SSHD_CONFIG(5) | File Formats Manual | SSHD_CONFIG(5) |
sshd_config
—
/etc/ssh/sshd_config |
-f
on the command line). The file contains
keyword-argument pairs, one per line. Lines starting with
‘#
’ and empty lines are interpreted as
comments. Arguments may optionally be enclosed in double quotes (") in
order to represent arguments containing spaces.
The possible keywords and their meanings are as follows (note that keywords are case-insensitive and arguments are case-sensitive):
AcceptEnv
SendEnv
in ssh_config(5) for how
to configure the client. Note that environment passing is only supported
for protocol 2, and that the TERM
environment
variable is always sent whenever the client requests a pseudo-terminal as
it is required by the protocol. Variables are specified by name, which may
contain the wildcard characters ‘*
’
and ‘?
’. Multiple environment
variables may be separated by whitespace or spread across multiple
AcceptEnv
directives. Be warned that some
environment variables could be used to bypass restricted user
environments. For this reason, care should be taken in the use of this
directive. The default is not to accept any environment variables.AddressFamily
AllowAgentForwarding
AllowGroups
DenyUsers
,
AllowUsers
, DenyGroups
,
and finally AllowGroups
.
See PATTERNS in ssh_config(5) for more information on patterns.
AllowTcpForwarding
AllowStreamLocalForwarding
AllowUsers
DenyUsers
, AllowUsers
,
DenyGroups
, and finally
AllowGroups
.
See PATTERNS in ssh_config(5) for more information on patterns.
AuthenticationMethods
For example, an argument of “publickey,password publickey,keyboard-interactive” would require the user to complete public key authentication, followed by either password or keyboard interactive authentication. Only methods that are next in one or more lists are offered at each stage, so for this example, it would not be possible to attempt password or keyboard-interactive authentication before public key.
For keyboard interactive authentication it is also possible to restrict authentication to a specific device by appending a colon followed by the device identifier “bsdauth”, “pam”, or “skey”, depending on the server configuration. For example, “keyboard-interactive:bsdauth” would restrict keyboard interactive authentication to the “bsdauth” device.
If the “publickey” method is listed more than
once, sshd(8) verifies that keys that have been used
successfully are not reused for subsequent authentications. For example,
an AuthenticationMethods
of
“publickey,publickey” will require successful
authentication using two different public keys.
This option is only available for SSH protocol 2 and will yield a fatal error if enabled if protocol 1 is also enabled. Note that each authentication method listed should also be explicitly enabled in the configuration. The default is not to require multiple authentication; successful completion of a single authentication method is sufficient.
AuthorizedKeysCommand
Arguments to AuthorizedKeysCommand
may
be provided using the following tokens, which will be expanded at
runtime: %% is replaced by a literal '%', %u is replaced by the username
being authenticated, %h is replaced by the home directory of the user
being authenticated, %t is replaced with the key type offered for
authentication, %f is replaced with the fingerprint of the key, and %k
is replaced with the key being offered for authentication. If no
arguments are specified then the username of the target user will be
supplied.
The program should produce on standard output zero or more
lines of authorized_keys output (see AUTHORIZED_KEYS in
sshd(8)). If a key supplied by AuthorizedKeysCommand
does not successfully authenticate and authorize the user then public
key authentication continues using the usual
AuthorizedKeysFile
files. By default, no
AuthorizedKeysCommand is run.
AuthorizedKeysCommandUser
AuthorizedKeysCommand
is specified but
AuthorizedKeysCommandUser
is not, then
sshd(8) will refuse to start.AuthorizedKeysFile
AuthorizedKeysFile
may contain tokens of the form
%T which are substituted during connection setup. The following tokens are
defined: %% is replaced by a literal '%', %h is replaced by the home
directory of the user being authenticated, and %u is replaced by the
username of that user. After expansion,
AuthorizedKeysFile
is taken to be an absolute path
or one relative to the user's home directory. Multiple files may be
listed, separated by whitespace. The default is
“.ssh/authorized_keys .ssh/authorized_keys2”.AuthorizedPrincipalsCommand
AuthorizedPrincipalsFile
. The
program must be owned by root, not writable by group or others and
specified by an absolute path.
Arguments to
AuthorizedPrincipalsCommand
may be provided
using the following tokens, which will be expanded at runtime: %% is
replaced by a literal '%', %u is replaced by the username being
authenticated and %h is replaced by the home directory of the user being
authenticated.
The program should produce on standard output zero or more
lines of AuthorizedPrincipalsFile
output. If
either AuthorizedPrincipalsCommand
or
AuthorizedPrincipalsFile
is specified, then
certificates offered by the client for authentication must contain a
principal that is listed. By default, no AuthorizedPrincipalsCommand is
run.
AuthorizedPrincipalsCommandUser
AuthorizedPrincipalsCommand
is specified but
AuthorizedPrincipalsCommandUser
is not, then
sshd(8) will refuse to start.AuthorizedPrincipalsFile
TrustedUserCAKeys
, this file lists names, one
of which must appear in the certificate for it to be accepted for
authentication. Names are listed one per line preceded by key options (as
described in AUTHORIZED_KEYS FILE FORMAT in sshd(8)).
Empty lines and comments starting with
‘#
’ are ignored.
AuthorizedPrincipalsFile
may contain
tokens of the form %T which are substituted during connection setup. The
following tokens are defined: %% is replaced by a literal '%', %h is
replaced by the home directory of the user being authenticated, and %u
is replaced by the username of that user. After expansion,
AuthorizedPrincipalsFile
is taken to be an
absolute path or one relative to the user's home directory.
The default is “none”, i.e. not to use a
principals file – in this case, the username of the user must
appear in a certificate's principals list for it to be accepted. Note
that AuthorizedPrincipalsFile
is only used when
authentication proceeds using a CA listed in
TrustedUserCAKeys
and is not consulted for
certification authorities trusted via
~/.ssh/authorized_keys, though the
principals=
key option offers a similar facility
(see sshd(8) for details).
Banner
ChallengeResponseAuthentication
ChrootDirectory
The pathname may contain the following tokens that are expanded at runtime once the connecting user has been authenticated: %% is replaced by a literal '%', %h is replaced by the home directory of the user being authenticated, and %u is replaced by the username of that user.
The ChrootDirectory
must contain the
necessary files and directories to support the user's session. For an
interactive session this requires at least a shell, typically
sh(1), and basic /dev nodes
such as null(4), zero(4),
stdin(4), stdout(4),
stderr(4), and tty(4) devices. For
file transfer sessions using “sftp”, no additional
configuration of the environment is necessary if the in-process sftp
server is used, though sessions which use logging may require
/dev/log inside the chroot directory on some
operating systems (see sftp-server(8) for
details).
For safety, it is very important that the directory hierarchy be prevented from modification by other processes on the system (especially those outside the jail). Misconfiguration can lead to unsafe environments which sshd(8) cannot detect.
The default is not to chroot(2).
Ciphers
The supported ciphers are:
The default is:
chacha20-poly1305@openssh.com, aes128-ctr,aes192-ctr,aes256-ctr, aes128-gcm@openssh.com,aes256-gcm@openssh.com
The list of available ciphers may also be obtained using the
-Q
option of ssh(1) with an
argument of “cipher”.
ClientAliveCountMax
TCPKeepAlive
(below). The client alive
messages are sent through the encrypted channel and therefore will not be
spoofable. The TCP keepalive option enabled by
TCPKeepAlive
is spoofable. The client alive
mechanism is valuable when the client or server depend on knowing when a
connection has become inactive.
The default value is 3. If
ClientAliveInterval
(see below) is set to 15,
and ClientAliveCountMax
is left at the default,
unresponsive SSH clients will be disconnected after approximately 45
seconds. This option applies to protocol version 2 only.
ClientAliveInterval
Compression
DenyGroups
DenyUsers
,
AllowUsers
, DenyGroups
,
and finally AllowGroups
.
See PATTERNS in ssh_config(5) for more information on patterns.
DenyUsers
DenyUsers
,
AllowUsers
, DenyGroups
,
and finally AllowGroups
.
See PATTERNS in ssh_config(5) for more information on patterns.
FingerprintHash
ForceCommand
ForceCommand
, ignoring any command supplied by the
client and ~/.ssh/rc if present. The command is
invoked by using the user's login shell with the -c option. This applies
to shell, command, or subsystem execution. It is most useful inside a
Match
block. The command originally supplied by
the client is available in the
SSH_ORIGINAL_COMMAND
environment variable.
Specifying a command of “internal-sftp” will force the use
of an in-process sftp server that requires no support files when used with
ChrootDirectory
.GatewayPorts
GatewayPorts
can be
used to specify that sshd should allow remote port forwardings to bind to
non-loopback addresses, thus allowing other hosts to connect. The argument
may be “no” to force remote port forwardings to be available
to the local host only, “yes” to force remote port
forwardings to bind to the wildcard address, or
“clientspecified” to allow the client to select the address
to which the forwarding is bound. The default is “no”.GSSAPIAuthentication
GSSAPICleanupCredentials
GSSAPIStrictAcceptorCheck
HostbasedAcceptedKeyTypes
ecdsa-sha2-nistp256-cert-v01@openssh.com, ecdsa-sha2-nistp384-cert-v01@openssh.com, ecdsa-sha2-nistp521-cert-v01@openssh.com, ssh-ed25519-cert-v01@openssh.com, ssh-rsa-cert-v01@openssh.com, ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, ssh-ed25519,ssh-rsa
The -Q
option of
ssh(1) may be used to list supported key types.
HostbasedAuthentication
RhostsRSAAuthentication
and applies to protocol
version 2 only. The default is “no”.HostbasedUsesNameFromPacketOnly
HostbasedAuthentication
. A setting of
“yes” means that sshd(8) uses the name
supplied by the client rather than attempting to resolve the name from the
TCP connection itself. The default is “no”.HostCertificate
HostKey
. The default behaviour of
sshd(8) is not to load any certificates.HostKey
Note that sshd(8) will refuse to use a file
if it is group/world-accessible and that the
HostKeyAlgorithms
option restricts which of the
keys are actually used by sshd(8).
It is possible to have multiple host key files. “rsa1” keys are used for version 1 and “dsa”, “ecdsa”, “ed25519” or “rsa” are used for version 2 of the SSH protocol. It is also possible to specify public host key files instead. In this case operations on the private key will be delegated to an ssh-agent(1).
HostKeyAgent
SSH_AUTH_SOCK
environment variable.HostKeyAlgorithms
ecdsa-sha2-nistp256-cert-v01@openssh.com, ecdsa-sha2-nistp384-cert-v01@openssh.com, ecdsa-sha2-nistp521-cert-v01@openssh.com, ssh-ed25519-cert-v01@openssh.com, ssh-rsa-cert-v01@openssh.com, ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, ssh-ed25519,ssh-rsa
The list of available key types may also be obtained using the
-Q
option of ssh(1) with an
argument of “key”.
IgnoreRhosts
RhostsRSAAuthentication
or
HostbasedAuthentication
.
/etc/hosts.equiv and /etc/shosts.equiv are still used. The default is “yes”.
IgnoreUserKnownHosts
RhostsRSAAuthentication
or
HostbasedAuthentication
. The default is
“no”.IPQoS
KbdInteractiveAuthentication
ChallengeResponseAuthentication
is set to (by
default “yes”).KerberosAuthentication
PasswordAuthentication
will be validated through
the Kerberos KDC. To use this option, the server needs a Kerberos servtab
which allows the verification of the KDC's identity. The default is
“no”.KerberosGetAFSToken
KerberosOrLocalPasswd
KerberosTicketCleanup
KexAlgorithms
The default is:
curve25519-sha256@libssh.org, ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521, diffie-hellman-group-exchange-sha256, diffie-hellman-group14-sha1
The list of available key exchange algorithms may also be
obtained using the -Q
option of
ssh(1) with an argument of “kex”.
KeyRegenerationInterval
ListenAddress
ListenAddress
host|IPv4_addr|IPv6_addrListenAddress
host|IPv4_addr:portListenAddress
[host|IPv6_addr]:portIf port is not specified, sshd will
listen on the address and all Port
options
specified. The default is to listen on all local addresses. Multiple
ListenAddress
options are permitted.
LoginGraceTime
LogLevel
MACs
The algorithms that contain “-etm” calculate the MAC after encryption (encrypt-then-mac). These are considered safer and their use recommended. The supported MACs are:
The default is:
umac-64-etm@openssh.com,umac-128-etm@openssh.com, hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com, umac-64@openssh.com,umac-128@openssh.com, hmac-sha2-256,hmac-sha2-512
The list of available MAC algorithms may also be obtained
using the -Q
option of ssh(1)
with an argument of “mac”.
Match
Match
line are satisfied, the keywords on the
following lines override those set in the global section of the config
file, until either another Match
line or the end
of the file. If a keyword appears in multiple
Match
blocks that are satisfied, only the first
instance of the keyword is applied.
The arguments to Match
are one or more
criteria-pattern pairs or the single token All
which matches all criteria. The available criteria are
User
, Group
,
Host
, LocalAddress
,
LocalPort
, and Address
.
The match patterns may consist of single entries or comma-separated
lists and may use the wildcard and negation operators described in the
PATTERNS section of ssh_config(5).
The patterns in an Address
criteria
may additionally contain addresses to match in CIDR address/masklen
format, e.g. “192.0.2.0/24” or
“3ffe:ffff::/32”. Note that the mask length provided must
be consistent with the address - it is an error to specify a mask length
that is too long for the address or one with bits set in this host
portion of the address. For example, “192.0.2.0/33” and
“192.0.2.0/8” respectively.
Only a subset of keywords may be used on the lines following a
Match
keyword. Available keywords are
AcceptEnv
,
AllowAgentForwarding
,
AllowGroups
,
AllowStreamLocalForwarding
,
AllowTcpForwarding
,
AllowUsers
,
AuthenticationMethods
,
AuthorizedKeysCommand
,
AuthorizedKeysCommandUser
,
AuthorizedKeysFile
,
AuthorizedPrincipalsFile
,
Banner
, ChrootDirectory
,
DenyGroups
, DenyUsers
,
ForceCommand
,
GatewayPorts
,
GSSAPIAuthentication
,
HostbasedAcceptedKeyTypes
,
HostbasedAuthentication
,
HostbasedUsesNameFromPacketOnly
,
IPQoS
,
KbdInteractiveAuthentication
,
KerberosAuthentication
,
MaxAuthTries
,
MaxSessions
,
PasswordAuthentication
,
PermitEmptyPasswords
,
PermitOpen
,
PermitRootLogin
,
PermitTTY
, PermitTunnel
,
PermitUserRC
,
PubkeyAcceptedKeyTypes
,
PubkeyAuthentication
,
RekeyLimit
, RevokedKeys
,
RhostsRSAAuthentication
,
RSAAuthentication
,
StreamLocalBindMask
,
StreamLocalBindUnlink
,
TrustedUserCAKeys
,
X11DisplayOffset
,
X11Forwarding
and
X11UseLocalHost
.
MaxAuthTries
MaxSessions
MaxStartups
LoginGraceTime
expires for a connection. The default is 10:30:100.
Alternatively, random early drop can be enabled by specifying the three colon separated values “start:rate:full” (e.g. "10:30:60"). sshd(8) will refuse connection attempts with a probability of “rate/100” (30%) if there are currently “start” (10) unauthenticated connections. The probability increases linearly and all connection attempts are refused if the number of unauthenticated connections reaches “full” (60).
PasswordAuthentication
PermitEmptyPasswords
PermitOpen
PermitOpen
host:portPermitOpen
IPv4_addr:portPermitOpen
[IPv6_addr]:portMultiple forwards may be specified by separating them with whitespace. An argument of “any” can be used to remove all restrictions and permit any forwarding requests. An argument of “none” can be used to prohibit all forwarding requests. By default all port forwarding requests are permitted.
PermitRootLogin
If this option is set to “prohibit-password” or “without-password”, password and keyboard-interactive authentication are disabled for root.
If this option is set to “forced-commands-only”, root login with public key authentication will be allowed, but only if the command option has been specified (which may be useful for taking remote backups even if root login is normally not allowed). All other authentication methods are disabled for root.
If this option is set to “no”, root is not allowed to log in.
PermitTunnel
Independent of this setting, the permissions of the selected tun(4) device must allow access to the user.
PermitTTY
PermitUserEnvironment
environment=
options in
~/.ssh/authorized_keys are processed by
sshd(8). The default is “no”. Enabling
environment processing may enable users to bypass access restrictions in
some configurations using mechanisms such as
LD_PRELOAD
.PermitUserRC
PidFile
Port
ListenAddress
.PrintLastLog
PrintMotd
Protocol
PubkeyAcceptedKeyTypes
ecdsa-sha2-nistp256-cert-v01@openssh.com, ecdsa-sha2-nistp384-cert-v01@openssh.com, ecdsa-sha2-nistp521-cert-v01@openssh.com, ssh-ed25519-cert-v01@openssh.com, ssh-rsa-cert-v01@openssh.com, ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, ssh-ed25519,ssh-rsa
The -Q
option of
ssh(1) may be used to list supported key types.
PubkeyAuthentication
RekeyLimit
RekeyLimit
is “default
none”, which means that rekeying is performed after the cipher's
default amount of data has been sent or received and no time based
rekeying is done. This option applies to protocol version 2 only.RevokedKeys
RhostsRSAAuthentication
RSAAuthentication
ServerKeyBits
StreamLocalBindMask
The default value is 0177, which creates a Unix-domain socket file that is readable and writable only by the owner. Note that not all operating systems honor the file mode on Unix-domain socket files.
StreamLocalBindUnlink
StreamLocalBindUnlink
is not
enabled, sshd
will be unable to forward the port
to the Unix-domain socket file. This option is only used for port
forwarding to a Unix-domain socket file.
The argument must be “yes” or “no”. The default is “no”.
StrictModes
ChrootDirectory
, whose permissions and ownership
are checked unconditionally.Subsystem
The command sftp-server(8) implements the “sftp” file transfer subsystem.
Alternately the name “internal-sftp” implements
an in-process “sftp” server. This may simplify
configurations using ChrootDirectory
to force a
different filesystem root on clients.
By default no subsystems are defined. Note that this option applies to protocol version 2 only.
SyslogFacility
TCPKeepAlive
The default is “yes” (to send TCP keepalive messages), and the server will notice if the network goes down or the client host crashes. This avoids infinitely hanging sessions.
To disable TCP keepalive messages, the value should be set to “no”.
TrustedUserCAKeys
#
’
are allowed. If a certificate is presented for authentication and has its
signing CA key listed in this file, then it may be used for authentication
for any user listed in the certificate's principals list. Note that
certificates that lack a list of principals will not be permitted for
authentication using TrustedUserCAKeys
. For more
details on certificates, see the CERTIFICATES section in
ssh-keygen(1).UseDNS
If this option is set to “no” (the default) then
only addresses and not host names may be used in
~/.ssh/known_hosts from
and sshd_config
Match
Host
directives.
UseLogin
X11Forwarding
will be disabled because login(1) does not know how to
handle xauth(1) cookies. If
UsePrivilegeSeparation
is specified, it will be
disabled after authentication.UsePAM
ChallengeResponseAuthentication
and
PasswordAuthentication
in addition to PAM account
and session module processing for all authentication types.
Because PAM challenge-response authentication usually serves
an equivalent role to password authentication, you should disable either
PasswordAuthentication
or
ChallengeResponseAuthentication.
If UsePAM
is enabled, you will not be
able to run sshd(8) as a non-root user. The default is
“no”.
UsePrivilegeSeparation
UsePrivilegeSeparation
is set to
“sandbox” then the pre-authentication unprivileged process
is subject to additional restrictions.VersionAddendum
X11DisplayOffset
X11Forwarding
When X11 forwarding is enabled, there may be additional
exposure to the server and to client displays if the
sshd(8) proxy display is configured to listen on the
wildcard address (see X11UseLocalhost
below),
though this is not the default. Additionally, the authentication
spoofing and authentication data verification and substitution occur on
the client side. The security risk of using X11 forwarding is that the
client's X11 display server may be exposed to attack when the SSH client
requests forwarding (see the warnings for
ForwardX11
in ssh_config(5)).
A system administrator may have a stance in which they want to protect
clients that may expose themselves to attack by unwittingly requesting
X11 forwarding, which can warrant a “no” setting.
Note that disabling X11 forwarding does not prevent users from
forwarding X11 traffic, as users can always install their own
forwarders. X11 forwarding is automatically disabled if
UseLogin
is enabled.
X11UseLocalhost
DISPLAY
environment variable
to “localhost”. This prevents remote hosts from connecting
to the proxy display. However, some older X11 clients may not function
with this configuration. X11UseLocalhost
may be
set to “no” to specify that the forwarding server should be
bound to the wildcard address. The argument must be “yes” or
“no”. The default is “yes”.XAuthLocation
Each member of the sequence is added together to calculate the total time value.
Time format examples:
August 14, 2015 | BSD |