blob: 7e55da512a966e646d8963665574ee200a7c5153 [file] [log] [blame]
Damien Miller32aa1441999-10-29 09:15:49 +10001.\" -*- nroff -*-
2.\"
Damien Miller32aa1441999-10-29 09:15:49 +10003.\" Author: Tatu Ylonen <ylo@cs.hut.fi>
Damien Miller32aa1441999-10-29 09:15:49 +10004.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
5.\" All rights reserved
6.\"
Damien Millere4340be2000-09-16 13:29:08 +11007.\" As far as I am concerned, the code I have written for this software
8.\" can be used freely for any purpose. Any derived versions of this
9.\" software must be clearly marked as such, and if the derived work is
10.\" incompatible with the protocol description in the RFC file, it must be
11.\" called by a name other than "ssh" or "Secure Shell".
Damien Miller32aa1441999-10-29 09:15:49 +100012.\"
Ben Lindstrom92a2e382001-03-05 06:59:27 +000013.\" Copyright (c) 1999,2000 Markus Friedl. All rights reserved.
14.\" Copyright (c) 1999 Aaron Campbell. All rights reserved.
15.\" Copyright (c) 1999 Theo de Raadt. All rights reserved.
Damien Millere4340be2000-09-16 13:29:08 +110016.\"
17.\" Redistribution and use in source and binary forms, with or without
18.\" modification, are permitted provided that the following conditions
19.\" are met:
20.\" 1. Redistributions of source code must retain the above copyright
21.\" notice, this list of conditions and the following disclaimer.
22.\" 2. Redistributions in binary form must reproduce the above copyright
23.\" notice, this list of conditions and the following disclaimer in the
24.\" documentation and/or other materials provided with the distribution.
25.\"
26.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
27.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
28.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
29.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
30.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
31.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
32.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
33.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
34.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
35.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
Damien Miller32aa1441999-10-29 09:15:49 +100036.\"
Ben Lindstrom020a8692001-08-06 21:38:10 +000037.\" $OpenBSD: sshd.8,v 1.139 2001/08/01 22:16:45 markus Exp $
Damien Miller32aa1441999-10-29 09:15:49 +100038.Dd September 25, 1999
39.Dt SSHD 8
40.Os
41.Sh NAME
42.Nm sshd
Ben Lindstromc65e6a02001-04-23 13:02:16 +000043.Nd OpenSSH SSH daemon
Damien Miller32aa1441999-10-29 09:15:49 +100044.Sh SYNOPSIS
45.Nm sshd
Ben Lindstrom9fce9f02001-04-11 23:10:09 +000046.Op Fl deiqD46
Damien Miller32aa1441999-10-29 09:15:49 +100047.Op Fl b Ar bits
48.Op Fl f Ar config_file
49.Op Fl g Ar login_grace_time
50.Op Fl h Ar host_key_file
51.Op Fl k Ar key_gen_time
52.Op Fl p Ar port
Damien Miller942da032000-08-18 13:59:06 +100053.Op Fl u Ar len
Damien Miller95def091999-11-25 00:26:21 +110054.Op Fl V Ar client_protocol_id
Damien Miller22c77262000-04-13 12:26:34 +100055.Sh DESCRIPTION
Damien Miller32aa1441999-10-29 09:15:49 +100056.Nm
Ben Lindstromd58eb5f2001-03-07 06:07:22 +000057(SSH Daemon) is the daemon program for
Damien Miller32aa1441999-10-29 09:15:49 +100058.Xr ssh 1 .
Damien Miller35dabd02000-05-01 21:10:33 +100059Together these programs replace rlogin and rsh, and
Damien Miller32aa1441999-10-29 09:15:49 +100060provide secure encrypted communications between two untrusted hosts
Damien Miller450a7a12000-03-26 13:04:51 +100061over an insecure network.
62The programs are intended to be as easy to
Damien Miller32aa1441999-10-29 09:15:49 +100063install and use as possible.
64.Pp
65.Nm
Damien Miller450a7a12000-03-26 13:04:51 +100066is the daemon that listens for connections from clients.
Damien Miller22c77262000-04-13 12:26:34 +100067It is normally started at boot from
Damien Miller32aa1441999-10-29 09:15:49 +100068.Pa /etc/rc .
69It forks a new
Damien Miller450a7a12000-03-26 13:04:51 +100070daemon for each incoming connection.
71The forked daemons handle
Damien Miller32aa1441999-10-29 09:15:49 +100072key exchange, encryption, authentication, command execution,
73and data exchange.
Damien Millere247cc42000-05-07 12:03:14 +100074This implementation of
75.Nm
76supports both SSH protocol version 1 and 2 simultaneously.
Damien Miller32aa1441999-10-29 09:15:49 +100077.Nm
Damien Miller450a7a12000-03-26 13:04:51 +100078works as follows.
Damien Millere247cc42000-05-07 12:03:14 +100079.Pp
80.Ss SSH protocol version 1
81.Pp
Damien Miller450a7a12000-03-26 13:04:51 +100082Each host has a host-specific RSA key
83(normally 1024 bits) used to identify the host.
84Additionally, when
Damien Miller32aa1441999-10-29 09:15:49 +100085the daemon starts, it generates a server RSA key (normally 768 bits).
86This key is normally regenerated every hour if it has been used, and
87is never stored on disk.
88.Pp
Damien Miller35dabd02000-05-01 21:10:33 +100089Whenever a client connects the daemon responds with its public
90host and server keys.
Damien Miller450a7a12000-03-26 13:04:51 +100091The client compares the
Damien Millere247cc42000-05-07 12:03:14 +100092RSA host key against its own database to verify that it has not changed.
Damien Miller450a7a12000-03-26 13:04:51 +100093The client then generates a 256 bit random number.
94It encrypts this
Damien Miller32aa1441999-10-29 09:15:49 +100095random number using both the host key and the server key, and sends
Damien Miller450a7a12000-03-26 13:04:51 +100096the encrypted number to the server.
Damien Miller35dabd02000-05-01 21:10:33 +100097Both sides then use this
Damien Miller32aa1441999-10-29 09:15:49 +100098random number as a session key which is used to encrypt all further
Damien Miller450a7a12000-03-26 13:04:51 +100099communications in the session.
100The rest of the session is encrypted
Damien Miller35dabd02000-05-01 21:10:33 +1000101using a conventional cipher, currently Blowfish or 3DES, with 3DES
Damien Millerb38eff82000-04-01 11:09:21 +1000102being used by default.
Damien Miller450a7a12000-03-26 13:04:51 +1000103The client selects the encryption algorithm
Damien Miller32aa1441999-10-29 09:15:49 +1000104to use from those offered by the server.
105.Pp
Damien Miller450a7a12000-03-26 13:04:51 +1000106Next, the server and the client enter an authentication dialog.
107The client tries to authenticate itself using
Damien Miller32aa1441999-10-29 09:15:49 +1000108.Pa .rhosts
109authentication,
110.Pa .rhosts
111authentication combined with RSA host
112authentication, RSA challenge-response authentication, or password
113based authentication.
114.Pp
115Rhosts authentication is normally disabled
116because it is fundamentally insecure, but can be enabled in the server
Damien Miller450a7a12000-03-26 13:04:51 +1000117configuration file if desired.
118System security is not improved unless
Damien Miller32aa1441999-10-29 09:15:49 +1000119.Xr rshd 8 ,
120.Xr rlogind 8 ,
121.Xr rexecd 8 ,
122and
123.Xr rexd 8
124are disabled (thus completely disabling
125.Xr rlogin 1
126and
127.Xr rsh 1
Damien Miller35dabd02000-05-01 21:10:33 +1000128into the machine).
Damien Miller32aa1441999-10-29 09:15:49 +1000129.Pp
Damien Millere247cc42000-05-07 12:03:14 +1000130.Ss SSH protocol version 2
131.Pp
Damien Miller942da032000-08-18 13:59:06 +1000132Version 2 works similarly:
Ben Lindstrom07d24dc2001-08-06 21:18:57 +0000133Each host has a host-specific key (RSA or DSA) used to identify the host.
Damien Millere247cc42000-05-07 12:03:14 +1000134However, when the daemon starts, it does not generate a server key.
135Forward security is provided through a Diffie-Hellman key agreement.
136This key agreement results in a shared session key.
Ben Lindstromc65e6a02001-04-23 13:02:16 +0000137.Pp
Ben Lindstromfd2e05b2001-03-05 07:48:45 +0000138The rest of the session is encrypted using a symmetric cipher, currently
Ben Lindstromc65e6a02001-04-23 13:02:16 +0000139128 bit AES, Blowfish, 3DES, CAST128, Arcfour, 192 bit AES, or 256 bit AES.
Damien Millere247cc42000-05-07 12:03:14 +1000140The client selects the encryption algorithm
141to use from those offered by the server.
142Additionally, session integrity is provided
Damien Miller30c3d422000-05-09 11:02:59 +1000143through a cryptographic message authentication code
Damien Millere247cc42000-05-07 12:03:14 +1000144(hmac-sha1 or hmac-md5).
145.Pp
146Protocol version 2 provides a public key based
Ben Lindstromc65e6a02001-04-23 13:02:16 +0000147user (PubkeyAuthentication) or
148client host (HostbasedAuthentication) authentication method,
149conventional password authentication and challenge response based methods.
Damien Millere247cc42000-05-07 12:03:14 +1000150.Pp
151.Ss Command execution and data forwarding
152.Pp
Damien Miller32aa1441999-10-29 09:15:49 +1000153If the client successfully authenticates itself, a dialog for
Damien Miller450a7a12000-03-26 13:04:51 +1000154preparing the session is entered.
155At this time the client may request
Damien Miller32aa1441999-10-29 09:15:49 +1000156things like allocating a pseudo-tty, forwarding X11 connections,
157forwarding TCP/IP connections, or forwarding the authentication agent
158connection over the secure channel.
159.Pp
160Finally, the client either requests a shell or execution of a command.
Damien Miller450a7a12000-03-26 13:04:51 +1000161The sides then enter session mode.
162In this mode, either side may send
Damien Miller32aa1441999-10-29 09:15:49 +1000163data at any time, and such data is forwarded to/from the shell or
164command on the server side, and the user terminal in the client side.
165.Pp
166When the user program terminates and all forwarded X11 and other
167connections have been closed, the server sends command exit status to
168the client, and both sides exit.
169.Pp
170.Nm
171can be configured using command-line options or a configuration
Damien Miller450a7a12000-03-26 13:04:51 +1000172file.
173Command-line options override values specified in the
Damien Miller32aa1441999-10-29 09:15:49 +1000174configuration file.
175.Pp
Damien Miller6162d121999-11-21 13:23:52 +1100176.Nm
177rereads its configuration file when it receives a hangup signal,
Ben Lindstrom49a098d2001-03-05 06:55:18 +0000178.Dv SIGHUP ,
Ben Lindstromd2bf0d62001-06-25 04:10:54 +0000179by executing itself with the name it was started as, i.e.,
Ben Lindstrom49a098d2001-03-05 06:55:18 +0000180.Pa /usr/sbin/sshd .
Damien Miller6162d121999-11-21 13:23:52 +1100181.Pp
Damien Miller32aa1441999-10-29 09:15:49 +1000182The options are as follows:
183.Bl -tag -width Ds
184.It Fl b Ar bits
Ben Lindstromc65e6a02001-04-23 13:02:16 +0000185Specifies the number of bits in the ephemeral protocol version 1
186server key (default 768).
Damien Miller32aa1441999-10-29 09:15:49 +1000187.It Fl d
Damien Miller450a7a12000-03-26 13:04:51 +1000188Debug mode.
189The server sends verbose debug output to the system
190log, and does not put itself in the background.
191The server also will not fork and will only process one connection.
192This option is only intended for debugging for the server.
Ben Lindstromc65e6a02001-04-23 13:02:16 +0000193Multiple -d options increase the debugging level.
Damien Miller874d77b2000-10-14 16:23:11 +1100194Maximum is 3.
Ben Lindstromc65e6a02001-04-23 13:02:16 +0000195.It Fl e
196When this option is specified,
197.Nm
198will send the output to the standard error instead of the system log.
Damien Miller32aa1441999-10-29 09:15:49 +1000199.It Fl f Ar configuration_file
Damien Miller450a7a12000-03-26 13:04:51 +1000200Specifies the name of the configuration file.
201The default is
Damien Miller886c63a2000-01-20 23:13:36 +1100202.Pa /etc/sshd_config .
Damien Miller32aa1441999-10-29 09:15:49 +1000203.Nm
204refuses to start if there is no configuration file.
205.It Fl g Ar login_grace_time
206Gives the grace time for clients to authenticate themselves (default
Kevin Steves9ce907c2001-01-07 11:53:40 +0000207600 seconds).
Damien Miller450a7a12000-03-26 13:04:51 +1000208If the client fails to authenticate the user within
209this many seconds, the server disconnects and exits.
210A value of zero indicates no limit.
Damien Miller32aa1441999-10-29 09:15:49 +1000211.It Fl h Ar host_key_file
Ben Lindstrom4dccfa52000-12-28 16:40:05 +0000212Specifies the file from which the host key is read (default
Damien Miller886c63a2000-01-20 23:13:36 +1100213.Pa /etc/ssh_host_key ) .
Damien Miller32aa1441999-10-29 09:15:49 +1000214This option must be given if
215.Nm
216is not run as root (as the normal
217host file is normally not readable by anyone but root).
Ben Lindstrom4dccfa52000-12-28 16:40:05 +0000218It is possible to have multiple host key files for
Ben Lindstromc65e6a02001-04-23 13:02:16 +0000219the different protocol versions and host key algorithms.
Damien Miller32aa1441999-10-29 09:15:49 +1000220.It Fl i
221Specifies that
222.Nm
Damien Miller22c77262000-04-13 12:26:34 +1000223is being run from inetd.
Damien Miller32aa1441999-10-29 09:15:49 +1000224.Nm
225is normally not run
226from inetd because it needs to generate the server key before it can
Damien Miller450a7a12000-03-26 13:04:51 +1000227respond to the client, and this may take tens of seconds.
228Clients would have to wait too long if the key was regenerated every time.
Damien Miller7684ee12000-03-17 23:40:15 +1100229However, with small key sizes (e.g., 512) using
Damien Miller32aa1441999-10-29 09:15:49 +1000230.Nm
231from inetd may
232be feasible.
233.It Fl k Ar key_gen_time
Ben Lindstromc65e6a02001-04-23 13:02:16 +0000234Specifies how often the ephemeral protocol version 1 server key is
235regenerated (default 3600 seconds, or one hour).
Damien Miller450a7a12000-03-26 13:04:51 +1000236The motivation for regenerating the key fairly
Damien Miller32aa1441999-10-29 09:15:49 +1000237often is that the key is not stored anywhere, and after about an hour,
238it becomes impossible to recover the key for decrypting intercepted
239communications even if the machine is cracked into or physically
Damien Miller450a7a12000-03-26 13:04:51 +1000240seized.
241A value of zero indicates that the key will never be regenerated.
Damien Miller32aa1441999-10-29 09:15:49 +1000242.It Fl p Ar port
243Specifies the port on which the server listens for connections
244(default 22).
245.It Fl q
Damien Miller450a7a12000-03-26 13:04:51 +1000246Quiet mode.
247Nothing is sent to the system log.
248Normally the beginning,
Damien Miller32aa1441999-10-29 09:15:49 +1000249authentication, and termination of each connection is logged.
Ben Lindstrom794325a2001-08-06 21:09:07 +0000250.It Fl t
251Test mode.
252Only check the validity of the configuration file and sanity of the keys.
253This is useful for updating
254.Nm
255reliably as configuration options may change.
Damien Miller942da032000-08-18 13:59:06 +1000256.It Fl u Ar len
257This option is used to specify the size of the field
258in the
259.Li utmp
260structure that holds the remote host name.
261If the resolved host name is longer than
262.Ar len ,
263the dotted decimal value will be used instead.
264This allows hosts with very long host names that
265overflow this field to still be uniquely identified.
266Specifying
267.Fl u0
268indicates that only dotted decimal addresses
269should be put into the
270.Pa utmp
271file.
Ben Lindstrom4dccfa52000-12-28 16:40:05 +0000272.It Fl D
273When this option is specified
274.Nm
275will not detach and does not become a daemon.
276This allows easy monitoring of
277.Nm sshd .
Damien Miller34132e52000-01-14 15:45:46 +1100278.It Fl 4
279Forces
280.Nm
281to use IPv4 addresses only.
282.It Fl 6
283Forces
284.Nm
285to use IPv6 addresses only.
Damien Miller32aa1441999-10-29 09:15:49 +1000286.El
287.Sh CONFIGURATION FILE
288.Nm
Damien Miller22c77262000-04-13 12:26:34 +1000289reads configuration data from
Damien Miller886c63a2000-01-20 23:13:36 +1100290.Pa /etc/sshd_config
Damien Miller32aa1441999-10-29 09:15:49 +1000291(or the file specified with
292.Fl f
Damien Miller450a7a12000-03-26 13:04:51 +1000293on the command line).
294The file contains keyword-value pairs, one per line.
295Lines starting with
Damien Miller32aa1441999-10-29 09:15:49 +1000296.Ql #
297and empty lines are interpreted as comments.
298.Pp
299The following keywords are possible.
300.Bl -tag -width Ds
301.It Cm AFSTokenPassing
Damien Miller450a7a12000-03-26 13:04:51 +1000302Specifies whether an AFS token may be forwarded to the server.
303Default is
Damien Miller32aa1441999-10-29 09:15:49 +1000304.Dq yes .
305.It Cm AllowGroups
Ben Lindstroma1ebd892001-02-10 22:19:23 +0000306This keyword can be followed by a list of group names, separated
Damien Miller450a7a12000-03-26 13:04:51 +1000307by spaces.
308If specified, login is allowed only for users whose primary
Kevin Steves7b61cfa2001-01-14 19:11:00 +0000309group or supplementary group list matches one of the patterns.
Damien Miller32aa1441999-10-29 09:15:49 +1000310.Ql \&*
311and
312.Ql ?
313can be used as
Damien Miller450a7a12000-03-26 13:04:51 +1000314wildcards in the patterns.
Damien Miller942da032000-08-18 13:59:06 +1000315Only group names are valid; a numerical group ID isn't recognized.
Kevin Steves7b61cfa2001-01-14 19:11:00 +0000316By default login is allowed regardless of the group list.
Damien Miller32aa1441999-10-29 09:15:49 +1000317.Pp
Damien Miller50a41ed2000-10-16 12:14:42 +1100318.It Cm AllowTcpForwarding
319Specifies whether TCP forwarding is permitted.
320The default is
321.Dq yes .
322Note that disabling TCP forwarding does not improve security unless
323users are also denied shell access, as they can always install their
324own forwarders.
325.Pp
Damien Miller32aa1441999-10-29 09:15:49 +1000326.It Cm AllowUsers
Ben Lindstroma1ebd892001-02-10 22:19:23 +0000327This keyword can be followed by a list of user names, separated
Damien Miller450a7a12000-03-26 13:04:51 +1000328by spaces.
329If specified, login is allowed only for users names that
Damien Miller32aa1441999-10-29 09:15:49 +1000330match one of the patterns.
331.Ql \&*
332and
333.Ql ?
334can be used as
Damien Miller450a7a12000-03-26 13:04:51 +1000335wildcards in the patterns.
Damien Miller942da032000-08-18 13:59:06 +1000336Only user names are valid; a numerical user ID isn't recognized.
Damien Miller450a7a12000-03-26 13:04:51 +1000337By default login is allowed regardless of the user name.
Ben Lindstrom60260022001-07-04 04:56:44 +0000338If the pattern takes the form USER@HOST then USER and HOST
339are separately checked, allowing you to restrict logins to particular
340users from particular hosts.
Damien Miller32aa1441999-10-29 09:15:49 +1000341.Pp
Ben Lindstrombfb3a0e2001-06-05 20:25:05 +0000342.It Cm AuthorizedKeysFile
Ben Lindstrom07d24dc2001-08-06 21:18:57 +0000343Specifies the file that contains the public keys that can be used
344for user authentication.
Ben Lindstrombfb3a0e2001-06-05 20:25:05 +0000345.Cm AuthorizedKeysFile
346may contain tokens of the form %T which are substituted during connection
347set-up. The following tokens are defined; %% is replaces by a literal '%',
348%h is replaced by the home directory of the user being authenticated and
349%u is replaced by the username of that user.
350After expansion,
351.Cm AuthorizedKeysFile
Ben Lindstrom34a99682001-06-12 00:23:12 +0000352is taken to be an absolute path or one relative to the user's home
Ben Lindstrombfb3a0e2001-06-05 20:25:05 +0000353directory.
354The default is
355.Dq .ssh/authorized_keys
Ben Lindstrom48bd7c12001-01-09 00:35:42 +0000356.It Cm Banner
357In some jurisdictions, sending a warning message before authentication
358may be relevant for getting legal protection.
359The contents of the specified file are sent to the remote user before
360authentication is allowed.
361This option is only available for protocol version 2.
362.Pp
Ben Lindstromff8b4942001-03-06 01:00:03 +0000363.It Cm ChallengeResponseAuthentication
Ben Lindstromc8e29ce2001-08-06 20:55:28 +0000364Specifies whether challenge response authentication is allowed.
365All authentication styles from
366.Xr login.conf 5
367are supported.
Ben Lindstromff8b4942001-03-06 01:00:03 +0000368The default is
369.Dq yes .
Damien Miller32aa1441999-10-29 09:15:49 +1000370.It Cm CheckMail
371Specifies whether
372.Nm
373should check for new mail for interactive logins.
374The default is
375.Dq no .
Ben Lindstrom608d1d12001-06-05 19:33:22 +0000376.It Cm Ciphers
377Specifies the ciphers allowed for protocol version 2.
378Multiple ciphers must be comma-separated.
379The default is
380.Dq aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour.
Ben Lindstrom5744dc42001-04-13 23:28:01 +0000381.It Cm ClientAliveInterval
382Sets a timeout interval in seconds after which if no data has been received
Ben Lindstrom24643222001-06-25 05:08:11 +0000383from the client,
Ben Lindstrom5744dc42001-04-13 23:28:01 +0000384.Nm
385will send a message through the encrypted
Ben Lindstroma8f39722001-04-16 02:03:49 +0000386channel to request a response from the client.
387The default
Ben Lindstrom5744dc42001-04-13 23:28:01 +0000388is 0, indicating that these messages will not be sent to the client.
Ben Lindstroma8f39722001-04-16 02:03:49 +0000389This option applies to protocol version 2 only.
Ben Lindstrom5744dc42001-04-13 23:28:01 +0000390.It Cm ClientAliveCountMax
391Sets the number of client alive messages (see above) which may be
392sent without
393.Nm
394receiving any messages back from the client. If this threshold is
Ben Lindstrom24643222001-06-25 05:08:11 +0000395reached while client alive messages are being sent,
Ben Lindstrom5744dc42001-04-13 23:28:01 +0000396.Nm
397will disconnect the client, terminating the session. It is important
Ben Lindstrom24643222001-06-25 05:08:11 +0000398to note that the use of client alive messages is very different from
Ben Lindstroma8f39722001-04-16 02:03:49 +0000399.Cm Keepalive
400(below). The client alive messages are sent through the
Ben Lindstrom5744dc42001-04-13 23:28:01 +0000401encrypted channel and therefore will not be spoofable. The TCP keepalive
Ben Lindstroma8f39722001-04-16 02:03:49 +0000402option enabled by
403.Cm Keepalive
404is spoofable. You want to use the client
Ben Lindstrom5744dc42001-04-13 23:28:01 +0000405alive mechanism when you are basing something important on
406clients having an active connection to the server.
Ben Lindstroma8f39722001-04-16 02:03:49 +0000407.Pp
408The default value is 3. If you set
409.Cm ClientAliveInterval
Ben Lindstrom5744dc42001-04-13 23:28:01 +0000410(above) to 15, and leave this value at the default, unresponsive ssh clients
Ben Lindstrom24643222001-06-25 05:08:11 +0000411will be disconnected after approximately 45 seconds.
Damien Miller32aa1441999-10-29 09:15:49 +1000412.It Cm DenyGroups
413This keyword can be followed by a number of group names, separated
Damien Miller450a7a12000-03-26 13:04:51 +1000414by spaces.
Kevin Steves7b61cfa2001-01-14 19:11:00 +0000415Users whose primary group or supplementary group list matches
416one of the patterns aren't allowed to log in.
Damien Miller32aa1441999-10-29 09:15:49 +1000417.Ql \&*
418and
419.Ql ?
420can be used as
Damien Miller450a7a12000-03-26 13:04:51 +1000421wildcards in the patterns.
Damien Miller942da032000-08-18 13:59:06 +1000422Only group names are valid; a numerical group ID isn't recognized.
Kevin Steves7b61cfa2001-01-14 19:11:00 +0000423By default login is allowed regardless of the group list.
Damien Miller32aa1441999-10-29 09:15:49 +1000424.Pp
425.It Cm DenyUsers
426This keyword can be followed by a number of user names, separated
Damien Miller450a7a12000-03-26 13:04:51 +1000427by spaces.
428Login is disallowed for user names that match one of the patterns.
Damien Miller32aa1441999-10-29 09:15:49 +1000429.Ql \&*
430and
431.Ql ?
Damien Miller450a7a12000-03-26 13:04:51 +1000432can be used as wildcards in the patterns.
Damien Miller942da032000-08-18 13:59:06 +1000433Only user names are valid; a numerical user ID isn't recognized.
Damien Miller450a7a12000-03-26 13:04:51 +1000434By default login is allowed regardless of the user name.
Damien Millere247cc42000-05-07 12:03:14 +1000435.It Cm GatewayPorts
436Specifies whether remote hosts are allowed to connect to ports
437forwarded for the client.
438The argument must be
439.Dq yes
440or
441.Dq no .
442The default is
443.Dq no .
Ben Lindstromc65e6a02001-04-23 13:02:16 +0000444.It Cm HostbasedAuthentication
445Specifies whether rhosts or /etc/hosts.equiv authentication together
446with successful public key client host authentication is allowed
447(hostbased authentication).
448This option is similar to
449.Cm RhostsRSAAuthentication
450and applies to protocol version 2 only.
451The default is
452.Dq no .
Damien Millere247cc42000-05-07 12:03:14 +1000453.It Cm HostKey
Damien Miller0bc1bd82000-11-13 22:57:25 +1100454Specifies the file containing the private host keys (default
Damien Millere247cc42000-05-07 12:03:14 +1000455.Pa /etc/ssh_host_key )
Damien Miller0bc1bd82000-11-13 22:57:25 +1100456used by SSH protocol versions 1 and 2.
Damien Millere247cc42000-05-07 12:03:14 +1000457Note that
458.Nm
Ben Lindstrom226cfa02001-01-22 05:34:40 +0000459will refuse to use a file if it is group/world-accessible.
Damien Miller0bc1bd82000-11-13 22:57:25 +1100460It is possible to have multiple host key files.
461.Dq rsa1
462keys are used for version 1 and
463.Dq dsa
464or
465.Dq rsa
466are used for version 2 of the SSH protocol.
Damien Miller32aa1441999-10-29 09:15:49 +1000467.It Cm IgnoreRhosts
Damien Miller98c7ad62000-03-09 21:27:49 +1100468Specifies that
469.Pa .rhosts
Damien Miller22c77262000-04-13 12:26:34 +1000470and
Damien Miller98c7ad62000-03-09 21:27:49 +1100471.Pa .shosts
Ben Lindstromc65e6a02001-04-23 13:02:16 +0000472files will not be used in
473.Cm RhostsAuthentication ,
474.Cm RhostsRSAAuthentication
475or
476.Cm HostbasedAuthentication .
477.Pp
Damien Miller32aa1441999-10-29 09:15:49 +1000478.Pa /etc/hosts.equiv
479and
Damien Miller22c77262000-04-13 12:26:34 +1000480.Pa /etc/shosts.equiv
Damien Miller450a7a12000-03-26 13:04:51 +1000481are still used.
Damien Miller22c77262000-04-13 12:26:34 +1000482The default is
Damien Miller98c7ad62000-03-09 21:27:49 +1100483.Dq yes .
Damien Miller32265091999-11-12 11:33:04 +1100484.It Cm IgnoreUserKnownHosts
485Specifies whether
486.Nm
487should ignore the user's
488.Pa $HOME/.ssh/known_hosts
489during
Ben Lindstromc65e6a02001-04-23 13:02:16 +0000490.Cm RhostsRSAAuthentication
491or
492.Cm HostbasedAuthentication .
Damien Miller32265091999-11-12 11:33:04 +1100493The default is
494.Dq no .
Damien Miller32aa1441999-10-29 09:15:49 +1000495.It Cm KeepAlive
496Specifies whether the system should send keepalive messages to the
Damien Miller450a7a12000-03-26 13:04:51 +1000497other side.
498If they are sent, death of the connection or crash of one
499of the machines will be properly noticed.
500However, this means that
Damien Miller32aa1441999-10-29 09:15:49 +1000501connections will die if the route is down temporarily, and some people
Damien Miller450a7a12000-03-26 13:04:51 +1000502find it annoying.
Damien Miller30c3d422000-05-09 11:02:59 +1000503On the other hand, if keepalives are not sent,
Damien Miller32aa1441999-10-29 09:15:49 +1000504sessions may hang indefinitely on the server, leaving
505.Dq ghost
506users and consuming server resources.
507.Pp
508The default is
509.Dq yes
510(to send keepalives), and the server will notice
Damien Miller450a7a12000-03-26 13:04:51 +1000511if the network goes down or the client host reboots.
512This avoids infinitely hanging sessions.
Damien Miller32aa1441999-10-29 09:15:49 +1000513.Pp
514To disable keepalives, the value should be set to
515.Dq no
516in both the server and the client configuration files.
517.It Cm KerberosAuthentication
Damien Miller450a7a12000-03-26 13:04:51 +1000518Specifies whether Kerberos authentication is allowed.
519This can be in the form of a Kerberos ticket, or if
Damien Miller32aa1441999-10-29 09:15:49 +1000520.Cm PasswordAuthentication
521is yes, the password provided by the user will be validated through
Damien Miller874d77b2000-10-14 16:23:11 +1100522the Kerberos KDC.
523To use this option, the server needs a
Damien Miller942da032000-08-18 13:59:06 +1000524Kerberos servtab which allows the verification of the KDC's identity.
Damien Miller450a7a12000-03-26 13:04:51 +1000525Default is
Damien Miller32aa1441999-10-29 09:15:49 +1000526.Dq yes .
527.It Cm KerberosOrLocalPasswd
528If set then if password authentication through Kerberos fails then
529the password will be validated via any additional local mechanism
530such as
Damien Miller62cee002000-09-23 17:15:56 +1100531.Pa /etc/passwd .
Damien Miller450a7a12000-03-26 13:04:51 +1000532Default is
Damien Miller32aa1441999-10-29 09:15:49 +1000533.Dq yes .
534.It Cm KerberosTgtPassing
535Specifies whether a Kerberos TGT may be forwarded to the server.
Damien Miller22c77262000-04-13 12:26:34 +1000536Default is
Damien Miller32aa1441999-10-29 09:15:49 +1000537.Dq no ,
538as this only works when the Kerberos KDC is actually an AFS kaserver.
539.It Cm KerberosTicketCleanup
540Specifies whether to automatically destroy the user's ticket cache
Damien Miller450a7a12000-03-26 13:04:51 +1000541file on logout.
542Default is
Damien Miller32aa1441999-10-29 09:15:49 +1000543.Dq yes .
544.It Cm KeyRegenerationInterval
Ben Lindstromc65e6a02001-04-23 13:02:16 +0000545In protocol version 1, the ephemeral server key is automatically regenerated
546after this many seconds (if it has been used).
Damien Miller450a7a12000-03-26 13:04:51 +1000547The purpose of regeneration is to prevent
Damien Miller32aa1441999-10-29 09:15:49 +1000548decrypting captured sessions by later breaking into the machine and
Damien Miller450a7a12000-03-26 13:04:51 +1000549stealing the keys.
550The key is never stored anywhere.
551If the value is 0, the key is never regenerated.
552The default is 3600 (seconds).
Damien Miller32aa1441999-10-29 09:15:49 +1000553.It Cm ListenAddress
Ben Lindstrom49e57a82001-04-08 18:02:43 +0000554Specifies the local addresses
Ben Lindstromc65e6a02001-04-23 13:02:16 +0000555.Nm
Damien Miller32aa1441999-10-29 09:15:49 +1000556should listen on.
Ben Lindstrom49e57a82001-04-08 18:02:43 +0000557The following forms may be used:
558.Pp
559.Bl -item -offset indent -compact
560.It
561.Cm ListenAddress
Ben Lindstrom1a598a42001-04-10 02:48:50 +0000562.Sm off
563.Ar host No | Ar IPv4_addr No | Ar IPv6_addr
564.Sm on
Ben Lindstrom49e57a82001-04-08 18:02:43 +0000565.It
566.Cm ListenAddress
Ben Lindstrom1a598a42001-04-10 02:48:50 +0000567.Sm off
568.Ar host No | Ar IPv4_addr No : Ar port
569.Sm on
Ben Lindstrom49e57a82001-04-08 18:02:43 +0000570.It
571.Cm ListenAddress
Ben Lindstrom1a598a42001-04-10 02:48:50 +0000572.Sm off
573.Oo
574.Ar host No | Ar IPv6_addr Oc : Ar port
575.Sm on
Ben Lindstrom49e57a82001-04-08 18:02:43 +0000576.El
577.Pp
578If
Ben Lindstrom1a598a42001-04-10 02:48:50 +0000579.Ar port
Ben Lindstrom49e57a82001-04-08 18:02:43 +0000580is not specified,
Ben Lindstromc65e6a02001-04-23 13:02:16 +0000581.Nm
Ben Lindstrom49e57a82001-04-08 18:02:43 +0000582will listen on the address and all prior
583.Cm Port
584options specified. The default is to listen on all local
585addresses. Multiple
586.Cm ListenAddress
587options are permitted. Additionally, any
588.Cm Port
589options must precede this option for non port qualified addresses.
Damien Miller32aa1441999-10-29 09:15:49 +1000590.It Cm LoginGraceTime
591The server disconnects after this time if the user has not
Damien Miller450a7a12000-03-26 13:04:51 +1000592successfully logged in.
593If the value is 0, there is no time limit.
Damien Miller32aa1441999-10-29 09:15:49 +1000594The default is 600 (seconds).
Damien Miller5ce662a1999-11-11 17:57:39 +1100595.It Cm LogLevel
596Gives the verbosity level that is used when logging messages from
597.Nm sshd .
598The possible values are:
Ben Lindstromdb65e8f2001-01-19 04:26:52 +0000599QUIET, FATAL, ERROR, INFO, VERBOSE and DEBUG.
600The default is INFO.
Damien Miller5ce662a1999-11-11 17:57:39 +1100601Logging with level DEBUG violates the privacy of users
602and is not recommended.
Ben Lindstrom06b33aa2001-02-15 03:01:59 +0000603.It Cm MACs
604Specifies the available MAC (message authentication code) algorithms.
605The MAC algorithm is used in protocol version 2
606for data integrity protection.
607Multiple algorithms must be comma-separated.
608The default is
Ben Lindstrombd0e2de2001-06-05 19:52:52 +0000609.Dq hmac-md5,hmac-sha1,hmac-ripemd160,hmac-sha1-96,hmac-md5-96 .
Damien Miller37023962000-07-11 17:31:38 +1000610.It Cm MaxStartups
611Specifies the maximum number of concurrent unauthenticated connections to the
612.Nm
613daemon.
614Additional connections will be dropped until authentication succeeds or the
615.Cm LoginGraceTime
616expires for a connection.
617The default is 10.
Damien Miller942da032000-08-18 13:59:06 +1000618.Pp
619Alternatively, random early drop can be enabled by specifying
620the three colon separated values
621.Dq start:rate:full
Damien Miller874d77b2000-10-14 16:23:11 +1100622(e.g., "10:30:60").
Damien Miller942da032000-08-18 13:59:06 +1000623.Nm
Ben Lindstroma7333502001-01-29 08:44:03 +0000624will refuse connection attempts with a probability of
Damien Miller942da032000-08-18 13:59:06 +1000625.Dq rate/100
626(30%)
627if there are currently
628.Dq start
629(10)
630unauthenticated connections.
Ben Lindstroma7333502001-01-29 08:44:03 +0000631The probability increases linearly and all connection attempts
Damien Miller942da032000-08-18 13:59:06 +1000632are refused if the number of unauthenticated connections reaches
633.Dq full
634(60).
Damien Millerf8154422001-04-25 22:44:14 +1000635.It Cm PAMAuthenticationViaKbdInt
636Specifies whether PAM challenge response authentication is allowed. This
637allows the use of most PAM challenge response authentication modules, but
638it will allow password authentication regardless of whether
639.Cm PasswordAuthentication
640is disabled.
641The default is
642.Dq no .
Damien Miller32aa1441999-10-29 09:15:49 +1000643.It Cm PasswordAuthentication
644Specifies whether password authentication is allowed.
645The default is
646.Dq yes .
647.It Cm PermitEmptyPasswords
648When password authentication is allowed, it specifies whether the
Damien Miller450a7a12000-03-26 13:04:51 +1000649server allows login to accounts with empty password strings.
650The default is
Damien Miller98c7ad62000-03-09 21:27:49 +1100651.Dq no .
Damien Miller32aa1441999-10-29 09:15:49 +1000652.It Cm PermitRootLogin
Ben Lindstrom323c98f2001-03-05 07:40:40 +0000653Specifies whether root can login using
Damien Miller32aa1441999-10-29 09:15:49 +1000654.Xr ssh 1 .
655The argument must be
656.Dq yes ,
Ben Lindstromd8a90212001-02-15 03:08:27 +0000657.Dq without-password ,
658.Dq forced-commands-only
Damien Miller32aa1441999-10-29 09:15:49 +1000659or
660.Dq no .
661The default is
662.Dq yes .
Damien Miller32aa1441999-10-29 09:15:49 +1000663.Pp
Ben Lindstromd8a90212001-02-15 03:08:27 +0000664If this option is set to
665.Dq without-password
666password authentication is disabled for root.
667.Pp
668If this option is set to
669.Dq forced-commands-only
670root login with public key authentication will be allowed,
671but only if the
Damien Miller32aa1441999-10-29 09:15:49 +1000672.Ar command
Ben Lindstromd8a90212001-02-15 03:08:27 +0000673option has been specified
Damien Miller32aa1441999-10-29 09:15:49 +1000674(which may be useful for taking remote backups even if root login is
Ben Lindstromd8a90212001-02-15 03:08:27 +0000675normally not allowed). All other authentication methods are disabled
676for root.
Ben Lindstrom323c98f2001-03-05 07:40:40 +0000677.Pp
678If this option is set to
679.Dq no
680root is not allowed to login.
Damien Miller6f83b8e2000-05-02 09:23:45 +1000681.It Cm PidFile
682Specifies the file that contains the process identifier of the
683.Nm
684daemon.
685The default is
686.Pa /var/run/sshd.pid .
Damien Miller32aa1441999-10-29 09:15:49 +1000687.It Cm Port
688Specifies the port number that
689.Nm
Damien Miller450a7a12000-03-26 13:04:51 +1000690listens on.
691The default is 22.
Damien Miller34132e52000-01-14 15:45:46 +1100692Multiple options of this type are permitted.
Ben Lindstromc65e6a02001-04-23 13:02:16 +0000693See also
694.Cm ListenAddress .
Ben Lindstrom7bfff362001-03-26 05:45:53 +0000695.It Cm PrintLastLog
696Specifies whether
697.Nm
698should print the date and time when the user last logged in.
699The default is
700.Dq yes .
Damien Miller32aa1441999-10-29 09:15:49 +1000701.It Cm PrintMotd
702Specifies whether
703.Nm
Damien Miller22c77262000-04-13 12:26:34 +1000704should print
Damien Miller32aa1441999-10-29 09:15:49 +1000705.Pa /etc/motd
Damien Miller450a7a12000-03-26 13:04:51 +1000706when a user logs in interactively.
707(On some systems it is also printed by the shell,
Damien Miller32aa1441999-10-29 09:15:49 +1000708.Pa /etc/profile ,
Damien Miller450a7a12000-03-26 13:04:51 +1000709or equivalent.)
710The default is
Damien Miller32aa1441999-10-29 09:15:49 +1000711.Dq yes .
Damien Miller22c77262000-04-13 12:26:34 +1000712.It Cm Protocol
713Specifies the protocol versions
714.Nm
715should support.
716The possible values are
717.Dq 1
718and
719.Dq 2 .
720Multiple versions must be comma-separated.
721The default is
Ben Lindstrombdc2beb2001-04-16 02:11:52 +0000722.Dq 2,1 .
Ben Lindstromff8b4942001-03-06 01:00:03 +0000723.It Cm PubkeyAuthentication
724Specifies whether public key authentication is allowed.
725The default is
726.Dq yes .
727Note that this option applies to protocol version 2 only.
Damien Miller33804262001-02-04 23:20:18 +1100728.It Cm ReverseMappingCheck
729Specifies whether
730.Nm
731should try to verify the remote host name and check that
732the resolved host name for the remote IP address maps back to the
733very same IP address.
734The default is
735.Dq no .
Damien Miller32aa1441999-10-29 09:15:49 +1000736.It Cm RhostsAuthentication
737Specifies whether authentication using rhosts or /etc/hosts.equiv
Damien Miller450a7a12000-03-26 13:04:51 +1000738files is sufficient.
739Normally, this method should not be permitted because it is insecure.
Damien Miller32aa1441999-10-29 09:15:49 +1000740.Cm RhostsRSAAuthentication
741should be used
742instead, because it performs RSA-based host authentication in addition
743to normal rhosts or /etc/hosts.equiv authentication.
744The default is
745.Dq no .
Ben Lindstromc65e6a02001-04-23 13:02:16 +0000746This option applies to protocol version 1 only.
Damien Miller32aa1441999-10-29 09:15:49 +1000747.It Cm RhostsRSAAuthentication
748Specifies whether rhosts or /etc/hosts.equiv authentication together
Damien Miller450a7a12000-03-26 13:04:51 +1000749with successful RSA host authentication is allowed.
750The default is
Damien Miller98c7ad62000-03-09 21:27:49 +1100751.Dq no .
Ben Lindstromc65e6a02001-04-23 13:02:16 +0000752This option applies to protocol version 1 only.
Damien Miller32aa1441999-10-29 09:15:49 +1000753.It Cm RSAAuthentication
Damien Miller450a7a12000-03-26 13:04:51 +1000754Specifies whether pure RSA authentication is allowed.
755The default is
Damien Miller32aa1441999-10-29 09:15:49 +1000756.Dq yes .
Ben Lindstromc65e6a02001-04-23 13:02:16 +0000757This option applies to protocol version 1 only.
Damien Miller32aa1441999-10-29 09:15:49 +1000758.It Cm ServerKeyBits
Ben Lindstromc65e6a02001-04-23 13:02:16 +0000759Defines the number of bits in the ephemeral protocol version 1 server key.
Damien Miller450a7a12000-03-26 13:04:51 +1000760The minimum value is 512, and the default is 768.
Damien Miller32aa1441999-10-29 09:15:49 +1000761.It Cm StrictModes
762Specifies whether
763.Nm
764should check file modes and ownership of the
Damien Miller450a7a12000-03-26 13:04:51 +1000765user's files and home directory before accepting login.
766This is normally desirable because novices sometimes accidentally leave their
767directory or files world-writable.
768The default is
Damien Miller32aa1441999-10-29 09:15:49 +1000769.Dq yes .
Damien Millerf6d9e222000-06-18 14:50:44 +1000770.It Cm Subsystem
Damien Miller874d77b2000-10-14 16:23:11 +1100771Configures an external subsystem (e.g., file transfer daemon).
772Arguments should be a subsystem name and a command to execute upon subsystem
773request.
Damien Miller7b28dc52000-09-05 13:34:53 +1100774The command
775.Xr sftp-server 8
776implements the
777.Dq sftp
778file transfer subsystem.
Damien Millerf6d9e222000-06-18 14:50:44 +1000779By default no subsystems are defined.
780Note that this option applies to protocol version 2 only.
Damien Miller32aa1441999-10-29 09:15:49 +1000781.It Cm SyslogFacility
782Gives the facility code that is used when logging messages from
783.Nm sshd .
784The possible values are: DAEMON, USER, AUTH, LOCAL0, LOCAL1, LOCAL2,
Damien Miller450a7a12000-03-26 13:04:51 +1000785LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7.
786The default is AUTH.
Damien Miller32aa1441999-10-29 09:15:49 +1000787.It Cm UseLogin
788Specifies whether
789.Xr login 1
Damien Millerd3a18572000-06-07 19:55:44 +1000790is used for interactive login sessions.
Ben Lindstrom699776e2001-06-21 03:14:49 +0000791The default is
792.Dq no .
Damien Millerd3a18572000-06-07 19:55:44 +1000793Note that
794.Xr login 1
Damien Miller942da032000-08-18 13:59:06 +1000795is never used for remote command execution.
Ben Lindstrom24643222001-06-25 05:08:11 +0000796Note also, that if this is enabled,
797.Cm X11Forwarding
Ben Lindstrom699776e2001-06-21 03:14:49 +0000798will be disabled because
799.Xr login 1
800does not know how to handle
Ben Lindstrom24643222001-06-25 05:08:11 +0000801.Xr xauth 1
Ben Lindstrom699776e2001-06-21 03:14:49 +0000802cookies.
Damien Miller32aa1441999-10-29 09:15:49 +1000803.It Cm X11DisplayOffset
804Specifies the first display number available for
805.Nm sshd Ns 's
Damien Miller450a7a12000-03-26 13:04:51 +1000806X11 forwarding.
807This prevents
Damien Miller32aa1441999-10-29 09:15:49 +1000808.Nm
809from interfering with real X11 servers.
Damien Miller98c7ad62000-03-09 21:27:49 +1100810The default is 10.
Damien Miller396691a2000-01-20 22:44:08 +1100811.It Cm X11Forwarding
Damien Miller450a7a12000-03-26 13:04:51 +1000812Specifies whether X11 forwarding is permitted.
813The default is
Damien Miller98c7ad62000-03-09 21:27:49 +1100814.Dq no .
Damien Miller396691a2000-01-20 22:44:08 +1100815Note that disabling X11 forwarding does not improve security in any
816way, as users can always install their own forwarders.
Ben Lindstrom24643222001-06-25 05:08:11 +0000817X11 forwarding is automatically disabled if
818.Cm UseLogin
819is enabled.
Damien Millerd3a18572000-06-07 19:55:44 +1000820.It Cm XAuthLocation
821Specifies the location of the
822.Xr xauth 1
823program.
824The default is
825.Pa /usr/X11R6/bin/xauth .
Damien Miller32aa1441999-10-29 09:15:49 +1000826.El
Ben Lindstrom1bda4c82001-06-05 19:59:08 +0000827.Ss Time Formats
828.Pp
829.Nm
830command-line arguments and configuration file options that specify time
831may be expressed using a sequence of the form:
832.Sm off
833.Ar time Oo Ar qualifier Oc ,
834.Sm on
835where
836.Ar time
837is a positive integer value and
838.Ar qualifier
839is one of the following:
840.Pp
841.Bl -tag -width Ds -compact -offset indent
842.It Cm <none>
843seconds
844.It Cm s | Cm S
845seconds
846.It Cm m | Cm M
847minutes
848.It Cm h | Cm H
849hours
850.It Cm d | Cm D
851days
852.It Cm w | Cm W
853weeks
854.El
855.Pp
856Each member of the sequence is added together to calculate
857the total time value.
858.Pp
859Time format examples:
860.Pp
861.Bl -tag -width Ds -compact -offset indent
862.It 600
863600 seconds (10 minutes)
864.It 10m
86510 minutes
866.It 1h30m
8671 hour 30 minutes (90 minutes)
868.El
Damien Miller32aa1441999-10-29 09:15:49 +1000869.Sh LOGIN PROCESS
870When a user successfully logs in,
871.Nm
872does the following:
873.Bl -enum -offset indent
874.It
875If the login is on a tty, and no command has been specified,
Damien Miller22c77262000-04-13 12:26:34 +1000876prints last login time and
Damien Miller32aa1441999-10-29 09:15:49 +1000877.Pa /etc/motd
878(unless prevented in the configuration file or by
879.Pa $HOME/.hushlogin ;
880see the
Damien Miller22c77262000-04-13 12:26:34 +1000881.Sx FILES
Damien Miller32aa1441999-10-29 09:15:49 +1000882section).
883.It
884If the login is on a tty, records login time.
885.It
886Checks
887.Pa /etc/nologin ;
888if it exists, prints contents and quits
889(unless root).
890.It
891Changes to run with normal user privileges.
892.It
893Sets up basic environment.
894.It
895Reads
896.Pa $HOME/.ssh/environment
897if it exists.
898.It
899Changes to user's home directory.
900.It
901If
902.Pa $HOME/.ssh/rc
903exists, runs it; else if
Damien Miller886c63a2000-01-20 23:13:36 +1100904.Pa /etc/sshrc
Damien Miller32aa1441999-10-29 09:15:49 +1000905exists, runs
Damien Miller450a7a12000-03-26 13:04:51 +1000906it; otherwise runs xauth.
907The
Damien Miller32aa1441999-10-29 09:15:49 +1000908.Dq rc
909files are given the X11
910authentication protocol and cookie in standard input.
911.It
912Runs user's shell or command.
913.El
914.Sh AUTHORIZED_KEYS FILE FORMAT
Damien Miller32aa1441999-10-29 09:15:49 +1000915.Pa $HOME/.ssh/authorized_keys
Ben Lindstromf96704d2001-06-25 04:17:12 +0000916is the default file that lists the public keys that are
917permitted for RSA authentication in protocol version 1
918and for public key authentication (PubkeyAuthentication)
Ben Lindstromc65e6a02001-04-23 13:02:16 +0000919in protocol version 2.
Ben Lindstromf96704d2001-06-25 04:17:12 +0000920.Cm AuthorizedKeysFile
Ben Lindstrombfb3a0e2001-06-05 20:25:05 +0000921may be used to specify an alternative file.
Ben Lindstrom4dccfa52000-12-28 16:40:05 +0000922.Pp
Damien Miller450a7a12000-03-26 13:04:51 +1000923Each line of the file contains one
Damien Miller32aa1441999-10-29 09:15:49 +1000924key (empty lines and lines starting with a
925.Ql #
926are ignored as
Damien Miller450a7a12000-03-26 13:04:51 +1000927comments).
Ben Lindstrom4dccfa52000-12-28 16:40:05 +0000928Each RSA public key consists of the following fields, separated by
Damien Miller450a7a12000-03-26 13:04:51 +1000929spaces: options, bits, exponent, modulus, comment.
Ben Lindstrom4dccfa52000-12-28 16:40:05 +0000930Each protocol version 2 public key consists of:
931options, keytype, base64 encoded key, comment.
932The options fields
933are optional; its presence is determined by whether the line starts
Damien Miller32aa1441999-10-29 09:15:49 +1000934with a number or not (the option field never starts with a number).
Ben Lindstrom4dccfa52000-12-28 16:40:05 +0000935The bits, exponent, modulus and comment fields give the RSA key for
936protocol version 1; the
Damien Miller32aa1441999-10-29 09:15:49 +1000937comment field is not used for anything (but may be convenient for the
938user to identify the key).
Ben Lindstrom4dccfa52000-12-28 16:40:05 +0000939For protocol version 2 the keytype is
940.Dq ssh-dss
941or
942.Dq ssh-rsa .
Damien Miller32aa1441999-10-29 09:15:49 +1000943.Pp
944Note that lines in this file are usually several hundred bytes long
Damien Miller450a7a12000-03-26 13:04:51 +1000945(because of the size of the RSA key modulus).
946You don't want to type them in; instead, copy the
Ben Lindstrom18a82ac2001-04-11 15:59:35 +0000947.Pa identity.pub ,
Ben Lindstrom4dccfa52000-12-28 16:40:05 +0000948.Pa id_dsa.pub
Ben Lindstrom18a82ac2001-04-11 15:59:35 +0000949or the
950.Pa id_rsa.pub
Damien Miller32aa1441999-10-29 09:15:49 +1000951file and edit it.
952.Pp
Damien Miller942da032000-08-18 13:59:06 +1000953The options (if present) consist of comma-separated option
Damien Miller450a7a12000-03-26 13:04:51 +1000954specifications.
955No spaces are permitted, except within double quotes.
Damien Miller32aa1441999-10-29 09:15:49 +1000956The following option specifications are supported:
957.Bl -tag -width Ds
958.It Cm from="pattern-list"
959Specifies that in addition to RSA authentication, the canonical name
960of the remote host must be present in the comma-separated list of
Damien Miller450a7a12000-03-26 13:04:51 +1000961patterns
962.Pf ( Ql *
963and
964.Ql ?
965serve as wildcards).
966The list may also contain
967patterns negated by prefixing them with
968.Ql ! ;
969if the canonical host name matches a negated pattern, the key is not accepted.
970The purpose
Damien Miller32aa1441999-10-29 09:15:49 +1000971of this option is to optionally increase security: RSA authentication
972by itself does not trust the network or name servers or anything (but
973the key); however, if somebody somehow steals the key, the key
Damien Miller450a7a12000-03-26 13:04:51 +1000974permits an intruder to log in from anywhere in the world.
975This additional option makes using a stolen key more difficult (name
Damien Miller32aa1441999-10-29 09:15:49 +1000976servers and/or routers would have to be compromised in addition to
977just the key).
978.It Cm command="command"
979Specifies that the command is executed whenever this key is used for
Damien Miller450a7a12000-03-26 13:04:51 +1000980authentication.
981The command supplied by the user (if any) is ignored.
Damien Miller32aa1441999-10-29 09:15:49 +1000982The command is run on a pty if the connection requests a pty;
Damien Miller450a7a12000-03-26 13:04:51 +1000983otherwise it is run without a tty.
Damien Miller33804262001-02-04 23:20:18 +1100984Note that if you want a 8-bit clean channel,
985you must not request a pty or should specify
986.Cm no-pty .
Damien Miller450a7a12000-03-26 13:04:51 +1000987A quote may be included in the command by quoting it with a backslash.
988This option might be useful
989to restrict certain RSA keys to perform just a specific operation.
990An example might be a key that permits remote backups but nothing else.
Damien Miller30c3d422000-05-09 11:02:59 +1000991Note that the client may specify TCP/IP and/or X11
992forwarding unless they are explicitly prohibited.
Damien Miller32aa1441999-10-29 09:15:49 +1000993.It Cm environment="NAME=value"
994Specifies that the string is to be added to the environment when
Damien Miller450a7a12000-03-26 13:04:51 +1000995logging in using this key.
996Environment variables set this way
997override other default environment values.
998Multiple options of this type are permitted.
Damien Miller32aa1441999-10-29 09:15:49 +1000999.It Cm no-port-forwarding
1000Forbids TCP/IP forwarding when this key is used for authentication.
Damien Miller450a7a12000-03-26 13:04:51 +10001001Any port forward requests by the client will return an error.
1002This might be used, e.g., in connection with the
Damien Miller32aa1441999-10-29 09:15:49 +10001003.Cm command
1004option.
1005.It Cm no-X11-forwarding
1006Forbids X11 forwarding when this key is used for authentication.
1007Any X11 forward requests by the client will return an error.
1008.It Cm no-agent-forwarding
1009Forbids authentication agent forwarding when this key is used for
1010authentication.
1011.It Cm no-pty
1012Prevents tty allocation (a request to allocate a pty will fail).
Damien Millera243fde2001-03-19 23:16:08 +11001013.It Cm permitopen="host:port"
Ben Lindstrom24643222001-06-25 05:08:11 +00001014Limit local
Damien Millera243fde2001-03-19 23:16:08 +11001015.Li ``ssh -L''
Ben Lindstrom4b3564e2001-04-10 02:41:56 +00001016port forwarding such that it may only connect to the specified host and
Ben Lindstrom24643222001-06-25 05:08:11 +00001017port. Multiple
Damien Millera243fde2001-03-19 23:16:08 +11001018.Cm permitopen
Ben Lindstrom24643222001-06-25 05:08:11 +00001019options may be applied separated by commas. No pattern matching is
1020performed on the specified hostnames, they must be literal domains or
Damien Millera243fde2001-03-19 23:16:08 +11001021addresses.
Damien Miller32aa1441999-10-29 09:15:49 +10001022.El
1023.Ss Examples
10241024 33 12121.\|.\|.\|312314325 ylo@foo.bar
1025.Pp
1026from="*.niksula.hut.fi,!pc.niksula.hut.fi" 1024 35 23.\|.\|.\|2334 ylo@niksula
1027.Pp
1028command="dump /home",no-pty,no-port-forwarding 1024 33 23.\|.\|.\|2323 backup.hut.fi
Damien Millera243fde2001-03-19 23:16:08 +11001029.Pp
1030permitopen="10.2.1.55:80",permitopen="10.2.1.56:25" 1024 33 23.\|.\|.\|2323
Damien Miller32aa1441999-10-29 09:15:49 +10001031.Sh SSH_KNOWN_HOSTS FILE FORMAT
Damien Miller22c77262000-04-13 12:26:34 +10001032The
Damien Millere247cc42000-05-07 12:03:14 +10001033.Pa /etc/ssh_known_hosts ,
Damien Miller22c77262000-04-13 12:26:34 +10001034and
Ben Lindstromd6481ea2001-06-25 04:37:41 +00001035.Pa $HOME/.ssh/known_hosts
Damien Miller450a7a12000-03-26 13:04:51 +10001036files contain host public keys for all known hosts.
1037The global file should
1038be prepared by the administrator (optional), and the per-user file is
Damien Miller942da032000-08-18 13:59:06 +10001039maintained automatically: whenever the user connects from an unknown host
Damien Miller450a7a12000-03-26 13:04:51 +10001040its key is added to the per-user file.
Damien Miller32aa1441999-10-29 09:15:49 +10001041.Pp
1042Each line in these files contains the following fields: hostnames,
Damien Miller450a7a12000-03-26 13:04:51 +10001043bits, exponent, modulus, comment.
1044The fields are separated by spaces.
Damien Miller32aa1441999-10-29 09:15:49 +10001045.Pp
1046Hostnames is a comma-separated list of patterns ('*' and '?' act as
1047wildcards); each pattern in turn is matched against the canonical host
1048name (when authenticating a client) or against the user-supplied
Damien Miller450a7a12000-03-26 13:04:51 +10001049name (when authenticating a server).
1050A pattern may also be preceded by
Damien Miller32aa1441999-10-29 09:15:49 +10001051.Ql !
1052to indicate negation: if the host name matches a negated
1053pattern, it is not accepted (by that line) even if it matched another
1054pattern on the line.
1055.Pp
Damien Millere247cc42000-05-07 12:03:14 +10001056Bits, exponent, and modulus are taken directly from the RSA host key; they
Damien Miller32aa1441999-10-29 09:15:49 +10001057can be obtained, e.g., from
Damien Miller886c63a2000-01-20 23:13:36 +11001058.Pa /etc/ssh_host_key.pub .
Damien Miller32aa1441999-10-29 09:15:49 +10001059The optional comment field continues to the end of the line, and is not used.
1060.Pp
1061Lines starting with
1062.Ql #
1063and empty lines are ignored as comments.
1064.Pp
1065When performing host authentication, authentication is accepted if any
Damien Miller450a7a12000-03-26 13:04:51 +10001066matching line has the proper key.
1067It is thus permissible (but not
Damien Miller32aa1441999-10-29 09:15:49 +10001068recommended) to have several lines or different host keys for the same
Damien Miller450a7a12000-03-26 13:04:51 +10001069names.
1070This will inevitably happen when short forms of host names
1071from different domains are put in the file.
1072It is possible
Damien Miller32aa1441999-10-29 09:15:49 +10001073that the files contain conflicting information; authentication is
1074accepted if valid information can be found from either file.
1075.Pp
1076Note that the lines in these files are typically hundreds of characters
1077long, and you definitely don't want to type in the host keys by hand.
1078Rather, generate them by a script
Damien Miller22c77262000-04-13 12:26:34 +10001079or by taking
Damien Miller886c63a2000-01-20 23:13:36 +11001080.Pa /etc/ssh_host_key.pub
Damien Miller32aa1441999-10-29 09:15:49 +10001081and adding the host names at the front.
1082.Ss Examples
Ben Lindstromc65e6a02001-04-23 13:02:16 +00001083.Bd -literal
1084closenet,.\|.\|.\|,130.233.208.41 1024 37 159.\|.\|.93 closenet.hut.fi
1085cvs.openbsd.org,199.185.137.3 ssh-rsa AAAA1234.....=
1086.Ed
Damien Miller32aa1441999-10-29 09:15:49 +10001087.Sh FILES
1088.Bl -tag -width Ds
Damien Miller886c63a2000-01-20 23:13:36 +11001089.It Pa /etc/sshd_config
Damien Miller32aa1441999-10-29 09:15:49 +10001090Contains configuration data for
1091.Nm sshd .
1092This file should be writable by root only, but it is recommended
1093(though not necessary) that it be world-readable.
Ben Lindstromd7f5b512001-03-05 06:57:23 +00001094.It Pa /etc/ssh_host_key, /etc/ssh_host_dsa_key, /etc/ssh_host_rsa_key
Ben Lindstromc65e6a02001-04-23 13:02:16 +00001095These three files contain the private parts of the host keys.
Ben Lindstromd7f5b512001-03-05 06:57:23 +00001096These files should only be owned by root, readable only by root, and not
Damien Miller32aa1441999-10-29 09:15:49 +10001097accessible to others.
1098Note that
1099.Nm
1100does not start if this file is group/world-accessible.
Ben Lindstromd7f5b512001-03-05 06:57:23 +00001101.It Pa /etc/ssh_host_key.pub, /etc/ssh_host_dsa_key.pub, /etc/ssh_host_rsa_key.pub
Ben Lindstromc65e6a02001-04-23 13:02:16 +00001102These three files contain the public parts of the host keys.
Ben Lindstromd7f5b512001-03-05 06:57:23 +00001103These files should be world-readable but writable only by
Damien Miller450a7a12000-03-26 13:04:51 +10001104root.
Ben Lindstromd7f5b512001-03-05 06:57:23 +00001105Their contents should match the respective private parts.
1106These files are not
1107really used for anything; they are provided for the convenience of
1108the user so their contents can be copied to known hosts files.
1109These files are created using
Damien Miller32aa1441999-10-29 09:15:49 +10001110.Xr ssh-keygen 1 .
Ben Lindstromae1c51c2001-06-25 04:14:59 +00001111.It Pa /etc/moduli
Damien Millere39cacc2000-11-29 12:18:44 +11001112Contains Diffie-Hellman groups used for the "Diffie-Hellman Group Exchange".
Damien Miller886c63a2000-01-20 23:13:36 +11001113.It Pa /var/run/sshd.pid
Damien Miller32aa1441999-10-29 09:15:49 +10001114Contains the process ID of the
1115.Nm
1116listening for connections (if there are several daemons running
1117concurrently for different ports, this contains the pid of the one
Damien Miller450a7a12000-03-26 13:04:51 +10001118started last).
Damien Miller942da032000-08-18 13:59:06 +10001119The content of this file is not sensitive; it can be world-readable.
Damien Miller32aa1441999-10-29 09:15:49 +10001120.It Pa $HOME/.ssh/authorized_keys
Ben Lindstromc65e6a02001-04-23 13:02:16 +00001121Lists the public keys (RSA or DSA) that can be used to log into the user's account.
Damien Millere247cc42000-05-07 12:03:14 +10001122This file must be readable by root (which may on some machines imply
1123it being world-readable if the user's home directory resides on an NFS
1124volume).
1125It is recommended that it not be accessible by others.
1126The format of this file is described above.
1127Users will place the contents of their
Ben Lindstromf96704d2001-06-25 04:17:12 +00001128.Pa identity.pub ,
Damien Millere247cc42000-05-07 12:03:14 +10001129.Pa id_dsa.pub
Ben Lindstrom18a82ac2001-04-11 15:59:35 +00001130and/or
1131.Pa id_rsa.pub
Damien Millere247cc42000-05-07 12:03:14 +10001132files into this file, as described in
1133.Xr ssh-keygen 1 .
Damien Miller886c63a2000-01-20 23:13:36 +11001134.It Pa "/etc/ssh_known_hosts" and "$HOME/.ssh/known_hosts"
Damien Miller5ce662a1999-11-11 17:57:39 +11001135These files are consulted when using rhosts with RSA host
Ben Lindstromd6481ea2001-06-25 04:37:41 +00001136authentication or protocol version 2 hostbased authentication
1137to check the public key of the host.
Damien Miller450a7a12000-03-26 13:04:51 +10001138The key must be listed in one of these files to be accepted.
Damien Miller33e511e1999-11-11 11:43:13 +11001139The client uses the same files
Ben Lindstromebd888d2001-03-05 05:49:29 +00001140to verify that it is connecting to the correct remote host.
Damien Miller450a7a12000-03-26 13:04:51 +10001141These files should be writable only by root/the owner.
Damien Miller886c63a2000-01-20 23:13:36 +11001142.Pa /etc/ssh_known_hosts
Damien Miller32aa1441999-10-29 09:15:49 +10001143should be world-readable, and
1144.Pa $HOME/.ssh/known_hosts
1145can but need not be world-readable.
1146.It Pa /etc/nologin
Damien Miller22c77262000-04-13 12:26:34 +10001147If this file exists,
Damien Miller32aa1441999-10-29 09:15:49 +10001148.Nm
Damien Miller450a7a12000-03-26 13:04:51 +10001149refuses to let anyone except root log in.
1150The contents of the file
Damien Miller32aa1441999-10-29 09:15:49 +10001151are displayed to anyone trying to log in, and non-root connections are
Damien Miller450a7a12000-03-26 13:04:51 +10001152refused.
1153The file should be world-readable.
Damien Miller32aa1441999-10-29 09:15:49 +10001154.It Pa /etc/hosts.allow, /etc/hosts.deny
1155If compiled with
1156.Sy LIBWRAP
1157support, tcp-wrappers access controls may be defined here as described in
1158.Xr hosts_access 5 .
1159.It Pa $HOME/.rhosts
1160This file contains host-username pairs, separated by a space, one per
Damien Miller450a7a12000-03-26 13:04:51 +10001161line.
1162The given user on the corresponding host is permitted to log in
1163without password.
1164The same file is used by rlogind and rshd.
Damien Miller32aa1441999-10-29 09:15:49 +10001165The file must
1166be writable only by the user; it is recommended that it not be
1167accessible by others.
1168.Pp
Damien Miller450a7a12000-03-26 13:04:51 +10001169If is also possible to use netgroups in the file.
1170Either host or user
Damien Miller32aa1441999-10-29 09:15:49 +10001171name may be of the form +@groupname to specify all hosts or all users
1172in the group.
1173.It Pa $HOME/.shosts
1174For ssh,
1175this file is exactly the same as for
1176.Pa .rhosts .
1177However, this file is
1178not used by rlogin and rshd, so using this permits access using SSH only.
Damien Miller942da032000-08-18 13:59:06 +10001179.It Pa /etc/hosts.equiv
Damien Miller32aa1441999-10-29 09:15:49 +10001180This file is used during
1181.Pa .rhosts
Damien Miller450a7a12000-03-26 13:04:51 +10001182authentication.
1183In the simplest form, this file contains host names, one per line.
1184Users on
Damien Miller32aa1441999-10-29 09:15:49 +10001185those hosts are permitted to log in without a password, provided they
Damien Miller450a7a12000-03-26 13:04:51 +10001186have the same user name on both machines.
1187The host name may also be
Damien Miller32aa1441999-10-29 09:15:49 +10001188followed by a user name; such users are permitted to log in as
1189.Em any
Damien Miller450a7a12000-03-26 13:04:51 +10001190user on this machine (except root).
1191Additionally, the syntax
Damien Miller32aa1441999-10-29 09:15:49 +10001192.Dq +@group
Damien Miller450a7a12000-03-26 13:04:51 +10001193can be used to specify netgroups.
1194Negated entries start with
Damien Miller32aa1441999-10-29 09:15:49 +10001195.Ql \&- .
1196.Pp
1197If the client host/user is successfully matched in this file, login is
1198automatically permitted provided the client and server user names are the
Damien Miller450a7a12000-03-26 13:04:51 +10001199same.
1200Additionally, successful RSA host authentication is normally required.
1201This file must be writable only by root; it is recommended
Damien Miller32aa1441999-10-29 09:15:49 +10001202that it be world-readable.
1203.Pp
1204.Sy "Warning: It is almost never a good idea to use user names in"
1205.Pa hosts.equiv .
1206Beware that it really means that the named user(s) can log in as
1207.Em anybody ,
1208which includes bin, daemon, adm, and other accounts that own critical
Damien Miller450a7a12000-03-26 13:04:51 +10001209binaries and directories.
1210Using a user name practically grants the user root access.
1211The only valid use for user names that I can think
Damien Miller32aa1441999-10-29 09:15:49 +10001212of is in negative entries.
1213.Pp
1214Note that this warning also applies to rsh/rlogin.
Damien Miller886c63a2000-01-20 23:13:36 +11001215.It Pa /etc/shosts.equiv
Damien Miller32aa1441999-10-29 09:15:49 +10001216This is processed exactly as
1217.Pa /etc/hosts.equiv .
1218However, this file may be useful in environments that want to run both
1219rsh/rlogin and ssh.
1220.It Pa $HOME/.ssh/environment
Damien Miller450a7a12000-03-26 13:04:51 +10001221This file is read into the environment at login (if it exists).
1222It can only contain empty lines, comment lines (that start with
Damien Miller32aa1441999-10-29 09:15:49 +10001223.Ql # ) ,
Damien Miller450a7a12000-03-26 13:04:51 +10001224and assignment lines of the form name=value.
1225The file should be writable
Damien Miller32aa1441999-10-29 09:15:49 +10001226only by the user; it need not be readable by anyone else.
1227.It Pa $HOME/.ssh/rc
1228If this file exists, it is run with /bin/sh after reading the
Damien Miller450a7a12000-03-26 13:04:51 +10001229environment files but before starting the user's shell or command.
1230If X11 spoofing is in use, this will receive the "proto cookie" pair in
Damien Miller32aa1441999-10-29 09:15:49 +10001231standard input (and
1232.Ev DISPLAY
Damien Miller450a7a12000-03-26 13:04:51 +10001233in environment).
1234This must call
Damien Miller32aa1441999-10-29 09:15:49 +10001235.Xr xauth 1
1236in that case.
1237.Pp
1238The primary purpose of this file is to run any initialization routines
1239which may be needed before the user's home directory becomes
1240accessible; AFS is a particular example of such an environment.
1241.Pp
1242This file will probably contain some initialization code followed by
Ben Lindstromc65e6a02001-04-23 13:02:16 +00001243something similar to:
1244.Bd -literal
1245 if read proto cookie; then
1246 echo add $DISPLAY $proto $cookie | xauth -q -
1247 fi
1248.Ed
Damien Miller32aa1441999-10-29 09:15:49 +10001249.Pp
1250If this file does not exist,
Damien Miller886c63a2000-01-20 23:13:36 +11001251.Pa /etc/sshrc
Damien Miller32aa1441999-10-29 09:15:49 +10001252is run, and if that
1253does not exist either, xauth is used to store the cookie.
1254.Pp
1255This file should be writable only by the user, and need not be
1256readable by anyone else.
Damien Miller886c63a2000-01-20 23:13:36 +11001257.It Pa /etc/sshrc
Damien Miller32aa1441999-10-29 09:15:49 +10001258Like
1259.Pa $HOME/.ssh/rc .
1260This can be used to specify
Damien Miller450a7a12000-03-26 13:04:51 +10001261machine-specific login-time initializations globally.
1262This file should be writable only by root, and should be world-readable.
Damien Miller37023962000-07-11 17:31:38 +10001263.El
Damien Miller0bc1bd82000-11-13 22:57:25 +11001264.Sh AUTHORS
Ben Lindstrom8eec2c82001-01-29 08:39:16 +00001265OpenSSH is a derivative of the original and free
1266ssh 1.2.12 release by Tatu Ylonen.
1267Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos,
1268Theo de Raadt and Dug Song
1269removed many bugs, re-added newer features and
1270created OpenSSH.
1271Markus Friedl contributed the support for SSH
1272protocol versions 1.5 and 2.0.
Damien Miller32aa1441999-10-29 09:15:49 +10001273.Sh SEE ALSO
Damien Miller32aa1441999-10-29 09:15:49 +10001274.Xr scp 1 ,
Damien Miller33804262001-02-04 23:20:18 +11001275.Xr sftp 1 ,
Damien Miller32aa1441999-10-29 09:15:49 +10001276.Xr ssh 1 ,
1277.Xr ssh-add 1 ,
1278.Xr ssh-agent 1 ,
1279.Xr ssh-keygen 1 ,
Ben Lindstromc8e29ce2001-08-06 20:55:28 +00001280.Xr login.conf 5 ,
1281.Xr moduli 5 ,
Ben Lindstromd2bf0d62001-06-25 04:10:54 +00001282.Xr sftp-server 8
Ben Lindstrom160ec622001-04-22 17:17:46 +00001283.Rs
1284.%A T. Ylonen
1285.%A T. Kivinen
1286.%A M. Saarinen
1287.%A T. Rinne
1288.%A S. Lehtinen
1289.%T "SSH Protocol Architecture"
Ben Lindstrom020a8692001-08-06 21:38:10 +00001290.%N draft-ietf-secsh-architecture-09.txt
1291.%D July 2001
Ben Lindstrom160ec622001-04-22 17:17:46 +00001292.%O work in progress material
1293.Re
Ben Lindstromc65e6a02001-04-23 13:02:16 +00001294.Rs
1295.%A M. Friedl
1296.%A N. Provos
1297.%A W. A. Simpson
1298.%T "Diffie-Hellman Group Exchange for the SSH Transport Layer Protocol"
Ben Lindstrom3c798d42001-06-25 04:39:22 +00001299.%N draft-ietf-secsh-dh-group-exchange-01.txt
1300.%D April 2001
Ben Lindstromc65e6a02001-04-23 13:02:16 +00001301.%O work in progress material
1302.Re