Greg Hartman | bd77cf7 | 2015-02-25 13:21:06 -0800 | [diff] [blame] | 1 | SSHD(8) OpenBSD System Manager's Manual SSHD(8) |
| 2 | |
| 3 | NAME |
| 4 | sshd - OpenSSH SSH daemon |
| 5 | |
| 6 | SYNOPSIS |
| 7 | sshd [-46DdeiqTt] [-b bits] [-C connection_spec] |
| 8 | [-c host_certificate_file] [-f config_file] [-g login_grace_time] |
| 9 | [-h host_key_file] [-k key_gen_time] [-o option] [-p port] [-u len] |
| 10 | |
| 11 | DESCRIPTION |
| 12 | sshd (OpenSSH Daemon) is the daemon program for ssh(1). Together these |
| 13 | programs replace rlogin(1) and rsh(1), and provide secure encrypted |
| 14 | communications between two untrusted hosts over an insecure network. |
| 15 | |
| 16 | sshd listens for connections from clients. It is normally started at |
| 17 | boot from /etc/rc. It forks a new daemon for each incoming connection. |
| 18 | The forked daemons handle key exchange, encryption, authentication, |
| 19 | command execution, and data exchange. |
| 20 | |
| 21 | sshd can be configured using command-line options or a configuration file |
| 22 | (by default sshd_config(5)); command-line options override values |
| 23 | specified in the configuration file. sshd rereads its configuration file |
| 24 | when it receives a hangup signal, SIGHUP, by executing itself with the |
| 25 | name and options it was started with, e.g. /usr/sbin/sshd. |
| 26 | |
| 27 | The options are as follows: |
| 28 | |
| 29 | -4 Forces sshd to use IPv4 addresses only. |
| 30 | |
| 31 | -6 Forces sshd to use IPv6 addresses only. |
| 32 | |
| 33 | -b bits |
| 34 | Specifies the number of bits in the ephemeral protocol version 1 |
| 35 | server key (default 1024). |
| 36 | |
| 37 | -C connection_spec |
| 38 | Specify the connection parameters to use for the -T extended test |
| 39 | mode. If provided, any Match directives in the configuration |
| 40 | file that would apply to the specified user, host, and address |
| 41 | will be set before the configuration is written to standard |
| 42 | output. The connection parameters are supplied as keyword=value |
| 43 | pairs. The keywords are ``user'', ``host'', and ``addr''. All |
| 44 | are required and may be supplied in any order, either with |
| 45 | multiple -C options or as a comma-separated list. |
| 46 | |
| 47 | -c host_certificate_file |
| 48 | Specifies a path to a certificate file to identify sshd during |
| 49 | key exchange. The certificate file must match a host key file |
| 50 | specified using the -h option or the HostKey configuration |
| 51 | directive. |
| 52 | |
| 53 | -D When this option is specified, sshd will not detach and does not |
| 54 | become a daemon. This allows easy monitoring of sshd. |
| 55 | |
| 56 | -d Debug mode. The server sends verbose debug output to standard |
| 57 | error, and does not put itself in the background. The server |
| 58 | also will not fork and will only process one connection. This |
| 59 | option is only intended for debugging for the server. Multiple |
| 60 | -d options increase the debugging level. Maximum is 3. |
| 61 | |
| 62 | -e When this option is specified, sshd will send the output to the |
| 63 | standard error instead of the system log. |
| 64 | |
| 65 | -f config_file |
| 66 | Specifies the name of the configuration file. The default is |
| 67 | /etc/ssh/sshd_config. sshd refuses to start if there is no |
| 68 | configuration file. |
| 69 | |
| 70 | -g login_grace_time |
| 71 | Gives the grace time for clients to authenticate themselves |
| 72 | (default 120 seconds). If the client fails to authenticate the |
| 73 | user within this many seconds, the server disconnects and exits. |
| 74 | A value of zero indicates no limit. |
| 75 | |
| 76 | -h host_key_file |
| 77 | Specifies a file from which a host key is read. This option must |
| 78 | be given if sshd is not run as root (as the normal host key files |
| 79 | are normally not readable by anyone but root). The default is |
| 80 | /etc/ssh/ssh_host_key for protocol version 1, and |
| 81 | /etc/ssh/ssh_host_dsa_key, /etc/ssh/ssh_host_ecdsa_key and |
| 82 | /etc/ssh/ssh_host_rsa_key for protocol version 2. It is possible |
| 83 | to have multiple host key files for the different protocol |
| 84 | versions and host key algorithms. |
| 85 | |
| 86 | -i Specifies that sshd is being run from inetd(8). sshd is normally |
| 87 | not run from inetd because it needs to generate the server key |
| 88 | before it can respond to the client, and this may take tens of |
| 89 | seconds. Clients would have to wait too long if the key was |
| 90 | regenerated every time. However, with small key sizes (e.g. 512) |
| 91 | using sshd from inetd may be feasible. |
| 92 | |
| 93 | -k key_gen_time |
| 94 | Specifies how often the ephemeral protocol version 1 server key |
| 95 | is regenerated (default 3600 seconds, or one hour). The |
| 96 | motivation for regenerating the key fairly often is that the key |
| 97 | is not stored anywhere, and after about an hour it becomes |
| 98 | impossible to recover the key for decrypting intercepted |
| 99 | communications even if the machine is cracked into or physically |
| 100 | seized. A value of zero indicates that the key will never be |
| 101 | regenerated. |
| 102 | |
| 103 | -o option |
| 104 | Can be used to give options in the format used in the |
| 105 | configuration file. This is useful for specifying options for |
| 106 | which there is no separate command-line flag. For full details |
| 107 | of the options, and their values, see sshd_config(5). |
| 108 | |
| 109 | -p port |
| 110 | Specifies the port on which the server listens for connections |
| 111 | (default 22). Multiple port options are permitted. Ports |
| 112 | specified in the configuration file with the Port option are |
| 113 | ignored when a command-line port is specified. Ports specified |
| 114 | using the ListenAddress option override command-line ports. |
| 115 | |
| 116 | -q Quiet mode. Nothing is sent to the system log. Normally the |
| 117 | beginning, authentication, and termination of each connection is |
| 118 | logged. |
| 119 | |
| 120 | -T Extended test mode. Check the validity of the configuration |
| 121 | file, output the effective configuration to stdout and then exit. |
| 122 | Optionally, Match rules may be applied by specifying the |
| 123 | connection parameters using one or more -C options. |
| 124 | |
| 125 | -t Test mode. Only check the validity of the configuration file and |
| 126 | sanity of the keys. This is useful for updating sshd reliably as |
| 127 | configuration options may change. |
| 128 | |
| 129 | -u len This option is used to specify the size of the field in the utmp |
| 130 | structure that holds the remote host name. If the resolved host |
| 131 | name is longer than len, the dotted decimal value will be used |
| 132 | instead. This allows hosts with very long host names that |
| 133 | overflow this field to still be uniquely identified. Specifying |
| 134 | -u0 indicates that only dotted decimal addresses should be put |
| 135 | into the utmp file. -u0 may also be used to prevent sshd from |
| 136 | making DNS requests unless the authentication mechanism or |
| 137 | configuration requires it. Authentication mechanisms that may |
| 138 | require DNS include RhostsRSAAuthentication, |
| 139 | HostbasedAuthentication, and using a from="pattern-list" option |
| 140 | in a key file. Configuration options that require DNS include |
| 141 | using a USER@HOST pattern in AllowUsers or DenyUsers. |
| 142 | |
| 143 | AUTHENTICATION |
| 144 | The OpenSSH SSH daemon supports SSH protocols 1 and 2. The default is to |
| 145 | use protocol 2 only, though this can be changed via the Protocol option |
| 146 | in sshd_config(5). Protocol 2 supports DSA, ECDSA and RSA keys; protocol |
| 147 | 1 only supports RSA keys. For both protocols, each host has a host- |
| 148 | specific key, normally 2048 bits, used to identify the host. |
| 149 | |
| 150 | Forward security for protocol 1 is provided through an additional server |
| 151 | key, normally 768 bits, generated when the server starts. This key is |
| 152 | normally regenerated every hour if it has been used, and is never stored |
| 153 | on disk. Whenever a client connects, the daemon responds with its public |
| 154 | host and server keys. The client compares the RSA host key against its |
| 155 | own database to verify that it has not changed. The client then |
| 156 | generates a 256-bit random number. It encrypts this random number using |
| 157 | both the host key and the server key, and sends the encrypted number to |
| 158 | the server. Both sides then use this random number as a session key |
| 159 | which is used to encrypt all further communications in the session. The |
| 160 | rest of the session is encrypted using a conventional cipher, currently |
| 161 | Blowfish or 3DES, with 3DES being used by default. The client selects |
| 162 | the encryption algorithm to use from those offered by the server. |
| 163 | |
| 164 | For protocol 2, forward security is provided through a Diffie-Hellman key |
| 165 | agreement. This key agreement results in a shared session key. The rest |
| 166 | of the session is encrypted using a symmetric cipher, currently 128-bit |
| 167 | AES, Blowfish, 3DES, CAST128, Arcfour, 192-bit AES, or 256-bit AES. The |
| 168 | client selects the encryption algorithm to use from those offered by the |
| 169 | server. Additionally, session integrity is provided through a |
| 170 | cryptographic message authentication code (hmac-md5, hmac-sha1, umac-64, |
| 171 | hmac-ripemd160, hmac-sha2-256 or hmac-sha2-512). |
| 172 | |
| 173 | Finally, the server and the client enter an authentication dialog. The |
| 174 | client tries to authenticate itself using host-based authentication, |
| 175 | public key authentication, challenge-response authentication, or password |
| 176 | authentication. |
| 177 | |
| 178 | Regardless of the authentication type, the account is checked to ensure |
| 179 | that it is accessible. An account is not accessible if it is locked, |
| 180 | listed in DenyUsers or its group is listed in DenyGroups . The |
| 181 | definition of a locked account is system dependant. Some platforms have |
| 182 | their own account database (eg AIX) and some modify the passwd field ( |
| 183 | `*LK*' on Solaris and UnixWare, `*' on HP-UX, containing `Nologin' on |
| 184 | Tru64, a leading `*LOCKED*' on FreeBSD and a leading `!' on most |
| 185 | Linuxes). If there is a requirement to disable password authentication |
| 186 | for the account while allowing still public-key, then the passwd field |
| 187 | should be set to something other than these values (eg `NP' or `*NP*' ). |
| 188 | |
| 189 | If the client successfully authenticates itself, a dialog for preparing |
| 190 | the session is entered. At this time the client may request things like |
| 191 | allocating a pseudo-tty, forwarding X11 connections, forwarding TCP |
| 192 | connections, or forwarding the authentication agent connection over the |
| 193 | secure channel. |
| 194 | |
| 195 | After this, the client either requests a shell or execution of a command. |
| 196 | The sides then enter session mode. In this mode, either side may send |
| 197 | data at any time, and such data is forwarded to/from the shell or command |
| 198 | on the server side, and the user terminal in the client side. |
| 199 | |
| 200 | When the user program terminates and all forwarded X11 and other |
| 201 | connections have been closed, the server sends command exit status to the |
| 202 | client, and both sides exit. |
| 203 | |
| 204 | LOGIN PROCESS |
| 205 | When a user successfully logs in, sshd does the following: |
| 206 | |
| 207 | 1. If the login is on a tty, and no command has been specified, |
| 208 | prints last login time and /etc/motd (unless prevented in the |
| 209 | configuration file or by ~/.hushlogin; see the FILES section). |
| 210 | |
| 211 | 2. If the login is on a tty, records login time. |
| 212 | |
| 213 | 3. Checks /etc/nologin; if it exists, prints contents and quits |
| 214 | (unless root). |
| 215 | |
| 216 | 4. Changes to run with normal user privileges. |
| 217 | |
| 218 | 5. Sets up basic environment. |
| 219 | |
| 220 | 6. Reads the file ~/.ssh/environment, if it exists, and users are |
| 221 | allowed to change their environment. See the |
| 222 | PermitUserEnvironment option in sshd_config(5). |
| 223 | |
| 224 | 7. Changes to user's home directory. |
| 225 | |
| 226 | 8. If ~/.ssh/rc exists, runs it; else if /etc/ssh/sshrc exists, |
| 227 | runs it; otherwise runs xauth. The ``rc'' files are given the |
| 228 | X11 authentication protocol and cookie in standard input. See |
| 229 | SSHRC, below. |
| 230 | |
| 231 | 9. Runs user's shell or command. |
| 232 | |
| 233 | SSHRC |
| 234 | If the file ~/.ssh/rc exists, sh(1) runs it after reading the environment |
| 235 | files but before starting the user's shell or command. It must not |
| 236 | produce any output on stdout; stderr must be used instead. If X11 |
| 237 | forwarding is in use, it will receive the "proto cookie" pair in its |
| 238 | standard input (and DISPLAY in its environment). The script must call |
| 239 | xauth(1) because sshd will not run xauth automatically to add X11 |
| 240 | cookies. |
| 241 | |
| 242 | The primary purpose of this file is to run any initialization routines |
| 243 | which may be needed before the user's home directory becomes accessible; |
| 244 | AFS is a particular example of such an environment. |
| 245 | |
| 246 | This file will probably contain some initialization code followed by |
| 247 | something similar to: |
| 248 | |
| 249 | if read proto cookie && [ -n "$DISPLAY" ]; then |
| 250 | if [ `echo $DISPLAY | cut -c1-10` = 'localhost:' ]; then |
| 251 | # X11UseLocalhost=yes |
| 252 | echo add unix:`echo $DISPLAY | |
| 253 | cut -c11-` $proto $cookie |
| 254 | else |
| 255 | # X11UseLocalhost=no |
| 256 | echo add $DISPLAY $proto $cookie |
| 257 | fi | xauth -q - |
| 258 | fi |
| 259 | |
| 260 | If this file does not exist, /etc/ssh/sshrc is run, and if that does not |
| 261 | exist either, xauth is used to add the cookie. |
| 262 | |
| 263 | AUTHORIZED_KEYS FILE FORMAT |
| 264 | AuthorizedKeysFile specifies the files containing public keys for public |
| 265 | key authentication; if none is specified, the default is |
| 266 | ~/.ssh/authorized_keys and ~/.ssh/authorized_keys2. Each line of the |
| 267 | file contains one key (empty lines and lines starting with a `#' are |
| 268 | ignored as comments). Protocol 1 public keys consist of the following |
| 269 | space-separated fields: options, bits, exponent, modulus, comment. |
| 270 | Protocol 2 public key consist of: options, keytype, base64-encoded key, |
| 271 | comment. The options field is optional; its presence is determined by |
| 272 | whether the line starts with a number or not (the options field never |
| 273 | starts with a number). The bits, exponent, modulus, and comment fields |
| 274 | give the RSA key for protocol version 1; the comment field is not used |
| 275 | for anything (but may be convenient for the user to identify the key). |
| 276 | For protocol version 2 the keytype is ``ecdsa-sha2-nistp256'', |
| 277 | ``ecdsa-sha2-nistp384'', ``ecdsa-sha2-nistp521'', ``ssh-dss'' or |
| 278 | ``ssh-rsa''. |
| 279 | |
| 280 | Note that lines in this file are usually several hundred bytes long |
| 281 | (because of the size of the public key encoding) up to a limit of 8 |
| 282 | kilobytes, which permits DSA keys up to 8 kilobits and RSA keys up to 16 |
| 283 | kilobits. You don't want to type them in; instead, copy the |
| 284 | identity.pub, id_dsa.pub, id_ecdsa.pub, or the id_rsa.pub file and edit |
| 285 | it. |
| 286 | |
| 287 | sshd enforces a minimum RSA key modulus size for protocol 1 and protocol |
| 288 | 2 keys of 768 bits. |
| 289 | |
| 290 | The options (if present) consist of comma-separated option |
| 291 | specifications. No spaces are permitted, except within double quotes. |
| 292 | The following option specifications are supported (note that option |
| 293 | keywords are case-insensitive): |
| 294 | |
| 295 | cert-authority |
| 296 | Specifies that the listed key is a certification authority (CA) |
| 297 | that is trusted to validate signed certificates for user |
| 298 | authentication. |
| 299 | |
| 300 | Certificates may encode access restrictions similar to these key |
| 301 | options. If both certificate restrictions and key options are |
| 302 | present, the most restrictive union of the two is applied. |
| 303 | |
| 304 | command="command" |
| 305 | Specifies that the command is executed whenever this key is used |
| 306 | for authentication. The command supplied by the user (if any) is |
| 307 | ignored. The command is run on a pty if the client requests a |
| 308 | pty; otherwise it is run without a tty. If an 8-bit clean |
| 309 | channel is required, one must not request a pty or should specify |
| 310 | no-pty. A quote may be included in the command by quoting it |
| 311 | with a backslash. This option might be useful to restrict |
| 312 | certain public keys to perform just a specific operation. An |
| 313 | example might be a key that permits remote backups but nothing |
| 314 | else. Note that the client may specify TCP and/or X11 forwarding |
| 315 | unless they are explicitly prohibited. The command originally |
| 316 | supplied by the client is available in the SSH_ORIGINAL_COMMAND |
| 317 | environment variable. Note that this option applies to shell, |
| 318 | command or subsystem execution. Also note that this command may |
| 319 | be superseded by either a sshd_config(5) ForceCommand directive |
| 320 | or a command embedded in a certificate. |
| 321 | |
| 322 | environment="NAME=value" |
| 323 | Specifies that the string is to be added to the environment when |
| 324 | logging in using this key. Environment variables set this way |
| 325 | override other default environment values. Multiple options of |
| 326 | this type are permitted. Environment processing is disabled by |
| 327 | default and is controlled via the PermitUserEnvironment option. |
| 328 | This option is automatically disabled if UseLogin is enabled. |
| 329 | |
| 330 | from="pattern-list" |
| 331 | Specifies that in addition to public key authentication, either |
| 332 | the canonical name of the remote host or its IP address must be |
| 333 | present in the comma-separated list of patterns. See PATTERNS in |
| 334 | ssh_config(5) for more information on patterns. |
| 335 | |
| 336 | In addition to the wildcard matching that may be applied to |
| 337 | hostnames or addresses, a from stanza may match IP addresses |
| 338 | using CIDR address/masklen notation. |
| 339 | |
| 340 | The purpose of this option is to optionally increase security: |
| 341 | public key authentication by itself does not trust the network or |
| 342 | name servers or anything (but the key); however, if somebody |
| 343 | somehow steals the key, the key permits an intruder to log in |
| 344 | from anywhere in the world. This additional option makes using a |
| 345 | stolen key more difficult (name servers and/or routers would have |
| 346 | to be compromised in addition to just the key). |
| 347 | |
| 348 | no-agent-forwarding |
| 349 | Forbids authentication agent forwarding when this key is used for |
| 350 | authentication. |
| 351 | |
| 352 | no-port-forwarding |
| 353 | Forbids TCP forwarding when this key is used for authentication. |
| 354 | Any port forward requests by the client will return an error. |
| 355 | This might be used, e.g. in connection with the command option. |
| 356 | |
| 357 | no-pty Prevents tty allocation (a request to allocate a pty will fail). |
| 358 | |
| 359 | no-user-rc |
| 360 | Disables execution of ~/.ssh/rc. |
| 361 | |
| 362 | no-X11-forwarding |
| 363 | Forbids X11 forwarding when this key is used for authentication. |
| 364 | Any X11 forward requests by the client will return an error. |
| 365 | |
| 366 | permitopen="host:port" |
| 367 | Limit local ``ssh -L'' port forwarding such that it may only |
| 368 | connect to the specified host and port. IPv6 addresses can be |
| 369 | specified by enclosing the address in square brackets. Multiple |
| 370 | permitopen options may be applied separated by commas. No |
| 371 | pattern matching is performed on the specified hostnames, they |
| 372 | must be literal domains or addresses. |
| 373 | |
| 374 | principals="principals" |
| 375 | On a cert-authority line, specifies allowed principals for |
| 376 | certificate authentication as a comma-separated list. At least |
| 377 | one name from the list must appear in the certificate's list of |
| 378 | principals for the certificate to be accepted. This option is |
| 379 | ignored for keys that are not marked as trusted certificate |
| 380 | signers using the cert-authority option. |
| 381 | |
| 382 | tunnel="n" |
| 383 | Force a tun(4) device on the server. Without this option, the |
| 384 | next available device will be used if the client requests a |
| 385 | tunnel. |
| 386 | |
| 387 | An example authorized_keys file: |
| 388 | |
| 389 | # Comments allowed at start of line |
| 390 | ssh-rsa AAAAB3Nza...LiPk== user@example.net |
| 391 | from="*.sales.example.net,!pc.sales.example.net" ssh-rsa |
| 392 | AAAAB2...19Q== john@example.net |
| 393 | command="dump /home",no-pty,no-port-forwarding ssh-dss |
| 394 | AAAAC3...51R== example.net |
| 395 | permitopen="192.0.2.1:80",permitopen="192.0.2.2:25" ssh-dss |
| 396 | AAAAB5...21S== |
| 397 | tunnel="0",command="sh /etc/netstart tun0" ssh-rsa AAAA...== |
| 398 | jane@example.net |
| 399 | |
| 400 | SSH_KNOWN_HOSTS FILE FORMAT |
| 401 | The /etc/ssh/ssh_known_hosts and ~/.ssh/known_hosts files contain host |
| 402 | public keys for all known hosts. The global file should be prepared by |
| 403 | the administrator (optional), and the per-user file is maintained |
| 404 | automatically: whenever the user connects from an unknown host, its key |
| 405 | is added to the per-user file. |
| 406 | |
| 407 | Each line in these files contains the following fields: markers |
| 408 | (optional), hostnames, bits, exponent, modulus, comment. The fields are |
| 409 | separated by spaces. |
| 410 | |
| 411 | The marker is optional, but if it is present then it must be one of |
| 412 | ``@cert-authority'', to indicate that the line contains a certification |
| 413 | authority (CA) key, or ``@revoked'', to indicate that the key contained |
| 414 | on the line is revoked and must not ever be accepted. Only one marker |
| 415 | should be used on a key line. |
| 416 | |
| 417 | Hostnames is a comma-separated list of patterns (`*' and `?' act as |
| 418 | wildcards); each pattern in turn is matched against the canonical host |
| 419 | name (when authenticating a client) or against the user-supplied name |
| 420 | (when authenticating a server). A pattern may also be preceded by `!' to |
| 421 | indicate negation: if the host name matches a negated pattern, it is not |
| 422 | accepted (by that line) even if it matched another pattern on the line. |
| 423 | A hostname or address may optionally be enclosed within `[' and `]' |
| 424 | brackets then followed by `:' and a non-standard port number. |
| 425 | |
| 426 | Alternately, hostnames may be stored in a hashed form which hides host |
| 427 | names and addresses should the file's contents be disclosed. Hashed |
| 428 | hostnames start with a `|' character. Only one hashed hostname may |
| 429 | appear on a single line and none of the above negation or wildcard |
| 430 | operators may be applied. |
| 431 | |
| 432 | Bits, exponent, and modulus are taken directly from the RSA host key; |
| 433 | they can be obtained, for example, from /etc/ssh/ssh_host_key.pub. The |
| 434 | optional comment field continues to the end of the line, and is not used. |
| 435 | |
| 436 | Lines starting with `#' and empty lines are ignored as comments. |
| 437 | |
| 438 | When performing host authentication, authentication is accepted if any |
| 439 | matching line has the proper key; either one that matches exactly or, if |
| 440 | the server has presented a certificate for authentication, the key of the |
| 441 | certification authority that signed the certificate. For a key to be |
| 442 | trusted as a certification authority, it must use the ``@cert-authority'' |
| 443 | marker described above. |
| 444 | |
| 445 | The known hosts file also provides a facility to mark keys as revoked, |
| 446 | for example when it is known that the associated private key has been |
| 447 | stolen. Revoked keys are specified by including the ``@revoked'' marker |
| 448 | at the beginning of the key line, and are never accepted for |
| 449 | authentication or as certification authorities, but instead will produce |
| 450 | a warning from ssh(1) when they are encountered. |
| 451 | |
| 452 | It is permissible (but not recommended) to have several lines or |
| 453 | different host keys for the same names. This will inevitably happen when |
| 454 | short forms of host names from different domains are put in the file. It |
| 455 | is possible that the files contain conflicting information; |
| 456 | authentication is accepted if valid information can be found from either |
| 457 | file. |
| 458 | |
| 459 | Note that the lines in these files are typically hundreds of characters |
| 460 | long, and you definitely don't want to type in the host keys by hand. |
| 461 | Rather, generate them by a script, ssh-keyscan(1) or by taking |
| 462 | /etc/ssh/ssh_host_key.pub and adding the host names at the front. |
| 463 | ssh-keygen(1) also offers some basic automated editing for |
| 464 | ~/.ssh/known_hosts including removing hosts matching a host name and |
| 465 | converting all host names to their hashed representations. |
| 466 | |
| 467 | An example ssh_known_hosts file: |
| 468 | |
| 469 | # Comments allowed at start of line |
| 470 | closenet,...,192.0.2.53 1024 37 159...93 closenet.example.net |
| 471 | cvs.example.net,192.0.2.10 ssh-rsa AAAA1234.....= |
| 472 | # A hashed hostname |
| 473 | |1|JfKTdBh7rNbXkVAQCRp4OQoPfmI=|USECr3SWf1JUPsms5AqfD5QfxkM= ssh-rsa |
| 474 | AAAA1234.....= |
| 475 | # A revoked key |
| 476 | @revoked * ssh-rsa AAAAB5W... |
| 477 | # A CA key, accepted for any host in *.mydomain.com or *.mydomain.org |
| 478 | @cert-authority *.mydomain.org,*.mydomain.com ssh-rsa AAAAB5W... |
| 479 | |
| 480 | FILES |
| 481 | ~/.hushlogin |
| 482 | This file is used to suppress printing the last login time and |
| 483 | /etc/motd, if PrintLastLog and PrintMotd, respectively, are |
| 484 | enabled. It does not suppress printing of the banner specified |
| 485 | by Banner. |
| 486 | |
| 487 | ~/.rhosts |
| 488 | This file is used for host-based authentication (see ssh(1) for |
| 489 | more information). On some machines this file may need to be |
| 490 | world-readable if the user's home directory is on an NFS |
| 491 | partition, because sshd reads it as root. Additionally, this |
| 492 | file must be owned by the user, and must not have write |
| 493 | permissions for anyone else. The recommended permission for most |
| 494 | machines is read/write for the user, and not accessible by |
| 495 | others. |
| 496 | |
| 497 | ~/.shosts |
| 498 | This file is used in exactly the same way as .rhosts, but allows |
| 499 | host-based authentication without permitting login with |
| 500 | rlogin/rsh. |
| 501 | |
| 502 | ~/.ssh/ |
| 503 | This directory is the default location for all user-specific |
| 504 | configuration and authentication information. There is no |
| 505 | general requirement to keep the entire contents of this directory |
| 506 | secret, but the recommended permissions are read/write/execute |
| 507 | for the user, and not accessible by others. |
| 508 | |
| 509 | ~/.ssh/authorized_keys |
| 510 | Lists the public keys (DSA/ECDSA/RSA) that can be used for |
| 511 | logging in as this user. The format of this file is described |
| 512 | above. The content of the file is not highly sensitive, but the |
| 513 | recommended permissions are read/write for the user, and not |
| 514 | accessible by others. |
| 515 | |
| 516 | If this file, the ~/.ssh directory, or the user's home directory |
| 517 | are writable by other users, then the file could be modified or |
| 518 | replaced by unauthorized users. In this case, sshd will not |
| 519 | allow it to be used unless the StrictModes option has been set to |
| 520 | ``no''. |
| 521 | |
| 522 | ~/.ssh/environment |
| 523 | This file is read into the environment at login (if it exists). |
| 524 | It can only contain empty lines, comment lines (that start with |
| 525 | `#'), and assignment lines of the form name=value. The file |
| 526 | should be writable only by the user; it need not be readable by |
| 527 | anyone else. Environment processing is disabled by default and |
| 528 | is controlled via the PermitUserEnvironment option. |
| 529 | |
| 530 | ~/.ssh/known_hosts |
| 531 | Contains a list of host keys for all hosts the user has logged |
| 532 | into that are not already in the systemwide list of known host |
| 533 | keys. The format of this file is described above. This file |
| 534 | should be writable only by root/the owner and can, but need not |
| 535 | be, world-readable. |
| 536 | |
| 537 | ~/.ssh/rc |
| 538 | Contains initialization routines to be run before the user's home |
| 539 | directory becomes accessible. This file should be writable only |
| 540 | by the user, and need not be readable by anyone else. |
| 541 | |
| 542 | /etc/hosts.allow |
| 543 | /etc/hosts.deny |
| 544 | Access controls that should be enforced by tcp-wrappers are |
| 545 | defined here. Further details are described in hosts_access(5). |
| 546 | |
| 547 | /etc/hosts.equiv |
| 548 | This file is for host-based authentication (see ssh(1)). It |
| 549 | should only be writable by root. |
| 550 | |
| 551 | /etc/moduli |
| 552 | Contains Diffie-Hellman groups used for the "Diffie-Hellman Group |
| 553 | Exchange". The file format is described in moduli(5). |
| 554 | |
| 555 | /etc/motd |
| 556 | See motd(5). |
| 557 | |
| 558 | /etc/nologin |
| 559 | If this file exists, sshd refuses to let anyone except root log |
| 560 | in. The contents of the file are displayed to anyone trying to |
| 561 | log in, and non-root connections are refused. The file should be |
| 562 | world-readable. |
| 563 | |
| 564 | /etc/shosts.equiv |
| 565 | This file is used in exactly the same way as hosts.equiv, but |
| 566 | allows host-based authentication without permitting login with |
| 567 | rlogin/rsh. |
| 568 | |
| 569 | /etc/ssh/ssh_host_key |
| 570 | /etc/ssh/ssh_host_dsa_key |
| 571 | /etc/ssh/ssh_host_ecdsa_key |
| 572 | /etc/ssh/ssh_host_rsa_key |
| 573 | These three files contain the private parts of the host keys. |
| 574 | These files should only be owned by root, readable only by root, |
| 575 | and not accessible to others. Note that sshd does not start if |
| 576 | these files are group/world-accessible. |
| 577 | |
| 578 | /etc/ssh/ssh_host_key.pub |
| 579 | /etc/ssh/ssh_host_dsa_key.pub |
| 580 | /etc/ssh/ssh_host_ecdsa_key.pub |
| 581 | /etc/ssh/ssh_host_rsa_key.pub |
| 582 | These three files contain the public parts of the host keys. |
| 583 | These files should be world-readable but writable only by root. |
| 584 | Their contents should match the respective private parts. These |
| 585 | files are not really used for anything; they are provided for the |
| 586 | convenience of the user so their contents can be copied to known |
| 587 | hosts files. These files are created using ssh-keygen(1). |
| 588 | |
| 589 | /etc/ssh/ssh_known_hosts |
| 590 | Systemwide list of known host keys. This file should be prepared |
| 591 | by the system administrator to contain the public host keys of |
| 592 | all machines in the organization. The format of this file is |
| 593 | described above. This file should be writable only by root/the |
| 594 | owner and should be world-readable. |
| 595 | |
| 596 | /etc/ssh/sshd_config |
| 597 | Contains configuration data for sshd. The file format and |
| 598 | configuration options are described in sshd_config(5). |
| 599 | |
| 600 | /etc/ssh/sshrc |
| 601 | Similar to ~/.ssh/rc, it can be used to specify machine-specific |
| 602 | login-time initializations globally. This file should be |
| 603 | writable only by root, and should be world-readable. |
| 604 | |
| 605 | /var/empty |
| 606 | chroot(2) directory used by sshd during privilege separation in |
| 607 | the pre-authentication phase. The directory should not contain |
| 608 | any files and must be owned by root and not group or world- |
| 609 | writable. |
| 610 | |
| 611 | /var/run/sshd.pid |
| 612 | Contains the process ID of the sshd listening for connections (if |
| 613 | there are several daemons running concurrently for different |
| 614 | ports, this contains the process ID of the one started last). |
| 615 | The content of this file is not sensitive; it can be world- |
| 616 | readable. |
| 617 | |
| 618 | SEE ALSO |
| 619 | scp(1), sftp(1), ssh(1), ssh-add(1), ssh-agent(1), ssh-keygen(1), |
| 620 | ssh-keyscan(1), chroot(2), hosts_access(5), login.conf(5), moduli(5), |
| 621 | sshd_config(5), inetd(8), sftp-server(8) |
| 622 | |
| 623 | AUTHORS |
| 624 | OpenSSH is a derivative of the original and free ssh 1.2.12 release by |
| 625 | Tatu Ylonen. Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, Theo |
| 626 | de Raadt and Dug Song removed many bugs, re-added newer features and |
| 627 | created OpenSSH. Markus Friedl contributed the support for SSH protocol |
| 628 | versions 1.5 and 2.0. Niels Provos and Markus Friedl contributed support |
| 629 | for privilege separation. |
| 630 | |
| 631 | CAVEATS |
| 632 | System security is not improved unless rshd, rlogind, and rexecd are |
| 633 | disabled (thus completely disabling rlogin and rsh into the machine). |
| 634 | |
| 635 | OpenBSD 5.0 August 2, 2011 OpenBSD 5.0 |