blob: a10b365d38afed127fa0ae1dbf750368a6ebc4c2 [file] [log] [blame]
Ben Lindstrom9f049032002-06-21 00:59:05 +00001.\" -*- nroff -*-
2.\"
3.\" Author: Tatu Ylonen <ylo@cs.hut.fi>
4.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
5.\" All rights reserved
6.\"
7.\" As far as I am concerned, the code I have written for this software
8.\" can be used freely for any purpose. Any derived versions of this
9.\" software must be clearly marked as such, and if the derived work is
10.\" incompatible with the protocol description in the RFC file, it must be
11.\" called by a name other than "ssh" or "Secure Shell".
12.\"
13.\" Copyright (c) 1999,2000 Markus Friedl. All rights reserved.
14.\" Copyright (c) 1999 Aaron Campbell. All rights reserved.
15.\" Copyright (c) 1999 Theo de Raadt. All rights reserved.
16.\"
17.\" Redistribution and use in source and binary forms, with or without
18.\" modification, are permitted provided that the following conditions
19.\" are met:
20.\" 1. Redistributions of source code must retain the above copyright
21.\" notice, this list of conditions and the following disclaimer.
22.\" 2. Redistributions in binary form must reproduce the above copyright
23.\" notice, this list of conditions and the following disclaimer in the
24.\" documentation and/or other materials provided with the distribution.
25.\"
26.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
27.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
28.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
29.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
30.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
31.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
32.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
33.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
34.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
35.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
36.\"
Damien Miller7b58e802005-12-13 19:33:19 +110037.\" $OpenBSD: sshd_config.5,v 1.47 2005/12/08 18:34:11 reyk Exp $
Ben Lindstrom9f049032002-06-21 00:59:05 +000038.Dd September 25, 1999
39.Dt SSHD_CONFIG 5
40.Os
41.Sh NAME
42.Nm sshd_config
43.Nd OpenSSH SSH daemon configuration file
44.Sh SYNOPSIS
45.Bl -tag -width Ds -compact
46.It Pa /etc/ssh/sshd_config
47.El
48.Sh DESCRIPTION
49.Nm sshd
50reads configuration data from
51.Pa /etc/ssh/sshd_config
52(or the file specified with
53.Fl f
54on the command line).
55The file contains keyword-argument pairs, one per line.
56Lines starting with
57.Ql #
58and empty lines are interpreted as comments.
59.Pp
60The possible
61keywords and their meanings are as follows (note that
62keywords are case-insensitive and arguments are case-sensitive):
63.Bl -tag -width Ds
Darren Tucker46bc0752004-05-02 22:11:30 +100064.It Cm AcceptEnv
65Specifies what environment variables sent by the client will be copied into
66the session's
67.Xr environ 7 .
68See
69.Cm SendEnv
70in
71.Xr ssh_config 5
72for how to configure the client.
Darren Tucker1e0c9bf2004-05-02 22:12:48 +100073Note that environment passing is only supported for protocol 2.
Darren Tucker46bc0752004-05-02 22:11:30 +100074Variables are specified by name, which may contain the wildcard characters
75.Ql \&*
76and
77.Ql \&? .
Darren Tucker1e0c9bf2004-05-02 22:12:48 +100078Multiple environment variables may be separated by whitespace or spread
Darren Tucker46bc0752004-05-02 22:11:30 +100079across multiple
80.Cm AcceptEnv
81directives.
Darren Tucker1e0c9bf2004-05-02 22:12:48 +100082Be warned that some environment variables could be used to bypass restricted
Darren Tucker46bc0752004-05-02 22:11:30 +100083user environments.
84For this reason, care should be taken in the use of this directive.
85The default is not to accept any environment variables.
Darren Tucker0f383232005-01-20 10:57:56 +110086.It Cm AddressFamily
87Specifies which address family should be used by
88.Nm sshd .
89Valid arguments are
90.Dq any ,
91.Dq inet
92(use IPv4 only) or
93.Dq inet6
94(use IPv6 only).
95The default is
96.Dq any .
Ben Lindstrom9f049032002-06-21 00:59:05 +000097.It Cm AllowGroups
98This keyword can be followed by a list of group name patterns, separated
99by spaces.
100If specified, login is allowed only for users whose primary
101group or supplementary group list matches one of the patterns.
102.Ql \&*
103and
Damien Miller049245d2003-05-14 13:44:42 +1000104.Ql \&?
Ben Lindstrom9f049032002-06-21 00:59:05 +0000105can be used as
106wildcards in the patterns.
107Only group names are valid; a numerical group ID is not recognized.
108By default, login is allowed for all groups.
Ben Lindstrom9f049032002-06-21 00:59:05 +0000109.It Cm AllowTcpForwarding
110Specifies whether TCP forwarding is permitted.
111The default is
112.Dq yes .
113Note that disabling TCP forwarding does not improve security unless
114users are also denied shell access, as they can always install their
115own forwarders.
Ben Lindstrom9f049032002-06-21 00:59:05 +0000116.It Cm AllowUsers
117This keyword can be followed by a list of user name patterns, separated
118by spaces.
Damien Miller5a93add2003-01-24 11:34:52 +1100119If specified, login is allowed only for user names that
Ben Lindstrom9f049032002-06-21 00:59:05 +0000120match one of the patterns.
121.Ql \&*
122and
Damien Miller049245d2003-05-14 13:44:42 +1000123.Ql \&?
Ben Lindstrom9f049032002-06-21 00:59:05 +0000124can be used as
125wildcards in the patterns.
126Only user names are valid; a numerical user ID is not recognized.
127By default, login is allowed for all users.
128If the pattern takes the form USER@HOST then USER and HOST
129are separately checked, restricting logins to particular
130users from particular hosts.
Ben Lindstrom9f049032002-06-21 00:59:05 +0000131.It Cm AuthorizedKeysFile
132Specifies the file that contains the public keys that can be used
133for user authentication.
134.Cm AuthorizedKeysFile
135may contain tokens of the form %T which are substituted during connection
Damien Millerfbf486b2003-05-23 18:44:23 +1000136set-up.
137The following tokens are defined: %% is replaced by a literal '%',
Ben Lindstrom9f049032002-06-21 00:59:05 +0000138%h is replaced by the home directory of the user being authenticated and
139%u is replaced by the username of that user.
140After expansion,
141.Cm AuthorizedKeysFile
142is taken to be an absolute path or one relative to the user's home
143directory.
144The default is
145.Dq .ssh/authorized_keys .
146.It Cm Banner
147In some jurisdictions, sending a warning message before authentication
148may be relevant for getting legal protection.
149The contents of the specified file are sent to the remote user before
150authentication is allowed.
151This option is only available for protocol version 2.
152By default, no banner is displayed.
Ben Lindstrom9f049032002-06-21 00:59:05 +0000153.It Cm ChallengeResponseAuthentication
154Specifies whether challenge response authentication is allowed.
155All authentication styles from
156.Xr login.conf 5
157are supported.
158The default is
159.Dq yes .
160.It Cm Ciphers
161Specifies the ciphers allowed for protocol version 2.
162Multiple ciphers must be comma-separated.
Damien Miller05202ff2004-06-15 10:30:39 +1000163The supported ciphers are
164.Dq 3des-cbc ,
165.Dq aes128-cbc ,
166.Dq aes192-cbc ,
167.Dq aes256-cbc ,
168.Dq aes128-ctr ,
169.Dq aes192-ctr ,
170.Dq aes256-ctr ,
Damien Miller3710f272005-05-26 12:19:17 +1000171.Dq arcfour128 ,
172.Dq arcfour256 ,
Damien Miller05202ff2004-06-15 10:30:39 +1000173.Dq arcfour ,
174.Dq blowfish-cbc ,
175and
176.Dq cast128-cbc .
Ben Lindstrom9f049032002-06-21 00:59:05 +0000177The default is
Ben Lindstrom9f049032002-06-21 00:59:05 +0000178.Bd -literal
Damien Miller3710f272005-05-26 12:19:17 +1000179 ``aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,
180 arcfour256,arcfour,aes192-cbc,aes256-cbc,aes128-ctr,
181 aes192-ctr,aes256-ctr''
Ben Lindstrom9f049032002-06-21 00:59:05 +0000182.Ed
Ben Lindstrom9f049032002-06-21 00:59:05 +0000183.It Cm ClientAliveCountMax
184Sets the number of client alive messages (see above) which may be
185sent without
186.Nm sshd
Damien Millerfbf486b2003-05-23 18:44:23 +1000187receiving any messages back from the client.
188If this threshold is reached while client alive messages are being sent,
Ben Lindstrom9f049032002-06-21 00:59:05 +0000189.Nm sshd
Damien Millerfbf486b2003-05-23 18:44:23 +1000190will disconnect the client, terminating the session.
191It is important to note that the use of client alive messages is very
192different from
Damien Miller12c150e2003-12-17 16:31:10 +1100193.Cm TCPKeepAlive
Damien Millerfbf486b2003-05-23 18:44:23 +1000194(below).
195The client alive messages are sent through the encrypted channel
196and therefore will not be spoofable.
197The TCP keepalive option enabled by
Damien Miller12c150e2003-12-17 16:31:10 +1100198.Cm TCPKeepAlive
Damien Millerfbf486b2003-05-23 18:44:23 +1000199is spoofable.
200The client alive mechanism is valuable when the client or
Ben Lindstrom9f049032002-06-21 00:59:05 +0000201server depend on knowing when a connection has become inactive.
202.Pp
Damien Millerfbf486b2003-05-23 18:44:23 +1000203The default value is 3.
204If
Ben Lindstrom9f049032002-06-21 00:59:05 +0000205.Cm ClientAliveInterval
206(above) is set to 15, and
207.Cm ClientAliveCountMax
208is left at the default, unresponsive ssh clients
209will be disconnected after approximately 45 seconds.
Damien Miller1594ad52005-05-26 12:12:19 +1000210.It Cm ClientAliveInterval
211Sets a timeout interval in seconds after which if no data has been received
212from the client,
213.Nm sshd
214will send a message through the encrypted
215channel to request a response from the client.
216The default
217is 0, indicating that these messages will not be sent to the client.
218This option applies to protocol version 2 only.
Ben Lindstrom9f049032002-06-21 00:59:05 +0000219.It Cm Compression
Damien Miller9786e6e2005-07-26 21:54:56 +1000220Specifies whether compression is allowed, or delayed until
221the user has authenticated successfully.
Ben Lindstrom9f049032002-06-21 00:59:05 +0000222The argument must be
Damien Miller9786e6e2005-07-26 21:54:56 +1000223.Dq yes ,
224.Dq delayed ,
Ben Lindstrom9f049032002-06-21 00:59:05 +0000225or
226.Dq no .
227The default is
Damien Miller9786e6e2005-07-26 21:54:56 +1000228.Dq delayed .
Ben Lindstrom9f049032002-06-21 00:59:05 +0000229.It Cm DenyGroups
230This keyword can be followed by a list of group name patterns, separated
231by spaces.
232Login is disallowed for users whose primary group or supplementary
233group list matches one of the patterns.
234.Ql \&*
235and
Damien Miller049245d2003-05-14 13:44:42 +1000236.Ql \&?
Ben Lindstrom9f049032002-06-21 00:59:05 +0000237can be used as
238wildcards in the patterns.
239Only group names are valid; a numerical group ID is not recognized.
240By default, login is allowed for all groups.
Ben Lindstrom9f049032002-06-21 00:59:05 +0000241.It Cm DenyUsers
242This keyword can be followed by a list of user name patterns, separated
243by spaces.
244Login is disallowed for user names that match one of the patterns.
245.Ql \&*
246and
Damien Miller049245d2003-05-14 13:44:42 +1000247.Ql \&?
Ben Lindstrom9f049032002-06-21 00:59:05 +0000248can be used as wildcards in the patterns.
249Only user names are valid; a numerical user ID is not recognized.
250By default, login is allowed for all users.
251If the pattern takes the form USER@HOST then USER and HOST
252are separately checked, restricting logins to particular
253users from particular hosts.
254.It Cm GatewayPorts
255Specifies whether remote hosts are allowed to connect to ports
256forwarded for the client.
257By default,
258.Nm sshd
Damien Miller495dca32003-04-01 21:42:14 +1000259binds remote port forwardings to the loopback address.
260This prevents other remote hosts from connecting to forwarded ports.
Ben Lindstrom9f049032002-06-21 00:59:05 +0000261.Cm GatewayPorts
262can be used to specify that
263.Nm sshd
Damien Millerf91ee4c2005-03-01 21:24:33 +1100264should allow remote port forwardings to bind to non-loopback addresses, thus
265allowing other hosts to connect.
266The argument may be
267.Dq no
268to force remote port forwardings to be available to the local host only,
Ben Lindstrom9f049032002-06-21 00:59:05 +0000269.Dq yes
Damien Millerf91ee4c2005-03-01 21:24:33 +1100270to force remote port forwardings to bind to the wildcard address, or
271.Dq clientspecified
272to allow the client to select the address to which the forwarding is bound.
Ben Lindstrom9f049032002-06-21 00:59:05 +0000273The default is
274.Dq no .
Darren Tucker0efd1552003-08-26 11:49:55 +1000275.It Cm GSSAPIAuthentication
Damien Miller9b7b03b2003-09-02 22:57:05 +1000276Specifies whether user authentication based on GSSAPI is allowed.
Damien Millera8e06ce2003-11-21 23:48:55 +1100277The default is
Darren Tucker0efd1552003-08-26 11:49:55 +1000278.Dq no .
279Note that this option applies to protocol version 2 only.
280.It Cm GSSAPICleanupCredentials
281Specifies whether to automatically destroy the user's credentials cache
282on logout.
283The default is
284.Dq yes .
285Note that this option applies to protocol version 2 only.
Ben Lindstrom9f049032002-06-21 00:59:05 +0000286.It Cm HostbasedAuthentication
287Specifies whether rhosts or /etc/hosts.equiv authentication together
288with successful public key client host authentication is allowed
289(hostbased authentication).
290This option is similar to
291.Cm RhostsRSAAuthentication
292and applies to protocol version 2 only.
293The default is
294.Dq no .
295.It Cm HostKey
296Specifies a file containing a private host key
297used by SSH.
298The default is
299.Pa /etc/ssh/ssh_host_key
300for protocol version 1, and
301.Pa /etc/ssh/ssh_host_rsa_key
302and
303.Pa /etc/ssh/ssh_host_dsa_key
304for protocol version 2.
305Note that
306.Nm sshd
307will refuse to use a file if it is group/world-accessible.
308It is possible to have multiple host key files.
309.Dq rsa1
310keys are used for version 1 and
311.Dq dsa
312or
313.Dq rsa
314are used for version 2 of the SSH protocol.
315.It Cm IgnoreRhosts
316Specifies that
317.Pa .rhosts
318and
319.Pa .shosts
320files will not be used in
Ben Lindstrom9f049032002-06-21 00:59:05 +0000321.Cm RhostsRSAAuthentication
322or
323.Cm HostbasedAuthentication .
324.Pp
325.Pa /etc/hosts.equiv
326and
327.Pa /etc/shosts.equiv
328are still used.
329The default is
330.Dq yes .
331.It Cm IgnoreUserKnownHosts
332Specifies whether
333.Nm sshd
334should ignore the user's
Damien Miller167ea5d2005-05-26 12:04:02 +1000335.Pa ~/.ssh/known_hosts
Ben Lindstrom9f049032002-06-21 00:59:05 +0000336during
337.Cm RhostsRSAAuthentication
338or
339.Cm HostbasedAuthentication .
340The default is
341.Dq no .
Ben Lindstrom9f049032002-06-21 00:59:05 +0000342.It Cm KerberosAuthentication
Damien Miller1a0c0b92003-09-02 22:51:17 +1000343Specifies whether the password provided by the user for
Ben Lindstrom9f049032002-06-21 00:59:05 +0000344.Cm PasswordAuthentication
Damien Miller1a0c0b92003-09-02 22:51:17 +1000345will be validated through the Kerberos KDC.
Ben Lindstrom9f049032002-06-21 00:59:05 +0000346To use this option, the server needs a
347Kerberos servtab which allows the verification of the KDC's identity.
348Default is
349.Dq no .
Damien Miller8448e662004-03-08 23:13:15 +1100350.It Cm KerberosGetAFSToken
Darren Tuckere2dd2d52005-10-03 18:19:06 +1000351If AFS is active and the user has a Kerberos 5 TGT, attempt to acquire
Damien Miller8448e662004-03-08 23:13:15 +1100352an AFS token before accessing the user's home directory.
353Default is
354.Dq no .
Ben Lindstrom9f049032002-06-21 00:59:05 +0000355.It Cm KerberosOrLocalPasswd
356If set then if password authentication through Kerberos fails then
357the password will be validated via any additional local mechanism
358such as
359.Pa /etc/passwd .
360Default is
361.Dq yes .
Ben Lindstrom9f049032002-06-21 00:59:05 +0000362.It Cm KerberosTicketCleanup
363Specifies whether to automatically destroy the user's ticket cache
364file on logout.
365Default is
366.Dq yes .
367.It Cm KeyRegenerationInterval
368In protocol version 1, the ephemeral server key is automatically regenerated
369after this many seconds (if it has been used).
370The purpose of regeneration is to prevent
371decrypting captured sessions by later breaking into the machine and
372stealing the keys.
373The key is never stored anywhere.
374If the value is 0, the key is never regenerated.
375The default is 3600 (seconds).
376.It Cm ListenAddress
377Specifies the local addresses
378.Nm sshd
379should listen on.
380The following forms may be used:
381.Pp
382.Bl -item -offset indent -compact
383.It
384.Cm ListenAddress
385.Sm off
386.Ar host No | Ar IPv4_addr No | Ar IPv6_addr
387.Sm on
388.It
389.Cm ListenAddress
390.Sm off
391.Ar host No | Ar IPv4_addr No : Ar port
392.Sm on
393.It
394.Cm ListenAddress
395.Sm off
396.Oo
397.Ar host No | Ar IPv6_addr Oc : Ar port
398.Sm on
399.El
400.Pp
401If
402.Ar port
403is not specified,
404.Nm sshd
405will listen on the address and all prior
406.Cm Port
Damien Millerfbf486b2003-05-23 18:44:23 +1000407options specified.
408The default is to listen on all local addresses.
Damien Miller495dca32003-04-01 21:42:14 +1000409Multiple
Ben Lindstrom9f049032002-06-21 00:59:05 +0000410.Cm ListenAddress
Damien Millerfbf486b2003-05-23 18:44:23 +1000411options are permitted.
412Additionally, any
Ben Lindstrom9f049032002-06-21 00:59:05 +0000413.Cm Port
414options must precede this option for non port qualified addresses.
415.It Cm LoginGraceTime
416The server disconnects after this time if the user has not
417successfully logged in.
418If the value is 0, there is no time limit.
Damien Millerc1348632002-09-05 14:35:14 +1000419The default is 120 seconds.
Ben Lindstrom9f049032002-06-21 00:59:05 +0000420.It Cm LogLevel
421Gives the verbosity level that is used when logging messages from
422.Nm sshd .
423The possible values are:
424QUIET, FATAL, ERROR, INFO, VERBOSE, DEBUG, DEBUG1, DEBUG2 and DEBUG3.
Damien Miller495dca32003-04-01 21:42:14 +1000425The default is INFO.
426DEBUG and DEBUG1 are equivalent.
427DEBUG2 and DEBUG3 each specify higher levels of debugging output.
428Logging with a DEBUG level violates the privacy of users and is not recommended.
Ben Lindstrom9f049032002-06-21 00:59:05 +0000429.It Cm MACs
430Specifies the available MAC (message authentication code) algorithms.
431The MAC algorithm is used in protocol version 2
432for data integrity protection.
433Multiple algorithms must be comma-separated.
434The default is
435.Dq hmac-md5,hmac-sha1,hmac-ripemd160,hmac-sha1-96,hmac-md5-96 .
Darren Tucker89413db2004-05-24 10:36:23 +1000436.It Cm MaxAuthTries
437Specifies the maximum number of authentication attempts permitted per
Damien Miller26213e52004-06-30 22:39:34 +1000438connection.
439Once the number of failures reaches half this value,
440additional failures are logged.
441The default is 6.
Ben Lindstrom9f049032002-06-21 00:59:05 +0000442.It Cm MaxStartups
443Specifies the maximum number of concurrent unauthenticated connections to the
444.Nm sshd
445daemon.
446Additional connections will be dropped until authentication succeeds or the
447.Cm LoginGraceTime
448expires for a connection.
449The default is 10.
450.Pp
451Alternatively, random early drop can be enabled by specifying
452the three colon separated values
453.Dq start:rate:full
454(e.g., "10:30:60").
455.Nm sshd
456will refuse connection attempts with a probability of
457.Dq rate/100
458(30%)
459if there are currently
460.Dq start
461(10)
462unauthenticated connections.
463The probability increases linearly and all connection attempts
464are refused if the number of unauthenticated connections reaches
465.Dq full
466(60).
467.It Cm PasswordAuthentication
468Specifies whether password authentication is allowed.
469The default is
470.Dq yes .
471.It Cm PermitEmptyPasswords
472When password authentication is allowed, it specifies whether the
473server allows login to accounts with empty password strings.
474The default is
475.Dq no .
476.It Cm PermitRootLogin
Darren Tuckerb3509012005-01-20 11:01:46 +1100477Specifies whether root can log in using
Ben Lindstrom9f049032002-06-21 00:59:05 +0000478.Xr ssh 1 .
479The argument must be
480.Dq yes ,
481.Dq without-password ,
482.Dq forced-commands-only
483or
484.Dq no .
485The default is
486.Dq yes .
487.Pp
488If this option is set to
489.Dq without-password
Darren Tucker9dca0992005-02-01 19:16:45 +1100490password authentication is disabled for root.
Ben Lindstrom9f049032002-06-21 00:59:05 +0000491.Pp
492If this option is set to
493.Dq forced-commands-only
494root login with public key authentication will be allowed,
495but only if the
496.Ar command
497option has been specified
498(which may be useful for taking remote backups even if root login is
Damien Millerfbf486b2003-05-23 18:44:23 +1000499normally not allowed).
500All other authentication methods are disabled for root.
Ben Lindstrom9f049032002-06-21 00:59:05 +0000501.Pp
502If this option is set to
503.Dq no
Darren Tuckerb3509012005-01-20 11:01:46 +1100504root is not allowed to log in.
Damien Millerd27b9472005-12-13 19:29:02 +1100505.It Cm PermitTunnel
506Specifies whether
507.Xr tun 4
508device forwarding is allowed.
Damien Miller7b58e802005-12-13 19:33:19 +1100509The argument must be
510.Dq yes ,
511.Dq point-to-point ,
512.Dq ethernet
513or
514.Dq no .
Damien Millerd27b9472005-12-13 19:29:02 +1100515The default is
516.Dq no .
Ben Lindstrom5d860f02002-08-01 01:28:38 +0000517.It Cm PermitUserEnvironment
518Specifies whether
519.Pa ~/.ssh/environment
Ben Lindstrombd9bf382002-08-20 18:54:20 +0000520and
Ben Lindstrom5d860f02002-08-01 01:28:38 +0000521.Cm environment=
522options in
523.Pa ~/.ssh/authorized_keys
Ben Lindstrombd9bf382002-08-20 18:54:20 +0000524are processed by
525.Nm sshd .
Ben Lindstrom5d860f02002-08-01 01:28:38 +0000526The default is
527.Dq no .
Ben Lindstrombd9bf382002-08-20 18:54:20 +0000528Enabling environment processing may enable users to bypass access
529restrictions in some configurations using mechanisms such as
530.Ev LD_PRELOAD .
Ben Lindstrom9f049032002-06-21 00:59:05 +0000531.It Cm PidFile
Ben Lindstrom959de992002-06-23 00:35:25 +0000532Specifies the file that contains the process ID of the
Ben Lindstrom9f049032002-06-21 00:59:05 +0000533.Nm sshd
534daemon.
535The default is
536.Pa /var/run/sshd.pid .
537.It Cm Port
538Specifies the port number that
539.Nm sshd
540listens on.
541The default is 22.
542Multiple options of this type are permitted.
543See also
544.Cm ListenAddress .
545.It Cm PrintLastLog
546Specifies whether
547.Nm sshd
Darren Tucker7cc5c232004-11-05 20:06:59 +1100548should print the date and time of the last user login when a user logs
549in interactively.
Ben Lindstrom9f049032002-06-21 00:59:05 +0000550The default is
551.Dq yes .
552.It Cm PrintMotd
553Specifies whether
554.Nm sshd
555should print
556.Pa /etc/motd
557when a user logs in interactively.
558(On some systems it is also printed by the shell,
559.Pa /etc/profile ,
560or equivalent.)
561The default is
562.Dq yes .
563.It Cm Protocol
564Specifies the protocol versions
565.Nm sshd
Ben Lindstrom9c445542002-07-11 03:59:18 +0000566supports.
Ben Lindstrom9f049032002-06-21 00:59:05 +0000567The possible values are
568.Dq 1
569and
570.Dq 2 .
571Multiple versions must be comma-separated.
572The default is
573.Dq 2,1 .
Ben Lindstrom9c445542002-07-11 03:59:18 +0000574Note that the order of the protocol list does not indicate preference,
575because the client selects among multiple protocol versions offered
576by the server.
577Specifying
578.Dq 2,1
579is identical to
580.Dq 1,2 .
Ben Lindstrom9f049032002-06-21 00:59:05 +0000581.It Cm PubkeyAuthentication
582Specifies whether public key authentication is allowed.
583The default is
584.Dq yes .
585Note that this option applies to protocol version 2 only.
Ben Lindstrom9f049032002-06-21 00:59:05 +0000586.It Cm RhostsRSAAuthentication
587Specifies whether rhosts or /etc/hosts.equiv authentication together
588with successful RSA host authentication is allowed.
589The default is
590.Dq no .
591This option applies to protocol version 1 only.
592.It Cm RSAAuthentication
593Specifies whether pure RSA authentication is allowed.
594The default is
595.Dq yes .
596This option applies to protocol version 1 only.
597.It Cm ServerKeyBits
598Defines the number of bits in the ephemeral protocol version 1 server key.
599The minimum value is 512, and the default is 768.
600.It Cm StrictModes
601Specifies whether
602.Nm sshd
603should check file modes and ownership of the
604user's files and home directory before accepting login.
605This is normally desirable because novices sometimes accidentally leave their
606directory or files world-writable.
607The default is
608.Dq yes .
609.It Cm Subsystem
610Configures an external subsystem (e.g., file transfer daemon).
611Arguments should be a subsystem name and a command to execute upon subsystem
612request.
613The command
614.Xr sftp-server 8
615implements the
616.Dq sftp
617file transfer subsystem.
618By default no subsystems are defined.
619Note that this option applies to protocol version 2 only.
620.It Cm SyslogFacility
621Gives the facility code that is used when logging messages from
622.Nm sshd .
623The possible values are: DAEMON, USER, AUTH, LOCAL0, LOCAL1, LOCAL2,
624LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7.
625The default is AUTH.
Damien Miller12c150e2003-12-17 16:31:10 +1100626.It Cm TCPKeepAlive
627Specifies whether the system should send TCP keepalive messages to the
628other side.
629If they are sent, death of the connection or crash of one
630of the machines will be properly noticed.
631However, this means that
632connections will die if the route is down temporarily, and some people
633find it annoying.
634On the other hand, if TCP keepalives are not sent,
635sessions may hang indefinitely on the server, leaving
636.Dq ghost
637users and consuming server resources.
638.Pp
639The default is
640.Dq yes
641(to send TCP keepalive messages), and the server will notice
642if the network goes down or the client host crashes.
643This avoids infinitely hanging sessions.
644.Pp
645To disable TCP keepalive messages, the value should be set to
646.Dq no .
Damien Miller3a961dc2003-06-03 10:25:48 +1000647.It Cm UseDNS
648Specifies whether
649.Nm sshd
Darren Tucker83d5a982005-03-31 21:33:50 +1000650should look up the remote host name and check that
Damien Miller3a961dc2003-06-03 10:25:48 +1000651the resolved host name for the remote IP address maps back to the
652very same IP address.
653The default is
654.Dq yes .
Ben Lindstrom9f049032002-06-21 00:59:05 +0000655.It Cm UseLogin
656Specifies whether
657.Xr login 1
658is used for interactive login sessions.
659The default is
660.Dq no .
661Note that
662.Xr login 1
663is never used for remote command execution.
664Note also, that if this is enabled,
665.Cm X11Forwarding
666will be disabled because
667.Xr login 1
668does not know how to handle
669.Xr xauth 1
Damien Miller495dca32003-04-01 21:42:14 +1000670cookies.
671If
Ben Lindstrom9f049032002-06-21 00:59:05 +0000672.Cm UsePrivilegeSeparation
673is specified, it will be disabled after authentication.
Damien Miller2e193e22003-05-14 15:13:03 +1000674.It Cm UsePAM
Darren Tucker1dcff9a2004-05-13 16:51:40 +1000675Enables the Pluggable Authentication Module interface.
676If set to
677.Dq yes
678this will enable PAM authentication using
679.Cm ChallengeResponseAuthentication
680and PAM account and session module processing for all authentication types.
681.Pp
682Because PAM challenge-response authentication usually serves an equivalent
683role to password authentication, you should disable either
684.Cm PasswordAuthentication
685or
686.Cm ChallengeResponseAuthentication.
687.Pp
688If
689.Cm UsePAM
690is enabled, you will not be able to run
691.Xr sshd 8
692as a non-root user.
693The default is
Darren Tucker6c0c0702003-10-09 14:13:53 +1000694.Dq no .
Ben Lindstrom9f049032002-06-21 00:59:05 +0000695.It Cm UsePrivilegeSeparation
696Specifies whether
697.Nm sshd
698separates privileges by creating an unprivileged child process
Damien Miller495dca32003-04-01 21:42:14 +1000699to deal with incoming network traffic.
700After successful authentication, another process will be created that has
701the privilege of the authenticated user.
702The goal of privilege separation is to prevent privilege
Ben Lindstrom9f049032002-06-21 00:59:05 +0000703escalation by containing any corruption within the unprivileged processes.
704The default is
705.Dq yes .
Ben Lindstrom9f049032002-06-21 00:59:05 +0000706.It Cm X11DisplayOffset
707Specifies the first display number available for
708.Nm sshd Ns 's
709X11 forwarding.
710This prevents
711.Nm sshd
712from interfering with real X11 servers.
713The default is 10.
714.It Cm X11Forwarding
715Specifies whether X11 forwarding is permitted.
Damien Miller101c4a72002-09-19 11:51:21 +1000716The argument must be
717.Dq yes
718or
719.Dq no .
Ben Lindstrom9f049032002-06-21 00:59:05 +0000720The default is
721.Dq no .
Damien Miller101c4a72002-09-19 11:51:21 +1000722.Pp
723When X11 forwarding is enabled, there may be additional exposure to
724the server and to client displays if the
725.Nm sshd
726proxy display is configured to listen on the wildcard address (see
727.Cm X11UseLocalhost
728below), however this is not the default.
729Additionally, the authentication spoofing and authentication data
730verification and substitution occur on the client side.
731The security risk of using X11 forwarding is that the client's X11
732display server may be exposed to attack when the ssh client requests
733forwarding (see the warnings for
734.Cm ForwardX11
735in
Damien Millerf1ce5052003-06-11 22:04:39 +1000736.Xr ssh_config 5 ) .
Damien Miller101c4a72002-09-19 11:51:21 +1000737A system administrator may have a stance in which they want to
738protect clients that may expose themselves to attack by unwittingly
739requesting X11 forwarding, which can warrant a
740.Dq no
741setting.
742.Pp
743Note that disabling X11 forwarding does not prevent users from
744forwarding X11 traffic, as users can always install their own forwarders.
Ben Lindstrom9f049032002-06-21 00:59:05 +0000745X11 forwarding is automatically disabled if
746.Cm UseLogin
747is enabled.
748.It Cm X11UseLocalhost
749Specifies whether
750.Nm sshd
751should bind the X11 forwarding server to the loopback address or to
Damien Miller495dca32003-04-01 21:42:14 +1000752the wildcard address.
753By default,
Ben Lindstrom9f049032002-06-21 00:59:05 +0000754.Nm sshd
755binds the forwarding server to the loopback address and sets the
756hostname part of the
757.Ev DISPLAY
758environment variable to
759.Dq localhost .
Ben Lindstrom15b61202002-08-20 18:44:24 +0000760This prevents remote hosts from connecting to the proxy display.
Ben Lindstrom9f049032002-06-21 00:59:05 +0000761However, some older X11 clients may not function with this
762configuration.
763.Cm X11UseLocalhost
764may be set to
765.Dq no
766to specify that the forwarding server should be bound to the wildcard
767address.
768The argument must be
769.Dq yes
770or
771.Dq no .
772The default is
773.Dq yes .
774.It Cm XAuthLocation
Damien Miller05913ba2002-09-04 16:51:03 +1000775Specifies the full pathname of the
Ben Lindstrom9f049032002-06-21 00:59:05 +0000776.Xr xauth 1
777program.
778The default is
779.Pa /usr/X11R6/bin/xauth .
780.El
781.Ss Time Formats
Ben Lindstrom9f049032002-06-21 00:59:05 +0000782.Nm sshd
783command-line arguments and configuration file options that specify time
784may be expressed using a sequence of the form:
785.Sm off
Ben Lindstrom1f8cf4f2002-08-20 18:43:27 +0000786.Ar time Op Ar qualifier ,
Ben Lindstrom9f049032002-06-21 00:59:05 +0000787.Sm on
788where
789.Ar time
790is a positive integer value and
791.Ar qualifier
792is one of the following:
793.Pp
794.Bl -tag -width Ds -compact -offset indent
795.It Cm <none>
796seconds
797.It Cm s | Cm S
798seconds
799.It Cm m | Cm M
800minutes
801.It Cm h | Cm H
802hours
803.It Cm d | Cm D
804days
805.It Cm w | Cm W
806weeks
807.El
808.Pp
809Each member of the sequence is added together to calculate
810the total time value.
811.Pp
812Time format examples:
813.Pp
814.Bl -tag -width Ds -compact -offset indent
815.It 600
816600 seconds (10 minutes)
817.It 10m
81810 minutes
819.It 1h30m
8201 hour 30 minutes (90 minutes)
821.El
822.Sh FILES
823.Bl -tag -width Ds
824.It Pa /etc/ssh/sshd_config
825Contains configuration data for
826.Nm sshd .
827This file should be writable by root only, but it is recommended
828(though not necessary) that it be world-readable.
829.El
Damien Millerf1ce5052003-06-11 22:04:39 +1000830.Sh SEE ALSO
831.Xr sshd 8
Ben Lindstrom9f049032002-06-21 00:59:05 +0000832.Sh AUTHORS
833OpenSSH is a derivative of the original and free
834ssh 1.2.12 release by Tatu Ylonen.
835Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos,
836Theo de Raadt and Dug Song
837removed many bugs, re-added newer features and
838created OpenSSH.
839Markus Friedl contributed the support for SSH
840protocol versions 1.5 and 2.0.
841Niels Provos and Markus Friedl contributed support
842for privilege separation.