blob: 45c1c0131478f8bc49d5ba2aa3afa20764fb8a27 [file] [log] [blame]
Ben Lindstrom9f049032002-06-21 00:59:05 +00001.\" -*- nroff -*-
2.\"
3.\" Author: Tatu Ylonen <ylo@cs.hut.fi>
4.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
5.\" All rights reserved
6.\"
7.\" As far as I am concerned, the code I have written for this software
8.\" can be used freely for any purpose. Any derived versions of this
9.\" software must be clearly marked as such, and if the derived work is
10.\" incompatible with the protocol description in the RFC file, it must be
11.\" called by a name other than "ssh" or "Secure Shell".
12.\"
13.\" Copyright (c) 1999,2000 Markus Friedl. All rights reserved.
14.\" Copyright (c) 1999 Aaron Campbell. All rights reserved.
15.\" Copyright (c) 1999 Theo de Raadt. All rights reserved.
16.\"
17.\" Redistribution and use in source and binary forms, with or without
18.\" modification, are permitted provided that the following conditions
19.\" are met:
20.\" 1. Redistributions of source code must retain the above copyright
21.\" notice, this list of conditions and the following disclaimer.
22.\" 2. Redistributions in binary form must reproduce the above copyright
23.\" notice, this list of conditions and the following disclaimer in the
24.\" documentation and/or other materials provided with the distribution.
25.\"
26.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
27.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
28.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
29.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
30.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
31.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
32.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
33.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
34.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
35.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
36.\"
Darren Tuckere2dd2d52005-10-03 18:19:06 +100037.\" $OpenBSD: sshd_config.5,v 1.45 2005/09/21 23:36:54 djm Exp $
Ben Lindstrom9f049032002-06-21 00:59:05 +000038.Dd September 25, 1999
39.Dt SSHD_CONFIG 5
40.Os
41.Sh NAME
42.Nm sshd_config
43.Nd OpenSSH SSH daemon configuration file
44.Sh SYNOPSIS
45.Bl -tag -width Ds -compact
46.It Pa /etc/ssh/sshd_config
47.El
48.Sh DESCRIPTION
49.Nm sshd
50reads configuration data from
51.Pa /etc/ssh/sshd_config
52(or the file specified with
53.Fl f
54on the command line).
55The file contains keyword-argument pairs, one per line.
56Lines starting with
57.Ql #
58and empty lines are interpreted as comments.
59.Pp
60The possible
61keywords and their meanings are as follows (note that
62keywords are case-insensitive and arguments are case-sensitive):
63.Bl -tag -width Ds
Darren Tucker46bc0752004-05-02 22:11:30 +100064.It Cm AcceptEnv
65Specifies what environment variables sent by the client will be copied into
66the session's
67.Xr environ 7 .
68See
69.Cm SendEnv
70in
71.Xr ssh_config 5
72for how to configure the client.
Darren Tucker1e0c9bf2004-05-02 22:12:48 +100073Note that environment passing is only supported for protocol 2.
Darren Tucker46bc0752004-05-02 22:11:30 +100074Variables are specified by name, which may contain the wildcard characters
75.Ql \&*
76and
77.Ql \&? .
Darren Tucker1e0c9bf2004-05-02 22:12:48 +100078Multiple environment variables may be separated by whitespace or spread
Darren Tucker46bc0752004-05-02 22:11:30 +100079across multiple
80.Cm AcceptEnv
81directives.
Darren Tucker1e0c9bf2004-05-02 22:12:48 +100082Be warned that some environment variables could be used to bypass restricted
Darren Tucker46bc0752004-05-02 22:11:30 +100083user environments.
84For this reason, care should be taken in the use of this directive.
85The default is not to accept any environment variables.
Darren Tucker0f383232005-01-20 10:57:56 +110086.It Cm AddressFamily
87Specifies which address family should be used by
88.Nm sshd .
89Valid arguments are
90.Dq any ,
91.Dq inet
92(use IPv4 only) or
93.Dq inet6
94(use IPv6 only).
95The default is
96.Dq any .
Ben Lindstrom9f049032002-06-21 00:59:05 +000097.It Cm AllowGroups
98This keyword can be followed by a list of group name patterns, separated
99by spaces.
100If specified, login is allowed only for users whose primary
101group or supplementary group list matches one of the patterns.
102.Ql \&*
103and
Damien Miller049245d2003-05-14 13:44:42 +1000104.Ql \&?
Ben Lindstrom9f049032002-06-21 00:59:05 +0000105can be used as
106wildcards in the patterns.
107Only group names are valid; a numerical group ID is not recognized.
108By default, login is allowed for all groups.
Ben Lindstrom9f049032002-06-21 00:59:05 +0000109.It Cm AllowTcpForwarding
110Specifies whether TCP forwarding is permitted.
111The default is
112.Dq yes .
113Note that disabling TCP forwarding does not improve security unless
114users are also denied shell access, as they can always install their
115own forwarders.
Ben Lindstrom9f049032002-06-21 00:59:05 +0000116.It Cm AllowUsers
117This keyword can be followed by a list of user name patterns, separated
118by spaces.
Damien Miller5a93add2003-01-24 11:34:52 +1100119If specified, login is allowed only for user names that
Ben Lindstrom9f049032002-06-21 00:59:05 +0000120match one of the patterns.
121.Ql \&*
122and
Damien Miller049245d2003-05-14 13:44:42 +1000123.Ql \&?
Ben Lindstrom9f049032002-06-21 00:59:05 +0000124can be used as
125wildcards in the patterns.
126Only user names are valid; a numerical user ID is not recognized.
127By default, login is allowed for all users.
128If the pattern takes the form USER@HOST then USER and HOST
129are separately checked, restricting logins to particular
130users from particular hosts.
Ben Lindstrom9f049032002-06-21 00:59:05 +0000131.It Cm AuthorizedKeysFile
132Specifies the file that contains the public keys that can be used
133for user authentication.
134.Cm AuthorizedKeysFile
135may contain tokens of the form %T which are substituted during connection
Damien Millerfbf486b2003-05-23 18:44:23 +1000136set-up.
137The following tokens are defined: %% is replaced by a literal '%',
Ben Lindstrom9f049032002-06-21 00:59:05 +0000138%h is replaced by the home directory of the user being authenticated and
139%u is replaced by the username of that user.
140After expansion,
141.Cm AuthorizedKeysFile
142is taken to be an absolute path or one relative to the user's home
143directory.
144The default is
145.Dq .ssh/authorized_keys .
146.It Cm Banner
147In some jurisdictions, sending a warning message before authentication
148may be relevant for getting legal protection.
149The contents of the specified file are sent to the remote user before
150authentication is allowed.
151This option is only available for protocol version 2.
152By default, no banner is displayed.
Ben Lindstrom9f049032002-06-21 00:59:05 +0000153.It Cm ChallengeResponseAuthentication
154Specifies whether challenge response authentication is allowed.
155All authentication styles from
156.Xr login.conf 5
157are supported.
158The default is
159.Dq yes .
160.It Cm Ciphers
161Specifies the ciphers allowed for protocol version 2.
162Multiple ciphers must be comma-separated.
Damien Miller05202ff2004-06-15 10:30:39 +1000163The supported ciphers are
164.Dq 3des-cbc ,
165.Dq aes128-cbc ,
166.Dq aes192-cbc ,
167.Dq aes256-cbc ,
168.Dq aes128-ctr ,
169.Dq aes192-ctr ,
170.Dq aes256-ctr ,
Damien Miller3710f272005-05-26 12:19:17 +1000171.Dq arcfour128 ,
172.Dq arcfour256 ,
Damien Miller05202ff2004-06-15 10:30:39 +1000173.Dq arcfour ,
174.Dq blowfish-cbc ,
175and
176.Dq cast128-cbc .
Ben Lindstrom9f049032002-06-21 00:59:05 +0000177The default is
Ben Lindstrom9f049032002-06-21 00:59:05 +0000178.Bd -literal
Damien Miller3710f272005-05-26 12:19:17 +1000179 ``aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,
180 arcfour256,arcfour,aes192-cbc,aes256-cbc,aes128-ctr,
181 aes192-ctr,aes256-ctr''
Ben Lindstrom9f049032002-06-21 00:59:05 +0000182.Ed
Ben Lindstrom9f049032002-06-21 00:59:05 +0000183.It Cm ClientAliveCountMax
184Sets the number of client alive messages (see above) which may be
185sent without
186.Nm sshd
Damien Millerfbf486b2003-05-23 18:44:23 +1000187receiving any messages back from the client.
188If this threshold is reached while client alive messages are being sent,
Ben Lindstrom9f049032002-06-21 00:59:05 +0000189.Nm sshd
Damien Millerfbf486b2003-05-23 18:44:23 +1000190will disconnect the client, terminating the session.
191It is important to note that the use of client alive messages is very
192different from
Damien Miller12c150e2003-12-17 16:31:10 +1100193.Cm TCPKeepAlive
Damien Millerfbf486b2003-05-23 18:44:23 +1000194(below).
195The client alive messages are sent through the encrypted channel
196and therefore will not be spoofable.
197The TCP keepalive option enabled by
Damien Miller12c150e2003-12-17 16:31:10 +1100198.Cm TCPKeepAlive
Damien Millerfbf486b2003-05-23 18:44:23 +1000199is spoofable.
200The client alive mechanism is valuable when the client or
Ben Lindstrom9f049032002-06-21 00:59:05 +0000201server depend on knowing when a connection has become inactive.
202.Pp
Damien Millerfbf486b2003-05-23 18:44:23 +1000203The default value is 3.
204If
Ben Lindstrom9f049032002-06-21 00:59:05 +0000205.Cm ClientAliveInterval
206(above) is set to 15, and
207.Cm ClientAliveCountMax
208is left at the default, unresponsive ssh clients
209will be disconnected after approximately 45 seconds.
Damien Miller1594ad52005-05-26 12:12:19 +1000210.It Cm ClientAliveInterval
211Sets a timeout interval in seconds after which if no data has been received
212from the client,
213.Nm sshd
214will send a message through the encrypted
215channel to request a response from the client.
216The default
217is 0, indicating that these messages will not be sent to the client.
218This option applies to protocol version 2 only.
Ben Lindstrom9f049032002-06-21 00:59:05 +0000219.It Cm Compression
Damien Miller9786e6e2005-07-26 21:54:56 +1000220Specifies whether compression is allowed, or delayed until
221the user has authenticated successfully.
Ben Lindstrom9f049032002-06-21 00:59:05 +0000222The argument must be
Damien Miller9786e6e2005-07-26 21:54:56 +1000223.Dq yes ,
224.Dq delayed ,
Ben Lindstrom9f049032002-06-21 00:59:05 +0000225or
226.Dq no .
227The default is
Damien Miller9786e6e2005-07-26 21:54:56 +1000228.Dq delayed .
Ben Lindstrom9f049032002-06-21 00:59:05 +0000229.It Cm DenyGroups
230This keyword can be followed by a list of group name patterns, separated
231by spaces.
232Login is disallowed for users whose primary group or supplementary
233group list matches one of the patterns.
234.Ql \&*
235and
Damien Miller049245d2003-05-14 13:44:42 +1000236.Ql \&?
Ben Lindstrom9f049032002-06-21 00:59:05 +0000237can be used as
238wildcards in the patterns.
239Only group names are valid; a numerical group ID is not recognized.
240By default, login is allowed for all groups.
Ben Lindstrom9f049032002-06-21 00:59:05 +0000241.It Cm DenyUsers
242This keyword can be followed by a list of user name patterns, separated
243by spaces.
244Login is disallowed for user names that match one of the patterns.
245.Ql \&*
246and
Damien Miller049245d2003-05-14 13:44:42 +1000247.Ql \&?
Ben Lindstrom9f049032002-06-21 00:59:05 +0000248can be used as wildcards in the patterns.
249Only user names are valid; a numerical user ID is not recognized.
250By default, login is allowed for all users.
251If the pattern takes the form USER@HOST then USER and HOST
252are separately checked, restricting logins to particular
253users from particular hosts.
254.It Cm GatewayPorts
255Specifies whether remote hosts are allowed to connect to ports
256forwarded for the client.
257By default,
258.Nm sshd
Damien Miller495dca32003-04-01 21:42:14 +1000259binds remote port forwardings to the loopback address.
260This prevents other remote hosts from connecting to forwarded ports.
Ben Lindstrom9f049032002-06-21 00:59:05 +0000261.Cm GatewayPorts
262can be used to specify that
263.Nm sshd
Damien Millerf91ee4c2005-03-01 21:24:33 +1100264should allow remote port forwardings to bind to non-loopback addresses, thus
265allowing other hosts to connect.
266The argument may be
267.Dq no
268to force remote port forwardings to be available to the local host only,
Ben Lindstrom9f049032002-06-21 00:59:05 +0000269.Dq yes
Damien Millerf91ee4c2005-03-01 21:24:33 +1100270to force remote port forwardings to bind to the wildcard address, or
271.Dq clientspecified
272to allow the client to select the address to which the forwarding is bound.
Ben Lindstrom9f049032002-06-21 00:59:05 +0000273The default is
274.Dq no .
Darren Tucker0efd1552003-08-26 11:49:55 +1000275.It Cm GSSAPIAuthentication
Damien Miller9b7b03b2003-09-02 22:57:05 +1000276Specifies whether user authentication based on GSSAPI is allowed.
Damien Millera8e06ce2003-11-21 23:48:55 +1100277The default is
Darren Tucker0efd1552003-08-26 11:49:55 +1000278.Dq no .
279Note that this option applies to protocol version 2 only.
280.It Cm GSSAPICleanupCredentials
281Specifies whether to automatically destroy the user's credentials cache
282on logout.
283The default is
284.Dq yes .
285Note that this option applies to protocol version 2 only.
Ben Lindstrom9f049032002-06-21 00:59:05 +0000286.It Cm HostbasedAuthentication
287Specifies whether rhosts or /etc/hosts.equiv authentication together
288with successful public key client host authentication is allowed
289(hostbased authentication).
290This option is similar to
291.Cm RhostsRSAAuthentication
292and applies to protocol version 2 only.
293The default is
294.Dq no .
295.It Cm HostKey
296Specifies a file containing a private host key
297used by SSH.
298The default is
299.Pa /etc/ssh/ssh_host_key
300for protocol version 1, and
301.Pa /etc/ssh/ssh_host_rsa_key
302and
303.Pa /etc/ssh/ssh_host_dsa_key
304for protocol version 2.
305Note that
306.Nm sshd
307will refuse to use a file if it is group/world-accessible.
308It is possible to have multiple host key files.
309.Dq rsa1
310keys are used for version 1 and
311.Dq dsa
312or
313.Dq rsa
314are used for version 2 of the SSH protocol.
315.It Cm IgnoreRhosts
316Specifies that
317.Pa .rhosts
318and
319.Pa .shosts
320files will not be used in
Ben Lindstrom9f049032002-06-21 00:59:05 +0000321.Cm RhostsRSAAuthentication
322or
323.Cm HostbasedAuthentication .
324.Pp
325.Pa /etc/hosts.equiv
326and
327.Pa /etc/shosts.equiv
328are still used.
329The default is
330.Dq yes .
331.It Cm IgnoreUserKnownHosts
332Specifies whether
333.Nm sshd
334should ignore the user's
Damien Miller167ea5d2005-05-26 12:04:02 +1000335.Pa ~/.ssh/known_hosts
Ben Lindstrom9f049032002-06-21 00:59:05 +0000336during
337.Cm RhostsRSAAuthentication
338or
339.Cm HostbasedAuthentication .
340The default is
341.Dq no .
Ben Lindstrom9f049032002-06-21 00:59:05 +0000342.It Cm KerberosAuthentication
Damien Miller1a0c0b92003-09-02 22:51:17 +1000343Specifies whether the password provided by the user for
Ben Lindstrom9f049032002-06-21 00:59:05 +0000344.Cm PasswordAuthentication
Damien Miller1a0c0b92003-09-02 22:51:17 +1000345will be validated through the Kerberos KDC.
Ben Lindstrom9f049032002-06-21 00:59:05 +0000346To use this option, the server needs a
347Kerberos servtab which allows the verification of the KDC's identity.
348Default is
349.Dq no .
Damien Miller8448e662004-03-08 23:13:15 +1100350.It Cm KerberosGetAFSToken
Darren Tuckere2dd2d52005-10-03 18:19:06 +1000351If AFS is active and the user has a Kerberos 5 TGT, attempt to acquire
Damien Miller8448e662004-03-08 23:13:15 +1100352an AFS token before accessing the user's home directory.
353Default is
354.Dq no .
Ben Lindstrom9f049032002-06-21 00:59:05 +0000355.It Cm KerberosOrLocalPasswd
356If set then if password authentication through Kerberos fails then
357the password will be validated via any additional local mechanism
358such as
359.Pa /etc/passwd .
360Default is
361.Dq yes .
Ben Lindstrom9f049032002-06-21 00:59:05 +0000362.It Cm KerberosTicketCleanup
363Specifies whether to automatically destroy the user's ticket cache
364file on logout.
365Default is
366.Dq yes .
367.It Cm KeyRegenerationInterval
368In protocol version 1, the ephemeral server key is automatically regenerated
369after this many seconds (if it has been used).
370The purpose of regeneration is to prevent
371decrypting captured sessions by later breaking into the machine and
372stealing the keys.
373The key is never stored anywhere.
374If the value is 0, the key is never regenerated.
375The default is 3600 (seconds).
376.It Cm ListenAddress
377Specifies the local addresses
378.Nm sshd
379should listen on.
380The following forms may be used:
381.Pp
382.Bl -item -offset indent -compact
383.It
384.Cm ListenAddress
385.Sm off
386.Ar host No | Ar IPv4_addr No | Ar IPv6_addr
387.Sm on
388.It
389.Cm ListenAddress
390.Sm off
391.Ar host No | Ar IPv4_addr No : Ar port
392.Sm on
393.It
394.Cm ListenAddress
395.Sm off
396.Oo
397.Ar host No | Ar IPv6_addr Oc : Ar port
398.Sm on
399.El
400.Pp
401If
402.Ar port
403is not specified,
404.Nm sshd
405will listen on the address and all prior
406.Cm Port
Damien Millerfbf486b2003-05-23 18:44:23 +1000407options specified.
408The default is to listen on all local addresses.
Damien Miller495dca32003-04-01 21:42:14 +1000409Multiple
Ben Lindstrom9f049032002-06-21 00:59:05 +0000410.Cm ListenAddress
Damien Millerfbf486b2003-05-23 18:44:23 +1000411options are permitted.
412Additionally, any
Ben Lindstrom9f049032002-06-21 00:59:05 +0000413.Cm Port
414options must precede this option for non port qualified addresses.
415.It Cm LoginGraceTime
416The server disconnects after this time if the user has not
417successfully logged in.
418If the value is 0, there is no time limit.
Damien Millerc1348632002-09-05 14:35:14 +1000419The default is 120 seconds.
Ben Lindstrom9f049032002-06-21 00:59:05 +0000420.It Cm LogLevel
421Gives the verbosity level that is used when logging messages from
422.Nm sshd .
423The possible values are:
424QUIET, FATAL, ERROR, INFO, VERBOSE, DEBUG, DEBUG1, DEBUG2 and DEBUG3.
Damien Miller495dca32003-04-01 21:42:14 +1000425The default is INFO.
426DEBUG and DEBUG1 are equivalent.
427DEBUG2 and DEBUG3 each specify higher levels of debugging output.
428Logging with a DEBUG level violates the privacy of users and is not recommended.
Ben Lindstrom9f049032002-06-21 00:59:05 +0000429.It Cm MACs
430Specifies the available MAC (message authentication code) algorithms.
431The MAC algorithm is used in protocol version 2
432for data integrity protection.
433Multiple algorithms must be comma-separated.
434The default is
435.Dq hmac-md5,hmac-sha1,hmac-ripemd160,hmac-sha1-96,hmac-md5-96 .
Darren Tucker89413db2004-05-24 10:36:23 +1000436.It Cm MaxAuthTries
437Specifies the maximum number of authentication attempts permitted per
Damien Miller26213e52004-06-30 22:39:34 +1000438connection.
439Once the number of failures reaches half this value,
440additional failures are logged.
441The default is 6.
Ben Lindstrom9f049032002-06-21 00:59:05 +0000442.It Cm MaxStartups
443Specifies the maximum number of concurrent unauthenticated connections to the
444.Nm sshd
445daemon.
446Additional connections will be dropped until authentication succeeds or the
447.Cm LoginGraceTime
448expires for a connection.
449The default is 10.
450.Pp
451Alternatively, random early drop can be enabled by specifying
452the three colon separated values
453.Dq start:rate:full
454(e.g., "10:30:60").
455.Nm sshd
456will refuse connection attempts with a probability of
457.Dq rate/100
458(30%)
459if there are currently
460.Dq start
461(10)
462unauthenticated connections.
463The probability increases linearly and all connection attempts
464are refused if the number of unauthenticated connections reaches
465.Dq full
466(60).
467.It Cm PasswordAuthentication
468Specifies whether password authentication is allowed.
469The default is
470.Dq yes .
471.It Cm PermitEmptyPasswords
472When password authentication is allowed, it specifies whether the
473server allows login to accounts with empty password strings.
474The default is
475.Dq no .
476.It Cm PermitRootLogin
Darren Tuckerb3509012005-01-20 11:01:46 +1100477Specifies whether root can log in using
Ben Lindstrom9f049032002-06-21 00:59:05 +0000478.Xr ssh 1 .
479The argument must be
480.Dq yes ,
481.Dq without-password ,
482.Dq forced-commands-only
483or
484.Dq no .
485The default is
486.Dq yes .
487.Pp
488If this option is set to
489.Dq without-password
Darren Tucker9dca0992005-02-01 19:16:45 +1100490password authentication is disabled for root.
Ben Lindstrom9f049032002-06-21 00:59:05 +0000491.Pp
492If this option is set to
493.Dq forced-commands-only
494root login with public key authentication will be allowed,
495but only if the
496.Ar command
497option has been specified
498(which may be useful for taking remote backups even if root login is
Damien Millerfbf486b2003-05-23 18:44:23 +1000499normally not allowed).
500All other authentication methods are disabled for root.
Ben Lindstrom9f049032002-06-21 00:59:05 +0000501.Pp
502If this option is set to
503.Dq no
Darren Tuckerb3509012005-01-20 11:01:46 +1100504root is not allowed to log in.
Ben Lindstrom5d860f02002-08-01 01:28:38 +0000505.It Cm PermitUserEnvironment
506Specifies whether
507.Pa ~/.ssh/environment
Ben Lindstrombd9bf382002-08-20 18:54:20 +0000508and
Ben Lindstrom5d860f02002-08-01 01:28:38 +0000509.Cm environment=
510options in
511.Pa ~/.ssh/authorized_keys
Ben Lindstrombd9bf382002-08-20 18:54:20 +0000512are processed by
513.Nm sshd .
Ben Lindstrom5d860f02002-08-01 01:28:38 +0000514The default is
515.Dq no .
Ben Lindstrombd9bf382002-08-20 18:54:20 +0000516Enabling environment processing may enable users to bypass access
517restrictions in some configurations using mechanisms such as
518.Ev LD_PRELOAD .
Ben Lindstrom9f049032002-06-21 00:59:05 +0000519.It Cm PidFile
Ben Lindstrom959de992002-06-23 00:35:25 +0000520Specifies the file that contains the process ID of the
Ben Lindstrom9f049032002-06-21 00:59:05 +0000521.Nm sshd
522daemon.
523The default is
524.Pa /var/run/sshd.pid .
525.It Cm Port
526Specifies the port number that
527.Nm sshd
528listens on.
529The default is 22.
530Multiple options of this type are permitted.
531See also
532.Cm ListenAddress .
533.It Cm PrintLastLog
534Specifies whether
535.Nm sshd
Darren Tucker7cc5c232004-11-05 20:06:59 +1100536should print the date and time of the last user login when a user logs
537in interactively.
Ben Lindstrom9f049032002-06-21 00:59:05 +0000538The default is
539.Dq yes .
540.It Cm PrintMotd
541Specifies whether
542.Nm sshd
543should print
544.Pa /etc/motd
545when a user logs in interactively.
546(On some systems it is also printed by the shell,
547.Pa /etc/profile ,
548or equivalent.)
549The default is
550.Dq yes .
551.It Cm Protocol
552Specifies the protocol versions
553.Nm sshd
Ben Lindstrom9c445542002-07-11 03:59:18 +0000554supports.
Ben Lindstrom9f049032002-06-21 00:59:05 +0000555The possible values are
556.Dq 1
557and
558.Dq 2 .
559Multiple versions must be comma-separated.
560The default is
561.Dq 2,1 .
Ben Lindstrom9c445542002-07-11 03:59:18 +0000562Note that the order of the protocol list does not indicate preference,
563because the client selects among multiple protocol versions offered
564by the server.
565Specifying
566.Dq 2,1
567is identical to
568.Dq 1,2 .
Ben Lindstrom9f049032002-06-21 00:59:05 +0000569.It Cm PubkeyAuthentication
570Specifies whether public key authentication is allowed.
571The default is
572.Dq yes .
573Note that this option applies to protocol version 2 only.
Ben Lindstrom9f049032002-06-21 00:59:05 +0000574.It Cm RhostsRSAAuthentication
575Specifies whether rhosts or /etc/hosts.equiv authentication together
576with successful RSA host authentication is allowed.
577The default is
578.Dq no .
579This option applies to protocol version 1 only.
580.It Cm RSAAuthentication
581Specifies whether pure RSA authentication is allowed.
582The default is
583.Dq yes .
584This option applies to protocol version 1 only.
585.It Cm ServerKeyBits
586Defines the number of bits in the ephemeral protocol version 1 server key.
587The minimum value is 512, and the default is 768.
588.It Cm StrictModes
589Specifies whether
590.Nm sshd
591should check file modes and ownership of the
592user's files and home directory before accepting login.
593This is normally desirable because novices sometimes accidentally leave their
594directory or files world-writable.
595The default is
596.Dq yes .
597.It Cm Subsystem
598Configures an external subsystem (e.g., file transfer daemon).
599Arguments should be a subsystem name and a command to execute upon subsystem
600request.
601The command
602.Xr sftp-server 8
603implements the
604.Dq sftp
605file transfer subsystem.
606By default no subsystems are defined.
607Note that this option applies to protocol version 2 only.
608.It Cm SyslogFacility
609Gives the facility code that is used when logging messages from
610.Nm sshd .
611The possible values are: DAEMON, USER, AUTH, LOCAL0, LOCAL1, LOCAL2,
612LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7.
613The default is AUTH.
Damien Miller12c150e2003-12-17 16:31:10 +1100614.It Cm TCPKeepAlive
615Specifies whether the system should send TCP keepalive messages to the
616other side.
617If they are sent, death of the connection or crash of one
618of the machines will be properly noticed.
619However, this means that
620connections will die if the route is down temporarily, and some people
621find it annoying.
622On the other hand, if TCP keepalives are not sent,
623sessions may hang indefinitely on the server, leaving
624.Dq ghost
625users and consuming server resources.
626.Pp
627The default is
628.Dq yes
629(to send TCP keepalive messages), and the server will notice
630if the network goes down or the client host crashes.
631This avoids infinitely hanging sessions.
632.Pp
633To disable TCP keepalive messages, the value should be set to
634.Dq no .
Damien Miller3a961dc2003-06-03 10:25:48 +1000635.It Cm UseDNS
636Specifies whether
637.Nm sshd
Darren Tucker83d5a982005-03-31 21:33:50 +1000638should look up the remote host name and check that
Damien Miller3a961dc2003-06-03 10:25:48 +1000639the resolved host name for the remote IP address maps back to the
640very same IP address.
641The default is
642.Dq yes .
Ben Lindstrom9f049032002-06-21 00:59:05 +0000643.It Cm UseLogin
644Specifies whether
645.Xr login 1
646is used for interactive login sessions.
647The default is
648.Dq no .
649Note that
650.Xr login 1
651is never used for remote command execution.
652Note also, that if this is enabled,
653.Cm X11Forwarding
654will be disabled because
655.Xr login 1
656does not know how to handle
657.Xr xauth 1
Damien Miller495dca32003-04-01 21:42:14 +1000658cookies.
659If
Ben Lindstrom9f049032002-06-21 00:59:05 +0000660.Cm UsePrivilegeSeparation
661is specified, it will be disabled after authentication.
Damien Miller2e193e22003-05-14 15:13:03 +1000662.It Cm UsePAM
Darren Tucker1dcff9a2004-05-13 16:51:40 +1000663Enables the Pluggable Authentication Module interface.
664If set to
665.Dq yes
666this will enable PAM authentication using
667.Cm ChallengeResponseAuthentication
668and PAM account and session module processing for all authentication types.
669.Pp
670Because PAM challenge-response authentication usually serves an equivalent
671role to password authentication, you should disable either
672.Cm PasswordAuthentication
673or
674.Cm ChallengeResponseAuthentication.
675.Pp
676If
677.Cm UsePAM
678is enabled, you will not be able to run
679.Xr sshd 8
680as a non-root user.
681The default is
Darren Tucker6c0c0702003-10-09 14:13:53 +1000682.Dq no .
Ben Lindstrom9f049032002-06-21 00:59:05 +0000683.It Cm UsePrivilegeSeparation
684Specifies whether
685.Nm sshd
686separates privileges by creating an unprivileged child process
Damien Miller495dca32003-04-01 21:42:14 +1000687to deal with incoming network traffic.
688After successful authentication, another process will be created that has
689the privilege of the authenticated user.
690The goal of privilege separation is to prevent privilege
Ben Lindstrom9f049032002-06-21 00:59:05 +0000691escalation by containing any corruption within the unprivileged processes.
692The default is
693.Dq yes .
Ben Lindstrom9f049032002-06-21 00:59:05 +0000694.It Cm X11DisplayOffset
695Specifies the first display number available for
696.Nm sshd Ns 's
697X11 forwarding.
698This prevents
699.Nm sshd
700from interfering with real X11 servers.
701The default is 10.
702.It Cm X11Forwarding
703Specifies whether X11 forwarding is permitted.
Damien Miller101c4a72002-09-19 11:51:21 +1000704The argument must be
705.Dq yes
706or
707.Dq no .
Ben Lindstrom9f049032002-06-21 00:59:05 +0000708The default is
709.Dq no .
Damien Miller101c4a72002-09-19 11:51:21 +1000710.Pp
711When X11 forwarding is enabled, there may be additional exposure to
712the server and to client displays if the
713.Nm sshd
714proxy display is configured to listen on the wildcard address (see
715.Cm X11UseLocalhost
716below), however this is not the default.
717Additionally, the authentication spoofing and authentication data
718verification and substitution occur on the client side.
719The security risk of using X11 forwarding is that the client's X11
720display server may be exposed to attack when the ssh client requests
721forwarding (see the warnings for
722.Cm ForwardX11
723in
Damien Millerf1ce5052003-06-11 22:04:39 +1000724.Xr ssh_config 5 ) .
Damien Miller101c4a72002-09-19 11:51:21 +1000725A system administrator may have a stance in which they want to
726protect clients that may expose themselves to attack by unwittingly
727requesting X11 forwarding, which can warrant a
728.Dq no
729setting.
730.Pp
731Note that disabling X11 forwarding does not prevent users from
732forwarding X11 traffic, as users can always install their own forwarders.
Ben Lindstrom9f049032002-06-21 00:59:05 +0000733X11 forwarding is automatically disabled if
734.Cm UseLogin
735is enabled.
736.It Cm X11UseLocalhost
737Specifies whether
738.Nm sshd
739should bind the X11 forwarding server to the loopback address or to
Damien Miller495dca32003-04-01 21:42:14 +1000740the wildcard address.
741By default,
Ben Lindstrom9f049032002-06-21 00:59:05 +0000742.Nm sshd
743binds the forwarding server to the loopback address and sets the
744hostname part of the
745.Ev DISPLAY
746environment variable to
747.Dq localhost .
Ben Lindstrom15b61202002-08-20 18:44:24 +0000748This prevents remote hosts from connecting to the proxy display.
Ben Lindstrom9f049032002-06-21 00:59:05 +0000749However, some older X11 clients may not function with this
750configuration.
751.Cm X11UseLocalhost
752may be set to
753.Dq no
754to specify that the forwarding server should be bound to the wildcard
755address.
756The argument must be
757.Dq yes
758or
759.Dq no .
760The default is
761.Dq yes .
762.It Cm XAuthLocation
Damien Miller05913ba2002-09-04 16:51:03 +1000763Specifies the full pathname of the
Ben Lindstrom9f049032002-06-21 00:59:05 +0000764.Xr xauth 1
765program.
766The default is
767.Pa /usr/X11R6/bin/xauth .
768.El
769.Ss Time Formats
Ben Lindstrom9f049032002-06-21 00:59:05 +0000770.Nm sshd
771command-line arguments and configuration file options that specify time
772may be expressed using a sequence of the form:
773.Sm off
Ben Lindstrom1f8cf4f2002-08-20 18:43:27 +0000774.Ar time Op Ar qualifier ,
Ben Lindstrom9f049032002-06-21 00:59:05 +0000775.Sm on
776where
777.Ar time
778is a positive integer value and
779.Ar qualifier
780is one of the following:
781.Pp
782.Bl -tag -width Ds -compact -offset indent
783.It Cm <none>
784seconds
785.It Cm s | Cm S
786seconds
787.It Cm m | Cm M
788minutes
789.It Cm h | Cm H
790hours
791.It Cm d | Cm D
792days
793.It Cm w | Cm W
794weeks
795.El
796.Pp
797Each member of the sequence is added together to calculate
798the total time value.
799.Pp
800Time format examples:
801.Pp
802.Bl -tag -width Ds -compact -offset indent
803.It 600
804600 seconds (10 minutes)
805.It 10m
80610 minutes
807.It 1h30m
8081 hour 30 minutes (90 minutes)
809.El
810.Sh FILES
811.Bl -tag -width Ds
812.It Pa /etc/ssh/sshd_config
813Contains configuration data for
814.Nm sshd .
815This file should be writable by root only, but it is recommended
816(though not necessary) that it be world-readable.
817.El
Damien Millerf1ce5052003-06-11 22:04:39 +1000818.Sh SEE ALSO
819.Xr sshd 8
Ben Lindstrom9f049032002-06-21 00:59:05 +0000820.Sh AUTHORS
821OpenSSH is a derivative of the original and free
822ssh 1.2.12 release by Tatu Ylonen.
823Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos,
824Theo de Raadt and Dug Song
825removed many bugs, re-added newer features and
826created OpenSSH.
827Markus Friedl contributed the support for SSH
828protocol versions 1.5 and 2.0.
829Niels Provos and Markus Friedl contributed support
830for privilege separation.