blob: e143e84d473d52c0a4933a810aad232b47e11041 [file] [log] [blame]
Damien Miller32aa1441999-10-29 09:15:49 +10001.\" -*- nroff -*-
2.\"
Damien Miller32aa1441999-10-29 09:15:49 +10003.\" Author: Tatu Ylonen <ylo@cs.hut.fi>
Damien Miller32aa1441999-10-29 09:15:49 +10004.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
5.\" All rights reserved
6.\"
Damien Millere4340be2000-09-16 13:29:08 +11007.\" As far as I am concerned, the code I have written for this software
8.\" can be used freely for any purpose. Any derived versions of this
9.\" software must be clearly marked as such, and if the derived work is
10.\" incompatible with the protocol description in the RFC file, it must be
11.\" called by a name other than "ssh" or "Secure Shell".
Damien Miller32aa1441999-10-29 09:15:49 +100012.\"
Ben Lindstrom92a2e382001-03-05 06:59:27 +000013.\" Copyright (c) 1999,2000 Markus Friedl. All rights reserved.
14.\" Copyright (c) 1999 Aaron Campbell. All rights reserved.
15.\" Copyright (c) 1999 Theo de Raadt. All rights reserved.
Damien Millere4340be2000-09-16 13:29:08 +110016.\"
17.\" Redistribution and use in source and binary forms, with or without
18.\" modification, are permitted provided that the following conditions
19.\" are met:
20.\" 1. Redistributions of source code must retain the above copyright
21.\" notice, this list of conditions and the following disclaimer.
22.\" 2. Redistributions in binary form must reproduce the above copyright
23.\" notice, this list of conditions and the following disclaimer in the
24.\" documentation and/or other materials provided with the distribution.
25.\"
26.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
27.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
28.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
29.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
30.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
31.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
32.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
33.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
34.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
35.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
Damien Miller32aa1441999-10-29 09:15:49 +100036.\"
Ben Lindstrom24643222001-06-25 05:08:11 +000037.\" $OpenBSD: sshd.8,v 1.133 2001/06/23 17:48:19 itojun Exp $
Damien Miller32aa1441999-10-29 09:15:49 +100038.Dd September 25, 1999
39.Dt SSHD 8
40.Os
41.Sh NAME
42.Nm sshd
Ben Lindstromc65e6a02001-04-23 13:02:16 +000043.Nd OpenSSH SSH daemon
Damien Miller32aa1441999-10-29 09:15:49 +100044.Sh SYNOPSIS
45.Nm sshd
Ben Lindstrom9fce9f02001-04-11 23:10:09 +000046.Op Fl deiqD46
Damien Miller32aa1441999-10-29 09:15:49 +100047.Op Fl b Ar bits
48.Op Fl f Ar config_file
49.Op Fl g Ar login_grace_time
50.Op Fl h Ar host_key_file
51.Op Fl k Ar key_gen_time
52.Op Fl p Ar port
Damien Miller942da032000-08-18 13:59:06 +100053.Op Fl u Ar len
Damien Miller95def091999-11-25 00:26:21 +110054.Op Fl V Ar client_protocol_id
Damien Miller22c77262000-04-13 12:26:34 +100055.Sh DESCRIPTION
Damien Miller32aa1441999-10-29 09:15:49 +100056.Nm
Ben Lindstromd58eb5f2001-03-07 06:07:22 +000057(SSH Daemon) is the daemon program for
Damien Miller32aa1441999-10-29 09:15:49 +100058.Xr ssh 1 .
Damien Miller35dabd02000-05-01 21:10:33 +100059Together these programs replace rlogin and rsh, and
Damien Miller32aa1441999-10-29 09:15:49 +100060provide secure encrypted communications between two untrusted hosts
Damien Miller450a7a12000-03-26 13:04:51 +100061over an insecure network.
62The programs are intended to be as easy to
Damien Miller32aa1441999-10-29 09:15:49 +100063install and use as possible.
64.Pp
65.Nm
Damien Miller450a7a12000-03-26 13:04:51 +100066is the daemon that listens for connections from clients.
Damien Miller22c77262000-04-13 12:26:34 +100067It is normally started at boot from
Damien Miller32aa1441999-10-29 09:15:49 +100068.Pa /etc/rc .
69It forks a new
Damien Miller450a7a12000-03-26 13:04:51 +100070daemon for each incoming connection.
71The forked daemons handle
Damien Miller32aa1441999-10-29 09:15:49 +100072key exchange, encryption, authentication, command execution,
73and data exchange.
Damien Millere247cc42000-05-07 12:03:14 +100074This implementation of
75.Nm
76supports both SSH protocol version 1 and 2 simultaneously.
Damien Miller32aa1441999-10-29 09:15:49 +100077.Nm
Damien Miller450a7a12000-03-26 13:04:51 +100078works as follows.
Damien Millere247cc42000-05-07 12:03:14 +100079.Pp
80.Ss SSH protocol version 1
81.Pp
Damien Miller450a7a12000-03-26 13:04:51 +100082Each host has a host-specific RSA key
83(normally 1024 bits) used to identify the host.
84Additionally, when
Damien Miller32aa1441999-10-29 09:15:49 +100085the daemon starts, it generates a server RSA key (normally 768 bits).
86This key is normally regenerated every hour if it has been used, and
87is never stored on disk.
88.Pp
Damien Miller35dabd02000-05-01 21:10:33 +100089Whenever a client connects the daemon responds with its public
90host and server keys.
Damien Miller450a7a12000-03-26 13:04:51 +100091The client compares the
Damien Millere247cc42000-05-07 12:03:14 +100092RSA host key against its own database to verify that it has not changed.
Damien Miller450a7a12000-03-26 13:04:51 +100093The client then generates a 256 bit random number.
94It encrypts this
Damien Miller32aa1441999-10-29 09:15:49 +100095random number using both the host key and the server key, and sends
Damien Miller450a7a12000-03-26 13:04:51 +100096the encrypted number to the server.
Damien Miller35dabd02000-05-01 21:10:33 +100097Both sides then use this
Damien Miller32aa1441999-10-29 09:15:49 +100098random number as a session key which is used to encrypt all further
Damien Miller450a7a12000-03-26 13:04:51 +100099communications in the session.
100The rest of the session is encrypted
Damien Miller35dabd02000-05-01 21:10:33 +1000101using a conventional cipher, currently Blowfish or 3DES, with 3DES
Damien Millerb38eff82000-04-01 11:09:21 +1000102being used by default.
Damien Miller450a7a12000-03-26 13:04:51 +1000103The client selects the encryption algorithm
Damien Miller32aa1441999-10-29 09:15:49 +1000104to use from those offered by the server.
105.Pp
Damien Miller450a7a12000-03-26 13:04:51 +1000106Next, the server and the client enter an authentication dialog.
107The client tries to authenticate itself using
Damien Miller32aa1441999-10-29 09:15:49 +1000108.Pa .rhosts
109authentication,
110.Pa .rhosts
111authentication combined with RSA host
112authentication, RSA challenge-response authentication, or password
113based authentication.
114.Pp
115Rhosts authentication is normally disabled
116because it is fundamentally insecure, but can be enabled in the server
Damien Miller450a7a12000-03-26 13:04:51 +1000117configuration file if desired.
118System security is not improved unless
Damien Miller32aa1441999-10-29 09:15:49 +1000119.Xr rshd 8 ,
120.Xr rlogind 8 ,
121.Xr rexecd 8 ,
122and
123.Xr rexd 8
124are disabled (thus completely disabling
125.Xr rlogin 1
126and
127.Xr rsh 1
Damien Miller35dabd02000-05-01 21:10:33 +1000128into the machine).
Damien Miller32aa1441999-10-29 09:15:49 +1000129.Pp
Damien Millere247cc42000-05-07 12:03:14 +1000130.Ss SSH protocol version 2
131.Pp
Damien Miller942da032000-08-18 13:59:06 +1000132Version 2 works similarly:
Damien Millere247cc42000-05-07 12:03:14 +1000133Each host has a host-specific DSA key used to identify the host.
134However, when the daemon starts, it does not generate a server key.
135Forward security is provided through a Diffie-Hellman key agreement.
136This key agreement results in a shared session key.
Ben Lindstromc65e6a02001-04-23 13:02:16 +0000137.Pp
Ben Lindstromfd2e05b2001-03-05 07:48:45 +0000138The rest of the session is encrypted using a symmetric cipher, currently
Ben Lindstromc65e6a02001-04-23 13:02:16 +0000139128 bit AES, Blowfish, 3DES, CAST128, Arcfour, 192 bit AES, or 256 bit AES.
Damien Millere247cc42000-05-07 12:03:14 +1000140The client selects the encryption algorithm
141to use from those offered by the server.
142Additionally, session integrity is provided
Damien Miller30c3d422000-05-09 11:02:59 +1000143through a cryptographic message authentication code
Damien Millere247cc42000-05-07 12:03:14 +1000144(hmac-sha1 or hmac-md5).
145.Pp
146Protocol version 2 provides a public key based
Ben Lindstromc65e6a02001-04-23 13:02:16 +0000147user (PubkeyAuthentication) or
148client host (HostbasedAuthentication) authentication method,
149conventional password authentication and challenge response based methods.
Damien Millere247cc42000-05-07 12:03:14 +1000150.Pp
151.Ss Command execution and data forwarding
152.Pp
Damien Miller32aa1441999-10-29 09:15:49 +1000153If the client successfully authenticates itself, a dialog for
Damien Miller450a7a12000-03-26 13:04:51 +1000154preparing the session is entered.
155At this time the client may request
Damien Miller32aa1441999-10-29 09:15:49 +1000156things like allocating a pseudo-tty, forwarding X11 connections,
157forwarding TCP/IP connections, or forwarding the authentication agent
158connection over the secure channel.
159.Pp
160Finally, the client either requests a shell or execution of a command.
Damien Miller450a7a12000-03-26 13:04:51 +1000161The sides then enter session mode.
162In this mode, either side may send
Damien Miller32aa1441999-10-29 09:15:49 +1000163data at any time, and such data is forwarded to/from the shell or
164command on the server side, and the user terminal in the client side.
165.Pp
166When the user program terminates and all forwarded X11 and other
167connections have been closed, the server sends command exit status to
168the client, and both sides exit.
169.Pp
170.Nm
171can be configured using command-line options or a configuration
Damien Miller450a7a12000-03-26 13:04:51 +1000172file.
173Command-line options override values specified in the
Damien Miller32aa1441999-10-29 09:15:49 +1000174configuration file.
175.Pp
Damien Miller6162d121999-11-21 13:23:52 +1100176.Nm
177rereads its configuration file when it receives a hangup signal,
Ben Lindstrom49a098d2001-03-05 06:55:18 +0000178.Dv SIGHUP ,
Ben Lindstromd2bf0d62001-06-25 04:10:54 +0000179by executing itself with the name it was started as, i.e.,
Ben Lindstrom49a098d2001-03-05 06:55:18 +0000180.Pa /usr/sbin/sshd .
Damien Miller6162d121999-11-21 13:23:52 +1100181.Pp
Damien Miller32aa1441999-10-29 09:15:49 +1000182The options are as follows:
183.Bl -tag -width Ds
184.It Fl b Ar bits
Ben Lindstromc65e6a02001-04-23 13:02:16 +0000185Specifies the number of bits in the ephemeral protocol version 1
186server key (default 768).
Damien Miller32aa1441999-10-29 09:15:49 +1000187.Pp
188.It Fl d
Damien Miller450a7a12000-03-26 13:04:51 +1000189Debug mode.
190The server sends verbose debug output to the system
191log, and does not put itself in the background.
192The server also will not fork and will only process one connection.
193This option is only intended for debugging for the server.
Ben Lindstromc65e6a02001-04-23 13:02:16 +0000194Multiple -d options increase the debugging level.
Damien Miller874d77b2000-10-14 16:23:11 +1100195Maximum is 3.
Ben Lindstromc65e6a02001-04-23 13:02:16 +0000196.It Fl e
197When this option is specified,
198.Nm
199will send the output to the standard error instead of the system log.
Damien Miller32aa1441999-10-29 09:15:49 +1000200.It Fl f Ar configuration_file
Damien Miller450a7a12000-03-26 13:04:51 +1000201Specifies the name of the configuration file.
202The default is
Damien Miller886c63a2000-01-20 23:13:36 +1100203.Pa /etc/sshd_config .
Damien Miller32aa1441999-10-29 09:15:49 +1000204.Nm
205refuses to start if there is no configuration file.
206.It Fl g Ar login_grace_time
207Gives the grace time for clients to authenticate themselves (default
Kevin Steves9ce907c2001-01-07 11:53:40 +0000208600 seconds).
Damien Miller450a7a12000-03-26 13:04:51 +1000209If the client fails to authenticate the user within
210this many seconds, the server disconnects and exits.
211A value of zero indicates no limit.
Damien Miller32aa1441999-10-29 09:15:49 +1000212.It Fl h Ar host_key_file
Ben Lindstrom4dccfa52000-12-28 16:40:05 +0000213Specifies the file from which the host key is read (default
Damien Miller886c63a2000-01-20 23:13:36 +1100214.Pa /etc/ssh_host_key ) .
Damien Miller32aa1441999-10-29 09:15:49 +1000215This option must be given if
216.Nm
217is not run as root (as the normal
218host file is normally not readable by anyone but root).
Ben Lindstrom4dccfa52000-12-28 16:40:05 +0000219It is possible to have multiple host key files for
Ben Lindstromc65e6a02001-04-23 13:02:16 +0000220the different protocol versions and host key algorithms.
Damien Miller32aa1441999-10-29 09:15:49 +1000221.It Fl i
222Specifies that
223.Nm
Damien Miller22c77262000-04-13 12:26:34 +1000224is being run from inetd.
Damien Miller32aa1441999-10-29 09:15:49 +1000225.Nm
226is normally not run
227from inetd because it needs to generate the server key before it can
Damien Miller450a7a12000-03-26 13:04:51 +1000228respond to the client, and this may take tens of seconds.
229Clients would have to wait too long if the key was regenerated every time.
Damien Miller7684ee12000-03-17 23:40:15 +1100230However, with small key sizes (e.g., 512) using
Damien Miller32aa1441999-10-29 09:15:49 +1000231.Nm
232from inetd may
233be feasible.
234.It Fl k Ar key_gen_time
Ben Lindstromc65e6a02001-04-23 13:02:16 +0000235Specifies how often the ephemeral protocol version 1 server key is
236regenerated (default 3600 seconds, or one hour).
Damien Miller450a7a12000-03-26 13:04:51 +1000237The motivation for regenerating the key fairly
Damien Miller32aa1441999-10-29 09:15:49 +1000238often is that the key is not stored anywhere, and after about an hour,
239it becomes impossible to recover the key for decrypting intercepted
240communications even if the machine is cracked into or physically
Damien Miller450a7a12000-03-26 13:04:51 +1000241seized.
242A value of zero indicates that the key will never be regenerated.
Damien Miller32aa1441999-10-29 09:15:49 +1000243.It Fl p Ar port
244Specifies the port on which the server listens for connections
245(default 22).
246.It Fl q
Damien Miller450a7a12000-03-26 13:04:51 +1000247Quiet mode.
248Nothing is sent to the system log.
249Normally the beginning,
Damien Miller32aa1441999-10-29 09:15:49 +1000250authentication, and termination of each connection is logged.
Damien Miller942da032000-08-18 13:59:06 +1000251.It Fl u Ar len
252This option is used to specify the size of the field
253in the
254.Li utmp
255structure that holds the remote host name.
256If the resolved host name is longer than
257.Ar len ,
258the dotted decimal value will be used instead.
259This allows hosts with very long host names that
260overflow this field to still be uniquely identified.
261Specifying
262.Fl u0
263indicates that only dotted decimal addresses
264should be put into the
265.Pa utmp
266file.
Ben Lindstrom4dccfa52000-12-28 16:40:05 +0000267.It Fl D
268When this option is specified
269.Nm
270will not detach and does not become a daemon.
271This allows easy monitoring of
272.Nm sshd .
Damien Miller34132e52000-01-14 15:45:46 +1100273.It Fl 4
274Forces
275.Nm
276to use IPv4 addresses only.
277.It Fl 6
278Forces
279.Nm
280to use IPv6 addresses only.
Damien Miller32aa1441999-10-29 09:15:49 +1000281.El
282.Sh CONFIGURATION FILE
283.Nm
Damien Miller22c77262000-04-13 12:26:34 +1000284reads configuration data from
Damien Miller886c63a2000-01-20 23:13:36 +1100285.Pa /etc/sshd_config
Damien Miller32aa1441999-10-29 09:15:49 +1000286(or the file specified with
287.Fl f
Damien Miller450a7a12000-03-26 13:04:51 +1000288on the command line).
289The file contains keyword-value pairs, one per line.
290Lines starting with
Damien Miller32aa1441999-10-29 09:15:49 +1000291.Ql #
292and empty lines are interpreted as comments.
293.Pp
294The following keywords are possible.
295.Bl -tag -width Ds
296.It Cm AFSTokenPassing
Damien Miller450a7a12000-03-26 13:04:51 +1000297Specifies whether an AFS token may be forwarded to the server.
298Default is
Damien Miller32aa1441999-10-29 09:15:49 +1000299.Dq yes .
300.It Cm AllowGroups
Ben Lindstroma1ebd892001-02-10 22:19:23 +0000301This keyword can be followed by a list of group names, separated
Damien Miller450a7a12000-03-26 13:04:51 +1000302by spaces.
303If specified, login is allowed only for users whose primary
Kevin Steves7b61cfa2001-01-14 19:11:00 +0000304group or supplementary group list matches one of the patterns.
Damien Miller32aa1441999-10-29 09:15:49 +1000305.Ql \&*
306and
307.Ql ?
308can be used as
Damien Miller450a7a12000-03-26 13:04:51 +1000309wildcards in the patterns.
Damien Miller942da032000-08-18 13:59:06 +1000310Only group names are valid; a numerical group ID isn't recognized.
Kevin Steves7b61cfa2001-01-14 19:11:00 +0000311By default login is allowed regardless of the group list.
Damien Miller32aa1441999-10-29 09:15:49 +1000312.Pp
Damien Miller50a41ed2000-10-16 12:14:42 +1100313.It Cm AllowTcpForwarding
314Specifies whether TCP forwarding is permitted.
315The default is
316.Dq yes .
317Note that disabling TCP forwarding does not improve security unless
318users are also denied shell access, as they can always install their
319own forwarders.
320.Pp
Damien Miller32aa1441999-10-29 09:15:49 +1000321.It Cm AllowUsers
Ben Lindstroma1ebd892001-02-10 22:19:23 +0000322This keyword can be followed by a list of user names, separated
Damien Miller450a7a12000-03-26 13:04:51 +1000323by spaces.
324If specified, login is allowed only for users names that
Damien Miller32aa1441999-10-29 09:15:49 +1000325match one of the patterns.
326.Ql \&*
327and
328.Ql ?
329can be used as
Damien Miller450a7a12000-03-26 13:04:51 +1000330wildcards in the patterns.
Damien Miller942da032000-08-18 13:59:06 +1000331Only user names are valid; a numerical user ID isn't recognized.
Damien Miller450a7a12000-03-26 13:04:51 +1000332By default login is allowed regardless of the user name.
Damien Miller32aa1441999-10-29 09:15:49 +1000333.Pp
Ben Lindstrombfb3a0e2001-06-05 20:25:05 +0000334.It Cm AuthorizedKeysFile
335Specifies the file that contains the public RSA keys that can be used
336for RSA authentication in protocol version 1.
337.Cm AuthorizedKeysFile
338may contain tokens of the form %T which are substituted during connection
339set-up. The following tokens are defined; %% is replaces by a literal '%',
340%h is replaced by the home directory of the user being authenticated and
341%u is replaced by the username of that user.
342After expansion,
343.Cm AuthorizedKeysFile
Ben Lindstrom34a99682001-06-12 00:23:12 +0000344is taken to be an absolute path or one relative to the user's home
Ben Lindstrombfb3a0e2001-06-05 20:25:05 +0000345directory.
346The default is
347.Dq .ssh/authorized_keys
Ben Lindstrom48bd7c12001-01-09 00:35:42 +0000348.It Cm Banner
349In some jurisdictions, sending a warning message before authentication
350may be relevant for getting legal protection.
351The contents of the specified file are sent to the remote user before
352authentication is allowed.
353This option is only available for protocol version 2.
354.Pp
Ben Lindstromff8b4942001-03-06 01:00:03 +0000355.It Cm ChallengeResponseAuthentication
356Specifies whether
357challenge response
358authentication is allowed.
359Currently there is only support for
360.Xr skey 1
361authentication.
362The default is
363.Dq yes .
Damien Miller32aa1441999-10-29 09:15:49 +1000364.It Cm CheckMail
365Specifies whether
366.Nm
367should check for new mail for interactive logins.
368The default is
369.Dq no .
Ben Lindstrom608d1d12001-06-05 19:33:22 +0000370.It Cm Ciphers
371Specifies the ciphers allowed for protocol version 2.
372Multiple ciphers must be comma-separated.
373The default is
374.Dq aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour.
Ben Lindstrom5744dc42001-04-13 23:28:01 +0000375.It Cm ClientAliveInterval
376Sets a timeout interval in seconds after which if no data has been received
Ben Lindstrom24643222001-06-25 05:08:11 +0000377from the client,
Ben Lindstrom5744dc42001-04-13 23:28:01 +0000378.Nm
379will send a message through the encrypted
Ben Lindstroma8f39722001-04-16 02:03:49 +0000380channel to request a response from the client.
381The default
Ben Lindstrom5744dc42001-04-13 23:28:01 +0000382is 0, indicating that these messages will not be sent to the client.
Ben Lindstroma8f39722001-04-16 02:03:49 +0000383This option applies to protocol version 2 only.
Ben Lindstrom5744dc42001-04-13 23:28:01 +0000384.It Cm ClientAliveCountMax
385Sets the number of client alive messages (see above) which may be
386sent without
387.Nm
388receiving any messages back from the client. If this threshold is
Ben Lindstrom24643222001-06-25 05:08:11 +0000389reached while client alive messages are being sent,
Ben Lindstrom5744dc42001-04-13 23:28:01 +0000390.Nm
391will disconnect the client, terminating the session. It is important
Ben Lindstrom24643222001-06-25 05:08:11 +0000392to note that the use of client alive messages is very different from
Ben Lindstroma8f39722001-04-16 02:03:49 +0000393.Cm Keepalive
394(below). The client alive messages are sent through the
Ben Lindstrom5744dc42001-04-13 23:28:01 +0000395encrypted channel and therefore will not be spoofable. The TCP keepalive
Ben Lindstroma8f39722001-04-16 02:03:49 +0000396option enabled by
397.Cm Keepalive
398is spoofable. You want to use the client
Ben Lindstrom5744dc42001-04-13 23:28:01 +0000399alive mechanism when you are basing something important on
400clients having an active connection to the server.
Ben Lindstroma8f39722001-04-16 02:03:49 +0000401.Pp
402The default value is 3. If you set
403.Cm ClientAliveInterval
Ben Lindstrom5744dc42001-04-13 23:28:01 +0000404(above) to 15, and leave this value at the default, unresponsive ssh clients
Ben Lindstrom24643222001-06-25 05:08:11 +0000405will be disconnected after approximately 45 seconds.
Damien Miller32aa1441999-10-29 09:15:49 +1000406.It Cm DenyGroups
407This keyword can be followed by a number of group names, separated
Damien Miller450a7a12000-03-26 13:04:51 +1000408by spaces.
Kevin Steves7b61cfa2001-01-14 19:11:00 +0000409Users whose primary group or supplementary group list matches
410one of the patterns aren't allowed to log in.
Damien Miller32aa1441999-10-29 09:15:49 +1000411.Ql \&*
412and
413.Ql ?
414can be used as
Damien Miller450a7a12000-03-26 13:04:51 +1000415wildcards in the patterns.
Damien Miller942da032000-08-18 13:59:06 +1000416Only group names are valid; a numerical group ID isn't recognized.
Kevin Steves7b61cfa2001-01-14 19:11:00 +0000417By default login is allowed regardless of the group list.
Damien Miller32aa1441999-10-29 09:15:49 +1000418.Pp
419.It Cm DenyUsers
420This keyword can be followed by a number of user names, separated
Damien Miller450a7a12000-03-26 13:04:51 +1000421by spaces.
422Login is disallowed for user names that match one of the patterns.
Damien Miller32aa1441999-10-29 09:15:49 +1000423.Ql \&*
424and
425.Ql ?
Damien Miller450a7a12000-03-26 13:04:51 +1000426can be used as wildcards in the patterns.
Damien Miller942da032000-08-18 13:59:06 +1000427Only user names are valid; a numerical user ID isn't recognized.
Damien Miller450a7a12000-03-26 13:04:51 +1000428By default login is allowed regardless of the user name.
Damien Millere247cc42000-05-07 12:03:14 +1000429.It Cm GatewayPorts
430Specifies whether remote hosts are allowed to connect to ports
431forwarded for the client.
432The argument must be
433.Dq yes
434or
435.Dq no .
436The default is
437.Dq no .
Ben Lindstromc65e6a02001-04-23 13:02:16 +0000438.It Cm HostbasedAuthentication
439Specifies whether rhosts or /etc/hosts.equiv authentication together
440with successful public key client host authentication is allowed
441(hostbased authentication).
442This option is similar to
443.Cm RhostsRSAAuthentication
444and applies to protocol version 2 only.
445The default is
446.Dq no .
Damien Millere247cc42000-05-07 12:03:14 +1000447.It Cm HostKey
Damien Miller0bc1bd82000-11-13 22:57:25 +1100448Specifies the file containing the private host keys (default
Damien Millere247cc42000-05-07 12:03:14 +1000449.Pa /etc/ssh_host_key )
Damien Miller0bc1bd82000-11-13 22:57:25 +1100450used by SSH protocol versions 1 and 2.
Damien Millere247cc42000-05-07 12:03:14 +1000451Note that
452.Nm
Ben Lindstrom226cfa02001-01-22 05:34:40 +0000453will refuse to use a file if it is group/world-accessible.
Damien Miller0bc1bd82000-11-13 22:57:25 +1100454It is possible to have multiple host key files.
455.Dq rsa1
456keys are used for version 1 and
457.Dq dsa
458or
459.Dq rsa
460are used for version 2 of the SSH protocol.
Damien Miller32aa1441999-10-29 09:15:49 +1000461.It Cm IgnoreRhosts
Damien Miller98c7ad62000-03-09 21:27:49 +1100462Specifies that
463.Pa .rhosts
Damien Miller22c77262000-04-13 12:26:34 +1000464and
Damien Miller98c7ad62000-03-09 21:27:49 +1100465.Pa .shosts
Ben Lindstromc65e6a02001-04-23 13:02:16 +0000466files will not be used in
467.Cm RhostsAuthentication ,
468.Cm RhostsRSAAuthentication
469or
470.Cm HostbasedAuthentication .
471.Pp
Damien Miller32aa1441999-10-29 09:15:49 +1000472.Pa /etc/hosts.equiv
473and
Damien Miller22c77262000-04-13 12:26:34 +1000474.Pa /etc/shosts.equiv
Damien Miller450a7a12000-03-26 13:04:51 +1000475are still used.
Damien Miller22c77262000-04-13 12:26:34 +1000476The default is
Damien Miller98c7ad62000-03-09 21:27:49 +1100477.Dq yes .
Damien Miller32265091999-11-12 11:33:04 +1100478.It Cm IgnoreUserKnownHosts
479Specifies whether
480.Nm
481should ignore the user's
482.Pa $HOME/.ssh/known_hosts
483during
Ben Lindstromc65e6a02001-04-23 13:02:16 +0000484.Cm RhostsRSAAuthentication
485or
486.Cm HostbasedAuthentication .
Damien Miller32265091999-11-12 11:33:04 +1100487The default is
488.Dq no .
Damien Miller32aa1441999-10-29 09:15:49 +1000489.It Cm KeepAlive
490Specifies whether the system should send keepalive messages to the
Damien Miller450a7a12000-03-26 13:04:51 +1000491other side.
492If they are sent, death of the connection or crash of one
493of the machines will be properly noticed.
494However, this means that
Damien Miller32aa1441999-10-29 09:15:49 +1000495connections will die if the route is down temporarily, and some people
Damien Miller450a7a12000-03-26 13:04:51 +1000496find it annoying.
Damien Miller30c3d422000-05-09 11:02:59 +1000497On the other hand, if keepalives are not sent,
Damien Miller32aa1441999-10-29 09:15:49 +1000498sessions may hang indefinitely on the server, leaving
499.Dq ghost
500users and consuming server resources.
501.Pp
502The default is
503.Dq yes
504(to send keepalives), and the server will notice
Damien Miller450a7a12000-03-26 13:04:51 +1000505if the network goes down or the client host reboots.
506This avoids infinitely hanging sessions.
Damien Miller32aa1441999-10-29 09:15:49 +1000507.Pp
508To disable keepalives, the value should be set to
509.Dq no
510in both the server and the client configuration files.
511.It Cm KerberosAuthentication
Damien Miller450a7a12000-03-26 13:04:51 +1000512Specifies whether Kerberos authentication is allowed.
513This can be in the form of a Kerberos ticket, or if
Damien Miller32aa1441999-10-29 09:15:49 +1000514.Cm PasswordAuthentication
515is yes, the password provided by the user will be validated through
Damien Miller874d77b2000-10-14 16:23:11 +1100516the Kerberos KDC.
517To use this option, the server needs a
Damien Miller942da032000-08-18 13:59:06 +1000518Kerberos servtab which allows the verification of the KDC's identity.
Damien Miller450a7a12000-03-26 13:04:51 +1000519Default is
Damien Miller32aa1441999-10-29 09:15:49 +1000520.Dq yes .
521.It Cm KerberosOrLocalPasswd
522If set then if password authentication through Kerberos fails then
523the password will be validated via any additional local mechanism
524such as
Damien Miller62cee002000-09-23 17:15:56 +1100525.Pa /etc/passwd .
Damien Miller450a7a12000-03-26 13:04:51 +1000526Default is
Damien Miller32aa1441999-10-29 09:15:49 +1000527.Dq yes .
528.It Cm KerberosTgtPassing
529Specifies whether a Kerberos TGT may be forwarded to the server.
Damien Miller22c77262000-04-13 12:26:34 +1000530Default is
Damien Miller32aa1441999-10-29 09:15:49 +1000531.Dq no ,
532as this only works when the Kerberos KDC is actually an AFS kaserver.
533.It Cm KerberosTicketCleanup
534Specifies whether to automatically destroy the user's ticket cache
Damien Miller450a7a12000-03-26 13:04:51 +1000535file on logout.
536Default is
Damien Miller32aa1441999-10-29 09:15:49 +1000537.Dq yes .
538.It Cm KeyRegenerationInterval
Ben Lindstromc65e6a02001-04-23 13:02:16 +0000539In protocol version 1, the ephemeral server key is automatically regenerated
540after this many seconds (if it has been used).
Damien Miller450a7a12000-03-26 13:04:51 +1000541The purpose of regeneration is to prevent
Damien Miller32aa1441999-10-29 09:15:49 +1000542decrypting captured sessions by later breaking into the machine and
Damien Miller450a7a12000-03-26 13:04:51 +1000543stealing the keys.
544The key is never stored anywhere.
545If the value is 0, the key is never regenerated.
546The default is 3600 (seconds).
Damien Miller32aa1441999-10-29 09:15:49 +1000547.It Cm ListenAddress
Ben Lindstrom49e57a82001-04-08 18:02:43 +0000548Specifies the local addresses
Ben Lindstromc65e6a02001-04-23 13:02:16 +0000549.Nm
Damien Miller32aa1441999-10-29 09:15:49 +1000550should listen on.
Ben Lindstrom49e57a82001-04-08 18:02:43 +0000551The following forms may be used:
552.Pp
553.Bl -item -offset indent -compact
554.It
555.Cm ListenAddress
Ben Lindstrom1a598a42001-04-10 02:48:50 +0000556.Sm off
557.Ar host No | Ar IPv4_addr No | Ar IPv6_addr
558.Sm on
Ben Lindstrom49e57a82001-04-08 18:02:43 +0000559.It
560.Cm ListenAddress
Ben Lindstrom1a598a42001-04-10 02:48:50 +0000561.Sm off
562.Ar host No | Ar IPv4_addr No : Ar port
563.Sm on
Ben Lindstrom49e57a82001-04-08 18:02:43 +0000564.It
565.Cm ListenAddress
Ben Lindstrom1a598a42001-04-10 02:48:50 +0000566.Sm off
567.Oo
568.Ar host No | Ar IPv6_addr Oc : Ar port
569.Sm on
Ben Lindstrom49e57a82001-04-08 18:02:43 +0000570.El
571.Pp
572If
Ben Lindstrom1a598a42001-04-10 02:48:50 +0000573.Ar port
Ben Lindstrom49e57a82001-04-08 18:02:43 +0000574is not specified,
Ben Lindstromc65e6a02001-04-23 13:02:16 +0000575.Nm
Ben Lindstrom49e57a82001-04-08 18:02:43 +0000576will listen on the address and all prior
577.Cm Port
578options specified. The default is to listen on all local
579addresses. Multiple
580.Cm ListenAddress
581options are permitted. Additionally, any
582.Cm Port
583options must precede this option for non port qualified addresses.
Damien Miller32aa1441999-10-29 09:15:49 +1000584.It Cm LoginGraceTime
585The server disconnects after this time if the user has not
Damien Miller450a7a12000-03-26 13:04:51 +1000586successfully logged in.
587If the value is 0, there is no time limit.
Damien Miller32aa1441999-10-29 09:15:49 +1000588The default is 600 (seconds).
Damien Miller5ce662a1999-11-11 17:57:39 +1100589.It Cm LogLevel
590Gives the verbosity level that is used when logging messages from
591.Nm sshd .
592The possible values are:
Ben Lindstromdb65e8f2001-01-19 04:26:52 +0000593QUIET, FATAL, ERROR, INFO, VERBOSE and DEBUG.
594The default is INFO.
Damien Miller5ce662a1999-11-11 17:57:39 +1100595Logging with level DEBUG violates the privacy of users
596and is not recommended.
Ben Lindstrom06b33aa2001-02-15 03:01:59 +0000597.It Cm MACs
598Specifies the available MAC (message authentication code) algorithms.
599The MAC algorithm is used in protocol version 2
600for data integrity protection.
601Multiple algorithms must be comma-separated.
602The default is
Ben Lindstrombd0e2de2001-06-05 19:52:52 +0000603.Dq hmac-md5,hmac-sha1,hmac-ripemd160,hmac-sha1-96,hmac-md5-96 .
Damien Miller37023962000-07-11 17:31:38 +1000604.It Cm MaxStartups
605Specifies the maximum number of concurrent unauthenticated connections to the
606.Nm
607daemon.
608Additional connections will be dropped until authentication succeeds or the
609.Cm LoginGraceTime
610expires for a connection.
611The default is 10.
Damien Miller942da032000-08-18 13:59:06 +1000612.Pp
613Alternatively, random early drop can be enabled by specifying
614the three colon separated values
615.Dq start:rate:full
Damien Miller874d77b2000-10-14 16:23:11 +1100616(e.g., "10:30:60").
Damien Miller942da032000-08-18 13:59:06 +1000617.Nm
Ben Lindstroma7333502001-01-29 08:44:03 +0000618will refuse connection attempts with a probability of
Damien Miller942da032000-08-18 13:59:06 +1000619.Dq rate/100
620(30%)
621if there are currently
622.Dq start
623(10)
624unauthenticated connections.
Ben Lindstroma7333502001-01-29 08:44:03 +0000625The probability increases linearly and all connection attempts
Damien Miller942da032000-08-18 13:59:06 +1000626are refused if the number of unauthenticated connections reaches
627.Dq full
628(60).
Damien Millerf8154422001-04-25 22:44:14 +1000629.It Cm PAMAuthenticationViaKbdInt
630Specifies whether PAM challenge response authentication is allowed. This
631allows the use of most PAM challenge response authentication modules, but
632it will allow password authentication regardless of whether
633.Cm PasswordAuthentication
634is disabled.
635The default is
636.Dq no .
Damien Miller32aa1441999-10-29 09:15:49 +1000637.It Cm PasswordAuthentication
638Specifies whether password authentication is allowed.
639The default is
640.Dq yes .
641.It Cm PermitEmptyPasswords
642When password authentication is allowed, it specifies whether the
Damien Miller450a7a12000-03-26 13:04:51 +1000643server allows login to accounts with empty password strings.
644The default is
Damien Miller98c7ad62000-03-09 21:27:49 +1100645.Dq no .
Damien Miller32aa1441999-10-29 09:15:49 +1000646.It Cm PermitRootLogin
Ben Lindstrom323c98f2001-03-05 07:40:40 +0000647Specifies whether root can login using
Damien Miller32aa1441999-10-29 09:15:49 +1000648.Xr ssh 1 .
649The argument must be
650.Dq yes ,
Ben Lindstromd8a90212001-02-15 03:08:27 +0000651.Dq without-password ,
652.Dq forced-commands-only
Damien Miller32aa1441999-10-29 09:15:49 +1000653or
654.Dq no .
655The default is
656.Dq yes .
Damien Miller32aa1441999-10-29 09:15:49 +1000657.Pp
Ben Lindstromd8a90212001-02-15 03:08:27 +0000658If this option is set to
659.Dq without-password
660password authentication is disabled for root.
661.Pp
662If this option is set to
663.Dq forced-commands-only
664root login with public key authentication will be allowed,
665but only if the
Damien Miller32aa1441999-10-29 09:15:49 +1000666.Ar command
Ben Lindstromd8a90212001-02-15 03:08:27 +0000667option has been specified
Damien Miller32aa1441999-10-29 09:15:49 +1000668(which may be useful for taking remote backups even if root login is
Ben Lindstromd8a90212001-02-15 03:08:27 +0000669normally not allowed). All other authentication methods are disabled
670for root.
Ben Lindstrom323c98f2001-03-05 07:40:40 +0000671.Pp
672If this option is set to
673.Dq no
674root is not allowed to login.
Damien Miller6f83b8e2000-05-02 09:23:45 +1000675.It Cm PidFile
676Specifies the file that contains the process identifier of the
677.Nm
678daemon.
679The default is
680.Pa /var/run/sshd.pid .
Damien Miller32aa1441999-10-29 09:15:49 +1000681.It Cm Port
682Specifies the port number that
683.Nm
Damien Miller450a7a12000-03-26 13:04:51 +1000684listens on.
685The default is 22.
Damien Miller34132e52000-01-14 15:45:46 +1100686Multiple options of this type are permitted.
Ben Lindstromc65e6a02001-04-23 13:02:16 +0000687See also
688.Cm ListenAddress .
Ben Lindstrom7bfff362001-03-26 05:45:53 +0000689.It Cm PrintLastLog
690Specifies whether
691.Nm
692should print the date and time when the user last logged in.
693The default is
694.Dq yes .
Damien Miller32aa1441999-10-29 09:15:49 +1000695.It Cm PrintMotd
696Specifies whether
697.Nm
Damien Miller22c77262000-04-13 12:26:34 +1000698should print
Damien Miller32aa1441999-10-29 09:15:49 +1000699.Pa /etc/motd
Damien Miller450a7a12000-03-26 13:04:51 +1000700when a user logs in interactively.
701(On some systems it is also printed by the shell,
Damien Miller32aa1441999-10-29 09:15:49 +1000702.Pa /etc/profile ,
Damien Miller450a7a12000-03-26 13:04:51 +1000703or equivalent.)
704The default is
Damien Miller32aa1441999-10-29 09:15:49 +1000705.Dq yes .
Damien Miller22c77262000-04-13 12:26:34 +1000706.It Cm Protocol
707Specifies the protocol versions
708.Nm
709should support.
710The possible values are
711.Dq 1
712and
713.Dq 2 .
714Multiple versions must be comma-separated.
715The default is
Ben Lindstrombdc2beb2001-04-16 02:11:52 +0000716.Dq 2,1 .
Ben Lindstromff8b4942001-03-06 01:00:03 +0000717.It Cm PubkeyAuthentication
718Specifies whether public key authentication is allowed.
719The default is
720.Dq yes .
721Note that this option applies to protocol version 2 only.
Damien Miller33804262001-02-04 23:20:18 +1100722.It Cm ReverseMappingCheck
723Specifies whether
724.Nm
725should try to verify the remote host name and check that
726the resolved host name for the remote IP address maps back to the
727very same IP address.
728The default is
729.Dq no .
Damien Miller32aa1441999-10-29 09:15:49 +1000730.It Cm RhostsAuthentication
731Specifies whether authentication using rhosts or /etc/hosts.equiv
Damien Miller450a7a12000-03-26 13:04:51 +1000732files is sufficient.
733Normally, this method should not be permitted because it is insecure.
Damien Miller32aa1441999-10-29 09:15:49 +1000734.Cm RhostsRSAAuthentication
735should be used
736instead, because it performs RSA-based host authentication in addition
737to normal rhosts or /etc/hosts.equiv authentication.
738The default is
739.Dq no .
Ben Lindstromc65e6a02001-04-23 13:02:16 +0000740This option applies to protocol version 1 only.
Damien Miller32aa1441999-10-29 09:15:49 +1000741.It Cm RhostsRSAAuthentication
742Specifies whether rhosts or /etc/hosts.equiv authentication together
Damien Miller450a7a12000-03-26 13:04:51 +1000743with successful RSA host authentication is allowed.
744The default is
Damien Miller98c7ad62000-03-09 21:27:49 +1100745.Dq no .
Ben Lindstromc65e6a02001-04-23 13:02:16 +0000746This option applies to protocol version 1 only.
Damien Miller32aa1441999-10-29 09:15:49 +1000747.It Cm RSAAuthentication
Damien Miller450a7a12000-03-26 13:04:51 +1000748Specifies whether pure RSA authentication is allowed.
749The default is
Damien Miller32aa1441999-10-29 09:15:49 +1000750.Dq yes .
Ben Lindstromc65e6a02001-04-23 13:02:16 +0000751This option applies to protocol version 1 only.
Damien Miller32aa1441999-10-29 09:15:49 +1000752.It Cm ServerKeyBits
Ben Lindstromc65e6a02001-04-23 13:02:16 +0000753Defines the number of bits in the ephemeral protocol version 1 server key.
Damien Miller450a7a12000-03-26 13:04:51 +1000754The minimum value is 512, and the default is 768.
Damien Miller32aa1441999-10-29 09:15:49 +1000755.It Cm StrictModes
756Specifies whether
757.Nm
758should check file modes and ownership of the
Damien Miller450a7a12000-03-26 13:04:51 +1000759user's files and home directory before accepting login.
760This is normally desirable because novices sometimes accidentally leave their
761directory or files world-writable.
762The default is
Damien Miller32aa1441999-10-29 09:15:49 +1000763.Dq yes .
Damien Millerf6d9e222000-06-18 14:50:44 +1000764.It Cm Subsystem
Damien Miller874d77b2000-10-14 16:23:11 +1100765Configures an external subsystem (e.g., file transfer daemon).
766Arguments should be a subsystem name and a command to execute upon subsystem
767request.
Damien Miller7b28dc52000-09-05 13:34:53 +1100768The command
769.Xr sftp-server 8
770implements the
771.Dq sftp
772file transfer subsystem.
Damien Millerf6d9e222000-06-18 14:50:44 +1000773By default no subsystems are defined.
774Note that this option applies to protocol version 2 only.
Damien Miller32aa1441999-10-29 09:15:49 +1000775.It Cm SyslogFacility
776Gives the facility code that is used when logging messages from
777.Nm sshd .
778The possible values are: DAEMON, USER, AUTH, LOCAL0, LOCAL1, LOCAL2,
Damien Miller450a7a12000-03-26 13:04:51 +1000779LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7.
780The default is AUTH.
Damien Miller32aa1441999-10-29 09:15:49 +1000781.It Cm UseLogin
782Specifies whether
783.Xr login 1
Damien Millerd3a18572000-06-07 19:55:44 +1000784is used for interactive login sessions.
Ben Lindstrom699776e2001-06-21 03:14:49 +0000785The default is
786.Dq no .
Damien Millerd3a18572000-06-07 19:55:44 +1000787Note that
788.Xr login 1
Damien Miller942da032000-08-18 13:59:06 +1000789is never used for remote command execution.
Ben Lindstrom24643222001-06-25 05:08:11 +0000790Note also, that if this is enabled,
791.Cm X11Forwarding
Ben Lindstrom699776e2001-06-21 03:14:49 +0000792will be disabled because
793.Xr login 1
794does not know how to handle
Ben Lindstrom24643222001-06-25 05:08:11 +0000795.Xr xauth 1
Ben Lindstrom699776e2001-06-21 03:14:49 +0000796cookies.
Damien Miller32aa1441999-10-29 09:15:49 +1000797.It Cm X11DisplayOffset
798Specifies the first display number available for
799.Nm sshd Ns 's
Damien Miller450a7a12000-03-26 13:04:51 +1000800X11 forwarding.
801This prevents
Damien Miller32aa1441999-10-29 09:15:49 +1000802.Nm
803from interfering with real X11 servers.
Damien Miller98c7ad62000-03-09 21:27:49 +1100804The default is 10.
Damien Miller396691a2000-01-20 22:44:08 +1100805.It Cm X11Forwarding
Damien Miller450a7a12000-03-26 13:04:51 +1000806Specifies whether X11 forwarding is permitted.
807The default is
Damien Miller98c7ad62000-03-09 21:27:49 +1100808.Dq no .
Damien Miller396691a2000-01-20 22:44:08 +1100809Note that disabling X11 forwarding does not improve security in any
810way, as users can always install their own forwarders.
Ben Lindstrom24643222001-06-25 05:08:11 +0000811X11 forwarding is automatically disabled if
812.Cm UseLogin
813is enabled.
Damien Millerd3a18572000-06-07 19:55:44 +1000814.It Cm XAuthLocation
815Specifies the location of the
816.Xr xauth 1
817program.
818The default is
819.Pa /usr/X11R6/bin/xauth .
Damien Miller32aa1441999-10-29 09:15:49 +1000820.El
Ben Lindstrom1bda4c82001-06-05 19:59:08 +0000821.Ss Time Formats
822.Pp
823.Nm
824command-line arguments and configuration file options that specify time
825may be expressed using a sequence of the form:
826.Sm off
827.Ar time Oo Ar qualifier Oc ,
828.Sm on
829where
830.Ar time
831is a positive integer value and
832.Ar qualifier
833is one of the following:
834.Pp
835.Bl -tag -width Ds -compact -offset indent
836.It Cm <none>
837seconds
838.It Cm s | Cm S
839seconds
840.It Cm m | Cm M
841minutes
842.It Cm h | Cm H
843hours
844.It Cm d | Cm D
845days
846.It Cm w | Cm W
847weeks
848.El
849.Pp
850Each member of the sequence is added together to calculate
851the total time value.
852.Pp
853Time format examples:
854.Pp
855.Bl -tag -width Ds -compact -offset indent
856.It 600
857600 seconds (10 minutes)
858.It 10m
85910 minutes
860.It 1h30m
8611 hour 30 minutes (90 minutes)
862.El
Damien Miller32aa1441999-10-29 09:15:49 +1000863.Sh LOGIN PROCESS
864When a user successfully logs in,
865.Nm
866does the following:
867.Bl -enum -offset indent
868.It
869If the login is on a tty, and no command has been specified,
Damien Miller22c77262000-04-13 12:26:34 +1000870prints last login time and
Damien Miller32aa1441999-10-29 09:15:49 +1000871.Pa /etc/motd
872(unless prevented in the configuration file or by
873.Pa $HOME/.hushlogin ;
874see the
Damien Miller22c77262000-04-13 12:26:34 +1000875.Sx FILES
Damien Miller32aa1441999-10-29 09:15:49 +1000876section).
877.It
878If the login is on a tty, records login time.
879.It
880Checks
881.Pa /etc/nologin ;
882if it exists, prints contents and quits
883(unless root).
884.It
885Changes to run with normal user privileges.
886.It
887Sets up basic environment.
888.It
889Reads
890.Pa $HOME/.ssh/environment
891if it exists.
892.It
893Changes to user's home directory.
894.It
895If
896.Pa $HOME/.ssh/rc
897exists, runs it; else if
Damien Miller886c63a2000-01-20 23:13:36 +1100898.Pa /etc/sshrc
Damien Miller32aa1441999-10-29 09:15:49 +1000899exists, runs
Damien Miller450a7a12000-03-26 13:04:51 +1000900it; otherwise runs xauth.
901The
Damien Miller32aa1441999-10-29 09:15:49 +1000902.Dq rc
903files are given the X11
904authentication protocol and cookie in standard input.
905.It
906Runs user's shell or command.
907.El
908.Sh AUTHORIZED_KEYS FILE FORMAT
Damien Miller32aa1441999-10-29 09:15:49 +1000909.Pa $HOME/.ssh/authorized_keys
Ben Lindstromf96704d2001-06-25 04:17:12 +0000910is the default file that lists the public keys that are
911permitted for RSA authentication in protocol version 1
912and for public key authentication (PubkeyAuthentication)
Ben Lindstromc65e6a02001-04-23 13:02:16 +0000913in protocol version 2.
Ben Lindstromf96704d2001-06-25 04:17:12 +0000914.Cm AuthorizedKeysFile
Ben Lindstrombfb3a0e2001-06-05 20:25:05 +0000915may be used to specify an alternative file.
Ben Lindstrom4dccfa52000-12-28 16:40:05 +0000916.Pp
Damien Miller450a7a12000-03-26 13:04:51 +1000917Each line of the file contains one
Damien Miller32aa1441999-10-29 09:15:49 +1000918key (empty lines and lines starting with a
919.Ql #
920are ignored as
Damien Miller450a7a12000-03-26 13:04:51 +1000921comments).
Ben Lindstrom4dccfa52000-12-28 16:40:05 +0000922Each RSA public key consists of the following fields, separated by
Damien Miller450a7a12000-03-26 13:04:51 +1000923spaces: options, bits, exponent, modulus, comment.
Ben Lindstrom4dccfa52000-12-28 16:40:05 +0000924Each protocol version 2 public key consists of:
925options, keytype, base64 encoded key, comment.
926The options fields
927are optional; its presence is determined by whether the line starts
Damien Miller32aa1441999-10-29 09:15:49 +1000928with a number or not (the option field never starts with a number).
Ben Lindstrom4dccfa52000-12-28 16:40:05 +0000929The bits, exponent, modulus and comment fields give the RSA key for
930protocol version 1; the
Damien Miller32aa1441999-10-29 09:15:49 +1000931comment field is not used for anything (but may be convenient for the
932user to identify the key).
Ben Lindstrom4dccfa52000-12-28 16:40:05 +0000933For protocol version 2 the keytype is
934.Dq ssh-dss
935or
936.Dq ssh-rsa .
Damien Miller32aa1441999-10-29 09:15:49 +1000937.Pp
938Note that lines in this file are usually several hundred bytes long
Damien Miller450a7a12000-03-26 13:04:51 +1000939(because of the size of the RSA key modulus).
940You don't want to type them in; instead, copy the
Ben Lindstrom18a82ac2001-04-11 15:59:35 +0000941.Pa identity.pub ,
Ben Lindstrom4dccfa52000-12-28 16:40:05 +0000942.Pa id_dsa.pub
Ben Lindstrom18a82ac2001-04-11 15:59:35 +0000943or the
944.Pa id_rsa.pub
Damien Miller32aa1441999-10-29 09:15:49 +1000945file and edit it.
946.Pp
Damien Miller942da032000-08-18 13:59:06 +1000947The options (if present) consist of comma-separated option
Damien Miller450a7a12000-03-26 13:04:51 +1000948specifications.
949No spaces are permitted, except within double quotes.
Damien Miller32aa1441999-10-29 09:15:49 +1000950The following option specifications are supported:
951.Bl -tag -width Ds
952.It Cm from="pattern-list"
953Specifies that in addition to RSA authentication, the canonical name
954of the remote host must be present in the comma-separated list of
Damien Miller450a7a12000-03-26 13:04:51 +1000955patterns
956.Pf ( Ql *
957and
958.Ql ?
959serve as wildcards).
960The list may also contain
961patterns negated by prefixing them with
962.Ql ! ;
963if the canonical host name matches a negated pattern, the key is not accepted.
964The purpose
Damien Miller32aa1441999-10-29 09:15:49 +1000965of this option is to optionally increase security: RSA authentication
966by itself does not trust the network or name servers or anything (but
967the key); however, if somebody somehow steals the key, the key
Damien Miller450a7a12000-03-26 13:04:51 +1000968permits an intruder to log in from anywhere in the world.
969This additional option makes using a stolen key more difficult (name
Damien Miller32aa1441999-10-29 09:15:49 +1000970servers and/or routers would have to be compromised in addition to
971just the key).
972.It Cm command="command"
973Specifies that the command is executed whenever this key is used for
Damien Miller450a7a12000-03-26 13:04:51 +1000974authentication.
975The command supplied by the user (if any) is ignored.
Damien Miller32aa1441999-10-29 09:15:49 +1000976The command is run on a pty if the connection requests a pty;
Damien Miller450a7a12000-03-26 13:04:51 +1000977otherwise it is run without a tty.
Damien Miller33804262001-02-04 23:20:18 +1100978Note that if you want a 8-bit clean channel,
979you must not request a pty or should specify
980.Cm no-pty .
Damien Miller450a7a12000-03-26 13:04:51 +1000981A quote may be included in the command by quoting it with a backslash.
982This option might be useful
983to restrict certain RSA keys to perform just a specific operation.
984An example might be a key that permits remote backups but nothing else.
Damien Miller30c3d422000-05-09 11:02:59 +1000985Note that the client may specify TCP/IP and/or X11
986forwarding unless they are explicitly prohibited.
Damien Miller32aa1441999-10-29 09:15:49 +1000987.It Cm environment="NAME=value"
988Specifies that the string is to be added to the environment when
Damien Miller450a7a12000-03-26 13:04:51 +1000989logging in using this key.
990Environment variables set this way
991override other default environment values.
992Multiple options of this type are permitted.
Damien Miller32aa1441999-10-29 09:15:49 +1000993.It Cm no-port-forwarding
994Forbids TCP/IP forwarding when this key is used for authentication.
Damien Miller450a7a12000-03-26 13:04:51 +1000995Any port forward requests by the client will return an error.
996This might be used, e.g., in connection with the
Damien Miller32aa1441999-10-29 09:15:49 +1000997.Cm command
998option.
999.It Cm no-X11-forwarding
1000Forbids X11 forwarding when this key is used for authentication.
1001Any X11 forward requests by the client will return an error.
1002.It Cm no-agent-forwarding
1003Forbids authentication agent forwarding when this key is used for
1004authentication.
1005.It Cm no-pty
1006Prevents tty allocation (a request to allocate a pty will fail).
Damien Millera243fde2001-03-19 23:16:08 +11001007.It Cm permitopen="host:port"
Ben Lindstrom24643222001-06-25 05:08:11 +00001008Limit local
Damien Millera243fde2001-03-19 23:16:08 +11001009.Li ``ssh -L''
Ben Lindstrom4b3564e2001-04-10 02:41:56 +00001010port forwarding such that it may only connect to the specified host and
Ben Lindstrom24643222001-06-25 05:08:11 +00001011port. Multiple
Damien Millera243fde2001-03-19 23:16:08 +11001012.Cm permitopen
Ben Lindstrom24643222001-06-25 05:08:11 +00001013options may be applied separated by commas. No pattern matching is
1014performed on the specified hostnames, they must be literal domains or
Damien Millera243fde2001-03-19 23:16:08 +11001015addresses.
Damien Miller32aa1441999-10-29 09:15:49 +10001016.El
1017.Ss Examples
10181024 33 12121.\|.\|.\|312314325 ylo@foo.bar
1019.Pp
1020from="*.niksula.hut.fi,!pc.niksula.hut.fi" 1024 35 23.\|.\|.\|2334 ylo@niksula
1021.Pp
1022command="dump /home",no-pty,no-port-forwarding 1024 33 23.\|.\|.\|2323 backup.hut.fi
Damien Millera243fde2001-03-19 23:16:08 +11001023.Pp
1024permitopen="10.2.1.55:80",permitopen="10.2.1.56:25" 1024 33 23.\|.\|.\|2323
Damien Miller32aa1441999-10-29 09:15:49 +10001025.Sh SSH_KNOWN_HOSTS FILE FORMAT
Damien Miller22c77262000-04-13 12:26:34 +10001026The
Damien Millere247cc42000-05-07 12:03:14 +10001027.Pa /etc/ssh_known_hosts ,
Damien Miller22c77262000-04-13 12:26:34 +10001028and
Ben Lindstromd6481ea2001-06-25 04:37:41 +00001029.Pa $HOME/.ssh/known_hosts
Damien Miller450a7a12000-03-26 13:04:51 +10001030files contain host public keys for all known hosts.
1031The global file should
1032be prepared by the administrator (optional), and the per-user file is
Damien Miller942da032000-08-18 13:59:06 +10001033maintained automatically: whenever the user connects from an unknown host
Damien Miller450a7a12000-03-26 13:04:51 +10001034its key is added to the per-user file.
Damien Miller32aa1441999-10-29 09:15:49 +10001035.Pp
1036Each line in these files contains the following fields: hostnames,
Damien Miller450a7a12000-03-26 13:04:51 +10001037bits, exponent, modulus, comment.
1038The fields are separated by spaces.
Damien Miller32aa1441999-10-29 09:15:49 +10001039.Pp
1040Hostnames is a comma-separated list of patterns ('*' and '?' act as
1041wildcards); each pattern in turn is matched against the canonical host
1042name (when authenticating a client) or against the user-supplied
Damien Miller450a7a12000-03-26 13:04:51 +10001043name (when authenticating a server).
1044A pattern may also be preceded by
Damien Miller32aa1441999-10-29 09:15:49 +10001045.Ql !
1046to indicate negation: if the host name matches a negated
1047pattern, it is not accepted (by that line) even if it matched another
1048pattern on the line.
1049.Pp
Damien Millere247cc42000-05-07 12:03:14 +10001050Bits, exponent, and modulus are taken directly from the RSA host key; they
Damien Miller32aa1441999-10-29 09:15:49 +10001051can be obtained, e.g., from
Damien Miller886c63a2000-01-20 23:13:36 +11001052.Pa /etc/ssh_host_key.pub .
Damien Miller32aa1441999-10-29 09:15:49 +10001053The optional comment field continues to the end of the line, and is not used.
1054.Pp
1055Lines starting with
1056.Ql #
1057and empty lines are ignored as comments.
1058.Pp
1059When performing host authentication, authentication is accepted if any
Damien Miller450a7a12000-03-26 13:04:51 +10001060matching line has the proper key.
1061It is thus permissible (but not
Damien Miller32aa1441999-10-29 09:15:49 +10001062recommended) to have several lines or different host keys for the same
Damien Miller450a7a12000-03-26 13:04:51 +10001063names.
1064This will inevitably happen when short forms of host names
1065from different domains are put in the file.
1066It is possible
Damien Miller32aa1441999-10-29 09:15:49 +10001067that the files contain conflicting information; authentication is
1068accepted if valid information can be found from either file.
1069.Pp
1070Note that the lines in these files are typically hundreds of characters
1071long, and you definitely don't want to type in the host keys by hand.
1072Rather, generate them by a script
Damien Miller22c77262000-04-13 12:26:34 +10001073or by taking
Damien Miller886c63a2000-01-20 23:13:36 +11001074.Pa /etc/ssh_host_key.pub
Damien Miller32aa1441999-10-29 09:15:49 +10001075and adding the host names at the front.
1076.Ss Examples
Ben Lindstromc65e6a02001-04-23 13:02:16 +00001077.Bd -literal
1078closenet,.\|.\|.\|,130.233.208.41 1024 37 159.\|.\|.93 closenet.hut.fi
1079cvs.openbsd.org,199.185.137.3 ssh-rsa AAAA1234.....=
1080.Ed
Damien Miller32aa1441999-10-29 09:15:49 +10001081.Sh FILES
1082.Bl -tag -width Ds
Damien Miller886c63a2000-01-20 23:13:36 +11001083.It Pa /etc/sshd_config
Damien Miller32aa1441999-10-29 09:15:49 +10001084Contains configuration data for
1085.Nm sshd .
1086This file should be writable by root only, but it is recommended
1087(though not necessary) that it be world-readable.
Ben Lindstromd7f5b512001-03-05 06:57:23 +00001088.It Pa /etc/ssh_host_key, /etc/ssh_host_dsa_key, /etc/ssh_host_rsa_key
Ben Lindstromc65e6a02001-04-23 13:02:16 +00001089These three files contain the private parts of the host keys.
Ben Lindstromd7f5b512001-03-05 06:57:23 +00001090These files should only be owned by root, readable only by root, and not
Damien Miller32aa1441999-10-29 09:15:49 +10001091accessible to others.
1092Note that
1093.Nm
1094does not start if this file is group/world-accessible.
Ben Lindstromd7f5b512001-03-05 06:57:23 +00001095.It Pa /etc/ssh_host_key.pub, /etc/ssh_host_dsa_key.pub, /etc/ssh_host_rsa_key.pub
Ben Lindstromc65e6a02001-04-23 13:02:16 +00001096These three files contain the public parts of the host keys.
Ben Lindstromd7f5b512001-03-05 06:57:23 +00001097These files should be world-readable but writable only by
Damien Miller450a7a12000-03-26 13:04:51 +10001098root.
Ben Lindstromd7f5b512001-03-05 06:57:23 +00001099Their contents should match the respective private parts.
1100These files are not
1101really used for anything; they are provided for the convenience of
1102the user so their contents can be copied to known hosts files.
1103These files are created using
Damien Miller32aa1441999-10-29 09:15:49 +10001104.Xr ssh-keygen 1 .
Ben Lindstromae1c51c2001-06-25 04:14:59 +00001105.It Pa /etc/moduli
Damien Millere39cacc2000-11-29 12:18:44 +11001106Contains Diffie-Hellman groups used for the "Diffie-Hellman Group Exchange".
Damien Miller886c63a2000-01-20 23:13:36 +11001107.It Pa /var/run/sshd.pid
Damien Miller32aa1441999-10-29 09:15:49 +10001108Contains the process ID of the
1109.Nm
1110listening for connections (if there are several daemons running
1111concurrently for different ports, this contains the pid of the one
Damien Miller450a7a12000-03-26 13:04:51 +10001112started last).
Damien Miller942da032000-08-18 13:59:06 +10001113The content of this file is not sensitive; it can be world-readable.
Damien Miller32aa1441999-10-29 09:15:49 +10001114.It Pa $HOME/.ssh/authorized_keys
Ben Lindstromc65e6a02001-04-23 13:02:16 +00001115Lists the public keys (RSA or DSA) that can be used to log into the user's account.
Damien Millere247cc42000-05-07 12:03:14 +10001116This file must be readable by root (which may on some machines imply
1117it being world-readable if the user's home directory resides on an NFS
1118volume).
1119It is recommended that it not be accessible by others.
1120The format of this file is described above.
1121Users will place the contents of their
Ben Lindstromf96704d2001-06-25 04:17:12 +00001122.Pa identity.pub ,
Damien Millere247cc42000-05-07 12:03:14 +10001123.Pa id_dsa.pub
Ben Lindstrom18a82ac2001-04-11 15:59:35 +00001124and/or
1125.Pa id_rsa.pub
Damien Millere247cc42000-05-07 12:03:14 +10001126files into this file, as described in
1127.Xr ssh-keygen 1 .
Damien Miller886c63a2000-01-20 23:13:36 +11001128.It Pa "/etc/ssh_known_hosts" and "$HOME/.ssh/known_hosts"
Damien Miller5ce662a1999-11-11 17:57:39 +11001129These files are consulted when using rhosts with RSA host
Ben Lindstromd6481ea2001-06-25 04:37:41 +00001130authentication or protocol version 2 hostbased authentication
1131to check the public key of the host.
Damien Miller450a7a12000-03-26 13:04:51 +10001132The key must be listed in one of these files to be accepted.
Damien Miller33e511e1999-11-11 11:43:13 +11001133The client uses the same files
Ben Lindstromebd888d2001-03-05 05:49:29 +00001134to verify that it is connecting to the correct remote host.
Damien Miller450a7a12000-03-26 13:04:51 +10001135These files should be writable only by root/the owner.
Damien Miller886c63a2000-01-20 23:13:36 +11001136.Pa /etc/ssh_known_hosts
Damien Miller32aa1441999-10-29 09:15:49 +10001137should be world-readable, and
1138.Pa $HOME/.ssh/known_hosts
1139can but need not be world-readable.
1140.It Pa /etc/nologin
Damien Miller22c77262000-04-13 12:26:34 +10001141If this file exists,
Damien Miller32aa1441999-10-29 09:15:49 +10001142.Nm
Damien Miller450a7a12000-03-26 13:04:51 +10001143refuses to let anyone except root log in.
1144The contents of the file
Damien Miller32aa1441999-10-29 09:15:49 +10001145are displayed to anyone trying to log in, and non-root connections are
Damien Miller450a7a12000-03-26 13:04:51 +10001146refused.
1147The file should be world-readable.
Damien Miller32aa1441999-10-29 09:15:49 +10001148.It Pa /etc/hosts.allow, /etc/hosts.deny
1149If compiled with
1150.Sy LIBWRAP
1151support, tcp-wrappers access controls may be defined here as described in
1152.Xr hosts_access 5 .
1153.It Pa $HOME/.rhosts
1154This file contains host-username pairs, separated by a space, one per
Damien Miller450a7a12000-03-26 13:04:51 +10001155line.
1156The given user on the corresponding host is permitted to log in
1157without password.
1158The same file is used by rlogind and rshd.
Damien Miller32aa1441999-10-29 09:15:49 +10001159The file must
1160be writable only by the user; it is recommended that it not be
1161accessible by others.
1162.Pp
Damien Miller450a7a12000-03-26 13:04:51 +10001163If is also possible to use netgroups in the file.
1164Either host or user
Damien Miller32aa1441999-10-29 09:15:49 +10001165name may be of the form +@groupname to specify all hosts or all users
1166in the group.
1167.It Pa $HOME/.shosts
1168For ssh,
1169this file is exactly the same as for
1170.Pa .rhosts .
1171However, this file is
1172not used by rlogin and rshd, so using this permits access using SSH only.
Damien Miller942da032000-08-18 13:59:06 +10001173.It Pa /etc/hosts.equiv
Damien Miller32aa1441999-10-29 09:15:49 +10001174This file is used during
1175.Pa .rhosts
Damien Miller450a7a12000-03-26 13:04:51 +10001176authentication.
1177In the simplest form, this file contains host names, one per line.
1178Users on
Damien Miller32aa1441999-10-29 09:15:49 +10001179those hosts are permitted to log in without a password, provided they
Damien Miller450a7a12000-03-26 13:04:51 +10001180have the same user name on both machines.
1181The host name may also be
Damien Miller32aa1441999-10-29 09:15:49 +10001182followed by a user name; such users are permitted to log in as
1183.Em any
Damien Miller450a7a12000-03-26 13:04:51 +10001184user on this machine (except root).
1185Additionally, the syntax
Damien Miller32aa1441999-10-29 09:15:49 +10001186.Dq +@group
Damien Miller450a7a12000-03-26 13:04:51 +10001187can be used to specify netgroups.
1188Negated entries start with
Damien Miller32aa1441999-10-29 09:15:49 +10001189.Ql \&- .
1190.Pp
1191If the client host/user is successfully matched in this file, login is
1192automatically permitted provided the client and server user names are the
Damien Miller450a7a12000-03-26 13:04:51 +10001193same.
1194Additionally, successful RSA host authentication is normally required.
1195This file must be writable only by root; it is recommended
Damien Miller32aa1441999-10-29 09:15:49 +10001196that it be world-readable.
1197.Pp
1198.Sy "Warning: It is almost never a good idea to use user names in"
1199.Pa hosts.equiv .
1200Beware that it really means that the named user(s) can log in as
1201.Em anybody ,
1202which includes bin, daemon, adm, and other accounts that own critical
Damien Miller450a7a12000-03-26 13:04:51 +10001203binaries and directories.
1204Using a user name practically grants the user root access.
1205The only valid use for user names that I can think
Damien Miller32aa1441999-10-29 09:15:49 +10001206of is in negative entries.
1207.Pp
1208Note that this warning also applies to rsh/rlogin.
Damien Miller886c63a2000-01-20 23:13:36 +11001209.It Pa /etc/shosts.equiv
Damien Miller32aa1441999-10-29 09:15:49 +10001210This is processed exactly as
1211.Pa /etc/hosts.equiv .
1212However, this file may be useful in environments that want to run both
1213rsh/rlogin and ssh.
1214.It Pa $HOME/.ssh/environment
Damien Miller450a7a12000-03-26 13:04:51 +10001215This file is read into the environment at login (if it exists).
1216It can only contain empty lines, comment lines (that start with
Damien Miller32aa1441999-10-29 09:15:49 +10001217.Ql # ) ,
Damien Miller450a7a12000-03-26 13:04:51 +10001218and assignment lines of the form name=value.
1219The file should be writable
Damien Miller32aa1441999-10-29 09:15:49 +10001220only by the user; it need not be readable by anyone else.
1221.It Pa $HOME/.ssh/rc
1222If this file exists, it is run with /bin/sh after reading the
Damien Miller450a7a12000-03-26 13:04:51 +10001223environment files but before starting the user's shell or command.
1224If X11 spoofing is in use, this will receive the "proto cookie" pair in
Damien Miller32aa1441999-10-29 09:15:49 +10001225standard input (and
1226.Ev DISPLAY
Damien Miller450a7a12000-03-26 13:04:51 +10001227in environment).
1228This must call
Damien Miller32aa1441999-10-29 09:15:49 +10001229.Xr xauth 1
1230in that case.
1231.Pp
1232The primary purpose of this file is to run any initialization routines
1233which may be needed before the user's home directory becomes
1234accessible; AFS is a particular example of such an environment.
1235.Pp
1236This file will probably contain some initialization code followed by
Ben Lindstromc65e6a02001-04-23 13:02:16 +00001237something similar to:
1238.Bd -literal
1239 if read proto cookie; then
1240 echo add $DISPLAY $proto $cookie | xauth -q -
1241 fi
1242.Ed
Damien Miller32aa1441999-10-29 09:15:49 +10001243.Pp
1244If this file does not exist,
Damien Miller886c63a2000-01-20 23:13:36 +11001245.Pa /etc/sshrc
Damien Miller32aa1441999-10-29 09:15:49 +10001246is run, and if that
1247does not exist either, xauth is used to store the cookie.
1248.Pp
1249This file should be writable only by the user, and need not be
1250readable by anyone else.
Damien Miller886c63a2000-01-20 23:13:36 +11001251.It Pa /etc/sshrc
Damien Miller32aa1441999-10-29 09:15:49 +10001252Like
1253.Pa $HOME/.ssh/rc .
1254This can be used to specify
Damien Miller450a7a12000-03-26 13:04:51 +10001255machine-specific login-time initializations globally.
1256This file should be writable only by root, and should be world-readable.
Damien Miller37023962000-07-11 17:31:38 +10001257.El
Damien Miller0bc1bd82000-11-13 22:57:25 +11001258.Sh AUTHORS
Ben Lindstrom8eec2c82001-01-29 08:39:16 +00001259OpenSSH is a derivative of the original and free
1260ssh 1.2.12 release by Tatu Ylonen.
1261Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos,
1262Theo de Raadt and Dug Song
1263removed many bugs, re-added newer features and
1264created OpenSSH.
1265Markus Friedl contributed the support for SSH
1266protocol versions 1.5 and 2.0.
Damien Miller32aa1441999-10-29 09:15:49 +10001267.Sh SEE ALSO
Ben Lindstromae1c51c2001-06-25 04:14:59 +00001268.Xr moduli 5 ,
Ben Lindstromd2bf0d62001-06-25 04:10:54 +00001269.Xr rlogin 1 ,
1270.Xr rsh 1 ,
Damien Miller32aa1441999-10-29 09:15:49 +10001271.Xr scp 1 ,
Damien Miller33804262001-02-04 23:20:18 +11001272.Xr sftp 1 ,
Damien Miller32aa1441999-10-29 09:15:49 +10001273.Xr ssh 1 ,
1274.Xr ssh-add 1 ,
1275.Xr ssh-agent 1 ,
1276.Xr ssh-keygen 1 ,
Ben Lindstromd2bf0d62001-06-25 04:10:54 +00001277.Xr sftp-server 8
Ben Lindstrom160ec622001-04-22 17:17:46 +00001278.Rs
1279.%A T. Ylonen
1280.%A T. Kivinen
1281.%A M. Saarinen
1282.%A T. Rinne
1283.%A S. Lehtinen
1284.%T "SSH Protocol Architecture"
1285.%N draft-ietf-secsh-architecture-07.txt
1286.%D January 2001
1287.%O work in progress material
1288.Re
Ben Lindstromc65e6a02001-04-23 13:02:16 +00001289.Rs
1290.%A M. Friedl
1291.%A N. Provos
1292.%A W. A. Simpson
1293.%T "Diffie-Hellman Group Exchange for the SSH Transport Layer Protocol"
Ben Lindstrom3c798d42001-06-25 04:39:22 +00001294.%N draft-ietf-secsh-dh-group-exchange-01.txt
1295.%D April 2001
Ben Lindstromc65e6a02001-04-23 13:02:16 +00001296.%O work in progress material
1297.Re