blob: 1aad0fc88680ced1c6d29c4dccd5ee6fc16c125e [file] [log] [blame]
Damien Miller32aa1441999-10-29 09:15:49 +10001.\" -*- nroff -*-
2.\"
Damien Miller32aa1441999-10-29 09:15:49 +10003.\" Author: Tatu Ylonen <ylo@cs.hut.fi>
Damien Miller32aa1441999-10-29 09:15:49 +10004.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
5.\" All rights reserved
6.\"
Damien Millere4340be2000-09-16 13:29:08 +11007.\" As far as I am concerned, the code I have written for this software
8.\" can be used freely for any purpose. Any derived versions of this
9.\" software must be clearly marked as such, and if the derived work is
10.\" incompatible with the protocol description in the RFC file, it must be
11.\" called by a name other than "ssh" or "Secure Shell".
Damien Miller32aa1441999-10-29 09:15:49 +100012.\"
Damien Millere4340be2000-09-16 13:29:08 +110013.\" Copyright (c) 1999,2000 Markus Friedl. All rights reserved.
14.\" Copyright (c) 1999 Aaron Campbell. All rights reserved.
15.\" Copyright (c) 1999 Theo de Raadt. All rights reserved.
16.\"
17.\" Redistribution and use in source and binary forms, with or without
18.\" modification, are permitted provided that the following conditions
19.\" are met:
20.\" 1. Redistributions of source code must retain the above copyright
21.\" notice, this list of conditions and the following disclaimer.
22.\" 2. Redistributions in binary form must reproduce the above copyright
23.\" notice, this list of conditions and the following disclaimer in the
24.\" documentation and/or other materials provided with the distribution.
25.\"
26.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
27.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
28.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
29.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
30.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
31.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
32.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
33.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
34.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
35.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
Damien Miller32aa1441999-10-29 09:15:49 +100036.\"
Ben Lindstroma7333502001-01-29 08:44:03 +000037.\" $OpenBSD: sshd.8,v 1.86 2001/01/28 20:43:25 stevesk Exp $
Damien Miller32aa1441999-10-29 09:15:49 +100038.Dd September 25, 1999
39.Dt SSHD 8
40.Os
41.Sh NAME
42.Nm sshd
43.Nd secure shell daemon
44.Sh SYNOPSIS
45.Nm sshd
Ben Lindstromc12a6b72001-01-29 08:41:05 +000046.Op Fl diqD46
Damien Miller32aa1441999-10-29 09:15:49 +100047.Op Fl b Ar bits
48.Op Fl f Ar config_file
49.Op Fl g Ar login_grace_time
50.Op Fl h Ar host_key_file
51.Op Fl k Ar key_gen_time
52.Op Fl p Ar port
Damien Miller942da032000-08-18 13:59:06 +100053.Op Fl u Ar len
Damien Miller95def091999-11-25 00:26:21 +110054.Op Fl V Ar client_protocol_id
Damien Miller22c77262000-04-13 12:26:34 +100055.Sh DESCRIPTION
Damien Miller32aa1441999-10-29 09:15:49 +100056.Nm
Damien Miller22c77262000-04-13 12:26:34 +100057(Secure Shell Daemon) is the daemon program for
Damien Miller32aa1441999-10-29 09:15:49 +100058.Xr ssh 1 .
Damien Miller35dabd02000-05-01 21:10:33 +100059Together these programs replace rlogin and rsh, and
Damien Miller32aa1441999-10-29 09:15:49 +100060provide secure encrypted communications between two untrusted hosts
Damien Miller450a7a12000-03-26 13:04:51 +100061over an insecure network.
62The programs are intended to be as easy to
Damien Miller32aa1441999-10-29 09:15:49 +100063install and use as possible.
64.Pp
65.Nm
Damien Miller450a7a12000-03-26 13:04:51 +100066is the daemon that listens for connections from clients.
Damien Miller22c77262000-04-13 12:26:34 +100067It is normally started at boot from
Damien Miller32aa1441999-10-29 09:15:49 +100068.Pa /etc/rc .
69It forks a new
Damien Miller450a7a12000-03-26 13:04:51 +100070daemon for each incoming connection.
71The forked daemons handle
Damien Miller32aa1441999-10-29 09:15:49 +100072key exchange, encryption, authentication, command execution,
73and data exchange.
Damien Millere247cc42000-05-07 12:03:14 +100074This implementation of
75.Nm
76supports both SSH protocol version 1 and 2 simultaneously.
Damien Miller32aa1441999-10-29 09:15:49 +100077.Nm
Damien Miller450a7a12000-03-26 13:04:51 +100078works as follows.
Damien Millere247cc42000-05-07 12:03:14 +100079.Pp
80.Ss SSH protocol version 1
81.Pp
Damien Miller450a7a12000-03-26 13:04:51 +100082Each host has a host-specific RSA key
83(normally 1024 bits) used to identify the host.
84Additionally, when
Damien Miller32aa1441999-10-29 09:15:49 +100085the daemon starts, it generates a server RSA key (normally 768 bits).
86This key is normally regenerated every hour if it has been used, and
87is never stored on disk.
88.Pp
Damien Miller35dabd02000-05-01 21:10:33 +100089Whenever a client connects the daemon responds with its public
90host and server keys.
Damien Miller450a7a12000-03-26 13:04:51 +100091The client compares the
Damien Millere247cc42000-05-07 12:03:14 +100092RSA host key against its own database to verify that it has not changed.
Damien Miller450a7a12000-03-26 13:04:51 +100093The client then generates a 256 bit random number.
94It encrypts this
Damien Miller32aa1441999-10-29 09:15:49 +100095random number using both the host key and the server key, and sends
Damien Miller450a7a12000-03-26 13:04:51 +100096the encrypted number to the server.
Damien Miller35dabd02000-05-01 21:10:33 +100097Both sides then use this
Damien Miller32aa1441999-10-29 09:15:49 +100098random number as a session key which is used to encrypt all further
Damien Miller450a7a12000-03-26 13:04:51 +100099communications in the session.
100The rest of the session is encrypted
Damien Miller35dabd02000-05-01 21:10:33 +1000101using a conventional cipher, currently Blowfish or 3DES, with 3DES
Damien Millerb38eff82000-04-01 11:09:21 +1000102being used by default.
Damien Miller450a7a12000-03-26 13:04:51 +1000103The client selects the encryption algorithm
Damien Miller32aa1441999-10-29 09:15:49 +1000104to use from those offered by the server.
105.Pp
Damien Miller450a7a12000-03-26 13:04:51 +1000106Next, the server and the client enter an authentication dialog.
107The client tries to authenticate itself using
Damien Miller32aa1441999-10-29 09:15:49 +1000108.Pa .rhosts
109authentication,
110.Pa .rhosts
111authentication combined with RSA host
112authentication, RSA challenge-response authentication, or password
113based authentication.
114.Pp
115Rhosts authentication is normally disabled
116because it is fundamentally insecure, but can be enabled in the server
Damien Miller450a7a12000-03-26 13:04:51 +1000117configuration file if desired.
118System security is not improved unless
Damien Miller32aa1441999-10-29 09:15:49 +1000119.Xr rshd 8 ,
120.Xr rlogind 8 ,
121.Xr rexecd 8 ,
122and
123.Xr rexd 8
124are disabled (thus completely disabling
125.Xr rlogin 1
126and
127.Xr rsh 1
Damien Miller35dabd02000-05-01 21:10:33 +1000128into the machine).
Damien Miller32aa1441999-10-29 09:15:49 +1000129.Pp
Damien Millere247cc42000-05-07 12:03:14 +1000130.Ss SSH protocol version 2
131.Pp
Damien Miller942da032000-08-18 13:59:06 +1000132Version 2 works similarly:
Damien Millere247cc42000-05-07 12:03:14 +1000133Each host has a host-specific DSA key used to identify the host.
134However, when the daemon starts, it does not generate a server key.
135Forward security is provided through a Diffie-Hellman key agreement.
136This key agreement results in a shared session key.
137The rest of the session is encrypted
138using a symmetric cipher, currently
139Blowfish, 3DES or CAST128 in CBC mode or Arcfour.
140The client selects the encryption algorithm
141to use from those offered by the server.
142Additionally, session integrity is provided
Damien Miller30c3d422000-05-09 11:02:59 +1000143through a cryptographic message authentication code
Damien Millere247cc42000-05-07 12:03:14 +1000144(hmac-sha1 or hmac-md5).
145.Pp
146Protocol version 2 provides a public key based
Damien Miller0bc1bd82000-11-13 22:57:25 +1100147user authentication method (PubkeyAuthentication)
Damien Millere247cc42000-05-07 12:03:14 +1000148and conventional password authentication.
149.Pp
150.Ss Command execution and data forwarding
151.Pp
Damien Miller32aa1441999-10-29 09:15:49 +1000152If the client successfully authenticates itself, a dialog for
Damien Miller450a7a12000-03-26 13:04:51 +1000153preparing the session is entered.
154At this time the client may request
Damien Miller32aa1441999-10-29 09:15:49 +1000155things like allocating a pseudo-tty, forwarding X11 connections,
156forwarding TCP/IP connections, or forwarding the authentication agent
157connection over the secure channel.
158.Pp
159Finally, the client either requests a shell or execution of a command.
Damien Miller450a7a12000-03-26 13:04:51 +1000160The sides then enter session mode.
161In this mode, either side may send
Damien Miller32aa1441999-10-29 09:15:49 +1000162data at any time, and such data is forwarded to/from the shell or
163command on the server side, and the user terminal in the client side.
164.Pp
165When the user program terminates and all forwarded X11 and other
166connections have been closed, the server sends command exit status to
167the client, and both sides exit.
168.Pp
169.Nm
170can be configured using command-line options or a configuration
Damien Miller450a7a12000-03-26 13:04:51 +1000171file.
172Command-line options override values specified in the
Damien Miller32aa1441999-10-29 09:15:49 +1000173configuration file.
174.Pp
Damien Miller6162d121999-11-21 13:23:52 +1100175.Nm
176rereads its configuration file when it receives a hangup signal,
177.Dv SIGHUP .
178.Pp
Damien Miller32aa1441999-10-29 09:15:49 +1000179The options are as follows:
180.Bl -tag -width Ds
181.It Fl b Ar bits
182Specifies the number of bits in the server key (default 768).
183.Pp
184.It Fl d
Damien Miller450a7a12000-03-26 13:04:51 +1000185Debug mode.
186The server sends verbose debug output to the system
187log, and does not put itself in the background.
188The server also will not fork and will only process one connection.
189This option is only intended for debugging for the server.
Damien Miller874d77b2000-10-14 16:23:11 +1100190Multiple -d options increases the debugging level.
191Maximum is 3.
Damien Miller32aa1441999-10-29 09:15:49 +1000192.It Fl f Ar configuration_file
Damien Miller450a7a12000-03-26 13:04:51 +1000193Specifies the name of the configuration file.
194The default is
Damien Miller886c63a2000-01-20 23:13:36 +1100195.Pa /etc/sshd_config .
Damien Miller32aa1441999-10-29 09:15:49 +1000196.Nm
197refuses to start if there is no configuration file.
198.It Fl g Ar login_grace_time
199Gives the grace time for clients to authenticate themselves (default
Kevin Steves9ce907c2001-01-07 11:53:40 +0000200600 seconds).
Damien Miller450a7a12000-03-26 13:04:51 +1000201If the client fails to authenticate the user within
202this many seconds, the server disconnects and exits.
203A value of zero indicates no limit.
Damien Miller32aa1441999-10-29 09:15:49 +1000204.It Fl h Ar host_key_file
Ben Lindstrom4dccfa52000-12-28 16:40:05 +0000205Specifies the file from which the host key is read (default
Damien Miller886c63a2000-01-20 23:13:36 +1100206.Pa /etc/ssh_host_key ) .
Damien Miller32aa1441999-10-29 09:15:49 +1000207This option must be given if
208.Nm
209is not run as root (as the normal
210host file is normally not readable by anyone but root).
Ben Lindstrom4dccfa52000-12-28 16:40:05 +0000211It is possible to have multiple host key files for
212the different protocol versions.
Damien Miller32aa1441999-10-29 09:15:49 +1000213.It Fl i
214Specifies that
215.Nm
Damien Miller22c77262000-04-13 12:26:34 +1000216is being run from inetd.
Damien Miller32aa1441999-10-29 09:15:49 +1000217.Nm
218is normally not run
219from inetd because it needs to generate the server key before it can
Damien Miller450a7a12000-03-26 13:04:51 +1000220respond to the client, and this may take tens of seconds.
221Clients would have to wait too long if the key was regenerated every time.
Damien Miller7684ee12000-03-17 23:40:15 +1100222However, with small key sizes (e.g., 512) using
Damien Miller32aa1441999-10-29 09:15:49 +1000223.Nm
224from inetd may
225be feasible.
226.It Fl k Ar key_gen_time
227Specifies how often the server key is regenerated (default 3600
Damien Miller450a7a12000-03-26 13:04:51 +1000228seconds, or one hour).
229The motivation for regenerating the key fairly
Damien Miller32aa1441999-10-29 09:15:49 +1000230often is that the key is not stored anywhere, and after about an hour,
231it becomes impossible to recover the key for decrypting intercepted
232communications even if the machine is cracked into or physically
Damien Miller450a7a12000-03-26 13:04:51 +1000233seized.
234A value of zero indicates that the key will never be regenerated.
Damien Miller32aa1441999-10-29 09:15:49 +1000235.It Fl p Ar port
236Specifies the port on which the server listens for connections
237(default 22).
238.It Fl q
Damien Miller450a7a12000-03-26 13:04:51 +1000239Quiet mode.
240Nothing is sent to the system log.
241Normally the beginning,
Damien Miller32aa1441999-10-29 09:15:49 +1000242authentication, and termination of each connection is logged.
Damien Miller942da032000-08-18 13:59:06 +1000243.It Fl u Ar len
244This option is used to specify the size of the field
245in the
246.Li utmp
247structure that holds the remote host name.
248If the resolved host name is longer than
249.Ar len ,
250the dotted decimal value will be used instead.
251This allows hosts with very long host names that
252overflow this field to still be uniquely identified.
253Specifying
254.Fl u0
255indicates that only dotted decimal addresses
256should be put into the
257.Pa utmp
258file.
Ben Lindstrom4dccfa52000-12-28 16:40:05 +0000259.It Fl D
260When this option is specified
261.Nm
262will not detach and does not become a daemon.
263This allows easy monitoring of
264.Nm sshd .
Damien Miller95def091999-11-25 00:26:21 +1100265.It Fl V Ar client_protocol_id
Damien Miller874d77b2000-10-14 16:23:11 +1100266SSH-2 compatibility mode.
Damien Miller35dabd02000-05-01 21:10:33 +1000267When this option is specified
Damien Miller95def091999-11-25 00:26:21 +1100268.Nm
Damien Miller35dabd02000-05-01 21:10:33 +1000269assumes the client has sent the supplied version string
Damien Miller95def091999-11-25 00:26:21 +1100270and skips the
271Protocol Version Identification Exchange.
Damien Miller874d77b2000-10-14 16:23:11 +1100272This option is not intended to be called directly.
Damien Miller34132e52000-01-14 15:45:46 +1100273.It Fl 4
274Forces
275.Nm
276to use IPv4 addresses only.
277.It Fl 6
278Forces
279.Nm
280to use IPv6 addresses only.
Damien Miller32aa1441999-10-29 09:15:49 +1000281.El
282.Sh CONFIGURATION FILE
283.Nm
Damien Miller22c77262000-04-13 12:26:34 +1000284reads configuration data from
Damien Miller886c63a2000-01-20 23:13:36 +1100285.Pa /etc/sshd_config
Damien Miller32aa1441999-10-29 09:15:49 +1000286(or the file specified with
287.Fl f
Damien Miller450a7a12000-03-26 13:04:51 +1000288on the command line).
289The file contains keyword-value pairs, one per line.
290Lines starting with
Damien Miller32aa1441999-10-29 09:15:49 +1000291.Ql #
292and empty lines are interpreted as comments.
293.Pp
294The following keywords are possible.
295.Bl -tag -width Ds
296.It Cm AFSTokenPassing
Damien Miller450a7a12000-03-26 13:04:51 +1000297Specifies whether an AFS token may be forwarded to the server.
298Default is
Damien Miller32aa1441999-10-29 09:15:49 +1000299.Dq yes .
300.It Cm AllowGroups
301This keyword can be followed by a number of group names, separated
Damien Miller450a7a12000-03-26 13:04:51 +1000302by spaces.
303If specified, login is allowed only for users whose primary
Kevin Steves7b61cfa2001-01-14 19:11:00 +0000304group or supplementary group list matches one of the patterns.
Damien Miller32aa1441999-10-29 09:15:49 +1000305.Ql \&*
306and
307.Ql ?
308can be used as
Damien Miller450a7a12000-03-26 13:04:51 +1000309wildcards in the patterns.
Damien Miller942da032000-08-18 13:59:06 +1000310Only group names are valid; a numerical group ID isn't recognized.
Kevin Steves7b61cfa2001-01-14 19:11:00 +0000311By default login is allowed regardless of the group list.
Damien Miller32aa1441999-10-29 09:15:49 +1000312.Pp
Damien Miller50a41ed2000-10-16 12:14:42 +1100313.It Cm AllowTcpForwarding
314Specifies whether TCP forwarding is permitted.
315The default is
316.Dq yes .
317Note that disabling TCP forwarding does not improve security unless
318users are also denied shell access, as they can always install their
319own forwarders.
320.Pp
Damien Miller32aa1441999-10-29 09:15:49 +1000321.It Cm AllowUsers
322This keyword can be followed by a number of user names, separated
Damien Miller450a7a12000-03-26 13:04:51 +1000323by spaces.
324If specified, login is allowed only for users names that
Damien Miller32aa1441999-10-29 09:15:49 +1000325match one of the patterns.
326.Ql \&*
327and
328.Ql ?
329can be used as
Damien Miller450a7a12000-03-26 13:04:51 +1000330wildcards in the patterns.
Damien Miller942da032000-08-18 13:59:06 +1000331Only user names are valid; a numerical user ID isn't recognized.
Damien Miller450a7a12000-03-26 13:04:51 +1000332By default login is allowed regardless of the user name.
Damien Miller32aa1441999-10-29 09:15:49 +1000333.Pp
Ben Lindstrom48bd7c12001-01-09 00:35:42 +0000334.It Cm Banner
335In some jurisdictions, sending a warning message before authentication
336may be relevant for getting legal protection.
337The contents of the specified file are sent to the remote user before
338authentication is allowed.
339This option is only available for protocol version 2.
340.Pp
Damien Miller22c77262000-04-13 12:26:34 +1000341.It Cm Ciphers
342Specifies the ciphers allowed for protocol version 2.
343Multiple ciphers must be comma-separated.
344The default is
Ben Lindstromd26dcf32001-01-06 15:18:16 +0000345.Dq 3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes128-cbc .
Damien Miller32aa1441999-10-29 09:15:49 +1000346.It Cm CheckMail
347Specifies whether
348.Nm
349should check for new mail for interactive logins.
350The default is
351.Dq no .
352.It Cm DenyGroups
353This keyword can be followed by a number of group names, separated
Damien Miller450a7a12000-03-26 13:04:51 +1000354by spaces.
Kevin Steves7b61cfa2001-01-14 19:11:00 +0000355Users whose primary group or supplementary group list matches
356one of the patterns aren't allowed to log in.
Damien Miller32aa1441999-10-29 09:15:49 +1000357.Ql \&*
358and
359.Ql ?
360can be used as
Damien Miller450a7a12000-03-26 13:04:51 +1000361wildcards in the patterns.
Damien Miller942da032000-08-18 13:59:06 +1000362Only group names are valid; a numerical group ID isn't recognized.
Kevin Steves7b61cfa2001-01-14 19:11:00 +0000363By default login is allowed regardless of the group list.
Damien Miller32aa1441999-10-29 09:15:49 +1000364.Pp
365.It Cm DenyUsers
366This keyword can be followed by a number of user names, separated
Damien Miller450a7a12000-03-26 13:04:51 +1000367by spaces.
368Login is disallowed for user names that match one of the patterns.
Damien Miller32aa1441999-10-29 09:15:49 +1000369.Ql \&*
370and
371.Ql ?
Damien Miller450a7a12000-03-26 13:04:51 +1000372can be used as wildcards in the patterns.
Damien Miller942da032000-08-18 13:59:06 +1000373Only user names are valid; a numerical user ID isn't recognized.
Damien Miller450a7a12000-03-26 13:04:51 +1000374By default login is allowed regardless of the user name.
Damien Miller0bc1bd82000-11-13 22:57:25 +1100375.It Cm PubkeyAuthentication
376Specifies whether public key authentication is allowed.
Damien Millere247cc42000-05-07 12:03:14 +1000377The default is
378.Dq yes .
379Note that this option applies to protocol version 2 only.
380.It Cm GatewayPorts
381Specifies whether remote hosts are allowed to connect to ports
382forwarded for the client.
383The argument must be
384.Dq yes
385or
386.Dq no .
387The default is
388.Dq no .
Damien Millere247cc42000-05-07 12:03:14 +1000389.It Cm HostKey
Damien Miller0bc1bd82000-11-13 22:57:25 +1100390Specifies the file containing the private host keys (default
Damien Millere247cc42000-05-07 12:03:14 +1000391.Pa /etc/ssh_host_key )
Damien Miller0bc1bd82000-11-13 22:57:25 +1100392used by SSH protocol versions 1 and 2.
Damien Millere247cc42000-05-07 12:03:14 +1000393Note that
394.Nm
Ben Lindstrom226cfa02001-01-22 05:34:40 +0000395will refuse to use a file if it is group/world-accessible.
Damien Miller0bc1bd82000-11-13 22:57:25 +1100396It is possible to have multiple host key files.
397.Dq rsa1
398keys are used for version 1 and
399.Dq dsa
400or
401.Dq rsa
402are used for version 2 of the SSH protocol.
Damien Miller32aa1441999-10-29 09:15:49 +1000403.It Cm IgnoreRhosts
Damien Miller98c7ad62000-03-09 21:27:49 +1100404Specifies that
405.Pa .rhosts
Damien Miller22c77262000-04-13 12:26:34 +1000406and
Damien Miller98c7ad62000-03-09 21:27:49 +1100407.Pa .shosts
408files will not be used in authentication.
Damien Miller32aa1441999-10-29 09:15:49 +1000409.Pa /etc/hosts.equiv
410and
Damien Miller22c77262000-04-13 12:26:34 +1000411.Pa /etc/shosts.equiv
Damien Miller450a7a12000-03-26 13:04:51 +1000412are still used.
Damien Miller22c77262000-04-13 12:26:34 +1000413The default is
Damien Miller98c7ad62000-03-09 21:27:49 +1100414.Dq yes .
Damien Miller32265091999-11-12 11:33:04 +1100415.It Cm IgnoreUserKnownHosts
416Specifies whether
417.Nm
418should ignore the user's
419.Pa $HOME/.ssh/known_hosts
420during
421.Cm RhostsRSAAuthentication .
422The default is
423.Dq no .
Damien Miller32aa1441999-10-29 09:15:49 +1000424.It Cm KeepAlive
425Specifies whether the system should send keepalive messages to the
Damien Miller450a7a12000-03-26 13:04:51 +1000426other side.
427If they are sent, death of the connection or crash of one
428of the machines will be properly noticed.
429However, this means that
Damien Miller32aa1441999-10-29 09:15:49 +1000430connections will die if the route is down temporarily, and some people
Damien Miller450a7a12000-03-26 13:04:51 +1000431find it annoying.
Damien Miller30c3d422000-05-09 11:02:59 +1000432On the other hand, if keepalives are not sent,
Damien Miller32aa1441999-10-29 09:15:49 +1000433sessions may hang indefinitely on the server, leaving
434.Dq ghost
435users and consuming server resources.
436.Pp
437The default is
438.Dq yes
439(to send keepalives), and the server will notice
Damien Miller450a7a12000-03-26 13:04:51 +1000440if the network goes down or the client host reboots.
441This avoids infinitely hanging sessions.
Damien Miller32aa1441999-10-29 09:15:49 +1000442.Pp
443To disable keepalives, the value should be set to
444.Dq no
445in both the server and the client configuration files.
446.It Cm KerberosAuthentication
Damien Miller450a7a12000-03-26 13:04:51 +1000447Specifies whether Kerberos authentication is allowed.
448This can be in the form of a Kerberos ticket, or if
Damien Miller32aa1441999-10-29 09:15:49 +1000449.Cm PasswordAuthentication
450is yes, the password provided by the user will be validated through
Damien Miller874d77b2000-10-14 16:23:11 +1100451the Kerberos KDC.
452To use this option, the server needs a
Damien Miller942da032000-08-18 13:59:06 +1000453Kerberos servtab which allows the verification of the KDC's identity.
Damien Miller450a7a12000-03-26 13:04:51 +1000454Default is
Damien Miller32aa1441999-10-29 09:15:49 +1000455.Dq yes .
456.It Cm KerberosOrLocalPasswd
457If set then if password authentication through Kerberos fails then
458the password will be validated via any additional local mechanism
459such as
Damien Miller62cee002000-09-23 17:15:56 +1100460.Pa /etc/passwd .
Damien Miller450a7a12000-03-26 13:04:51 +1000461Default is
Damien Miller32aa1441999-10-29 09:15:49 +1000462.Dq yes .
463.It Cm KerberosTgtPassing
464Specifies whether a Kerberos TGT may be forwarded to the server.
Damien Miller22c77262000-04-13 12:26:34 +1000465Default is
Damien Miller32aa1441999-10-29 09:15:49 +1000466.Dq no ,
467as this only works when the Kerberos KDC is actually an AFS kaserver.
468.It Cm KerberosTicketCleanup
469Specifies whether to automatically destroy the user's ticket cache
Damien Miller450a7a12000-03-26 13:04:51 +1000470file on logout.
471Default is
Damien Miller32aa1441999-10-29 09:15:49 +1000472.Dq yes .
473.It Cm KeyRegenerationInterval
474The server key is automatically regenerated after this many seconds
Damien Miller450a7a12000-03-26 13:04:51 +1000475(if it has been used).
476The purpose of regeneration is to prevent
Damien Miller32aa1441999-10-29 09:15:49 +1000477decrypting captured sessions by later breaking into the machine and
Damien Miller450a7a12000-03-26 13:04:51 +1000478stealing the keys.
479The key is never stored anywhere.
480If the value is 0, the key is never regenerated.
481The default is 3600 (seconds).
Damien Miller32aa1441999-10-29 09:15:49 +1000482.It Cm ListenAddress
483Specifies what local address
484.Nm
485should listen on.
486The default is to listen to all local addresses.
Damien Miller34132e52000-01-14 15:45:46 +1100487Multiple options of this type are permitted.
488Additionally, the
489.Cm Ports
490options must precede this option.
Damien Miller32aa1441999-10-29 09:15:49 +1000491.It Cm LoginGraceTime
492The server disconnects after this time if the user has not
Damien Miller450a7a12000-03-26 13:04:51 +1000493successfully logged in.
494If the value is 0, there is no time limit.
Damien Miller32aa1441999-10-29 09:15:49 +1000495The default is 600 (seconds).
Damien Miller5ce662a1999-11-11 17:57:39 +1100496.It Cm LogLevel
497Gives the verbosity level that is used when logging messages from
498.Nm sshd .
499The possible values are:
Ben Lindstromdb65e8f2001-01-19 04:26:52 +0000500QUIET, FATAL, ERROR, INFO, VERBOSE and DEBUG.
501The default is INFO.
Damien Miller5ce662a1999-11-11 17:57:39 +1100502Logging with level DEBUG violates the privacy of users
503and is not recommended.
Damien Miller37023962000-07-11 17:31:38 +1000504.It Cm MaxStartups
505Specifies the maximum number of concurrent unauthenticated connections to the
506.Nm
507daemon.
508Additional connections will be dropped until authentication succeeds or the
509.Cm LoginGraceTime
510expires for a connection.
511The default is 10.
Damien Miller942da032000-08-18 13:59:06 +1000512.Pp
513Alternatively, random early drop can be enabled by specifying
514the three colon separated values
515.Dq start:rate:full
Damien Miller874d77b2000-10-14 16:23:11 +1100516(e.g., "10:30:60").
Damien Miller942da032000-08-18 13:59:06 +1000517.Nm
Ben Lindstroma7333502001-01-29 08:44:03 +0000518will refuse connection attempts with a probability of
Damien Miller942da032000-08-18 13:59:06 +1000519.Dq rate/100
520(30%)
521if there are currently
522.Dq start
523(10)
524unauthenticated connections.
Ben Lindstroma7333502001-01-29 08:44:03 +0000525The probability increases linearly and all connection attempts
Damien Miller942da032000-08-18 13:59:06 +1000526are refused if the number of unauthenticated connections reaches
527.Dq full
528(60).
Damien Miller32aa1441999-10-29 09:15:49 +1000529.It Cm PasswordAuthentication
530Specifies whether password authentication is allowed.
531The default is
532.Dq yes .
Damien Miller942da032000-08-18 13:59:06 +1000533Note that this option applies to both protocol versions 1 and 2.
Damien Miller32aa1441999-10-29 09:15:49 +1000534.It Cm PermitEmptyPasswords
535When password authentication is allowed, it specifies whether the
Damien Miller450a7a12000-03-26 13:04:51 +1000536server allows login to accounts with empty password strings.
537The default is
Damien Miller98c7ad62000-03-09 21:27:49 +1100538.Dq no .
Damien Miller32aa1441999-10-29 09:15:49 +1000539.It Cm PermitRootLogin
540Specifies whether the root can log in using
541.Xr ssh 1 .
542The argument must be
543.Dq yes ,
544.Dq without-password
545or
546.Dq no .
547The default is
548.Dq yes .
549If this options is set to
550.Dq without-password
551only password authentication is disabled for root.
552.Pp
553Root login with RSA authentication when the
554.Ar command
555option has been
556specified will be allowed regardless of the value of this setting
557(which may be useful for taking remote backups even if root login is
558normally not allowed).
Damien Miller6f83b8e2000-05-02 09:23:45 +1000559.It Cm PidFile
560Specifies the file that contains the process identifier of the
561.Nm
562daemon.
563The default is
564.Pa /var/run/sshd.pid .
Damien Miller32aa1441999-10-29 09:15:49 +1000565.It Cm Port
566Specifies the port number that
567.Nm
Damien Miller450a7a12000-03-26 13:04:51 +1000568listens on.
569The default is 22.
Damien Miller34132e52000-01-14 15:45:46 +1100570Multiple options of this type are permitted.
Damien Miller32aa1441999-10-29 09:15:49 +1000571.It Cm PrintMotd
572Specifies whether
573.Nm
Damien Miller22c77262000-04-13 12:26:34 +1000574should print
Damien Miller32aa1441999-10-29 09:15:49 +1000575.Pa /etc/motd
Damien Miller450a7a12000-03-26 13:04:51 +1000576when a user logs in interactively.
577(On some systems it is also printed by the shell,
Damien Miller32aa1441999-10-29 09:15:49 +1000578.Pa /etc/profile ,
Damien Miller450a7a12000-03-26 13:04:51 +1000579or equivalent.)
580The default is
Damien Miller32aa1441999-10-29 09:15:49 +1000581.Dq yes .
Damien Miller22c77262000-04-13 12:26:34 +1000582.It Cm Protocol
583Specifies the protocol versions
584.Nm
585should support.
586The possible values are
587.Dq 1
588and
589.Dq 2 .
590Multiple versions must be comma-separated.
591The default is
592.Dq 1 .
Damien Miller32aa1441999-10-29 09:15:49 +1000593.It Cm RandomSeed
Damien Miller450a7a12000-03-26 13:04:51 +1000594Obsolete.
595Random number generation uses other techniques.
Damien Miller32aa1441999-10-29 09:15:49 +1000596.It Cm RhostsAuthentication
597Specifies whether authentication using rhosts or /etc/hosts.equiv
Damien Miller450a7a12000-03-26 13:04:51 +1000598files is sufficient.
599Normally, this method should not be permitted because it is insecure.
Damien Miller32aa1441999-10-29 09:15:49 +1000600.Cm RhostsRSAAuthentication
601should be used
602instead, because it performs RSA-based host authentication in addition
603to normal rhosts or /etc/hosts.equiv authentication.
604The default is
605.Dq no .
606.It Cm RhostsRSAAuthentication
607Specifies whether rhosts or /etc/hosts.equiv authentication together
Damien Miller450a7a12000-03-26 13:04:51 +1000608with successful RSA host authentication is allowed.
609The default is
Damien Miller98c7ad62000-03-09 21:27:49 +1100610.Dq no .
Damien Miller32aa1441999-10-29 09:15:49 +1000611.It Cm RSAAuthentication
Damien Miller450a7a12000-03-26 13:04:51 +1000612Specifies whether pure RSA authentication is allowed.
613The default is
Damien Miller32aa1441999-10-29 09:15:49 +1000614.Dq yes .
Damien Millere247cc42000-05-07 12:03:14 +1000615Note that this option applies to protocol version 1 only.
Damien Miller32aa1441999-10-29 09:15:49 +1000616.It Cm ServerKeyBits
Damien Miller450a7a12000-03-26 13:04:51 +1000617Defines the number of bits in the server key.
618The minimum value is 512, and the default is 768.
Damien Miller32aa1441999-10-29 09:15:49 +1000619.It Cm SkeyAuthentication
620Specifies whether
Damien Miller22c77262000-04-13 12:26:34 +1000621.Xr skey 1
Damien Miller450a7a12000-03-26 13:04:51 +1000622authentication is allowed.
623The default is
Damien Miller32aa1441999-10-29 09:15:49 +1000624.Dq yes .
625Note that s/key authentication is enabled only if
626.Cm PasswordAuthentication
627is allowed, too.
628.It Cm StrictModes
629Specifies whether
630.Nm
631should check file modes and ownership of the
Damien Miller450a7a12000-03-26 13:04:51 +1000632user's files and home directory before accepting login.
633This is normally desirable because novices sometimes accidentally leave their
634directory or files world-writable.
635The default is
Damien Miller32aa1441999-10-29 09:15:49 +1000636.Dq yes .
Damien Millerf6d9e222000-06-18 14:50:44 +1000637.It Cm Subsystem
Damien Miller874d77b2000-10-14 16:23:11 +1100638Configures an external subsystem (e.g., file transfer daemon).
639Arguments should be a subsystem name and a command to execute upon subsystem
640request.
Damien Miller7b28dc52000-09-05 13:34:53 +1100641The command
642.Xr sftp-server 8
643implements the
644.Dq sftp
645file transfer subsystem.
Damien Millerf6d9e222000-06-18 14:50:44 +1000646By default no subsystems are defined.
647Note that this option applies to protocol version 2 only.
Damien Miller32aa1441999-10-29 09:15:49 +1000648.It Cm SyslogFacility
649Gives the facility code that is used when logging messages from
650.Nm sshd .
651The possible values are: DAEMON, USER, AUTH, LOCAL0, LOCAL1, LOCAL2,
Damien Miller450a7a12000-03-26 13:04:51 +1000652LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7.
653The default is AUTH.
Damien Miller32aa1441999-10-29 09:15:49 +1000654.It Cm UseLogin
655Specifies whether
656.Xr login 1
Damien Millerd3a18572000-06-07 19:55:44 +1000657is used for interactive login sessions.
658Note that
659.Xr login 1
Damien Miller942da032000-08-18 13:59:06 +1000660is never used for remote command execution.
Damien Miller450a7a12000-03-26 13:04:51 +1000661The default is
Damien Miller32aa1441999-10-29 09:15:49 +1000662.Dq no .
Damien Miller32aa1441999-10-29 09:15:49 +1000663.It Cm X11DisplayOffset
664Specifies the first display number available for
665.Nm sshd Ns 's
Damien Miller450a7a12000-03-26 13:04:51 +1000666X11 forwarding.
667This prevents
Damien Miller32aa1441999-10-29 09:15:49 +1000668.Nm
669from interfering with real X11 servers.
Damien Miller98c7ad62000-03-09 21:27:49 +1100670The default is 10.
Damien Miller396691a2000-01-20 22:44:08 +1100671.It Cm X11Forwarding
Damien Miller450a7a12000-03-26 13:04:51 +1000672Specifies whether X11 forwarding is permitted.
673The default is
Damien Miller98c7ad62000-03-09 21:27:49 +1100674.Dq no .
Damien Miller396691a2000-01-20 22:44:08 +1100675Note that disabling X11 forwarding does not improve security in any
676way, as users can always install their own forwarders.
Damien Millerd3a18572000-06-07 19:55:44 +1000677.It Cm XAuthLocation
678Specifies the location of the
679.Xr xauth 1
680program.
681The default is
682.Pa /usr/X11R6/bin/xauth .
Damien Miller32aa1441999-10-29 09:15:49 +1000683.El
684.Sh LOGIN PROCESS
685When a user successfully logs in,
686.Nm
687does the following:
688.Bl -enum -offset indent
689.It
690If the login is on a tty, and no command has been specified,
Damien Miller22c77262000-04-13 12:26:34 +1000691prints last login time and
Damien Miller32aa1441999-10-29 09:15:49 +1000692.Pa /etc/motd
693(unless prevented in the configuration file or by
694.Pa $HOME/.hushlogin ;
695see the
Damien Miller22c77262000-04-13 12:26:34 +1000696.Sx FILES
Damien Miller32aa1441999-10-29 09:15:49 +1000697section).
698.It
699If the login is on a tty, records login time.
700.It
701Checks
702.Pa /etc/nologin ;
703if it exists, prints contents and quits
704(unless root).
705.It
706Changes to run with normal user privileges.
707.It
708Sets up basic environment.
709.It
710Reads
711.Pa $HOME/.ssh/environment
712if it exists.
713.It
714Changes to user's home directory.
715.It
716If
717.Pa $HOME/.ssh/rc
718exists, runs it; else if
Damien Miller886c63a2000-01-20 23:13:36 +1100719.Pa /etc/sshrc
Damien Miller32aa1441999-10-29 09:15:49 +1000720exists, runs
Damien Miller450a7a12000-03-26 13:04:51 +1000721it; otherwise runs xauth.
722The
Damien Miller32aa1441999-10-29 09:15:49 +1000723.Dq rc
724files are given the X11
725authentication protocol and cookie in standard input.
726.It
727Runs user's shell or command.
728.El
729.Sh AUTHORIZED_KEYS FILE FORMAT
Damien Miller22c77262000-04-13 12:26:34 +1000730The
Damien Miller32aa1441999-10-29 09:15:49 +1000731.Pa $HOME/.ssh/authorized_keys
732file lists the RSA keys that are
Damien Millere247cc42000-05-07 12:03:14 +1000733permitted for RSA authentication in SSH protocols 1.3 and 1.5
Damien Miller30c3d422000-05-09 11:02:59 +1000734Similarly, the
Damien Millere247cc42000-05-07 12:03:14 +1000735.Pa $HOME/.ssh/authorized_keys2
Ben Lindstrom4dccfa52000-12-28 16:40:05 +0000736file lists the DSA and RSA keys that are
737permitted for public key authentication (PubkeyAuthentication)
738in SSH protocol 2.0.
739.Pp
Damien Miller450a7a12000-03-26 13:04:51 +1000740Each line of the file contains one
Damien Miller32aa1441999-10-29 09:15:49 +1000741key (empty lines and lines starting with a
742.Ql #
743are ignored as
Damien Miller450a7a12000-03-26 13:04:51 +1000744comments).
Ben Lindstrom4dccfa52000-12-28 16:40:05 +0000745Each RSA public key consists of the following fields, separated by
Damien Miller450a7a12000-03-26 13:04:51 +1000746spaces: options, bits, exponent, modulus, comment.
Ben Lindstrom4dccfa52000-12-28 16:40:05 +0000747Each protocol version 2 public key consists of:
748options, keytype, base64 encoded key, comment.
749The options fields
750are optional; its presence is determined by whether the line starts
Damien Miller32aa1441999-10-29 09:15:49 +1000751with a number or not (the option field never starts with a number).
Ben Lindstrom4dccfa52000-12-28 16:40:05 +0000752The bits, exponent, modulus and comment fields give the RSA key for
753protocol version 1; the
Damien Miller32aa1441999-10-29 09:15:49 +1000754comment field is not used for anything (but may be convenient for the
755user to identify the key).
Ben Lindstrom4dccfa52000-12-28 16:40:05 +0000756For protocol version 2 the keytype is
757.Dq ssh-dss
758or
759.Dq ssh-rsa .
Damien Miller32aa1441999-10-29 09:15:49 +1000760.Pp
761Note that lines in this file are usually several hundred bytes long
Damien Miller450a7a12000-03-26 13:04:51 +1000762(because of the size of the RSA key modulus).
763You don't want to type them in; instead, copy the
Damien Miller32aa1441999-10-29 09:15:49 +1000764.Pa identity.pub
Ben Lindstrom4dccfa52000-12-28 16:40:05 +0000765or the
766.Pa id_dsa.pub
Damien Miller32aa1441999-10-29 09:15:49 +1000767file and edit it.
768.Pp
Damien Miller942da032000-08-18 13:59:06 +1000769The options (if present) consist of comma-separated option
Damien Miller450a7a12000-03-26 13:04:51 +1000770specifications.
771No spaces are permitted, except within double quotes.
Damien Miller32aa1441999-10-29 09:15:49 +1000772The following option specifications are supported:
773.Bl -tag -width Ds
774.It Cm from="pattern-list"
775Specifies that in addition to RSA authentication, the canonical name
776of the remote host must be present in the comma-separated list of
Damien Miller450a7a12000-03-26 13:04:51 +1000777patterns
778.Pf ( Ql *
779and
780.Ql ?
781serve as wildcards).
782The list may also contain
783patterns negated by prefixing them with
784.Ql ! ;
785if the canonical host name matches a negated pattern, the key is not accepted.
786The purpose
Damien Miller32aa1441999-10-29 09:15:49 +1000787of this option is to optionally increase security: RSA authentication
788by itself does not trust the network or name servers or anything (but
789the key); however, if somebody somehow steals the key, the key
Damien Miller450a7a12000-03-26 13:04:51 +1000790permits an intruder to log in from anywhere in the world.
791This additional option makes using a stolen key more difficult (name
Damien Miller32aa1441999-10-29 09:15:49 +1000792servers and/or routers would have to be compromised in addition to
793just the key).
794.It Cm command="command"
795Specifies that the command is executed whenever this key is used for
Damien Miller450a7a12000-03-26 13:04:51 +1000796authentication.
797The command supplied by the user (if any) is ignored.
Damien Miller32aa1441999-10-29 09:15:49 +1000798The command is run on a pty if the connection requests a pty;
Damien Miller450a7a12000-03-26 13:04:51 +1000799otherwise it is run without a tty.
800A quote may be included in the command by quoting it with a backslash.
801This option might be useful
802to restrict certain RSA keys to perform just a specific operation.
803An example might be a key that permits remote backups but nothing else.
Damien Miller30c3d422000-05-09 11:02:59 +1000804Note that the client may specify TCP/IP and/or X11
805forwarding unless they are explicitly prohibited.
Damien Miller32aa1441999-10-29 09:15:49 +1000806.It Cm environment="NAME=value"
807Specifies that the string is to be added to the environment when
Damien Miller450a7a12000-03-26 13:04:51 +1000808logging in using this key.
809Environment variables set this way
810override other default environment values.
811Multiple options of this type are permitted.
Damien Miller32aa1441999-10-29 09:15:49 +1000812.It Cm no-port-forwarding
813Forbids TCP/IP forwarding when this key is used for authentication.
Damien Miller450a7a12000-03-26 13:04:51 +1000814Any port forward requests by the client will return an error.
815This might be used, e.g., in connection with the
Damien Miller32aa1441999-10-29 09:15:49 +1000816.Cm command
817option.
818.It Cm no-X11-forwarding
819Forbids X11 forwarding when this key is used for authentication.
820Any X11 forward requests by the client will return an error.
821.It Cm no-agent-forwarding
822Forbids authentication agent forwarding when this key is used for
823authentication.
824.It Cm no-pty
825Prevents tty allocation (a request to allocate a pty will fail).
826.El
827.Ss Examples
8281024 33 12121.\|.\|.\|312314325 ylo@foo.bar
829.Pp
830from="*.niksula.hut.fi,!pc.niksula.hut.fi" 1024 35 23.\|.\|.\|2334 ylo@niksula
831.Pp
832command="dump /home",no-pty,no-port-forwarding 1024 33 23.\|.\|.\|2323 backup.hut.fi
833.Sh SSH_KNOWN_HOSTS FILE FORMAT
Damien Miller22c77262000-04-13 12:26:34 +1000834The
Damien Millere247cc42000-05-07 12:03:14 +1000835.Pa /etc/ssh_known_hosts ,
836.Pa /etc/ssh_known_hosts2 ,
837.Pa $HOME/.ssh/known_hosts ,
Damien Miller22c77262000-04-13 12:26:34 +1000838and
Damien Millere247cc42000-05-07 12:03:14 +1000839.Pa $HOME/.ssh/known_hosts2
Damien Miller450a7a12000-03-26 13:04:51 +1000840files contain host public keys for all known hosts.
841The global file should
842be prepared by the administrator (optional), and the per-user file is
Damien Miller942da032000-08-18 13:59:06 +1000843maintained automatically: whenever the user connects from an unknown host
Damien Miller450a7a12000-03-26 13:04:51 +1000844its key is added to the per-user file.
Damien Miller32aa1441999-10-29 09:15:49 +1000845.Pp
846Each line in these files contains the following fields: hostnames,
Damien Miller450a7a12000-03-26 13:04:51 +1000847bits, exponent, modulus, comment.
848The fields are separated by spaces.
Damien Miller32aa1441999-10-29 09:15:49 +1000849.Pp
850Hostnames is a comma-separated list of patterns ('*' and '?' act as
851wildcards); each pattern in turn is matched against the canonical host
852name (when authenticating a client) or against the user-supplied
Damien Miller450a7a12000-03-26 13:04:51 +1000853name (when authenticating a server).
854A pattern may also be preceded by
Damien Miller32aa1441999-10-29 09:15:49 +1000855.Ql !
856to indicate negation: if the host name matches a negated
857pattern, it is not accepted (by that line) even if it matched another
858pattern on the line.
859.Pp
Damien Millere247cc42000-05-07 12:03:14 +1000860Bits, exponent, and modulus are taken directly from the RSA host key; they
Damien Miller32aa1441999-10-29 09:15:49 +1000861can be obtained, e.g., from
Damien Miller886c63a2000-01-20 23:13:36 +1100862.Pa /etc/ssh_host_key.pub .
Damien Miller32aa1441999-10-29 09:15:49 +1000863The optional comment field continues to the end of the line, and is not used.
864.Pp
865Lines starting with
866.Ql #
867and empty lines are ignored as comments.
868.Pp
869When performing host authentication, authentication is accepted if any
Damien Miller450a7a12000-03-26 13:04:51 +1000870matching line has the proper key.
871It is thus permissible (but not
Damien Miller32aa1441999-10-29 09:15:49 +1000872recommended) to have several lines or different host keys for the same
Damien Miller450a7a12000-03-26 13:04:51 +1000873names.
874This will inevitably happen when short forms of host names
875from different domains are put in the file.
876It is possible
Damien Miller32aa1441999-10-29 09:15:49 +1000877that the files contain conflicting information; authentication is
878accepted if valid information can be found from either file.
879.Pp
880Note that the lines in these files are typically hundreds of characters
881long, and you definitely don't want to type in the host keys by hand.
882Rather, generate them by a script
Damien Miller22c77262000-04-13 12:26:34 +1000883or by taking
Damien Miller886c63a2000-01-20 23:13:36 +1100884.Pa /etc/ssh_host_key.pub
Damien Miller32aa1441999-10-29 09:15:49 +1000885and adding the host names at the front.
886.Ss Examples
887closenet,closenet.hut.fi,.\|.\|.\|,130.233.208.41 1024 37 159.\|.\|.93 closenet.hut.fi
888.Sh FILES
889.Bl -tag -width Ds
Damien Miller886c63a2000-01-20 23:13:36 +1100890.It Pa /etc/sshd_config
Damien Miller32aa1441999-10-29 09:15:49 +1000891Contains configuration data for
892.Nm sshd .
893This file should be writable by root only, but it is recommended
894(though not necessary) that it be world-readable.
Damien Miller886c63a2000-01-20 23:13:36 +1100895.It Pa /etc/ssh_host_key
Damien Miller32aa1441999-10-29 09:15:49 +1000896Contains the private part of the host key.
897This file should only be owned by root, readable only by root, and not
898accessible to others.
899Note that
900.Nm
901does not start if this file is group/world-accessible.
Damien Miller886c63a2000-01-20 23:13:36 +1100902.It Pa /etc/ssh_host_key.pub
Damien Miller32aa1441999-10-29 09:15:49 +1000903Contains the public part of the host key.
904This file should be world-readable but writable only by
Damien Miller450a7a12000-03-26 13:04:51 +1000905root.
906Its contents should match the private part.
907This file is not
Damien Miller32aa1441999-10-29 09:15:49 +1000908really used for anything; it is only provided for the convenience of
909the user so its contents can be copied to known hosts files.
910These two files are created using
911.Xr ssh-keygen 1 .
Damien Millere39cacc2000-11-29 12:18:44 +1100912.It Pa /etc/primes
913Contains Diffie-Hellman groups used for the "Diffie-Hellman Group Exchange".
Damien Miller886c63a2000-01-20 23:13:36 +1100914.It Pa /var/run/sshd.pid
Damien Miller32aa1441999-10-29 09:15:49 +1000915Contains the process ID of the
916.Nm
917listening for connections (if there are several daemons running
918concurrently for different ports, this contains the pid of the one
Damien Miller450a7a12000-03-26 13:04:51 +1000919started last).
Damien Miller942da032000-08-18 13:59:06 +1000920The content of this file is not sensitive; it can be world-readable.
Damien Miller32aa1441999-10-29 09:15:49 +1000921.It Pa $HOME/.ssh/authorized_keys
922Lists the RSA keys that can be used to log into the user's account.
923This file must be readable by root (which may on some machines imply
924it being world-readable if the user's home directory resides on an NFS
Damien Miller450a7a12000-03-26 13:04:51 +1000925volume).
926It is recommended that it not be accessible by others.
927The format of this file is described above.
Damien Millere247cc42000-05-07 12:03:14 +1000928Users will place the contents of their
929.Pa identity.pub
930files into this file, as described in
931.Xr ssh-keygen 1 .
932.It Pa $HOME/.ssh/authorized_keys2
933Lists the DSA keys that can be used to log into the user's account.
934This file must be readable by root (which may on some machines imply
935it being world-readable if the user's home directory resides on an NFS
936volume).
937It is recommended that it not be accessible by others.
938The format of this file is described above.
939Users will place the contents of their
940.Pa id_dsa.pub
941files into this file, as described in
942.Xr ssh-keygen 1 .
Damien Miller886c63a2000-01-20 23:13:36 +1100943.It Pa "/etc/ssh_known_hosts" and "$HOME/.ssh/known_hosts"
Damien Miller5ce662a1999-11-11 17:57:39 +1100944These files are consulted when using rhosts with RSA host
Damien Miller450a7a12000-03-26 13:04:51 +1000945authentication to check the public key of the host.
946The key must be listed in one of these files to be accepted.
Damien Miller33e511e1999-11-11 11:43:13 +1100947The client uses the same files
Damien Miller942da032000-08-18 13:59:06 +1000948to verify that the remote host is the one it intended to connect.
Damien Miller450a7a12000-03-26 13:04:51 +1000949These files should be writable only by root/the owner.
Damien Miller886c63a2000-01-20 23:13:36 +1100950.Pa /etc/ssh_known_hosts
Damien Miller32aa1441999-10-29 09:15:49 +1000951should be world-readable, and
952.Pa $HOME/.ssh/known_hosts
953can but need not be world-readable.
954.It Pa /etc/nologin
Damien Miller22c77262000-04-13 12:26:34 +1000955If this file exists,
Damien Miller32aa1441999-10-29 09:15:49 +1000956.Nm
Damien Miller450a7a12000-03-26 13:04:51 +1000957refuses to let anyone except root log in.
958The contents of the file
Damien Miller32aa1441999-10-29 09:15:49 +1000959are displayed to anyone trying to log in, and non-root connections are
Damien Miller450a7a12000-03-26 13:04:51 +1000960refused.
961The file should be world-readable.
Damien Miller32aa1441999-10-29 09:15:49 +1000962.It Pa /etc/hosts.allow, /etc/hosts.deny
963If compiled with
964.Sy LIBWRAP
965support, tcp-wrappers access controls may be defined here as described in
966.Xr hosts_access 5 .
967.It Pa $HOME/.rhosts
968This file contains host-username pairs, separated by a space, one per
Damien Miller450a7a12000-03-26 13:04:51 +1000969line.
970The given user on the corresponding host is permitted to log in
971without password.
972The same file is used by rlogind and rshd.
Damien Miller32aa1441999-10-29 09:15:49 +1000973The file must
974be writable only by the user; it is recommended that it not be
975accessible by others.
976.Pp
Damien Miller450a7a12000-03-26 13:04:51 +1000977If is also possible to use netgroups in the file.
978Either host or user
Damien Miller32aa1441999-10-29 09:15:49 +1000979name may be of the form +@groupname to specify all hosts or all users
980in the group.
981.It Pa $HOME/.shosts
982For ssh,
983this file is exactly the same as for
984.Pa .rhosts .
985However, this file is
986not used by rlogin and rshd, so using this permits access using SSH only.
Damien Miller942da032000-08-18 13:59:06 +1000987.It Pa /etc/hosts.equiv
Damien Miller32aa1441999-10-29 09:15:49 +1000988This file is used during
989.Pa .rhosts
Damien Miller450a7a12000-03-26 13:04:51 +1000990authentication.
991In the simplest form, this file contains host names, one per line.
992Users on
Damien Miller32aa1441999-10-29 09:15:49 +1000993those hosts are permitted to log in without a password, provided they
Damien Miller450a7a12000-03-26 13:04:51 +1000994have the same user name on both machines.
995The host name may also be
Damien Miller32aa1441999-10-29 09:15:49 +1000996followed by a user name; such users are permitted to log in as
997.Em any
Damien Miller450a7a12000-03-26 13:04:51 +1000998user on this machine (except root).
999Additionally, the syntax
Damien Miller32aa1441999-10-29 09:15:49 +10001000.Dq +@group
Damien Miller450a7a12000-03-26 13:04:51 +10001001can be used to specify netgroups.
1002Negated entries start with
Damien Miller32aa1441999-10-29 09:15:49 +10001003.Ql \&- .
1004.Pp
1005If the client host/user is successfully matched in this file, login is
1006automatically permitted provided the client and server user names are the
Damien Miller450a7a12000-03-26 13:04:51 +10001007same.
1008Additionally, successful RSA host authentication is normally required.
1009This file must be writable only by root; it is recommended
Damien Miller32aa1441999-10-29 09:15:49 +10001010that it be world-readable.
1011.Pp
1012.Sy "Warning: It is almost never a good idea to use user names in"
1013.Pa hosts.equiv .
1014Beware that it really means that the named user(s) can log in as
1015.Em anybody ,
1016which includes bin, daemon, adm, and other accounts that own critical
Damien Miller450a7a12000-03-26 13:04:51 +10001017binaries and directories.
1018Using a user name practically grants the user root access.
1019The only valid use for user names that I can think
Damien Miller32aa1441999-10-29 09:15:49 +10001020of is in negative entries.
1021.Pp
1022Note that this warning also applies to rsh/rlogin.
Damien Miller886c63a2000-01-20 23:13:36 +11001023.It Pa /etc/shosts.equiv
Damien Miller32aa1441999-10-29 09:15:49 +10001024This is processed exactly as
1025.Pa /etc/hosts.equiv .
1026However, this file may be useful in environments that want to run both
1027rsh/rlogin and ssh.
1028.It Pa $HOME/.ssh/environment
Damien Miller450a7a12000-03-26 13:04:51 +10001029This file is read into the environment at login (if it exists).
1030It can only contain empty lines, comment lines (that start with
Damien Miller32aa1441999-10-29 09:15:49 +10001031.Ql # ) ,
Damien Miller450a7a12000-03-26 13:04:51 +10001032and assignment lines of the form name=value.
1033The file should be writable
Damien Miller32aa1441999-10-29 09:15:49 +10001034only by the user; it need not be readable by anyone else.
1035.It Pa $HOME/.ssh/rc
1036If this file exists, it is run with /bin/sh after reading the
Damien Miller450a7a12000-03-26 13:04:51 +10001037environment files but before starting the user's shell or command.
1038If X11 spoofing is in use, this will receive the "proto cookie" pair in
Damien Miller32aa1441999-10-29 09:15:49 +10001039standard input (and
1040.Ev DISPLAY
Damien Miller450a7a12000-03-26 13:04:51 +10001041in environment).
1042This must call
Damien Miller32aa1441999-10-29 09:15:49 +10001043.Xr xauth 1
1044in that case.
1045.Pp
1046The primary purpose of this file is to run any initialization routines
1047which may be needed before the user's home directory becomes
1048accessible; AFS is a particular example of such an environment.
1049.Pp
1050This file will probably contain some initialization code followed by
1051something similar to: "if read proto cookie; then echo add $DISPLAY
1052$proto $cookie | xauth -q -; fi".
1053.Pp
1054If this file does not exist,
Damien Miller886c63a2000-01-20 23:13:36 +11001055.Pa /etc/sshrc
Damien Miller32aa1441999-10-29 09:15:49 +10001056is run, and if that
1057does not exist either, xauth is used to store the cookie.
1058.Pp
1059This file should be writable only by the user, and need not be
1060readable by anyone else.
Damien Miller886c63a2000-01-20 23:13:36 +11001061.It Pa /etc/sshrc
Damien Miller32aa1441999-10-29 09:15:49 +10001062Like
1063.Pa $HOME/.ssh/rc .
1064This can be used to specify
Damien Miller450a7a12000-03-26 13:04:51 +10001065machine-specific login-time initializations globally.
1066This file should be writable only by root, and should be world-readable.
Damien Miller37023962000-07-11 17:31:38 +10001067.El
Damien Miller0bc1bd82000-11-13 22:57:25 +11001068.Sh AUTHORS
Ben Lindstrom8eec2c82001-01-29 08:39:16 +00001069OpenSSH is a derivative of the original and free
1070ssh 1.2.12 release by Tatu Ylonen.
1071Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos,
1072Theo de Raadt and Dug Song
1073removed many bugs, re-added newer features and
1074created OpenSSH.
1075Markus Friedl contributed the support for SSH
1076protocol versions 1.5 and 2.0.
Damien Miller32aa1441999-10-29 09:15:49 +10001077.Sh SEE ALSO
Damien Miller32aa1441999-10-29 09:15:49 +10001078.Xr scp 1 ,
Damien Miller7b28dc52000-09-05 13:34:53 +11001079.Xr sftp-server 8 ,
Damien Miller32aa1441999-10-29 09:15:49 +10001080.Xr ssh 1 ,
1081.Xr ssh-add 1 ,
1082.Xr ssh-agent 1 ,
1083.Xr ssh-keygen 1 ,
Ben Lindstrom4dccfa52000-12-28 16:40:05 +00001084.Xr ssl 8 ,
Damien Millerb38eff82000-04-01 11:09:21 +10001085.Xr rlogin 1 ,
1086.Xr rsh 1