blob: 48d6be204e6cdcddfbf6f74411c6bb8992b25001 [file] [log] [blame]
Damien Miller32aa1441999-10-29 09:15:49 +10001.\" -*- nroff -*-
2.\"
Damien Miller32aa1441999-10-29 09:15:49 +10003.\" Author: Tatu Ylonen <ylo@cs.hut.fi>
Damien Miller32aa1441999-10-29 09:15:49 +10004.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
5.\" All rights reserved
6.\"
Damien Millere4340be2000-09-16 13:29:08 +11007.\" As far as I am concerned, the code I have written for this software
8.\" can be used freely for any purpose. Any derived versions of this
9.\" software must be clearly marked as such, and if the derived work is
10.\" incompatible with the protocol description in the RFC file, it must be
11.\" called by a name other than "ssh" or "Secure Shell".
Damien Miller32aa1441999-10-29 09:15:49 +100012.\"
Damien Millere4340be2000-09-16 13:29:08 +110013.\" Copyright (c) 1999,2000 Markus Friedl. All rights reserved.
14.\" Copyright (c) 1999 Aaron Campbell. All rights reserved.
15.\" Copyright (c) 1999 Theo de Raadt. All rights reserved.
16.\"
17.\" Redistribution and use in source and binary forms, with or without
18.\" modification, are permitted provided that the following conditions
19.\" are met:
20.\" 1. Redistributions of source code must retain the above copyright
21.\" notice, this list of conditions and the following disclaimer.
22.\" 2. Redistributions in binary form must reproduce the above copyright
23.\" notice, this list of conditions and the following disclaimer in the
24.\" documentation and/or other materials provided with the distribution.
25.\"
26.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
27.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
28.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
29.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
30.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
31.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
32.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
33.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
34.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
35.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
Damien Miller32aa1441999-10-29 09:15:49 +100036.\"
Damien Millere39cacc2000-11-29 12:18:44 +110037.\" $OpenBSD: sshd.8,v 1.73 2000/11/22 15:38:30 provos Exp $
Damien Miller32aa1441999-10-29 09:15:49 +100038.Dd September 25, 1999
39.Dt SSHD 8
40.Os
41.Sh NAME
42.Nm sshd
43.Nd secure shell daemon
44.Sh SYNOPSIS
45.Nm sshd
Damien Miller34132e52000-01-14 15:45:46 +110046.Op Fl diqQ46
Damien Miller32aa1441999-10-29 09:15:49 +100047.Op Fl b Ar bits
48.Op Fl f Ar config_file
49.Op Fl g Ar login_grace_time
50.Op Fl h Ar host_key_file
51.Op Fl k Ar key_gen_time
52.Op Fl p Ar port
Damien Miller942da032000-08-18 13:59:06 +100053.Op Fl u Ar len
Damien Miller95def091999-11-25 00:26:21 +110054.Op Fl V Ar client_protocol_id
Damien Miller22c77262000-04-13 12:26:34 +100055.Sh DESCRIPTION
Damien Miller32aa1441999-10-29 09:15:49 +100056.Nm
Damien Miller22c77262000-04-13 12:26:34 +100057(Secure Shell Daemon) is the daemon program for
Damien Miller32aa1441999-10-29 09:15:49 +100058.Xr ssh 1 .
Damien Miller35dabd02000-05-01 21:10:33 +100059Together these programs replace rlogin and rsh, and
Damien Miller32aa1441999-10-29 09:15:49 +100060provide secure encrypted communications between two untrusted hosts
Damien Miller450a7a12000-03-26 13:04:51 +100061over an insecure network.
62The programs are intended to be as easy to
Damien Miller32aa1441999-10-29 09:15:49 +100063install and use as possible.
64.Pp
65.Nm
Damien Miller450a7a12000-03-26 13:04:51 +100066is the daemon that listens for connections from clients.
Damien Miller22c77262000-04-13 12:26:34 +100067It is normally started at boot from
Damien Miller32aa1441999-10-29 09:15:49 +100068.Pa /etc/rc .
69It forks a new
Damien Miller450a7a12000-03-26 13:04:51 +100070daemon for each incoming connection.
71The forked daemons handle
Damien Miller32aa1441999-10-29 09:15:49 +100072key exchange, encryption, authentication, command execution,
73and data exchange.
Damien Millere247cc42000-05-07 12:03:14 +100074This implementation of
75.Nm
76supports both SSH protocol version 1 and 2 simultaneously.
Damien Miller32aa1441999-10-29 09:15:49 +100077.Nm
Damien Miller450a7a12000-03-26 13:04:51 +100078works as follows.
Damien Millere247cc42000-05-07 12:03:14 +100079.Pp
80.Ss SSH protocol version 1
81.Pp
Damien Miller450a7a12000-03-26 13:04:51 +100082Each host has a host-specific RSA key
83(normally 1024 bits) used to identify the host.
84Additionally, when
Damien Miller32aa1441999-10-29 09:15:49 +100085the daemon starts, it generates a server RSA key (normally 768 bits).
86This key is normally regenerated every hour if it has been used, and
87is never stored on disk.
88.Pp
Damien Miller35dabd02000-05-01 21:10:33 +100089Whenever a client connects the daemon responds with its public
90host and server keys.
Damien Miller450a7a12000-03-26 13:04:51 +100091The client compares the
Damien Millere247cc42000-05-07 12:03:14 +100092RSA host key against its own database to verify that it has not changed.
Damien Miller450a7a12000-03-26 13:04:51 +100093The client then generates a 256 bit random number.
94It encrypts this
Damien Miller32aa1441999-10-29 09:15:49 +100095random number using both the host key and the server key, and sends
Damien Miller450a7a12000-03-26 13:04:51 +100096the encrypted number to the server.
Damien Miller35dabd02000-05-01 21:10:33 +100097Both sides then use this
Damien Miller32aa1441999-10-29 09:15:49 +100098random number as a session key which is used to encrypt all further
Damien Miller450a7a12000-03-26 13:04:51 +100099communications in the session.
100The rest of the session is encrypted
Damien Miller35dabd02000-05-01 21:10:33 +1000101using a conventional cipher, currently Blowfish or 3DES, with 3DES
Damien Millerb38eff82000-04-01 11:09:21 +1000102being used by default.
Damien Miller450a7a12000-03-26 13:04:51 +1000103The client selects the encryption algorithm
Damien Miller32aa1441999-10-29 09:15:49 +1000104to use from those offered by the server.
105.Pp
Damien Miller450a7a12000-03-26 13:04:51 +1000106Next, the server and the client enter an authentication dialog.
107The client tries to authenticate itself using
Damien Miller32aa1441999-10-29 09:15:49 +1000108.Pa .rhosts
109authentication,
110.Pa .rhosts
111authentication combined with RSA host
112authentication, RSA challenge-response authentication, or password
113based authentication.
114.Pp
115Rhosts authentication is normally disabled
116because it is fundamentally insecure, but can be enabled in the server
Damien Miller450a7a12000-03-26 13:04:51 +1000117configuration file if desired.
118System security is not improved unless
Damien Miller32aa1441999-10-29 09:15:49 +1000119.Xr rshd 8 ,
120.Xr rlogind 8 ,
121.Xr rexecd 8 ,
122and
123.Xr rexd 8
124are disabled (thus completely disabling
125.Xr rlogin 1
126and
127.Xr rsh 1
Damien Miller35dabd02000-05-01 21:10:33 +1000128into the machine).
Damien Miller32aa1441999-10-29 09:15:49 +1000129.Pp
Damien Millere247cc42000-05-07 12:03:14 +1000130.Ss SSH protocol version 2
131.Pp
Damien Miller942da032000-08-18 13:59:06 +1000132Version 2 works similarly:
Damien Millere247cc42000-05-07 12:03:14 +1000133Each host has a host-specific DSA key used to identify the host.
134However, when the daemon starts, it does not generate a server key.
135Forward security is provided through a Diffie-Hellman key agreement.
136This key agreement results in a shared session key.
137The rest of the session is encrypted
138using a symmetric cipher, currently
139Blowfish, 3DES or CAST128 in CBC mode or Arcfour.
140The client selects the encryption algorithm
141to use from those offered by the server.
142Additionally, session integrity is provided
Damien Miller30c3d422000-05-09 11:02:59 +1000143through a cryptographic message authentication code
Damien Millere247cc42000-05-07 12:03:14 +1000144(hmac-sha1 or hmac-md5).
145.Pp
146Protocol version 2 provides a public key based
Damien Miller0bc1bd82000-11-13 22:57:25 +1100147user authentication method (PubkeyAuthentication)
Damien Millere247cc42000-05-07 12:03:14 +1000148and conventional password authentication.
149.Pp
150.Ss Command execution and data forwarding
151.Pp
Damien Miller32aa1441999-10-29 09:15:49 +1000152If the client successfully authenticates itself, a dialog for
Damien Miller450a7a12000-03-26 13:04:51 +1000153preparing the session is entered.
154At this time the client may request
Damien Miller32aa1441999-10-29 09:15:49 +1000155things like allocating a pseudo-tty, forwarding X11 connections,
156forwarding TCP/IP connections, or forwarding the authentication agent
157connection over the secure channel.
158.Pp
159Finally, the client either requests a shell or execution of a command.
Damien Miller450a7a12000-03-26 13:04:51 +1000160The sides then enter session mode.
161In this mode, either side may send
Damien Miller32aa1441999-10-29 09:15:49 +1000162data at any time, and such data is forwarded to/from the shell or
163command on the server side, and the user terminal in the client side.
164.Pp
165When the user program terminates and all forwarded X11 and other
166connections have been closed, the server sends command exit status to
167the client, and both sides exit.
168.Pp
169.Nm
170can be configured using command-line options or a configuration
Damien Miller450a7a12000-03-26 13:04:51 +1000171file.
172Command-line options override values specified in the
Damien Miller32aa1441999-10-29 09:15:49 +1000173configuration file.
174.Pp
Damien Miller6162d121999-11-21 13:23:52 +1100175.Nm
176rereads its configuration file when it receives a hangup signal,
177.Dv SIGHUP .
178.Pp
Damien Miller32aa1441999-10-29 09:15:49 +1000179The options are as follows:
180.Bl -tag -width Ds
181.It Fl b Ar bits
182Specifies the number of bits in the server key (default 768).
183.Pp
184.It Fl d
Damien Miller450a7a12000-03-26 13:04:51 +1000185Debug mode.
186The server sends verbose debug output to the system
187log, and does not put itself in the background.
188The server also will not fork and will only process one connection.
189This option is only intended for debugging for the server.
Damien Miller874d77b2000-10-14 16:23:11 +1100190Multiple -d options increases the debugging level.
191Maximum is 3.
Damien Miller32aa1441999-10-29 09:15:49 +1000192.It Fl f Ar configuration_file
Damien Miller450a7a12000-03-26 13:04:51 +1000193Specifies the name of the configuration file.
194The default is
Damien Miller886c63a2000-01-20 23:13:36 +1100195.Pa /etc/sshd_config .
Damien Miller32aa1441999-10-29 09:15:49 +1000196.Nm
197refuses to start if there is no configuration file.
198.It Fl g Ar login_grace_time
199Gives the grace time for clients to authenticate themselves (default
Damien Miller450a7a12000-03-26 13:04:51 +1000200300 seconds).
201If the client fails to authenticate the user within
202this many seconds, the server disconnects and exits.
203A value of zero indicates no limit.
Damien Miller32aa1441999-10-29 09:15:49 +1000204.It Fl h Ar host_key_file
Damien Millere247cc42000-05-07 12:03:14 +1000205Specifies the file from which the RSA host key is read (default
Damien Miller886c63a2000-01-20 23:13:36 +1100206.Pa /etc/ssh_host_key ) .
Damien Miller32aa1441999-10-29 09:15:49 +1000207This option must be given if
208.Nm
209is not run as root (as the normal
210host file is normally not readable by anyone but root).
211.It Fl i
212Specifies that
213.Nm
Damien Miller22c77262000-04-13 12:26:34 +1000214is being run from inetd.
Damien Miller32aa1441999-10-29 09:15:49 +1000215.Nm
216is normally not run
217from inetd because it needs to generate the server key before it can
Damien Miller450a7a12000-03-26 13:04:51 +1000218respond to the client, and this may take tens of seconds.
219Clients would have to wait too long if the key was regenerated every time.
Damien Miller7684ee12000-03-17 23:40:15 +1100220However, with small key sizes (e.g., 512) using
Damien Miller32aa1441999-10-29 09:15:49 +1000221.Nm
222from inetd may
223be feasible.
224.It Fl k Ar key_gen_time
225Specifies how often the server key is regenerated (default 3600
Damien Miller450a7a12000-03-26 13:04:51 +1000226seconds, or one hour).
227The motivation for regenerating the key fairly
Damien Miller32aa1441999-10-29 09:15:49 +1000228often is that the key is not stored anywhere, and after about an hour,
229it becomes impossible to recover the key for decrypting intercepted
230communications even if the machine is cracked into or physically
Damien Miller450a7a12000-03-26 13:04:51 +1000231seized.
232A value of zero indicates that the key will never be regenerated.
Damien Miller32aa1441999-10-29 09:15:49 +1000233.It Fl p Ar port
234Specifies the port on which the server listens for connections
235(default 22).
236.It Fl q
Damien Miller450a7a12000-03-26 13:04:51 +1000237Quiet mode.
238Nothing is sent to the system log.
239Normally the beginning,
Damien Miller32aa1441999-10-29 09:15:49 +1000240authentication, and termination of each connection is logged.
Damien Miller942da032000-08-18 13:59:06 +1000241.It Fl u Ar len
242This option is used to specify the size of the field
243in the
244.Li utmp
245structure that holds the remote host name.
246If the resolved host name is longer than
247.Ar len ,
248the dotted decimal value will be used instead.
249This allows hosts with very long host names that
250overflow this field to still be uniquely identified.
251Specifying
252.Fl u0
253indicates that only dotted decimal addresses
254should be put into the
255.Pa utmp
256file.
Damien Miller32aa1441999-10-29 09:15:49 +1000257.It Fl Q
258Do not print an error message if RSA support is missing.
Damien Miller95def091999-11-25 00:26:21 +1100259.It Fl V Ar client_protocol_id
Damien Miller874d77b2000-10-14 16:23:11 +1100260SSH-2 compatibility mode.
Damien Miller35dabd02000-05-01 21:10:33 +1000261When this option is specified
Damien Miller95def091999-11-25 00:26:21 +1100262.Nm
Damien Miller35dabd02000-05-01 21:10:33 +1000263assumes the client has sent the supplied version string
Damien Miller95def091999-11-25 00:26:21 +1100264and skips the
265Protocol Version Identification Exchange.
Damien Miller874d77b2000-10-14 16:23:11 +1100266This option is not intended to be called directly.
Damien Miller34132e52000-01-14 15:45:46 +1100267.It Fl 4
268Forces
269.Nm
270to use IPv4 addresses only.
271.It Fl 6
272Forces
273.Nm
274to use IPv6 addresses only.
Damien Miller32aa1441999-10-29 09:15:49 +1000275.El
276.Sh CONFIGURATION FILE
277.Nm
Damien Miller22c77262000-04-13 12:26:34 +1000278reads configuration data from
Damien Miller886c63a2000-01-20 23:13:36 +1100279.Pa /etc/sshd_config
Damien Miller32aa1441999-10-29 09:15:49 +1000280(or the file specified with
281.Fl f
Damien Miller450a7a12000-03-26 13:04:51 +1000282on the command line).
283The file contains keyword-value pairs, one per line.
284Lines starting with
Damien Miller32aa1441999-10-29 09:15:49 +1000285.Ql #
286and empty lines are interpreted as comments.
287.Pp
288The following keywords are possible.
289.Bl -tag -width Ds
290.It Cm AFSTokenPassing
Damien Miller450a7a12000-03-26 13:04:51 +1000291Specifies whether an AFS token may be forwarded to the server.
292Default is
Damien Miller32aa1441999-10-29 09:15:49 +1000293.Dq yes .
294.It Cm AllowGroups
295This keyword can be followed by a number of group names, separated
Damien Miller450a7a12000-03-26 13:04:51 +1000296by spaces.
297If specified, login is allowed only for users whose primary
Damien Miller32aa1441999-10-29 09:15:49 +1000298group matches one of the patterns.
299.Ql \&*
300and
301.Ql ?
302can be used as
Damien Miller450a7a12000-03-26 13:04:51 +1000303wildcards in the patterns.
Damien Miller942da032000-08-18 13:59:06 +1000304Only group names are valid; a numerical group ID isn't recognized.
Damien Miller450a7a12000-03-26 13:04:51 +1000305By default login is allowed regardless of the primary group.
Damien Miller32aa1441999-10-29 09:15:49 +1000306.Pp
Damien Miller50a41ed2000-10-16 12:14:42 +1100307.It Cm AllowTcpForwarding
308Specifies whether TCP forwarding is permitted.
309The default is
310.Dq yes .
311Note that disabling TCP forwarding does not improve security unless
312users are also denied shell access, as they can always install their
313own forwarders.
314.Pp
Damien Miller32aa1441999-10-29 09:15:49 +1000315.It Cm AllowUsers
316This keyword can be followed by a number of user names, separated
Damien Miller450a7a12000-03-26 13:04:51 +1000317by spaces.
318If specified, login is allowed only for users names that
Damien Miller32aa1441999-10-29 09:15:49 +1000319match one of the patterns.
320.Ql \&*
321and
322.Ql ?
323can be used as
Damien Miller450a7a12000-03-26 13:04:51 +1000324wildcards in the patterns.
Damien Miller942da032000-08-18 13:59:06 +1000325Only user names are valid; a numerical user ID isn't recognized.
Damien Miller450a7a12000-03-26 13:04:51 +1000326By default login is allowed regardless of the user name.
Damien Miller32aa1441999-10-29 09:15:49 +1000327.Pp
Damien Miller22c77262000-04-13 12:26:34 +1000328.It Cm Ciphers
329Specifies the ciphers allowed for protocol version 2.
330Multiple ciphers must be comma-separated.
331The default is
Damien Miller30c3d422000-05-09 11:02:59 +1000332.Dq 3des-cbc,blowfish-cbc,arcfour,cast128-cbc .
Damien Miller32aa1441999-10-29 09:15:49 +1000333.It Cm CheckMail
334Specifies whether
335.Nm
336should check for new mail for interactive logins.
337The default is
338.Dq no .
339.It Cm DenyGroups
340This keyword can be followed by a number of group names, separated
Damien Miller450a7a12000-03-26 13:04:51 +1000341by spaces.
342Users whose primary group matches one of the patterns
Damien Miller32aa1441999-10-29 09:15:49 +1000343aren't allowed to log in.
344.Ql \&*
345and
346.Ql ?
347can be used as
Damien Miller450a7a12000-03-26 13:04:51 +1000348wildcards in the patterns.
Damien Miller942da032000-08-18 13:59:06 +1000349Only group names are valid; a numerical group ID isn't recognized.
Damien Miller450a7a12000-03-26 13:04:51 +1000350By default login is allowed regardless of the primary group.
Damien Miller32aa1441999-10-29 09:15:49 +1000351.Pp
352.It Cm DenyUsers
353This keyword can be followed by a number of user names, separated
Damien Miller450a7a12000-03-26 13:04:51 +1000354by spaces.
355Login is disallowed for user names that match one of the patterns.
Damien Miller32aa1441999-10-29 09:15:49 +1000356.Ql \&*
357and
358.Ql ?
Damien Miller450a7a12000-03-26 13:04:51 +1000359can be used as wildcards in the patterns.
Damien Miller942da032000-08-18 13:59:06 +1000360Only user names are valid; a numerical user ID isn't recognized.
Damien Miller450a7a12000-03-26 13:04:51 +1000361By default login is allowed regardless of the user name.
Damien Miller0bc1bd82000-11-13 22:57:25 +1100362.It Cm PubkeyAuthentication
363Specifies whether public key authentication is allowed.
Damien Millere247cc42000-05-07 12:03:14 +1000364The default is
365.Dq yes .
366Note that this option applies to protocol version 2 only.
367.It Cm GatewayPorts
368Specifies whether remote hosts are allowed to connect to ports
369forwarded for the client.
370The argument must be
371.Dq yes
372or
373.Dq no .
374The default is
375.Dq no .
Damien Millere247cc42000-05-07 12:03:14 +1000376.It Cm HostKey
Damien Miller0bc1bd82000-11-13 22:57:25 +1100377Specifies the file containing the private host keys (default
Damien Millere247cc42000-05-07 12:03:14 +1000378.Pa /etc/ssh_host_key )
Damien Miller0bc1bd82000-11-13 22:57:25 +1100379used by SSH protocol versions 1 and 2.
Damien Millere247cc42000-05-07 12:03:14 +1000380Note that
381.Nm
Damien Miller0bc1bd82000-11-13 22:57:25 +1100382if this file is group/world-accessible.
383It is possible to have multiple host key files.
384.Dq rsa1
385keys are used for version 1 and
386.Dq dsa
387or
388.Dq rsa
389are used for version 2 of the SSH protocol.
Damien Miller32aa1441999-10-29 09:15:49 +1000390.It Cm IgnoreRhosts
Damien Miller98c7ad62000-03-09 21:27:49 +1100391Specifies that
392.Pa .rhosts
Damien Miller22c77262000-04-13 12:26:34 +1000393and
Damien Miller98c7ad62000-03-09 21:27:49 +1100394.Pa .shosts
395files will not be used in authentication.
Damien Miller32aa1441999-10-29 09:15:49 +1000396.Pa /etc/hosts.equiv
397and
Damien Miller22c77262000-04-13 12:26:34 +1000398.Pa /etc/shosts.equiv
Damien Miller450a7a12000-03-26 13:04:51 +1000399are still used.
Damien Miller22c77262000-04-13 12:26:34 +1000400The default is
Damien Miller98c7ad62000-03-09 21:27:49 +1100401.Dq yes .
Damien Miller32265091999-11-12 11:33:04 +1100402.It Cm IgnoreUserKnownHosts
403Specifies whether
404.Nm
405should ignore the user's
406.Pa $HOME/.ssh/known_hosts
407during
408.Cm RhostsRSAAuthentication .
409The default is
410.Dq no .
Damien Miller32aa1441999-10-29 09:15:49 +1000411.It Cm KeepAlive
412Specifies whether the system should send keepalive messages to the
Damien Miller450a7a12000-03-26 13:04:51 +1000413other side.
414If they are sent, death of the connection or crash of one
415of the machines will be properly noticed.
416However, this means that
Damien Miller32aa1441999-10-29 09:15:49 +1000417connections will die if the route is down temporarily, and some people
Damien Miller450a7a12000-03-26 13:04:51 +1000418find it annoying.
Damien Miller30c3d422000-05-09 11:02:59 +1000419On the other hand, if keepalives are not sent,
Damien Miller32aa1441999-10-29 09:15:49 +1000420sessions may hang indefinitely on the server, leaving
421.Dq ghost
422users and consuming server resources.
423.Pp
424The default is
425.Dq yes
426(to send keepalives), and the server will notice
Damien Miller450a7a12000-03-26 13:04:51 +1000427if the network goes down or the client host reboots.
428This avoids infinitely hanging sessions.
Damien Miller32aa1441999-10-29 09:15:49 +1000429.Pp
430To disable keepalives, the value should be set to
431.Dq no
432in both the server and the client configuration files.
433.It Cm KerberosAuthentication
Damien Miller450a7a12000-03-26 13:04:51 +1000434Specifies whether Kerberos authentication is allowed.
435This can be in the form of a Kerberos ticket, or if
Damien Miller32aa1441999-10-29 09:15:49 +1000436.Cm PasswordAuthentication
437is yes, the password provided by the user will be validated through
Damien Miller874d77b2000-10-14 16:23:11 +1100438the Kerberos KDC.
439To use this option, the server needs a
Damien Miller942da032000-08-18 13:59:06 +1000440Kerberos servtab which allows the verification of the KDC's identity.
Damien Miller450a7a12000-03-26 13:04:51 +1000441Default is
Damien Miller32aa1441999-10-29 09:15:49 +1000442.Dq yes .
443.It Cm KerberosOrLocalPasswd
444If set then if password authentication through Kerberos fails then
445the password will be validated via any additional local mechanism
446such as
Damien Miller62cee002000-09-23 17:15:56 +1100447.Pa /etc/passwd .
Damien Miller450a7a12000-03-26 13:04:51 +1000448Default is
Damien Miller32aa1441999-10-29 09:15:49 +1000449.Dq yes .
450.It Cm KerberosTgtPassing
451Specifies whether a Kerberos TGT may be forwarded to the server.
Damien Miller22c77262000-04-13 12:26:34 +1000452Default is
Damien Miller32aa1441999-10-29 09:15:49 +1000453.Dq no ,
454as this only works when the Kerberos KDC is actually an AFS kaserver.
455.It Cm KerberosTicketCleanup
456Specifies whether to automatically destroy the user's ticket cache
Damien Miller450a7a12000-03-26 13:04:51 +1000457file on logout.
458Default is
Damien Miller32aa1441999-10-29 09:15:49 +1000459.Dq yes .
460.It Cm KeyRegenerationInterval
461The server key is automatically regenerated after this many seconds
Damien Miller450a7a12000-03-26 13:04:51 +1000462(if it has been used).
463The purpose of regeneration is to prevent
Damien Miller32aa1441999-10-29 09:15:49 +1000464decrypting captured sessions by later breaking into the machine and
Damien Miller450a7a12000-03-26 13:04:51 +1000465stealing the keys.
466The key is never stored anywhere.
467If the value is 0, the key is never regenerated.
468The default is 3600 (seconds).
Damien Miller32aa1441999-10-29 09:15:49 +1000469.It Cm ListenAddress
470Specifies what local address
471.Nm
472should listen on.
473The default is to listen to all local addresses.
Damien Miller34132e52000-01-14 15:45:46 +1100474Multiple options of this type are permitted.
475Additionally, the
476.Cm Ports
477options must precede this option.
Damien Miller32aa1441999-10-29 09:15:49 +1000478.It Cm LoginGraceTime
479The server disconnects after this time if the user has not
Damien Miller450a7a12000-03-26 13:04:51 +1000480successfully logged in.
481If the value is 0, there is no time limit.
Damien Miller32aa1441999-10-29 09:15:49 +1000482The default is 600 (seconds).
Damien Miller5ce662a1999-11-11 17:57:39 +1100483.It Cm LogLevel
484Gives the verbosity level that is used when logging messages from
485.Nm sshd .
486The possible values are:
Damien Miller95def091999-11-25 00:26:21 +1100487QUIET, FATAL, ERROR, INFO, VERBOSE and DEBUG.
Damien Miller5ce662a1999-11-11 17:57:39 +1100488The default is INFO.
489Logging with level DEBUG violates the privacy of users
490and is not recommended.
Damien Miller37023962000-07-11 17:31:38 +1000491.It Cm MaxStartups
492Specifies the maximum number of concurrent unauthenticated connections to the
493.Nm
494daemon.
495Additional connections will be dropped until authentication succeeds or the
496.Cm LoginGraceTime
497expires for a connection.
498The default is 10.
Damien Miller942da032000-08-18 13:59:06 +1000499.Pp
500Alternatively, random early drop can be enabled by specifying
501the three colon separated values
502.Dq start:rate:full
Damien Miller874d77b2000-10-14 16:23:11 +1100503(e.g., "10:30:60").
Damien Miller942da032000-08-18 13:59:06 +1000504.Nm
505will refuse connection attempts with a probabillity of
506.Dq rate/100
507(30%)
508if there are currently
509.Dq start
510(10)
511unauthenticated connections.
512The probabillity increases linearly and all connection attempts
513are refused if the number of unauthenticated connections reaches
514.Dq full
515(60).
Damien Miller32aa1441999-10-29 09:15:49 +1000516.It Cm PasswordAuthentication
517Specifies whether password authentication is allowed.
518The default is
519.Dq yes .
Damien Miller942da032000-08-18 13:59:06 +1000520Note that this option applies to both protocol versions 1 and 2.
Damien Miller32aa1441999-10-29 09:15:49 +1000521.It Cm PermitEmptyPasswords
522When password authentication is allowed, it specifies whether the
Damien Miller450a7a12000-03-26 13:04:51 +1000523server allows login to accounts with empty password strings.
524The default is
Damien Miller98c7ad62000-03-09 21:27:49 +1100525.Dq no .
Damien Miller32aa1441999-10-29 09:15:49 +1000526.It Cm PermitRootLogin
527Specifies whether the root can log in using
528.Xr ssh 1 .
529The argument must be
530.Dq yes ,
531.Dq without-password
532or
533.Dq no .
534The default is
535.Dq yes .
536If this options is set to
537.Dq without-password
538only password authentication is disabled for root.
539.Pp
540Root login with RSA authentication when the
541.Ar command
542option has been
543specified will be allowed regardless of the value of this setting
544(which may be useful for taking remote backups even if root login is
545normally not allowed).
Damien Miller6f83b8e2000-05-02 09:23:45 +1000546.It Cm PidFile
547Specifies the file that contains the process identifier of the
548.Nm
549daemon.
550The default is
551.Pa /var/run/sshd.pid .
Damien Miller32aa1441999-10-29 09:15:49 +1000552.It Cm Port
553Specifies the port number that
554.Nm
Damien Miller450a7a12000-03-26 13:04:51 +1000555listens on.
556The default is 22.
Damien Miller34132e52000-01-14 15:45:46 +1100557Multiple options of this type are permitted.
Damien Miller32aa1441999-10-29 09:15:49 +1000558.It Cm PrintMotd
559Specifies whether
560.Nm
Damien Miller22c77262000-04-13 12:26:34 +1000561should print
Damien Miller32aa1441999-10-29 09:15:49 +1000562.Pa /etc/motd
Damien Miller450a7a12000-03-26 13:04:51 +1000563when a user logs in interactively.
564(On some systems it is also printed by the shell,
Damien Miller32aa1441999-10-29 09:15:49 +1000565.Pa /etc/profile ,
Damien Miller450a7a12000-03-26 13:04:51 +1000566or equivalent.)
567The default is
Damien Miller32aa1441999-10-29 09:15:49 +1000568.Dq yes .
Damien Miller22c77262000-04-13 12:26:34 +1000569.It Cm Protocol
570Specifies the protocol versions
571.Nm
572should support.
573The possible values are
574.Dq 1
575and
576.Dq 2 .
577Multiple versions must be comma-separated.
578The default is
579.Dq 1 .
Damien Miller32aa1441999-10-29 09:15:49 +1000580.It Cm RandomSeed
Damien Miller450a7a12000-03-26 13:04:51 +1000581Obsolete.
582Random number generation uses other techniques.
Damien Miller32aa1441999-10-29 09:15:49 +1000583.It Cm RhostsAuthentication
584Specifies whether authentication using rhosts or /etc/hosts.equiv
Damien Miller450a7a12000-03-26 13:04:51 +1000585files is sufficient.
586Normally, this method should not be permitted because it is insecure.
Damien Miller32aa1441999-10-29 09:15:49 +1000587.Cm RhostsRSAAuthentication
588should be used
589instead, because it performs RSA-based host authentication in addition
590to normal rhosts or /etc/hosts.equiv authentication.
591The default is
592.Dq no .
593.It Cm RhostsRSAAuthentication
594Specifies whether rhosts or /etc/hosts.equiv authentication together
Damien Miller450a7a12000-03-26 13:04:51 +1000595with successful RSA host authentication is allowed.
596The default is
Damien Miller98c7ad62000-03-09 21:27:49 +1100597.Dq no .
Damien Miller32aa1441999-10-29 09:15:49 +1000598.It Cm RSAAuthentication
Damien Miller450a7a12000-03-26 13:04:51 +1000599Specifies whether pure RSA authentication is allowed.
600The default is
Damien Miller32aa1441999-10-29 09:15:49 +1000601.Dq yes .
Damien Millere247cc42000-05-07 12:03:14 +1000602Note that this option applies to protocol version 1 only.
Damien Miller32aa1441999-10-29 09:15:49 +1000603.It Cm ServerKeyBits
Damien Miller450a7a12000-03-26 13:04:51 +1000604Defines the number of bits in the server key.
605The minimum value is 512, and the default is 768.
Damien Miller32aa1441999-10-29 09:15:49 +1000606.It Cm SkeyAuthentication
607Specifies whether
Damien Miller22c77262000-04-13 12:26:34 +1000608.Xr skey 1
Damien Miller450a7a12000-03-26 13:04:51 +1000609authentication is allowed.
610The default is
Damien Miller32aa1441999-10-29 09:15:49 +1000611.Dq yes .
612Note that s/key authentication is enabled only if
613.Cm PasswordAuthentication
614is allowed, too.
615.It Cm StrictModes
616Specifies whether
617.Nm
618should check file modes and ownership of the
Damien Miller450a7a12000-03-26 13:04:51 +1000619user's files and home directory before accepting login.
620This is normally desirable because novices sometimes accidentally leave their
621directory or files world-writable.
622The default is
Damien Miller32aa1441999-10-29 09:15:49 +1000623.Dq yes .
Damien Millerf6d9e222000-06-18 14:50:44 +1000624.It Cm Subsystem
Damien Miller874d77b2000-10-14 16:23:11 +1100625Configures an external subsystem (e.g., file transfer daemon).
626Arguments should be a subsystem name and a command to execute upon subsystem
627request.
Damien Miller7b28dc52000-09-05 13:34:53 +1100628The command
629.Xr sftp-server 8
630implements the
631.Dq sftp
632file transfer subsystem.
Damien Millerf6d9e222000-06-18 14:50:44 +1000633By default no subsystems are defined.
634Note that this option applies to protocol version 2 only.
Damien Miller32aa1441999-10-29 09:15:49 +1000635.It Cm SyslogFacility
636Gives the facility code that is used when logging messages from
637.Nm sshd .
638The possible values are: DAEMON, USER, AUTH, LOCAL0, LOCAL1, LOCAL2,
Damien Miller450a7a12000-03-26 13:04:51 +1000639LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7.
640The default is AUTH.
Damien Miller32aa1441999-10-29 09:15:49 +1000641.It Cm UseLogin
642Specifies whether
643.Xr login 1
Damien Millerd3a18572000-06-07 19:55:44 +1000644is used for interactive login sessions.
645Note that
646.Xr login 1
Damien Miller942da032000-08-18 13:59:06 +1000647is never used for remote command execution.
Damien Miller450a7a12000-03-26 13:04:51 +1000648The default is
Damien Miller32aa1441999-10-29 09:15:49 +1000649.Dq no .
Damien Miller32aa1441999-10-29 09:15:49 +1000650.It Cm X11DisplayOffset
651Specifies the first display number available for
652.Nm sshd Ns 's
Damien Miller450a7a12000-03-26 13:04:51 +1000653X11 forwarding.
654This prevents
Damien Miller32aa1441999-10-29 09:15:49 +1000655.Nm
656from interfering with real X11 servers.
Damien Miller98c7ad62000-03-09 21:27:49 +1100657The default is 10.
Damien Miller396691a2000-01-20 22:44:08 +1100658.It Cm X11Forwarding
Damien Miller450a7a12000-03-26 13:04:51 +1000659Specifies whether X11 forwarding is permitted.
660The default is
Damien Miller98c7ad62000-03-09 21:27:49 +1100661.Dq no .
Damien Miller396691a2000-01-20 22:44:08 +1100662Note that disabling X11 forwarding does not improve security in any
663way, as users can always install their own forwarders.
Damien Millerd3a18572000-06-07 19:55:44 +1000664.It Cm XAuthLocation
665Specifies the location of the
666.Xr xauth 1
667program.
668The default is
669.Pa /usr/X11R6/bin/xauth .
Damien Miller32aa1441999-10-29 09:15:49 +1000670.El
671.Sh LOGIN PROCESS
672When a user successfully logs in,
673.Nm
674does the following:
675.Bl -enum -offset indent
676.It
677If the login is on a tty, and no command has been specified,
Damien Miller22c77262000-04-13 12:26:34 +1000678prints last login time and
Damien Miller32aa1441999-10-29 09:15:49 +1000679.Pa /etc/motd
680(unless prevented in the configuration file or by
681.Pa $HOME/.hushlogin ;
682see the
Damien Miller22c77262000-04-13 12:26:34 +1000683.Sx FILES
Damien Miller32aa1441999-10-29 09:15:49 +1000684section).
685.It
686If the login is on a tty, records login time.
687.It
688Checks
689.Pa /etc/nologin ;
690if it exists, prints contents and quits
691(unless root).
692.It
693Changes to run with normal user privileges.
694.It
695Sets up basic environment.
696.It
697Reads
698.Pa $HOME/.ssh/environment
699if it exists.
700.It
701Changes to user's home directory.
702.It
703If
704.Pa $HOME/.ssh/rc
705exists, runs it; else if
Damien Miller886c63a2000-01-20 23:13:36 +1100706.Pa /etc/sshrc
Damien Miller32aa1441999-10-29 09:15:49 +1000707exists, runs
Damien Miller450a7a12000-03-26 13:04:51 +1000708it; otherwise runs xauth.
709The
Damien Miller32aa1441999-10-29 09:15:49 +1000710.Dq rc
711files are given the X11
712authentication protocol and cookie in standard input.
713.It
714Runs user's shell or command.
715.El
716.Sh AUTHORIZED_KEYS FILE FORMAT
Damien Miller22c77262000-04-13 12:26:34 +1000717The
Damien Miller32aa1441999-10-29 09:15:49 +1000718.Pa $HOME/.ssh/authorized_keys
719file lists the RSA keys that are
Damien Millere247cc42000-05-07 12:03:14 +1000720permitted for RSA authentication in SSH protocols 1.3 and 1.5
Damien Miller30c3d422000-05-09 11:02:59 +1000721Similarly, the
Damien Millere247cc42000-05-07 12:03:14 +1000722.Pa $HOME/.ssh/authorized_keys2
723file lists the DSA keys that are
724permitted for DSA authentication in SSH protocol 2.0.
Damien Miller450a7a12000-03-26 13:04:51 +1000725Each line of the file contains one
Damien Miller32aa1441999-10-29 09:15:49 +1000726key (empty lines and lines starting with a
727.Ql #
728are ignored as
Damien Miller450a7a12000-03-26 13:04:51 +1000729comments).
730Each line consists of the following fields, separated by
731spaces: options, bits, exponent, modulus, comment.
732The options field
Damien Miller32aa1441999-10-29 09:15:49 +1000733is optional; its presence is determined by whether the line starts
734with a number or not (the option field never starts with a number).
735The bits, exponent, modulus and comment fields give the RSA key; the
736comment field is not used for anything (but may be convenient for the
737user to identify the key).
738.Pp
739Note that lines in this file are usually several hundred bytes long
Damien Miller450a7a12000-03-26 13:04:51 +1000740(because of the size of the RSA key modulus).
741You don't want to type them in; instead, copy the
Damien Miller32aa1441999-10-29 09:15:49 +1000742.Pa identity.pub
743file and edit it.
744.Pp
Damien Miller942da032000-08-18 13:59:06 +1000745The options (if present) consist of comma-separated option
Damien Miller450a7a12000-03-26 13:04:51 +1000746specifications.
747No spaces are permitted, except within double quotes.
Damien Miller32aa1441999-10-29 09:15:49 +1000748The following option specifications are supported:
749.Bl -tag -width Ds
750.It Cm from="pattern-list"
751Specifies that in addition to RSA authentication, the canonical name
752of the remote host must be present in the comma-separated list of
Damien Miller450a7a12000-03-26 13:04:51 +1000753patterns
754.Pf ( Ql *
755and
756.Ql ?
757serve as wildcards).
758The list may also contain
759patterns negated by prefixing them with
760.Ql ! ;
761if the canonical host name matches a negated pattern, the key is not accepted.
762The purpose
Damien Miller32aa1441999-10-29 09:15:49 +1000763of this option is to optionally increase security: RSA authentication
764by itself does not trust the network or name servers or anything (but
765the key); however, if somebody somehow steals the key, the key
Damien Miller450a7a12000-03-26 13:04:51 +1000766permits an intruder to log in from anywhere in the world.
767This additional option makes using a stolen key more difficult (name
Damien Miller32aa1441999-10-29 09:15:49 +1000768servers and/or routers would have to be compromised in addition to
769just the key).
770.It Cm command="command"
771Specifies that the command is executed whenever this key is used for
Damien Miller450a7a12000-03-26 13:04:51 +1000772authentication.
773The command supplied by the user (if any) is ignored.
Damien Miller32aa1441999-10-29 09:15:49 +1000774The command is run on a pty if the connection requests a pty;
Damien Miller450a7a12000-03-26 13:04:51 +1000775otherwise it is run without a tty.
776A quote may be included in the command by quoting it with a backslash.
777This option might be useful
778to restrict certain RSA keys to perform just a specific operation.
779An example might be a key that permits remote backups but nothing else.
Damien Miller30c3d422000-05-09 11:02:59 +1000780Note that the client may specify TCP/IP and/or X11
781forwarding unless they are explicitly prohibited.
Damien Miller32aa1441999-10-29 09:15:49 +1000782.It Cm environment="NAME=value"
783Specifies that the string is to be added to the environment when
Damien Miller450a7a12000-03-26 13:04:51 +1000784logging in using this key.
785Environment variables set this way
786override other default environment values.
787Multiple options of this type are permitted.
Damien Miller32aa1441999-10-29 09:15:49 +1000788.It Cm no-port-forwarding
789Forbids TCP/IP forwarding when this key is used for authentication.
Damien Miller450a7a12000-03-26 13:04:51 +1000790Any port forward requests by the client will return an error.
791This might be used, e.g., in connection with the
Damien Miller32aa1441999-10-29 09:15:49 +1000792.Cm command
793option.
794.It Cm no-X11-forwarding
795Forbids X11 forwarding when this key is used for authentication.
796Any X11 forward requests by the client will return an error.
797.It Cm no-agent-forwarding
798Forbids authentication agent forwarding when this key is used for
799authentication.
800.It Cm no-pty
801Prevents tty allocation (a request to allocate a pty will fail).
802.El
803.Ss Examples
8041024 33 12121.\|.\|.\|312314325 ylo@foo.bar
805.Pp
806from="*.niksula.hut.fi,!pc.niksula.hut.fi" 1024 35 23.\|.\|.\|2334 ylo@niksula
807.Pp
808command="dump /home",no-pty,no-port-forwarding 1024 33 23.\|.\|.\|2323 backup.hut.fi
809.Sh SSH_KNOWN_HOSTS FILE FORMAT
Damien Miller22c77262000-04-13 12:26:34 +1000810The
Damien Millere247cc42000-05-07 12:03:14 +1000811.Pa /etc/ssh_known_hosts ,
812.Pa /etc/ssh_known_hosts2 ,
813.Pa $HOME/.ssh/known_hosts ,
Damien Miller22c77262000-04-13 12:26:34 +1000814and
Damien Millere247cc42000-05-07 12:03:14 +1000815.Pa $HOME/.ssh/known_hosts2
Damien Miller450a7a12000-03-26 13:04:51 +1000816files contain host public keys for all known hosts.
817The global file should
818be prepared by the administrator (optional), and the per-user file is
Damien Miller942da032000-08-18 13:59:06 +1000819maintained automatically: whenever the user connects from an unknown host
Damien Miller450a7a12000-03-26 13:04:51 +1000820its key is added to the per-user file.
Damien Miller32aa1441999-10-29 09:15:49 +1000821.Pp
822Each line in these files contains the following fields: hostnames,
Damien Miller450a7a12000-03-26 13:04:51 +1000823bits, exponent, modulus, comment.
824The fields are separated by spaces.
Damien Miller32aa1441999-10-29 09:15:49 +1000825.Pp
826Hostnames is a comma-separated list of patterns ('*' and '?' act as
827wildcards); each pattern in turn is matched against the canonical host
828name (when authenticating a client) or against the user-supplied
Damien Miller450a7a12000-03-26 13:04:51 +1000829name (when authenticating a server).
830A pattern may also be preceded by
Damien Miller32aa1441999-10-29 09:15:49 +1000831.Ql !
832to indicate negation: if the host name matches a negated
833pattern, it is not accepted (by that line) even if it matched another
834pattern on the line.
835.Pp
Damien Millere247cc42000-05-07 12:03:14 +1000836Bits, exponent, and modulus are taken directly from the RSA host key; they
Damien Miller32aa1441999-10-29 09:15:49 +1000837can be obtained, e.g., from
Damien Miller886c63a2000-01-20 23:13:36 +1100838.Pa /etc/ssh_host_key.pub .
Damien Miller32aa1441999-10-29 09:15:49 +1000839The optional comment field continues to the end of the line, and is not used.
840.Pp
841Lines starting with
842.Ql #
843and empty lines are ignored as comments.
844.Pp
845When performing host authentication, authentication is accepted if any
Damien Miller450a7a12000-03-26 13:04:51 +1000846matching line has the proper key.
847It is thus permissible (but not
Damien Miller32aa1441999-10-29 09:15:49 +1000848recommended) to have several lines or different host keys for the same
Damien Miller450a7a12000-03-26 13:04:51 +1000849names.
850This will inevitably happen when short forms of host names
851from different domains are put in the file.
852It is possible
Damien Miller32aa1441999-10-29 09:15:49 +1000853that the files contain conflicting information; authentication is
854accepted if valid information can be found from either file.
855.Pp
856Note that the lines in these files are typically hundreds of characters
857long, and you definitely don't want to type in the host keys by hand.
858Rather, generate them by a script
Damien Miller22c77262000-04-13 12:26:34 +1000859or by taking
Damien Miller886c63a2000-01-20 23:13:36 +1100860.Pa /etc/ssh_host_key.pub
Damien Miller32aa1441999-10-29 09:15:49 +1000861and adding the host names at the front.
862.Ss Examples
863closenet,closenet.hut.fi,.\|.\|.\|,130.233.208.41 1024 37 159.\|.\|.93 closenet.hut.fi
864.Sh FILES
865.Bl -tag -width Ds
Damien Miller886c63a2000-01-20 23:13:36 +1100866.It Pa /etc/sshd_config
Damien Miller32aa1441999-10-29 09:15:49 +1000867Contains configuration data for
868.Nm sshd .
869This file should be writable by root only, but it is recommended
870(though not necessary) that it be world-readable.
Damien Miller886c63a2000-01-20 23:13:36 +1100871.It Pa /etc/ssh_host_key
Damien Miller32aa1441999-10-29 09:15:49 +1000872Contains the private part of the host key.
873This file should only be owned by root, readable only by root, and not
874accessible to others.
875Note that
876.Nm
877does not start if this file is group/world-accessible.
Damien Miller886c63a2000-01-20 23:13:36 +1100878.It Pa /etc/ssh_host_key.pub
Damien Miller32aa1441999-10-29 09:15:49 +1000879Contains the public part of the host key.
880This file should be world-readable but writable only by
Damien Miller450a7a12000-03-26 13:04:51 +1000881root.
882Its contents should match the private part.
883This file is not
Damien Miller32aa1441999-10-29 09:15:49 +1000884really used for anything; it is only provided for the convenience of
885the user so its contents can be copied to known hosts files.
886These two files are created using
887.Xr ssh-keygen 1 .
Damien Millere39cacc2000-11-29 12:18:44 +1100888.It Pa /etc/primes
889Contains Diffie-Hellman groups used for the "Diffie-Hellman Group Exchange".
Damien Miller886c63a2000-01-20 23:13:36 +1100890.It Pa /var/run/sshd.pid
Damien Miller32aa1441999-10-29 09:15:49 +1000891Contains the process ID of the
892.Nm
893listening for connections (if there are several daemons running
894concurrently for different ports, this contains the pid of the one
Damien Miller450a7a12000-03-26 13:04:51 +1000895started last).
Damien Miller942da032000-08-18 13:59:06 +1000896The content of this file is not sensitive; it can be world-readable.
Damien Miller32aa1441999-10-29 09:15:49 +1000897.It Pa $HOME/.ssh/authorized_keys
898Lists the RSA keys that can be used to log into the user's account.
899This file must be readable by root (which may on some machines imply
900it being world-readable if the user's home directory resides on an NFS
Damien Miller450a7a12000-03-26 13:04:51 +1000901volume).
902It is recommended that it not be accessible by others.
903The format of this file is described above.
Damien Millere247cc42000-05-07 12:03:14 +1000904Users will place the contents of their
905.Pa identity.pub
906files into this file, as described in
907.Xr ssh-keygen 1 .
908.It Pa $HOME/.ssh/authorized_keys2
909Lists the DSA keys that can be used to log into the user's account.
910This file must be readable by root (which may on some machines imply
911it being world-readable if the user's home directory resides on an NFS
912volume).
913It is recommended that it not be accessible by others.
914The format of this file is described above.
915Users will place the contents of their
916.Pa id_dsa.pub
917files into this file, as described in
918.Xr ssh-keygen 1 .
Damien Miller886c63a2000-01-20 23:13:36 +1100919.It Pa "/etc/ssh_known_hosts" and "$HOME/.ssh/known_hosts"
Damien Miller5ce662a1999-11-11 17:57:39 +1100920These files are consulted when using rhosts with RSA host
Damien Miller450a7a12000-03-26 13:04:51 +1000921authentication to check the public key of the host.
922The key must be listed in one of these files to be accepted.
Damien Miller33e511e1999-11-11 11:43:13 +1100923The client uses the same files
Damien Miller942da032000-08-18 13:59:06 +1000924to verify that the remote host is the one it intended to connect.
Damien Miller450a7a12000-03-26 13:04:51 +1000925These files should be writable only by root/the owner.
Damien Miller886c63a2000-01-20 23:13:36 +1100926.Pa /etc/ssh_known_hosts
Damien Miller32aa1441999-10-29 09:15:49 +1000927should be world-readable, and
928.Pa $HOME/.ssh/known_hosts
929can but need not be world-readable.
930.It Pa /etc/nologin
Damien Miller22c77262000-04-13 12:26:34 +1000931If this file exists,
Damien Miller32aa1441999-10-29 09:15:49 +1000932.Nm
Damien Miller450a7a12000-03-26 13:04:51 +1000933refuses to let anyone except root log in.
934The contents of the file
Damien Miller32aa1441999-10-29 09:15:49 +1000935are displayed to anyone trying to log in, and non-root connections are
Damien Miller450a7a12000-03-26 13:04:51 +1000936refused.
937The file should be world-readable.
Damien Miller32aa1441999-10-29 09:15:49 +1000938.It Pa /etc/hosts.allow, /etc/hosts.deny
939If compiled with
940.Sy LIBWRAP
941support, tcp-wrappers access controls may be defined here as described in
942.Xr hosts_access 5 .
943.It Pa $HOME/.rhosts
944This file contains host-username pairs, separated by a space, one per
Damien Miller450a7a12000-03-26 13:04:51 +1000945line.
946The given user on the corresponding host is permitted to log in
947without password.
948The same file is used by rlogind and rshd.
Damien Miller32aa1441999-10-29 09:15:49 +1000949The file must
950be writable only by the user; it is recommended that it not be
951accessible by others.
952.Pp
Damien Miller450a7a12000-03-26 13:04:51 +1000953If is also possible to use netgroups in the file.
954Either host or user
Damien Miller32aa1441999-10-29 09:15:49 +1000955name may be of the form +@groupname to specify all hosts or all users
956in the group.
957.It Pa $HOME/.shosts
958For ssh,
959this file is exactly the same as for
960.Pa .rhosts .
961However, this file is
962not used by rlogin and rshd, so using this permits access using SSH only.
Damien Miller942da032000-08-18 13:59:06 +1000963.It Pa /etc/hosts.equiv
Damien Miller32aa1441999-10-29 09:15:49 +1000964This file is used during
965.Pa .rhosts
Damien Miller450a7a12000-03-26 13:04:51 +1000966authentication.
967In the simplest form, this file contains host names, one per line.
968Users on
Damien Miller32aa1441999-10-29 09:15:49 +1000969those hosts are permitted to log in without a password, provided they
Damien Miller450a7a12000-03-26 13:04:51 +1000970have the same user name on both machines.
971The host name may also be
Damien Miller32aa1441999-10-29 09:15:49 +1000972followed by a user name; such users are permitted to log in as
973.Em any
Damien Miller450a7a12000-03-26 13:04:51 +1000974user on this machine (except root).
975Additionally, the syntax
Damien Miller32aa1441999-10-29 09:15:49 +1000976.Dq +@group
Damien Miller450a7a12000-03-26 13:04:51 +1000977can be used to specify netgroups.
978Negated entries start with
Damien Miller32aa1441999-10-29 09:15:49 +1000979.Ql \&- .
980.Pp
981If the client host/user is successfully matched in this file, login is
982automatically permitted provided the client and server user names are the
Damien Miller450a7a12000-03-26 13:04:51 +1000983same.
984Additionally, successful RSA host authentication is normally required.
985This file must be writable only by root; it is recommended
Damien Miller32aa1441999-10-29 09:15:49 +1000986that it be world-readable.
987.Pp
988.Sy "Warning: It is almost never a good idea to use user names in"
989.Pa hosts.equiv .
990Beware that it really means that the named user(s) can log in as
991.Em anybody ,
992which includes bin, daemon, adm, and other accounts that own critical
Damien Miller450a7a12000-03-26 13:04:51 +1000993binaries and directories.
994Using a user name practically grants the user root access.
995The only valid use for user names that I can think
Damien Miller32aa1441999-10-29 09:15:49 +1000996of is in negative entries.
997.Pp
998Note that this warning also applies to rsh/rlogin.
Damien Miller886c63a2000-01-20 23:13:36 +1100999.It Pa /etc/shosts.equiv
Damien Miller32aa1441999-10-29 09:15:49 +10001000This is processed exactly as
1001.Pa /etc/hosts.equiv .
1002However, this file may be useful in environments that want to run both
1003rsh/rlogin and ssh.
1004.It Pa $HOME/.ssh/environment
Damien Miller450a7a12000-03-26 13:04:51 +10001005This file is read into the environment at login (if it exists).
1006It can only contain empty lines, comment lines (that start with
Damien Miller32aa1441999-10-29 09:15:49 +10001007.Ql # ) ,
Damien Miller450a7a12000-03-26 13:04:51 +10001008and assignment lines of the form name=value.
1009The file should be writable
Damien Miller32aa1441999-10-29 09:15:49 +10001010only by the user; it need not be readable by anyone else.
1011.It Pa $HOME/.ssh/rc
1012If this file exists, it is run with /bin/sh after reading the
Damien Miller450a7a12000-03-26 13:04:51 +10001013environment files but before starting the user's shell or command.
1014If X11 spoofing is in use, this will receive the "proto cookie" pair in
Damien Miller32aa1441999-10-29 09:15:49 +10001015standard input (and
1016.Ev DISPLAY
Damien Miller450a7a12000-03-26 13:04:51 +10001017in environment).
1018This must call
Damien Miller32aa1441999-10-29 09:15:49 +10001019.Xr xauth 1
1020in that case.
1021.Pp
1022The primary purpose of this file is to run any initialization routines
1023which may be needed before the user's home directory becomes
1024accessible; AFS is a particular example of such an environment.
1025.Pp
1026This file will probably contain some initialization code followed by
1027something similar to: "if read proto cookie; then echo add $DISPLAY
1028$proto $cookie | xauth -q -; fi".
1029.Pp
1030If this file does not exist,
Damien Miller886c63a2000-01-20 23:13:36 +11001031.Pa /etc/sshrc
Damien Miller32aa1441999-10-29 09:15:49 +10001032is run, and if that
1033does not exist either, xauth is used to store the cookie.
1034.Pp
1035This file should be writable only by the user, and need not be
1036readable by anyone else.
Damien Miller886c63a2000-01-20 23:13:36 +11001037.It Pa /etc/sshrc
Damien Miller32aa1441999-10-29 09:15:49 +10001038Like
1039.Pa $HOME/.ssh/rc .
1040This can be used to specify
Damien Miller450a7a12000-03-26 13:04:51 +10001041machine-specific login-time initializations globally.
1042This file should be writable only by root, and should be world-readable.
Damien Miller37023962000-07-11 17:31:38 +10001043.El
Damien Miller0bc1bd82000-11-13 22:57:25 +11001044.Sh AUTHORS
Damien Miller32aa1441999-10-29 09:15:49 +10001045OpenSSH
Damien Miller98c7ad62000-03-09 21:27:49 +11001046is a derivative of the original (free) ssh 1.2.12 release by Tatu Ylonen,
Damien Miller450a7a12000-03-26 13:04:51 +10001047but with bugs removed and newer features re-added.
1048Rapidly after the
Damien Miller98c7ad62000-03-09 21:27:49 +110010491.2.12 release, newer versions of the original ssh bore successively
1050more restrictive licenses, and thus demand for a free version was born.
Damien Millere247cc42000-05-07 12:03:14 +10001051.Pp
Damien Miller98c7ad62000-03-09 21:27:49 +11001052This version of OpenSSH
Damien Miller32aa1441999-10-29 09:15:49 +10001053.Bl -bullet
1054.It
Damien Millere4340be2000-09-16 13:29:08 +11001055has all components of a restrictive nature (i.e., patents, see
1056.Xr crypto 3 )
Damien Miller32aa1441999-10-29 09:15:49 +10001057directly removed from the source code; any licensed or patented components
1058are chosen from
1059external libraries.
1060.It
Damien Millere247cc42000-05-07 12:03:14 +10001061has been updated to support SSH protocol 1.5 and 2, making it compatible with
1062all other SSH clients and servers.
Damien Miller32aa1441999-10-29 09:15:49 +10001063.It
Damien Miller22c77262000-04-13 12:26:34 +10001064contains added support for
Damien Miller32aa1441999-10-29 09:15:49 +10001065.Xr kerberos 8
1066authentication and ticket passing.
1067.It
1068supports one-time password authentication with
1069.Xr skey 1 .
1070.El
Damien Millere247cc42000-05-07 12:03:14 +10001071.Pp
1072OpenSSH has been created by Aaron Campbell, Bob Beck, Markus Friedl,
1073Niels Provos, Theo de Raadt, and Dug Song.
1074.Pp
1075The support for SSH protocol 2 was written by Markus Friedl.
Damien Miller32aa1441999-10-29 09:15:49 +10001076.Sh SEE ALSO
Damien Miller32aa1441999-10-29 09:15:49 +10001077.Xr scp 1 ,
Damien Miller7b28dc52000-09-05 13:34:53 +11001078.Xr sftp-server 8 ,
Damien Miller32aa1441999-10-29 09:15:49 +10001079.Xr ssh 1 ,
1080.Xr ssh-add 1 ,
1081.Xr ssh-agent 1 ,
1082.Xr ssh-keygen 1 ,
Damien Millere4340be2000-09-16 13:29:08 +11001083.Xr crypto 3 ,
Damien Millerb38eff82000-04-01 11:09:21 +10001084.Xr rlogin 1 ,
1085.Xr rsh 1