blob: ea79a54bf26c0b8e5b78f9ceacee5cbf36c56d1a [file] [log] [blame]
Ben Lindstrom9f049032002-06-21 00:59:05 +00001.\" -*- nroff -*-
2.\"
3.\" Author: Tatu Ylonen <ylo@cs.hut.fi>
4.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
5.\" All rights reserved
6.\"
7.\" As far as I am concerned, the code I have written for this software
8.\" can be used freely for any purpose. Any derived versions of this
9.\" software must be clearly marked as such, and if the derived work is
10.\" incompatible with the protocol description in the RFC file, it must be
11.\" called by a name other than "ssh" or "Secure Shell".
12.\"
13.\" Copyright (c) 1999,2000 Markus Friedl. All rights reserved.
14.\" Copyright (c) 1999 Aaron Campbell. All rights reserved.
15.\" Copyright (c) 1999 Theo de Raadt. All rights reserved.
16.\"
17.\" Redistribution and use in source and binary forms, with or without
18.\" modification, are permitted provided that the following conditions
19.\" are met:
20.\" 1. Redistributions of source code must retain the above copyright
21.\" notice, this list of conditions and the following disclaimer.
22.\" 2. Redistributions in binary form must reproduce the above copyright
23.\" notice, this list of conditions and the following disclaimer in the
24.\" documentation and/or other materials provided with the distribution.
25.\"
26.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
27.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
28.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
29.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
30.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
31.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
32.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
33.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
34.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
35.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
36.\"
Darren Tucker83d5a982005-03-31 21:33:50 +100037.\" $OpenBSD: sshd_config.5,v 1.40 2005/03/18 17:05:00 jmc Exp $
Ben Lindstrom9f049032002-06-21 00:59:05 +000038.Dd September 25, 1999
39.Dt SSHD_CONFIG 5
40.Os
41.Sh NAME
42.Nm sshd_config
43.Nd OpenSSH SSH daemon configuration file
44.Sh SYNOPSIS
45.Bl -tag -width Ds -compact
46.It Pa /etc/ssh/sshd_config
47.El
48.Sh DESCRIPTION
49.Nm sshd
50reads configuration data from
51.Pa /etc/ssh/sshd_config
52(or the file specified with
53.Fl f
54on the command line).
55The file contains keyword-argument pairs, one per line.
56Lines starting with
57.Ql #
58and empty lines are interpreted as comments.
59.Pp
60The possible
61keywords and their meanings are as follows (note that
62keywords are case-insensitive and arguments are case-sensitive):
63.Bl -tag -width Ds
Darren Tucker46bc0752004-05-02 22:11:30 +100064.It Cm AcceptEnv
65Specifies what environment variables sent by the client will be copied into
66the session's
67.Xr environ 7 .
68See
69.Cm SendEnv
70in
71.Xr ssh_config 5
72for how to configure the client.
Darren Tucker1e0c9bf2004-05-02 22:12:48 +100073Note that environment passing is only supported for protocol 2.
Darren Tucker46bc0752004-05-02 22:11:30 +100074Variables are specified by name, which may contain the wildcard characters
75.Ql \&*
76and
77.Ql \&? .
Darren Tucker1e0c9bf2004-05-02 22:12:48 +100078Multiple environment variables may be separated by whitespace or spread
Darren Tucker46bc0752004-05-02 22:11:30 +100079across multiple
80.Cm AcceptEnv
81directives.
Darren Tucker1e0c9bf2004-05-02 22:12:48 +100082Be warned that some environment variables could be used to bypass restricted
Darren Tucker46bc0752004-05-02 22:11:30 +100083user environments.
84For this reason, care should be taken in the use of this directive.
85The default is not to accept any environment variables.
Darren Tucker0f383232005-01-20 10:57:56 +110086.It Cm AddressFamily
87Specifies which address family should be used by
88.Nm sshd .
89Valid arguments are
90.Dq any ,
91.Dq inet
92(use IPv4 only) or
93.Dq inet6
94(use IPv6 only).
95The default is
96.Dq any .
Ben Lindstrom9f049032002-06-21 00:59:05 +000097.It Cm AllowGroups
98This keyword can be followed by a list of group name patterns, separated
99by spaces.
100If specified, login is allowed only for users whose primary
101group or supplementary group list matches one of the patterns.
102.Ql \&*
103and
Damien Miller049245d2003-05-14 13:44:42 +1000104.Ql \&?
Ben Lindstrom9f049032002-06-21 00:59:05 +0000105can be used as
106wildcards in the patterns.
107Only group names are valid; a numerical group ID is not recognized.
108By default, login is allowed for all groups.
Ben Lindstrom9f049032002-06-21 00:59:05 +0000109.It Cm AllowTcpForwarding
110Specifies whether TCP forwarding is permitted.
111The default is
112.Dq yes .
113Note that disabling TCP forwarding does not improve security unless
114users are also denied shell access, as they can always install their
115own forwarders.
Ben Lindstrom9f049032002-06-21 00:59:05 +0000116.It Cm AllowUsers
117This keyword can be followed by a list of user name patterns, separated
118by spaces.
Damien Miller5a93add2003-01-24 11:34:52 +1100119If specified, login is allowed only for user names that
Ben Lindstrom9f049032002-06-21 00:59:05 +0000120match one of the patterns.
121.Ql \&*
122and
Damien Miller049245d2003-05-14 13:44:42 +1000123.Ql \&?
Ben Lindstrom9f049032002-06-21 00:59:05 +0000124can be used as
125wildcards in the patterns.
126Only user names are valid; a numerical user ID is not recognized.
127By default, login is allowed for all users.
128If the pattern takes the form USER@HOST then USER and HOST
129are separately checked, restricting logins to particular
130users from particular hosts.
Ben Lindstrom9f049032002-06-21 00:59:05 +0000131.It Cm AuthorizedKeysFile
132Specifies the file that contains the public keys that can be used
133for user authentication.
134.Cm AuthorizedKeysFile
135may contain tokens of the form %T which are substituted during connection
Damien Millerfbf486b2003-05-23 18:44:23 +1000136set-up.
137The following tokens are defined: %% is replaced by a literal '%',
Ben Lindstrom9f049032002-06-21 00:59:05 +0000138%h is replaced by the home directory of the user being authenticated and
139%u is replaced by the username of that user.
140After expansion,
141.Cm AuthorizedKeysFile
142is taken to be an absolute path or one relative to the user's home
143directory.
144The default is
145.Dq .ssh/authorized_keys .
146.It Cm Banner
147In some jurisdictions, sending a warning message before authentication
148may be relevant for getting legal protection.
149The contents of the specified file are sent to the remote user before
150authentication is allowed.
151This option is only available for protocol version 2.
152By default, no banner is displayed.
Ben Lindstrom9f049032002-06-21 00:59:05 +0000153.It Cm ChallengeResponseAuthentication
154Specifies whether challenge response authentication is allowed.
155All authentication styles from
156.Xr login.conf 5
157are supported.
158The default is
159.Dq yes .
160.It Cm Ciphers
161Specifies the ciphers allowed for protocol version 2.
162Multiple ciphers must be comma-separated.
Damien Miller05202ff2004-06-15 10:30:39 +1000163The supported ciphers are
164.Dq 3des-cbc ,
165.Dq aes128-cbc ,
166.Dq aes192-cbc ,
167.Dq aes256-cbc ,
168.Dq aes128-ctr ,
169.Dq aes192-ctr ,
170.Dq aes256-ctr ,
171.Dq arcfour ,
172.Dq blowfish-cbc ,
173and
174.Dq cast128-cbc .
Ben Lindstrom9f049032002-06-21 00:59:05 +0000175The default is
Ben Lindstrom9f049032002-06-21 00:59:05 +0000176.Bd -literal
177 ``aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,
Darren Tucker91cf2612003-06-22 20:46:53 +1000178 aes192-cbc,aes256-cbc,aes128-ctr,aes192-ctr,aes256-ctr''
Ben Lindstrom9f049032002-06-21 00:59:05 +0000179.Ed
180.It Cm ClientAliveInterval
181Sets a timeout interval in seconds after which if no data has been received
182from the client,
183.Nm sshd
184will send a message through the encrypted
185channel to request a response from the client.
186The default
187is 0, indicating that these messages will not be sent to the client.
188This option applies to protocol version 2 only.
189.It Cm ClientAliveCountMax
190Sets the number of client alive messages (see above) which may be
191sent without
192.Nm sshd
Damien Millerfbf486b2003-05-23 18:44:23 +1000193receiving any messages back from the client.
194If this threshold is reached while client alive messages are being sent,
Ben Lindstrom9f049032002-06-21 00:59:05 +0000195.Nm sshd
Damien Millerfbf486b2003-05-23 18:44:23 +1000196will disconnect the client, terminating the session.
197It is important to note that the use of client alive messages is very
198different from
Damien Miller12c150e2003-12-17 16:31:10 +1100199.Cm TCPKeepAlive
Damien Millerfbf486b2003-05-23 18:44:23 +1000200(below).
201The client alive messages are sent through the encrypted channel
202and therefore will not be spoofable.
203The TCP keepalive option enabled by
Damien Miller12c150e2003-12-17 16:31:10 +1100204.Cm TCPKeepAlive
Damien Millerfbf486b2003-05-23 18:44:23 +1000205is spoofable.
206The client alive mechanism is valuable when the client or
Ben Lindstrom9f049032002-06-21 00:59:05 +0000207server depend on knowing when a connection has become inactive.
208.Pp
Damien Millerfbf486b2003-05-23 18:44:23 +1000209The default value is 3.
210If
Ben Lindstrom9f049032002-06-21 00:59:05 +0000211.Cm ClientAliveInterval
212(above) is set to 15, and
213.Cm ClientAliveCountMax
214is left at the default, unresponsive ssh clients
215will be disconnected after approximately 45 seconds.
216.It Cm Compression
217Specifies whether compression is allowed.
218The argument must be
219.Dq yes
220or
221.Dq no .
222The default is
223.Dq yes .
224.It Cm DenyGroups
225This keyword can be followed by a list of group name patterns, separated
226by spaces.
227Login is disallowed for users whose primary group or supplementary
228group list matches one of the patterns.
229.Ql \&*
230and
Damien Miller049245d2003-05-14 13:44:42 +1000231.Ql \&?
Ben Lindstrom9f049032002-06-21 00:59:05 +0000232can be used as
233wildcards in the patterns.
234Only group names are valid; a numerical group ID is not recognized.
235By default, login is allowed for all groups.
Ben Lindstrom9f049032002-06-21 00:59:05 +0000236.It Cm DenyUsers
237This keyword can be followed by a list of user name patterns, separated
238by spaces.
239Login is disallowed for user names that match one of the patterns.
240.Ql \&*
241and
Damien Miller049245d2003-05-14 13:44:42 +1000242.Ql \&?
Ben Lindstrom9f049032002-06-21 00:59:05 +0000243can be used as wildcards in the patterns.
244Only user names are valid; a numerical user ID is not recognized.
245By default, login is allowed for all users.
246If the pattern takes the form USER@HOST then USER and HOST
247are separately checked, restricting logins to particular
248users from particular hosts.
249.It Cm GatewayPorts
250Specifies whether remote hosts are allowed to connect to ports
251forwarded for the client.
252By default,
253.Nm sshd
Damien Miller495dca32003-04-01 21:42:14 +1000254binds remote port forwardings to the loopback address.
255This prevents other remote hosts from connecting to forwarded ports.
Ben Lindstrom9f049032002-06-21 00:59:05 +0000256.Cm GatewayPorts
257can be used to specify that
258.Nm sshd
Damien Millerf91ee4c2005-03-01 21:24:33 +1100259should allow remote port forwardings to bind to non-loopback addresses, thus
260allowing other hosts to connect.
261The argument may be
262.Dq no
263to force remote port forwardings to be available to the local host only,
Ben Lindstrom9f049032002-06-21 00:59:05 +0000264.Dq yes
Damien Millerf91ee4c2005-03-01 21:24:33 +1100265to force remote port forwardings to bind to the wildcard address, or
266.Dq clientspecified
267to allow the client to select the address to which the forwarding is bound.
Ben Lindstrom9f049032002-06-21 00:59:05 +0000268The default is
269.Dq no .
Darren Tucker0efd1552003-08-26 11:49:55 +1000270.It Cm GSSAPIAuthentication
Damien Miller9b7b03b2003-09-02 22:57:05 +1000271Specifies whether user authentication based on GSSAPI is allowed.
Damien Millera8e06ce2003-11-21 23:48:55 +1100272The default is
Darren Tucker0efd1552003-08-26 11:49:55 +1000273.Dq no .
274Note that this option applies to protocol version 2 only.
275.It Cm GSSAPICleanupCredentials
276Specifies whether to automatically destroy the user's credentials cache
277on logout.
278The default is
279.Dq yes .
280Note that this option applies to protocol version 2 only.
Ben Lindstrom9f049032002-06-21 00:59:05 +0000281.It Cm HostbasedAuthentication
282Specifies whether rhosts or /etc/hosts.equiv authentication together
283with successful public key client host authentication is allowed
284(hostbased authentication).
285This option is similar to
286.Cm RhostsRSAAuthentication
287and applies to protocol version 2 only.
288The default is
289.Dq no .
290.It Cm HostKey
291Specifies a file containing a private host key
292used by SSH.
293The default is
294.Pa /etc/ssh/ssh_host_key
295for protocol version 1, and
296.Pa /etc/ssh/ssh_host_rsa_key
297and
298.Pa /etc/ssh/ssh_host_dsa_key
299for protocol version 2.
300Note that
301.Nm sshd
302will refuse to use a file if it is group/world-accessible.
303It is possible to have multiple host key files.
304.Dq rsa1
305keys are used for version 1 and
306.Dq dsa
307or
308.Dq rsa
309are used for version 2 of the SSH protocol.
310.It Cm IgnoreRhosts
311Specifies that
312.Pa .rhosts
313and
314.Pa .shosts
315files will not be used in
Ben Lindstrom9f049032002-06-21 00:59:05 +0000316.Cm RhostsRSAAuthentication
317or
318.Cm HostbasedAuthentication .
319.Pp
320.Pa /etc/hosts.equiv
321and
322.Pa /etc/shosts.equiv
323are still used.
324The default is
325.Dq yes .
326.It Cm IgnoreUserKnownHosts
327Specifies whether
328.Nm sshd
329should ignore the user's
330.Pa $HOME/.ssh/known_hosts
331during
332.Cm RhostsRSAAuthentication
333or
334.Cm HostbasedAuthentication .
335The default is
336.Dq no .
Ben Lindstrom9f049032002-06-21 00:59:05 +0000337.It Cm KerberosAuthentication
Damien Miller1a0c0b92003-09-02 22:51:17 +1000338Specifies whether the password provided by the user for
Ben Lindstrom9f049032002-06-21 00:59:05 +0000339.Cm PasswordAuthentication
Damien Miller1a0c0b92003-09-02 22:51:17 +1000340will be validated through the Kerberos KDC.
Ben Lindstrom9f049032002-06-21 00:59:05 +0000341To use this option, the server needs a
342Kerberos servtab which allows the verification of the KDC's identity.
343Default is
344.Dq no .
Damien Miller8448e662004-03-08 23:13:15 +1100345.It Cm KerberosGetAFSToken
346If AFS is active and the user has a Kerberos 5 TGT, attempt to aquire
347an AFS token before accessing the user's home directory.
348Default is
349.Dq no .
Ben Lindstrom9f049032002-06-21 00:59:05 +0000350.It Cm KerberosOrLocalPasswd
351If set then if password authentication through Kerberos fails then
352the password will be validated via any additional local mechanism
353such as
354.Pa /etc/passwd .
355Default is
356.Dq yes .
Ben Lindstrom9f049032002-06-21 00:59:05 +0000357.It Cm KerberosTicketCleanup
358Specifies whether to automatically destroy the user's ticket cache
359file on logout.
360Default is
361.Dq yes .
362.It Cm KeyRegenerationInterval
363In protocol version 1, the ephemeral server key is automatically regenerated
364after this many seconds (if it has been used).
365The purpose of regeneration is to prevent
366decrypting captured sessions by later breaking into the machine and
367stealing the keys.
368The key is never stored anywhere.
369If the value is 0, the key is never regenerated.
370The default is 3600 (seconds).
371.It Cm ListenAddress
372Specifies the local addresses
373.Nm sshd
374should listen on.
375The following forms may be used:
376.Pp
377.Bl -item -offset indent -compact
378.It
379.Cm ListenAddress
380.Sm off
381.Ar host No | Ar IPv4_addr No | Ar IPv6_addr
382.Sm on
383.It
384.Cm ListenAddress
385.Sm off
386.Ar host No | Ar IPv4_addr No : Ar port
387.Sm on
388.It
389.Cm ListenAddress
390.Sm off
391.Oo
392.Ar host No | Ar IPv6_addr Oc : Ar port
393.Sm on
394.El
395.Pp
396If
397.Ar port
398is not specified,
399.Nm sshd
400will listen on the address and all prior
401.Cm Port
Damien Millerfbf486b2003-05-23 18:44:23 +1000402options specified.
403The default is to listen on all local addresses.
Damien Miller495dca32003-04-01 21:42:14 +1000404Multiple
Ben Lindstrom9f049032002-06-21 00:59:05 +0000405.Cm ListenAddress
Damien Millerfbf486b2003-05-23 18:44:23 +1000406options are permitted.
407Additionally, any
Ben Lindstrom9f049032002-06-21 00:59:05 +0000408.Cm Port
409options must precede this option for non port qualified addresses.
410.It Cm LoginGraceTime
411The server disconnects after this time if the user has not
412successfully logged in.
413If the value is 0, there is no time limit.
Damien Millerc1348632002-09-05 14:35:14 +1000414The default is 120 seconds.
Ben Lindstrom9f049032002-06-21 00:59:05 +0000415.It Cm LogLevel
416Gives the verbosity level that is used when logging messages from
417.Nm sshd .
418The possible values are:
419QUIET, FATAL, ERROR, INFO, VERBOSE, DEBUG, DEBUG1, DEBUG2 and DEBUG3.
Damien Miller495dca32003-04-01 21:42:14 +1000420The default is INFO.
421DEBUG and DEBUG1 are equivalent.
422DEBUG2 and DEBUG3 each specify higher levels of debugging output.
423Logging with a DEBUG level violates the privacy of users and is not recommended.
Ben Lindstrom9f049032002-06-21 00:59:05 +0000424.It Cm MACs
425Specifies the available MAC (message authentication code) algorithms.
426The MAC algorithm is used in protocol version 2
427for data integrity protection.
428Multiple algorithms must be comma-separated.
429The default is
430.Dq hmac-md5,hmac-sha1,hmac-ripemd160,hmac-sha1-96,hmac-md5-96 .
Darren Tucker89413db2004-05-24 10:36:23 +1000431.It Cm MaxAuthTries
432Specifies the maximum number of authentication attempts permitted per
Damien Miller26213e52004-06-30 22:39:34 +1000433connection.
434Once the number of failures reaches half this value,
435additional failures are logged.
436The default is 6.
Ben Lindstrom9f049032002-06-21 00:59:05 +0000437.It Cm MaxStartups
438Specifies the maximum number of concurrent unauthenticated connections to the
439.Nm sshd
440daemon.
441Additional connections will be dropped until authentication succeeds or the
442.Cm LoginGraceTime
443expires for a connection.
444The default is 10.
445.Pp
446Alternatively, random early drop can be enabled by specifying
447the three colon separated values
448.Dq start:rate:full
449(e.g., "10:30:60").
450.Nm sshd
451will refuse connection attempts with a probability of
452.Dq rate/100
453(30%)
454if there are currently
455.Dq start
456(10)
457unauthenticated connections.
458The probability increases linearly and all connection attempts
459are refused if the number of unauthenticated connections reaches
460.Dq full
461(60).
462.It Cm PasswordAuthentication
463Specifies whether password authentication is allowed.
464The default is
465.Dq yes .
466.It Cm PermitEmptyPasswords
467When password authentication is allowed, it specifies whether the
468server allows login to accounts with empty password strings.
469The default is
470.Dq no .
471.It Cm PermitRootLogin
Darren Tuckerb3509012005-01-20 11:01:46 +1100472Specifies whether root can log in using
Ben Lindstrom9f049032002-06-21 00:59:05 +0000473.Xr ssh 1 .
474The argument must be
475.Dq yes ,
476.Dq without-password ,
477.Dq forced-commands-only
478or
479.Dq no .
480The default is
481.Dq yes .
482.Pp
483If this option is set to
484.Dq without-password
Darren Tucker9dca0992005-02-01 19:16:45 +1100485password authentication is disabled for root.
Ben Lindstrom9f049032002-06-21 00:59:05 +0000486.Pp
487If this option is set to
488.Dq forced-commands-only
489root login with public key authentication will be allowed,
490but only if the
491.Ar command
492option has been specified
493(which may be useful for taking remote backups even if root login is
Damien Millerfbf486b2003-05-23 18:44:23 +1000494normally not allowed).
495All other authentication methods are disabled for root.
Ben Lindstrom9f049032002-06-21 00:59:05 +0000496.Pp
497If this option is set to
498.Dq no
Darren Tuckerb3509012005-01-20 11:01:46 +1100499root is not allowed to log in.
Ben Lindstrom5d860f02002-08-01 01:28:38 +0000500.It Cm PermitUserEnvironment
501Specifies whether
502.Pa ~/.ssh/environment
Ben Lindstrombd9bf382002-08-20 18:54:20 +0000503and
Ben Lindstrom5d860f02002-08-01 01:28:38 +0000504.Cm environment=
505options in
506.Pa ~/.ssh/authorized_keys
Ben Lindstrombd9bf382002-08-20 18:54:20 +0000507are processed by
508.Nm sshd .
Ben Lindstrom5d860f02002-08-01 01:28:38 +0000509The default is
510.Dq no .
Ben Lindstrombd9bf382002-08-20 18:54:20 +0000511Enabling environment processing may enable users to bypass access
512restrictions in some configurations using mechanisms such as
513.Ev LD_PRELOAD .
Ben Lindstrom9f049032002-06-21 00:59:05 +0000514.It Cm PidFile
Ben Lindstrom959de992002-06-23 00:35:25 +0000515Specifies the file that contains the process ID of the
Ben Lindstrom9f049032002-06-21 00:59:05 +0000516.Nm sshd
517daemon.
518The default is
519.Pa /var/run/sshd.pid .
520.It Cm Port
521Specifies the port number that
522.Nm sshd
523listens on.
524The default is 22.
525Multiple options of this type are permitted.
526See also
527.Cm ListenAddress .
528.It Cm PrintLastLog
529Specifies whether
530.Nm sshd
Darren Tucker7cc5c232004-11-05 20:06:59 +1100531should print the date and time of the last user login when a user logs
532in interactively.
Ben Lindstrom9f049032002-06-21 00:59:05 +0000533The default is
534.Dq yes .
535.It Cm PrintMotd
536Specifies whether
537.Nm sshd
538should print
539.Pa /etc/motd
540when a user logs in interactively.
541(On some systems it is also printed by the shell,
542.Pa /etc/profile ,
543or equivalent.)
544The default is
545.Dq yes .
546.It Cm Protocol
547Specifies the protocol versions
548.Nm sshd
Ben Lindstrom9c445542002-07-11 03:59:18 +0000549supports.
Ben Lindstrom9f049032002-06-21 00:59:05 +0000550The possible values are
551.Dq 1
552and
553.Dq 2 .
554Multiple versions must be comma-separated.
555The default is
556.Dq 2,1 .
Ben Lindstrom9c445542002-07-11 03:59:18 +0000557Note that the order of the protocol list does not indicate preference,
558because the client selects among multiple protocol versions offered
559by the server.
560Specifying
561.Dq 2,1
562is identical to
563.Dq 1,2 .
Ben Lindstrom9f049032002-06-21 00:59:05 +0000564.It Cm PubkeyAuthentication
565Specifies whether public key authentication is allowed.
566The default is
567.Dq yes .
568Note that this option applies to protocol version 2 only.
Ben Lindstrom9f049032002-06-21 00:59:05 +0000569.It Cm RhostsRSAAuthentication
570Specifies whether rhosts or /etc/hosts.equiv authentication together
571with successful RSA host authentication is allowed.
572The default is
573.Dq no .
574This option applies to protocol version 1 only.
575.It Cm RSAAuthentication
576Specifies whether pure RSA authentication is allowed.
577The default is
578.Dq yes .
579This option applies to protocol version 1 only.
580.It Cm ServerKeyBits
581Defines the number of bits in the ephemeral protocol version 1 server key.
582The minimum value is 512, and the default is 768.
583.It Cm StrictModes
584Specifies whether
585.Nm sshd
586should check file modes and ownership of the
587user's files and home directory before accepting login.
588This is normally desirable because novices sometimes accidentally leave their
589directory or files world-writable.
590The default is
591.Dq yes .
592.It Cm Subsystem
593Configures an external subsystem (e.g., file transfer daemon).
594Arguments should be a subsystem name and a command to execute upon subsystem
595request.
596The command
597.Xr sftp-server 8
598implements the
599.Dq sftp
600file transfer subsystem.
601By default no subsystems are defined.
602Note that this option applies to protocol version 2 only.
603.It Cm SyslogFacility
604Gives the facility code that is used when logging messages from
605.Nm sshd .
606The possible values are: DAEMON, USER, AUTH, LOCAL0, LOCAL1, LOCAL2,
607LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7.
608The default is AUTH.
Damien Miller12c150e2003-12-17 16:31:10 +1100609.It Cm TCPKeepAlive
610Specifies whether the system should send TCP keepalive messages to the
611other side.
612If they are sent, death of the connection or crash of one
613of the machines will be properly noticed.
614However, this means that
615connections will die if the route is down temporarily, and some people
616find it annoying.
617On the other hand, if TCP keepalives are not sent,
618sessions may hang indefinitely on the server, leaving
619.Dq ghost
620users and consuming server resources.
621.Pp
622The default is
623.Dq yes
624(to send TCP keepalive messages), and the server will notice
625if the network goes down or the client host crashes.
626This avoids infinitely hanging sessions.
627.Pp
628To disable TCP keepalive messages, the value should be set to
629.Dq no .
Damien Miller3a961dc2003-06-03 10:25:48 +1000630.It Cm UseDNS
631Specifies whether
632.Nm sshd
Darren Tucker83d5a982005-03-31 21:33:50 +1000633should look up the remote host name and check that
Damien Miller3a961dc2003-06-03 10:25:48 +1000634the resolved host name for the remote IP address maps back to the
635very same IP address.
636The default is
637.Dq yes .
Ben Lindstrom9f049032002-06-21 00:59:05 +0000638.It Cm UseLogin
639Specifies whether
640.Xr login 1
641is used for interactive login sessions.
642The default is
643.Dq no .
644Note that
645.Xr login 1
646is never used for remote command execution.
647Note also, that if this is enabled,
648.Cm X11Forwarding
649will be disabled because
650.Xr login 1
651does not know how to handle
652.Xr xauth 1
Damien Miller495dca32003-04-01 21:42:14 +1000653cookies.
654If
Ben Lindstrom9f049032002-06-21 00:59:05 +0000655.Cm UsePrivilegeSeparation
656is specified, it will be disabled after authentication.
Damien Miller2e193e22003-05-14 15:13:03 +1000657.It Cm UsePAM
Darren Tucker1dcff9a2004-05-13 16:51:40 +1000658Enables the Pluggable Authentication Module interface.
659If set to
660.Dq yes
661this will enable PAM authentication using
662.Cm ChallengeResponseAuthentication
663and PAM account and session module processing for all authentication types.
664.Pp
665Because PAM challenge-response authentication usually serves an equivalent
666role to password authentication, you should disable either
667.Cm PasswordAuthentication
668or
669.Cm ChallengeResponseAuthentication.
670.Pp
671If
672.Cm UsePAM
673is enabled, you will not be able to run
674.Xr sshd 8
675as a non-root user.
676The default is
Darren Tucker6c0c0702003-10-09 14:13:53 +1000677.Dq no .
Ben Lindstrom9f049032002-06-21 00:59:05 +0000678.It Cm UsePrivilegeSeparation
679Specifies whether
680.Nm sshd
681separates privileges by creating an unprivileged child process
Damien Miller495dca32003-04-01 21:42:14 +1000682to deal with incoming network traffic.
683After successful authentication, another process will be created that has
684the privilege of the authenticated user.
685The goal of privilege separation is to prevent privilege
Ben Lindstrom9f049032002-06-21 00:59:05 +0000686escalation by containing any corruption within the unprivileged processes.
687The default is
688.Dq yes .
Ben Lindstrom9f049032002-06-21 00:59:05 +0000689.It Cm X11DisplayOffset
690Specifies the first display number available for
691.Nm sshd Ns 's
692X11 forwarding.
693This prevents
694.Nm sshd
695from interfering with real X11 servers.
696The default is 10.
697.It Cm X11Forwarding
698Specifies whether X11 forwarding is permitted.
Damien Miller101c4a72002-09-19 11:51:21 +1000699The argument must be
700.Dq yes
701or
702.Dq no .
Ben Lindstrom9f049032002-06-21 00:59:05 +0000703The default is
704.Dq no .
Damien Miller101c4a72002-09-19 11:51:21 +1000705.Pp
706When X11 forwarding is enabled, there may be additional exposure to
707the server and to client displays if the
708.Nm sshd
709proxy display is configured to listen on the wildcard address (see
710.Cm X11UseLocalhost
711below), however this is not the default.
712Additionally, the authentication spoofing and authentication data
713verification and substitution occur on the client side.
714The security risk of using X11 forwarding is that the client's X11
715display server may be exposed to attack when the ssh client requests
716forwarding (see the warnings for
717.Cm ForwardX11
718in
Damien Millerf1ce5052003-06-11 22:04:39 +1000719.Xr ssh_config 5 ) .
Damien Miller101c4a72002-09-19 11:51:21 +1000720A system administrator may have a stance in which they want to
721protect clients that may expose themselves to attack by unwittingly
722requesting X11 forwarding, which can warrant a
723.Dq no
724setting.
725.Pp
726Note that disabling X11 forwarding does not prevent users from
727forwarding X11 traffic, as users can always install their own forwarders.
Ben Lindstrom9f049032002-06-21 00:59:05 +0000728X11 forwarding is automatically disabled if
729.Cm UseLogin
730is enabled.
731.It Cm X11UseLocalhost
732Specifies whether
733.Nm sshd
734should bind the X11 forwarding server to the loopback address or to
Damien Miller495dca32003-04-01 21:42:14 +1000735the wildcard address.
736By default,
Ben Lindstrom9f049032002-06-21 00:59:05 +0000737.Nm sshd
738binds the forwarding server to the loopback address and sets the
739hostname part of the
740.Ev DISPLAY
741environment variable to
742.Dq localhost .
Ben Lindstrom15b61202002-08-20 18:44:24 +0000743This prevents remote hosts from connecting to the proxy display.
Ben Lindstrom9f049032002-06-21 00:59:05 +0000744However, some older X11 clients may not function with this
745configuration.
746.Cm X11UseLocalhost
747may be set to
748.Dq no
749to specify that the forwarding server should be bound to the wildcard
750address.
751The argument must be
752.Dq yes
753or
754.Dq no .
755The default is
756.Dq yes .
757.It Cm XAuthLocation
Damien Miller05913ba2002-09-04 16:51:03 +1000758Specifies the full pathname of the
Ben Lindstrom9f049032002-06-21 00:59:05 +0000759.Xr xauth 1
760program.
761The default is
762.Pa /usr/X11R6/bin/xauth .
763.El
764.Ss Time Formats
Ben Lindstrom9f049032002-06-21 00:59:05 +0000765.Nm sshd
766command-line arguments and configuration file options that specify time
767may be expressed using a sequence of the form:
768.Sm off
Ben Lindstrom1f8cf4f2002-08-20 18:43:27 +0000769.Ar time Op Ar qualifier ,
Ben Lindstrom9f049032002-06-21 00:59:05 +0000770.Sm on
771where
772.Ar time
773is a positive integer value and
774.Ar qualifier
775is one of the following:
776.Pp
777.Bl -tag -width Ds -compact -offset indent
778.It Cm <none>
779seconds
780.It Cm s | Cm S
781seconds
782.It Cm m | Cm M
783minutes
784.It Cm h | Cm H
785hours
786.It Cm d | Cm D
787days
788.It Cm w | Cm W
789weeks
790.El
791.Pp
792Each member of the sequence is added together to calculate
793the total time value.
794.Pp
795Time format examples:
796.Pp
797.Bl -tag -width Ds -compact -offset indent
798.It 600
799600 seconds (10 minutes)
800.It 10m
80110 minutes
802.It 1h30m
8031 hour 30 minutes (90 minutes)
804.El
805.Sh FILES
806.Bl -tag -width Ds
807.It Pa /etc/ssh/sshd_config
808Contains configuration data for
809.Nm sshd .
810This file should be writable by root only, but it is recommended
811(though not necessary) that it be world-readable.
812.El
Damien Millerf1ce5052003-06-11 22:04:39 +1000813.Sh SEE ALSO
814.Xr sshd 8
Ben Lindstrom9f049032002-06-21 00:59:05 +0000815.Sh AUTHORS
816OpenSSH is a derivative of the original and free
817ssh 1.2.12 release by Tatu Ylonen.
818Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos,
819Theo de Raadt and Dug Song
820removed many bugs, re-added newer features and
821created OpenSSH.
822Markus Friedl contributed the support for SSH
823protocol versions 1.5 and 2.0.
824Niels Provos and Markus Friedl contributed support
825for privilege separation.