the RSA host key; they
Damien Miller32aa1441999-10-29 09:15:49 +1000836can be obtained, e.g., from
Damien Miller886c63a2000-01-20 23:13:36 +1100837.Pa /etc/ssh_host_key.pub .
Damien Miller32aa1441999-10-29 09:15:49 +1000838The optional comment field continues to the end of the line, and is not used.
839.Pp
840Lines starting with
841.Ql #
842and empty lines are ignored as comments.
843.Pp
844When performing host authentication, authentication is accepted if any
Damien Miller450a7a12000-03-26 13:04:51 +1000845matching line has the proper key.
846It is thus permissible (but not
Damien Miller32aa1441999-10-29 09:15:49 +1000847recommended) to have several lines or different host keys for the same
Damien Miller450a7a12000-03-26 13:04:51 +1000848names.
849This will inevitably happen when short forms of host names
850from different domains are put in the file.
851It is possible
Damien Miller32aa1441999-10-29 09:15:49 +1000852that the files contain conflicting information; authentication is
853accepted if valid information can be found from either file.
854.Pp
855Note that the lines in these files are typically hundreds of characters
856long, and you definitely don't want to type in the host keys by hand.
857Rather, generate them by a script
Damien Miller22c77262000-04-13 12:26:34 +1000858or by taking
Damien Miller886c63a2000-01-20 23:13:36 +1100859.Pa /etc/ssh_host_key.pub
Damien Miller32aa1441999-10-29 09:15:49 +1000860and adding the host names at the front.
861.Ss Examples
862closenet,closenet.hut.fi,.\|.\|.\|,130.233.208.41 1024 37 159.\|.\|.93 closenet.hut.fi
863.Sh FILES
864.Bl -tag -width Ds
Damien Miller886c63a2000-01-20 23:13:36 +1100865.It Pa /etc/sshd_config
Damien Miller32aa1441999-10-29 09:15:49 +1000866Contains configuration data for
867.Nm sshd .
868This file should be writable by root only, but it is recommended
869(though not necessary) that it be world-readable.
Damien Miller886c63a2000-01-20 23:13:36 +1100870.It Pa /etc/ssh_host_key
Damien Miller32aa1441999-10-29 09:15:49 +1000871Contains the private part of the host key.
872This file should only be owned by root, readable only by root, and not
873accessible to others.
874Note that
875.Nm
876does not start if this file is group/world-accessible.
Damien Miller886c63a2000-01-20 23:13:36 +1100877.It Pa /etc/ssh_host_key.pub
Damien Miller32aa1441999-10-29 09:15:49 +1000878Contains the public part of the host key.
879This file should be world-readable but writable only by
Damien Miller450a7a12000-03-26 13:04:51 +1000880root.
881Its contents should match the private part.
882This file is not
Damien Miller32aa1441999-10-29 09:15:49 +1000883really used for anything; it is only provided for the convenience of
884the user so its contents can be copied to known hosts files.
885These two files are created using
886.Xr ssh-keygen 1 .
Damien Miller886c63a2000-01-20 23:13:36 +1100887.It Pa /var/run/sshd.pid
Damien Miller32aa1441999-10-29 09:15:49 +1000888Contains the process ID of the
889.Nm
890listening for connections (if there are several daemons running
891concurrently for different ports, this contains the pid of the one
Damien Miller450a7a12000-03-26 13:04:51 +1000892started last).
Damien Miller942da032000-08-18 13:59:06 +1000893The content of this file is not sensitive; it can be world-readable.
Damien Miller32aa1441999-10-29 09:15:49 +1000894.It Pa $HOME/.ssh/authorized_keys
895Lists the RSA keys that can be used to log into the user's account.
896This file must be readable by root (which may on some machines imply
897it being world-readable if the user's home directory resides on an NFS
Damien Miller450a7a12000-03-26 13:04:51 +1000898volume).
899It is recommended that it not be accessible by others.
900The format of this file is described above.
Damien Millere247cc42000-05-07 12:03:14 +1000901Users will place the contents of their
902.Pa identity.pub
903files into this file, as described in
904.Xr ssh-keygen 1 .
905.It Pa $HOME/.ssh/authorized_keys2
906Lists the DSA keys that can be used to log into the user's account.
907This file must be readable by root (which may on some machines imply
908it being world-readable if the user's home directory resides on an NFS
909volume).
910It is recommended that it not be accessible by others.
911The format of this file is described above.
912Users will place the contents of their
913.Pa id_dsa.pub
914files into this file, as described in
915.Xr ssh-keygen 1 .
Damien Miller886c63a2000-01-20 23:13:36 +1100916.It Pa "/etc/ssh_known_hosts" and "$HOME/.ssh/known_hosts"
Damien Miller5ce662a1999-11-11 17:57:39 +1100917These files are consulted when using rhosts with RSA host
Damien Miller450a7a12000-03-26 13:04:51 +1000918authentication to check the public key of the host.
919The key must be listed in one of these files to be accepted.
Damien Miller33e511e1999-11-11 11:43:13 +1100920The client uses the same files
Damien Miller942da032000-08-18 13:59:06 +1000921to verify that the remote host is the one it intended to connect.
Damien Miller450a7a12000-03-26 13:04:51 +1000922These files should be writable only by root/the owner.
Damien Miller886c63a2000-01-20 23:13:36 +1100923.Pa /etc/ssh_known_hosts
Damien Miller32aa1441999-10-29 09:15:49 +1000924should be world-readable, and
925.Pa $HOME/.ssh/known_hosts
926can but need not be world-readable.
927.It Pa /etc/nologin
Damien Miller22c77262000-04-13 12:26:34 +1000928If this file exists,
Damien Miller32aa1441999-10-29 09:15:49 +1000929.Nm
Damien Miller450a7a12000-03-26 13:04:51 +1000930refuses to let anyone except root log in.
931The contents of the file
Damien Miller32aa1441999-10-29 09:15:49 +1000932are displayed to anyone trying to log in, and non-root connections are
Damien Miller450a7a12000-03-26 13:04:51 +1000933refused.
934The file should be world-readable.
Damien Miller32aa1441999-10-29 09:15:49 +1000935.It Pa /etc/hosts.allow, /etc/hosts.deny
936If compiled with
937.Sy LIBWRAP
938support, tcp-wrappers access controls may be defined here as described in
939.Xr hosts_access 5 .
940.It Pa $HOME/.rhosts
941This file contains host-username pairs, separated by a space, one per
Damien Miller450a7a12000-03-26 13:04:51 +1000942line.
943The given user on the corresponding host is permitted to log in
944without password.
945The same file is used by rlogind and rshd.
Damien Miller32aa1441999-10-29 09:15:49 +1000946The file must
947be writable only by the user; it is recommended that it not be
948accessible by others.
949.Pp
Damien Miller450a7a12000-03-26 13:04:51 +1000950If is also possible to use netgroups in the file.
951Either host or user
Damien Miller32aa1441999-10-29 09:15:49 +1000952name may be of the form +@groupname to specify all hosts or all users
953in the group.
954.It Pa $HOME/.shosts
955For ssh,
956this file is exactly the same as for
957.Pa .rhosts .
958However, this file is
959not used by rlogin and rshd, so using this permits access using SSH only.
Damien Miller942da032000-08-18 13:59:06 +1000960.It Pa /etc/hosts.equiv
Damien Miller32aa1441999-10-29 09:15:49 +1000961This file is used during
962.Pa .rhosts
Damien Miller450a7a12000-03-26 13:04:51 +1000963authentication.
964In the simplest form, this file contains host names, one per line.
965Users on
Damien Miller32aa1441999-10-29 09:15:49 +1000966those hosts are permitted to log in without a password, provided they
Damien Miller450a7a12000-03-26 13:04:51 +1000967have the same user name on both machines.
968The host name may also be
Damien Miller32aa1441999-10-29 09:15:49 +1000969followed by a user name; such users are permitted to log in as
970.Em any
Damien Miller450a7a12000-03-26 13:04:51 +1000971user on this machine (except root).
972Additionally, the syntax
Damien Miller32aa1441999-10-29 09:15:49 +1000973.Dq +@group
Damien Miller450a7a12000-03-26 13:04:51 +1000974can be used to specify netgroups.
975Negated entries start with
Damien Miller32aa1441999-10-29 09:15:49 +1000976.Ql \&- .
977.Pp
978If the client host/user is successfully matched in this file, login is
979automatically permitted provided the client and server user names are the
Damien Miller450a7a12000-03-26 13:04:51 +1000980same.
981Additionally, successful RSA host authentication is normally required.
982This file must be writable only by root; it is recommended
Damien Miller32aa1441999-10-29 09:15:49 +1000983that it be world-readable.
984.Pp
985.Sy "Warning: It is almost never a good idea to use user names in"
986.Pa hosts.equiv .
987Beware that it really means that the named user(s) can log in as
988.Em anybody ,
989which includes bin, daemon, adm, and other accounts that own critical
Damien Miller450a7a12000-03-26 13:04:51 +1000990binaries and directories.
991Using a user name practically grants the user root access.
992The only valid use for user names that I can think
Damien Miller32aa1441999-10-29 09:15:49 +1000993of is in negative entries.
994.Pp
995Note that this warning also applies to rsh/rlogin.
Damien Miller886c63a2000-01-20 23:13:36 +1100996.It Pa /etc/shosts.equiv
Damien Miller32aa1441999-10-29 09:15:49 +1000997This is processed exactly as
998.Pa /etc/hosts.equiv .
999However, this file may be useful in environments that want to run both
1000rsh/rlogin and ssh.
1001.It Pa $HOME/.ssh/environment
Damien Miller450a7a12000-03-26 13:04:51 +10001002This file is read into the environment at login (if it exists).
1003It can only contain empty lines, comment lines (that start with
Damien Miller32aa1441999-10-29 09:15:49 +10001004.Ql # ) ,
Damien Miller450a7a12000-03-26 13:04:51 +10001005and assignment lines of the form name=value.
1006The file should be writable
Damien Miller32aa1441999-10-29 09:15:49 +10001007only by the user; it need not be readable by anyone else.
1008.It Pa $HOME/.ssh/rc
1009If this file exists, it is run with /bin/sh after reading the
Damien Miller450a7a12000-03-26 13:04:51 +10001010environment files but before starting the user's shell or command.
1011If X11 spoofing is in use, this will receive the "proto cookie" pair in
Damien Miller32aa1441999-10-29 09:15:49 +10001012standard input (and
1013.Ev DISPLAY
Damien Miller450a7a12000-03-26 13:04:51 +10001014in environment).
1015This must call
Damien Miller32aa1441999-10-29 09:15:49 +10001016.Xr xauth 1
1017in that case.
1018.Pp
1019The primary purpose of this file is to run any initialization routines
1020which may be needed before the user's home directory becomes
1021accessible; AFS is a particular example of such an environment.
1022.Pp
1023This file will probably contain some initialization code followed by
1024something similar to: "if read proto cookie; then echo add $DISPLAY
1025$proto $cookie | xauth -q -; fi".
1026.Pp
1027If this file does not exist,
Damien Miller886c63a2000-01-20 23:13:36 +11001028.Pa /etc/sshrc
Damien Miller32aa1441999-10-29 09:15:49 +10001029is run, and if that
1030does not exist either, xauth is used to store the cookie.
1031.Pp
1032This file should be writable only by the user, and need not be
1033readable by anyone else.
Damien Miller886c63a2000-01-20 23:13:36 +11001034.It Pa /etc/sshrc
Damien Miller32aa1441999-10-29 09:15:49 +10001035Like
1036.Pa $HOME/.ssh/rc .
1037This can be used to specify
Damien Miller450a7a12000-03-26 13:04:51 +10001038machine-specific login-time initializations globally.
1039This file should be writable only by root, and should be world-readable.
Damien Miller37023962000-07-11 17:31:38 +10001040.El
Damien Miller32aa1441999-10-29 09:15:49 +10001041.Sh AUTHOR
Damien Miller32aa1441999-10-29 09:15:49 +10001042OpenSSH
Damien Miller98c7ad62000-03-09 21:27:49 +11001043is a derivative of the original (free) ssh 1.2.12 release by Tatu Ylonen,
Damien Miller450a7a12000-03-26 13:04:51 +10001044but with bugs removed and newer features re-added.
1045Rapidly after the
Damien Miller98c7ad62000-03-09 21:27:49 +110010461.2.12 release, newer versions of the original ssh bore successively
1047more restrictive licenses, and thus demand for a free version was born.
Damien Millere247cc42000-05-07 12:03:14 +10001048.Pp
Damien Miller98c7ad62000-03-09 21:27:49 +11001049This version of OpenSSH
Damien Miller32aa1441999-10-29 09:15:49 +10001050.Bl -bullet
1051.It
Damien Millere4340be2000-09-16 13:29:08 +11001052has all components of a restrictive nature (i.e., patents, see
1053.Xr crypto 3 )
Damien Miller32aa1441999-10-29 09:15:49 +10001054directly removed from the source code; any licensed or patented components
1055are chosen from
1056external libraries.
1057.It
Damien Millere247cc42000-05-07 12:03:14 +10001058has been updated to support SSH protocol 1.5 and 2, making it compatible with
1059all other SSH clients and servers.
Damien Miller32aa1441999-10-29 09:15:49 +10001060.It
Damien Miller22c77262000-04-13 12:26:34 +10001061contains added support for
Damien Miller32aa1441999-10-29 09:15:49 +10001062.Xr kerberos 8
1063authentication and ticket passing.
1064.It
1065supports one-time password authentication with
1066.Xr skey 1 .
1067.El
Damien Millere247cc42000-05-07 12:03:14 +10001068.Pp
1069OpenSSH has been created by Aaron Campbell, Bob Beck, Markus Friedl,
1070Niels Provos, Theo de Raadt, and Dug Song.
1071.Pp
1072The support for SSH protocol 2 was written by Markus Friedl.
Damien Miller32aa1441999-10-29 09:15:49 +10001073.Sh SEE ALSO
Damien Miller32aa1441999-10-29 09:15:49 +10001074.Xr scp 1 ,
Damien Miller7b28dc52000-09-05 13:34:53 +11001075.Xr sftp-server 8 ,
Damien Miller32aa1441999-10-29 09:15:49 +10001076.Xr ssh 1 ,
1077.Xr ssh-add 1 ,
1078.Xr ssh-agent 1 ,
1079.Xr ssh-keygen 1 ,
Damien Millere4340be2000-09-16 13:29:08 +11001080.Xr crypto 3 ,
Damien Millerb38eff82000-04-01 11:09:21 +10001081.Xr rlogin 1 ,
1082.Xr rsh 1